@rttnd/gau 1.2.5 → 1.2.7

package/dist/chunk-DVVL3GFT.js

@@ -0,0 +1 @@
+import{is as e}from"drizzle-orm";import{MySqlDatabase as r}from"drizzle-orm/mysql-core";import{PgDatabase as t}from"drizzle-orm/pg-core";import{BaseSQLiteDatabase as n}from"drizzle-orm/sqlite-core";import{and as a,eq as o}from"drizzle-orm";import{and as i,eq as c}from"drizzle-orm";import{sql as s}from"drizzle-orm";async function u(e,r){if("async"===e.session?.mode||"async"===e.mode)return e.transaction(r);e.run(s`BEGIN`);try{const t=await r(e);return e.run(s`COMMIT`),t}catch(r){throw e.run(s`ROLLBACK`),r}}function d(s,d,l){if(e(s,n))return function(e,r,t){const n=e=>e?{...e}:null;return{async getUser(t){const a=await e.select().from(r).where(c(r.id,t)).get();return n(a)},async getUserByEmail(t){const a=await e.select().from(r).where(c(r.email,t)).get();return n(a)},async getUserByAccount(a,o){const s=await e.select().from(r).innerJoin(t,c(r.id,t.userId)).where(i(c(t.provider,a),c(t.providerAccountId,o))).get();return n(s?.users)},getAccounts:async r=>await e.select().from(t).where(c(t.userId,r)).all(),async getUserAndAccounts(a){const o=await e.select().from(r).where(c(r.id,a)).leftJoin(t,c(r.id,t.userId)).all();return o.length?{user:n(o[0].users),accounts:o.map(e=>e.accounts).filter(Boolean)}:null},async createUser(t){const a=t.id??crypto.randomUUID();return await u(e,async e=>{await e.insert(r).values({...t,id:a,name:t.name??null,email:t.email??null,image:t.image??null,emailVerified:t.emailVerified??null,...r.role?{role:t.role??null}:{},createdAt:new Date,updatedAt:new Date}).run();const o=await e.select().from(r).where(c(r.id,a)).get();return n(o)})},async linkAccount(r){await e.insert(t).values({type:"oauth",...r}).run()},async unlinkAccount(r,n){await e.delete(t).where(i(c(t.provider,r),c(t.providerAccountId,n))).run()},async updateAccount(r){await e.update(t).set({accessToken:r.accessToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,idToken:r.idToken,tokenType:r.tokenType,scope:r.scope}).where(i(c(t.userId,r.userId),c(t.provider,r.provider),c(t.providerAccountId,r.providerAccountId))).run()},async updateUser(t){const{id:a,...o}=t;return await u(e,async e=>{await e.update(r).set({...o,updatedAt:new Date}).where(c(r.id,a)).run();const t=await e.select().from(r).where(c(r.id,a)).get();return n(t)})},async deleteUser(t){await e.delete(r).where(c(r.id,t)).run()}}}(s,d,l);if(e(s,r))return function(){throw new Error("MySQL adapter is not yet implemented.")}();if(e(s,t))return function(e,r,t){const n=e=>e?{...e}:null;return{async getUser(t){const a=await e.select().from(r).where(o(r.id,t)).limit(1).execute();return n(a[0])},async getUserByEmail(t){const a=await e.select().from(r).where(o(r.email,t)).limit(1).execute();return n(a[0])},async getUserByAccount(i,c){const s=(await e.select().from(r).innerJoin(t,o(r.id,t.userId)).where(a(o(t.provider,i),o(t.providerAccountId,c))).limit(1).execute())[0];return n(s?.users)},getAccounts:async r=>await e.select().from(t).where(o(t.userId,r)).execute(),async getUserAndAccounts(a){const i=await e.select().from(r).leftJoin(t,o(r.id,t.userId)).where(o(r.id,a)).execute();return i.length?{user:n(i[0]?.users),accounts:i.map(e=>e?.accounts).filter(Boolean)}:null},async createUser(t){const a=t.id??crypto.randomUUID(),[o]=await e.insert(r).values({...t,id:a,name:t.name??null,email:t.email??null,image:t.image??null,emailVerified:t.emailVerified??null,...r.role?{role:t.role??null}:{},createdAt:new Date,updatedAt:new Date}).returning().execute();return n(o)},async linkAccount(r){await e.insert(t).values({type:"oauth",...r}).execute()},async unlinkAccount(r,n){await e.delete(t).where(a(o(t.provider,r),o(t.providerAccountId,n))).execute()},async updateAccount(r){await e.update(t).set({accessToken:r.accessToken,refreshToken:r.refreshToken,expiresAt:r.expiresAt,idToken:r.idToken,tokenType:r.tokenType,scope:r.scope}).where(a(o(t.userId,r.userId),o(t.provider,r.provider),o(t.providerAccountId,r.providerAccountId))).execute()},async updateUser(t){const{id:a,...i}=t,[c]=await e.update(r).set({...i,updatedAt:new Date}).where(o(r.id,a)).returning().execute();return n(c)},async deleteUser(t){await e.delete(r).where(o(r.id,t)).execute()}}}(s,d,l);throw new Error(`Unsupported database type (${typeof s}) in gau Drizzle adapter.`)}export{d as DrizzleAdapter};//# sourceMappingURL=chunk-DVVL3GFT.js.map

package/dist/chunk-DVVL3GFT.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/adapters/drizzle/index.ts","../src/adapters/drizzle/mysql.ts","../src/adapters/drizzle/pg.ts","../src/adapters/drizzle/sqlite.ts","../src/adapters/drizzle/transaction.ts"],"sourcesContent":["import type { Adapter } from '../../core/index'\nimport type { AccountsTable, UsersTable } from './sqlite'\nimport { is } from 'drizzle-orm'\nimport { MySqlDatabase } from 'drizzle-orm/mysql-core'\nimport { PgDatabase } from 'drizzle-orm/pg-core'\n\nimport { BaseSQLiteDatabase } from 'drizzle-orm/sqlite-core'\nimport { MySqlDrizzleAdapter } from './mysql'\nimport { PostgresDrizzleAdapter } from './pg'\nimport { SQLiteDrizzleAdapter } from './sqlite'\n\nexport function DrizzleAdapter<\n  U extends UsersTable,\n  A extends AccountsTable,\n>(\n  db:\n    | BaseSQLiteDatabase<'sync' | 'async', any, any>\n    | MySqlDatabase<any, any, any, any>\n    | PgDatabase<any, any, any>,\n  users: U,\n  accounts: A,\n): Adapter {\n  if (is(db, BaseSQLiteDatabase))\n    return SQLiteDrizzleAdapter(db, users, accounts)\n\n  if (is(db, MySqlDatabase))\n    // @ts-expect-error Not implemented\n    return MySqlDrizzleAdapter(db, users, accounts)\n\n  if (is(db, PgDatabase))\n    return PostgresDrizzleAdapter(db, users, accounts)\n\n  throw new Error(\n    `Unsupported database type (${typeof db}) in gau Drizzle adapter.`,\n  )\n}\n","// TODO: Implement MySQL adapter for gau\nexport function MySqlDrizzleAdapter(): never {\n  throw new Error('MySQL adapter is not yet implemented.')\n}\n","import type { AnyColumn, InferInsertModel, InferSelectModel, Table } from 'drizzle-orm'\nimport type { PgDatabase, PgTable } from 'drizzle-orm/pg-core'\nimport type { Account, Adapter, NewAccount, NewUser, User } from '../../core'\nimport { and, eq } from 'drizzle-orm'\n\nexport type UsersTable = Table & {\n  id: AnyColumn\n  name: AnyColumn\n  email: AnyColumn\n  image: AnyColumn\n  emailVerified: AnyColumn\n  role?: AnyColumn\n  createdAt: AnyColumn\n  updatedAt: AnyColumn\n}\n\nexport type AccountsTable = Table & {\n  userId: AnyColumn\n  type: AnyColumn\n  provider: AnyColumn\n  providerAccountId: AnyColumn\n  refreshToken: AnyColumn\n  accessToken: AnyColumn\n  expiresAt: AnyColumn\n  tokenType: AnyColumn\n  scope: AnyColumn\n  idToken: AnyColumn\n  sessionState?: AnyColumn\n}\n\nexport function PostgresDrizzleAdapter<\n  DB extends PgDatabase<any, any, any>,\n  U extends UsersTable,\n  A extends AccountsTable,\n>(db: DB, Users: U, Accounts: A): Adapter {\n  type DBUser = InferSelectModel<U>\n  type DBAccount = InferSelectModel<A>\n  type DBInsertUser = InferInsertModel<U>\n  type DBInsertAccount = InferInsertModel<A>\n\n  const toUser = (row: DBUser | undefined | null): User | null =>\n    row ? ({ ...(row as any) }) : null\n\n  return {\n    async getUser(id) {\n      const rows = await db\n        .select()\n        .from(Users as unknown as PgTable)\n        .where(eq(Users.id, id))\n        .limit(1)\n        .execute()\n      return toUser(rows[0] as DBUser | undefined)\n    },\n\n    async getUserByEmail(email) {\n      const rows = await db\n        .select()\n        .from(Users as unknown as PgTable)\n        .where(eq(Users.email, email))\n        .limit(1)\n        .execute()\n      return toUser(rows[0] as DBUser | undefined)\n    },\n\n    async getUserByAccount(provider, providerAccountId) {\n      const rows = await db\n        .select()\n        .from(Users as unknown as PgTable)\n        .innerJoin(Accounts as unknown as PgTable, eq(Users.id, Accounts.userId))\n        .where(and(\n          eq(Accounts.provider, provider),\n          eq(Accounts.providerAccountId, providerAccountId),\n        ))\n        .limit(1)\n        .execute()\n      const row = rows[0] as { users?: DBUser } | undefined\n      return toUser(row?.users)\n    },\n\n    async getAccounts(userId) {\n      const rows = await db\n        .select()\n        .from(Accounts as unknown as PgTable)\n        .where(eq(Accounts.userId, userId))\n        .execute()\n      return rows as unknown as Account[]\n    },\n\n    async getUserAndAccounts(userId) {\n      const rows = await db\n        .select()\n        .from(Users as unknown as PgTable)\n        .leftJoin(Accounts as unknown as PgTable, eq(Users.id, Accounts.userId))\n        .where(eq(Users.id, userId))\n        .execute()\n\n      if (!rows.length)\n        return null\n\n      const user = toUser((rows[0] as { users?: DBUser } | undefined)?.users) as User\n      const accounts = (rows\n        .map((r: { accounts?: DBAccount } | undefined) => r?.accounts)\n        .filter(Boolean) as DBAccount[]) as unknown as Account[]\n\n      return { user, accounts }\n    },\n\n    async createUser(data: NewUser) {\n      const id = data.id ?? crypto.randomUUID()\n      const [inserted] = await db\n        .insert(Users)\n        .values({\n          ...data,\n          id,\n          name: data.name ?? null,\n          email: data.email ?? null,\n          image: data.image ?? null,\n          emailVerified: data.emailVerified ?? null,\n          ...(Users.role ? { role: data.role ?? null } : {}),\n          createdAt: new Date(),\n          updatedAt: new Date(),\n        } as DBInsertUser)\n        .returning()\n        .execute()\n\n      return toUser(inserted) as User\n    },\n\n    async linkAccount(data: NewAccount) {\n      await db\n        .insert(Accounts)\n        .values({\n          type: 'oauth',\n          ...data,\n        } as DBInsertAccount)\n        .execute()\n    },\n\n    async unlinkAccount(provider, providerAccountId) {\n      await db\n        .delete(Accounts)\n        .where(and(\n          eq(Accounts.provider, provider),\n          eq(Accounts.providerAccountId, providerAccountId),\n        ))\n        .execute()\n    },\n\n    async updateAccount(data) {\n      await db\n        .update(Accounts)\n        .set({\n          accessToken: data.accessToken,\n          refreshToken: data.refreshToken,\n          expiresAt: data.expiresAt,\n          idToken: data.idToken,\n          tokenType: data.tokenType,\n          scope: data.scope,\n        } as Partial<DBInsertAccount>)\n        .where(and(\n          eq(Accounts.userId, data.userId),\n          eq(Accounts.provider, data.provider),\n          eq(Accounts.providerAccountId, data.providerAccountId),\n        ))\n        .execute()\n    },\n\n    async updateUser(partial) {\n      const { id, ...rest } = partial\n      const [updated] = await db\n        .update(Users)\n        .set({\n          ...rest,\n          updatedAt: new Date(),\n        } as Partial<DBInsertUser>)\n        .where(eq(Users.id, id))\n        .returning()\n        .execute()\n\n      return toUser(updated) as User\n    },\n\n    async deleteUser(id) {\n      await db\n        .delete(Users)\n        .where(eq(Users.id, id))\n        .execute()\n    },\n  }\n}\n","import type { AnyColumn, InferInsertModel, InferSelectModel, Table } from 'drizzle-orm'\nimport type { BaseSQLiteDatabase } from 'drizzle-orm/sqlite-core'\nimport type { Account, Adapter, NewAccount, NewUser, User } from '../../core/index'\nimport { and, eq } from 'drizzle-orm'\nimport { transaction } from './transaction'\n\nexport type UsersTable = Table & {\n  id: AnyColumn\n  name: AnyColumn\n  email: AnyColumn\n  image: AnyColumn\n  emailVerified: AnyColumn\n  role?: AnyColumn\n  createdAt: AnyColumn\n  updatedAt: AnyColumn\n}\n\nexport type AccountsTable = Table & {\n  userId: AnyColumn\n  type: AnyColumn\n  provider: AnyColumn\n  providerAccountId: AnyColumn\n  refreshToken: AnyColumn\n  accessToken: AnyColumn\n  expiresAt: AnyColumn\n  tokenType: AnyColumn\n  scope: AnyColumn\n  idToken: AnyColumn\n  sessionState?: AnyColumn\n}\n\nexport function SQLiteDrizzleAdapter<\n  DB extends BaseSQLiteDatabase<'sync' | 'async', any, any>,\n  U extends UsersTable,\n  A extends AccountsTable,\n>(db: DB, Users: U, Accounts: A): Adapter {\n  type DBUser = InferSelectModel<U>\n  type DBAccount = InferSelectModel<A>\n  type DBInsertUser = InferInsertModel<U>\n  type DBInsertAccount = InferInsertModel<A>\n\n  const toUser = (row: DBUser | undefined | null): User | null =>\n    row ? ({ ...(row as any) }) : null\n\n  return {\n    async getUser(id) {\n      const user: DBUser | undefined = await db\n        .select()\n        .from(Users)\n        .where(eq(Users.id, id))\n        .get()\n      return toUser(user)\n    },\n\n    async getUserByEmail(email) {\n      const user: DBUser | undefined = await db\n        .select()\n        .from(Users)\n        .where(eq(Users.email, email))\n        .get()\n      return toUser(user)\n    },\n\n    async getUserByAccount(provider, providerAccountId) {\n      const result: DBUser | undefined = await db\n        .select()\n        .from(Users)\n        .innerJoin(Accounts, eq(Users.id, Accounts.userId))\n        .where(and(eq(Accounts.provider, provider), eq(Accounts.providerAccountId, providerAccountId)))\n        .get()\n      return toUser(result?.users)\n    },\n\n    async getAccounts(userId) {\n      const accounts: DBAccount[] = await db\n        .select()\n        .from(Accounts)\n        .where(eq(Accounts.userId, userId))\n        .all()\n      return accounts as Account[]\n    },\n\n    async getUserAndAccounts(userId) {\n      const result = await db\n        .select()\n        .from(Users)\n        .where(eq(Users.id, userId))\n        .leftJoin(Accounts, eq(Users.id, Accounts.userId))\n        .all()\n\n      if (!result.length)\n        return null\n\n      const user = toUser(result[0]!.users)!\n      const accounts = result\n        .map(row => row.accounts)\n        .filter(Boolean) as Account[]\n\n      return { user, accounts }\n    },\n\n    async createUser(data: NewUser) {\n      const id = data.id ?? crypto.randomUUID()\n      return await transaction(db, async (tx) => {\n        await tx\n          .insert(Users)\n          .values({\n            ...data,\n            id,\n            name: data.name ?? null,\n            email: data.email ?? null,\n            image: data.image ?? null,\n            emailVerified: data.emailVerified ?? null,\n            ...(Users.role ? { role: data.role ?? null } : {}),\n            createdAt: new Date(),\n            updatedAt: new Date(),\n          } as DBInsertUser)\n          .run()\n\n        const result: DBUser | undefined = await tx.select().from(Users).where(eq(Users.id, id)).get()\n        return toUser(result) as User\n      })\n    },\n\n    async linkAccount(data: NewAccount) {\n      await db\n        .insert(Accounts)\n        .values({\n          type: 'oauth',\n          ...data,\n        } as DBInsertAccount)\n        .run()\n    },\n\n    async unlinkAccount(provider, providerAccountId) {\n      await db\n        .delete(Accounts)\n        .where(and(eq(Accounts.provider, provider), eq(Accounts.providerAccountId, providerAccountId)))\n        .run()\n    },\n\n    async updateAccount(data) {\n      await db\n        .update(Accounts)\n        .set({\n          accessToken: data.accessToken,\n          refreshToken: data.refreshToken,\n          expiresAt: data.expiresAt,\n          idToken: data.idToken,\n          tokenType: data.tokenType,\n          scope: data.scope,\n        })\n        .where(and(\n          eq(Accounts.userId, data.userId),\n          eq(Accounts.provider, data.provider),\n          eq(Accounts.providerAccountId, data.providerAccountId),\n        ))\n        .run()\n    },\n\n    async updateUser(partial) {\n      const { id, ...rest } = partial\n      return await transaction(db, async (tx) => {\n        await tx\n          .update(Users)\n          .set({\n            ...rest,\n            updatedAt: new Date(),\n          } as Partial<DBInsertUser>)\n          .where(eq(Users.id, id))\n          .run()\n\n        const result: DBUser | undefined = await tx.select().from(Users).where(eq(Users.id, id)).get()\n        return toUser(result) as User\n      })\n    },\n\n    async deleteUser(id) {\n      await db.delete(Users).where(eq(Users.id, id)).run()\n    },\n  }\n}\n","import type { BaseSQLiteDatabase } from 'drizzle-orm/sqlite-core'\nimport { sql } from 'drizzle-orm'\n\n/**\n * A helper to run transactions across both sync (`better-sqlite3`)\n * and async (`libsql`) Drizzle drivers.\n *\n * It checks for the `mode` property on the Drizzle DB instance, which is\n * `'sync'` or `'async'`.\n *\n * @param db The Drizzle database instance.\n * @param callback The function to execute within the transaction.\n */\nexport async function transaction<T>(\n  db: BaseSQLiteDatabase<'sync' | 'async', any, any>,\n  callback: (\n    tx: Omit<typeof db, 'transaction'>,\n  ) => Promise<T>,\n): Promise<T> {\n  const isAsync = (db as any).session?.mode === 'async' || (db as any).mode === 'async'\n\n  if (isAsync)\n    return db.transaction(callback)\n\n  db.run(sql`BEGIN`)\n  try {\n    const result = await callback(db)\n    db.run(sql`COMMIT`)\n    return result\n  }\n  catch (e) {\n    db.run(sql`ROLLBACK`)\n    throw e\n  }\n}\n"],"mappings":";AAEA,SAAS,UAAU;AACnB,SAAS,qBAAqB;AAC9B,SAAS,kBAAkB;AAE3B,SAAS,0BAA0B;;;ACL5B,SAAS,sBAA6B;AAC3C,QAAM,IAAI,MAAM,uCAAuC;AACzD;;;ACAA,SAAS,KAAK,UAAU;AA2BjB,SAAS,uBAId,IAAQ,OAAU,UAAsB;AAMxC,QAAM,SAAS,CAAC,QACd,MAAO,EAAE,GAAI,IAAY,IAAK;AAEhC,SAAO;AAAA,IACL,MAAM,QAAQ,IAAI;AAChB,YAAM,OAAO,MAAM,GAChB,OAAO,EACP,KAAK,KAA2B,EAChC,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC,EACtB,MAAM,CAAC,EACP,QAAQ;AACX,aAAO,OAAO,KAAK,CAAC,CAAuB;AAAA,IAC7C;AAAA,IAEA,MAAM,eAAe,OAAO;AAC1B,YAAM,OAAO,MAAM,GAChB,OAAO,EACP,KAAK,KAA2B,EAChC,MAAM,GAAG,MAAM,OAAO,KAAK,CAAC,EAC5B,MAAM,CAAC,EACP,QAAQ;AACX,aAAO,OAAO,KAAK,CAAC,CAAuB;AAAA,IAC7C;AAAA,IAEA,MAAM,iBAAiB,UAAU,mBAAmB;AAClD,YAAM,OAAO,MAAM,GAChB,OAAO,EACP,KAAK,KAA2B,EAChC,UAAU,UAAgC,GAAG,MAAM,IAAI,SAAS,MAAM,CAAC,EACvE,MAAM;AAAA,QACL,GAAG,SAAS,UAAU,QAAQ;AAAA,QAC9B,GAAG,SAAS,mBAAmB,iBAAiB;AAAA,MAClD,CAAC,EACA,MAAM,CAAC,EACP,QAAQ;AACX,YAAM,MAAM,KAAK,CAAC;AAClB,aAAO,OAAO,KAAK,KAAK;AAAA,IAC1B;AAAA,IAEA,MAAM,YAAY,QAAQ;AACxB,YAAM,OAAO,MAAM,GAChB,OAAO,EACP,KAAK,QAA8B,EACnC,MAAM,GAAG,SAAS,QAAQ,MAAM,CAAC,EACjC,QAAQ;AACX,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,mBAAmB,QAAQ;AAC/B,YAAM,OAAO,MAAM,GAChB,OAAO,EACP,KAAK,KAA2B,EAChC,SAAS,UAAgC,GAAG,MAAM,IAAI,SAAS,MAAM,CAAC,EACtE,MAAM,GAAG,MAAM,IAAI,MAAM,CAAC,EAC1B,QAAQ;AAEX,UAAI,CAAC,KAAK;AACR,eAAO;AAET,YAAM,OAAO,OAAQ,KAAK,CAAC,GAAsC,KAAK;AACtE,YAAM,WAAY,KACf,IAAI,CAAC,MAA4C,GAAG,QAAQ,EAC5D,OAAO,OAAO;AAEjB,aAAO,EAAE,MAAM,SAAS;AAAA,IAC1B;AAAA,IAEA,MAAM,WAAW,MAAe;AAC9B,YAAM,KAAK,KAAK,MAAM,OAAO,WAAW;AACxC,YAAM,CAAC,QAAQ,IAAI,MAAM,GACtB,OAAO,KAAK,EACZ,OAAO;AAAA,QACN,GAAG;AAAA,QACH;AAAA,QACA,MAAM,KAAK,QAAQ;AAAA,QACnB,OAAO,KAAK,SAAS;AAAA,QACrB,OAAO,KAAK,SAAS;AAAA,QACrB,eAAe,KAAK,iBAAiB;AAAA,QACrC,GAAI,MAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,KAAK,IAAI,CAAC;AAAA,QAChD,WAAW,oBAAI,KAAK;AAAA,QACpB,WAAW,oBAAI,KAAK;AAAA,MACtB,CAAiB,EAChB,UAAU,EACV,QAAQ;AAEX,aAAO,OAAO,QAAQ;AAAA,IACxB;AAAA,IAEA,MAAM,YAAY,MAAkB;AAClC,YAAM,GACH,OAAO,QAAQ,EACf,OAAO;AAAA,QACN,MAAM;AAAA,QACN,GAAG;AAAA,MACL,CAAoB,EACnB,QAAQ;AAAA,IACb;AAAA,IAEA,MAAM,cAAc,UAAU,mBAAmB;AAC/C,YAAM,GACH,OAAO,QAAQ,EACf,MAAM;AAAA,QACL,GAAG,SAAS,UAAU,QAAQ;AAAA,QAC9B,GAAG,SAAS,mBAAmB,iBAAiB;AAAA,MAClD,CAAC,EACA,QAAQ;AAAA,IACb;AAAA,IAEA,MAAM,cAAc,MAAM;AACxB,YAAM,GACH,OAAO,QAAQ,EACf,IAAI;AAAA,QACH,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK;AAAA,QACnB,WAAW,KAAK;AAAA,QAChB,SAAS,KAAK;AAAA,QACd,WAAW,KAAK;AAAA,QAChB,OAAO,KAAK;AAAA,MACd,CAA6B,EAC5B,MAAM;AAAA,QACL,GAAG,SAAS,QAAQ,KAAK,MAAM;AAAA,QAC/B,GAAG,SAAS,UAAU,KAAK,QAAQ;AAAA,QACnC,GAAG,SAAS,mBAAmB,KAAK,iBAAiB;AAAA,MACvD,CAAC,EACA,QAAQ;AAAA,IACb;AAAA,IAEA,MAAM,WAAW,SAAS;AACxB,YAAM,EAAE,IAAI,GAAG,KAAK,IAAI;AACxB,YAAM,CAAC,OAAO,IAAI,MAAM,GACrB,OAAO,KAAK,EACZ,IAAI;AAAA,QACH,GAAG;AAAA,QACH,WAAW,oBAAI,KAAK;AAAA,MACtB,CAA0B,EACzB,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC,EACtB,UAAU,EACV,QAAQ;AAEX,aAAO,OAAO,OAAO;AAAA,IACvB;AAAA,IAEA,MAAM,WAAW,IAAI;AACnB,YAAM,GACH,OAAO,KAAK,EACZ,MAAM,GAAG,MAAM,IAAI,EAAE,CAAC,EACtB,QAAQ;AAAA,IACb;AAAA,EACF;AACF;;;AC1LA,SAAS,OAAAA,MAAK,MAAAC,WAAU;;;ACFxB,SAAS,WAAW;AAYpB,eAAsB,YACpB,IACA,UAGY;AACZ,QAAM,UAAW,GAAW,SAAS,SAAS,WAAY,GAAW,SAAS;AAE9E,MAAI;AACF,WAAO,GAAG,YAAY,QAAQ;AAEhC,KAAG,IAAI,UAAU;AACjB,MAAI;AACF,UAAM,SAAS,MAAM,SAAS,EAAE;AAChC,OAAG,IAAI,WAAW;AAClB,WAAO;AAAA,EACT,SACO,GAAG;AACR,OAAG,IAAI,aAAa;AACpB,UAAM;AAAA,EACR;AACF;;;ADHO,SAAS,qBAId,IAAQ,OAAU,UAAsB;AAMxC,QAAM,SAAS,CAAC,QACd,MAAO,EAAE,GAAI,IAAY,IAAK;AAEhC,SAAO;AAAA,IACL,MAAM,QAAQ,IAAI;AAChB,YAAM,OAA2B,MAAM,GACpC,OAAO,EACP,KAAK,KAAK,EACV,MAAMC,IAAG,MAAM,IAAI,EAAE,CAAC,EACtB,IAAI;AACP,aAAO,OAAO,IAAI;AAAA,IACpB;AAAA,IAEA,MAAM,eAAe,OAAO;AAC1B,YAAM,OAA2B,MAAM,GACpC,OAAO,EACP,KAAK,KAAK,EACV,MAAMA,IAAG,MAAM,OAAO,KAAK,CAAC,EAC5B,IAAI;AACP,aAAO,OAAO,IAAI;AAAA,IACpB;AAAA,IAEA,MAAM,iBAAiB,UAAU,mBAAmB;AAClD,YAAM,SAA6B,MAAM,GACtC,OAAO,EACP,KAAK,KAAK,EACV,UAAU,UAAUA,IAAG,MAAM,IAAI,SAAS,MAAM,CAAC,EACjD,MAAMC,KAAID,IAAG,SAAS,UAAU,QAAQ,GAAGA,IAAG,SAAS,mBAAmB,iBAAiB,CAAC,CAAC,EAC7F,IAAI;AACP,aAAO,OAAO,QAAQ,KAAK;AAAA,IAC7B;AAAA,IAEA,MAAM,YAAY,QAAQ;AACxB,YAAM,WAAwB,MAAM,GACjC,OAAO,EACP,KAAK,QAAQ,EACb,MAAMA,IAAG,SAAS,QAAQ,MAAM,CAAC,EACjC,IAAI;AACP,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,mBAAmB,QAAQ;AAC/B,YAAM,SAAS,MAAM,GAClB,OAAO,EACP,KAAK,KAAK,EACV,MAAMA,IAAG,MAAM,IAAI,MAAM,CAAC,EAC1B,SAAS,UAAUA,IAAG,MAAM,IAAI,SAAS,MAAM,CAAC,EAChD,IAAI;AAEP,UAAI,CAAC,OAAO;AACV,eAAO;AAET,YAAM,OAAO,OAAO,OAAO,CAAC,EAAG,KAAK;AACpC,YAAM,WAAW,OACd,IAAI,SAAO,IAAI,QAAQ,EACvB,OAAO,OAAO;AAEjB,aAAO,EAAE,MAAM,SAAS;AAAA,IAC1B;AAAA,IAEA,MAAM,WAAW,MAAe;AAC9B,YAAM,KAAK,KAAK,MAAM,OAAO,WAAW;AACxC,aAAO,MAAM,YAAY,IAAI,OAAO,OAAO;AACzC,cAAM,GACH,OAAO,KAAK,EACZ,OAAO;AAAA,UACN,GAAG;AAAA,UACH;AAAA,UACA,MAAM,KAAK,QAAQ;AAAA,UACnB,OAAO,KAAK,SAAS;AAAA,UACrB,OAAO,KAAK,SAAS;AAAA,UACrB,eAAe,KAAK,iBAAiB;AAAA,UACrC,GAAI,MAAM,OAAO,EAAE,MAAM,KAAK,QAAQ,KAAK,IAAI,CAAC;AAAA,UAChD,WAAW,oBAAI,KAAK;AAAA,UACpB,WAAW,oBAAI,KAAK;AAAA,QACtB,CAAiB,EAChB,IAAI;AAEP,cAAM,SAA6B,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAMA,IAAG,MAAM,IAAI,EAAE,CAAC,EAAE,IAAI;AAC7F,eAAO,OAAO,MAAM;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,YAAY,MAAkB;AAClC,YAAM,GACH,OAAO,QAAQ,EACf,OAAO;AAAA,QACN,MAAM;AAAA,QACN,GAAG;AAAA,MACL,CAAoB,EACnB,IAAI;AAAA,IACT;AAAA,IAEA,MAAM,cAAc,UAAU,mBAAmB;AAC/C,YAAM,GACH,OAAO,QAAQ,EACf,MAAMC,KAAID,IAAG,SAAS,UAAU,QAAQ,GAAGA,IAAG,SAAS,mBAAmB,iBAAiB,CAAC,CAAC,EAC7F,IAAI;AAAA,IACT;AAAA,IAEA,MAAM,cAAc,MAAM;AACxB,YAAM,GACH,OAAO,QAAQ,EACf,IAAI;AAAA,QACH,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK;AAAA,QACnB,WAAW,KAAK;AAAA,QAChB,SAAS,KAAK;AAAA,QACd,WAAW,KAAK;AAAA,QAChB,OAAO,KAAK;AAAA,MACd,CAAC,EACA,MAAMC;AAAA,QACLD,IAAG,SAAS,QAAQ,KAAK,MAAM;AAAA,QAC/BA,IAAG,SAAS,UAAU,KAAK,QAAQ;AAAA,QACnCA,IAAG,SAAS,mBAAmB,KAAK,iBAAiB;AAAA,MACvD,CAAC,EACA,IAAI;AAAA,IACT;AAAA,IAEA,MAAM,WAAW,SAAS;AACxB,YAAM,EAAE,IAAI,GAAG,KAAK,IAAI;AACxB,aAAO,MAAM,YAAY,IAAI,OAAO,OAAO;AACzC,cAAM,GACH,OAAO,KAAK,EACZ,IAAI;AAAA,UACH,GAAG;AAAA,UACH,WAAW,oBAAI,KAAK;AAAA,QACtB,CAA0B,EACzB,MAAMA,IAAG,MAAM,IAAI,EAAE,CAAC,EACtB,IAAI;AAEP,cAAM,SAA6B,MAAM,GAAG,OAAO,EAAE,KAAK,KAAK,EAAE,MAAMA,IAAG,MAAM,IAAI,EAAE,CAAC,EAAE,IAAI;AAC7F,eAAO,OAAO,MAAM;AAAA,MACtB,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,WAAW,IAAI;AACnB,YAAM,GAAG,OAAO,KAAK,EAAE,MAAMA,IAAG,MAAM,IAAI,EAAE,CAAC,EAAE,IAAI;AAAA,IACrD;AAAA,EACF;AACF;;;AH1KO,SAAS,eAId,IAIA,OACA,UACS;AACT,MAAI,GAAG,IAAI,kBAAkB;AAC3B,WAAO,qBAAqB,IAAI,OAAO,QAAQ;AAEjD,MAAI,GAAG,IAAI,aAAa;AAEtB,WAAO,oBAAoB,IAAI,OAAO,QAAQ;AAEhD,MAAI,GAAG,IAAI,UAAU;AACnB,WAAO,uBAAuB,IAAI,OAAO,QAAQ;AAEnD,QAAM,IAAI;AAAA,IACR,8BAA8B,OAAO,EAAE;AAAA,EACzC;AACF;","names":["and","eq","eq","and"]}

package/dist/chunk-VQD3ROBK.js

@@ -0,0 +1 @@
+function e(e){return`${e.provider}:${e.providerAccountId}`}function t(){const t=new Map,n=new Map,r=new Map,s=new Map;return{getUser:async e=>t.get(e)??null,async getUserByEmail(e){const r=n.get(e);return r?t.get(r)??null:null},async getUserByAccount(n,s){const o=r.get(e({provider:n,providerAccountId:s}));return o?t.get(o)??null:null},async getAccounts(e){const t=[];for(const[n,o]of r.entries())if(o===e){const[r,o]=n.split(":"),c=s.get(n)??{};t.push({userId:e,provider:r,providerAccountId:o,...c})}return t},async getUserAndAccounts(e){const t=await this.getUser(e);if(!t)return null;return{user:t,accounts:await this.getAccounts(e)}},async createUser(e){const r=e.id??crypto.randomUUID(),s={...e,id:r,name:e.name??null,email:e.email??null,image:e.image??null,emailVerified:e.emailVerified??null,role:e.role??void 0};return t.set(r,s),s.email&&n.set(s.email,r),s},async linkAccount(t){const n=e(t);r.set(n,t.userId),s.set(n,{type:t.type,accessToken:t.accessToken,refreshToken:t.refreshToken,expiresAt:t.expiresAt,idToken:t.idToken,scope:t.scope,tokenType:t.tokenType,sessionState:t.sessionState})},async unlinkAccount(t,n){const o=e({provider:t,providerAccountId:n});r.delete(o),s.delete(o)},async updateAccount(t){const n=e({provider:t.provider,providerAccountId:t.providerAccountId});if(!r.has(n)||r.get(n)!==t.userId)return;const o=s.get(n)??{};s.set(n,{...o,...t})},async updateUser(e){const r=t.get(e.id);if(!r)throw new Error("User not found");const s={...r,...e};return t.set(s.id,s),r.email&&r.email!==s.email&&n.delete(r.email),s.email&&n.set(s.email,s.id),s},async deleteUser(e){const s=t.get(e);s?.email&&n.delete(s.email),t.delete(e);for(const[t,n]of r.entries())n===e&&r.delete(t)}}}export{t as MemoryAdapter};//# sourceMappingURL=chunk-VQD3ROBK.js.map

package/dist/chunk-VQD3ROBK.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/adapters/memory/index.ts"],"sourcesContent":["import type { Account, Adapter, NewAccount, NewUser, User } from '../../core/index'\n\ninterface InternalAccountKey {\n  provider: string\n  providerAccountId: string\n}\n\nfunction accountKey(k: InternalAccountKey): string {\n  return `${k.provider}:${k.providerAccountId}`\n}\n\nexport function MemoryAdapter(): Adapter {\n  const users = new Map<string, User>()\n  const usersByEmail = new Map<string, string>() // email -> userId\n  const accounts = new Map<string, string>() // accountKey -> userId\n  const accountData = new Map<string, Partial<Account>>() // accountKey -> stored account fields\n\n  return {\n    async getUser(id) {\n      return users.get(id) ?? null\n    },\n\n    async getUserByEmail(email) {\n      const id = usersByEmail.get(email)\n      if (!id)\n        return null\n      return users.get(id) ?? null\n    },\n\n    async getUserByAccount(provider, providerAccountId) {\n      const id = accounts.get(accountKey({ provider, providerAccountId }))\n      if (!id)\n        return null\n      return users.get(id) ?? null\n    },\n\n    async getAccounts(userId) {\n      const userAccounts: Account[] = []\n      for (const [key, accUserId] of accounts.entries()) {\n        if (accUserId === userId) {\n          const [provider, providerAccountId] = key.split(':') as [string, string]\n          const stored = accountData.get(key) ?? {}\n          userAccounts.push({ userId, provider, providerAccountId, ...stored })\n        }\n      }\n      return userAccounts\n    },\n\n    async getUserAndAccounts(userId) {\n      const user = await this.getUser(userId)\n      if (!user)\n        return null\n      const accounts = await this.getAccounts(userId)\n      return { user, accounts }\n    },\n\n    async createUser(data: NewUser) {\n      const id = data.id ?? crypto.randomUUID()\n      const user: User = {\n        ...data,\n        id,\n        name: data.name ?? null,\n        email: data.email ?? null,\n        image: data.image ?? null,\n        emailVerified: data.emailVerified ?? null,\n        role: data.role ?? undefined,\n      }\n      users.set(id, user)\n      if (user.email)\n        usersByEmail.set(user.email, id)\n      return user\n    },\n\n    async linkAccount(data: NewAccount) {\n      const key = accountKey(data)\n      accounts.set(key, data.userId)\n      accountData.set(key, {\n        type: data.type,\n        accessToken: data.accessToken,\n        refreshToken: data.refreshToken,\n        expiresAt: data.expiresAt,\n        idToken: data.idToken,\n        scope: data.scope,\n        tokenType: data.tokenType,\n        sessionState: data.sessionState,\n      })\n    },\n\n    async unlinkAccount(provider, providerAccountId) {\n      const key = accountKey({ provider, providerAccountId })\n      accounts.delete(key)\n      accountData.delete(key)\n    },\n\n    async updateAccount(data) {\n      const key = accountKey({ provider: data.provider, providerAccountId: data.providerAccountId })\n      if (!accounts.has(key) || accounts.get(key) !== data.userId)\n        return\n      const existing = accountData.get(key) ?? {}\n      accountData.set(key, { ...existing, ...data })\n    },\n\n    async updateUser(partial) {\n      const existing = users.get(partial.id)\n      if (!existing)\n        throw new Error('User not found')\n      const updated: User = { ...existing, ...partial }\n      users.set(updated.id, updated)\n      if (existing.email && existing.email !== updated.email)\n        usersByEmail.delete(existing.email)\n      if (updated.email)\n        usersByEmail.set(updated.email, updated.id)\n      return updated\n    },\n    async deleteUser(id) {\n      const user = users.get(id)\n      if (user?.email)\n        usersByEmail.delete(user.email)\n      users.delete(id)\n      for (const [key, userId] of accounts.entries()) {\n        if (userId === id)\n          accounts.delete(key)\n      }\n    },\n  }\n}\n"],"mappings":";AAOA,SAAS,WAAW,GAA+B;AACjD,SAAO,GAAG,EAAE,QAAQ,IAAI,EAAE,iBAAiB;AAC7C;AAEO,SAAS,gBAAyB;AACvC,QAAM,QAAQ,oBAAI,IAAkB;AACpC,QAAM,eAAe,oBAAI,IAAoB;AAC7C,QAAM,WAAW,oBAAI,IAAoB;AACzC,QAAM,cAAc,oBAAI,IAA8B;AAEtD,SAAO;AAAA,IACL,MAAM,QAAQ,IAAI;AAChB,aAAO,MAAM,IAAI,EAAE,KAAK;AAAA,IAC1B;AAAA,IAEA,MAAM,eAAe,OAAO;AAC1B,YAAM,KAAK,aAAa,IAAI,KAAK;AACjC,UAAI,CAAC;AACH,eAAO;AACT,aAAO,MAAM,IAAI,EAAE,KAAK;AAAA,IAC1B;AAAA,IAEA,MAAM,iBAAiB,UAAU,mBAAmB;AAClD,YAAM,KAAK,SAAS,IAAI,WAAW,EAAE,UAAU,kBAAkB,CAAC,CAAC;AACnE,UAAI,CAAC;AACH,eAAO;AACT,aAAO,MAAM,IAAI,EAAE,KAAK;AAAA,IAC1B;AAAA,IAEA,MAAM,YAAY,QAAQ;AACxB,YAAM,eAA0B,CAAC;AACjC,iBAAW,CAAC,KAAK,SAAS,KAAK,SAAS,QAAQ,GAAG;AACjD,YAAI,cAAc,QAAQ;AACxB,gBAAM,CAAC,UAAU,iBAAiB,IAAI,IAAI,MAAM,GAAG;AACnD,gBAAM,SAAS,YAAY,IAAI,GAAG,KAAK,CAAC;AACxC,uBAAa,KAAK,EAAE,QAAQ,UAAU,mBAAmB,GAAG,OAAO,CAAC;AAAA,QACtE;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,mBAAmB,QAAQ;AAC/B,YAAM,OAAO,MAAM,KAAK,QAAQ,MAAM;AACtC,UAAI,CAAC;AACH,eAAO;AACT,YAAMA,YAAW,MAAM,KAAK,YAAY,MAAM;AAC9C,aAAO,EAAE,MAAM,UAAAA,UAAS;AAAA,IAC1B;AAAA,IAEA,MAAM,WAAW,MAAe;AAC9B,YAAM,KAAK,KAAK,MAAM,OAAO,WAAW;AACxC,YAAM,OAAa;AAAA,QACjB,GAAG;AAAA,QACH;AAAA,QACA,MAAM,KAAK,QAAQ;AAAA,QACnB,OAAO,KAAK,SAAS;AAAA,QACrB,OAAO,KAAK,SAAS;AAAA,QACrB,eAAe,KAAK,iBAAiB;AAAA,QACrC,MAAM,KAAK,QAAQ;AAAA,MACrB;AACA,YAAM,IAAI,IAAI,IAAI;AAClB,UAAI,KAAK;AACP,qBAAa,IAAI,KAAK,OAAO,EAAE;AACjC,aAAO;AAAA,IACT;AAAA,IAEA,MAAM,YAAY,MAAkB;AAClC,YAAM,MAAM,WAAW,IAAI;AAC3B,eAAS,IAAI,KAAK,KAAK,MAAM;AAC7B,kBAAY,IAAI,KAAK;AAAA,QACnB,MAAM,KAAK;AAAA,QACX,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK;AAAA,QACnB,WAAW,KAAK;AAAA,QAChB,SAAS,KAAK;AAAA,QACd,OAAO,KAAK;AAAA,QACZ,WAAW,KAAK;AAAA,QAChB,cAAc,KAAK;AAAA,MACrB,CAAC;AAAA,IACH;AAAA,IAEA,MAAM,cAAc,UAAU,mBAAmB;AAC/C,YAAM,MAAM,WAAW,EAAE,UAAU,kBAAkB,CAAC;AACtD,eAAS,OAAO,GAAG;AACnB,kBAAY,OAAO,GAAG;AAAA,IACxB;AAAA,IAEA,MAAM,cAAc,MAAM;AACxB,YAAM,MAAM,WAAW,EAAE,UAAU,KAAK,UAAU,mBAAmB,KAAK,kBAAkB,CAAC;AAC7F,UAAI,CAAC,SAAS,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,MAAM,KAAK;AACnD;AACF,YAAM,WAAW,YAAY,IAAI,GAAG,KAAK,CAAC;AAC1C,kBAAY,IAAI,KAAK,EAAE,GAAG,UAAU,GAAG,KAAK,CAAC;AAAA,IAC/C;AAAA,IAEA,MAAM,WAAW,SAAS;AACxB,YAAM,WAAW,MAAM,IAAI,QAAQ,EAAE;AACrC,UAAI,CAAC;AACH,cAAM,IAAI,MAAM,gBAAgB;AAClC,YAAM,UAAgB,EAAE,GAAG,UAAU,GAAG,QAAQ;AAChD,YAAM,IAAI,QAAQ,IAAI,OAAO;AAC7B,UAAI,SAAS,SAAS,SAAS,UAAU,QAAQ;AAC/C,qBAAa,OAAO,SAAS,KAAK;AACpC,UAAI,QAAQ;AACV,qBAAa,IAAI,QAAQ,OAAO,QAAQ,EAAE;AAC5C,aAAO;AAAA,IACT;AAAA,IACA,MAAM,WAAW,IAAI;AACnB,YAAM,OAAO,MAAM,IAAI,EAAE;AACzB,UAAI,MAAM;AACR,qBAAa,OAAO,KAAK,KAAK;AAChC,YAAM,OAAO,EAAE;AACf,iBAAW,CAAC,KAAK,MAAM,KAAK,SAAS,QAAQ,GAAG;AAC9C,YAAI,WAAW;AACb,mBAAS,OAAO,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;","names":["accounts"]}

package/dist/chunk-VZVZ2KXR.js

@@ -0,0 +1 @@
+import{createJWTSignatureMessage as e,encodeJWT as t,JWSRegisteredHeaders as r,JWTRegisteredClaims as n,parseJWT as o}from"@oslojs/jwt";import{parse as s,serialize as i}from"cookie";var a={path:"/",sameSite:"lax",secure:!0,httpOnly:!0};function l(e){const t=new Map;if(e){const r=s(e);for(const e in r)t.set(e,r[e])}return t}var c=class{constructor(e,t){this.requestCookies=e,this.defaultOptions=t}#e=[];get(e){return this.requestCookies.get(e)}set(e,t,r){const n={...this.defaultOptions,...r};this.#e.push([e,t,n])}delete(e,t){this.set(e,"",{...t,expires:new Date(0),maxAge:0})}toHeaders(){const e=new Headers;for(const[t,r,n]of this.#e)e.append("Set-Cookie",i(t,r,n));return e}},u="__gau-csrf-token",d="__gau-session-token",f="__gau-session-strategy",h="__gau-linking-token",p="__gau-pkce-code-verifier",g="__gau-callback-uri",m="__gau-provider-options",w="__gau-client-challenge",y=600;import{serialize as k}from"cookie";function v(e){const t=l(e.headers.get("Cookie")).get(d);if(t)return{token:t,source:"cookie"};const r=e.headers.get("Authorization");return r?.startsWith("Bearer ")?{token:r.substring(7),source:"bearer"}:{}}function A({adapter:e,providers:t,basePath:r="/api/auth",jwt:n={},session:o={},cookies:s={},onOAuthExchange:i,mapExternalProfile:l,onBeforeLinkAccount:c,onAfterLinkAccount:u,trustHosts:f=[],autoLink:h="verifiedEmail",allowDifferentEmails:p=!0,updateUserInfoOnLink:g=!1,roles:m={},cors:w=!0,profiles:y}){const{algorithm:A="ES256",secret:S,iss:b,aud:T,ttl:x=604800}=n,E={...a,...s},U=o.strategy??"auto";if("ES256"===A&&void 0!==S&&"string"!=typeof S)throw new F("For ES256, the secret option must be a string.");const C=new Map(t.map(e=>[e.id,e])),H=!1!==w&&{allowedOrigins:(!0===w?"all":w.allowedOrigins)??"all",allowCredentials:(!0===w||w.allowCredentials)??!0,allowedHeaders:(!0===w?void 0:w.allowedHeaders)??["Content-Type","Authorization","Cookie"],allowedMethods:(!0===w?void 0:w.allowedMethods)??["GET","POST","OPTIONS"],exposeHeaders:!0===w?void 0:w.exposeHeaders,maxAge:!0===w?void 0:w.maxAge},O=y??{},I={defaultRole:m.defaultRole??"user",resolveOnCreate:m.resolveOnCreate,adminRoles:m.adminRoles??["admin"],adminUserIds:m.adminUserIds??[]};async function P(e,t={}){return B(e,function(e={}){const t={ttl:e.ttl,iss:e.iss??b,aud:e.aud??T,sub:e.sub};if("HS256"===A)return{algorithm:A,secret:e.secret??S,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new F("For ES256, the secret option must be a string.");const r=e.secret??S;return{algorithm:A,privateKey:e.privateKey,secret:r,...t}}}(t))}async function L(e,t={}){const r=function(e={}){const t={iss:e.iss??b,aud:e.aud??T};if("HS256"===A)return{algorithm:A,secret:e.secret??S,...t};{if(void 0!==e.secret&&"string"!=typeof e.secret)throw new F("For ES256, the secret option must be a string.");const r=e.secret??S;return{algorithm:A,publicKey:e.publicKey,secret:r,...t}}}(t);try{return await D(e,r)}catch{return null}}async function M(e,t={},r=x){return P({sub:e,...t},{ttl:r})}async function R(e,t={}){const{data:r={},ttl:n=x}=t,o=await M(e,r,n),s={...E,maxAge:n};return{token:o,cookie:k(d,o,s),cookieName:d,maxAge:n}}return{...e,providerMap:C,basePath:r,cookieOptions:E,jwt:{ttl:x},onOAuthExchange:i,mapExternalProfile:l,onBeforeLinkAccount:c,onAfterLinkAccount:u,signJWT:P,verifyJWT:L,createSession:M,validateSession:async function(t){const r=await L(t);if(!r)return null;const n=await e.getUserAndAccounts(r.sub);if(!n)return null;const{user:o,accounts:s}=n,i=Boolean(o&&(o.role&&I.adminRoles.includes(o.role)||I.adminUserIds.length>0&&I.adminUserIds.includes(o.id)));return{user:o?{...o,isAdmin:i}:null,session:{id:t,...r},accounts:s}},issueSession:R,refreshSession:async function(t,r={}){let n,o;if("string"==typeof t)n=t,o="token";else{const e=v(t);if(!e.token||!e.source)return null;n=e.token,o=e.source}const s=await L(n);if(!s||!s.sub)return null;if(null!=r.threshold&&r.threshold>0&&r.threshold<1){const{iat:e}=s;if(e){if(Math.floor(Date.now()/1e3)-e<(r.ttl??x)*r.threshold)return null}}if(!await e.getUser(s.sub))return null;const{sub:i,iat:a,exp:l,iss:c,aud:u,nbf:d,jti:f,...h}=s;return{...await R(s.sub,{data:h,ttl:r.ttl}),source:o}},getAccessToken:async function(t,r){const n=C.get(r);if(!n)return null;const o=(await e.getAccounts(t)).find(e=>e.provider===r);if(!o||!o.accessToken)return null;const s=Math.floor(Date.now()/1e3);if(!("number"==typeof o.expiresAt&&o.expiresAt<=s))return{accessToken:o.accessToken,expiresAt:o.expiresAt??null};if(!o.refreshToken||!n.refreshAccessToken)return null;try{const r=await n.refreshAccessToken(o.refreshToken,{}),s={userId:t,provider:o.provider,providerAccountId:o.providerAccountId,accessToken:r.accessToken??o.accessToken,refreshToken:r.refreshToken??o.refreshToken,expiresAt:r.expiresAt??null,idToken:r.idToken??o.idToken??null,tokenType:r.tokenType??o.tokenType??null,scope:r.scope??o.scope??null};return await(e.updateAccount?.(s)),{accessToken:s.accessToken,expiresAt:s.expiresAt}}catch{return null}},trustHosts:f,autoLink:h,allowDifferentEmails:p,profiles:O,updateUserInfoOnLink:g,sessionStrategy:U,development:!1,roles:I,cors:H}}async function S(e,t){if(e&&"function"==typeof e.onAfterLinkAccount)try{await e.onAfterLinkAccount(t)}catch(e){console.error("onAfterLinkAccount hook error:",e)}}async function b(e,t,r){const n=t.providerMap.get(r);if(!n)return J({error:"Provider not found"},{status:400});const o=new URL(e.url),s=o.searchParams.get("code"),i=o.searchParams.get("state"),a=o.searchParams.get("error");if(!s||!i||a){let e="/";if(i&&i.includes("."))try{const t=i.split(".")[1];e=atob(t??"")||"/"}catch{e="/"}const t=`<!DOCTYPE html>\n<html lang="en">\n<head>\n  <meta charset="utf-8" />\n  <title>Authentication Cancelled</title>\n  <style>\n    body {\n      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";\n      background-color: #09090b;\n      color: #fafafa;\n      display: flex;\n      justify-content: center;\n      align-items: center;\n      height: 100vh;\n      margin: 0;\n      text-align: center;\n    }\n    .card {\n      background-color: #18181b;\n      border: 1px solid #27272a;\n      border-radius: 0.75rem;\n      padding: 2rem;\n      max-width: 320px;\n    }\n    h1 {\n      font-size: 1.25rem;\n      font-weight: 600;\n      margin: 0 0 0.5rem;\n    }\n    p {\n      margin: 0;\n      color: #a1a1aa;\n    }\n  </style>\n  <script>\n    window.onload = function() {\n      const url = ${JSON.stringify(e)};\n      window.location.href = url;\n      setTimeout(window.close, 500);\n    };\n  <\/script>\n</head>\n<body>\n  <div class="card">\n    <h1>Authentication Cancelled</h1>\n    <p>Redirecting you back to the app...</p>\n  </div>\n</body>\n</html>`;return new Response(t,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}})}const f=l(e.headers.get("Cookie")),y=new c(f,t.cookieOptions);let k,v="/";if(i.includes(".")){const[e,t]=i.split(".");k=e;try{v=atob(t??"")||"/"}catch{v="/"}}else k=i;const A=y.get(u);if(!A||A!==k)return J({error:"Invalid CSRF token"},{status:403});const b=y.get(p);if(!b)return J({error:"Missing PKCE code verifier"},{status:400});const T=y.get(g),x=y.get(m);let E;if(x)try{const e=atob(x),t=JSON.parse(e);E=t?.overrides}catch{}const U=y.get(h);U&&y.delete(h);const C=!!U;if(C){if(!await t.validateSession(U)){y.delete(u),y.delete(p),T&&y.delete(g),y.delete(m);const e=_(v);return y.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}const{user:H,tokens:O}=await n.validateCallback(s,b,T??void 0,E);{const n=C?await t.validateSession(U):null,o=await async function(e,t){if(!e||"function"!=typeof e.onOAuthExchange)return{handled:!1};try{const r=await e.onOAuthExchange(t);return r&&"object"==typeof r?r:{handled:!1}}catch(e){return console.error("onOAuthExchange hook error:",e),{handled:!1}}}(t,{request:e,providerId:r,state:i,code:s,codeVerifier:b,callbackUri:T,redirectTo:v,cookies:y,providerUser:H,tokens:O,isLinking:C,sessionUserId:n?.user?.id});if(o.handled){y.delete(u),y.delete(p),T&&y.delete(g),y.delete(m);const e=o.response;return y.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}const I=await async function(e,t){if(!e||"function"!=typeof e.mapExternalProfile)return t.providerUser;try{const r=await e.mapExternalProfile(t);return r?{...t.providerUser,...r}:t.providerUser}catch(e){return console.error("mapExternalProfile hook error:",e),t.providerUser}}(t,{request:e,providerId:r,providerUser:H,tokens:O,isLinking:C});if(!C&&!0===t.providerMap.get(r)?.linkOnly){y.delete(u),y.delete(p),T&&y.delete(g),y.delete(m);const e=J({error:"Sign-in with this provider is disabled. Please link it to an existing account."},{status:400});return y.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}let P=null;const L=await t.getUserByAccount(r,I.id);if(C){if(P=(await t.validateSession(U)).user,!P)return J({error:"User not found"},{status:404});if(L&&L.id!==P.id)return J({error:"Account already linked to another user"},{status:409});if(!1===t.allowDifferentEmails){const e=P.email,t=I.email;if(e&&t&&e!==t)return J({error:"Email mismatch between existing account and provider"},{status:400})}if(P){const e={id:P.id};let r=!1;if(t.updateUserInfoOnLink?(I.name&&I.name!==P.name&&(e.name=I.name,r=!0),I.avatar&&I.avatar!==P.image&&(e.image=I.avatar,r=!0)):(!P.name&&I.name&&(e.name=I.name,r=!0),!P.image&&I.avatar&&(e.image=I.avatar,r=!0)),P.email&&I.email&&P.email===I.email&&!0===I.emailVerified&&(!P.emailVerified||t.updateUserInfoOnLink)&&(e.emailVerified=!0,r=!0),r)try{P=await t.updateUser(e)}catch(e){console.error("Failed to update user info on link:",e)}}}else P=L;if(!P){const n=t.autoLink??"verifiedEmail";if(I.email&&("always"===n||"verifiedEmail"===n&&!0===I.emailVerified)){const e=await t.getUserByEmail(I.email);e&&(P=I.emailVerified&&!e.emailVerified?await t.updateUser({id:e.id,emailVerified:!0}):e)}if(!P)try{if(I.email&&!0===I.emailVerified&&!1===t.autoLink){if(await t.getUserByEmail(I.email))return J({error:"An account with this email already exists. Sign in with the existing method or link the provider."},{status:409})}let n;try{n=t.roles.resolveOnCreate?.({providerId:r,profile:I,request:e})}catch(e){console.error("roles.resolveOnCreate threw:",e)}const o=!0===I.emailVerified?I.email:null;P=await t.createUser({name:I.name,email:o,image:I.avatar,emailVerified:I.emailVerified,role:n??t.roles.defaultRole})}catch(e){return console.error("Failed to create user:",e),J({error:"Failed to create user"},{status:500})}}if(P&&I.email){const{email:e,emailVerified:r}=P,{email:n,emailVerified:o}=I,s={id:P.id};let i=!1;if(e||!0!==o?e!==n||!0!==o||r||(s.emailVerified=!0,i=!0):(s.email=n,s.emailVerified=!0,i=!0),i)try{P=await t.updateUser(s)}catch(e){console.error("Failed to update user after sign-in:",e)}}if(L)try{const n=(await t.getAccounts(P.id)).find(e=>e.provider===r&&e.providerAccountId===I.id);if(n&&t.updateAccount){let o,s,i,a;try{o=O.refreshToken()}catch{o=n.refreshToken??null}try{const e=O.accessTokenExpiresAt();e&&(s=Math.floor(e.getTime()/1e3))}catch{s=n.expiresAt??void 0}try{i=O.idToken()}catch{i=n.idToken??null}try{a=O.scopes()?.join(" ")??n.scope??null}catch{a=n.scope??null}await t.updateAccount({userId:P.id,provider:r,providerAccountId:I.id,accessToken:O.accessToken()??n.accessToken??void 0,refreshToken:o,expiresAt:s??n.expiresAt??void 0,tokenType:O.tokenType?.()??n.tokenType??null,scope:a,idToken:i}),await S(t,{request:e,providerId:r,userId:P.id,providerUser:I,tokens:O,action:"update"})}}catch(e){console.error("Failed to update account tokens on sign-in:",e)}else{let n,o,s;try{n=O.refreshToken()}catch{n=null}try{const e=O.accessTokenExpiresAt();e&&(o=Math.floor(e.getTime()/1e3))}catch{}try{s=O.idToken()}catch{s=null}{const n=await async function(e,t){if(!e||"function"!=typeof e.onBeforeLinkAccount)return{allow:!0};try{return await e.onBeforeLinkAccount(t)||{allow:!0}}catch(e){return console.error("onBeforeLinkAccount hook error:",e),{allow:!0}}}(t,{request:e,providerId:r,userId:P.id,providerUser:I,tokens:O});if(!1===n.allow){const e=n.response??J({error:"Linking not allowed"},{status:403});return y.toHeaders().forEach((t,r)=>e.headers.append(r,t)),e}}try{let i;try{i=O.scopes()?.join(" ")??null}catch{i=null}await t.linkAccount({userId:P.id,provider:r,providerAccountId:I.id,accessToken:O.accessToken(),refreshToken:n,expiresAt:o,tokenType:O.tokenType?.()??null,scope:i,idToken:s}),await S(t,{request:e,providerId:r,userId:P.id,providerUser:I,tokens:O,action:"link"})}catch(e){return console.error("Error linking account:",e),J({error:"Failed to link account"},{status:500})}}const M=await t.createSession(P.id),R=new URL(e.url),j=new URL(v,e.url),N="token"===t.sessionStrategy,V="cookie"===t.sessionStrategy,F="http:"!==j.protocol&&"https:"!==j.protocol,K=R.host!==j.host;if(N||!V&&(F||K)){const e=new URL(j),r=y.get(w);if(!r)return J({error:"Missing PKCE challenge"},{status:400});{const n=await t.signJWT({sub:P.id,challenge:r},{ttl:60});e.searchParams.set("code",n)}const n=`<!DOCTYPE html>\n<html lang="en">\n<head>\n  <meta charset="utf-8" />\n  <title>Authentication Complete</title>\n  <style>\n    body {\n      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";\n      background-color: #09090b;\n      color: #fafafa;\n      display: flex;\n      justify-content: center;\n      align-items: center;\n      height: 100vh;\n      margin: 0;\n      text-align: center;\n    }\n    .card {\n      background-color: #18181b;\n      border: 1px solid #27272a;\n      border-radius: 0.75rem;\n      padding: 2rem;\n      max-width: 320px;\n    }\n    h1 {\n      font-size: 1.25rem;\n      font-weight: 600;\n      margin: 0 0 0.5rem;\n    }\n    p {\n      margin: 0;\n      color: #a1a1aa;\n    }\n  </style>\n  <script>\n    window.onload = function() {\n      const url = ${JSON.stringify(e.toString())};\n      window.location.href = url;\n      setTimeout(window.close, 500);\n    };\n  <\/script>\n</head>\n<body>\n  <div class="card">\n    <h1>Authentication Successful</h1>\n    <p>You can now close this window.</p>\n  </div>\n</body>\n</html>`;y.delete(u),y.delete(p),T&&y.delete(g),y.delete(m),y.delete(w);const o=new Response(n,{status:200,headers:{"Content-Type":"text/html; charset=utf-8"}});return y.toHeaders().forEach((e,t)=>{o.headers.append(t,e)}),o}y.set(d,M,{maxAge:t.jwt.ttl,sameSite:t.development?"lax":"none",secure:!t.development}),y.delete(u),y.delete(p),T&&y.delete(g),y.delete(m);let W;if("false"===o.searchParams.get("redirect")){const e=await t.getAccounts(P.id),r=Boolean(P.role&&t.roles.adminRoles.includes(P.role)||t.roles.adminUserIds.includes(P.id));W=J({user:{...P,isAdmin:r,accounts:e}})}else W=_(v);return y.toHeaders().forEach((e,t)=>{W.headers.append(t,e)}),W}function T(e,t){if(!1===t.cors)return!1;const r=t.cors;if("all"===r.allowedOrigins)return!0;if("trust"===r.allowedOrigins){if("all"===t.trustHosts)return!0;try{const r=new URL(e);return t.trustHosts.includes(r.host)||t.trustHosts.includes(r.hostname)}catch{return!1}}if(r.allowedOrigins.includes("*"))return!0;try{const t=new URL(e);return r.allowedOrigins.includes(e)||r.allowedOrigins.includes(t.origin)||r.allowedOrigins.includes(t.host)||r.allowedOrigins.includes(t.hostname)}catch{return r.allowedOrigins.includes(e)}}function x(e,t,r){if(!1===r.cors)return t;const n=e.headers.get("Origin")||e.headers.get("origin");if(!n)return t;if(!T(n,r))return t;const o=r.cors;t.headers.set("Vary","Origin");const s=o.allowCredentials,i="all"!==o.allowedOrigins||s?n:"*";return t.headers.set("Access-Control-Allow-Origin",i),s&&t.headers.set("Access-Control-Allow-Credentials","true"),t.headers.set("Access-Control-Allow-Headers",o.allowedHeaders.join(", ")),t.headers.set("Access-Control-Allow-Methods",o.allowedMethods.join(", ")),o.exposeHeaders?.length&&t.headers.set("Access-Control-Expose-Headers",o.exposeHeaders.join(", ")),t}function E(e,t){if(!1===t.cors)return new Response(null,{status:204});const r=e.headers.get("Origin")||e.headers.get("origin"),n=t.cors,o={};if(r&&T(r,t)){const e=n.allowCredentials,t="all"!==n.allowedOrigins||e?r:"*";o["Access-Control-Allow-Origin"]=t,e&&(o["Access-Control-Allow-Credentials"]="true")}return o["Access-Control-Allow-Headers"]=n.allowedHeaders.join(", "),o["Access-Control-Allow-Methods"]=n.allowedMethods.join(", "),null!=n.maxAge&&(o["Access-Control-Max-Age"]=String(n.maxAge)),n.exposeHeaders?.length&&(o["Access-Control-Expose-Headers"]=n.exposeHeaders.join(", ")),new Response(null,{status:204,headers:o})}import{generateCodeVerifier as U,generateState as C}from"arctic";function H(e,t,r){if("all"===t)return!0;const n=e.headers.get("origin");if(!n)return!1;let o;try{o=new URL(n).host}catch{return!1}if(r){if(o.startsWith("localhost")||o.startsWith("127.0.0.1"))return!0}const s=new URL(e.url),i=s.host;return n===`${s.protocol}//${i}`||t.includes(o)}async function O(e,t,r,n){const o=t.providerMap.get(r);if(!o)return J({error:"Provider not found"},{status:400});const{state:s,codeVerifier:i}={state:C(),codeVerifier:U()},a=new URL(e.url),d=a.searchParams.get("redirectTo"),f=a.searchParams.get("profile"),y=a.searchParams.get("prompt");if(d){let r;try{if(d.startsWith("//"))throw new Error("Protocol-relative URL not allowed");r=new URL(d,a.origin)}catch{return J({error:'Invalid "redirectTo" URL'},{status:400})}const n=r.host,o=n===new URL(e.url).host,s="all"===t.trustHosts||t.trustHosts.includes(n);if(("http:"===r.protocol||"https:"===r.protocol)&&!o&&!s)return J({error:"Untrusted redirect host"},{status:400})}const k=d?`${s}.${btoa(d)}`:s;let v,A,S,b,T=a.searchParams.get("callbackUri");if(!T&&o.requiresRedirectUri&&(T=`${a.origin}${t.basePath}/callback/${r}`),f){const e=(t.profiles?.[r]??{})[f];if(!e)return J({error:`Unknown profile "${f}" for provider "${r}"`},{status:400});e.redirectUri&&(T=e.redirectUri),e.scopes&&(v=e.scopes),e.params&&(A={...e.params??{}});const{tenant:o,prompt:s}=e;if(null==o&&null==s||(S={...S??{},tenant:o,prompt:s}),!n&&!0===e.linkOnly)return J({error:"This profile is link-only. Please link it to an existing account."},{status:400})}if(y&&(A={...A??{},prompt:y}),!n&&!0===o.linkOnly)return J({error:"Sign-in with this provider is disabled. Please link it to an existing account."},{status:400});try{b=await o.getAuthorizationUrl(k,i,{redirectUri:T??void 0,scopes:v,params:A,overrides:S})}catch(e){console.error("Error getting authorization URL:",e),b=null}if(!b)return J({error:"Could not create authorization URL"},{status:500});const x=l(e.headers.get("Cookie")),E=new c(x,t.cookieOptions),H={maxAge:600,sameSite:t.development?"lax":"none",secure:!t.development};E.set(u,s,H),E.set(p,i,H),n?E.set(h,n,H):E.delete(h,{sameSite:t.development?"lax":"none",secure:!t.development}),T&&E.set(g,T,H);const O=JSON.stringify({params:A??{},overrides:S??{}});E.set(m,btoa(O),H);const I=a.searchParams.get("code_challenge");I&&E.set(w,I,H);if("false"===a.searchParams.get("redirect")){const e=J({url:b.toString()});return E.toHeaders().forEach((t,r)=>{e.headers.append(r,t)}),e}const P=_(b.toString());return E.toHeaders().forEach((e,t)=>{P.headers.append(t,e)}),P}async function I(e,t,r){const n=new URL(e.url);let o=v(e).token;if(o||(o=n.searchParams.get("token")??void 0),!o)return J({error:"Unauthorized"},{status:401});if(!await t.validateSession(o))return J({error:"Unauthorized"},{status:401});n.searchParams.delete("token");return O(new Request(n.toString(),e),t,r,o)}async function P(e,t,r){const n=v(e).token;if(!n)return J({error:"Unauthorized"},{status:401});const o=await t.validateSession(n);if(!o||!o.user)return J({error:"Unauthorized"},{status:401});const s=o.accounts??[];if(s.length<=1)return J({error:"Cannot unlink the last account"},{status:400});const i=s.find(e=>e.provider===r);if(!i)return J({error:`Provider "${r}" not linked to this account`},{status:400});await t.unlinkAccount(r,i.providerAccountId);if((await t.getAccounts(o.user.id)).length>0&&o.user.email)try{await t.updateUser({id:o.user.id,email:null,emailVerified:!1})}catch(e){console.error("Failed to clear stale email after unlinking:",e)}return J({message:"Account unlinked successfully"})}async function L(e,t,r){return O(e,t,r,null)}async function M(e,t){const r=l(e.headers.get("Cookie")),n=new c(r,t.cookieOptions);n.delete(d,{sameSite:t.development?"lax":"none",secure:!t.development}),n.delete(h,{sameSite:t.development?"lax":"none",secure:!t.development});const o=J({message:"Signed out"});return n.toHeaders().forEach((e,t)=>{o.headers.append(t,e)}),o}async function R(e,t){const{token:r}=v(e),n=Array.from(t.providerMap.keys());if(!r)return J({...V,providers:n});try{const e=await t.validateSession(r);return e?J({...e,providers:n}):J({...V,providers:n},{status:401})}catch(e){return console.error("Error validating session:",e),J({error:"Failed to validate session"},{status:500})}}async function j(e,t){if("POST"!==e.method)return J({error:"Method not allowed"},{status:405});let r;try{r=await e.json()}catch{return J({error:"Invalid JSON body"},{status:400})}const{code:n,codeVerifier:o}=r;if(!n||!o)return J({error:"Missing code or codeVerifier"},{status:400});const s=await t.verifyJWT(n);if(!s)return J({error:"Invalid or expired code"},{status:400});const{sub:i,challenge:a}=s,l=(new TextEncoder).encode(o),c=await crypto.subtle.digest("SHA-256",l),u=Array.from(new Uint8Array(c));if(a!==btoa(String.fromCharCode(...u)).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,""))return J({error:"Invalid code verifier"},{status:400});return J({token:await t.createSession(i)})}function N(e){const{basePath:t}=e;return async function(r){if("OPTIONS"===r.method)return E(r,e);const n=new URL(r.url);if(!n.pathname.startsWith(t))return x(r,J({error:"Not Found"},{status:404}),e);if("POST"===r.method&&!H(r,e.trustHosts,e.development)){if(e.development){const t=r.headers.get("origin")??"N/A";return x(r,J({error:"Forbidden",message:`Untrusted origin: '${t}'. Add this origin to 'trustHosts' in createAuth() or ensure you are using 'localhost' or '127.0.0.1' for development.`},{status:403}),e)}return x(r,J({error:"Forbidden"},{status:403}),e)}const o=n.pathname.substring(t.length).split("/").filter(Boolean),s=o[0];if(!s)return x(r,J({error:"Not Found"},{status:404}),e);let i;i="GET"===r.method?"session"===s?await R(r,e):2===o.length&&"link"===o[0]?await I(r,e,o[1]):2===o.length&&"callback"===o[0]?await b(r,e,o[1]):1===o.length?await L(r,e,s):J({error:"Not Found"},{status:404}):"POST"===r.method?1===o.length&&"signout"===s?await M(r,e):1===o.length&&"token"===s?await j(r,e):2===o.length&&"unlink"===o[0]?await P(r,e,o[1]):J({error:"Not Found"},{status:404}):J({error:"Method Not Allowed"},{status:405});try{i.headers.set("Cache-Control","no-store, private"),i.headers.set("Pragma","no-cache"),i.headers.set("Expires","0")}catch{}return x(r,i,e)}}var V={user:null,session:null,accounts:null},F=class extends Error{cause;constructor(e,t){super(e),this.name="AuthError",this.cause=t}};function J(e,t={}){const r=new Headers(t.headers);return r.has("Content-Type")||r.set("Content-Type","application/json; charset=utf-8"),new Response(JSON.stringify(e),{...t,headers:r})}function _(e,t=302){return new Response(null,{status:t,headers:{Location:e}})}var K="X-Refreshed-Token";async function W(e){try{const t=function(e){const t=e.replace(/-/g,"+").replace(/_/g,"/"),r=(4-t.length%4)%4,n=t.padEnd(t.length+r,"=");try{const e=atob(n),t=e.length,r=new Uint8Array(t);for(let n=0;n<t;n++)r[n]=e.charCodeAt(n);return r}catch{throw new F("Invalid base64url string")}}(e),r=await crypto.subtle.importKey("pkcs8",t.slice(),{name:"ECDSA",namedCurve:"P-256"},!0,["sign"]),n=await crypto.subtle.exportKey("jwk",r);delete n.d,n.key_ops=["verify"];return{privateKey:r,publicKey:await crypto.subtle.importKey("jwk",n,{name:"ECDSA",namedCurve:"P-256"},!0,["verify"])}}catch(e){if(e instanceof F)throw e;throw new F("Invalid secret. Must be a base64url-encoded PKCS#8 private key for ES256. Use `bunx gau secret` to generate one.",e)}}async function B(r,n={}){let{algorithm:o="ES256",ttl:s,iss:i,aud:a,sub:l,privateKey:c,secret:u}=n;if("ES256"===o){if(!c){if("string"!=typeof u)throw new F("Missing secret for ES256 signing. It must be a base64url-encoded string.");({privateKey:c}=await W(u))}}else if("HS256"===o&&!u)throw new F("Missing secret for HS256 signing");const d=Math.floor(Date.now()/1e3),f={iat:d,iss:i,aud:a,sub:l,...r};null!=s&&s>0&&(f.exp=d+s);const h="HS256"===o,p=h?"HS256":"ES256",g=JSON.stringify({alg:p,typ:"JWT"}),m=JSON.stringify(f),w=e(g,m);let y;if(h){const e="string"==typeof u?(new TextEncoder).encode(u):u,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);y=new Uint8Array(await crypto.subtle.sign("HMAC",t,w))}else y=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},c,w));return t(g,m,y)}async function D(e,t){let{algorithm:s="ES256",publicKey:i,secret:a,iss:l,aud:c}=t;if("ES256"===s&&!i){if("string"!=typeof a)throw new F("Missing secret for ES256 verification. Must be a base64url-encoded string.");({publicKey:i}=await W(a))}if("HS256"===s&&!a)throw new F("Missing secret for HS256 verification");const[u,d,f,h]=o(e),p=new r(u).algorithm();let g=!1;if("HS256"===s){if("HS256"!==p)throw new Error(`JWT algorithm is "${p}", but verifier was configured for "HS256"`);const e="string"==typeof a?(new TextEncoder).encode(a):a,t=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:"SHA-256"},!1,["sign"]);g=function(e,t){let r=e.length^t.length;const n=Math.max(e.length,t.length);for(let o=0;o<n;o++)r|=(e[o]??0)^(t[o]??0);return 0===r}(new Uint8Array(await crypto.subtle.sign("HMAC",t,h)),new Uint8Array(f))}else{if("ES256"!==p)throw new F(`JWT algorithm is "${p}", but verifier was configured for "ES256"`);const e=new Uint8Array(f);if(g=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,e,h),!g&&64===e.length)try{const t=function(e){if(64!==e.length)throw new Error("Invalid raw signature length");let t=e.slice(0,32),r=e.slice(32),n=0;for(;n<t.length-1&&0===t[n];)n++;t=t.slice(n);let o=0;for(;o<r.length-1&&0===r[o];)o++;if(r=r.slice(o),t.length>0&&128&t[0]){const e=new Uint8Array(t.length+1);e[0]=0,e.set(t,1),t=e}if(r.length>0&&128&r[0]){const e=new Uint8Array(r.length+1);e[0]=0,e.set(r,1),r=e}const s=t.length,i=r.length,a=2+s+2+i,l=new Uint8Array(2+a);return l[0]=48,l[1]=a,l[2]=2,l[3]=s,l.set(t,4),l[4+s]=2,l[5+s]=i,l.set(r,6+s),l}(e);g=await crypto.subtle.verify({name:"ECDSA",hash:"SHA-256"},i,t,h)}catch{g=!1}}if(!g)throw new F("Invalid JWT signature");const m=new n(d);if(m.hasExpiration()&&!m.verifyExpiration())throw new F("JWT expired");if(m.hasNotBefore()&&!m.verifyNotBefore())throw new F("JWT not yet valid");if(l&&d.iss!==l)throw new F("Invalid JWT issuer");if(c){const e=Array.isArray(c)?c:[c],t=d.aud?Array.isArray(d.aud)?d.aud:[d.aud]:[];if(!e.some(e=>t.includes(e)))throw new F("Invalid JWT audience")}return d}export{a as DEFAULT_COOKIE_SERIALIZE_OPTIONS,l as parseCookies,c as Cookies,u as CSRF_COOKIE_NAME,d as SESSION_COOKIE_NAME,f as SESSION_STRATEGY_COOKIE_NAME,h as LINKING_TOKEN_COOKIE_NAME,p as PKCE_COOKIE_NAME,g as CALLBACK_URI_COOKIE_NAME,m as PROVIDER_OPTIONS_COOKIE_NAME,w as CLIENT_CHALLENGE_COOKIE_NAME,y as CSRF_MAX_AGE,B as sign,D as verify,v as getSessionTokenFromRequest,A as createAuth,b as handleCallback,x as applyCors,E as handlePreflight,H as verifyRequestOrigin,I as handleLink,P as handleUnlink,L as handleSignIn,M as handleSignOut,R as handleSession,j as handleToken,N as createHandler,V as NULL_SESSION,F as AuthError,J as json,_ as redirect,K as REFRESHED_TOKEN_HEADER};//# sourceMappingURL=chunk-VZVZ2KXR.js.map