@rttnd/gau 0.2.8 → 0.3.2

package/dist/src/client/svelte/index.svelte.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/token.ts"],"sourcesContent":["import type { GauSession, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { getContext, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { handleTauriDeepLink, isTauri, linkAccountWithTauri, setupTauriListener, signInWithTauri } from '../../runtimes/tauri'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\ninterface AuthContextValue<TAuth = unknown> {\n  session: GauSession<ProviderIds<TAuth>>\n  signIn: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n  linkAccount: (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>\n  unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n  signOut: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n  baseUrl = '/api/auth',\n  scheme = 'gau',\n  redirectTo: defaultRedirectTo,\n}: {\n  baseUrl?: string\n  scheme?: string\n  redirectTo?: string\n} = {}) {\n  type CurrentSession = GauSession<ProviderIds<TAuth>>\n  let session = $state<CurrentSession>({ ...NULL_SESSION, providers: [] })\n\n  async function fetchSession() {\n    if (!BROWSER) {\n      session = { ...NULL_SESSION, providers: [] }\n      return\n    }\n\n    const token = getSessionToken()\n    const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n    const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n\n    const contentType = res.headers.get('content-type')\n    if (contentType?.includes('application/json')) {\n      session = await res.json()\n    }\n    else {\n      session = {\n        ...NULL_SESSION,\n        providers: [] as ProviderIds<TAuth>[],\n      }\n    }\n  }\n\n  async function signIn(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n    let finalRedirectTo = redirectTo ?? defaultRedirectTo\n    if (isTauri) {\n      await signInWithTauri(provider as string, baseUrl, scheme, finalRedirectTo)\n    }\n    else {\n      if (!finalRedirectTo && BROWSER)\n        finalRedirectTo = window.location.origin\n\n      const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n      window.location.href = `${baseUrl}/${provider as string}${query}`\n    }\n  }\n\n  async function linkAccount(provider: ProviderIds<TAuth>, { redirectTo }: { redirectTo?: string } = {}) {\n    if (isTauri) {\n      await linkAccountWithTauri(provider as string, baseUrl, scheme, redirectTo)\n      return\n    }\n\n    let finalRedirectTo = redirectTo ?? defaultRedirectTo\n    if (!finalRedirectTo && BROWSER)\n      finalRedirectTo = window.location.href\n\n    const query = finalRedirectTo ? `?redirectTo=${encodeURIComponent(finalRedirectTo)}` : ''\n    const linkUrl = `${baseUrl}/link/${provider as string}${query}${query ? '&' : '?'}redirect=false`\n\n    const token = getSessionToken()\n\n    const fetchOptions: RequestInit = token\n      ? { headers: { Authorization: `Bearer ${token}` } }\n      : { credentials: 'include' }\n\n    const res = await fetch(linkUrl, fetchOptions)\n    if (res.redirected) {\n      window.location.href = res.url\n    }\n    else {\n      try {\n        const data = await res.json()\n        if (data.url)\n          window.location.href = data.url\n      }\n      catch (e) {\n        console.error('Failed to parse response from link endpoint', e)\n      }\n    }\n  }\n\n  async function unlinkAccount(provider: ProviderIds<TAuth>) {\n    const token = getSessionToken()\n    const fetchOptions: RequestInit = token\n      ? { headers: { Authorization: `Bearer ${token}` } }\n      : { credentials: 'include' }\n\n    const res = await fetch(`${baseUrl}/unlink/${provider as string}`, {\n      method: 'POST',\n      ...fetchOptions,\n    })\n\n    if (res.ok)\n      await fetchSession()\n    else\n      console.error('Failed to unlink account', await res.json())\n  }\n\n  async function signOut() {\n    clearSessionToken()\n    const token = getSessionToken()\n    const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n    await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n    await fetchSession()\n  }\n\n  if (BROWSER) {\n    const hash = new URL(window.location.href).hash.substring(1)\n    const params = new URLSearchParams(hash)\n    const tokenFromUrl = params.get('token')\n\n    if (tokenFromUrl) {\n      storeSessionToken(tokenFromUrl)\n      void (async () => {\n        try {\n          // @ts-expect-error - SvelteKit-only\n          const { replaceState } = await import('$app/navigation')\n          await replaceState(window.location.pathname + window.location.search, {})\n        }\n        catch {\n          window.history.replaceState(null, '', window.location.pathname + window.location.search)\n        }\n        await fetchSession()\n      })()\n    }\n    else {\n      fetchSession()\n    }\n\n    if (isTauri) {\n      setupTauriListener(async (url) => {\n        handleTauriDeepLink(url, baseUrl, scheme, async (token) => {\n          storeSessionToken(token)\n          await fetchSession()\n        })\n      })\n    }\n  }\n\n  const contextValue: AuthContextValue<TAuth> = {\n    get session() {\n      return session\n    },\n    signIn: signIn as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n    linkAccount: linkAccount as (provider: ProviderIds<TAuth>, options?: { redirectTo?: string }) => Promise<void>,\n    unlinkAccount: unlinkAccount as (provider: ProviderIds<TAuth>) => Promise<void>,\n    signOut,\n  }\n\n  setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n  const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n  if (!context)\n    throw new Error('useAuth must be used within an AuthProvider')\n\n  return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n  path: '/',\n  sameSite: 'lax',\n  secure: true,\n  httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string | null | undefined): Map<string, string> {\n  const cookies = new Map<string, string>()\n  if (cookieHeader) {\n    const parsed = parse(cookieHeader)\n    for (const name in parsed)\n      cookies.set(name, parsed[name]!)\n  }\n  return cookies\n}\n\nexport class Cookies {\n  #new: Cookie[] = []\n\n  constructor(\n    private readonly requestCookies: Map<string, string>,\n    private readonly defaultOptions: SerializeOptions,\n  ) {}\n\n  get(name: string): string | undefined {\n    return this.requestCookies.get(name)\n  }\n\n  set(name: string, value: string, options?: SerializeOptions): void {\n    const combinedOptions = { ...this.defaultOptions, ...options }\n    this.#new.push([name, value, combinedOptions])\n  }\n\n  delete(name: string, options?: Omit<SerializeOptions, 'expires' | 'maxAge'>): void {\n    this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n  }\n\n  toHeaders(): Headers {\n    const headers = new Headers()\n    for (const [name, value, options] of this.#new)\n      headers.append('Set-Cookie', serialize(name, value, options))\n\n    return headers\n  }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","/// <reference types=\"node\" />\nimport {\n  createJWTSignatureMessage,\n  encodeJWT,\n  JWSRegisteredHeaders,\n  JWTRegisteredClaims,\n  parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' | 'HS256'\n\ninterface CommonSignOptions {\n  /** Time-to-live in seconds (exp claim). If omitted the token will not expire. */\n  ttl?: number\n}\n\nexport type SignOptions\n  = | ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n    & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n  | ({ algorithm: 'HS256', secret?: string | Uint8Array, privateKey?: never }\n    & CommonSignOptions & { iss?: string, aud?: string | string[], sub?: string })\n\n/**\n * Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n */\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n  let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n  if (algorithm === 'ES256') {\n    if (!privateKey) {\n      if (typeof secret !== 'string')\n        throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n      ({ privateKey } = await deriveKeysFromSecret(secret))\n    }\n  }\n  else if (algorithm === 'HS256' && !secret) {\n    throw new AuthError('Missing secret for HS256 signing')\n  }\n\n  const now = Math.floor(Date.now() / 1000)\n\n  const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n  if (ttl != null && ttl > 0)\n    jwtPayload.exp = now + ttl\n\n  const isHS256 = algorithm === 'HS256'\n  const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n  const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n  const payloadJSON = JSON.stringify(jwtPayload)\n\n  const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n  let signature: Uint8Array\n\n  if (isHS256) {\n    // HS256 (HMAC-SHA256)\n    const secretBytes = typeof secret === 'string'\n      ? new TextEncoder().encode(secret)\n      : secret\n\n    const cryptoKey = await crypto.subtle.importKey(\n      'raw',\n      secretBytes as BufferSource,\n      { name: 'HMAC', hash: 'SHA-256' },\n      false,\n      ['sign'],\n    )\n\n    signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n  }\n  else {\n    // ES256 (ECDSA-SHA256)\n    // Runtimes like Bun's return the raw (r||s) signature directly, not DER-encoded.\n    signature = new Uint8Array(\n      await crypto.subtle.sign(\n        { name: 'ECDSA', hash: 'SHA-256' },\n        privateKey!,\n        signatureMessage as BufferSource,\n      ),\n    )\n  }\n\n  return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n  = | { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string | string[] }\n    | { algorithm: 'HS256', secret?: string | Uint8Array, publicKey?: never, iss?: string, aud?: string | string[] }\n\n/**\n * Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n */\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n  let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n  if (algorithm === 'ES256') {\n    if (!publicKey) {\n      if (typeof secret !== 'string')\n        throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n      ({ publicKey } = await deriveKeysFromSecret(secret))\n    }\n  }\n\n  if (algorithm === 'HS256' && !secret)\n    throw new AuthError('Missing secret for HS256 verification')\n\n  const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n  const headerParams = new JWSRegisteredHeaders(header)\n  const headerAlg = headerParams.algorithm()\n\n  let validSignature = false\n\n  // HS256 verification path\n  if (algorithm === 'HS256') {\n    if (headerAlg !== 'HS256')\n      throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n    const secretBytes = typeof secret === 'string'\n      ? new TextEncoder().encode(secret)\n      : secret\n\n    const cryptoKey = await crypto.subtle.importKey(\n      'raw',\n      secretBytes as BufferSource,\n      { name: 'HMAC', hash: 'SHA-256' },\n      false,\n      ['sign'],\n    )\n\n    const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n    validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n  }\n  // ES256 verification path (default)\n  else {\n    if (headerAlg !== 'ES256')\n      throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n    const signatureBytes = new Uint8Array(signature)\n\n    // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r||s).\n    // We try DER first, as it's more common in Node environments.\n    validSignature = await crypto.subtle.verify(\n      { name: 'ECDSA', hash: 'SHA-256' },\n      publicKey!,\n      signatureBytes as BufferSource,\n      signatureMessage as BufferSource,\n    )\n\n    if (!validSignature && signatureBytes.length === 64) {\n      // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n      // Convert it to DER and try again.\n      try {\n        const derSig = rawToDer(signatureBytes)\n        validSignature = await crypto.subtle.verify(\n          { name: 'ECDSA', hash: 'SHA-256' },\n          publicKey!,\n          derSig as BufferSource,\n          signatureMessage as BufferSource,\n        )\n      }\n      catch {\n        // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n        // This catch is for other unexpected errors.\n        validSignature = false\n      }\n    }\n  }\n\n  if (!validSignature)\n    throw new AuthError('Invalid JWT signature')\n\n  const claims = new JWTRegisteredClaims(payload)\n  if (claims.hasExpiration() && !claims.verifyExpiration())\n    throw new AuthError('JWT expired')\n  if (claims.hasNotBefore() && !claims.verifyNotBefore())\n    throw new AuthError('JWT not yet valid')\n  if (iss && (payload as any).iss !== iss)\n    throw new AuthError('Invalid JWT issuer')\n\n  if (aud) {\n    const expectedAudience = Array.isArray(aud) ? aud : [aud]\n    const tokenAudience = (payload as any).aud\n      ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n      : []\n\n    if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n      throw new AuthError('Invalid JWT audience')\n  }\n\n  return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n  const state = generateState()\n  const codeVerifier = generateCodeVerifier()\n\n  return {\n    state,\n    codeVerifier,\n  }\n}\n","export interface RequestLike {\n  /** Absolute or relative URL */\n  readonly url: string\n  /** Upper-case HTTP method (e.g. `GET`) */\n  readonly method: string\n  /** All HTTP headers – mutable so adapters can append */\n  readonly headers: Headers\n  /** Lazily parse the body as JSON */\n  json: <T = unknown>() => Promise<T>\n  /** Raw text body */\n  text: () => Promise<string>\n  /** FormData helper (for `application/x-www-form-urlencoded` or `multipart/form-data`) */\n  formData: () => Promise<FormData>\n}\n\nexport interface ResponseLike {\n  readonly status: number\n  readonly headers: Headers\n  readonly body?: BodyInit | null\n  json: <T = unknown>() => Promise<T>\n  text: () => Promise<string>\n}\n\nexport interface User {\n  id: string\n  name?: string | null\n  email?: string | null\n  emailVerified?: boolean | null\n  image?: string | null\n}\n\nexport interface Session {\n  id: string\n  sub: string\n  [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n  user: User | null\n  session: Session | null\n  accounts?: Account[] | null\n  providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n  user: null,\n  session: null,\n  accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' | 'accounts'> {\n  id?: string\n}\n\nexport interface Account {\n  userId: string\n  provider: string\n  providerAccountId: string\n  type?: string // e.g. \"oauth\"\n  accessToken?: string | null\n  refreshToken?: string | null\n  expiresAt?: number | null // epoch seconds\n  idToken?: string | null\n  scope?: string | null\n  tokenType?: string | null\n  sessionState?: string | null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n  getUser: (id: string) => Promise<User | null>\n  getUserByEmail: (email: string) => Promise<User | null>\n  getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>\n  getAccounts: (userId: string) => Promise<Account[]>\n  getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } | null>\n  createUser: (data: NewUser) => Promise<User>\n  linkAccount: (data: NewAccount) => Promise<void>\n  unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n  updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n  deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n  override readonly cause?: unknown\n  constructor(message: string, cause?: unknown) {\n    super(message)\n    this.name = 'AuthError'\n    this.cause = cause\n  }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n  const headers = new Headers(init.headers)\n  if (!headers.has('Content-Type'))\n    headers.set('Content-Type', 'application/json; charset=utf-8')\n  return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 | 303 = 302): Response {\n  return new Response(null, {\n    status,\n    headers: {\n      Location: url,\n    },\n  })\n}\n\nexport * from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import { listen } from '@tauri-apps/api/event'\nimport { BROWSER } from 'esm-env'\nimport { getSessionToken } from '../../client/token'\n\nexport const isTauri = BROWSER && '__TAURI_INTERNALS__' in window\n\nexport async function signInWithTauri(\n  provider: string,\n  baseUrl: string,\n  scheme: string = 'gau',\n  redirectOverride?: string,\n) {\n  if (!isTauri)\n    return\n\n  const { platform } = await import('@tauri-apps/plugin-os')\n  const { open } = await import('@tauri-apps/plugin-shell')\n\n  const currentPlatform = platform() // platform is NO LONGER an async function\n  let redirectTo: string\n\n  if (redirectOverride)\n    redirectTo = redirectOverride\n  else if (currentPlatform === 'android' || currentPlatform === 'ios')\n    redirectTo = new URL(baseUrl).origin\n  else\n    redirectTo = `${scheme}://oauth/callback`\n\n  const authUrl = `${baseUrl}/${provider}?redirectTo=${encodeURIComponent(redirectTo)}`\n  await open(authUrl)\n}\n\nexport function setupTauriListener(handler: (url: string) => Promise<void>) {\n  if (!isTauri)\n    return\n\n  listen<string>('deep-link', async (event) => {\n    await handler(event.payload)\n  }).catch(console.error)\n}\n\nexport function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n  const parsed = new URL(url)\n  if (parsed.protocol !== `${scheme}:` && parsed.origin !== new URL(baseUrl).origin)\n    return\n\n  const params = new URLSearchParams(parsed.hash.substring(1))\n  const token = params.get('token')\n  if (token)\n    onToken(token)\n}\n\nexport async function linkAccountWithTauri(\n  provider: string,\n  baseUrl: string,\n  scheme: string = 'gau',\n  redirectOverride?: string,\n) {\n  if (!isTauri)\n    return\n\n  const { platform } = await import('@tauri-apps/plugin-os')\n  const { open } = await import('@tauri-apps/plugin-shell')\n\n  const currentPlatform = platform()\n  let redirectTo: string\n\n  if (redirectOverride)\n    redirectTo = redirectOverride\n  else if (currentPlatform === 'android' || currentPlatform === 'ios')\n    redirectTo = new URL(baseUrl).origin\n  else\n    redirectTo = `${scheme}://oauth/callback`\n\n  const token = getSessionToken()\n  if (!token) {\n    console.error('No session token found, cannot link account.')\n    return\n  }\n\n  const query = `?redirectTo=${encodeURIComponent(redirectTo)}&token=${encodeURIComponent(token)}`\n  const linkUrl = `${baseUrl}/link/${provider}${query}`\n  await open(linkUrl)\n}\n","import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n  if (!BROWSER)\n    return\n  try {\n    localStorage.setItem('gau-token', token)\n    document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n  }\n  catch {}\n}\n\nexport function getSessionToken(): string | null {\n  if (!BROWSER)\n    return null\n  return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n  if (!BROWSER)\n    return\n  try {\n    localStorage.removeItem('gau-token')\n    document.cookie = `__gau-session-token=; path=/; max-age=0`\n  }\n  catch {}\n}\n"],"mappings":";AACA,SAAS,WAAAA,gBAAe;AACxB,SAAS,YAAY,kBAAkB;;;ACDvC,SAAS,OAAO,iBAAiB;AA0D1B,IAAM,eAAe,KAAK;;;AC1DjC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;AC4C7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;AChDA,SAAS,cAAc;AACvB,SAAS,WAAAC,gBAAe;;;ACDxB,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;;;ADtBO,IAAM,UAAUC,YAAW,yBAAyB;AAE3D,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,UAAU,GAAG,OAAO,IAAI,QAAQ,eAAe,mBAAmB,UAAU,CAAC;AACnF,QAAM,KAAK,OAAO;AACpB;AAEO,SAAS,mBAAmB,SAAyC;AAC1E,MAAI,CAAC;AACH;AAEF,SAAe,aAAa,OAAO,UAAU;AAC3C,UAAM,QAAQ,MAAM,OAAO;AAAA,EAC7B,CAAC,EAAE,MAAM,QAAQ,KAAK;AACxB;AAEO,SAAS,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AAClH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,MAAI,OAAO,aAAa,GAAG,MAAM,OAAO,OAAO,WAAW,IAAI,IAAI,OAAO,EAAE;AACzE;AAEF,QAAM,SAAS,IAAI,gBAAgB,OAAO,KAAK,UAAU,CAAC,CAAC;AAC3D,QAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,MAAI;AACF,YAAQ,KAAK;AACjB;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA;AACA,MAAI,CAAC;AACH;AAEF,QAAM,EAAE,SAAS,IAAI,MAAM,OAAO,uBAAuB;AACzD,QAAM,EAAE,KAAK,IAAI,MAAM,OAAO,0BAA0B;AAExD,QAAM,kBAAkB,SAAS;AACjC,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA,WACN,oBAAoB,aAAa,oBAAoB;AAC5D,iBAAa,IAAI,IAAI,OAAO,EAAE;AAAA;AAE9B,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,QAAQ,eAAe,mBAAmB,UAAU,CAAC,UAAU,mBAAmB,KAAK,CAAC;AAC9F,QAAM,UAAU,GAAG,OAAO,SAAS,QAAQ,GAAG,KAAK;AACnD,QAAM,KAAK,OAAO;AACpB;;;ALpEA,IAAM,mBAAmB,OAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAEN,MAAI,UAAU,OAAuB,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AAEvE,iBAAe,eAAe;AAC5B,QAAI,CAACC,UAAS;AACZ,gBAAU,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC3C;AAAA,IACF;AAEA,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAE9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB,GAAG;AAC7C,gBAAU,MAAM,IAAI,KAAK;AAAA,IAC3B,OACK;AACH,gBAAU;AAAA,QACR,GAAG;AAAA,QACH,WAAW,CAAC;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,OAAO,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AAChG,QAAI,kBAAkB,cAAc;AACpC,QAAI,SAAS;AACX,YAAM,gBAAgB,UAAoB,SAAS,QAAQ,eAAe;AAAA,IAC5E,OACK;AACH,UAAI,CAAC,mBAAmBA;AACtB,0BAAkB,OAAO,SAAS;AAEpC,YAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,aAAO,SAAS,OAAO,GAAG,OAAO,IAAI,QAAkB,GAAG,KAAK;AAAA,IACjE;AAAA,EACF;AAEA,iBAAe,YAAY,UAA8B,EAAE,WAAW,IAA6B,CAAC,GAAG;AACrG,QAAI,SAAS;AACX,YAAM,qBAAqB,UAAoB,SAAS,QAAQ,UAAU;AAC1E;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBA;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,QAAQ,kBAAkB,eAAe,mBAAmB,eAAe,CAAC,KAAK;AACvF,UAAM,UAAU,GAAG,OAAO,SAAS,QAAkB,GAAG,KAAK,GAAG,QAAQ,MAAM,GAAG;AAEjF,UAAM,QAAQ,gBAAgB;AAE9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,SAAS,YAAY;AAC7C,QAAI,IAAI,YAAY;AAClB,aAAO,SAAS,OAAO,IAAI;AAAA,IAC7B,OACK;AACH,UAAI;AACF,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,iBAAO,SAAS,OAAO,KAAK;AAAA,MAChC,SACO,GAAG;AACR,gBAAQ,MAAM,+CAA+C,CAAC;AAAA,MAChE;AAAA,IACF;AAAA,EACF;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAC9B,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAChD,EAAE,aAAa,UAAU;AAE7B,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAkB,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,GAAG;AAAA,IACL,CAAC;AAED,QAAI,IAAI;AACN,YAAM,aAAa;AAAA;AAEnB,cAAQ,MAAM,4BAA4B,MAAM,IAAI,KAAK,CAAC;AAAA,EAC9D;AAEA,iBAAe,UAAU;AACvB,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,aAAa;AAAA,EACrB;AAEA,MAAIA,UAAS;AACX,UAAM,OAAO,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,KAAK,UAAU,CAAC;AAC3D,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,eAAe,OAAO,IAAI,OAAO;AAEvC,QAAI,cAAc;AAChB,wBAAkB,YAAY;AAC9B,YAAM,YAAY;AAChB,YAAI;AAEF,gBAAM,EAAE,aAAa,IAAI,MAAM,OAAO,iBAAiB;AACvD,gBAAM,aAAa,OAAO,SAAS,WAAW,OAAO,SAAS,QAAQ,CAAC,CAAC;AAAA,QAC1E,QACM;AACJ,iBAAO,QAAQ,aAAa,MAAM,IAAI,OAAO,SAAS,WAAW,OAAO,SAAS,MAAM;AAAA,QACzF;AACA,cAAM,aAAa;AAAA,MACrB,GAAG;AAAA,IACL,OACK;AACH,mBAAa;AAAA,IACf;AAEA,QAAI,SAAS;AACX,yBAAmB,OAAO,QAAQ;AAChC,4BAAoB,KAAK,SAAS,QAAQ,OAAO,UAAU;AACzD,4BAAkB,KAAK;AACvB,gBAAM,aAAa;AAAA,QACrB,CAAC;AAAA,MACH,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","BROWSER","BROWSER"]}

package/dist/src/client/token.d.ts

@@ -0,0 +1,4 @@
+export declare function storeSessionToken(token: string): void;
+export declare function getSessionToken(): string | null;
+export declare function clearSessionToken(): void;
+//# sourceMappingURL=token.d.ts.map

package/dist/src/client/token.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/client/token.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,QAQ9C;AAED,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAI/C;AAED,wBAAgB,iBAAiB,SAQhC"}

package/dist/{core → src/core}/cookies.d.ts

@@ -14,6 +14,8 @@ export declare class Cookies {
 }
 export declare const CSRF_COOKIE_NAME = "__gau-csrf-token";
 export declare const SESSION_COOKIE_NAME = "__gau-session-token";
+export declare const SESSION_STRATEGY_COOKIE_NAME = "__gau-session-strategy";
+export declare const LINKING_TOKEN_COOKIE_NAME = "__gau-linking-token";
 export declare const PKCE_COOKIE_NAME = "__gau-pkce-code-verifier";
 export declare const CALLBACK_URI_COOKIE_NAME = "__gau-callback-uri";
 export declare const CSRF_MAX_AGE: number; // 10 minutes

package/dist/src/core/cookies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookies.d.ts","sourceRoot":"","sources":["../../../src/core/cookies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAG9C,eAAO,MAAM,gCAAgC,EAAE,gBAK9C,CAAA;AAED,MAAM,MAAM,MAAM,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,gBAAgB,CAAC,CAAA;AAEvD,wBAAgB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAQzF;AAED,qBAAa,OAAO;;IAIhB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAFjC,YACmB,cAAc,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,EACnC,cAAc,EAAE,gBAAgB,EAC/C;IAEJ,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAEpC;IAED,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,gBAAgB,GAAG,IAAI,CAGjE;IAED,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,QAAQ,CAAC,GAAG,IAAI,CAEjF;IAED,SAAS,IAAI,OAAO,CAMnB;CACF;AAED,eAAO,MAAM,gBAAgB,qBAAqB,CAAA;AAClD,eAAO,MAAM,mBAAmB,wBAAwB,CAAA;AACxD,eAAO,MAAM,4BAA4B,2BAA2B,CAAA;AACpE,eAAO,MAAM,yBAAyB,wBAAwB,CAAA;AAC9D,eAAO,MAAM,gBAAgB,6BAA6B,CAAA;AAC1D,eAAO,MAAM,wBAAwB,uBAAuB,CAAA;AAE5D,eAAO,MAAM,YAAY,QAAU,CAAA,CAAC,aAAa"}

package/dist/{core → src/core}/createAuth.d.ts

@@ -1,10 +1,10 @@
 import type { SerializeOptions } from 'cookie';
 import type { SignOptions, VerifyOptions } from '../jwt';
 import type { OAuthProvider } from '../oauth';
-import type { Adapter, Session, User } from './index';
+import type { Adapter, GauSession } from './index';
 type ProviderId<P> = P extends OAuthProvider<infer T> ? T : never;
 export type ProviderIds<T> = T extends {
-    providerMap: Map<infer K, any>;
+    providerMap: Map<infer K extends string, any>;
 } ? K : string;
 export interface CreateAuthOptions<TProviders extends OAuthProvider[]> {
     /** The database adapter to use for storing users and accounts. */
@@ -13,6 +13,11 @@ export interface CreateAuthOptions<TProviders extends OAuthProvider[]> {
     providers: TProviders;
     /** Base path for authentication routes (defaults to '/api/auth'). */
     basePath?: string;
+    /** Session management options */
+    session?: {
+        /** Strategy to use for sessions: 'auto' (default), 'cookie', or 'token'. */
+        strategy?: 'auto' | 'cookie' | 'token';
+    };
     /** Configuration for JWT signing and verification. */
     jwt?: {
         /** Signing algorithm: 'ES256' (default) or 'HS256'. */
@@ -43,13 +48,12 @@ export type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {
     signJWT: <U extends Record<string, unknown>>(payload: U, customOptions?: Partial<SignOptions>) => Promise<string>;
     verifyJWT: <U = Record<string, unknown>>(token: string, customOptions?: Partial<VerifyOptions>) => Promise<U | null>;
     createSession: (userId: string, data?: Record<string, unknown>, ttl?: number) => Promise<string>;
-    validateSession: (token: string) => Promise<{
-        user: User;
-        session: Session;
-    } | null>;
+    validateSession: (token: string) => Promise<GauSession | null>;
     trustHosts: 'all' | string[];
     autoLink: 'verifiedEmail' | 'always' | false;
+    sessionStrategy: 'auto' | 'cookie' | 'token';
+    development: boolean;
 };
-export declare function createAuth<const TProviders extends OAuthProvider[]>({ adapter, providers, basePath, jwt: jwtConfig, cookies: cookieConfig, trustHosts, autoLink }: CreateAuthOptions<TProviders>): Auth<TProviders>;
+export declare function createAuth<const TProviders extends OAuthProvider[]>({ adapter, providers, basePath, jwt: jwtConfig, session: sessionConfig, cookies: cookieConfig, trustHosts, autoLink }: CreateAuthOptions<TProviders>): Auth<TProviders>;
 export {};
 //# sourceMappingURL=createAuth.d.ts.map

package/dist/src/core/createAuth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../../src/core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAKlD,KAAK,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AACjE,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,GAAG,CAAC,GAAG,MAAM,CAAA;AAErG,MAAM,WAAW,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE;IACnE,kEAAkE;IAClE,OAAO,EAAE,OAAO,CAAA;IAChB,2CAA2C;IAC3C,SAAS,EAAE,UAAU,CAAA;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,OAAO,CAAC,EAAE;QACR,4EAA4E;QAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;KACvC,CAAA;IACD,sDAAsD;IACtD,GAAG,CAAC,EAAE;QACJ,uDAAuD;QACvD,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;QAC7B,2FAA2F;QAC3F,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,mCAAmC;QACnC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,qCAAqC;QACrC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,oEAAoE;QACpE,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnC,uFAAuF;IACvF,UAAU,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC7B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;CAC9C;AAED,MAAM,MAAM,IAAI,CAAC,UAAU,SAAS,aAAa,EAAE,GAAG,GAAG,IAAI,OAAO,GAAG;IACrE,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACpE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,GAAG,EAAE;QACH,GAAG,EAAE,MAAM,CAAA;KACZ,CAAA;IACD,OAAO,EAAE,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACjH,SAAS,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACpH,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAChG,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IAC9D,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC5B,QAAQ,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC5C,eAAe,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;IAC5C,WAAW,EAAE,OAAO,CAAA;CACrB,CAAA;AAED,wBAAgB,UAAU,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,EACnE,OAAO,EACP,SAAS,EACT,QAAsB,EACtB,GAAG,EAAE,SAAc,EACnB,OAAO,EAAE,aAAkB,EAC3B,OAAO,EAAE,YAAiB,EAC1B,UAAe,EACf,QAA0B,EAC3B,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAsFlD"}

package/dist/src/core/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/core/handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,cAAc,CAAA;AACxC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAcxD,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,CAAC,OAAO,EAAE,WAAW,KAAK,OAAO,CAAC,YAAY,CAAC,CAwDzF"}

package/dist/src/core/handlers/callback.d.ts

@@ -0,0 +1,4 @@
+import type { Auth } from '../createAuth';
+import type { RequestLike, ResponseLike } from '../index';
+export declare function handleCallback(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike>;
+//# sourceMappingURL=callback.d.ts.map

package/dist/src/core/handlers/callback.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAQ,MAAM,UAAU,CAAA;AAY/D,wBAAsB,cAAc,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAuThH"}

package/dist/src/core/handlers/cors.d.ts

@@ -0,0 +1,4 @@
+import type { RequestLike } from '../index';
+export declare function applyCors(request: RequestLike, response: Response): Response;
+export declare function handlePreflight(request: RequestLike): Response;
+//# sourceMappingURL=cors.d.ts.map

package/dist/src/core/handlers/cors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/cors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AAE3C,wBAAgB,SAAS,CAAC,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAU5E;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,WAAW,GAAG,QAAQ,CAW9D"}

package/dist/src/core/handlers/index.d.ts

@@ -0,0 +1,7 @@
+export { handleCallback } from './callback';
+export { applyCors, handlePreflight } from './cors';
+export { handleLink, handleUnlink } from './link';
+export { handleSignIn, handleSignOut } from './login';
+export { handleSession } from './session';
+export { verifyRequestOrigin } from './utils';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/core/handlers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAA;AACnD,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AACjD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAA;AACzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAA"}

package/dist/src/core/handlers/index.js

@@ -0,0 +1 @@
+import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as c,handleSignOut as e,handleUnlink as f,verifyRequestOrigin as h}from"../../../chunk-BU67DYGK.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,c as handleSignIn,e as handleSignOut,f as handleUnlink,h as verifyRequestOrigin};//# sourceMappingURL=index.js.map

package/dist/src/core/handlers/link.d.ts

@@ -0,0 +1,5 @@
+import type { Auth } from '../createAuth';
+import type { RequestLike, ResponseLike } from '../index';
+export declare function handleLink(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike>;
+export declare function handleUnlink(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike>;
+//# sourceMappingURL=link.d.ts.map

package/dist/src/core/handlers/link.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAKzD,wBAAsB,UAAU,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAyB5G;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CA8C9G"}

package/dist/src/core/handlers/login.d.ts

@@ -0,0 +1,5 @@
+import type { Auth } from '../createAuth';
+import type { RequestLike, ResponseLike } from '../index';
+export declare function handleSignIn(request: RequestLike, auth: Auth, providerId: string): Promise<ResponseLike>;
+export declare function handleSignOut(request: RequestLike, auth: Auth): Promise<ResponseLike>;
+//# sourceMappingURL=login.d.ts.map

package/dist/src/core/handlers/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/login.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAMzD,wBAAsB,YAAY,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAE9G;AAED,wBAAsB,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC,CAc3F"}

package/dist/src/core/handlers/session.d.ts

@@ -0,0 +1,4 @@
+import type { Auth } from '../createAuth';
+import type { RequestLike, ResponseLike } from '../index';
+export declare function handleSession(request: RequestLike, auth: Auth): Promise<ResponseLike>;
+//# sourceMappingURL=session.d.ts.map

package/dist/src/core/handlers/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAIzD,wBAAsB,aAAa,CAAC,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,YAAY,CAAC,CA4B3F"}

package/dist/src/core/handlers/utils.d.ts

@@ -0,0 +1,5 @@
+import type { Auth } from '../createAuth';
+import type { RequestLike, ResponseLike } from '../index';
+export declare function verifyRequestOrigin(request: RequestLike, trustHosts: 'all' | string[], development: boolean): boolean;
+export declare function prepareOAuthRedirect(request: RequestLike, auth: Auth, providerId: string, linkingToken: string | null): Promise<ResponseLike>;
+//# sourceMappingURL=utils.d.ts.map

package/dist/src/core/handlers/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/utils.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AACzC,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAA;AAazD,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,EAAE,WAAW,EAAE,OAAO,GAAG,OAAO,CA+BrH;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,WAAW,EACpB,IAAI,EAAE,IAAI,EACV,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,GAAG,IAAI,GAC1B,OAAO,CAAC,YAAY,CAAC,CAmFvB"}

package/dist/{core → src/core}/index.d.ts

@@ -16,6 +16,8 @@ export interface ResponseLike {
     readonly status: number;
     readonly headers: Headers;
     readonly body?: BodyInit | null;
+    json: <T = unknown>() => Promise<T>;
+    text: () => Promise<string>;
 }
 export interface User {
     id: string;
@@ -29,11 +31,18 @@ export interface Session {
     sub: string;
     [key: string]: unknown;
 }
-export interface GauSession {
+export interface GauSession<TProviders extends string = string> {
     user: User | null;
     session: Session | null;
+    accounts?: Account[] | null;
+    providers?: TProviders[];
 }
-export interface NewUser extends Omit<User, 'id'> {
+export declare const NULL_SESSION: {
+    readonly user: null;
+    readonly session: null;
+    readonly accounts: null;
+};
+export interface NewUser extends Omit<User, 'id' | 'accounts'> {
     id?: string;
 }
 export interface Account {
@@ -55,11 +64,18 @@ export interface Adapter {
     getUser: (id: string) => Promise<User | null>;
     getUserByEmail: (email: string) => Promise<User | null>;
     getUserByAccount: (provider: string, providerAccountId: string) => Promise<User | null>;
+    getAccounts: (userId: string) => Promise<Account[]>;
+    getUserAndAccounts: (userId: string) => Promise<{
+        user: User;
+        accounts: Account[];
+    } | null>;
     createUser: (data: NewUser) => Promise<User>;
     linkAccount: (data: NewAccount) => Promise<void>;
+    unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>;
     updateUser: (data: Partial<User> & {
         id: string;
     }) => Promise<User>;
+    deleteUser: (id: string) => Promise<void>;
 }
 export declare class AuthError extends Error {
     readonly cause?: unknown;

package/dist/src/core/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,WAAW;IAC1B,+BAA+B;IAC/B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,0CAA0C;IAC1C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,0DAAwD;IACxD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,oCAAoC;IACpC,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;IACnC,oBAAoB;IACpB,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;IAC3B,yFAAyF;IACzF,QAAQ,EAAE,MAAM,OAAO,CAAC,QAAQ,CAAC,CAAA;CAClC;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,QAAQ,GAAG,IAAI,CAAA;IAC/B,IAAI,EAAE,CAAC,CAAC,GAAG,OAAO,OAAO,OAAO,CAAC,CAAC,CAAC,CAAA;IACnC,IAAI,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;CAC5B;AAED,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,CAAC;IAC5D,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA,CAAC,eAAe;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA,CAAC,gBAAgB;IAC1C,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}

package/dist/src/core/index.js

@@ -0,0 +1 @@
+import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as c,LINKING_TOKEN_COOKIE_NAME as e,NULL_SESSION as f,PKCE_COOKIE_NAME as h,SESSION_COOKIE_NAME as i,SESSION_STRATEGY_COOKIE_NAME as j,createAuth as k,createHandler as n,json as s,parseCookies as u,redirect as x}from"../../chunk-BU67DYGK.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,c as DEFAULT_COOKIE_SERIALIZE_OPTIONS,e as LINKING_TOKEN_COOKIE_NAME,f as NULL_SESSION,h as PKCE_COOKIE_NAME,i as SESSION_COOKIE_NAME,j as SESSION_STRATEGY_COOKIE_NAME,k as createAuth,n as createHandler,s as json,u as parseCookies,x as redirect};//# sourceMappingURL=index.js.map

package/dist/src/index.d.ts

@@ -0,0 +1,3 @@
+export * from './core';
+export type { GauSession, Session, User } from './core';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAA;AACtB,YAAY,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA"}

package/dist/src/index.js

@@ -0,0 +1 @@
+import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CSRF_COOKIE_NAME as m,CSRF_MAX_AGE as p,Cookies as t,DEFAULT_COOKIE_SERIALIZE_OPTIONS as c,LINKING_TOKEN_COOKIE_NAME as e,NULL_SESSION as f,PKCE_COOKIE_NAME as h,SESSION_COOKIE_NAME as i,SESSION_STRATEGY_COOKIE_NAME as j,createAuth as k,createHandler as n,json as s,parseCookies as u,redirect as x}from"../chunk-BU67DYGK.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CSRF_COOKIE_NAME,p as CSRF_MAX_AGE,t as Cookies,c as DEFAULT_COOKIE_SERIALIZE_OPTIONS,e as LINKING_TOKEN_COOKIE_NAME,f as NULL_SESSION,h as PKCE_COOKIE_NAME,i as SESSION_COOKIE_NAME,j as SESSION_STRATEGY_COOKIE_NAME,k as createAuth,n as createHandler,s as json,u as parseCookies,x as redirect};//# sourceMappingURL=index.js.map

package/dist/src/jwt/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":"AAAA,cAAc,OAAO,CAAA"}

package/dist/src/jwt/index.js

@@ -0,0 +1 @@
+import{sign as o,verify as r}from"../../chunk-BU67DYGK.js";export{o as sign,r as verify};//# sourceMappingURL=index.js.map

package/dist/src/jwt/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/jwt/jwt.ts"],"names":[],"mappings":"AAWA,MAAM,MAAM,kBAAkB,GAAG,OAAO,GAAG,OAAO,CAAA;AAElD,UAAU,iBAAiB;IACzB,iFAAiF;IACjF,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED,MAAM,MAAM,WAAW,GACjB,CAAC;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,UAAU,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,GACjE,iBAAiB,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,GAC9E,CAAC;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAAC,UAAU,CAAC,EAAE,KAAK,CAAA;CAAE,GACvE,iBAAiB,GAAG;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAAA;AAElF;;;GAGG;AACH,wBAAsB,IAAI,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,MAAM,CAAC,CA6DpH;AAED,MAAM,MAAM,aAAa,GACnB;IAAE,SAAS,CAAC,EAAE,OAAO,CAAC;IAAC,SAAS,CAAC,EAAE,SAAS,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,GACtG;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAAC,SAAS,CAAC,EAAE,KAAK,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAA;AAEpH;;;;GAIG;AACH,wBAAsB,MAAM,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,CAAC,CAAC,CAoG3G"}

package/dist/src/jwt/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/jwt/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,EAAE,UAAU,GAAG,OAAO,CAOvE;AAoBD,wBAAsB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;IAAE,UAAU,EAAE,SAAS,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAAC,CA6BnH;AAED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,UAAU,GAAG,UAAU,CA2CpD"}

package/dist/src/oauth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/oauth/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAA;AAEjD,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,aAAa,EAAE,OAAO,GAAG,IAAI,CAAA;IAC7B,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CAC7B;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,SAAS,MAAM,GAAG,MAAM;IACtD,EAAE,EAAE,CAAC,CAAA;IACL,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,GAAG,CAAC,CAAA;IACjI,gBAAgB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,MAAM,EAAE,YAAY,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;CAClI"}

package/dist/src/oauth/index.js

@@ -0,0 +1 @@
+import{CodeChallengeMethod as e,OAuth2Client as t}from"arctic";var i="https://api.github.com";function a(a){const r=new t(a.clientId,a.clientSecret,a.redirectUri??null);function n(e){return!e||a.redirectUri&&e===a.redirectUri?r:new t(a.clientId,a.clientSecret,e)}return{id:"github",async getAuthorizationUrl(t,i,r){const o=n(r?.redirectUri),c=r?.scopes??a.scope??["user:email"];return await o.createAuthorizationURLWithPKCE("https://github.com/login/oauth/authorize",t,e.S256,i,c)},async validateCallback(e,t,a){const r=n(a),o=await r.validateAuthorizationCode("https://github.com/login/oauth/access_token",e,t),c=await async function(e){const t=await fetch(`${i}/user`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}}),a=await t.json();let r=a.email,n=!1;const o=await fetch(`${i}/user/emails`,{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau",Accept:"application/vnd.github+json"}});if(o.ok){const e=await o.json(),t=e.find(e=>e.primary&&e.verified);if(t)r=t.email,n=!0;else{const t=e.find(e=>e.verified);t&&(r=t.email,n=!0)}}return{id:a.id.toString(),name:a.name??a.login,email:r,emailVerified:n,avatar:a.avatar_url,raw:a}}(o.accessToken());return{tokens:o,user:c}}}}import{CodeChallengeMethod as r,OAuth2Client as n}from"arctic";function o(e){const t=new n(e.clientId,e.clientSecret,e.redirectUri??null);function i(i){return i&&i!==e.redirectUri?new n(e.clientId,e.clientSecret,i):t}return{id:"google",requiresRedirectUri:!0,async getAuthorizationUrl(t,a,n){const o=i(n?.redirectUri),c=n?.scopes??e.scope??["openid","email","profile"];return await o.createAuthorizationURLWithPKCE("https://accounts.google.com/o/oauth2/v2/auth",t,r.S256,a,c)},async validateCallback(e,t,a){const r=i(a),n=await r.validateAuthorizationCode("https://oauth2.googleapis.com/token",e,t),o=await async function(e){const t=await fetch("https://openidconnect.googleapis.com/v1/userinfo",{headers:{Authorization:`Bearer ${e}`,"User-Agent":"gau"}}),i=await t.json();return{id:i.sub,name:i.name,email:i.email,emailVerified:i.email_verified,avatar:i.picture,raw:i}}(n.accessToken());return{tokens:n,user:o}}}}import{CodeChallengeMethod as c,OAuth2Client as s}from"arctic";async function l(e,t){const i=await fetch("https://graph.microsoft.com/v1.0/me",{headers:{Authorization:`Bearer ${e}`}}),a=await i.json();let r=a.mail??a.userPrincipalName,n=!1;if(t)try{const e=t.split("."),i=JSON.parse((new TextDecoder).decode(function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),i=(4-t.length%4)%4,a=t.padEnd(t.length+i,"="),r=atob(a),n=r.length,o=new Uint8Array(n);for(let e=0;e<n;e++)o[e]=r.charCodeAt(e);return o}(e[1]))),a="9188040d-6c67-4c5b-b112-36a304b66dad";if(i.verified_primary_email){const e=Array.isArray(i.verified_primary_email)?i.verified_primary_email[0]:i.verified_primary_email;"string"==typeof e&&(r=e,n=!0)}else(i.tid===a||!0===i.xms_edov)&&(r=i.email??r,n=!0)}catch{}const o=await fetch("https://graph.microsoft.com/v1.0/me/photo/$value",{headers:{Authorization:`Bearer ${e}`}});let c=null;if(o.ok)try{const e=await o.blob(),t=new FileReader,i=new Promise((i,a)=>{t.onloadend=()=>i(t.result),t.onerror=a,t.readAsDataURL(e)});c=await i}catch{}return{id:a.id,name:a.displayName,email:r,emailVerified:n,avatar:c,raw:a}}function u(e){const t=e.tenant??"common",i=`https://login.microsoftonline.com/${t}/oauth2/v2.0/authorize`,a=`https://login.microsoftonline.com/${t}/oauth2/v2.0/token`,r=new s(e.clientId,e.clientSecret,e.redirectUri??null);function n(t){return t&&t!==e.redirectUri?new s(e.clientId,e.clientSecret,t):r}return{id:"microsoft",requiresRedirectUri:!0,async getAuthorizationUrl(t,a,r){const o=n(r?.redirectUri),s=r?.scopes??e.scope??["openid","profile","email","User.Read"];return await o.createAuthorizationURLWithPKCE(i,t,c.S256,a,s)},async validateCallback(e,t,i){const r=n(i),o=await r.validateAuthorizationCode(a,e,t),c=await l(o.accessToken(),o.idToken());return{tokens:o,user:c}}}}export{a as GitHub,o as Google,u as Microsoft};//# sourceMappingURL=index.js.map

package/dist/src/oauth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/oauth/providers/github.ts","../../../src/oauth/providers/google.ts","../../../src/oauth/providers/microsoft.ts"],"sourcesContent":["import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize'\nconst GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nconst GITHUB_API_URL = 'https://api.github.com'\n\ninterface GitHubUser {\n  id: number\n  login: string\n  avatar_url: string\n  name: string\n  email: string | null\n  [key: string]: unknown\n}\n\ninterface GitHubEmail {\n  email: string\n  primary: boolean\n  verified: boolean\n  visibility: 'public' | 'private' | null\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n  const response = await fetch(`${GITHUB_API_URL}/user`, {\n    headers: {\n      'Authorization': `Bearer ${accessToken}`,\n      'User-Agent': 'gau',\n      'Accept': 'application/vnd.github+json',\n    },\n  })\n  const data: GitHubUser = await response.json()\n\n  let email: string | null = data.email\n  let emailVerified = false\n\n  const emailsResponse = await fetch(`${GITHUB_API_URL}/user/emails`, {\n    headers: {\n      'Authorization': `Bearer ${accessToken}`,\n      'User-Agent': 'gau',\n      'Accept': 'application/vnd.github+json',\n    },\n  })\n\n  if (emailsResponse.ok) {\n    const emails: GitHubEmail[] = await emailsResponse.json()\n    const primaryEmail = emails.find(e => e.primary && e.verified)\n    if (primaryEmail) {\n      email = primaryEmail.email\n      emailVerified = true\n    }\n    else {\n      // Fallback to the first verified email if no primary is found\n      const verifiedEmail = emails.find(e => e.verified)\n      if (verifiedEmail) {\n        email = verifiedEmail.email\n        emailVerified = true\n      }\n    }\n  }\n\n  return {\n    id: data.id.toString(),\n    name: data.name ?? data.login,\n    email,\n    emailVerified,\n    avatar: data.avatar_url,\n    raw: data,\n  }\n}\n\nexport function GitHub(config: OAuthProviderConfig): OAuthProvider<'github'> {\n  const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n  function getClient(redirectUri?: string): OAuth2Client {\n    if (!redirectUri || (config.redirectUri && redirectUri === config.redirectUri))\n      return defaultClient\n\n    return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n  }\n\n  return {\n    id: 'github',\n\n    async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n      const client = getClient(options?.redirectUri)\n      const scopes = options?.scopes ?? config.scope ?? ['user:email']\n      const url = await client.createAuthorizationURLWithPKCE(GITHUB_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n      return url\n    },\n\n    async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n      const client = getClient(redirectUri)\n      const tokens = await client.validateAuthorizationCode(GITHUB_TOKEN_URL, code, codeVerifier)\n      const user = await getUser(tokens.accessToken())\n      return { tokens, user }\n    },\n  }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\nconst GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nconst GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token'\nconst GOOGLE_USERINFO_URL = 'https://openidconnect.googleapis.com/v1/userinfo'\n\ninterface GoogleUser {\n  sub: string\n  name: string\n  email: string | null\n  email_verified: boolean\n  picture: string | null\n  [key: string]: unknown\n}\n\nasync function getUser(accessToken: string): Promise<AuthUser> {\n  const response = await fetch(GOOGLE_USERINFO_URL, {\n    headers: {\n      'Authorization': `Bearer ${accessToken}`,\n      'User-Agent': 'gau',\n    },\n  })\n  const data: GoogleUser = await response.json()\n\n  return {\n    id: data.sub,\n    name: data.name,\n    email: data.email,\n    emailVerified: data.email_verified,\n    avatar: data.picture,\n    raw: data,\n  }\n}\n\nexport function Google(config: OAuthProviderConfig): OAuthProvider<'google'> {\n  const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n  function getClient(redirectUri?: string): OAuth2Client {\n    if (!redirectUri || redirectUri === config.redirectUri)\n      return defaultClient\n\n    return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n  }\n\n  return {\n    id: 'google',\n    requiresRedirectUri: true,\n\n    async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n      const client = getClient(options?.redirectUri)\n      const scopes = options?.scopes ?? config.scope ?? ['openid', 'email', 'profile']\n      const url = await client.createAuthorizationURLWithPKCE(GOOGLE_AUTH_URL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n      return url\n    },\n\n    async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n      const client = getClient(redirectUri)\n      const tokens = await client.validateAuthorizationCode(GOOGLE_TOKEN_URL, code, codeVerifier)\n      const user = await getUser(tokens.accessToken())\n      return { tokens, user }\n    },\n  }\n}\n","import type { AuthUser, OAuthProvider, OAuthProviderConfig } from '../index'\nimport { CodeChallengeMethod, OAuth2Client } from 'arctic'\n\n// https://learn.microsoft.com/en-us/entra/identity-platform/v2-protocols-oidc\nconst MICROSOFT_USER_INFO_URL = 'https://graph.microsoft.com/v1.0/me'\n\n// https://learn.microsoft.com/en-us/graph/api/profilephoto-get?view=graph-rest-1.0\nconst MICROSOFT_USER_PHOTO_URL = 'https://graph.microsoft.com/v1.0/me/photo/$value'\n\ninterface MicrosoftConfig extends OAuthProviderConfig {\n  tenant?: 'common' | 'organizations' | 'consumers' | string\n}\n\ninterface MicrosoftUser {\n  id: string\n  displayName: string\n  mail: string | null\n  userPrincipalName: string\n  [key: string]: unknown\n}\n\nfunction base64url_decode(str: string): Uint8Array {\n  const base64 = str.replace(/-/g, '+').replace(/_/g, '/')\n  const padLength = (4 - (base64.length % 4)) % 4\n  const padded = base64.padEnd(base64.length + padLength, '=')\n  const binary_string = atob(padded)\n  const len = binary_string.length\n  const bytes = new Uint8Array(len)\n  for (let i = 0; i < len; i++)\n    bytes[i] = binary_string.charCodeAt(i)\n\n  return bytes\n}\n\nasync function getUser(accessToken: string, idToken: string | null): Promise<AuthUser> {\n  const userResponse = await fetch(MICROSOFT_USER_INFO_URL, {\n    headers: {\n      Authorization: `Bearer ${accessToken}`,\n    },\n  })\n  const userData: MicrosoftUser = await userResponse.json()\n\n  let email: string | null = userData.mail ?? userData.userPrincipalName\n  let emailVerified = false\n  if (idToken) {\n    try {\n      const parts = idToken.split('.')\n      const payload = JSON.parse(new TextDecoder().decode(base64url_decode(parts[1]!))) as Record<string, any>\n      const personalTenantId = '9188040d-6c67-4c5b-b112-36a304b66dad'\n\n      // For work/school accounts, the `verified_primary_email` is the source of truth.\n      if (payload.verified_primary_email) {\n        const primaryEmail = Array.isArray(payload.verified_primary_email)\n          ? payload.verified_primary_email[0]\n          : payload.verified_primary_email\n\n        if (typeof primaryEmail === 'string') {\n          email = primaryEmail\n          emailVerified = true\n        }\n      }\n      // For personal accounts, the `email` claim is reliable and verified.\n      else if (payload.tid === personalTenantId) {\n        email = payload.email ?? email\n        emailVerified = true\n      }\n      // Legacy fallback for `xms_edov`.\n      else if (payload.xms_edov === true) {\n        email = payload.email ?? email\n        emailVerified = true\n      }\n    }\n    catch {\n    }\n  }\n\n  const photoResponse = await fetch(MICROSOFT_USER_PHOTO_URL, {\n    headers: {\n      Authorization: `Bearer ${accessToken}`,\n    },\n  })\n\n  let avatar: string | null = null\n  if (photoResponse.ok) {\n    try {\n      const blob = await photoResponse.blob()\n      const reader = new FileReader()\n      const dataUrlPromise = new Promise<string>((resolve, reject) => {\n        reader.onloadend = () => resolve(reader.result as string)\n        reader.onerror = reject\n        reader.readAsDataURL(blob)\n      })\n      avatar = await dataUrlPromise\n    }\n    catch {\n    }\n  }\n\n  return {\n    id: userData.id,\n    name: userData.displayName,\n    email,\n    emailVerified,\n    avatar,\n    raw: userData,\n  }\n}\n\nexport function Microsoft(config: MicrosoftConfig): OAuthProvider<'microsoft'> {\n  const tenant = config.tenant ?? 'common'\n\n  const authURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`\n  const tokenURL = `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`\n\n  const defaultClient = new OAuth2Client(config.clientId, config.clientSecret, config.redirectUri ?? null)\n\n  function getClient(redirectUri?: string): OAuth2Client {\n    if (!redirectUri || redirectUri === config.redirectUri)\n      return defaultClient\n\n    return new OAuth2Client(config.clientId, config.clientSecret, redirectUri)\n  }\n\n  return {\n    id: 'microsoft',\n    requiresRedirectUri: true,\n\n    async getAuthorizationUrl(state: string, codeVerifier: string, options?: { scopes?: string[], redirectUri?: string }) {\n      const client = getClient(options?.redirectUri)\n      const scopes = options?.scopes ?? config.scope ?? ['openid', 'profile', 'email', 'User.Read']\n      const url = await client.createAuthorizationURLWithPKCE(authURL, state, CodeChallengeMethod.S256, codeVerifier, scopes)\n      return url\n    },\n\n    async validateCallback(code: string, codeVerifier: string, redirectUri?: string) {\n      const client = getClient(redirectUri)\n      const tokens = await client.validateAuthorizationCode(tokenURL, code, codeVerifier)\n      const user = await getUser(tokens.accessToken(), tokens.idToken())\n      return { tokens, user }\n    },\n  }\n}\n"],"mappings":";AACA,SAAS,qBAAqB,oBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AAkBvB,eAAe,QAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,GAAG,cAAc,SAAS;AAAA,IACrD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,MAAI,QAAuB,KAAK;AAChC,MAAI,gBAAgB;AAEpB,QAAM,iBAAiB,MAAM,MAAM,GAAG,cAAc,gBAAgB;AAAA,IAClE,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,MACd,UAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,MAAI,eAAe,IAAI;AACrB,UAAM,SAAwB,MAAM,eAAe,KAAK;AACxD,UAAM,eAAe,OAAO,KAAK,OAAK,EAAE,WAAW,EAAE,QAAQ;AAC7D,QAAI,cAAc;AAChB,cAAQ,aAAa;AACrB,sBAAgB;AAAA,IAClB,OACK;AAEH,YAAM,gBAAgB,OAAO,KAAK,OAAK,EAAE,QAAQ;AACjD,UAAI,eAAe;AACjB,gBAAQ,cAAc;AACtB,wBAAgB;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,MAAM,KAAK,QAAQ,KAAK;AAAA,IACxB;AAAA,IACA;AAAA,IACA,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAgB,OAAO,eAAe,gBAAgB,OAAO;AAChE,aAAO;AAET,WAAO,IAAI,aAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IAEJ,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,YAAY;AAC/D,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAO,oBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAM,QAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;ACjGA,SAAS,uBAAAA,sBAAqB,gBAAAC,qBAAoB;AAElD,IAAM,kBAAkB;AACxB,IAAM,mBAAmB;AACzB,IAAM,sBAAsB;AAW5B,eAAeC,SAAQ,aAAwC;AAC7D,QAAM,WAAW,MAAM,MAAM,qBAAqB;AAAA,IAChD,SAAS;AAAA,MACP,iBAAiB,UAAU,WAAW;AAAA,MACtC,cAAc;AAAA,IAChB;AAAA,EACF,CAAC;AACD,QAAM,OAAmB,MAAM,SAAS,KAAK;AAE7C,SAAO;AAAA,IACL,IAAI,KAAK;AAAA,IACT,MAAM,KAAK;AAAA,IACX,OAAO,KAAK;AAAA,IACZ,eAAe,KAAK;AAAA,IACpB,QAAQ,KAAK;AAAA,IACb,KAAK;AAAA,EACP;AACF;AAEO,SAAS,OAAO,QAAsD;AAC3E,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,SAAS,SAAS;AAC/E,YAAM,MAAM,MAAM,OAAO,+BAA+B,iBAAiB,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AAC9H,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,kBAAkB,MAAM,YAAY;AAC1F,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,CAAC;AAC/C,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;;;AC9DA,SAAS,uBAAAC,sBAAqB,gBAAAC,qBAAoB;AAGlD,IAAM,0BAA0B;AAGhC,IAAM,2BAA2B;AAcjC,SAAS,iBAAiB,KAAyB;AACjD,QAAM,SAAS,IAAI,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG;AACvD,QAAM,aAAa,IAAK,OAAO,SAAS,KAAM;AAC9C,QAAM,SAAS,OAAO,OAAO,OAAO,SAAS,WAAW,GAAG;AAC3D,QAAM,gBAAgB,KAAK,MAAM;AACjC,QAAM,MAAM,cAAc;AAC1B,QAAM,QAAQ,IAAI,WAAW,GAAG;AAChC,WAAS,IAAI,GAAG,IAAI,KAAK;AACvB,UAAM,CAAC,IAAI,cAAc,WAAW,CAAC;AAEvC,SAAO;AACT;AAEA,eAAeC,SAAQ,aAAqB,SAA2C;AACrF,QAAM,eAAe,MAAM,MAAM,yBAAyB;AAAA,IACxD,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AACD,QAAM,WAA0B,MAAM,aAAa,KAAK;AAExD,MAAI,QAAuB,SAAS,QAAQ,SAAS;AACrD,MAAI,gBAAgB;AACpB,MAAI,SAAS;AACX,QAAI;AACF,YAAM,QAAQ,QAAQ,MAAM,GAAG;AAC/B,YAAM,UAAU,KAAK,MAAM,IAAI,YAAY,EAAE,OAAO,iBAAiB,MAAM,CAAC,CAAE,CAAC,CAAC;AAChF,YAAM,mBAAmB;AAGzB,UAAI,QAAQ,wBAAwB;AAClC,cAAM,eAAe,MAAM,QAAQ,QAAQ,sBAAsB,IAC7D,QAAQ,uBAAuB,CAAC,IAChC,QAAQ;AAEZ,YAAI,OAAO,iBAAiB,UAAU;AACpC,kBAAQ;AACR,0BAAgB;AAAA,QAClB;AAAA,MACF,WAES,QAAQ,QAAQ,kBAAkB;AACzC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB,WAES,QAAQ,aAAa,MAAM;AAClC,gBAAQ,QAAQ,SAAS;AACzB,wBAAgB;AAAA,MAClB;AAAA,IACF,QACM;AAAA,IACN;AAAA,EACF;AAEA,QAAM,gBAAgB,MAAM,MAAM,0BAA0B;AAAA,IAC1D,SAAS;AAAA,MACP,eAAe,UAAU,WAAW;AAAA,IACtC;AAAA,EACF,CAAC;AAED,MAAI,SAAwB;AAC5B,MAAI,cAAc,IAAI;AACpB,QAAI;AACF,YAAM,OAAO,MAAM,cAAc,KAAK;AACtC,YAAM,SAAS,IAAI,WAAW;AAC9B,YAAM,iBAAiB,IAAI,QAAgB,CAAC,SAAS,WAAW;AAC9D,eAAO,YAAY,MAAM,QAAQ,OAAO,MAAgB;AACxD,eAAO,UAAU;AACjB,eAAO,cAAc,IAAI;AAAA,MAC3B,CAAC;AACD,eAAS,MAAM;AAAA,IACjB,QACM;AAAA,IACN;AAAA,EACF;AAEA,SAAO;AAAA,IACL,IAAI,SAAS;AAAA,IACb,MAAM,SAAS;AAAA,IACf;AAAA,IACA;AAAA,IACA;AAAA,IACA,KAAK;AAAA,EACP;AACF;AAEO,SAAS,UAAU,QAAqD;AAC7E,QAAM,SAAS,OAAO,UAAU;AAEhC,QAAM,UAAU,qCAAqC,MAAM;AAC3D,QAAM,WAAW,qCAAqC,MAAM;AAE5D,QAAM,gBAAgB,IAAID,cAAa,OAAO,UAAU,OAAO,cAAc,OAAO,eAAe,IAAI;AAEvG,WAAS,UAAU,aAAoC;AACrD,QAAI,CAAC,eAAe,gBAAgB,OAAO;AACzC,aAAO;AAET,WAAO,IAAIA,cAAa,OAAO,UAAU,OAAO,cAAc,WAAW;AAAA,EAC3E;AAEA,SAAO;AAAA,IACL,IAAI;AAAA,IACJ,qBAAqB;AAAA,IAErB,MAAM,oBAAoB,OAAe,cAAsB,SAAuD;AACpH,YAAM,SAAS,UAAU,SAAS,WAAW;AAC7C,YAAM,SAAS,SAAS,UAAU,OAAO,SAAS,CAAC,UAAU,WAAW,SAAS,WAAW;AAC5F,YAAM,MAAM,MAAM,OAAO,+BAA+B,SAAS,OAAOD,qBAAoB,MAAM,cAAc,MAAM;AACtH,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,iBAAiB,MAAc,cAAsB,aAAsB;AAC/E,YAAM,SAAS,UAAU,WAAW;AACpC,YAAM,SAAS,MAAM,OAAO,0BAA0B,UAAU,MAAM,YAAY;AAClF,YAAM,OAAO,MAAME,SAAQ,OAAO,YAAY,GAAG,OAAO,QAAQ,CAAC;AACjE,aAAO,EAAE,QAAQ,KAAK;AAAA,IACxB;AAAA,EACF;AACF;","names":["CodeChallengeMethod","OAuth2Client","getUser","CodeChallengeMethod","OAuth2Client","getUser"]}

package/dist/src/oauth/providers/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAuE5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,QAAQ,CAAC,CA2B3E"}

package/dist/src/oauth/providers/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAmC5E,wBAAgB,MAAM,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAAC,QAAQ,CAAC,CA4B3E"}

package/dist/src/oauth/providers/microsoft.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../../src/oauth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAY,aAAa,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAA;AAS5E,UAAU,eAAgB,SAAQ,mBAAmB;IACnD,MAAM,CAAC,EAAE,QAAQ,GAAG,eAAe,GAAG,WAAW,GAAG,MAAM,CAAA;CAC3D;AAiGD,wBAAgB,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,aAAa,CAAC,WAAW,CAAC,CAiC7E"}

package/dist/src/oauth/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/oauth/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,eAAe;;;EAQ9B"}

package/dist/src/runtimes/index.d.ts

@@ -0,0 +1,2 @@
+export * from './tauri';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/runtimes/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtimes/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAA"}

package/dist/src/runtimes/index.js

@@ -0,0 +1 @@
+import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../chunk-7WBYR3Q6.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map

package/dist/{runtimes → src/runtimes}/tauri/index.d.ts

@@ -2,7 +2,5 @@ export declare const isTauri: boolean;
 export declare function signInWithTauri(provider: string, baseUrl: string, scheme?: string, redirectOverride?: string): Promise<void>;
 export declare function setupTauriListener(handler: (url: string) => Promise<void>): void;
 export declare function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void): void;
-export declare function storeSessionToken(token: string): void;
-export declare function getSessionToken(): string | null;
-export declare function clearSessionToken(): void;
+export declare function linkAccountWithTauri(provider: string, baseUrl: string, scheme?: string, redirectOverride?: string): Promise<void>;
 //# sourceMappingURL=index.d.ts.map

package/dist/src/runtimes/tauri/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/runtimes/tauri/index.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,OAAO,SAA6C,CAAA;AAEjE,wBAAsB,eAAe,CACnC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAc,EACtB,gBAAgB,CAAC,EAAE,MAAM,iBAoB1B;AAED,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,QAOzE;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,QASjH;AAED,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,MAAM,GAAE,MAAc,EACtB,gBAAgB,CAAC,EAAE,MAAM,iBA2B1B"}

package/dist/src/runtimes/tauri/index.js

@@ -0,0 +1 @@
+import{handleTauriDeepLink as o,isTauri as r,linkAccountWithTauri as m,setupTauriListener as p,signInWithTauri as t}from"../../../chunk-7WBYR3Q6.js";export{o as handleTauriDeepLink,r as isTauri,m as linkAccountWithTauri,p as setupTauriListener,t as signInWithTauri};//# sourceMappingURL=index.js.map

package/dist/src/solidstart/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/solidstart/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,SAAS,CAAA;AAChD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE7C,OAAO,EAAE,UAAU,EAAiB,MAAM,SAAS,CAAA;AAEnD,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,SAAS,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;EAiB/I"}

package/dist/src/solidstart/index.js

@@ -0,0 +1 @@
+import{createAuth as e,createHandler as n}from"../../chunk-BU67DYGK.js";import o from"process";function r(r){const t="providerMap"in r&&"signJWT"in r?r:e(r);t.development="development"===o.env.NODE_ENV;const p=n(t),i=e=>p(e.request);return{GET:i,POST:i,OPTIONS:i}}export{r as SolidAuth};//# sourceMappingURL=index.js.map

package/dist/src/solidstart/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/solidstart/index.ts"],"sourcesContent":["import type { CreateAuthOptions } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport process from 'node:process'\nimport { createAuth, createHandler } from '../core'\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SolidStart.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...auth].ts\n * import { SolidAuth } from '@rttnd/gau/solid-start'\n * import { authOptions } from '~/server/auth'\n *\n * export const { GET, POST } = SolidAuth(authOptions)\n * ```\n */\nexport function SolidAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n  // TODO: Duck-type to check if we have an instance or raw options\n  const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n\n  const auth = isInstance\n    ? (optionsOrAuth as AuthInstance<TProviders>)\n    : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n\n  auth.development = process.env.NODE_ENV === 'development'\n\n  const handler = createHandler(auth)\n  const solidHandler = (event: any) => handler(event.request)\n  return {\n    GET: solidHandler,\n    POST: solidHandler,\n    OPTIONS: solidHandler,\n  }\n}\n"],"mappings":";;;;;;AAEA,OAAO,aAAa;AAiBb,SAAS,UAAyD,eAAyE;AAEhJ,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAElE,QAAM,OAAO,aACR,gBACD,WAAW,aAA8C;AAE7D,OAAK,cAAc,QAAQ,IAAI,aAAa;AAE5C,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,eAAe,CAAC,UAAe,QAAQ,MAAM,OAAO;AAC1D,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,EACX;AACF;","names":[]}

package/dist/{sveltekit → src/sveltekit}/index.d.ts

@@ -16,9 +16,9 @@ type AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof c
  * ```
  */
 export declare function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>): {
-    GET: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
-    POST: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
-    OPTIONS: (event: RequestEvent<Partial<Record<string, string>>, string | null>) => Promise<import("..").ResponseLike>;
+    GET: (event: RequestEvent<AppLayoutParams<"/">, any>) => Promise<import("..").ResponseLike>;
+    POST: (event: RequestEvent<AppLayoutParams<"/">, any>) => Promise<import("..").ResponseLike>;
+    OPTIONS: (event: RequestEvent<AppLayoutParams<"/">, any>) => Promise<import("..").ResponseLike>;
     handle: Handle;
 };
 export {};

package/dist/src/sveltekit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/sveltekit/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AACzD,OAAO,KAAK,EAAE,iBAAiB,EAA2B,MAAM,SAAS,CAAA;AACzE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAC7C,OAAO,EAAE,UAAU,EAAkE,MAAM,SAAS,CAAA;AAEpG,KAAK,YAAY,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,IAAI,UAAU,CAAC,OAAO,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;AAEtG;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE,EAAE,aAAa,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC;;;;;EAwDnJ"}

package/dist/src/sveltekit/index.js

@@ -0,0 +1 @@
+import{NULL_SESSION as e,SESSION_COOKIE_NAME as r,createAuth as t,createHandler as s,parseCookies as n}from"../../chunk-BU67DYGK.js";function o(o){const i="providerMap"in o&&"signJWT"in o?o:t(o);(async()=>{try{i.development=(await import("$app/environment")).dev}catch{i.development=!1}})();const a=s(i),c=e=>a(e.request);return{GET:c,POST:c,OPTIONS:c,handle:async({event:t,resolve:s})=>(t.locals.getSession=async()=>{let s=n(t.request.headers.get("Cookie")).get(r);if(!s){const e=t.request.headers.get("Authorization");e?.startsWith("Bearer ")&&(s=e.substring(7))}const o=Array.from(i.providerMap.keys());if(!s)return{...e,providers:o};try{const r=await i.validateSession(s);return r?{...r,providers:o}:{...e,providers:o}}catch{return{...e,providers:o}}},s(t))}}export{o as SvelteKitAuth};//# sourceMappingURL=index.js.map

package/dist/src/sveltekit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/sveltekit/index.ts"],"sourcesContent":["import type { Handle, RequestEvent } from '@sveltejs/kit'\nimport type { CreateAuthOptions, GauSession, ProviderIds } from '../core'\nimport type { OAuthProvider } from '../oauth'\nimport { createAuth, createHandler, NULL_SESSION, parseCookies, SESSION_COOKIE_NAME } from '../core'\n\ntype AuthInstance<TProviders extends OAuthProvider<any>[]> = ReturnType<typeof createAuth<TProviders>>\n\n/**\n * Creates GET and POST handlers for SvelteKit.\n *\n * @example\n * ```ts\n * // src/routes/api/auth/[...gau]/+server.ts\n * import { SvelteKitAuth } from '@rttnd/gau/sveltekit'\n * import { auth } from '$lib/server/auth'\n *\n * export const { GET, POST } = SvelteKitAuth(auth)\n * ```\n */\nexport function SvelteKitAuth<const TProviders extends OAuthProvider<any>[]>(optionsOrAuth: CreateAuthOptions<TProviders> | AuthInstance<TProviders>) {\n  // TODO: Duck-type to check if we have an instance or raw options\n  const isInstance = 'providerMap' in optionsOrAuth && 'signJWT' in optionsOrAuth\n\n  const auth = isInstance\n    ? (optionsOrAuth as AuthInstance<TProviders>)\n    : createAuth(optionsOrAuth as CreateAuthOptions<TProviders>)\n\n  void (async () => {\n    try {\n      auth.development = (await import('$app/environment')).dev\n    }\n    catch {\n      auth.development = false\n    }\n  })()\n\n  const handler = createHandler(auth)\n  const sveltekitHandler = (event: RequestEvent) => handler(event.request)\n\n  const handle: Handle = async ({ event, resolve }) => {\n    (event.locals as any).getSession = async (): Promise<GauSession<ProviderIds<AuthInstance<TProviders>>>> => {\n      const requestCookies = parseCookies(event.request.headers.get('Cookie'))\n      let sessionToken = requestCookies.get(SESSION_COOKIE_NAME)\n\n      if (!sessionToken) {\n        const authHeader = event.request.headers.get('Authorization')\n        if (authHeader?.startsWith('Bearer '))\n          sessionToken = authHeader.substring(7)\n      }\n\n      const providers = Array.from(auth.providerMap.keys()) as ProviderIds<AuthInstance<TProviders>>[]\n\n      if (!sessionToken)\n        return { ...NULL_SESSION, providers }\n\n      try {\n        const validated = await auth.validateSession(sessionToken)\n        if (!validated)\n          return { ...NULL_SESSION, providers }\n\n        return { ...validated, providers }\n      }\n      catch {\n        return { ...NULL_SESSION, providers }\n      }\n    }\n    return resolve(event)\n  }\n\n  return {\n    GET: sveltekitHandler,\n    POST: sveltekitHandler,\n    OPTIONS: sveltekitHandler,\n    handle,\n  }\n}\n"],"mappings":";;;;;;;;;AAmBO,SAAS,cAA6D,eAAyE;AAEpJ,QAAM,aAAa,iBAAiB,iBAAiB,aAAa;AAElE,QAAM,OAAO,aACR,gBACD,WAAW,aAA8C;AAE7D,QAAM,YAAY;AAChB,QAAI;AACF,WAAK,eAAe,MAAM,OAAO,kBAAkB,GAAG;AAAA,IACxD,QACM;AACJ,WAAK,cAAc;AAAA,IACrB;AAAA,EACF,GAAG;AAEH,QAAM,UAAU,cAAc,IAAI;AAClC,QAAM,mBAAmB,CAAC,UAAwB,QAAQ,MAAM,OAAO;AAEvE,QAAM,SAAiB,OAAO,EAAE,OAAO,QAAQ,MAAM;AACnD,IAAC,MAAM,OAAe,aAAa,YAAwE;AACzG,YAAM,iBAAiB,aAAa,MAAM,QAAQ,QAAQ,IAAI,QAAQ,CAAC;AACvE,UAAI,eAAe,eAAe,IAAI,mBAAmB;AAEzD,UAAI,CAAC,cAAc;AACjB,cAAM,aAAa,MAAM,QAAQ,QAAQ,IAAI,eAAe;AAC5D,YAAI,YAAY,WAAW,SAAS;AAClC,yBAAe,WAAW,UAAU,CAAC;AAAA,MACzC;AAEA,YAAM,YAAY,MAAM,KAAK,KAAK,YAAY,KAAK,CAAC;AAEpD,UAAI,CAAC;AACH,eAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,UAAI;AACF,cAAM,YAAY,MAAM,KAAK,gBAAgB,YAAY;AACzD,YAAI,CAAC;AACH,iBAAO,EAAE,GAAG,cAAc,UAAU;AAEtC,eAAO,EAAE,GAAG,WAAW,UAAU;AAAA,MACnC,QACM;AACJ,eAAO,EAAE,GAAG,cAAc,UAAU;AAAA,MACtC;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AAEA,SAAO;AAAA,IACL,KAAK;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;","names":[]}