npm - @rttnd/gau - Versions diffs - 1.2.4 → 1.2.6 - Mend

@rttnd/gau 1.2.4 → 1.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/dist/chunk-PL7MV7OC.js +1 -0
package/dist/chunk-PL7MV7OC.js.map +1 -0
package/dist/chunk-VZVZ2KXR.js +1 -0
package/dist/chunk-VZVZ2KXR.js.map +1 -0
package/dist/src/client/solid/index.d.ts +1 -0
package/dist/src/client/solid/index.d.ts.map +1 -1
package/dist/src/client/solid/index.jsx +33 -6
package/dist/src/client/svelte/index.svelte.d.ts +1 -0
package/dist/src/client/svelte/index.svelte.d.ts.map +1 -1
package/dist/src/client/svelte/index.svelte.js +1 -1
package/dist/src/client/svelte/index.svelte.js.map +1 -1
package/dist/src/client/token.d.ts +3 -0
package/dist/src/client/token.d.ts.map +1 -1
package/dist/src/client/vanilla/index.d.ts +2 -1
package/dist/src/client/vanilla/index.d.ts.map +1 -1
package/dist/src/client/vanilla/index.js +1 -1
package/dist/src/client/vanilla/index.js.map +1 -1
package/dist/src/core/createAuth.d.ts +27 -6
package/dist/src/core/createAuth.d.ts.map +1 -1
package/dist/src/core/handlers/callback.d.ts.map +1 -1
package/dist/src/core/handlers/index.js +1 -1
package/dist/src/core/handlers/link.d.ts.map +1 -1
package/dist/src/core/handlers/session.d.ts.map +1 -1
package/dist/src/core/index.d.ts +2 -0
package/dist/src/core/index.d.ts.map +1 -1
package/dist/src/core/index.js +1 -1
package/dist/src/core/utils.d.ts +10 -0
package/dist/src/core/utils.d.ts.map +1 -0
package/dist/src/index.js +1 -1
package/dist/src/jwt/index.js +1 -1
package/dist/src/oauth/index.js +1 -1
package/dist/src/oauth/index.js.map +1 -1
package/dist/src/oauth/providers/facebook.d.ts.map +1 -1
package/dist/src/runtimes/index.js +1 -1
package/dist/src/runtimes/tauri/index.js +1 -1
package/dist/src/solidstart/index.d.ts +23 -3
package/dist/src/solidstart/index.d.ts.map +1 -1
package/dist/src/solidstart/index.js +1 -1
package/dist/src/solidstart/index.js.map +1 -1
package/dist/src/sveltekit/index.d.ts +21 -3
package/dist/src/sveltekit/index.d.ts.map +1 -1
package/dist/src/sveltekit/index.js +1 -1
package/dist/src/sveltekit/index.js.map +1 -1
package/package.json +1 -1
package/dist/chunk-GVRQST3R.js +0 -1
package/dist/chunk-GVRQST3R.js.map +0 -1
package/dist/chunk-XUNWIMPF.js +0 -1
package/dist/chunk-XUNWIMPF.js.map +0 -1

package/dist/src/client/svelte/index.svelte.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/client/token.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/core/createAuth.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/client/vanilla/index.ts"],"sourcesContent":["import { BROWSER } from 'esm-env'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem('gau-token', token)\n document.cookie = `__gau-session-token=${token}; path=/; max-age=31536000; samesite=lax; secure`\n }\n catch {}\n}\n\nexport function getSessionToken(): string \| null {\n if (!BROWSER)\n return null\n return localStorage.getItem('gau-token')\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem('gau-token')\n document.cookie = `__gau-session-token=; path=/; max-age=0`\n }\n catch {}\n}\n\nexport async function generatePKCE() {\n if (!BROWSER \|\| !window.crypto \|\| !window.crypto.subtle)\n throw new Error('PKCE relies on window.crypto, which is not available in this environment.')\n\n function base64UrlEncode(array: Uint8Array): string {\n return btoa(String.fromCharCode(...array))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n }\n\n const verifierLength = 43\n const randomValues = new Uint8Array(verifierLength)\n window.crypto.getRandomValues(randomValues)\n const codeVerifier = base64UrlEncode(randomValues)\n\n const encoder = new TextEncoder()\n const data = encoder.encode(codeVerifier)\n const hash = await window.crypto.subtle.digest('SHA-256', data)\n const codeChallenge = base64UrlEncode(new Uint8Array(hash))\n\n return { codeVerifier, codeChallenge }\n}\n","import type { ProfileName, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { generatePKCE, getSessionToken } from '../../client/token'\n\nexport function isTauri(): boolean {\n return BROWSER && '__TAURI_INTERNALS__' in globalThis\n}\n\nfunction resolveOrigin(baseUrl: string): string \| null {\n try {\n return new URL(baseUrl).origin\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n return new URL(baseUrl, window.location.origin).origin\n }\n catch {\n return null\n }\n }\n return null\n }\n}\n\nexport async function signInWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n function resolveAbsoluteBase(base: string): string {\n try {\n const u = new URL(base)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(base, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return base\n }\n }\n return base\n }\n }\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const { codeVerifier, codeChallenge } = await generatePKCE()\n localStorage.setItem('gau-pkce-verifier', codeVerifier)\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n if (profile)\n params.set('profile', String(profile))\n params.set('code_challenge', codeChallenge)\n const resolvedBase = resolveAbsoluteBase(baseUrl)\n const authUrl = `${resolvedBase}/${provider}?${params.toString()}`\n await openUrl(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport async function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n const baseOrigin = resolveOrigin(baseUrl)\n if (parsed.protocol !== `${scheme}:` && (!baseOrigin \|\| parsed.origin !== baseOrigin))\n return\n\n const queryParams = new URLSearchParams(parsed.search)\n const code = queryParams.get('code')\n if (code) {\n const verifier = localStorage.getItem('gau-pkce-verifier')\n if (!verifier) {\n console.error('No PKCE verifier found')\n return\n }\n localStorage.removeItem('gau-pkce-verifier')\n\n try {\n const res = await fetch(`${baseUrl}/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ code, codeVerifier: verifier }),\n })\n if (res.ok) {\n const data = await res.json()\n if (data.token)\n onToken(data.token)\n }\n else {\n console.error('Failed to exchange code for token')\n }\n }\n catch (e) {\n console.error('Error exchanging code for token:', e)\n }\n }\n}\n\nexport async function linkAccountWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n params.set('token', token)\n if (profile)\n params.set('profile', String(profile))\n const resolvedBase = (() => {\n try {\n const u = new URL(baseUrl)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(baseUrl, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return baseUrl\n }\n }\n return baseUrl\n }\n })()\n const linkUrl = `${resolvedBase}/link/${provider}?${params.toString()}`\n await openUrl(linkUrl)\n}\n\nexport async function startAuthBridge(\n baseUrl: string,\n scheme: string,\n onToken: (token: string) => Promise<void> \| void,\n): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const unlisten = await setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, onToken)\n })\n return unlisten\n}\n","import type { GauSession, ProfileName, ProviderIds } from '../../core'\n// @ts-expect-error svelte-kit\nimport { replaceState } from '$app/navigation'\nimport { BROWSER } from 'esm-env'\nimport { getContext, onMount, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { isTauri } from '../../runtimes/tauri'\nimport { createAuthClient } from '../vanilla'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n isLoading: boolean\n signIn: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n linkAccount: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n refresh: () => Promise<void>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n\n const client = createAuthClient<TAuth>({\n baseUrl,\n })\n\n const fetchSession = async (): Promise<CurrentSession> => {\n if (!BROWSER)\n return { ...NULL_SESSION, providers: [] }\n return client.refreshSession()\n }\n\n let session: CurrentSession = $state({ ...NULL_SESSION, providers: [] })\n let isLoading = $state(true)\n\n async function replaceUrlSafe(url: string) {\n try {\n replaceState(url, {})\n }\n catch {\n if (BROWSER)\n window.history.replaceState(null, '', url)\n }\n }\n\n async function signIn<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n const inTauri = isTauri()\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n\n if (inTauri) {\n const { signInWithTauri } = await import('../../runtimes/tauri')\n await signInWithTauri<TAuth, P, typeof profile>(provider, baseUrl, scheme, finalRedirectTo, profile)\n return\n }\n\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const url = await client.signIn<P, typeof profile>(provider, { redirectTo: finalRedirectTo, profile })\n if (BROWSER)\n window.location.href = url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri')\n await linkAccountWithTauri<TAuth, P, typeof profile>(provider, baseUrl, scheme, redirectTo, profile)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const url = await client.linkAccount<P, typeof profile>(provider, { redirectTo: finalRedirectTo, profile })\n if (BROWSER)\n window.location.href = url\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const ok = await client.unlinkAccount(provider)\n if (ok)\n session = await fetchSession()\n else\n console.error('Failed to unlink account')\n }\n\n async function signOut() {\n await client.signOut()\n session = await fetchSession()\n }\n\n onMount(() => {\n if (!BROWSER)\n return\n\n void (async () => {\n const handled = await client.handleRedirectCallback(async url => replaceUrlSafe(url))\n if (!handled)\n session = await fetchSession()\n\n isLoading = false\n })()\n\n let cleanup: (() => void) \| void\n let disposed = false\n\n if (!isTauri())\n return\n\n void (async () => {\n const { startAuthBridge } = await import('../../runtimes/tauri')\n const unlisten = await startAuthBridge(baseUrl, scheme, async (token) => {\n await client.applySessionToken(token)\n session = await fetchSession()\n })\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })()\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n get isLoading() {\n return isLoading\n },\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n refresh: async () => { session = await fetchSession() },\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string \| null \| undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string \| undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' \| 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\nexport const PROVIDER_OPTIONS_COOKIE_NAME = '__gau-provider-options'\nexport const CLIENT_CHALLENGE_COOKIE_NAME = '__gau-client-challenge'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","import type { OAuth2Tokens } from 'arctic'\nimport type { SerializeOptions } from 'cookie'\nimport type { SignOptions, VerifyOptions } from '../jwt'\nimport type { AuthUser, OAuthProvider, OAuthProviderConfig, ProviderProfileOverrides } from '../oauth'\nimport type { Cookies } from './cookies'\nimport type { Adapter, GauSession } from './index'\nimport { serialize } from 'cookie'\nimport { sign, verify } from '../jwt'\nimport { DEFAULT_COOKIE_SERIALIZE_OPTIONS, SESSION_COOKIE_NAME } from './cookies'\nimport { AuthError } from './index'\n\ntype ProviderId<P> = P extends OAuthProvider<infer T> ? T : never\nexport type ProviderIds<T> = T extends { providerMap: Map<infer K extends string, any> } ? K : string\n\nexport type ProfileName<T, P extends string> = T extends { profiles: infer R }\n ? P extends keyof R\n ? keyof R[P]\n : never\n : never\n\nexport interface CreateAuthOptions<TProviders extends OAuthProvider[]> {\n /** The database adapter to use for storing users and accounts. /\n adapter: Adapter\n /* Array of OAuth providers to support. /\n providers: TProviders\n /* Base path for authentication routes (defaults to '/api/auth'). /\n basePath?: string\n /* Session management options /\n session?: {\n /* Strategy to use for sessions: 'auto' (default), 'cookie', or 'token'. /\n strategy?: 'auto' \| 'cookie' \| 'token'\n }\n /* Configuration for JWT signing and verification. /\n jwt?: {\n /* Signing algorithm: 'ES256' (default) or 'HS256'. /\n algorithm?: 'ES256' \| 'HS256'\n /* Secret for HS256 or base64url-encoded private key for ES256 (overrides AUTH_SECRET). /\n secret?: string\n /* Issuer claim (iss) for JWTs. /\n iss?: string\n /* Audience claim (aud) for JWTs. /\n aud?: string\n /* Default time-to-live in seconds for JWTs (defaults to 1 day). /\n ttl?: number\n }\n /* Custom options for session cookies. /\n cookies?: Partial<SerializeOptions>\n /\n Hook that fires right after provider.validateCallback() returns tokens,\n * but before any user lookup/link/create logic. Return { handled: true, response }\n * to short-circuit the default flow and send a custom response.\n /\n onOAuthExchange?: (context: {\n request: Request\n providerId: string\n state: string\n code: string\n codeVerifier: string\n callbackUri?: string \| null\n redirectTo: string\n cookies: Cookies\n providerUser: AuthUser\n tokens: OAuth2Tokens\n isLinking: boolean\n sessionUserId?: string\n }) => Promise<{ handled: true, response: Response } \| { handled: false }>\n /* Map/override the provider's profile right after token exchange. /\n mapExternalProfile?: (context: {\n request: Request\n providerId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n isLinking: boolean\n }) => Promise<AuthUser \| Partial<AuthUser> \| null \| undefined>\n /* Gate the link action just before persisting an account. /\n onBeforeLinkAccount?: (context: {\n request: Request\n providerId: string\n userId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n }) => Promise<{ allow: true } \| { allow: false, response?: Response }>\n /* Observe or augment after link/update tokens. /\n onAfterLinkAccount?: (context: {\n request: Request\n providerId: string\n userId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n action: 'link' \| 'update'\n }) => Promise<void>\n /* Trusted hosts for CSRF protection: 'all' or array of hostnames (defaults to []). /\n trustHosts?: 'all' \| string[]\n /* Account linking behavior: 'verifiedEmail' (default), 'always', or false. /\n autoLink?: 'verifiedEmail' \| 'always' \| false\n /* Allow linking providers whose primary emails differ from the user's current primary email. Defaults to true. /\n allowDifferentEmails?: boolean\n /* When linking a new provider, update missing user info (name/image/emailVerified) from provider profile. Defaults to false. /\n updateUserInfoOnLink?: boolean\n /* Optional configuration for role-based access control. /\n roles?: {\n /* Default role for newly created users. /\n defaultRole?: string\n /* Dynamically resolve the role at the moment of user creation. Return undefined to fall back to defaultRole. /\n resolveOnCreate?: (context: { providerId: string, profile: any, request: Request }) => string \| undefined\n /* Roles that are considered admin-like for helper predicates and `session.user.isAdmin`. /\n adminRoles?: string[]\n /* Users that are always treated as admin for helper predicates and `session.user.isAdmin`. /\n adminUserIds?: string[]\n }\n /\n CORS configuration. When true (default): request Origin & allow credentials\n * When false, CORS headers are not added at all.\n * Provide an object to fine-tune behaviour.\n /\n cors?: true \| false \| {\n /\n Allowed origins.\n * - 'all' (default) allows any origin (reflected when credentials enabled),\n * - 'trust' reuses the createAuth trustHosts list\n * - specify an explicit array of full origins (e.g. https://app.example.com)\n * or hostnames (e.g. app.example.com).\n * When array contains '', it's treated as 'all'.\n /\n allowedOrigins?: 'all' \| 'trust' \| string[]\n /** Whether to send Access-Control-Allow-Credentials (defaults to true). /\n allowCredentials?: boolean\n /* Allowed headers (defaults to ['Content-Type','Authorization','Cookie']). /\n allowedHeaders?: string[]\n /* Allowed methods (defaults to ['GET','POST','OPTIONS']). /\n allowedMethods?: string[]\n /* Exposed headers (optional). /\n exposeHeaders?: string[]\n /* Preflight max age in seconds (optional). /\n maxAge?: number\n }\n /\n Named, server-defined profiles that group provider specific settings.\n * Clients can reference a profile by name (e.g. signIn('github', { profile: 'myprofile' })).\n /\n profiles?: ProfilesConfig<TProviders>\n}\n\n/\n Options for issuing a session.\n /\nexport interface IssueSessionOptions {\n /* Custom claims to include in the session JWT. /\n data?: Record<string, unknown>\n /* Time-to-live in seconds (defaults to auth's configured jwt.ttl). /\n ttl?: number\n}\n\n/\n Result of issuing a session.\n /\nexport interface IssueSessionResult {\n /* The raw JWT session token (for Bearer auth or storage). /\n token: string\n /* The serialized Set-Cookie header value (for web apps). /\n cookie: string\n /* The cookie name used by gau. /\n cookieName: string\n /* The maxAge in seconds. /\n maxAge: number\n}\n\nexport type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {\n providerMap: Map<ProviderId<TProviders[number]>, TProviders[number]>\n basePath: string\n cookieOptions: SerializeOptions\n jwt: { ttl: number }\n onOAuthExchange?: CreateAuthOptions<TProviders>['onOAuthExchange']\n mapExternalProfile?: CreateAuthOptions<TProviders>['mapExternalProfile']\n onBeforeLinkAccount?: CreateAuthOptions<TProviders>['onBeforeLinkAccount']\n onAfterLinkAccount?: CreateAuthOptions<TProviders>['onAfterLinkAccount']\n signJWT: <U extends Record<string, unknown>>(payload: U, customOptions?: Partial<SignOptions>) => Promise<string>\n verifyJWT: <U = Record<string, unknown>>(token: string, customOptions?: Partial<VerifyOptions>) => Promise<U \| null>\n createSession: (userId: string, data?: Record<string, unknown>, ttl?: number) => Promise<string>\n validateSession: (token: string) => Promise<GauSession \| null>\n /\n Issue a session for a user, returning both the token and a Set-Cookie header.\n * Useful for guest login, invite redemption, admin impersonation, etc.\n /\n issueSession: (userId: string, options?: IssueSessionOptions) => Promise<IssueSessionResult>\n /\n Refresh an existing session, issuing a new token with extended TTL.\n * Preserves custom claims from the original token.\n \n @param token - The existing session token to refresh\n * @param options.ttl - Override the default TTL for the new token\n * @param options.threshold - Only refresh if past this fraction of TTL (0-1).\n * When set, returns null if below threshold.\n * Example: 0.5 means only refresh if session is past 50% of its lifetime.\n * @returns The refreshed session, or null if invalid/expired/below threshold\n /\n refreshSession: (token: string, options?: { ttl?: number, threshold?: number }) => Promise<IssueSessionResult \| null>\n /\n Get a valid access token for a linked provider. If the stored token is expired and a refresh token exists,\n * this will refresh it using the provider's refreshAccessToken and persist rotated tokens.\n /\n getAccessToken: (userId: string, providerId: string) => Promise<{ accessToken: string, expiresAt?: number \| null } \| null>\n trustHosts: 'all' \| string[]\n autoLink: 'verifiedEmail' \| 'always' \| false\n allowDifferentEmails: boolean\n updateUserInfoOnLink: boolean\n sessionStrategy: 'auto' \| 'cookie' \| 'token'\n development: boolean\n roles: {\n defaultRole: string\n resolveOnCreate?: (context: { providerId: string, profile: any, request: Request }) => string \| undefined\n adminRoles: string[]\n adminUserIds: string[]\n }\n cors: false \| {\n allowedOrigins: 'all' \| 'trust' \| string[]\n allowCredentials: boolean\n allowedHeaders: string[]\n allowedMethods: string[]\n exposeHeaders?: string[]\n maxAge?: number\n }\n profiles: ResolvedProfiles<TProviders>\n}\n\nexport interface ProfileDefinition {\n scopes?: string[]\n redirectUri?: string\n /* When true, this profile can only be linked to an existing session; standalone sign-in is disabled. /\n linkOnly?: boolean\n /* Additional provider-specific authorization params. /\n params?: Record<string, string>\n}\n\ntype ProviderIdOfArray<TProviders extends OAuthProvider[]> = ProviderId<TProviders[number]>\ntype ProviderConfigFor<TProviders extends OAuthProvider[], K extends string>\n = Extract<TProviders[number], OAuthProvider<K, any>> extends OAuthProvider<any, infer C> ? C : OAuthProviderConfig\n\nexport type ProfilesConfig<TProviders extends OAuthProvider[]> = Partial<{\n [K in ProviderIdOfArray<TProviders>]: Record<string, ProfileDefinition & ProviderProfileOverrides<ProviderConfigFor<TProviders, K>>>\n}>\nexport type ResolvedProfiles<TProviders extends OAuthProvider[]> = ProfilesConfig<TProviders>\n\nexport function createAuth<const TProviders extends OAuthProvider[]>({\n adapter,\n providers,\n basePath = '/api/auth',\n jwt: jwtConfig = {},\n session: sessionConfig = {},\n cookies: cookieConfig = {},\n onOAuthExchange,\n mapExternalProfile,\n onBeforeLinkAccount,\n onAfterLinkAccount,\n trustHosts = [],\n autoLink = 'verifiedEmail',\n allowDifferentEmails = true,\n updateUserInfoOnLink = false,\n roles: rolesConfig = {},\n cors = true,\n profiles: profilesConfig,\n}: CreateAuthOptions<TProviders>): Auth<TProviders> {\n const { algorithm = 'ES256', secret, iss, aud, ttl: defaultTTL = 3600 24 * 7 } = jwtConfig\n const cookieOptions = { ...DEFAULT_COOKIE_SERIALIZE_OPTIONS, ...cookieConfig }\n\n const sessionStrategy: 'auto' \| 'cookie' \| 'token' = sessionConfig.strategy ?? 'auto'\n\n if (algorithm === 'ES256' && secret !== undefined && typeof secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n\n const providerMap = new Map(providers.map(p => [p.id, p]))\n\n const resolvedCors: Auth['cors'] = cors === false\n ? false\n : {\n allowedOrigins: (cors === true ? 'all' : cors.allowedOrigins) ?? 'all',\n allowCredentials: (cors === true ? true : cors.allowCredentials) ?? true,\n allowedHeaders: (cors === true ? undefined : cors.allowedHeaders) ?? ['Content-Type', 'Authorization', 'Cookie'],\n allowedMethods: (cors === true ? undefined : cors.allowedMethods) ?? ['GET', 'POST', 'OPTIONS'],\n exposeHeaders: cors === true ? undefined : cors.exposeHeaders,\n maxAge: cors === true ? undefined : cors.maxAge,\n }\n\n const resolvedProfiles = (profilesConfig ?? {}) as ResolvedProfiles<TProviders>\n const resolvedRoles = {\n defaultRole: rolesConfig.defaultRole ?? 'user',\n resolveOnCreate: rolesConfig.resolveOnCreate,\n adminRoles: rolesConfig.adminRoles ?? ['admin'],\n adminUserIds: rolesConfig.adminUserIds ?? [],\n }\n\n function buildSignOptions(custom: Partial<SignOptions> = {}): SignOptions {\n const base = { ttl: custom.ttl, iss: custom.iss ?? iss, aud: custom.aud ?? aud, sub: custom.sub }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n if (custom.secret !== undefined && typeof custom.secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n const esSecret = custom.secret ?? secret\n return { algorithm, privateKey: custom.privateKey, secret: esSecret, ...base }\n }\n }\n\n function buildVerifyOptions(custom: Partial<VerifyOptions> = {}): VerifyOptions {\n const base = { iss: custom.iss ?? iss, aud: custom.aud ?? aud }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n if (custom.secret !== undefined && typeof custom.secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n const esSecret = custom.secret ?? secret\n return { algorithm, publicKey: custom.publicKey, secret: esSecret, ...base }\n }\n }\n\n async function signJWT<U extends Record<string, unknown>>(payload: U, customOptions: Partial<SignOptions> = {}): Promise<string> {\n return sign(payload, buildSignOptions(customOptions))\n }\n\n async function verifyJWT<U = Record<string, unknown>>(token: string, customOptions: Partial<VerifyOptions> = {}): Promise<U \| null> {\n const options = buildVerifyOptions(customOptions)\n try {\n return await verify<U>(token, options)\n }\n catch {\n return null\n }\n }\n\n async function createSession(userId: string, data: Record<string, unknown> = {}, ttl = defaultTTL): Promise<string> {\n const payload = { sub: userId, ...data }\n return signJWT(payload, { ttl })\n }\n\n async function issueSession(userId: string, options: IssueSessionOptions = {}): Promise<IssueSessionResult> {\n const { data = {}, ttl = defaultTTL } = options\n const token = await createSession(userId, data, ttl)\n\n const cookieOpts: SerializeOptions = {\n ...cookieOptions,\n maxAge: ttl,\n }\n\n const cookie = serialize(SESSION_COOKIE_NAME, token, cookieOpts)\n\n return {\n token,\n cookie,\n cookieName: SESSION_COOKIE_NAME,\n maxAge: ttl,\n }\n }\n\n async function refreshSession(token: string, options: { ttl?: number, threshold?: number } = {}): Promise<IssueSessionResult \| null> {\n const payload = await verifyJWT<{ sub: string, iat?: number } & Record<string, unknown>>(token)\n if (!payload \|\| !payload.sub)\n return null\n\n if (options.threshold != null && options.threshold > 0 && options.threshold < 1) {\n const { iat } = payload\n if (iat) {\n const now = Math.floor(Date.now() / 1000)\n const sessionAge = now - iat\n const ttl = options.ttl ?? defaultTTL\n const thresholdSeconds = ttl * options.threshold\n\n if (sessionAge < thresholdSeconds)\n return null\n }\n }\n\n const user = await adapter.getUser(payload.sub)\n if (!user)\n return null\n const { sub, iat, exp, iss, aud, nbf, jti, ...customClaims } = payload\n\n return issueSession(payload.sub, {\n data: customClaims,\n ttl: options.ttl,\n })\n }\n\n async function validateSession(token: string): Promise<GauSession \| null> {\n const payload = await verifyJWT<{ sub: string } & Record<string, unknown>>(token)\n if (!payload)\n return null\n\n const userAndAccounts = await adapter.getUserAndAccounts(payload.sub)\n if (!userAndAccounts)\n return null\n\n const { user, accounts } = userAndAccounts\n const isAdmin = Boolean(\n user\n && (\n (user.role && resolvedRoles.adminRoles.includes(user.role))\n \|\| (resolvedRoles.adminUserIds.length > 0 && resolvedRoles.adminUserIds.includes(user.id))\n ),\n )\n const sessionUser = user ? { ...user, isAdmin } : null\n\n return { user: sessionUser, session: { id: token, ...payload }, accounts }\n }\n\n async function getAccessToken(userId: string, providerId: string) {\n const provider = providerMap.get(providerId)\n if (!provider)\n return null\n\n const accounts = await adapter.getAccounts(userId)\n const account = accounts.find(a => a.provider === providerId)\n if (!account \|\| !account.accessToken)\n return null\n\n const now = Math.floor(Date.now() / 1000)\n const isExpired = typeof account.expiresAt === 'number' ? account.expiresAt <= now : false\n\n if (!isExpired)\n return { accessToken: account.accessToken, expiresAt: account.expiresAt ?? null }\n\n if (!account.refreshToken \|\| !provider.refreshAccessToken)\n return null\n\n try {\n const refreshed = await provider.refreshAccessToken(account.refreshToken, {})\n const updated = {\n userId,\n provider: account.provider,\n providerAccountId: account.providerAccountId,\n accessToken: refreshed.accessToken ?? account.accessToken,\n refreshToken: refreshed.refreshToken ?? account.refreshToken,\n expiresAt: refreshed.expiresAt ?? null,\n idToken: refreshed.idToken ?? account.idToken ?? null,\n tokenType: refreshed.tokenType ?? account.tokenType ?? null,\n scope: refreshed.scope ?? account.scope ?? null,\n }\n await adapter.updateAccount?.(updated)\n return { accessToken: updated.accessToken!, expiresAt: updated.expiresAt }\n }\n catch {\n return null\n }\n }\n\n return {\n ...adapter,\n providerMap: providerMap as Map<ProviderId<TProviders[number]>, TProviders[number]>,\n basePath,\n cookieOptions,\n jwt: {\n ttl: defaultTTL,\n },\n onOAuthExchange,\n mapExternalProfile,\n onBeforeLinkAccount,\n onAfterLinkAccount,\n signJWT,\n verifyJWT,\n createSession,\n validateSession,\n issueSession,\n refreshSession,\n getAccessToken,\n trustHosts,\n autoLink,\n allowDifferentEmails,\n profiles: resolvedProfiles,\n updateUserInfoOnLink,\n sessionStrategy,\n development: false,\n roles: resolvedRoles,\n cors: resolvedCors,\n }\n}\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' \| 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. /\n ttl?: number\n}\n\nexport type SignOptions\n = \| ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string \| string[], sub?: string })\n \| ({ algorithm: 'HS256', secret?: string \| Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string \| string[], sub?: string })\n\n/\n Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n /\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r\|\|s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = \| { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string \| string[] }\n \| { algorithm: 'HS256', secret?: string \| Uint8Array, publicKey?: never, iss?: string, aud?: string \| string[] }\n\n/\n Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n /\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r\|\|s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface User {\n id: string\n name?: string \| null\n email?: string \| null\n emailVerified?: boolean \| null\n image?: string \| null\n role?: string \| null\n isAdmin?: boolean\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User \| null\n session: Session \| null\n accounts?: Account[] \| null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' \| 'accounts' \| 'isAdmin'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string \| null\n refreshToken?: string \| null\n expiresAt?: number \| null // epoch seconds\n idToken?: string \| null\n scope?: string \| null\n tokenType?: string \| null\n sessionState?: string \| null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User \| null>\n getUserByEmail: (email: string) => Promise<User \| null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User \| null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } \| null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateAccount?: (data: Partial<Account> & { userId: string, provider: string, providerAccountId: string }) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 \| 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport from './cookies'\nexport * from './createAuth'\nexport * from './handler'\n","import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { isTauri } from '../../runtimes/tauri/index'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\nexport interface AuthClientOptions {\n baseUrl: string\n scheme?: string\n}\n\ntype SessionListener<TAuth = unknown> = (session: GauSession<ProviderIds<TAuth>>) => void\n\nfunction buildQuery(params: Record<string, string \| undefined \| null>): string {\n const q = new URLSearchParams()\n for (const [k, v] of Object.entries(params)) {\n if (v != null && v !== '')\n q.set(k, String(v))\n }\n const s = q.toString()\n return s ? `?${s}` : ''\n}\n\nexport function createAuthClient<const TAuth = unknown>({ baseUrl, scheme = 'gau' }: AuthClientOptions) {\n let currentSession: GauSession<ProviderIds<TAuth>> = { user: null, session: null, accounts: null, providers: [] }\n const listeners = new Set<SessionListener<TAuth>>()\n\n const notify = () => {\n for (const l of listeners)\n l(currentSession)\n }\n\n async function fetchSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json'))\n return await res.json()\n return { user: null, session: null, accounts: null, providers: [] }\n }\n\n async function refreshSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const next = await fetchSession()\n currentSession = next\n notify()\n return next\n }\n\n async function applySessionToken(token: string): Promise<void> {\n try {\n storeSessionToken(token)\n }\n finally {\n await refreshSession()\n }\n }\n\n function onSessionChange(listener: SessionListener<TAuth>): () => void {\n listeners.add(listener)\n return () => listeners.delete(listener)\n }\n\n async function handleRedirectCallback(replaceUrl?: (url: string) => void): Promise<boolean> {\n if (typeof window === 'undefined')\n return false\n\n if (window.location.hash === '#_=_') {\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n return false\n }\n\n const hash = window.location.hash?.substring(1) ?? ''\n if (!hash)\n return false\n\n const params = new URLSearchParams(hash)\n const token = params.get('token')\n if (!token)\n return false\n\n await applySessionToken(token)\n\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n\n return true\n }\n\n function makeProviderUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params?: { redirectTo?: string, profile?: PR }): string {\n const q = buildQuery({\n redirectTo: params?.redirectTo,\n profile: params?.profile != null ? String(params.profile) : undefined,\n })\n return `${baseUrl}/${provider}${q}`\n }\n\n function makeLinkUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params: { redirectTo?: string, profile?: PR, redirect?: 'false' \| 'true' }): string {\n const q = buildQuery({\n redirectTo: params.redirectTo,\n profile: params.profile != null ? String(params.profile) : undefined,\n redirect: params.redirect,\n })\n return `${baseUrl}/link/${provider}${q}`\n }\n\n async function signIn<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n const url = makeProviderUrl<P, PR>(provider, options)\n\n if (isTauri()) {\n const { signInWithTauri } = await import('../../runtimes/tauri/index')\n await signInWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n }\n\n return url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri/index')\n await linkAccountWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n return makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n }\n\n const linkUrl = makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res: Response = await fetch(linkUrl, fetchOptions)\n if (res.redirected)\n return res.url\n try {\n const data = await res.json()\n if (data?.url)\n return data.url\n }\n catch {}\n return linkUrl\n }\n\n async function unlinkAccount<P extends ProviderIds<TAuth>>(provider: P): Promise<boolean> {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res = await fetch(`${baseUrl}/unlink/${provider}`, { method: 'POST', ...fetchOptions })\n if (res.ok) {\n await refreshSession()\n return true\n }\n return false\n }\n\n async function signOut(): Promise<void> {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await refreshSession()\n }\n\n async function startTauriBridge(): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { startAuthBridge } = await import('../../runtimes/tauri/index')\n const cleanup = await startAuthBridge(baseUrl, scheme, async (token) => {\n await applySessionToken(token)\n })\n return cleanup\n }\n\n return {\n get session() {\n return currentSession\n },\n fetchSession,\n refreshSession,\n applySessionToken,\n handleRedirectCallback,\n onSessionChange,\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n startTauriBridge,\n }\n}\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,eAAe;AAEjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AACvC,aAAS,SAAS,uBAAuB,KAAK;AAAA,EAChD,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,SAAO,aAAa,QAAQ,WAAW;AACzC;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,WAAW;AACnC,aAAS,SAAS;AAAA,EACpB,QACM;AAAA,EAAC;AACT;AAEA,eAAsB,eAAe;AACnC,MAAI,CAAC,WAAW,CAAC,OAAO,UAAU,CAAC,OAAO,OAAO;AAC/C,UAAM,IAAI,MAAM,2EAA2E;AAE7F,WAAS,gBAAgB,OAA2B;AAClD,WAAO,KAAK,OAAO,aAAa,GAAG,KAAK,CAAC,EACtC,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AAAA,EACtB;AAEA,QAAM,iBAAiB;AACvB,QAAM,eAAe,IAAI,WAAW,cAAc;AAClD,SAAO,OAAO,gBAAgB,YAAY;AAC1C,QAAM,eAAe,gBAAgB,YAAY;AAEjD,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,OAAO,QAAQ,OAAO,YAAY;AACxC,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,OAAO,WAAW,IAAI;AAC9D,QAAM,gBAAgB,gBAAgB,IAAI,WAAW,IAAI,CAAC;AAE1D,SAAO,EAAE,cAAc,cAAc;AACvC;AAlDA;AAAA;AAAA;AAAA;AAAA;;;ACAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,SAAS,WAAAA,gBAAe;AAGjB,SAAS,UAAmB;AACjC,SAAOA,YAAW,yBAAyB;AAC7C;AAEA,SAAS,cAAc,SAAgC;AACrD,MAAI;AACF,WAAO,IAAI,IAAI,OAAO,EAAE;AAAA,EAC1B,QACM;AACJ,QAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,UAAI;AACF,eAAO,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM,EAAE;AAAA,MAClD,QACM;AACJ,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,WAAS,oBAAoB,MAAsB;AACjD,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,IAAI;AACtB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,MAAM,OAAO,SAAS,MAAM;AAC9C,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,EAAE,cAAc,cAAc,IAAI,MAAM,aAAa;AAC3D,eAAa,QAAQ,qBAAqB,YAAY;AAEtD,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,SAAO,IAAI,kBAAkB,aAAa;AAC1C,QAAM,eAAe,oBAAoB,OAAO;AAChD,QAAM,UAAU,GAAG,YAAY,IAAI,QAAQ,IAAI,OAAO,SAAS,CAAC;AAChE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEA,eAAsB,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AACxH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,QAAM,aAAa,cAAc,OAAO;AACxC,MAAI,OAAO,aAAa,GAAG,MAAM,QAAQ,CAAC,cAAc,OAAO,WAAW;AACxE;AAEF,QAAM,cAAc,IAAI,gBAAgB,OAAO,MAAM;AACrD,QAAM,OAAO,YAAY,IAAI,MAAM;AACnC,MAAI,MAAM;AACR,UAAM,WAAW,aAAa,QAAQ,mBAAmB;AACzD,QAAI,CAAC,UAAU;AACb,cAAQ,MAAM,wBAAwB;AACtC;AAAA,IACF;AACA,iBAAa,WAAW,mBAAmB;AAE3C,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,GAAG,OAAO,UAAU;AAAA,QAC1C,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,MAAM,cAAc,SAAS,CAAC;AAAA,MACvD,CAAC;AACD,UAAI,IAAI,IAAI;AACV,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,kBAAQ,KAAK,KAAK;AAAA,MACtB,OACK;AACH,gBAAQ,MAAM,mCAAmC;AAAA,MACnD;AAAA,IACF,SACO,GAAG;AACR,cAAQ,MAAM,oCAAoC,CAAC;AAAA,IACrD;AAAA,EACF;AACF;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,SAAO,IAAI,SAAS,KAAK;AACzB,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,QAAM,gBAAgB,MAAM;AAC1B,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,OAAO;AACzB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM;AACjD,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AACH,QAAM,UAAU,GAAG,YAAY,SAAS,QAAQ,IAAI,OAAO,SAAS,CAAC;AACrE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,gBACpB,SACA,QACA,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,WAAW,MAAM,mBAAmB,OAAO,QAAQ;AACvD,wBAAoB,KAAK,SAAS,QAAQ,OAAO;AAAA,EACnD,CAAC;AACD,SAAO;AACT;AAnMA;AAAA;AAAA;AAEA;AAAA;AAAA;;;ACAA,SAAS,oBAAoB;AAC7B,SAAS,WAAAC,gBAAe;AACxB,SAAS,YAAY,SAAS,kBAAkB;;;ACHhD,SAAS,OAAO,iBAAiB;AA4D1B,IAAM,eAAe,KAAK;;;ACvDjC,SAAS,aAAAC,kBAAiB;;;ACL1B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;ACuB7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;ALrBA;;;AMLA;AACA;AASA,SAAS,WAAW,QAA2D;AAC7E,QAAM,IAAI,IAAI,gBAAgB;AAC9B,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC3C,QAAI,KAAK,QAAQ,MAAM;AACrB,QAAE,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,EACtB;AACA,QAAM,IAAI,EAAE,SAAS;AACrB,SAAO,IAAI,IAAI,CAAC,KAAK;AACvB;AAEO,SAAS,iBAAwC,EAAE,SAAS,SAAS,MAAM,GAAsB;AACtG,MAAI,iBAAiD,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAChH,QAAM,YAAY,oBAAI,IAA4B;AAElD,QAAM,SAAS,MAAM;AACnB,eAAW,KAAK;AACd,QAAE,cAAc;AAAA,EACpB;AAEA,iBAAe,eAAwD;AACrE,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAC9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB;AAC1C,aAAO,MAAM,IAAI,KAAK;AACxB,WAAO,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAAA,EACpE;AAEA,iBAAe,iBAA0D;AACvE,UAAM,OAAO,MAAM,aAAa;AAChC,qBAAiB;AACjB,WAAO;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,kBAAkB,OAA8B;AAC7D,QAAI;AACF,wBAAkB,KAAK;AAAA,IACzB,UACA;AACE,YAAM,eAAe;AAAA,IACvB;AAAA,EACF;AAEA,WAAS,gBAAgB,UAA8C;AACrE,cAAU,IAAI,QAAQ;AACtB,WAAO,MAAM,UAAU,OAAO,QAAQ;AAAA,EACxC;AAEA,iBAAe,uBAAuB,YAAsD;AAC1F,QAAI,OAAO,WAAW;AACpB,aAAO;AAET,QAAI,OAAO,SAAS,SAAS,QAAQ;AACnC,YAAMC,YAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,UAAI;AACF,mBAAWA,SAAQ;AAAA;AAEnB,eAAO,QAAQ,aAAa,MAAM,IAAIA,SAAQ;AAChD,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,OAAO,SAAS,MAAM,UAAU,CAAC,KAAK;AACnD,QAAI,CAAC;AACH,aAAO;AAET,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,QAAI,CAAC;AACH,aAAO;AAET,UAAM,kBAAkB,KAAK;AAE7B,UAAM,WAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,QAAI;AACF,iBAAW,QAAQ;AAAA;AAEnB,aAAO,QAAQ,aAAa,MAAM,IAAI,QAAQ;AAEhD,WAAO;AAAA,EACT;AAEA,WAAS,gBAAuG,UAAa,QAAwD;AACnL,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,SAAS,QAAQ,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,IAC9D,CAAC;AACD,WAAO,GAAG,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,EACnC;AAEA,WAAS,YAAmG,UAAa,QAAoF;AAC3M,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,OAAO;AAAA,MACnB,SAAS,OAAO,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,MAC3D,UAAU,OAAO;AAAA,IACnB,CAAC;AACD,WAAO,GAAG,OAAO,SAAS,QAAQ,GAAG,CAAC;AAAA,EACxC;AAEA,iBAAe,OAA8F,UAAa,SAAkE;AAC1L,UAAM,MAAM,gBAAuB,UAAU,OAAO;AAEpD,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,YAAMA,iBAA8B,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AAAA,IACtG;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,YAAmG,UAAa,SAAkE;AAC/L,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,sBAAAC,sBAAqB,IAAI,MAAM;AACvC,YAAMA,sBAAmC,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AACzG,aAAO,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAAA,IACvH;AAEA,UAAM,UAAU,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAC9H,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAgB,MAAM,MAAM,SAAS,YAAY;AACvD,QAAI,IAAI;AACN,aAAO,IAAI;AACb,QAAI;AACF,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,MAAM;AACR,eAAO,KAAK;AAAA,IAChB,QACM;AAAA,IAAC;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,cAA4C,UAA+B;AACxF,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAQ,IAAI,EAAE,QAAQ,QAAQ,GAAG,aAAa,CAAC;AAC5F,QAAI,IAAI,IAAI;AACV,YAAM,eAAe;AACrB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAEA,iBAAe,UAAyB;AACtC,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,eAAe;AAAA,EACvB;AAEA,iBAAe,mBAAiD;AAC9D,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,UAAM,UAAU,MAAMA,iBAAgB,SAAS,QAAQ,OAAO,UAAU;AACtE,YAAM,kBAAkB,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AN1KA,IAAM,mBAAmB,uBAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAGN,QAAM,SAAS,iBAAwB;AAAA,IACrC;AAAA,EACF,CAAC;AAED,QAAM,eAAe,YAAqC;AACxD,QAAI,CAACC;AACH,aAAO,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC1C,WAAO,OAAO,eAAe;AAAA,EAC/B;AAEA,MAAI,UAA0B,OAAO,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AACvE,MAAI,YAAY,OAAO,IAAI;AAE3B,iBAAe,eAAe,KAAa;AACzC,QAAI;AACF,mBAAa,KAAK,CAAC,CAAC;AAAA,IACtB,QACM;AACJ,UAAIA;AACF,eAAO,QAAQ,aAAa,MAAM,IAAI,GAAG;AAAA,IAC7C;AAAA,EACF;AAEA,iBAAe,OAAqC,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AACvJ,UAAM,UAAU,QAAQ;AACxB,QAAI,kBAAkB,cAAc;AAEpC,QAAI,SAAS;AACX,YAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,YAAMA,iBAA0C,UAAU,SAAS,QAAQ,iBAAiB,OAAO;AACnG;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmBD;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,MAAM,MAAM,OAAO,OAA0B,UAAU,EAAE,YAAY,iBAAiB,QAAQ,CAAC;AACrG,QAAIA;AACF,aAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,iBAAe,YAA0C,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AAC5J,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,sBAAAE,sBAAqB,IAAI,MAAM;AACvC,YAAMA,sBAA+C,UAAU,SAAS,QAAQ,YAAY,OAAO;AACnG;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBF;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,MAAM,MAAM,OAAO,YAA+B,UAAU,EAAE,YAAY,iBAAiB,QAAQ,CAAC;AAC1G,QAAIA;AACF,aAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,KAAK,MAAM,OAAO,cAAc,QAAQ;AAC9C,QAAI;AACF,gBAAU,MAAM,aAAa;AAAA;AAE7B,cAAQ,MAAM,0BAA0B;AAAA,EAC5C;AAEA,iBAAe,UAAU;AACvB,UAAM,OAAO,QAAQ;AACrB,cAAU,MAAM,aAAa;AAAA,EAC/B;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA;AACH;AAEF,UAAM,YAAY;AAChB,YAAM,UAAU,MAAM,OAAO,uBAAuB,OAAM,QAAO,eAAe,GAAG,CAAC;AACpF,UAAI,CAAC;AACH,kBAAU,MAAM,aAAa;AAE/B,kBAAY;AAAA,IACd,GAAG;AAEH,QAAI;AACJ,QAAI,WAAW;AAEf,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,YAAY;AAChB,YAAM,EAAE,iBAAAG,iBAAgB,IAAI,MAAM;AAClC,YAAM,WAAW,MAAMA,iBAAgB,SAAS,QAAQ,OAAO,UAAU;AACvE,cAAM,OAAO,kBAAkB,KAAK;AACpC,kBAAU,MAAM,aAAa;AAAA,MAC/B,CAAC;AACD,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,GAAG;AAEH,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA,IAAI,YAAY;AACd,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS,YAAY;AAAE,gBAAU,MAAM,aAAa;AAAA,IAAE;AAAA,EACxD;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","serialize","cleanUrl","signInWithTauri","linkAccountWithTauri","startAuthBridge","BROWSER","signInWithTauri","linkAccountWithTauri","startAuthBridge"]}
1	+ {"version":3,"sources":["../../../../src/client/token.ts","../../../../src/runtimes/tauri/index.ts","../../../../src/client/svelte/index.svelte.ts","../../../../src/core/cookies.ts","../../../../src/core/createAuth.ts","../../../../src/jwt/jwt.ts","../../../../src/oauth/utils.ts","../../../../src/core/index.ts","../../../../src/client/vanilla/index.ts"],"sourcesContent":["import { BROWSER } from 'esm-env'\n\nexport const SESSION_TOKEN_KEY = '__gau-session-token'\n\nexport const REFRESHED_TOKEN_HEADER = 'X-Refreshed-Token'\n\nexport function storeSessionToken(token: string) {\n if (!BROWSER)\n return\n try {\n localStorage.setItem(SESSION_TOKEN_KEY, token)\n }\n catch {}\n}\n\nexport function getSessionToken(): string \| null {\n if (!BROWSER)\n return null\n try {\n return localStorage.getItem(SESSION_TOKEN_KEY)\n }\n catch {\n return null\n }\n}\n\nexport function clearSessionToken() {\n if (!BROWSER)\n return\n try {\n localStorage.removeItem(SESSION_TOKEN_KEY)\n }\n catch {}\n}\n\nexport function handleRefreshedToken(response: Response): void {\n if (!BROWSER)\n return\n const refreshed = response.headers.get(REFRESHED_TOKEN_HEADER)\n if (refreshed)\n storeSessionToken(refreshed)\n}\n\nexport async function generatePKCE() {\n if (!BROWSER \|\| !window.crypto \|\| !window.crypto.subtle)\n throw new Error('PKCE relies on window.crypto, which is not available in this environment.')\n\n function base64UrlEncode(array: Uint8Array): string {\n return btoa(String.fromCharCode(...array))\n .replace(/\\+/g, '-')\n .replace(/\\//g, '_')\n .replace(/=+$/, '')\n }\n\n const verifierLength = 43\n const randomValues = new Uint8Array(verifierLength)\n window.crypto.getRandomValues(randomValues)\n const codeVerifier = base64UrlEncode(randomValues)\n\n const encoder = new TextEncoder()\n const data = encoder.encode(codeVerifier)\n const hash = await window.crypto.subtle.digest('SHA-256', data)\n const codeChallenge = base64UrlEncode(new Uint8Array(hash))\n\n return { codeVerifier, codeChallenge }\n}\n","import type { ProfileName, ProviderIds } from '../../core'\nimport { BROWSER } from 'esm-env'\nimport { generatePKCE, getSessionToken } from '../../client/token'\n\nexport function isTauri(): boolean {\n return BROWSER && '__TAURI_INTERNALS__' in globalThis\n}\n\nfunction resolveOrigin(baseUrl: string): string \| null {\n try {\n return new URL(baseUrl).origin\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n return new URL(baseUrl, window.location.origin).origin\n }\n catch {\n return null\n }\n }\n return null\n }\n}\n\nexport async function signInWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n function resolveAbsoluteBase(base: string): string {\n try {\n const u = new URL(base)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(base, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return base\n }\n }\n return base\n }\n }\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const { codeVerifier, codeChallenge } = await generatePKCE()\n localStorage.setItem('gau-pkce-verifier', codeVerifier)\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n if (profile)\n params.set('profile', String(profile))\n params.set('code_challenge', codeChallenge)\n const resolvedBase = resolveAbsoluteBase(baseUrl)\n const authUrl = `${resolvedBase}/${provider}?${params.toString()}`\n await openUrl(authUrl)\n}\n\nexport async function setupTauriListener(\n handler: (url: string) => Promise<void>,\n): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { listen } = await import('@tauri-apps/api/event')\n try {\n const unlisten = await listen<string>('deep-link', async (event) => {\n await handler(event.payload)\n })\n return unlisten\n }\n catch (err) {\n console.error(err)\n }\n}\n\nexport async function handleTauriDeepLink(url: string, baseUrl: string, scheme: string, onToken: (token: string) => void) {\n const parsed = new URL(url)\n const baseOrigin = resolveOrigin(baseUrl)\n if (parsed.protocol !== `${scheme}:` && (!baseOrigin \|\| parsed.origin !== baseOrigin))\n return\n\n const queryParams = new URLSearchParams(parsed.search)\n const code = queryParams.get('code')\n if (code) {\n const verifier = localStorage.getItem('gau-pkce-verifier')\n if (!verifier) {\n console.error('No PKCE verifier found')\n return\n }\n localStorage.removeItem('gau-pkce-verifier')\n\n try {\n const res = await fetch(`${baseUrl}/token`, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ code, codeVerifier: verifier }),\n })\n if (res.ok) {\n const data = await res.json()\n if (data.token)\n onToken(data.token)\n }\n else {\n console.error('Failed to exchange code for token')\n }\n }\n catch (e) {\n console.error('Error exchanging code for token:', e)\n }\n }\n}\n\nexport async function linkAccountWithTauri<const TAuth = unknown, P extends ProviderIds<TAuth> = ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined = undefined>(\n provider: P,\n baseUrl: string,\n scheme: string = 'gau',\n redirectOverride?: string,\n profile?: PR,\n) {\n if (!isTauri())\n return\n\n const { openUrl } = await import('@tauri-apps/plugin-opener')\n\n let redirectTo: string\n\n if (redirectOverride)\n redirectTo = redirectOverride\n else\n redirectTo = `${scheme}://oauth/callback`\n\n const token = getSessionToken()\n if (!token) {\n console.error('No session token found, cannot link account.')\n return\n }\n\n const params = new URLSearchParams()\n params.set('redirectTo', redirectTo)\n params.set('token', token)\n if (profile)\n params.set('profile', String(profile))\n const resolvedBase = (() => {\n try {\n const u = new URL(baseUrl)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n if (BROWSER && typeof window !== 'undefined') {\n try {\n const u = new URL(baseUrl, window.location.origin)\n return u.toString().replace(/\\/$/, '')\n }\n catch {\n return baseUrl\n }\n }\n return baseUrl\n }\n })()\n const linkUrl = `${resolvedBase}/link/${provider}?${params.toString()}`\n await openUrl(linkUrl)\n}\n\nexport async function startAuthBridge(\n baseUrl: string,\n scheme: string,\n onToken: (token: string) => Promise<void> \| void,\n): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const unlisten = await setupTauriListener(async (url) => {\n handleTauriDeepLink(url, baseUrl, scheme, onToken)\n })\n return unlisten\n}\n","import type { GauSession, ProfileName, ProviderIds } from '../../core'\n// @ts-expect-error svelte-kit\nimport { replaceState } from '$app/navigation'\nimport { BROWSER } from 'esm-env'\nimport { getContext, onMount, setContext } from 'svelte'\nimport { NULL_SESSION } from '../../core'\nimport { isTauri } from '../../runtimes/tauri'\nimport { createAuthClient } from '../vanilla'\n\ninterface AuthContextValue<TAuth = unknown> {\n session: GauSession<ProviderIds<TAuth>>\n isLoading: boolean\n signIn: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n linkAccount: <P extends ProviderIds<TAuth>>(provider: P, options?: { redirectTo?: string, profile?: ProfileName<TAuth, P> }) => Promise<void>\n unlinkAccount: (provider: ProviderIds<TAuth>) => Promise<void>\n signOut: () => Promise<void>\n refresh: () => Promise<void>\n fetch: (input: RequestInfo \| URL, init?: RequestInit) => Promise<Response>\n}\n\nconst AUTH_CONTEXT_KEY = Symbol('gau-auth')\n\nexport function createSvelteAuth<const TAuth = unknown>({\n baseUrl = '/api/auth',\n scheme = 'gau',\n redirectTo: defaultRedirectTo,\n}: {\n baseUrl?: string\n scheme?: string\n redirectTo?: string\n} = {}) {\n type CurrentSession = GauSession<ProviderIds<TAuth>>\n\n const client = createAuthClient<TAuth>({\n baseUrl,\n })\n\n const fetchSession = async (): Promise<CurrentSession> => {\n if (!BROWSER)\n return { ...NULL_SESSION, providers: [] }\n return client.refreshSession()\n }\n\n let session: CurrentSession = $state({ ...NULL_SESSION, providers: [] })\n let isLoading = $state(true)\n\n async function replaceUrlSafe(url: string) {\n try {\n replaceState(url, {})\n }\n catch {\n if (BROWSER)\n window.history.replaceState(null, '', url)\n }\n }\n\n async function signIn<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n const inTauri = isTauri()\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n\n if (inTauri) {\n const { signInWithTauri } = await import('../../runtimes/tauri')\n await signInWithTauri<TAuth, P, typeof profile>(provider, baseUrl, scheme, finalRedirectTo, profile)\n return\n }\n\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.origin\n\n const url = await client.signIn<P, typeof profile>(provider, { redirectTo: finalRedirectTo, profile })\n if (BROWSER)\n window.location.href = url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>>(provider: P, { redirectTo, profile }: { redirectTo?: string, profile?: ProfileName<TAuth, P> } = {}) {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri')\n await linkAccountWithTauri<TAuth, P, typeof profile>(provider, baseUrl, scheme, redirectTo, profile)\n return\n }\n\n let finalRedirectTo = redirectTo ?? defaultRedirectTo\n if (!finalRedirectTo && BROWSER)\n finalRedirectTo = window.location.href\n\n const url = await client.linkAccount<P, typeof profile>(provider, { redirectTo: finalRedirectTo, profile })\n if (BROWSER)\n window.location.href = url\n }\n\n async function unlinkAccount(provider: ProviderIds<TAuth>) {\n const ok = await client.unlinkAccount(provider)\n if (ok)\n session = await fetchSession()\n else\n console.error('Failed to unlink account')\n }\n\n async function signOut() {\n await client.signOut()\n session = await fetchSession()\n }\n\n onMount(() => {\n if (!BROWSER)\n return\n\n void (async () => {\n const handled = await client.handleRedirectCallback(async url => replaceUrlSafe(url))\n if (!handled)\n session = await fetchSession()\n\n isLoading = false\n })()\n\n let cleanup: (() => void) \| void\n let disposed = false\n\n if (!isTauri())\n return\n\n void (async () => {\n const { startAuthBridge } = await import('../../runtimes/tauri')\n const unlisten = await startAuthBridge(baseUrl, scheme, async (token) => {\n await client.applySessionToken(token)\n session = await fetchSession()\n })\n if (disposed)\n unlisten?.()\n else\n cleanup = unlisten\n })()\n\n return () => {\n disposed = true\n cleanup?.()\n }\n })\n\n const contextValue: AuthContextValue<TAuth> = {\n get session() {\n return session\n },\n get isLoading() {\n return isLoading\n },\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n refresh: async () => { session = await fetchSession() },\n fetch: client.fetch,\n }\n\n setContext(AUTH_CONTEXT_KEY, contextValue)\n}\n\nexport function useAuth<const TAuth = unknown>(): AuthContextValue<TAuth> {\n const context = getContext<AuthContextValue<TAuth>>(AUTH_CONTEXT_KEY)\n if (!context)\n throw new Error('useAuth must be used within an AuthProvider')\n\n return context\n}\n","import type { SerializeOptions } from 'cookie'\nimport { parse, serialize } from 'cookie'\n\nexport const DEFAULT_COOKIE_SERIALIZE_OPTIONS: SerializeOptions = {\n path: '/',\n sameSite: 'lax',\n secure: true,\n httpOnly: true,\n}\n\nexport type Cookie = [string, string, SerializeOptions]\n\nexport function parseCookies(cookieHeader: string \| null \| undefined): Map<string, string> {\n const cookies = new Map<string, string>()\n if (cookieHeader) {\n const parsed = parse(cookieHeader)\n for (const name in parsed)\n cookies.set(name, parsed[name]!)\n }\n return cookies\n}\n\nexport class Cookies {\n #new: Cookie[] = []\n\n constructor(\n private readonly requestCookies: Map<string, string>,\n private readonly defaultOptions: SerializeOptions,\n ) {}\n\n get(name: string): string \| undefined {\n return this.requestCookies.get(name)\n }\n\n set(name: string, value: string, options?: SerializeOptions): void {\n const combinedOptions = { ...this.defaultOptions, ...options }\n this.#new.push([name, value, combinedOptions])\n }\n\n delete(name: string, options?: Omit<SerializeOptions, 'expires' \| 'maxAge'>): void {\n this.set(name, '', { ...options, expires: new Date(0), maxAge: 0 })\n }\n\n toHeaders(): Headers {\n const headers = new Headers()\n for (const [name, value, options] of this.#new)\n headers.append('Set-Cookie', serialize(name, value, options))\n\n return headers\n }\n}\n\nexport const CSRF_COOKIE_NAME = '__gau-csrf-token'\nexport const SESSION_COOKIE_NAME = '__gau-session-token'\nexport const SESSION_STRATEGY_COOKIE_NAME = '__gau-session-strategy'\nexport const LINKING_TOKEN_COOKIE_NAME = '__gau-linking-token'\nexport const PKCE_COOKIE_NAME = '__gau-pkce-code-verifier'\nexport const CALLBACK_URI_COOKIE_NAME = '__gau-callback-uri'\nexport const PROVIDER_OPTIONS_COOKIE_NAME = '__gau-provider-options'\nexport const CLIENT_CHALLENGE_COOKIE_NAME = '__gau-client-challenge'\n\nexport const CSRF_MAX_AGE = 60 * 10 // 10 minutes\n","import type { OAuth2Tokens } from 'arctic'\nimport type { SerializeOptions } from 'cookie'\nimport type { SignOptions, VerifyOptions } from '../jwt'\nimport type { AuthUser, OAuthProvider, OAuthProviderConfig, ProviderProfileOverrides } from '../oauth'\nimport type { Cookies } from './cookies'\nimport type { Adapter, GauSession } from './index'\nimport { serialize } from 'cookie'\nimport { sign, verify } from '../jwt'\nimport { DEFAULT_COOKIE_SERIALIZE_OPTIONS, SESSION_COOKIE_NAME } from './cookies'\nimport { AuthError } from './index'\nimport { getSessionTokenFromRequest } from './utils'\n\ntype ProviderId<P> = P extends OAuthProvider<infer T> ? T : never\nexport type ProviderIds<T> = T extends { providerMap: Map<infer K extends string, any> } ? K : string\n\nexport type ProfileName<T, P extends string> = T extends { profiles: infer R }\n ? P extends keyof R\n ? keyof R[P]\n : never\n : never\n\nexport interface CreateAuthOptions<TProviders extends OAuthProvider[]> {\n /** The database adapter to use for storing users and accounts. /\n adapter: Adapter\n /* Array of OAuth providers to support. /\n providers: TProviders\n /* Base path for authentication routes (defaults to '/api/auth'). /\n basePath?: string\n /* Session management options /\n session?: {\n /* Strategy to use for sessions: 'auto' (default), 'cookie', or 'token'. /\n strategy?: 'auto' \| 'cookie' \| 'token'\n }\n /* Configuration for JWT signing and verification. /\n jwt?: {\n /* Signing algorithm: 'ES256' (default) or 'HS256'. /\n algorithm?: 'ES256' \| 'HS256'\n /* Secret for HS256 or base64url-encoded private key for ES256 (overrides AUTH_SECRET). /\n secret?: string\n /* Issuer claim (iss) for JWTs. /\n iss?: string\n /* Audience claim (aud) for JWTs. /\n aud?: string\n /* Default time-to-live in seconds for JWTs (defaults to 1 day). /\n ttl?: number\n }\n /* Custom options for session cookies. /\n cookies?: Partial<SerializeOptions>\n /\n Hook that fires right after provider.validateCallback() returns tokens,\n * but before any user lookup/link/create logic. Return { handled: true, response }\n * to short-circuit the default flow and send a custom response.\n /\n onOAuthExchange?: (context: {\n request: Request\n providerId: string\n state: string\n code: string\n codeVerifier: string\n callbackUri?: string \| null\n redirectTo: string\n cookies: Cookies\n providerUser: AuthUser\n tokens: OAuth2Tokens\n isLinking: boolean\n sessionUserId?: string\n }) => Promise<{ handled: true, response: Response } \| { handled: false }>\n /* Map/override the provider's profile right after token exchange. /\n mapExternalProfile?: (context: {\n request: Request\n providerId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n isLinking: boolean\n }) => Promise<AuthUser \| Partial<AuthUser> \| null \| undefined>\n /* Gate the link action just before persisting an account. /\n onBeforeLinkAccount?: (context: {\n request: Request\n providerId: string\n userId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n }) => Promise<{ allow: true } \| { allow: false, response?: Response }>\n /* Observe or augment after link/update tokens. /\n onAfterLinkAccount?: (context: {\n request: Request\n providerId: string\n userId: string\n providerUser: AuthUser\n tokens: OAuth2Tokens\n action: 'link' \| 'update'\n }) => Promise<void>\n /* Trusted hosts for CSRF protection: 'all' or array of hostnames (defaults to []). /\n trustHosts?: 'all' \| string[]\n /* Account linking behavior: 'verifiedEmail' (default), 'always', or false. /\n autoLink?: 'verifiedEmail' \| 'always' \| false\n /* Allow linking providers whose primary emails differ from the user's current primary email. Defaults to true. /\n allowDifferentEmails?: boolean\n /* When linking a new provider, update missing user info (name/image/emailVerified) from provider profile. Defaults to false. /\n updateUserInfoOnLink?: boolean\n /* Optional configuration for role-based access control. /\n roles?: {\n /* Default role for newly created users. /\n defaultRole?: string\n /* Dynamically resolve the role at the moment of user creation. Return undefined to fall back to defaultRole. /\n resolveOnCreate?: (context: { providerId: string, profile: any, request: Request }) => string \| undefined\n /* Roles that are considered admin-like for helper predicates and `session.user.isAdmin`. /\n adminRoles?: string[]\n /* Users that are always treated as admin for helper predicates and `session.user.isAdmin`. /\n adminUserIds?: string[]\n }\n /\n CORS configuration. When true (default): request Origin & allow credentials\n * When false, CORS headers are not added at all.\n * Provide an object to fine-tune behaviour.\n /\n cors?: true \| false \| {\n /\n Allowed origins.\n * - 'all' (default) allows any origin (reflected when credentials enabled),\n * - 'trust' reuses the createAuth trustHosts list\n * - specify an explicit array of full origins (e.g. https://app.example.com)\n * or hostnames (e.g. app.example.com).\n * When array contains '', it's treated as 'all'.\n /\n allowedOrigins?: 'all' \| 'trust' \| string[]\n /** Whether to send Access-Control-Allow-Credentials (defaults to true). /\n allowCredentials?: boolean\n /* Allowed headers (defaults to ['Content-Type','Authorization','Cookie']). /\n allowedHeaders?: string[]\n /* Allowed methods (defaults to ['GET','POST','OPTIONS']). /\n allowedMethods?: string[]\n /* Exposed headers (optional). /\n exposeHeaders?: string[]\n /* Preflight max age in seconds (optional). /\n maxAge?: number\n }\n /\n Named, server-defined profiles that group provider specific settings.\n * Clients can reference a profile by name (e.g. signIn('github', { profile: 'myprofile' })).\n /\n profiles?: ProfilesConfig<TProviders>\n}\n\n/\n Options for issuing a session.\n /\nexport interface IssueSessionOptions {\n /* Custom claims to include in the session JWT. /\n data?: Record<string, unknown>\n /* Time-to-live in seconds (defaults to auth's configured jwt.ttl). /\n ttl?: number\n}\n\n/\n Result of issuing a session.\n /\nexport interface IssueSessionResult {\n /* The raw JWT session token (for Bearer auth or storage). /\n token: string\n /* The serialized Set-Cookie header value (for web apps). /\n cookie: string\n /* The cookie name used by gau. /\n cookieName: string\n /* The maxAge in seconds. /\n maxAge: number\n}\n\n/\n Options for refreshing a session.\n /\nexport interface RefreshSessionOptions {\n /* Override the default TTL for the new token. /\n ttl?: number\n /\n Only refresh if past this fraction of TTL (0-1).\n * Example: 0.5 means only refresh if session is past 50% of its lifetime.\n /\n threshold?: number\n}\n\n/\n Result of refreshing a session. Extends IssueSessionResult with source information.\n /\nexport interface RefreshSessionResult extends IssueSessionResult {\n /\n How the original token was provided.\n * - 'cookie': Token was extracted from the Cookie header\n * - 'bearer': Token was extracted from Authorization: Bearer header\n * - 'token': A raw token string was passed directly\n /\n source: 'cookie' \| 'bearer' \| 'token'\n}\n\nexport type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {\n providerMap: Map<ProviderId<TProviders[number]>, TProviders[number]>\n basePath: string\n cookieOptions: SerializeOptions\n jwt: { ttl: number }\n onOAuthExchange?: CreateAuthOptions<TProviders>['onOAuthExchange']\n mapExternalProfile?: CreateAuthOptions<TProviders>['mapExternalProfile']\n onBeforeLinkAccount?: CreateAuthOptions<TProviders>['onBeforeLinkAccount']\n onAfterLinkAccount?: CreateAuthOptions<TProviders>['onAfterLinkAccount']\n signJWT: <U extends Record<string, unknown>>(payload: U, customOptions?: Partial<SignOptions>) => Promise<string>\n verifyJWT: <U = Record<string, unknown>>(token: string, customOptions?: Partial<VerifyOptions>) => Promise<U \| null>\n createSession: (userId: string, data?: Record<string, unknown>, ttl?: number) => Promise<string>\n validateSession: (token: string) => Promise<GauSession \| null>\n /\n Issue a session for a user, returning both the token and a Set-Cookie header.\n * Useful for guest login, invite redemption, admin impersonation, etc.\n /\n issueSession: (userId: string, options?: IssueSessionOptions) => Promise<IssueSessionResult>\n /\n Refresh an existing session, issuing a new token with extended TTL.\n * Preserves custom claims from the original token.\n \n @param tokenOrRequest - The existing session token, or a Request to extract the token from\n * @param options.ttl - Override the default TTL for the new token\n * @param options.threshold - Only refresh if past this fraction of TTL (0-1).\n * When set, returns null if below threshold.\n * Example: 0.5 means only refresh if session is past 50% of its lifetime.\n * @returns The refreshed session with source info, or null if invalid/expired/below threshold\n /\n refreshSession: (tokenOrRequest: string \| Request, options?: RefreshSessionOptions) => Promise<RefreshSessionResult \| null>\n /\n Get a valid access token for a linked provider. If the stored token is expired and a refresh token exists,\n * this will refresh it using the provider's refreshAccessToken and persist rotated tokens.\n /\n getAccessToken: (userId: string, providerId: string) => Promise<{ accessToken: string, expiresAt?: number \| null } \| null>\n trustHosts: 'all' \| string[]\n autoLink: 'verifiedEmail' \| 'always' \| false\n allowDifferentEmails: boolean\n updateUserInfoOnLink: boolean\n sessionStrategy: 'auto' \| 'cookie' \| 'token'\n development: boolean\n roles: {\n defaultRole: string\n resolveOnCreate?: (context: { providerId: string, profile: any, request: Request }) => string \| undefined\n adminRoles: string[]\n adminUserIds: string[]\n }\n cors: false \| {\n allowedOrigins: 'all' \| 'trust' \| string[]\n allowCredentials: boolean\n allowedHeaders: string[]\n allowedMethods: string[]\n exposeHeaders?: string[]\n maxAge?: number\n }\n profiles: ResolvedProfiles<TProviders>\n}\n\nexport interface ProfileDefinition {\n scopes?: string[]\n redirectUri?: string\n /* When true, this profile can only be linked to an existing session; standalone sign-in is disabled. /\n linkOnly?: boolean\n /* Additional provider-specific authorization params. /\n params?: Record<string, string>\n}\n\ntype ProviderIdOfArray<TProviders extends OAuthProvider[]> = ProviderId<TProviders[number]>\ntype ProviderConfigFor<TProviders extends OAuthProvider[], K extends string>\n = Extract<TProviders[number], OAuthProvider<K, any>> extends OAuthProvider<any, infer C> ? C : OAuthProviderConfig\n\nexport type ProfilesConfig<TProviders extends OAuthProvider[]> = Partial<{\n [K in ProviderIdOfArray<TProviders>]: Record<string, ProfileDefinition & ProviderProfileOverrides<ProviderConfigFor<TProviders, K>>>\n}>\nexport type ResolvedProfiles<TProviders extends OAuthProvider[]> = ProfilesConfig<TProviders>\n\nexport function createAuth<const TProviders extends OAuthProvider[]>({\n adapter,\n providers,\n basePath = '/api/auth',\n jwt: jwtConfig = {},\n session: sessionConfig = {},\n cookies: cookieConfig = {},\n onOAuthExchange,\n mapExternalProfile,\n onBeforeLinkAccount,\n onAfterLinkAccount,\n trustHosts = [],\n autoLink = 'verifiedEmail',\n allowDifferentEmails = true,\n updateUserInfoOnLink = false,\n roles: rolesConfig = {},\n cors = true,\n profiles: profilesConfig,\n}: CreateAuthOptions<TProviders>): Auth<TProviders> {\n const { algorithm = 'ES256', secret, iss, aud, ttl: defaultTTL = 3600 24 * 7 } = jwtConfig\n const cookieOptions = { ...DEFAULT_COOKIE_SERIALIZE_OPTIONS, ...cookieConfig }\n\n const sessionStrategy: 'auto' \| 'cookie' \| 'token' = sessionConfig.strategy ?? 'auto'\n\n if (algorithm === 'ES256' && secret !== undefined && typeof secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n\n const providerMap = new Map(providers.map(p => [p.id, p]))\n\n const resolvedCors: Auth['cors'] = cors === false\n ? false\n : {\n allowedOrigins: (cors === true ? 'all' : cors.allowedOrigins) ?? 'all',\n allowCredentials: (cors === true ? true : cors.allowCredentials) ?? true,\n allowedHeaders: (cors === true ? undefined : cors.allowedHeaders) ?? ['Content-Type', 'Authorization', 'Cookie'],\n allowedMethods: (cors === true ? undefined : cors.allowedMethods) ?? ['GET', 'POST', 'OPTIONS'],\n exposeHeaders: cors === true ? undefined : cors.exposeHeaders,\n maxAge: cors === true ? undefined : cors.maxAge,\n }\n\n const resolvedProfiles = (profilesConfig ?? {}) as ResolvedProfiles<TProviders>\n const resolvedRoles = {\n defaultRole: rolesConfig.defaultRole ?? 'user',\n resolveOnCreate: rolesConfig.resolveOnCreate,\n adminRoles: rolesConfig.adminRoles ?? ['admin'],\n adminUserIds: rolesConfig.adminUserIds ?? [],\n }\n\n function buildSignOptions(custom: Partial<SignOptions> = {}): SignOptions {\n const base = { ttl: custom.ttl, iss: custom.iss ?? iss, aud: custom.aud ?? aud, sub: custom.sub }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n if (custom.secret !== undefined && typeof custom.secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n const esSecret = custom.secret ?? secret\n return { algorithm, privateKey: custom.privateKey, secret: esSecret, ...base }\n }\n }\n\n function buildVerifyOptions(custom: Partial<VerifyOptions> = {}): VerifyOptions {\n const base = { iss: custom.iss ?? iss, aud: custom.aud ?? aud }\n if (algorithm === 'HS256') {\n return { algorithm, secret: custom.secret ?? secret, ...base }\n }\n else {\n if (custom.secret !== undefined && typeof custom.secret !== 'string')\n throw new AuthError('For ES256, the secret option must be a string.')\n const esSecret = custom.secret ?? secret\n return { algorithm, publicKey: custom.publicKey, secret: esSecret, ...base }\n }\n }\n\n async function signJWT<U extends Record<string, unknown>>(payload: U, customOptions: Partial<SignOptions> = {}): Promise<string> {\n return sign(payload, buildSignOptions(customOptions))\n }\n\n async function verifyJWT<U = Record<string, unknown>>(token: string, customOptions: Partial<VerifyOptions> = {}): Promise<U \| null> {\n const options = buildVerifyOptions(customOptions)\n try {\n return await verify<U>(token, options)\n }\n catch {\n return null\n }\n }\n\n async function createSession(userId: string, data: Record<string, unknown> = {}, ttl = defaultTTL): Promise<string> {\n const payload = { sub: userId, ...data }\n return signJWT(payload, { ttl })\n }\n\n async function issueSession(userId: string, options: IssueSessionOptions = {}): Promise<IssueSessionResult> {\n const { data = {}, ttl = defaultTTL } = options\n const token = await createSession(userId, data, ttl)\n\n const cookieOpts: SerializeOptions = {\n ...cookieOptions,\n maxAge: ttl,\n }\n\n const cookie = serialize(SESSION_COOKIE_NAME, token, cookieOpts)\n\n return {\n token,\n cookie,\n cookieName: SESSION_COOKIE_NAME,\n maxAge: ttl,\n }\n }\n\n async function refreshSession(tokenOrRequest: string \| Request, options: RefreshSessionOptions = {}): Promise<RefreshSessionResult \| null> {\n let token: string \| undefined\n let source: RefreshSessionResult['source']\n\n if (typeof tokenOrRequest === 'string') {\n token = tokenOrRequest\n source = 'token'\n }\n else {\n const extracted = getSessionTokenFromRequest(tokenOrRequest)\n if (!extracted.token \|\| !extracted.source)\n return null\n token = extracted.token\n source = extracted.source\n }\n\n const payload = await verifyJWT<{ sub: string, iat?: number } & Record<string, unknown>>(token)\n if (!payload \|\| !payload.sub)\n return null\n\n if (options.threshold != null && options.threshold > 0 && options.threshold < 1) {\n const { iat } = payload\n if (iat) {\n const now = Math.floor(Date.now() / 1000)\n const sessionAge = now - iat\n const ttl = options.ttl ?? defaultTTL\n const thresholdSeconds = ttl * options.threshold\n\n if (sessionAge < thresholdSeconds)\n return null\n }\n }\n\n const user = await adapter.getUser(payload.sub)\n if (!user)\n return null\n const { sub, iat, exp, iss, aud, nbf, jti, ...customClaims } = payload\n\n const result = await issueSession(payload.sub, {\n data: customClaims,\n ttl: options.ttl,\n })\n\n return { ...result, source }\n }\n\n async function validateSession(token: string): Promise<GauSession \| null> {\n const payload = await verifyJWT<{ sub: string } & Record<string, unknown>>(token)\n if (!payload)\n return null\n\n const userAndAccounts = await adapter.getUserAndAccounts(payload.sub)\n if (!userAndAccounts)\n return null\n\n const { user, accounts } = userAndAccounts\n const isAdmin = Boolean(\n user\n && (\n (user.role && resolvedRoles.adminRoles.includes(user.role))\n \|\| (resolvedRoles.adminUserIds.length > 0 && resolvedRoles.adminUserIds.includes(user.id))\n ),\n )\n const sessionUser = user ? { ...user, isAdmin } : null\n\n return { user: sessionUser, session: { id: token, ...payload }, accounts }\n }\n\n async function getAccessToken(userId: string, providerId: string) {\n const provider = providerMap.get(providerId)\n if (!provider)\n return null\n\n const accounts = await adapter.getAccounts(userId)\n const account = accounts.find(a => a.provider === providerId)\n if (!account \|\| !account.accessToken)\n return null\n\n const now = Math.floor(Date.now() / 1000)\n const isExpired = typeof account.expiresAt === 'number' ? account.expiresAt <= now : false\n\n if (!isExpired)\n return { accessToken: account.accessToken, expiresAt: account.expiresAt ?? null }\n\n if (!account.refreshToken \|\| !provider.refreshAccessToken)\n return null\n\n try {\n const refreshed = await provider.refreshAccessToken(account.refreshToken, {})\n const updated = {\n userId,\n provider: account.provider,\n providerAccountId: account.providerAccountId,\n accessToken: refreshed.accessToken ?? account.accessToken,\n refreshToken: refreshed.refreshToken ?? account.refreshToken,\n expiresAt: refreshed.expiresAt ?? null,\n idToken: refreshed.idToken ?? account.idToken ?? null,\n tokenType: refreshed.tokenType ?? account.tokenType ?? null,\n scope: refreshed.scope ?? account.scope ?? null,\n }\n await adapter.updateAccount?.(updated)\n return { accessToken: updated.accessToken!, expiresAt: updated.expiresAt }\n }\n catch {\n return null\n }\n }\n\n return {\n ...adapter,\n providerMap: providerMap as Map<ProviderId<TProviders[number]>, TProviders[number]>,\n basePath,\n cookieOptions,\n jwt: {\n ttl: defaultTTL,\n },\n onOAuthExchange,\n mapExternalProfile,\n onBeforeLinkAccount,\n onAfterLinkAccount,\n signJWT,\n verifyJWT,\n createSession,\n validateSession,\n issueSession,\n refreshSession,\n getAccessToken,\n trustHosts,\n autoLink,\n allowDifferentEmails,\n profiles: resolvedProfiles,\n updateUserInfoOnLink,\n sessionStrategy,\n development: false,\n roles: resolvedRoles,\n cors: resolvedCors,\n }\n}\n","/// <reference types=\"node\" />\nimport {\n createJWTSignatureMessage,\n encodeJWT,\n JWSRegisteredHeaders,\n JWTRegisteredClaims,\n parseJWT,\n} from '@oslojs/jwt'\nimport { AuthError } from '../core/index'\nimport { constantTimeEqual, deriveKeysFromSecret, rawToDer } from './utils'\n\nexport type SupportedAlgorithm = 'ES256' \| 'HS256'\n\ninterface CommonSignOptions {\n /** Time-to-live in seconds (exp claim). If omitted the token will not expire. /\n ttl?: number\n}\n\nexport type SignOptions\n = \| ({ algorithm?: 'ES256', privateKey?: CryptoKey, secret?: string }\n & CommonSignOptions & { iss?: string, aud?: string \| string[], sub?: string })\n \| ({ algorithm: 'HS256', secret?: string \| Uint8Array, privateKey?: never }\n & CommonSignOptions & { iss?: string, aud?: string \| string[], sub?: string })\n\n/\n Create a signed JWT.\n * Defaults to ES256 when a privateKey is supplied. Falls back to HS256 when a secret is supplied.\n /\nexport async function sign<T extends Record<string, unknown>>(payload: T, options: SignOptions = {}): Promise<string> {\n let { algorithm = 'ES256', ttl, iss, aud, sub, privateKey, secret } = options\n\n if (algorithm === 'ES256') {\n if (!privateKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 signing. It must be a base64url-encoded string.');\n\n ({ privateKey } = await deriveKeysFromSecret(secret))\n }\n }\n else if (algorithm === 'HS256' && !secret) {\n throw new AuthError('Missing secret for HS256 signing')\n }\n\n const now = Math.floor(Date.now() / 1000)\n\n const jwtPayload: Record<string, unknown> = { iat: now, iss, aud, sub, ...payload }\n\n if (ttl != null && ttl > 0)\n jwtPayload.exp = now + ttl\n\n const isHS256 = algorithm === 'HS256'\n const alg: SupportedAlgorithm = isHS256 ? 'HS256' : 'ES256'\n\n const headerJSON = JSON.stringify({ alg, typ: 'JWT' })\n const payloadJSON = JSON.stringify(jwtPayload)\n\n const signatureMessage = createJWTSignatureMessage(headerJSON, payloadJSON)\n\n let signature: Uint8Array\n\n if (isHS256) {\n // HS256 (HMAC-SHA256)\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n signature = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n }\n else {\n // ES256 (ECDSA-SHA256)\n // Runtimes like Bun's return the raw (r\|\|s) signature directly, not DER-encoded.\n signature = new Uint8Array(\n await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey!,\n signatureMessage as BufferSource,\n ),\n )\n }\n\n return encodeJWT(headerJSON, payloadJSON, signature)\n}\n\nexport type VerifyOptions\n = \| { algorithm?: 'ES256', publicKey?: CryptoKey, secret?: string, iss?: string, aud?: string \| string[] }\n \| { algorithm: 'HS256', secret?: string \| Uint8Array, publicKey?: never, iss?: string, aud?: string \| string[] }\n\n/\n Verify a JWT and return its payload when the signature is valid.\n * The algorithm is inferred from options – ES256 by default.\n * Throws when verification fails or the token is expired.\n /\nexport async function verify<T = Record<string, unknown>>(token: string, options: VerifyOptions): Promise<T> {\n let { algorithm = 'ES256', publicKey, secret, iss, aud } = options\n\n if (algorithm === 'ES256') {\n if (!publicKey) {\n if (typeof secret !== 'string')\n throw new AuthError('Missing secret for ES256 verification. Must be a base64url-encoded string.');\n\n ({ publicKey } = await deriveKeysFromSecret(secret))\n }\n }\n\n if (algorithm === 'HS256' && !secret)\n throw new AuthError('Missing secret for HS256 verification')\n\n const [header, payload, signature, signatureMessage] = parseJWT(token)\n\n const headerParams = new JWSRegisteredHeaders(header)\n const headerAlg = headerParams.algorithm()\n\n let validSignature = false\n\n // HS256 verification path\n if (algorithm === 'HS256') {\n if (headerAlg !== 'HS256')\n throw new Error(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"HS256\"`)\n\n const secretBytes = typeof secret === 'string'\n ? new TextEncoder().encode(secret)\n : secret\n\n const cryptoKey = await crypto.subtle.importKey(\n 'raw',\n secretBytes as BufferSource,\n { name: 'HMAC', hash: 'SHA-256' },\n false,\n ['sign'],\n )\n\n const expectedSig = new Uint8Array(await crypto.subtle.sign('HMAC', cryptoKey, signatureMessage as BufferSource))\n validSignature = constantTimeEqual(expectedSig, new Uint8Array(signature))\n }\n // ES256 verification path (default)\n else {\n if (headerAlg !== 'ES256')\n throw new AuthError(`JWT algorithm is \"${headerAlg}\", but verifier was configured for \"ES256\"`)\n\n const signatureBytes = new Uint8Array(signature)\n\n // Runtimes like Node.js return DER-encoded signatures. Others (Bun) return raw (r\|\|s).\n // We try DER first, as it's more common in Node environments.\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n signatureBytes as BufferSource,\n signatureMessage as BufferSource,\n )\n\n if (!validSignature && signatureBytes.length === 64) {\n // If DER verification fails and the signature is 64 bytes, it might be a raw signature.\n // Convert it to DER and try again.\n try {\n const derSig = rawToDer(signatureBytes)\n validSignature = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey!,\n derSig as BufferSource,\n signatureMessage as BufferSource,\n )\n }\n catch {\n // rawToDer can throw if the signature is not 64 bytes, but we already checked.\n // This catch is for other unexpected errors.\n validSignature = false\n }\n }\n }\n\n if (!validSignature)\n throw new AuthError('Invalid JWT signature')\n\n const claims = new JWTRegisteredClaims(payload)\n if (claims.hasExpiration() && !claims.verifyExpiration())\n throw new AuthError('JWT expired')\n if (claims.hasNotBefore() && !claims.verifyNotBefore())\n throw new AuthError('JWT not yet valid')\n if (iss && (payload as any).iss !== iss)\n throw new AuthError('Invalid JWT issuer')\n\n if (aud) {\n const expectedAudience = Array.isArray(aud) ? aud : [aud]\n const tokenAudience = (payload as any).aud\n ? (Array.isArray((payload as any).aud) ? (payload as any).aud : [(payload as any).aud])\n : []\n\n if (!expectedAudience.some(audValue => tokenAudience.includes(audValue)))\n throw new AuthError('Invalid JWT audience')\n }\n\n return payload as T\n}\n","import { generateCodeVerifier, generateState } from 'arctic'\n\nexport function createOAuthUris() {\n const state = generateState()\n const codeVerifier = generateCodeVerifier()\n\n return {\n state,\n codeVerifier,\n }\n}\n","export interface User {\n id: string\n name?: string \| null\n email?: string \| null\n emailVerified?: boolean \| null\n image?: string \| null\n role?: string \| null\n isAdmin?: boolean\n}\n\nexport interface Session {\n id: string\n sub: string\n [key: string]: unknown\n}\n\nexport interface GauSession<TProviders extends string = string> {\n user: User \| null\n session: Session \| null\n accounts?: Account[] \| null\n providers?: TProviders[]\n}\n\nexport const NULL_SESSION = {\n user: null,\n session: null,\n accounts: null,\n} as const\n\nexport interface NewUser extends Omit<User, 'id' \| 'accounts' \| 'isAdmin'> {\n id?: string\n}\n\nexport interface Account {\n userId: string\n provider: string\n providerAccountId: string\n type?: string // e.g. \"oauth\"\n accessToken?: string \| null\n refreshToken?: string \| null\n expiresAt?: number \| null // epoch seconds\n idToken?: string \| null\n scope?: string \| null\n tokenType?: string \| null\n sessionState?: string \| null\n}\n\nexport interface NewAccount extends Account {}\n\nexport interface Adapter {\n getUser: (id: string) => Promise<User \| null>\n getUserByEmail: (email: string) => Promise<User \| null>\n getUserByAccount: (provider: string, providerAccountId: string) => Promise<User \| null>\n getAccounts: (userId: string) => Promise<Account[]>\n getUserAndAccounts: (userId: string) => Promise<{ user: User, accounts: Account[] } \| null>\n createUser: (data: NewUser) => Promise<User>\n linkAccount: (data: NewAccount) => Promise<void>\n unlinkAccount: (provider: string, providerAccountId: string) => Promise<void>\n updateAccount?: (data: Partial<Account> & { userId: string, provider: string, providerAccountId: string }) => Promise<void>\n updateUser: (data: Partial<User> & { id: string }) => Promise<User>\n deleteUser: (id: string) => Promise<void>\n}\n\nexport class AuthError extends Error {\n override readonly cause?: unknown\n constructor(message: string, cause?: unknown) {\n super(message)\n this.name = 'AuthError'\n this.cause = cause\n }\n}\n\nexport function json<T>(data: T, init: ResponseInit = {}): Response {\n const headers = new Headers(init.headers)\n if (!headers.has('Content-Type'))\n headers.set('Content-Type', 'application/json; charset=utf-8')\n return new Response(JSON.stringify(data), { ...init, headers })\n}\n\nexport function redirect(url: string, status: 302 \| 303 = 302): Response {\n return new Response(null, {\n status,\n headers: {\n Location: url,\n },\n })\n}\n\nexport from './cookies'\nexport * from './createAuth'\nexport * from './handler'\nexport * from './utils'\n\nexport const REFRESHED_TOKEN_HEADER = 'X-Refreshed-Token'\n","import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { isTauri } from '../../runtimes/tauri/index'\nimport { clearSessionToken, getSessionToken, handleRefreshedToken, storeSessionToken } from '../token'\n\nexport { clearSessionToken, getSessionToken, handleRefreshedToken, REFRESHED_TOKEN_HEADER, SESSION_TOKEN_KEY, storeSessionToken } from '../token'\n\nexport interface AuthClientOptions {\n baseUrl: string\n scheme?: string\n}\n\ntype SessionListener<TAuth = unknown> = (session: GauSession<ProviderIds<TAuth>>) => void\n\nfunction buildQuery(params: Record<string, string \| undefined \| null>): string {\n const q = new URLSearchParams()\n for (const [k, v] of Object.entries(params)) {\n if (v != null && v !== '')\n q.set(k, String(v))\n }\n const s = q.toString()\n return s ? `?${s}` : ''\n}\n\nexport function createAuthClient<const TAuth = unknown>({ baseUrl, scheme = 'gau' }: AuthClientOptions) {\n let currentSession: GauSession<ProviderIds<TAuth>> = { user: null, session: null, accounts: null, providers: [] }\n const listeners = new Set<SessionListener<TAuth>>()\n\n const notify = () => {\n for (const l of listeners)\n l(currentSession)\n }\n\n async function fetchSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json'))\n return await res.json()\n return { user: null, session: null, accounts: null, providers: [] }\n }\n\n async function refreshSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const next = await fetchSession()\n currentSession = next\n notify()\n return next\n }\n\n async function applySessionToken(token: string): Promise<void> {\n try {\n storeSessionToken(token)\n }\n finally {\n await refreshSession()\n }\n }\n\n function onSessionChange(listener: SessionListener<TAuth>): () => void {\n listeners.add(listener)\n return () => listeners.delete(listener)\n }\n\n async function handleRedirectCallback(replaceUrl?: (url: string) => void): Promise<boolean> {\n if (typeof window === 'undefined')\n return false\n\n if (window.location.hash === '#_=_') {\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n return false\n }\n\n const hash = window.location.hash?.substring(1) ?? ''\n if (!hash)\n return false\n\n const params = new URLSearchParams(hash)\n const token = params.get('token')\n if (!token)\n return false\n\n await applySessionToken(token)\n\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n\n return true\n }\n\n function makeProviderUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params?: { redirectTo?: string, profile?: PR }): string {\n const q = buildQuery({\n redirectTo: params?.redirectTo,\n profile: params?.profile != null ? String(params.profile) : undefined,\n })\n return `${baseUrl}/${provider}${q}`\n }\n\n function makeLinkUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params: { redirectTo?: string, profile?: PR, redirect?: 'false' \| 'true' }): string {\n const q = buildQuery({\n redirectTo: params.redirectTo,\n profile: params.profile != null ? String(params.profile) : undefined,\n redirect: params.redirect,\n })\n return `${baseUrl}/link/${provider}${q}`\n }\n\n async function signIn<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n const url = makeProviderUrl<P, PR>(provider, options)\n\n if (isTauri()) {\n const { signInWithTauri } = await import('../../runtimes/tauri/index')\n await signInWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n }\n\n return url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri/index')\n await linkAccountWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n return makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n }\n\n const linkUrl = makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res: Response = await fetch(linkUrl, fetchOptions)\n if (res.redirected)\n return res.url\n try {\n const data = await res.json()\n if (data?.url)\n return data.url\n }\n catch {}\n return linkUrl\n }\n\n async function unlinkAccount<P extends ProviderIds<TAuth>>(provider: P): Promise<boolean> {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res = await fetch(`${baseUrl}/unlink/${provider}`, { method: 'POST', ...fetchOptions })\n if (res.ok) {\n await refreshSession()\n return true\n }\n return false\n }\n\n async function signOut(): Promise<void> {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await refreshSession()\n }\n\n async function startTauriBridge(): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { startAuthBridge } = await import('../../runtimes/tauri/index')\n const cleanup = await startAuthBridge(baseUrl, scheme, async (token) => {\n await applySessionToken(token)\n })\n return cleanup\n }\n\n /*\n Fetch wrapper that automatically handles authentication:\n * - Adds Authorization header if a token is stored (Tauri/mobile)\n * - Falls back to credentials: 'include' for cookie-based auth (web)\n * - Automatically stores refreshed tokens from X-Refreshed-Token header\n */\n async function authFetch(input: RequestInfo \| URL, init: RequestInit = {}): Promise<Response> {\n const token = getSessionToken()\n const headers = new Headers(init.headers)\n\n if (token)\n headers.set('Authorization', `Bearer ${token}`)\n\n const res = await globalThis.fetch(input, {\n ...init,\n headers,\n ...(!token && { credentials: 'include' as RequestCredentials }),\n })\n\n handleRefreshedToken(res)\n\n return res\n }\n\n return {\n get session() {\n return currentSession\n },\n fetch: authFetch,\n fetchSession,\n refreshSession,\n applySessionToken,\n handleRedirectCallback,\n onSessionChange,\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n startTauriBridge,\n }\n}\n"],"mappings":";;;;;;;;;;;AAAA,SAAS,eAAe;AAMjB,SAAS,kBAAkB,OAAe;AAC/C,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,QAAQ,mBAAmB,KAAK;AAAA,EAC/C,QACM;AAAA,EAAC;AACT;AAEO,SAAS,kBAAiC;AAC/C,MAAI,CAAC;AACH,WAAO;AACT,MAAI;AACF,WAAO,aAAa,QAAQ,iBAAiB;AAAA,EAC/C,QACM;AACJ,WAAO;AAAA,EACT;AACF;AAEO,SAAS,oBAAoB;AAClC,MAAI,CAAC;AACH;AACF,MAAI;AACF,iBAAa,WAAW,iBAAiB;AAAA,EAC3C,QACM;AAAA,EAAC;AACT;AAEO,SAAS,qBAAqB,UAA0B;AAC7D,MAAI,CAAC;AACH;AACF,QAAM,YAAY,SAAS,QAAQ,IAAI,sBAAsB;AAC7D,MAAI;AACF,sBAAkB,SAAS;AAC/B;AAEA,eAAsB,eAAe;AACnC,MAAI,CAAC,WAAW,CAAC,OAAO,UAAU,CAAC,OAAO,OAAO;AAC/C,UAAM,IAAI,MAAM,2EAA2E;AAE7F,WAAS,gBAAgB,OAA2B;AAClD,WAAO,KAAK,OAAO,aAAa,GAAG,KAAK,CAAC,EACtC,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AAAA,EACtB;AAEA,QAAM,iBAAiB;AACvB,QAAM,eAAe,IAAI,WAAW,cAAc;AAClD,SAAO,OAAO,gBAAgB,YAAY;AAC1C,QAAM,eAAe,gBAAgB,YAAY;AAEjD,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,OAAO,QAAQ,OAAO,YAAY;AACxC,QAAM,OAAO,MAAM,OAAO,OAAO,OAAO,OAAO,WAAW,IAAI;AAC9D,QAAM,gBAAgB,gBAAgB,IAAI,WAAW,IAAI,CAAC;AAE1D,SAAO,EAAE,cAAc,cAAc;AACvC;AAjEA,IAEa,mBAEA;AAJb;AAAA;AAAA;AAEO,IAAM,oBAAoB;AAE1B,IAAM,yBAAyB;AAAA;AAAA;;;ACJtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AACA,SAAS,WAAAA,gBAAe;AAGjB,SAAS,UAAmB;AACjC,SAAOA,YAAW,yBAAyB;AAC7C;AAEA,SAAS,cAAc,SAAgC;AACrD,MAAI;AACF,WAAO,IAAI,IAAI,OAAO,EAAE;AAAA,EAC1B,QACM;AACJ,QAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,UAAI;AACF,eAAO,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM,EAAE;AAAA,MAClD,QACM;AACJ,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACF;AAEA,eAAsB,gBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,WAAS,oBAAoB,MAAsB;AACjD,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,IAAI;AACtB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,MAAM,OAAO,SAAS,MAAM;AAC9C,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,EAAE,cAAc,cAAc,IAAI,MAAM,aAAa;AAC3D,eAAa,QAAQ,qBAAqB,YAAY;AAEtD,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,SAAO,IAAI,kBAAkB,aAAa;AAC1C,QAAM,eAAe,oBAAoB,OAAO;AAChD,QAAM,UAAU,GAAG,YAAY,IAAI,QAAQ,IAAI,OAAO,SAAS,CAAC;AAChE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,mBACpB,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,OAAO,IAAI,MAAM,OAAO,uBAAuB;AACvD,MAAI;AACF,UAAM,WAAW,MAAM,OAAe,aAAa,OAAO,UAAU;AAClE,YAAM,QAAQ,MAAM,OAAO;AAAA,IAC7B,CAAC;AACD,WAAO;AAAA,EACT,SACO,KAAK;AACV,YAAQ,MAAM,GAAG;AAAA,EACnB;AACF;AAEA,eAAsB,oBAAoB,KAAa,SAAiB,QAAgB,SAAkC;AACxH,QAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,QAAM,aAAa,cAAc,OAAO;AACxC,MAAI,OAAO,aAAa,GAAG,MAAM,QAAQ,CAAC,cAAc,OAAO,WAAW;AACxE;AAEF,QAAM,cAAc,IAAI,gBAAgB,OAAO,MAAM;AACrD,QAAM,OAAO,YAAY,IAAI,MAAM;AACnC,MAAI,MAAM;AACR,UAAM,WAAW,aAAa,QAAQ,mBAAmB;AACzD,QAAI,CAAC,UAAU;AACb,cAAQ,MAAM,wBAAwB;AACtC;AAAA,IACF;AACA,iBAAa,WAAW,mBAAmB;AAE3C,QAAI;AACF,YAAM,MAAM,MAAM,MAAM,GAAG,OAAO,UAAU;AAAA,QAC1C,QAAQ;AAAA,QACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,MAAM,KAAK,UAAU,EAAE,MAAM,cAAc,SAAS,CAAC;AAAA,MACvD,CAAC;AACD,UAAI,IAAI,IAAI;AACV,cAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,YAAI,KAAK;AACP,kBAAQ,KAAK,KAAK;AAAA,MACtB,OACK;AACH,gBAAQ,MAAM,mCAAmC;AAAA,MACnD;AAAA,IACF,SACO,GAAG;AACR,cAAQ,MAAM,oCAAoC,CAAC;AAAA,IACrD;AAAA,EACF;AACF;AAEA,eAAsB,qBACpB,UACA,SACA,SAAiB,OACjB,kBACA,SACA;AACA,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,EAAE,QAAQ,IAAI,MAAM,OAAO,2BAA2B;AAE5D,MAAI;AAEJ,MAAI;AACF,iBAAa;AAAA;AAEb,iBAAa,GAAG,MAAM;AAExB,QAAM,QAAQ,gBAAgB;AAC9B,MAAI,CAAC,OAAO;AACV,YAAQ,MAAM,8CAA8C;AAC5D;AAAA,EACF;AAEA,QAAM,SAAS,IAAI,gBAAgB;AACnC,SAAO,IAAI,cAAc,UAAU;AACnC,SAAO,IAAI,SAAS,KAAK;AACzB,MAAI;AACF,WAAO,IAAI,WAAW,OAAO,OAAO,CAAC;AACvC,QAAM,gBAAgB,MAAM;AAC1B,QAAI;AACF,YAAM,IAAI,IAAI,IAAI,OAAO;AACzB,aAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,IACvC,QACM;AACJ,UAAIA,YAAW,OAAO,WAAW,aAAa;AAC5C,YAAI;AACF,gBAAM,IAAI,IAAI,IAAI,SAAS,OAAO,SAAS,MAAM;AACjD,iBAAO,EAAE,SAAS,EAAE,QAAQ,OAAO,EAAE;AAAA,QACvC,QACM;AACJ,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AACH,QAAM,UAAU,GAAG,YAAY,SAAS,QAAQ,IAAI,OAAO,SAAS,CAAC;AACrE,QAAM,QAAQ,OAAO;AACvB;AAEA,eAAsB,gBACpB,SACA,QACA,SAC8B;AAC9B,MAAI,CAAC,QAAQ;AACX;AAEF,QAAM,WAAW,MAAM,mBAAmB,OAAO,QAAQ;AACvD,wBAAoB,KAAK,SAAS,QAAQ,OAAO;AAAA,EACnD,CAAC;AACD,SAAO;AACT;AAnMA;AAAA;AAAA;AAEA;AAAA;AAAA;;;ACAA,SAAS,oBAAoB;AAC7B,SAAS,WAAAC,gBAAe;AACxB,SAAS,YAAY,SAAS,kBAAkB;;;ACHhD,SAAS,OAAO,iBAAiB;AA4D1B,IAAM,eAAe,KAAK;;;ACvDjC,SAAS,aAAAC,kBAAiB;;;ACL1B;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;;;ACPP,SAAS,sBAAsB,qBAAqB;;;ACuB7C,IAAM,eAAe;AAAA,EAC1B,MAAM;AAAA,EACN,SAAS;AAAA,EACT,UAAU;AACZ;;;ALrBA;;;AMLA;AACA;AAEA;AASA,SAAS,WAAW,QAA2D;AAC7E,QAAM,IAAI,IAAI,gBAAgB;AAC9B,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC3C,QAAI,KAAK,QAAQ,MAAM;AACrB,QAAE,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,EACtB;AACA,QAAM,IAAI,EAAE,SAAS;AACrB,SAAO,IAAI,IAAI,CAAC,KAAK;AACvB;AAEO,SAAS,iBAAwC,EAAE,SAAS,SAAS,MAAM,GAAsB;AACtG,MAAI,iBAAiD,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAChH,QAAM,YAAY,oBAAI,IAA4B;AAElD,QAAM,SAAS,MAAM;AACnB,eAAW,KAAK;AACd,QAAE,cAAc;AAAA,EACpB;AAEA,iBAAe,eAAwD;AACrE,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAC9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB;AAC1C,aAAO,MAAM,IAAI,KAAK;AACxB,WAAO,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAAA,EACpE;AAEA,iBAAe,iBAA0D;AACvE,UAAM,OAAO,MAAM,aAAa;AAChC,qBAAiB;AACjB,WAAO;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,kBAAkB,OAA8B;AAC7D,QAAI;AACF,wBAAkB,KAAK;AAAA,IACzB,UACA;AACE,YAAM,eAAe;AAAA,IACvB;AAAA,EACF;AAEA,WAAS,gBAAgB,UAA8C;AACrE,cAAU,IAAI,QAAQ;AACtB,WAAO,MAAM,UAAU,OAAO,QAAQ;AAAA,EACxC;AAEA,iBAAe,uBAAuB,YAAsD;AAC1F,QAAI,OAAO,WAAW;AACpB,aAAO;AAET,QAAI,OAAO,SAAS,SAAS,QAAQ;AACnC,YAAMC,YAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,UAAI;AACF,mBAAWA,SAAQ;AAAA;AAEnB,eAAO,QAAQ,aAAa,MAAM,IAAIA,SAAQ;AAChD,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,OAAO,SAAS,MAAM,UAAU,CAAC,KAAK;AACnD,QAAI,CAAC;AACH,aAAO;AAET,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,QAAI,CAAC;AACH,aAAO;AAET,UAAM,kBAAkB,KAAK;AAE7B,UAAM,WAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,QAAI;AACF,iBAAW,QAAQ;AAAA;AAEnB,aAAO,QAAQ,aAAa,MAAM,IAAI,QAAQ;AAEhD,WAAO;AAAA,EACT;AAEA,WAAS,gBAAuG,UAAa,QAAwD;AACnL,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,SAAS,QAAQ,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,IAC9D,CAAC;AACD,WAAO,GAAG,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,EACnC;AAEA,WAAS,YAAmG,UAAa,QAAoF;AAC3M,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,OAAO;AAAA,MACnB,SAAS,OAAO,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,MAC3D,UAAU,OAAO;AAAA,IACnB,CAAC;AACD,WAAO,GAAG,OAAO,SAAS,QAAQ,GAAG,CAAC;AAAA,EACxC;AAEA,iBAAe,OAA8F,UAAa,SAAkE;AAC1L,UAAM,MAAM,gBAAuB,UAAU,OAAO;AAEpD,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,YAAMA,iBAA8B,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AAAA,IACtG;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,YAAmG,UAAa,SAAkE;AAC/L,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,sBAAAC,sBAAqB,IAAI,MAAM;AACvC,YAAMA,sBAAmC,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AACzG,aAAO,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAAA,IACvH;AAEA,UAAM,UAAU,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAC9H,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAgB,MAAM,MAAM,SAAS,YAAY;AACvD,QAAI,IAAI;AACN,aAAO,IAAI;AACb,QAAI;AACF,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,MAAM;AACR,eAAO,KAAK;AAAA,IAChB,QACM;AAAA,IAAC;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,cAA4C,UAA+B;AACxF,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAQ,IAAI,EAAE,QAAQ,QAAQ,GAAG,aAAa,CAAC;AAC5F,QAAI,IAAI,IAAI;AACV,YAAM,eAAe;AACrB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAEA,iBAAe,UAAyB;AACtC,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,eAAe;AAAA,EACvB;AAEA,iBAAe,mBAAiD;AAC9D,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,UAAM,UAAU,MAAMA,iBAAgB,SAAS,QAAQ,OAAO,UAAU;AACtE,YAAM,kBAAkB,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT;AAQA,iBAAe,UAAU,OAA0B,OAAoB,CAAC,GAAsB;AAC5F,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,IAAI,QAAQ,KAAK,OAAO;AAExC,QAAI;AACF,cAAQ,IAAI,iBAAiB,UAAU,KAAK,EAAE;AAEhD,UAAM,MAAM,MAAM,WAAW,MAAM,OAAO;AAAA,MACxC,GAAG;AAAA,MACH;AAAA,MACA,GAAI,CAAC,SAAS,EAAE,aAAa,UAAgC;AAAA,IAC/D,CAAC;AAED,yBAAqB,GAAG;AAExB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ANpMA,IAAM,mBAAmB,uBAAO,UAAU;AAEnC,SAAS,iBAAwC;AAAA,EACtD,UAAU;AAAA,EACV,SAAS;AAAA,EACT,YAAY;AACd,IAII,CAAC,GAAG;AAGN,QAAM,SAAS,iBAAwB;AAAA,IACrC;AAAA,EACF,CAAC;AAED,QAAM,eAAe,YAAqC;AACxD,QAAI,CAACC;AACH,aAAO,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE;AAC1C,WAAO,OAAO,eAAe;AAAA,EAC/B;AAEA,MAAI,UAA0B,OAAO,EAAE,GAAG,cAAc,WAAW,CAAC,EAAE,CAAC;AACvE,MAAI,YAAY,OAAO,IAAI;AAE3B,iBAAe,eAAe,KAAa;AACzC,QAAI;AACF,mBAAa,KAAK,CAAC,CAAC;AAAA,IACtB,QACM;AACJ,UAAIA;AACF,eAAO,QAAQ,aAAa,MAAM,IAAI,GAAG;AAAA,IAC7C;AAAA,EACF;AAEA,iBAAe,OAAqC,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AACvJ,UAAM,UAAU,QAAQ;AACxB,QAAI,kBAAkB,cAAc;AAEpC,QAAI,SAAS;AACX,YAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,YAAMA,iBAA0C,UAAU,SAAS,QAAQ,iBAAiB,OAAO;AACnG;AAAA,IACF;AAEA,QAAI,CAAC,mBAAmBD;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,MAAM,MAAM,OAAO,OAA0B,UAAU,EAAE,YAAY,iBAAiB,QAAQ,CAAC;AACrG,QAAIA;AACF,aAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,iBAAe,YAA0C,UAAa,EAAE,YAAY,QAAQ,IAA8D,CAAC,GAAG;AAC5J,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,sBAAAE,sBAAqB,IAAI,MAAM;AACvC,YAAMA,sBAA+C,UAAU,SAAS,QAAQ,YAAY,OAAO;AACnG;AAAA,IACF;AAEA,QAAI,kBAAkB,cAAc;AACpC,QAAI,CAAC,mBAAmBF;AACtB,wBAAkB,OAAO,SAAS;AAEpC,UAAM,MAAM,MAAM,OAAO,YAA+B,UAAU,EAAE,YAAY,iBAAiB,QAAQ,CAAC;AAC1G,QAAIA;AACF,aAAO,SAAS,OAAO;AAAA,EAC3B;AAEA,iBAAe,cAAc,UAA8B;AACzD,UAAM,KAAK,MAAM,OAAO,cAAc,QAAQ;AAC9C,QAAI;AACF,gBAAU,MAAM,aAAa;AAAA;AAE7B,cAAQ,MAAM,0BAA0B;AAAA,EAC5C;AAEA,iBAAe,UAAU;AACvB,UAAM,OAAO,QAAQ;AACrB,cAAU,MAAM,aAAa;AAAA,EAC/B;AAEA,UAAQ,MAAM;AACZ,QAAI,CAACA;AACH;AAEF,UAAM,YAAY;AAChB,YAAM,UAAU,MAAM,OAAO,uBAAuB,OAAM,QAAO,eAAe,GAAG,CAAC;AACpF,UAAI,CAAC;AACH,kBAAU,MAAM,aAAa;AAE/B,kBAAY;AAAA,IACd,GAAG;AAEH,QAAI;AACJ,QAAI,WAAW;AAEf,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,YAAY;AAChB,YAAM,EAAE,iBAAAG,iBAAgB,IAAI,MAAM;AAClC,YAAM,WAAW,MAAMA,iBAAgB,SAAS,QAAQ,OAAO,UAAU;AACvE,cAAM,OAAO,kBAAkB,KAAK;AACpC,kBAAU,MAAM,aAAa;AAAA,MAC/B,CAAC;AACD,UAAI;AACF,mBAAW;AAAA;AAEX,kBAAU;AAAA,IACd,GAAG;AAEH,WAAO,MAAM;AACX,iBAAW;AACX,gBAAU;AAAA,IACZ;AAAA,EACF,CAAC;AAED,QAAM,eAAwC;AAAA,IAC5C,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA,IAAI,YAAY;AACd,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,SAAS,YAAY;AAAE,gBAAU,MAAM,aAAa;AAAA,IAAE;AAAA,IACtD,OAAO,OAAO;AAAA,EAChB;AAEA,aAAW,kBAAkB,YAAY;AAC3C;AAEO,SAAS,UAA0D;AACxE,QAAM,UAAU,WAAoC,gBAAgB;AACpE,MAAI,CAAC;AACH,UAAM,IAAI,MAAM,6CAA6C;AAE/D,SAAO;AACT;","names":["BROWSER","BROWSER","serialize","cleanUrl","signInWithTauri","linkAccountWithTauri","startAuthBridge","BROWSER","signInWithTauri","linkAccountWithTauri","startAuthBridge"]}

package/dist/src/client/token.d.ts CHANGED Viewed

@@ -1,6 +1,9 @@
+export declare const SESSION_TOKEN_KEY = "__gau-session-token";
+export declare const REFRESHED_TOKEN_HEADER = "X-Refreshed-Token";
 export declare function storeSessionToken(token: string): void;
 export declare function getSessionToken(): string | null;
 export declare function clearSessionToken(): void;
+export declare function handleRefreshedToken(response: Response): void;
 export declare function generatePKCE(): Promise<{
     codeVerifier: string;
     codeChallenge: string;

package/dist/src/client/token.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/client/token.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,~~QAQ9C~~;AAED,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,~~CAI~~/C;AAED,wBAAgB,iBAAiB,~~SAQhC~~;AAED,wBAAsB,YAAY;;;GAsBjC"}
1	+ {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../../src/client/token.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,iBAAiB,wBAAwB,CAAA;AAEtD,eAAO,MAAM,sBAAsB,sBAAsB,CAAA;AAEzD,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,QAO9C;AAED,wBAAgB,eAAe,IAAI,MAAM,GAAG,IAAI,CAS/C;AAED,wBAAgB,iBAAiB,SAOhC;AAED,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,GAAG,IAAI,CAM7D;AAED,wBAAsB,YAAY;;;GAsBjC"}

package/dist/src/client/vanilla/index.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import type { GauSession, ProfileName, ProviderIds } from '../../core';
+export { clearSessionToken, getSessionToken, handleRefreshedToken, REFRESHED_TOKEN_HEADER, SESSION_TOKEN_KEY, storeSessionToken } from '../token';
 export interface AuthClientOptions {
     baseUrl: string;
     scheme?: string;
@@ -6,6 +7,7 @@ export interface AuthClientOptions {
 type SessionListener<TAuth = unknown> = (session: GauSession<ProviderIds<TAuth>>) => void;
 export declare function createAuthClient<const TAuth = unknown>({ baseUrl, scheme }: AuthClientOptions): {
     readonly session: GauSession<ProviderIds<TAuth>>;
+    fetch: (input: URL | RequestInfo, init?: RequestInit) => Promise<Response>;
     fetchSession: () => Promise<GauSession<ProviderIds<TAuth>>>;
     refreshSession: () => Promise<GauSession<ProviderIds<TAuth>>>;
     applySessionToken: (token: string) => Promise<void>;
@@ -23,5 +25,4 @@ export declare function createAuthClient<const TAuth = unknown>({ baseUrl, schem
     signOut: () => Promise<void>;
     startTauriBridge: () => Promise<void | (() => void)>;
 };
-export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/src/client/vanilla/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/client/vanilla/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAItE,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,KAAK,eAAe,CAAC,KAAK,GAAG,OAAO,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,CAAA;AAYzF,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAAE,EAAE,OAAO,EAAE,MAAc,EAAE,EAAE,iBAAiB~~;;;;;;;~~aA0F9E,CAAC,6BAA6B,EAAE;;;;kBAW3B,CAAC,6BAA6B,EAAE;;;;oBAsB9B,CAAC;;;~~EA6C~~/B"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/client/vanilla/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAItE,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AAEjJ,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,KAAK,eAAe,CAAC,KAAK,GAAG,OAAO,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,CAAA;AAYzF,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,KAAK,GAAG,OAAO,EAAE,EAAE,OAAO,EAAE,MAAc,EAAE,EAAE,iBAAiB;;;;;;;;aA0F9E,CAAC,6BAA6B,EAAE;;;;kBAW3B,CAAC,6BAA6B,EAAE;;;;oBAsB9B,CAAC;;;EAsE/B"}

package/dist/src/client/vanilla/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{~~clearSessionToken~~ as n,~~getSessionToken~~ as t,isTauri as e,storeSessionToken as r}from"../../../chunk-~~GVRQST3R~~.js";function i(n){const t=new URLSearchParams;for(const[e,r]of Object.entries(n))null!=r&&""!==r&&t.set(e,String(r));const e=t.toString();return e?`?${e}`:""}function o({baseUrl:o,scheme:a="gau"}){let c={user:null,session:null,accounts:null,providers:[]};const s=new Set;async function u(){const n=t(),e=n?{Authorization:`Bearer ${n}`}:void 0,r=await fetch(`${o}/session`,n?{headers:e}:{credentials:"include"}),i=r.headers.get("content-type");return i?.includes("application/json")?await r.json():{user:null,session:null,accounts:null,providers:[]}}async function l(){const n=await u();return c=n,(()=>{for(const n of s)n(c)})(),n}async function d(n){try{r(n)}finally{await l()}}function f(n,t){const e=i({redirectTo:t.redirectTo,profile:null!=t.profile?String(t.profile):void 0,redirect:t.redirect});return`${o}/link/${n}${e}`}return{get session(){return c},fetchSession:u,refreshSession:l,applySessionToken:d,handleRedirectCallback:async function(n){if("undefined"==typeof window)return!1;if("#_=_"===window.location.hash){const t=window.location.pathname+window.location.search;return n?n(t):window.history.replaceState(null,"",t),!1}const t=window.location.hash?.substring(1)??"";if(!t)return!1;const e=new URLSearchParams(t).get("token");if(!e)return!1;await d(e);const r=window.location.pathname+window.location.search;return n?n(r):window.history.replaceState(null,"",r),!0},onSessionChange:function(n){return s.add(n),()=>s.delete(n)},signIn:async function(n,t){const r=function(n,t){const e=i({redirectTo:t?.redirectTo,profile:null!=t?.profile?String(t.profile):void 0});return`${o}/${n}${e}`}(n,t);if(e()){const{signInWithTauri:e}=await import("../../runtimes/tauri/index.js");await e(n,o,~~a,t~~?.redirectTo,t?.profile)}return r},linkAccount:async function(n,r){if(e()){const{linkAccountWithTauri:t}=await import("../../runtimes/tauri/index.js");return await t(n,o,~~a,r~~?.redirectTo,r?.profile),f(n,{redirectTo:r?.redirectTo,profile:r?.profile,redirect:"false"})}const i=f(n,{redirectTo:r?.redirectTo,profile:r?.profile,redirect:"false"}),c=t(),s=c?{headers:{Authorization:`Bearer ${c}`}}:{credentials:"include"},u=await fetch(i,s);if(u.redirected)return u.url;try{const n=await u.json();if(n?.url)return n.url}catch{}return i},unlinkAccount:async function(n){const e=t(),r=e?{headers:{Authorization:`Bearer ${e}`}}:{credentials:"include"};return!!(await fetch(`${o}/unlink/${n}`,{method:"POST",...r})).ok&&(await l(),!0)},signOut:async function(){n();const e=t(),r=e?{Authorization:`Bearer ${e}`}:void 0;await fetch(`${o}/signout`,e?{method:"POST",headers:r}:{method:"POST",credentials:"include"}),await l()},startTauriBridge:async function(){if(!e())return;const{startAuthBridge:n}=await import("../../runtimes/tauri/index.js");return await n(o,a,async n=>{await d(n)})}}}export{o as createAuthClient};//# sourceMappingURL=index.js.map
1	+ import{REFRESHED_TOKEN_HEADER as n,SESSION_TOKEN_KEY as e,clearSessionToken as t,getSessionToken as r,handleRefreshedToken as i,isTauri as o,storeSessionToken as a}from"../../../chunk-PL7MV7OC.js";function c(n){const e=new URLSearchParams;for(const[t,r]of Object.entries(n))null!=r&&""!==r&&e.set(t,String(r));const t=e.toString();return t?`?${t}`:""}function s({baseUrl:n,scheme:e="gau"}){let s={user:null,session:null,accounts:null,providers:[]};const u=new Set;async function l(){const e=r(),t=e?{Authorization:`Bearer ${e}`}:void 0,i=await fetch(`${n}/session`,e?{headers:t}:{credentials:"include"}),o=i.headers.get("content-type");return o?.includes("application/json")?await i.json():{user:null,session:null,accounts:null,providers:[]}}async function d(){const n=await l();return s=n,(()=>{for(const n of u)n(s)})(),n}async function f(n){try{a(n)}finally{await d()}}function h(e,t){const r=c({redirectTo:t.redirectTo,profile:null!=t.profile?String(t.profile):void 0,redirect:t.redirect});return`${n}/link/${e}${r}`}return{get session(){return s},fetch:async function(n,e={}){const t=r(),o=new Headers(e.headers);t&&o.set("Authorization",`Bearer ${t}`);const a=await globalThis.fetch(n,{...e,headers:o,...!t&&{credentials:"include"}});return i(a),a},fetchSession:l,refreshSession:d,applySessionToken:f,handleRedirectCallback:async function(n){if("undefined"==typeof window)return!1;if("#_=_"===window.location.hash){const e=window.location.pathname+window.location.search;return n?n(e):window.history.replaceState(null,"",e),!1}const e=window.location.hash?.substring(1)??"";if(!e)return!1;const t=new URLSearchParams(e).get("token");if(!t)return!1;await f(t);const r=window.location.pathname+window.location.search;return n?n(r):window.history.replaceState(null,"",r),!0},onSessionChange:function(n){return u.add(n),()=>u.delete(n)},signIn:async function(t,r){const i=function(e,t){const r=c({redirectTo:t?.redirectTo,profile:null!=t?.profile?String(t.profile):void 0});return`${n}/${e}${r}`}(t,r);if(o()){const{signInWithTauri:i}=await import("../../runtimes/tauri/index.js");await i(t,n,e,r?.redirectTo,r?.profile)}return i},linkAccount:async function(t,i){if(o()){const{linkAccountWithTauri:r}=await import("../../runtimes/tauri/index.js");return await r(t,n,e,i?.redirectTo,i?.profile),h(t,{redirectTo:i?.redirectTo,profile:i?.profile,redirect:"false"})}const a=h(t,{redirectTo:i?.redirectTo,profile:i?.profile,redirect:"false"}),c=r(),s=c?{headers:{Authorization:`Bearer ${c}`}}:{credentials:"include"},u=await fetch(a,s);if(u.redirected)return u.url;try{const n=await u.json();if(n?.url)return n.url}catch{}return a},unlinkAccount:async function(e){const t=r(),i=t?{headers:{Authorization:`Bearer ${t}`}}:{credentials:"include"};return!!(await fetch(`${n}/unlink/${e}`,{method:"POST",...i})).ok&&(await d(),!0)},signOut:async function(){t();const e=r(),i=e?{Authorization:`Bearer ${e}`}:void 0;await fetch(`${n}/signout`,e?{method:"POST",headers:i}:{method:"POST",credentials:"include"}),await d()},startTauriBridge:async function(){if(!o())return;const{startAuthBridge:t}=await import("../../runtimes/tauri/index.js");return await t(n,e,async n=>{await f(n)})}}}export{n as REFRESHED_TOKEN_HEADER,e as SESSION_TOKEN_KEY,t as clearSessionToken,s as createAuthClient,r as getSessionToken,i as handleRefreshedToken,a as storeSessionToken};//# sourceMappingURL=index.js.map

package/dist/src/client/vanilla/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../src/client/vanilla/index.ts"],"sourcesContent":["import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { isTauri } from '../../runtimes/tauri/index'\nimport { clearSessionToken, getSessionToken, storeSessionToken } from '../token'\n\nexport interface AuthClientOptions {\n baseUrl: string\n scheme?: string\n}\n\ntype SessionListener<TAuth = unknown> = (session: GauSession<ProviderIds<TAuth>>) => void\n\nfunction buildQuery(params: Record<string, string \| undefined \| null>): string {\n const q = new URLSearchParams()\n for (const [k, v] of Object.entries(params)) {\n if (v != null && v !== '')\n q.set(k, String(v))\n }\n const s = q.toString()\n return s ? `?${s}` : ''\n}\n\nexport function createAuthClient<const TAuth = unknown>({ baseUrl, scheme = 'gau' }: AuthClientOptions) {\n let currentSession: GauSession<ProviderIds<TAuth>> = { user: null, session: null, accounts: null, providers: [] }\n const listeners = new Set<SessionListener<TAuth>>()\n\n const notify = () => {\n for (const l of listeners)\n l(currentSession)\n }\n\n async function fetchSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json'))\n return await res.json()\n return { user: null, session: null, accounts: null, providers: [] }\n }\n\n async function refreshSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const next = await fetchSession()\n currentSession = next\n notify()\n return next\n }\n\n async function applySessionToken(token: string): Promise<void> {\n try {\n storeSessionToken(token)\n }\n finally {\n await refreshSession()\n }\n }\n\n function onSessionChange(listener: SessionListener<TAuth>): () => void {\n listeners.add(listener)\n return () => listeners.delete(listener)\n }\n\n async function handleRedirectCallback(replaceUrl?: (url: string) => void): Promise<boolean> {\n if (typeof window === 'undefined')\n return false\n\n if (window.location.hash === '#_=_') {\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n return false\n }\n\n const hash = window.location.hash?.substring(1) ?? ''\n if (!hash)\n return false\n\n const params = new URLSearchParams(hash)\n const token = params.get('token')\n if (!token)\n return false\n\n await applySessionToken(token)\n\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n\n return true\n }\n\n function makeProviderUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params?: { redirectTo?: string, profile?: PR }): string {\n const q = buildQuery({\n redirectTo: params?.redirectTo,\n profile: params?.profile != null ? String(params.profile) : undefined,\n })\n return `${baseUrl}/${provider}${q}`\n }\n\n function makeLinkUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params: { redirectTo?: string, profile?: PR, redirect?: 'false' \| 'true' }): string {\n const q = buildQuery({\n redirectTo: params.redirectTo,\n profile: params.profile != null ? String(params.profile) : undefined,\n redirect: params.redirect,\n })\n return `${baseUrl}/link/${provider}${q}`\n }\n\n async function signIn<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n const url = makeProviderUrl<P, PR>(provider, options)\n\n if (isTauri()) {\n const { signInWithTauri } = await import('../../runtimes/tauri/index')\n await signInWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n }\n\n return url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri/index')\n await linkAccountWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n return makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n }\n\n const linkUrl = makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res: Response = await fetch(linkUrl, fetchOptions)\n if (res.redirected)\n return res.url\n try {\n const data = await res.json()\n if (data?.url)\n return data.url\n }\n catch {}\n return linkUrl\n }\n\n async function unlinkAccount<P extends ProviderIds<TAuth>>(provider: P): Promise<boolean> {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res = await fetch(`${baseUrl}/unlink/${provider}`, { method: 'POST', ...fetchOptions })\n if (res.ok) {\n await refreshSession()\n return true\n }\n return false\n }\n\n async function signOut(): Promise<void> {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await refreshSession()\n }\n\n async function startTauriBridge(): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { startAuthBridge } = await import('../../runtimes/tauri/index')\n const cleanup = await startAuthBridge(baseUrl, scheme, async (token) => {\n await applySessionToken(token)\n })\n return cleanup\n }\n\n return {\n get session() {\n return currentSession\n },\n fetchSession,\n refreshSession,\n applySessionToken,\n handleRedirectCallback,\n onSessionChange,\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n startTauriBridge,\n }\n}\n"],"mappings":";;;;;;;;AAWA,SAAS,WAAW,QAA2D;AAC7E,QAAM,IAAI,IAAI,gBAAgB;AAC9B,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC3C,QAAI,KAAK,QAAQ,MAAM;AACrB,QAAE,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,EACtB;AACA,QAAM,IAAI,EAAE,SAAS;AACrB,SAAO,IAAI,IAAI,CAAC,KAAK;AACvB;AAEO,SAAS,iBAAwC,EAAE,SAAS,SAAS,MAAM,GAAsB;AACtG,MAAI,iBAAiD,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAChH,QAAM,YAAY,oBAAI,IAA4B;AAElD,QAAM,SAAS,MAAM;AACnB,eAAW,KAAK;AACd,QAAE,cAAc;AAAA,EACpB;AAEA,iBAAe,eAAwD;AACrE,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAC9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB;AAC1C,aAAO,MAAM,IAAI,KAAK;AACxB,WAAO,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAAA,EACpE;AAEA,iBAAe,iBAA0D;AACvE,UAAM,OAAO,MAAM,aAAa;AAChC,qBAAiB;AACjB,WAAO;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,kBAAkB,OAA8B;AAC7D,QAAI;AACF,wBAAkB,KAAK;AAAA,IACzB,UACA;AACE,YAAM,eAAe;AAAA,IACvB;AAAA,EACF;AAEA,WAAS,gBAAgB,UAA8C;AACrE,cAAU,IAAI,QAAQ;AACtB,WAAO,MAAM,UAAU,OAAO,QAAQ;AAAA,EACxC;AAEA,iBAAe,uBAAuB,YAAsD;AAC1F,QAAI,OAAO,WAAW;AACpB,aAAO;AAET,QAAI,OAAO,SAAS,SAAS,QAAQ;AACnC,YAAMA,YAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,UAAI;AACF,mBAAWA,SAAQ;AAAA;AAEnB,eAAO,QAAQ,aAAa,MAAM,IAAIA,SAAQ;AAChD,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,OAAO,SAAS,MAAM,UAAU,CAAC,KAAK;AACnD,QAAI,CAAC;AACH,aAAO;AAET,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,QAAI,CAAC;AACH,aAAO;AAET,UAAM,kBAAkB,KAAK;AAE7B,UAAM,WAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,QAAI;AACF,iBAAW,QAAQ;AAAA;AAEnB,aAAO,QAAQ,aAAa,MAAM,IAAI,QAAQ;AAEhD,WAAO;AAAA,EACT;AAEA,WAAS,gBAAuG,UAAa,QAAwD;AACnL,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,SAAS,QAAQ,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,IAC9D,CAAC;AACD,WAAO,GAAG,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,EACnC;AAEA,WAAS,YAAmG,UAAa,QAAoF;AAC3M,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,OAAO;AAAA,MACnB,SAAS,OAAO,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,MAC3D,UAAU,OAAO;AAAA,IACnB,CAAC;AACD,WAAO,GAAG,OAAO,SAAS,QAAQ,GAAG,CAAC;AAAA,EACxC;AAEA,iBAAe,OAA8F,UAAa,SAAkE;AAC1L,UAAM,MAAM,gBAAuB,UAAU,OAAO;AAEpD,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,+BAA4B;AACrE,YAAM,gBAA8B,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AAAA,IACtG;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,YAAmG,UAAa,SAAkE;AAC/L,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,qBAAqB,IAAI,MAAM,OAAO,+BAA4B;AAC1E,YAAM,qBAAmC,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AACzG,aAAO,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAAA,IACvH;AAEA,UAAM,UAAU,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAC9H,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAgB,MAAM,MAAM,SAAS,YAAY;AACvD,QAAI,IAAI;AACN,aAAO,IAAI;AACb,QAAI;AACF,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,MAAM;AACR,eAAO,KAAK;AAAA,IAChB,QACM;AAAA,IAAC;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,cAA4C,UAA+B;AACxF,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAQ,IAAI,EAAE,QAAQ,QAAQ,GAAG,aAAa,CAAC;AAC5F,QAAI,IAAI,IAAI;AACV,YAAM,eAAe;AACrB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAEA,iBAAe,UAAyB;AACtC,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,eAAe;AAAA,EACvB;AAEA,iBAAe,mBAAiD;AAC9D,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,+BAA4B;AACrE,UAAM,UAAU,MAAM,gBAAgB,SAAS,QAAQ,OAAO,UAAU;AACtE,YAAM,kBAAkB,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["cleanUrl"]}
1	+ {"version":3,"sources":["../../../../src/client/vanilla/index.ts"],"sourcesContent":["import type { GauSession, ProfileName, ProviderIds } from '../../core'\nimport { isTauri } from '../../runtimes/tauri/index'\nimport { clearSessionToken, getSessionToken, handleRefreshedToken, storeSessionToken } from '../token'\n\nexport { clearSessionToken, getSessionToken, handleRefreshedToken, REFRESHED_TOKEN_HEADER, SESSION_TOKEN_KEY, storeSessionToken } from '../token'\n\nexport interface AuthClientOptions {\n baseUrl: string\n scheme?: string\n}\n\ntype SessionListener<TAuth = unknown> = (session: GauSession<ProviderIds<TAuth>>) => void\n\nfunction buildQuery(params: Record<string, string \| undefined \| null>): string {\n const q = new URLSearchParams()\n for (const [k, v] of Object.entries(params)) {\n if (v != null && v !== '')\n q.set(k, String(v))\n }\n const s = q.toString()\n return s ? `?${s}` : ''\n}\n\nexport function createAuthClient<const TAuth = unknown>({ baseUrl, scheme = 'gau' }: AuthClientOptions) {\n let currentSession: GauSession<ProviderIds<TAuth>> = { user: null, session: null, accounts: null, providers: [] }\n const listeners = new Set<SessionListener<TAuth>>()\n\n const notify = () => {\n for (const l of listeners)\n l(currentSession)\n }\n\n async function fetchSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n const res = await fetch(`${baseUrl}/session`, token ? { headers } : { credentials: 'include' })\n const contentType = res.headers.get('content-type')\n if (contentType?.includes('application/json'))\n return await res.json()\n return { user: null, session: null, accounts: null, providers: [] }\n }\n\n async function refreshSession(): Promise<GauSession<ProviderIds<TAuth>>> {\n const next = await fetchSession()\n currentSession = next\n notify()\n return next\n }\n\n async function applySessionToken(token: string): Promise<void> {\n try {\n storeSessionToken(token)\n }\n finally {\n await refreshSession()\n }\n }\n\n function onSessionChange(listener: SessionListener<TAuth>): () => void {\n listeners.add(listener)\n return () => listeners.delete(listener)\n }\n\n async function handleRedirectCallback(replaceUrl?: (url: string) => void): Promise<boolean> {\n if (typeof window === 'undefined')\n return false\n\n if (window.location.hash === '#_=_') {\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n return false\n }\n\n const hash = window.location.hash?.substring(1) ?? ''\n if (!hash)\n return false\n\n const params = new URLSearchParams(hash)\n const token = params.get('token')\n if (!token)\n return false\n\n await applySessionToken(token)\n\n const cleanUrl = window.location.pathname + window.location.search\n if (replaceUrl)\n replaceUrl(cleanUrl)\n else\n window.history.replaceState(null, '', cleanUrl)\n\n return true\n }\n\n function makeProviderUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params?: { redirectTo?: string, profile?: PR }): string {\n const q = buildQuery({\n redirectTo: params?.redirectTo,\n profile: params?.profile != null ? String(params.profile) : undefined,\n })\n return `${baseUrl}/${provider}${q}`\n }\n\n function makeLinkUrl<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, params: { redirectTo?: string, profile?: PR, redirect?: 'false' \| 'true' }): string {\n const q = buildQuery({\n redirectTo: params.redirectTo,\n profile: params.profile != null ? String(params.profile) : undefined,\n redirect: params.redirect,\n })\n return `${baseUrl}/link/${provider}${q}`\n }\n\n async function signIn<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n const url = makeProviderUrl<P, PR>(provider, options)\n\n if (isTauri()) {\n const { signInWithTauri } = await import('../../runtimes/tauri/index')\n await signInWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n }\n\n return url\n }\n\n async function linkAccount<P extends ProviderIds<TAuth>, PR extends (ProfileName<TAuth, P> \| string) \| undefined>(provider: P, options?: { redirectTo?: string, profile?: PR }): Promise<string> {\n if (isTauri()) {\n const { linkAccountWithTauri } = await import('../../runtimes/tauri/index')\n await linkAccountWithTauri<TAuth, P, PR>(provider, baseUrl, scheme, options?.redirectTo, options?.profile)\n return makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n }\n\n const linkUrl = makeLinkUrl<P, PR>(provider, { redirectTo: options?.redirectTo, profile: options?.profile, redirect: 'false' })\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res: Response = await fetch(linkUrl, fetchOptions)\n if (res.redirected)\n return res.url\n try {\n const data = await res.json()\n if (data?.url)\n return data.url\n }\n catch {}\n return linkUrl\n }\n\n async function unlinkAccount<P extends ProviderIds<TAuth>>(provider: P): Promise<boolean> {\n const token = getSessionToken()\n const fetchOptions: RequestInit = token ? { headers: { Authorization: `Bearer ${token}` } } : { credentials: 'include' }\n const res = await fetch(`${baseUrl}/unlink/${provider}`, { method: 'POST', ...fetchOptions })\n if (res.ok) {\n await refreshSession()\n return true\n }\n return false\n }\n\n async function signOut(): Promise<void> {\n clearSessionToken()\n const token = getSessionToken()\n const headers = token ? { Authorization: `Bearer ${token}` } : undefined\n await fetch(`${baseUrl}/signout`, token ? { method: 'POST', headers } : { method: 'POST', credentials: 'include' })\n await refreshSession()\n }\n\n async function startTauriBridge(): Promise<(() => void) \| void> {\n if (!isTauri())\n return\n\n const { startAuthBridge } = await import('../../runtimes/tauri/index')\n const cleanup = await startAuthBridge(baseUrl, scheme, async (token) => {\n await applySessionToken(token)\n })\n return cleanup\n }\n\n /*\n Fetch wrapper that automatically handles authentication:\n * - Adds Authorization header if a token is stored (Tauri/mobile)\n * - Falls back to credentials: 'include' for cookie-based auth (web)\n * - Automatically stores refreshed tokens from X-Refreshed-Token header\n */\n async function authFetch(input: RequestInfo \| URL, init: RequestInit = {}): Promise<Response> {\n const token = getSessionToken()\n const headers = new Headers(init.headers)\n\n if (token)\n headers.set('Authorization', `Bearer ${token}`)\n\n const res = await globalThis.fetch(input, {\n ...init,\n headers,\n ...(!token && { credentials: 'include' as RequestCredentials }),\n })\n\n handleRefreshedToken(res)\n\n return res\n }\n\n return {\n get session() {\n return currentSession\n },\n fetch: authFetch,\n fetchSession,\n refreshSession,\n applySessionToken,\n handleRedirectCallback,\n onSessionChange,\n signIn,\n linkAccount,\n unlinkAccount,\n signOut,\n startTauriBridge,\n }\n}\n"],"mappings":";;;;;;;;;;;AAaA,SAAS,WAAW,QAA2D;AAC7E,QAAM,IAAI,IAAI,gBAAgB;AAC9B,aAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,MAAM,GAAG;AAC3C,QAAI,KAAK,QAAQ,MAAM;AACrB,QAAE,IAAI,GAAG,OAAO,CAAC,CAAC;AAAA,EACtB;AACA,QAAM,IAAI,EAAE,SAAS;AACrB,SAAO,IAAI,IAAI,CAAC,KAAK;AACvB;AAEO,SAAS,iBAAwC,EAAE,SAAS,SAAS,MAAM,GAAsB;AACtG,MAAI,iBAAiD,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAChH,QAAM,YAAY,oBAAI,IAA4B;AAElD,QAAM,SAAS,MAAM;AACnB,eAAW,KAAK;AACd,QAAE,cAAc;AAAA,EACpB;AAEA,iBAAe,eAAwD;AACrE,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,IAAI,EAAE,aAAa,UAAU,CAAC;AAC9F,UAAM,cAAc,IAAI,QAAQ,IAAI,cAAc;AAClD,QAAI,aAAa,SAAS,kBAAkB;AAC1C,aAAO,MAAM,IAAI,KAAK;AACxB,WAAO,EAAE,MAAM,MAAM,SAAS,MAAM,UAAU,MAAM,WAAW,CAAC,EAAE;AAAA,EACpE;AAEA,iBAAe,iBAA0D;AACvE,UAAM,OAAO,MAAM,aAAa;AAChC,qBAAiB;AACjB,WAAO;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,kBAAkB,OAA8B;AAC7D,QAAI;AACF,wBAAkB,KAAK;AAAA,IACzB,UACA;AACE,YAAM,eAAe;AAAA,IACvB;AAAA,EACF;AAEA,WAAS,gBAAgB,UAA8C;AACrE,cAAU,IAAI,QAAQ;AACtB,WAAO,MAAM,UAAU,OAAO,QAAQ;AAAA,EACxC;AAEA,iBAAe,uBAAuB,YAAsD;AAC1F,QAAI,OAAO,WAAW;AACpB,aAAO;AAET,QAAI,OAAO,SAAS,SAAS,QAAQ;AACnC,YAAMA,YAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,UAAI;AACF,mBAAWA,SAAQ;AAAA;AAEnB,eAAO,QAAQ,aAAa,MAAM,IAAIA,SAAQ;AAChD,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,OAAO,SAAS,MAAM,UAAU,CAAC,KAAK;AACnD,QAAI,CAAC;AACH,aAAO;AAET,UAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,UAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,QAAI,CAAC;AACH,aAAO;AAET,UAAM,kBAAkB,KAAK;AAE7B,UAAM,WAAW,OAAO,SAAS,WAAW,OAAO,SAAS;AAC5D,QAAI;AACF,iBAAW,QAAQ;AAAA;AAEnB,aAAO,QAAQ,aAAa,MAAM,IAAI,QAAQ;AAEhD,WAAO;AAAA,EACT;AAEA,WAAS,gBAAuG,UAAa,QAAwD;AACnL,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,SAAS,QAAQ,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,IAC9D,CAAC;AACD,WAAO,GAAG,OAAO,IAAI,QAAQ,GAAG,CAAC;AAAA,EACnC;AAEA,WAAS,YAAmG,UAAa,QAAoF;AAC3M,UAAM,IAAI,WAAW;AAAA,MACnB,YAAY,OAAO;AAAA,MACnB,SAAS,OAAO,WAAW,OAAO,OAAO,OAAO,OAAO,IAAI;AAAA,MAC3D,UAAU,OAAO;AAAA,IACnB,CAAC;AACD,WAAO,GAAG,OAAO,SAAS,QAAQ,GAAG,CAAC;AAAA,EACxC;AAEA,iBAAe,OAA8F,UAAa,SAAkE;AAC1L,UAAM,MAAM,gBAAuB,UAAU,OAAO;AAEpD,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,+BAA4B;AACrE,YAAM,gBAA8B,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AAAA,IACtG;AAEA,WAAO;AAAA,EACT;AAEA,iBAAe,YAAmG,UAAa,SAAkE;AAC/L,QAAI,QAAQ,GAAG;AACb,YAAM,EAAE,qBAAqB,IAAI,MAAM,OAAO,+BAA4B;AAC1E,YAAM,qBAAmC,UAAU,SAAS,QAAQ,SAAS,YAAY,SAAS,OAAO;AACzG,aAAO,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAAA,IACvH;AAEA,UAAM,UAAU,YAAmB,UAAU,EAAE,YAAY,SAAS,YAAY,SAAS,SAAS,SAAS,UAAU,QAAQ,CAAC;AAC9H,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAgB,MAAM,MAAM,SAAS,YAAY;AACvD,QAAI,IAAI;AACN,aAAO,IAAI;AACb,QAAI;AACF,YAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,UAAI,MAAM;AACR,eAAO,KAAK;AAAA,IAChB,QACM;AAAA,IAAC;AACP,WAAO;AAAA,EACT;AAEA,iBAAe,cAA4C,UAA+B;AACxF,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,eAA4B,QAAQ,EAAE,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG,EAAE,IAAI,EAAE,aAAa,UAAU;AACvH,UAAM,MAAM,MAAM,MAAM,GAAG,OAAO,WAAW,QAAQ,IAAI,EAAE,QAAQ,QAAQ,GAAG,aAAa,CAAC;AAC5F,QAAI,IAAI,IAAI;AACV,YAAM,eAAe;AACrB,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAEA,iBAAe,UAAyB;AACtC,sBAAkB;AAClB,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,QAAQ,EAAE,eAAe,UAAU,KAAK,GAAG,IAAI;AAC/D,UAAM,MAAM,GAAG,OAAO,YAAY,QAAQ,EAAE,QAAQ,QAAQ,QAAQ,IAAI,EAAE,QAAQ,QAAQ,aAAa,UAAU,CAAC;AAClH,UAAM,eAAe;AAAA,EACvB;AAEA,iBAAe,mBAAiD;AAC9D,QAAI,CAAC,QAAQ;AACX;AAEF,UAAM,EAAE,gBAAgB,IAAI,MAAM,OAAO,+BAA4B;AACrE,UAAM,UAAU,MAAM,gBAAgB,SAAS,QAAQ,OAAO,UAAU;AACtE,YAAM,kBAAkB,KAAK;AAAA,IAC/B,CAAC;AACD,WAAO;AAAA,EACT;AAQA,iBAAe,UAAU,OAA0B,OAAoB,CAAC,GAAsB;AAC5F,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,UAAU,IAAI,QAAQ,KAAK,OAAO;AAExC,QAAI;AACF,cAAQ,IAAI,iBAAiB,UAAU,KAAK,EAAE;AAEhD,UAAM,MAAM,MAAM,WAAW,MAAM,OAAO;AAAA,MACxC,GAAG;AAAA,MACH;AAAA,MACA,GAAI,CAAC,SAAS,EAAE,aAAa,UAAgC;AAAA,IAC/D,CAAC;AAED,yBAAqB,GAAG;AAExB,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,IAAI,UAAU;AACZ,aAAO;AAAA,IACT;AAAA,IACA,OAAO;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":["cleanUrl"]}

package/dist/src/core/createAuth.d.ts CHANGED Viewed

@@ -169,6 +169,30 @@ export interface IssueSessionResult {
     /** The maxAge in seconds. */
     maxAge: number;
 }
+/**
+ * Options for refreshing a session.
+ */
+export interface RefreshSessionOptions {
+    /** Override the default TTL for the new token. */
+    ttl?: number;
+    /**
+     * Only refresh if past this fraction of TTL (0-1).
+     * Example: 0.5 means only refresh if session is past 50% of its lifetime.
+     */
+    threshold?: number;
+}
+/**
+ * Result of refreshing a session. Extends IssueSessionResult with source information.
+ */
+export interface RefreshSessionResult extends IssueSessionResult {
+    /**
+     * How the original token was provided.
+     * - 'cookie': Token was extracted from the Cookie header
+     * - 'bearer': Token was extracted from Authorization: Bearer header
+     * - 'token': A raw token string was passed directly
+     */
+    source: 'cookie' | 'bearer' | 'token';
+}
 export type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {
     providerMap: Map<ProviderId<TProviders[number]>, TProviders[number]>;
     basePath: string;
@@ -193,17 +217,14 @@ export type Auth<TProviders extends OAuthProvider[] = any> = Adapter & {
      * Refresh an existing session, issuing a new token with extended TTL.
      * Preserves custom claims from the original token.
      *
-     * @param token - The existing session token to refresh
+     * @param tokenOrRequest - The existing session token, or a Request to extract the token from
      * @param options.ttl - Override the default TTL for the new token
      * @param options.threshold - Only refresh if past this fraction of TTL (0-1).
      *   When set, returns null if below threshold.
      *   Example: 0.5 means only refresh if session is past 50% of its lifetime.
-     * @returns The refreshed session, or null if invalid/expired/below threshold
+     * @returns The refreshed session with source info, or null if invalid/expired/below threshold
      */
-    refreshSession: (token: string, options?: {
-        ttl?: number;
-        threshold?: number;
-    }) => Promise<IssueSessionResult | null>;
+    refreshSession: (tokenOrRequest: string | Request, options?: RefreshSessionOptions) => Promise<RefreshSessionResult | null>;
     /**
      * Get a valid access token for a linked provider. If the stored token is expired and a refresh token exists,
      * this will refresh it using the provider's refreshAccessToken and persist rotated tokens.

package/dist/src/core/createAuth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../../src/core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACtG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;~~AAMlD~~,KAAK,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AACjE,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,GAAG,CAAC,GAAG,MAAM,CAAA;AAErG,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;CAAE,GAC1E,CAAC,SAAS,MAAM,CAAC,GACf,MAAM,CAAC,CAAC,CAAC,CAAC,GACV,KAAK,GACP,KAAK,CAAA;AAET,MAAM,WAAW,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE;IACnE,kEAAkE;IAClE,OAAO,EAAE,OAAO,CAAA;IAChB,2CAA2C;IAC3C,SAAS,EAAE,UAAU,CAAA;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,OAAO,CAAC,EAAE;QACR,4EAA4E;QAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;KACvC,CAAA;IACD,sDAAsD;IACtD,GAAG,CAAC,EAAE;QACJ,uDAAuD;QACvD,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;QAC7B,2FAA2F;QAC3F,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,mCAAmC;QACnC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,qCAAqC;QACrC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,oEAAoE;QACpE,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;QAC1B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,IAAI,EAAE,MAAM,CAAA;QACZ,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QAC3B,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,OAAO,CAAA;QAChB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;QAClB,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAAG;QAAE,OAAO,EAAE,KAAK,CAAA;KAAE,CAAC,CAAA;IACzE,sEAAsE;IACtE,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;KACnB,KAAK,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;IAC9D,8DAA8D;IAC9D,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC9B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;KACrB,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,KAAK,CAAC;QAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACtE,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAA;KAC1B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnB,uFAAuF;IACvF,UAAU,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC7B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC7C,mHAAmH;IACnH,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,iIAAiI;IACjI,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,4DAA4D;IAC5D,KAAK,CAAC,EAAE;QACN,4CAA4C;QAC5C,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,iHAAiH;QACjH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,6FAA6F;QAC7F,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;QACrB,+FAA+F;QAC/F,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;KACxB,CAAA;IACD;;;;OAIG;IACH,IAAI,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG;QACpB;;;;;;;WAOG;QACH,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC3C,2EAA2E;QAC3E,gBAAgB,CAAC,EAAE,OAAO,CAAA;QAC1B,+EAA+E;QAC/E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,8DAA8D;QAC9D,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,kCAAkC;QAClC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,+CAA+C;QAC/C,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD;;;OAGG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAA;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,8DAA8D;IAC9D,KAAK,EAAE,MAAM,CAAA;IACb,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAA;IACd,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAA;IAClB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAA;CACf;AAED,MAAM,MAAM,IAAI,CAAC,UAAU,SAAS,aAAa,EAAE,GAAG,GAAG,IAAI,OAAO,GAAG;IACrE,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACpE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IACpB,eAAe,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,iBAAiB,CAAC,CAAA;IAClE,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,mBAAmB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,qBAAqB,CAAC,CAAA;IAC1E,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,OAAO,EAAE,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACjH,SAAS,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACpH,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAChG,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IAC9D;;;OAGG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,mBAAmB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAA;IAC5F;;;;;;;;;;OAUG;IACH,cAAc,EAAE,CAAC,~~KAAK~~,EAAE,MAAM,~~EAAE~~,OAAO,~~CAAC,~~EAAE~~;QAAE~~,~~GAAG~~,CAAC,EAAE,~~MAAM~~,~~CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,~~KAAK,OAAO,CAAC,~~kBAAkB~~,GAAG,IAAI,CAAC,CAAA;~~IACrH~~;;;OAGG;IACH,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC1H,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC5B,QAAQ,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC5C,oBAAoB,EAAE,OAAO,CAAA;IAC7B,oBAAoB,EAAE,OAAO,CAAA;IAC7B,eAAe,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;IAC5C,WAAW,EAAE,OAAO,CAAA;IACpB,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,UAAU,EAAE,MAAM,EAAE,CAAA;QACpB,YAAY,EAAE,MAAM,EAAE,CAAA;KACvB,CAAA;IACD,IAAI,EAAE,KAAK,GAAG;QACZ,cAAc,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC1C,gBAAgB,EAAE,OAAO,CAAA;QACzB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,QAAQ,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAA;CACvC,CAAA;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;AAC3F,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,CAAC,SAAS,MAAM,IACvE,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,SAAS,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAA;AAEpH,MAAM,MAAM,cAAc,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,OAAO,CAAC;KACtE,CAAC,IAAI,iBAAiB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB,GAAG,wBAAwB,CAAC,iBAAiB,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;CACrI,CAAC,CAAA;AACF,MAAM,MAAM,gBAAgB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,cAAc,CAAC,UAAU,CAAC,CAAA;AAE7F,wBAAgB,UAAU,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,EACnE,OAAO,EACP,SAAS,EACT,QAAsB,EACtB,GAAG,EAAE,SAAc,EACnB,OAAO,EAAE,aAAkB,EAC3B,OAAO,EAAE,YAAiB,EAC1B,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,UAAe,EACf,QAA0B,EAC1B,oBAA2B,EAC3B,oBAA4B,EAC5B,KAAK,EAAE,WAAgB,EACvB,IAAW,EACX,QAAQ,EAAE,cAAc,EACzB,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,~~CAsNlD~~"}
1	+ {"version":3,"file":"createAuth.d.ts","sourceRoot":"","sources":["../../../src/core/createAuth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC1C,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,QAAQ,CAAA;AAC9C,OAAO,KAAK,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,QAAQ,EAAE,aAAa,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAA;AACtG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AAOlD,KAAK,UAAU,CAAC,CAAC,IAAI,CAAC,SAAS,aAAa,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;AACjE,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,CAAC,SAAS;IAAE,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,MAAM,EAAE,GAAG,CAAC,CAAA;CAAE,GAAG,CAAC,GAAG,MAAM,CAAA;AAErG,MAAM,MAAM,WAAW,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,IAAI,CAAC,SAAS;IAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;CAAE,GAC1E,CAAC,SAAS,MAAM,CAAC,GACf,MAAM,CAAC,CAAC,CAAC,CAAC,GACV,KAAK,GACP,KAAK,CAAA;AAET,MAAM,WAAW,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE;IACnE,kEAAkE;IAClE,OAAO,EAAE,OAAO,CAAA;IAChB,2CAA2C;IAC3C,SAAS,EAAE,UAAU,CAAA;IACrB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,iCAAiC;IACjC,OAAO,CAAC,EAAE;QACR,4EAA4E;QAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;KACvC,CAAA;IACD,sDAAsD;IACtD,GAAG,CAAC,EAAE;QACJ,uDAAuD;QACvD,SAAS,CAAC,EAAE,OAAO,GAAG,OAAO,CAAA;QAC7B,2FAA2F;QAC3F,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,mCAAmC;QACnC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,qCAAqC;QACrC,GAAG,CAAC,EAAE,MAAM,CAAA;QACZ,oEAAoE;QACpE,GAAG,CAAC,EAAE,MAAM,CAAA;KACb,CAAA;IACD,0CAA0C;IAC1C,OAAO,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnC;;;;OAIG;IACH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;QAC1B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,IAAI,EAAE,MAAM,CAAA;QACZ,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QAC3B,UAAU,EAAE,MAAM,CAAA;QAClB,OAAO,EAAE,OAAO,CAAA;QAChB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;QAClB,aAAa,CAAC,EAAE,MAAM,CAAA;KACvB,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAA;KAAE,GAAG;QAAE,OAAO,EAAE,KAAK,CAAA;KAAE,CAAC,CAAA;IACzE,sEAAsE;IACtE,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,SAAS,EAAE,OAAO,CAAA;KACnB,KAAK,OAAO,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,SAAS,CAAC,CAAA;IAC9D,8DAA8D;IAC9D,mBAAmB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC9B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;KACrB,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,IAAI,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,KAAK,CAAC;QAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;KAAE,CAAC,CAAA;IACtE,mDAAmD;IACnD,kBAAkB,CAAC,EAAE,CAAC,OAAO,EAAE;QAC7B,OAAO,EAAE,OAAO,CAAA;QAChB,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,YAAY,EAAE,QAAQ,CAAA;QACtB,MAAM,EAAE,YAAY,CAAA;QACpB,MAAM,EAAE,MAAM,GAAG,QAAQ,CAAA;KAC1B,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnB,uFAAuF;IACvF,UAAU,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC7B,+EAA+E;IAC/E,QAAQ,CAAC,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC7C,mHAAmH;IACnH,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,iIAAiI;IACjI,oBAAoB,CAAC,EAAE,OAAO,CAAA;IAC9B,4DAA4D;IAC5D,KAAK,CAAC,EAAE;QACN,4CAA4C;QAC5C,WAAW,CAAC,EAAE,MAAM,CAAA;QACpB,iHAAiH;QACjH,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,6FAA6F;QAC7F,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;QACrB,+FAA+F;QAC/F,YAAY,CAAC,EAAE,MAAM,EAAE,CAAA;KACxB,CAAA;IACD;;;;OAIG;IACH,IAAI,CAAC,EAAE,IAAI,GAAG,KAAK,GAAG;QACpB;;;;;;;WAOG;QACH,cAAc,CAAC,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC3C,2EAA2E;QAC3E,gBAAgB,CAAC,EAAE,OAAO,CAAA;QAC1B,+EAA+E;QAC/E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,8DAA8D;QAC9D,cAAc,CAAC,EAAE,MAAM,EAAE,CAAA;QACzB,kCAAkC;QAClC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,+CAA+C;QAC/C,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD;;;OAGG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC,UAAU,CAAC,CAAA;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,mDAAmD;IACnD,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,uEAAuE;IACvE,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,8DAA8D;IAC9D,KAAK,EAAE,MAAM,CAAA;IACb,6DAA6D;IAC7D,MAAM,EAAE,MAAM,CAAA;IACd,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAA;IAClB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,kDAAkD;IAClD,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,kBAAkB;IAC9D;;;;;OAKG;IACH,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAA;CACtC;AAED,MAAM,MAAM,IAAI,CAAC,UAAU,SAAS,aAAa,EAAE,GAAG,GAAG,IAAI,OAAO,GAAG;IACrE,WAAW,EAAE,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;IACpE,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,gBAAgB,CAAA;IAC/B,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAA;IACpB,eAAe,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,iBAAiB,CAAC,CAAA;IAClE,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,mBAAmB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,qBAAqB,CAAC,CAAA;IAC1E,kBAAkB,CAAC,EAAE,iBAAiB,CAAC,UAAU,CAAC,CAAC,oBAAoB,CAAC,CAAA;IACxE,OAAO,EAAE,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IACjH,SAAS,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAAA;IACpH,aAAa,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;IAChG,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAA;IAC9D;;;OAGG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,mBAAmB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAA;IAC5F;;;;;;;;;;OAUG;IACH,cAAc,EAAE,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,EAAE,OAAO,CAAC,EAAE,qBAAqB,KAAK,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CAAA;IAC3H;;;OAGG;IACH,cAAc,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC1H,UAAU,EAAE,KAAK,GAAG,MAAM,EAAE,CAAA;IAC5B,QAAQ,EAAE,eAAe,GAAG,QAAQ,GAAG,KAAK,CAAA;IAC5C,oBAAoB,EAAE,OAAO,CAAA;IAC7B,oBAAoB,EAAE,OAAO,CAAA;IAC7B,eAAe,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAA;IAC5C,WAAW,EAAE,OAAO,CAAA;IACpB,KAAK,EAAE;QACL,WAAW,EAAE,MAAM,CAAA;QACnB,eAAe,CAAC,EAAE,CAAC,OAAO,EAAE;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,OAAO,EAAE,GAAG,CAAC;YAAC,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,MAAM,GAAG,SAAS,CAAA;QACzG,UAAU,EAAE,MAAM,EAAE,CAAA;QACpB,YAAY,EAAE,MAAM,EAAE,CAAA;KACvB,CAAA;IACD,IAAI,EAAE,KAAK,GAAG;QACZ,cAAc,EAAE,KAAK,GAAG,OAAO,GAAG,MAAM,EAAE,CAAA;QAC1C,gBAAgB,EAAE,OAAO,CAAA;QACzB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,cAAc,EAAE,MAAM,EAAE,CAAA;QACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAA;QACxB,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,CAAA;IACD,QAAQ,EAAE,gBAAgB,CAAC,UAAU,CAAC,CAAA;CACvC,CAAA;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,yGAAyG;IACzG,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,yDAAyD;IACzD,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CAChC;AAED,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAA;AAC3F,KAAK,iBAAiB,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,CAAC,SAAS,MAAM,IACvE,OAAO,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,SAAS,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,mBAAmB,CAAA;AAEpH,MAAM,MAAM,cAAc,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,OAAO,CAAC;KACtE,CAAC,IAAI,iBAAiB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB,GAAG,wBAAwB,CAAC,iBAAiB,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,CAAC;CACrI,CAAC,CAAA;AACF,MAAM,MAAM,gBAAgB,CAAC,UAAU,SAAS,aAAa,EAAE,IAAI,cAAc,CAAC,UAAU,CAAC,CAAA;AAE7F,wBAAgB,UAAU,CAAC,KAAK,CAAC,UAAU,SAAS,aAAa,EAAE,EAAE,EACnE,OAAO,EACP,SAAS,EACT,QAAsB,EACtB,GAAG,EAAE,SAAc,EACnB,OAAO,EAAE,aAAkB,EAC3B,OAAO,EAAE,YAAiB,EAC1B,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EAClB,UAAe,EACf,QAA0B,EAC1B,oBAA2B,EAC3B,oBAA4B,EAC5B,KAAK,EAAE,WAAgB,EACvB,IAAW,EACX,QAAQ,EAAE,cAAc,EACzB,EAAE,iBAAiB,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAuOlD"}

package/dist/src/core/handlers/callback.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAgBzC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CA4iBxG~~"}
1	+ {"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAgBzC,wBAAsB,cAAc,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CA8mBxG"}

package/dist/src/core/handlers/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as c,handleSignOut as e,handleToken as f,handleUnlink as h,verifyRequestOrigin as i}from"../../../chunk-~~XUNWIMPF~~.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,c as handleSignIn,e as handleSignOut,f as handleToken,h as handleUnlink,i as verifyRequestOrigin};//# sourceMappingURL=index.js.map
1	+ import{applyCors as o,handleCallback as r,handleLink as m,handlePreflight as p,handleSession as t,handleSignIn as V,handleSignOut as Z,handleToken as c,handleUnlink as e,verifyRequestOrigin as f}from"../../../chunk-VZVZ2KXR.js";export{o as applyCors,r as handleCallback,m as handleLink,p as handlePreflight,t as handleSession,V as handleSignIn,Z as handleSignOut,c as handleToken,e as handleUnlink,f as verifyRequestOrigin};//# sourceMappingURL=index.js.map

package/dist/src/core/handlers/link.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAKzC,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CAyBpG~~;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CA8CtG~~"}
1	+ {"version":3,"file":"link.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/link.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAKzC,wBAAsB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAkBpG;AAED,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAuCtG"}

package/dist/src/core/handlers/session.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAIzC,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,~~CA4BnF~~"}
1	+ {"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../src/core/handlers/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAA;AAIzC,wBAAsB,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAoBnF"}

package/dist/src/core/index.d.ts CHANGED Viewed

@@ -72,4 +72,6 @@ export declare function redirect(url: string, status?: 302 | 303): Response;
 export * from './cookies';
 export * from './createAuth';
 export * from './handler';
+export * from './utils';
+export declare const REFRESHED_TOKEN_HEADER = "X-Refreshed-Token";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/core/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,GAAG,SAAS,CAAC;IACxE,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/index.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,aAAa,CAAC,EAAE,OAAO,GAAG,IAAI,CAAA;IAC9B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAA;IACV,GAAG,EAAE,MAAM,CAAA;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,UAAU,CAAC,UAAU,SAAS,MAAM,GAAG,MAAM;IAC5D,IAAI,EAAE,IAAI,GAAG,IAAI,CAAA;IACjB,OAAO,EAAE,OAAO,GAAG,IAAI,CAAA;IACvB,QAAQ,CAAC,EAAE,OAAO,EAAE,GAAG,IAAI,CAAA;IAC3B,SAAS,CAAC,EAAE,UAAU,EAAE,CAAA;CACzB;AAED,eAAO,MAAM,YAAY;;;;CAIf,CAAA;AAEV,MAAM,WAAW,OAAQ,SAAQ,IAAI,CAAC,IAAI,EAAE,IAAI,GAAG,UAAU,GAAG,SAAS,CAAC;IACxE,EAAE,CAAC,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,iBAAiB,EAAE,MAAM,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CAC7B;AAED,MAAM,WAAW,UAAW,SAAQ,OAAO;CAAG;AAE9C,MAAM,WAAW,OAAO;IACtB,OAAO,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IAC7C,cAAc,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvD,gBAAgB,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAA;IACvF,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAA;IACnD,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,IAAI,CAAC,CAAA;IAC3F,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5C,WAAW,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC7E,aAAa,CAAC,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC3H,UAAU,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACnE,UAAU,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC1C;AAED,qBAAa,SAAU,SAAQ,KAAK;IAClC,SAAkB,KAAK,CAAC,EAAE,OAAO,CAAA;IACjC,YAAY,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAI3C;CACF;AAED,wBAAgB,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,IAAI,GAAE,YAAiB,GAAG,QAAQ,CAKlE;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,GAAE,GAAG,GAAG,GAAS,GAAG,QAAQ,CAOvE;AAED,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,WAAW,CAAA;AACzB,cAAc,SAAS,CAAA;AAEvB,eAAO,MAAM,sBAAsB,sBAAsB,CAAA"}

package/dist/src/core/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as c,DEFAULT_COOKIE_SERIALIZE_OPTIONS as e,LINKING_TOKEN_COOKIE_NAME as f,NULL_SESSION as h,PKCE_COOKIE_NAME as i,PROVIDER_OPTIONS_COOKIE_NAME as j,SESSION_COOKIE_NAME as k,SESSION_STRATEGY_COOKIE_NAME as n,createAuth as s,createHandler as u,json as x,parseCookies as F,redirect as I}from"../../chunk-~~XUNWIMPF~~.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,p as CSRF_COOKIE_NAME,t as CSRF_MAX_AGE,c as Cookies,e as DEFAULT_COOKIE_SERIALIZE_OPTIONS,f as LINKING_TOKEN_COOKIE_NAME,h as NULL_SESSION,i as PKCE_COOKIE_NAME,j as PROVIDER_OPTIONS_COOKIE_NAME,k as SESSION_COOKIE_NAME,n as SESSION_STRATEGY_COOKIE_NAME,s as createAuth,u as createHandler,x as json,F as parseCookies,I as redirect};//# sourceMappingURL=index.js.map
1	+ import{AuthError as o,CALLBACK_URI_COOKIE_NAME as r,CLIENT_CHALLENGE_COOKIE_NAME as m,CSRF_COOKIE_NAME as p,CSRF_MAX_AGE as t,Cookies as V,DEFAULT_COOKIE_SERIALIZE_OPTIONS as Z,LINKING_TOKEN_COOKIE_NAME as c,NULL_SESSION as e,PKCE_COOKIE_NAME as f,PROVIDER_OPTIONS_COOKIE_NAME as h,REFRESHED_TOKEN_HEADER as i,SESSION_COOKIE_NAME as j,SESSION_STRATEGY_COOKIE_NAME as k,createAuth as n,createHandler as s,getSessionTokenFromRequest as u,json as x,parseCookies as K,redirect as R}from"../../chunk-VZVZ2KXR.js";export{o as AuthError,r as CALLBACK_URI_COOKIE_NAME,m as CLIENT_CHALLENGE_COOKIE_NAME,p as CSRF_COOKIE_NAME,t as CSRF_MAX_AGE,V as Cookies,Z as DEFAULT_COOKIE_SERIALIZE_OPTIONS,c as LINKING_TOKEN_COOKIE_NAME,e as NULL_SESSION,f as PKCE_COOKIE_NAME,h as PROVIDER_OPTIONS_COOKIE_NAME,i as REFRESHED_TOKEN_HEADER,j as SESSION_COOKIE_NAME,k as SESSION_STRATEGY_COOKIE_NAME,n as createAuth,s as createHandler,u as getSessionTokenFromRequest,x as json,K as parseCookies,R as redirect};//# sourceMappingURL=index.js.map