@run402/functions 3.0.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/errors.d.ts +30 -1
- package/dist/auth/errors.d.ts.map +1 -1
- package/dist/auth/errors.js +56 -0
- package/dist/auth/errors.js.map +1 -1
- package/dist/auth/index.d.ts +61 -3
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +399 -25
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/types.d.ts +67 -0
- package/dist/auth/types.d.ts.map +1 -1
- package/dist/index.d.ts +3 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/actor-context-verify.d.ts +17 -0
- package/dist/lib/actor-context-verify.d.ts.map +1 -1
- package/dist/lib/actor-context-verify.js +84 -5
- package/dist/lib/actor-context-verify.js.map +1 -1
- package/dist/runtime-context.d.ts +10 -1
- package/dist/runtime-context.d.ts.map +1 -1
- package/dist/runtime-context.js +47 -12
- package/dist/runtime-context.js.map +1 -1
- package/package.json +2 -2
package/dist/auth/index.js
CHANGED
|
@@ -17,7 +17,9 @@
|
|
|
17
17
|
* auth.csrfToken() → string
|
|
18
18
|
* auth.csrfField() → "<input type=hidden ...>"
|
|
19
19
|
* auth.sessions.createResponseFromIdentity({ ... }) → Response
|
|
20
|
+
* auth.sessions.createResponseFromTenantAssertion({ tenant, user, method }) → Response
|
|
20
21
|
* auth.sessions.endResponse() → Response
|
|
22
|
+
* auth.invalidCredentials() → InvalidCredentialsError (throw it)
|
|
21
23
|
*
|
|
22
24
|
* Behaviour notes baked into the helpers:
|
|
23
25
|
* - Calling any helper taints the cache (the response now depends on
|
|
@@ -40,7 +42,7 @@
|
|
|
40
42
|
import { getCurrentContext, requireActiveContext, taintCacheBypass, } from "../runtime-context.js";
|
|
41
43
|
import { config } from "../config.js";
|
|
42
44
|
import jwt from "../lib/jwt.js";
|
|
43
|
-
import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, UnknownExportError, } from "./errors.js";
|
|
45
|
+
import { AuthRequiredError, FetchAbsoluteUrlError, FreshnessRequiredError, InsufficientMembershipError, InsufficientRoleError, InvalidCredentialsError, RenamedExportError, TenantSubjectInvalidError, UnknownExportError, } from "./errors.js";
|
|
44
46
|
import { validateAuthFetchInput } from "./url-validation.js";
|
|
45
47
|
import crypto from "node:crypto";
|
|
46
48
|
// ---------------------------------------------------------------------------
|
|
@@ -65,6 +67,15 @@ async function user() {
|
|
|
65
67
|
if (ctx.actor) {
|
|
66
68
|
return actorContextToPublicActor(ctx.actor, ctx.projectId);
|
|
67
69
|
}
|
|
70
|
+
// auth-hosted-surface-parity: for browser SSR (routed_http) the cookie
|
|
71
|
+
// envelope is the ONLY actor input. We do NOT fall back to decoding an
|
|
72
|
+
// `Authorization: Bearer` header here — otherwise a Bearer on a GET to
|
|
73
|
+
// a tenant SSR page would resolve an actor, contradicting the
|
|
74
|
+
// "cookie is the only browser actor input" invariant (Kychon finding).
|
|
75
|
+
// The fallback is preserved only for direct/machine invocations below.
|
|
76
|
+
if (ctx.invocationKind === "routed_http") {
|
|
77
|
+
return null;
|
|
78
|
+
}
|
|
68
79
|
// Direct function invocation path (Bearer JWT, no cookie envelope):
|
|
69
80
|
// fall back to decoding the Authorization header. This is the legacy
|
|
70
81
|
// getUser(req) contract — mobile / server-to-server callers send a
|
|
@@ -301,6 +312,96 @@ async function createResponseFromIdentity(opts) {
|
|
|
301
312
|
});
|
|
302
313
|
return res;
|
|
303
314
|
}
|
|
315
|
+
/** Header on the function's RETURNED Response that the gateway's routed-invoke
|
|
316
|
+
* post-processor materializes into a host-bound `Set-Cookie` — AFTER it
|
|
317
|
+
* checks the INVOKED function's declared `auth.sessionMint` capability
|
|
318
|
+
* (server-side; service-key presence is NOT sufficient). The gateway always
|
|
319
|
+
* strips this header before the client sees it. Kept in sync with the
|
|
320
|
+
* gateway constant of the same name. */
|
|
321
|
+
export const MINT_DIRECTIVE_HEADER = "x-run402-mint-directive";
|
|
322
|
+
/**
|
|
323
|
+
* Tenant-assertion session mint (D6) — for the tenant-owned-credential case
|
|
324
|
+
* where the calling function already verified the credential against its OWN
|
|
325
|
+
* store (bcrypt, custom DB, external IdP). This is NOT a proof-based mint;
|
|
326
|
+
* the tenant is *vouching*, so it is capability-gated (`auth.sessionMint` in
|
|
327
|
+
* the function's deploy spec), audited, and host-gated — all enforced by the
|
|
328
|
+
* gateway when it materializes the directive below.
|
|
329
|
+
*
|
|
330
|
+
* The shape is agent-proof: the platform derives `issuer: "tenant:<tenant>"`
|
|
331
|
+
* and `amr` from `method` (`password` → `tenant_password`, `sso` →
|
|
332
|
+
* `tenant_sso`). Arbitrary amr is available only via `advanced.amr`.
|
|
333
|
+
*
|
|
334
|
+
* Mechanism (pattern B): the SDK never holds the session secret, so it returns
|
|
335
|
+
* a Response carrying a `x-run402-mint-directive` header. The gateway reads it,
|
|
336
|
+
* verifies the invoked function declared `auth.sessionMint` (else
|
|
337
|
+
* `R402_AUTH_UNTRUSTED_CONTEXT`), validates the subject, mints the host-bound
|
|
338
|
+
* cookie, writes an audit row, strips the directive, and rewrites the body to
|
|
339
|
+
* `{ ok, user }`. Return it directly from your handler: `return
|
|
340
|
+
* auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })`.
|
|
341
|
+
*/
|
|
342
|
+
async function createResponseFromTenantAssertion(opts) {
|
|
343
|
+
// Must run inside a real routed invocation (not module scope / prerender).
|
|
344
|
+
requireActiveContext("auth.sessions.createResponseFromTenantAssertion");
|
|
345
|
+
// Fast SDK-side validation with the teaching fix. The gateway re-validates
|
|
346
|
+
// and additionally enforces `(project_id, issuer, user.id)` uniqueness.
|
|
347
|
+
const tenant = typeof opts?.tenant === "string" ? opts.tenant.trim() : "";
|
|
348
|
+
if (!tenant) {
|
|
349
|
+
throw new TenantSubjectInvalidError({ reason: "missing `tenant`" });
|
|
350
|
+
}
|
|
351
|
+
const user = opts?.user;
|
|
352
|
+
if (!user || typeof user !== "object") {
|
|
353
|
+
throw new TenantSubjectInvalidError({ reason: "missing `user`" });
|
|
354
|
+
}
|
|
355
|
+
const id = typeof user.id === "string" ? user.id.trim() : "";
|
|
356
|
+
if (!id) {
|
|
357
|
+
throw new TenantSubjectInvalidError({
|
|
358
|
+
reason: "`user.id` is required (a stable primary key, not a bare email)",
|
|
359
|
+
});
|
|
360
|
+
}
|
|
361
|
+
const email = typeof user.email === "string" ? user.email.trim() : "";
|
|
362
|
+
// The classic mistake: passing the email AS the id. A stable id is required.
|
|
363
|
+
if (id.includes("@") && id === email) {
|
|
364
|
+
throw new TenantSubjectInvalidError({
|
|
365
|
+
reason: "`user.id` must be a stable primary key, not the email",
|
|
366
|
+
});
|
|
367
|
+
}
|
|
368
|
+
if (opts.method !== "password" && opts.method !== "sso") {
|
|
369
|
+
throw new TenantSubjectInvalidError({
|
|
370
|
+
reason: '`method` must be "password" or "sso"',
|
|
371
|
+
});
|
|
372
|
+
}
|
|
373
|
+
const directive = {
|
|
374
|
+
v: 1,
|
|
375
|
+
tenant,
|
|
376
|
+
user: {
|
|
377
|
+
id,
|
|
378
|
+
email,
|
|
379
|
+
emailVerified: user.emailVerified === true,
|
|
380
|
+
...(user.displayName ? { displayName: String(user.displayName) } : {}),
|
|
381
|
+
...(user.avatarUrl ? { avatarUrl: String(user.avatarUrl) } : {}),
|
|
382
|
+
},
|
|
383
|
+
method: opts.method,
|
|
384
|
+
...(opts.advanced?.amr ? { advanced: { amr: opts.advanced.amr } } : {}),
|
|
385
|
+
};
|
|
386
|
+
const encoded = Buffer.from(JSON.stringify(directive), "utf8").toString("base64url");
|
|
387
|
+
// The response now depends on per-request actor state — taint the SSR cache.
|
|
388
|
+
taintCacheBypass();
|
|
389
|
+
return new Response(JSON.stringify({ ok: true }), {
|
|
390
|
+
status: 200,
|
|
391
|
+
headers: {
|
|
392
|
+
"content-type": "application/json",
|
|
393
|
+
[MINT_DIRECTIVE_HEADER]: encoded,
|
|
394
|
+
},
|
|
395
|
+
});
|
|
396
|
+
}
|
|
397
|
+
/** Returns the canonical invalid-credentials error for the tenant-owned
|
|
398
|
+
* credential case. A FUNCTION, not a constructor (D9): write
|
|
399
|
+
* `throw auth.invalidCredentials()` — never `new auth.InvalidCredentialsError()`.
|
|
400
|
+
* Renders the canonical `R402_AUTH_INVALID_CREDENTIALS` envelope (distinct
|
|
401
|
+
* from `R402_AUTH_MAGIC_LINK_INVALID`); no session is minted. */
|
|
402
|
+
function invalidCredentials() {
|
|
403
|
+
return new InvalidCredentialsError();
|
|
404
|
+
}
|
|
304
405
|
async function endResponse() {
|
|
305
406
|
const ctx = requireActiveContext("auth.sessions.endResponse");
|
|
306
407
|
const origin = `https://${ctx.host}`;
|
|
@@ -314,31 +415,272 @@ async function endResponse() {
|
|
|
314
415
|
// ---------------------------------------------------------------------------
|
|
315
416
|
// Identity linking.
|
|
316
417
|
// ---------------------------------------------------------------------------
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
418
|
+
/** §4.5: the shipped top-level `auth.identities.link` is renamed/moved to
|
|
419
|
+
* `auth.account.identities.startLink` (the redirect+proof ceremony that links
|
|
420
|
+
* an OAuth identity to the already-signed-in account). Throws
|
|
421
|
+
* `R402_AUTH_RENAMED_EXPORT` teaching the move. (It also fetched a gateway
|
|
422
|
+
* route that never existed — see #429 — so it was non-functional regardless.) */
|
|
423
|
+
async function linkIdentity(_opts) {
|
|
424
|
+
throw new RenamedExportError({
|
|
425
|
+
oldName: "auth.identities.link",
|
|
426
|
+
newName: "auth.account.identities.startLink",
|
|
326
427
|
});
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
428
|
+
}
|
|
429
|
+
// ---------------------------------------------------------------------------
|
|
430
|
+
// Account security (§4). `getSecurity()` is the everyday rich read; the
|
|
431
|
+
// advanced mutation tier (setPassword / passkeys / sessions / identities) is
|
|
432
|
+
// demoted and lands in a follow-up increment.
|
|
433
|
+
// ---------------------------------------------------------------------------
|
|
434
|
+
/**
|
|
435
|
+
* The rich settings/security read for the current actor (§4.3). Distinct from
|
|
436
|
+
* the cheap per-request `auth.user()` — returns the ownership-qualified
|
|
437
|
+
* `AccountSecurity` projection (has_run402_password, run402_passkey_count,
|
|
438
|
+
* run402_identities, tenant_assertions, …) or `null` when anonymous.
|
|
439
|
+
*
|
|
440
|
+
* Resolves the actor exactly like `auth.user()` (cookie envelope on browser
|
|
441
|
+
* SSR; Bearer on direct/machine — §4.7/D15), mints a short-lived actor JWT
|
|
442
|
+
* (the same channel `db()` uses), and fetches the gateway projection route.
|
|
443
|
+
*/
|
|
444
|
+
async function getSecurity() {
|
|
445
|
+
const ctx = getCurrentContext();
|
|
446
|
+
if (!ctx)
|
|
447
|
+
return null;
|
|
448
|
+
const actor = await user();
|
|
449
|
+
if (!actor)
|
|
450
|
+
return null;
|
|
451
|
+
if (!config.JWT_SECRET)
|
|
452
|
+
return null;
|
|
453
|
+
const nowSec = Math.floor(Date.now() / 1000);
|
|
454
|
+
let token;
|
|
455
|
+
try {
|
|
456
|
+
token = jwt.sign({
|
|
457
|
+
sub: actor.id,
|
|
458
|
+
role: "authenticated",
|
|
459
|
+
email: actor.email,
|
|
460
|
+
project_id: actor.projectId,
|
|
461
|
+
iss: "agentdb",
|
|
462
|
+
iat: nowSec,
|
|
463
|
+
exp: nowSec + 60,
|
|
464
|
+
}, config.JWT_SECRET);
|
|
465
|
+
}
|
|
466
|
+
catch {
|
|
467
|
+
return null;
|
|
468
|
+
}
|
|
469
|
+
// Fetch the gateway (config.API_BASE = RUN402_API_BASE) directly — NOT the
|
|
470
|
+
// public tenant subdomain (ctx.host). The /auth/v1/account/* routes live on
|
|
471
|
+
// the gateway; a Lambda-to-subdomain round-trip via CloudFront does not reach
|
|
472
|
+
// them. `app_origin` still carries the tenant host for rpId validation.
|
|
473
|
+
const appOrigin = `https://${ctx.host}`;
|
|
474
|
+
let res;
|
|
475
|
+
try {
|
|
476
|
+
res = await fetch(`${config.API_BASE}/auth/v1/account/security?app_origin=${encodeURIComponent(appOrigin)}`, {
|
|
477
|
+
headers: {
|
|
478
|
+
apikey: config.ANON_KEY ?? "",
|
|
479
|
+
authorization: `Bearer ${token}`,
|
|
480
|
+
accept: "application/json",
|
|
481
|
+
},
|
|
482
|
+
redirect: "manual",
|
|
333
483
|
});
|
|
334
484
|
}
|
|
485
|
+
catch {
|
|
486
|
+
return null;
|
|
487
|
+
}
|
|
488
|
+
if (!res.ok)
|
|
489
|
+
return null;
|
|
490
|
+
const data = (await res.json().catch(() => null));
|
|
491
|
+
if (!data)
|
|
492
|
+
return null;
|
|
493
|
+
// The route returns a `user` projection; the SDK overlays the richer Actor.
|
|
494
|
+
return { ...data, user: actor };
|
|
495
|
+
}
|
|
496
|
+
/** Throwing variant of `getSecurity()` (§4.3). */
|
|
497
|
+
async function requireSecurity() {
|
|
498
|
+
const security = await getSecurity();
|
|
499
|
+
if (!security)
|
|
500
|
+
throw new AuthRequiredError();
|
|
501
|
+
return security;
|
|
502
|
+
}
|
|
503
|
+
// ---------------------------------------------------------------------------
|
|
504
|
+
// §4.4 advanced account-security mutation tier. Server-side, context-actor
|
|
505
|
+
// only. Each method mints a short-lived actor JWT (same channel as
|
|
506
|
+
// getSecurity) — including `auth_time` so the gateway can enforce freshness
|
|
507
|
+
// callee-side — and calls the Bearer-authed /auth/v1/account/* routes. NOT in
|
|
508
|
+
// the everyday docs; the everyday path is the <AccountSecurity> component.
|
|
509
|
+
// ---------------------------------------------------------------------------
|
|
510
|
+
/** Mint a short-lived actor JWT for an advanced-tier account call. Includes
|
|
511
|
+
* `auth_time` (the actor's last-auth from the verified browser-session
|
|
512
|
+
* envelope) so the gateway's sensitive-mutation freshness gate can read it. */
|
|
513
|
+
function mintAdvancedActorToken(actor) {
|
|
514
|
+
if (!config.JWT_SECRET)
|
|
515
|
+
return null;
|
|
516
|
+
const nowSec = Math.floor(Date.now() / 1000);
|
|
517
|
+
try {
|
|
518
|
+
return jwt.sign({
|
|
519
|
+
sub: actor.id,
|
|
520
|
+
role: "authenticated",
|
|
521
|
+
email: actor.email,
|
|
522
|
+
project_id: actor.projectId,
|
|
523
|
+
iss: "agentdb",
|
|
524
|
+
iat: nowSec,
|
|
525
|
+
exp: nowSec + 60,
|
|
526
|
+
auth_time: actor.authTime,
|
|
527
|
+
}, config.JWT_SECRET);
|
|
528
|
+
}
|
|
529
|
+
catch {
|
|
530
|
+
return null;
|
|
531
|
+
}
|
|
532
|
+
}
|
|
533
|
+
/** Call a Bearer-authed /auth/v1/account/* route with the context actor's
|
|
534
|
+
* minted JWT. Throws AuthRequiredError when anonymous / outside a request,
|
|
535
|
+
* FreshnessRequiredError on a freshness 401, and a generic error otherwise. */
|
|
536
|
+
async function accountAdvancedFetch(path, init) {
|
|
537
|
+
const ctx = getCurrentContext();
|
|
538
|
+
const actor = ctx ? await user() : null;
|
|
539
|
+
if (!ctx || !actor)
|
|
540
|
+
throw new AuthRequiredError();
|
|
541
|
+
const token = mintAdvancedActorToken(actor);
|
|
542
|
+
if (!token)
|
|
543
|
+
throw new AuthRequiredError();
|
|
544
|
+
// Gateway directly (config.API_BASE), NOT the tenant subdomain (ctx.host) —
|
|
545
|
+
// the /auth/v1/account/* routes live on the gateway and a Lambda-to-subdomain
|
|
546
|
+
// round-trip via CloudFront does not reach them (see getSecurity).
|
|
547
|
+
const res = await fetch(`${config.API_BASE}${path}`, {
|
|
548
|
+
method: init.method,
|
|
549
|
+
headers: {
|
|
550
|
+
apikey: config.ANON_KEY ?? "",
|
|
551
|
+
authorization: `Bearer ${token}`,
|
|
552
|
+
accept: "application/json",
|
|
553
|
+
...(init.body !== undefined ? { "content-type": "application/json" } : {}),
|
|
554
|
+
},
|
|
555
|
+
body: init.body !== undefined ? JSON.stringify(init.body) : undefined,
|
|
556
|
+
redirect: "manual",
|
|
557
|
+
});
|
|
558
|
+
if (res.status === 401) {
|
|
559
|
+
const data = (await res.json().catch(() => null));
|
|
560
|
+
if (data?.code === "R402_AUTH_FRESHNESS_REQUIRED") {
|
|
561
|
+
throw new FreshnessRequiredError({ maxAge: "5m", amr: [] });
|
|
562
|
+
}
|
|
563
|
+
throw new AuthRequiredError();
|
|
564
|
+
}
|
|
335
565
|
if (!res.ok) {
|
|
336
|
-
|
|
337
|
-
throw new (await import("./errors.js")).SessionBridgeUnverifiedError({
|
|
338
|
-
reason: body.code ?? `link failed: ${res.status}`,
|
|
339
|
-
});
|
|
566
|
+
throw new Error(`auth.account.* request to ${path} failed: ${res.status}`);
|
|
340
567
|
}
|
|
568
|
+
return (await res.json().catch(() => ({})));
|
|
341
569
|
}
|
|
570
|
+
/** §4.4 — set or change the signed-in user's Run402 password. Callee-enforced
|
|
571
|
+
* freshness (re-auth within 5 min) — throws FreshnessRequiredError otherwise.
|
|
572
|
+
* On success the gateway rotates (revokes) the user's other sessions. */
|
|
573
|
+
async function setPassword(newPassword, _opts) {
|
|
574
|
+
await accountAdvancedFetch("/auth/v1/account/password", {
|
|
575
|
+
method: "POST",
|
|
576
|
+
body: { new_password: newPassword },
|
|
577
|
+
});
|
|
578
|
+
}
|
|
579
|
+
/** §4.4 — sign out of every browser session for the context actor. */
|
|
580
|
+
async function signOutEverywhere() {
|
|
581
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/sign-out-everywhere", {
|
|
582
|
+
method: "POST",
|
|
583
|
+
body: {},
|
|
584
|
+
}));
|
|
585
|
+
return { revoked_count: typeof out.revoked_count === "number" ? out.revoked_count : 0 };
|
|
586
|
+
}
|
|
587
|
+
const accountPasskeys = {
|
|
588
|
+
list: async () => {
|
|
589
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/passkeys", { method: "GET" }));
|
|
590
|
+
return out.passkeys ?? [];
|
|
591
|
+
},
|
|
592
|
+
remove: async (passkeyId) => {
|
|
593
|
+
await accountAdvancedFetch("/auth/v1/account/passkeys/remove", {
|
|
594
|
+
method: "POST",
|
|
595
|
+
body: { passkey_id: passkeyId },
|
|
596
|
+
});
|
|
597
|
+
},
|
|
598
|
+
/** Passkey registration is a browser WebAuthn ceremony — it cannot run
|
|
599
|
+
* server-side. Use `<AccountSecurity sections={["passkeys"]}/>` or the
|
|
600
|
+
* hosted `/auth/passkeys/register` flow. */
|
|
601
|
+
add: () => {
|
|
602
|
+
throw new Error("auth.account.passkeys.add() can't run server-side: passkey registration is a browser WebAuthn ceremony. Use <AccountSecurity sections={[\"passkeys\"]}/> or the hosted /auth/passkeys/register flow.");
|
|
603
|
+
},
|
|
604
|
+
};
|
|
605
|
+
const accountIdentities = {
|
|
606
|
+
list: async () => {
|
|
607
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/identities", { method: "GET" }));
|
|
608
|
+
return out.identities ?? [];
|
|
609
|
+
},
|
|
610
|
+
/** §4.5 — begin the OAuth link-to-existing-account ceremony. Mints the
|
|
611
|
+
* context actor's JWT and calls the gateway `intent:"link"` start route,
|
|
612
|
+
* returning the provider authorization URL for the caller to redirect to.
|
|
613
|
+
* The resulting identity is written against the signed-in account (NOT a
|
|
614
|
+
* new sign-in). `redirectUrl` must be a project-allowed origin. */
|
|
615
|
+
startLink: async (opts) => {
|
|
616
|
+
if (!opts?.provider)
|
|
617
|
+
throw new Error("auth.account.identities.startLink: provider is required");
|
|
618
|
+
if (!opts?.redirectUrl)
|
|
619
|
+
throw new Error("auth.account.identities.startLink: redirectUrl is required");
|
|
620
|
+
const out = (await accountAdvancedFetch(`/auth/v1/oauth/${opts.provider}/start`, {
|
|
621
|
+
method: "POST",
|
|
622
|
+
body: { intent: "link", redirect_url: opts.redirectUrl, mode: opts.mode ?? "redirect" },
|
|
623
|
+
}));
|
|
624
|
+
if (!out.authorization_url) {
|
|
625
|
+
throw new Error("auth.account.identities.startLink: gateway returned no authorization_url");
|
|
626
|
+
}
|
|
627
|
+
return {
|
|
628
|
+
authorizationUrl: out.authorization_url,
|
|
629
|
+
expiresIn: typeof out.expires_in === "number" ? out.expires_in : 600,
|
|
630
|
+
};
|
|
631
|
+
},
|
|
632
|
+
unlink: async (opts) => {
|
|
633
|
+
await accountAdvancedFetch("/auth/v1/account/identities/unlink", {
|
|
634
|
+
method: "POST",
|
|
635
|
+
body: { provider: opts.provider, subject: opts.subject },
|
|
636
|
+
});
|
|
637
|
+
},
|
|
638
|
+
};
|
|
639
|
+
const accountSessions = {
|
|
640
|
+
list: async () => {
|
|
641
|
+
const out = (await accountAdvancedFetch("/auth/v1/account/sessions", { method: "GET" }));
|
|
642
|
+
return out.sessions ?? [];
|
|
643
|
+
},
|
|
644
|
+
revoke: async (sessionId) => {
|
|
645
|
+
await accountAdvancedFetch("/auth/v1/account/sessions/revoke", {
|
|
646
|
+
method: "POST",
|
|
647
|
+
body: { session_id: sessionId },
|
|
648
|
+
});
|
|
649
|
+
},
|
|
650
|
+
};
|
|
651
|
+
/** `auth.account.*` proxy — `getSecurity`/`requireSecurity` (everyday read) +
|
|
652
|
+
* the §4.4 advanced mutation members (`setPassword`, `passkeys`, `identities`,
|
|
653
|
+
* `sessions`, `signOutEverywhere`) are the real members; the shipped throwing
|
|
654
|
+
* names (`get`, `signIn`, `login`, `currentUser`) and typos throw the
|
|
655
|
+
* structured unknown-export error (§4.6). */
|
|
656
|
+
const ACCOUNT_HALLUCINATED_NAMES = {
|
|
657
|
+
get: "auth.account.getSecurity() / auth.account.requireSecurity()",
|
|
658
|
+
signIn: "auth.sessions.createResponseFromTenantAssertion({...}) / createResponseFromIdentity({...})",
|
|
659
|
+
login: "auth.sessions.createResponseFromTenantAssertion({...})",
|
|
660
|
+
currentUser: "auth.user()",
|
|
661
|
+
user: "auth.user()",
|
|
662
|
+
};
|
|
663
|
+
const baseAccount = {
|
|
664
|
+
getSecurity,
|
|
665
|
+
requireSecurity,
|
|
666
|
+
setPassword,
|
|
667
|
+
signOutEverywhere,
|
|
668
|
+
passkeys: accountPasskeys,
|
|
669
|
+
identities: accountIdentities,
|
|
670
|
+
sessions: accountSessions,
|
|
671
|
+
};
|
|
672
|
+
const account = new Proxy(baseAccount, {
|
|
673
|
+
get(target, prop, receiver) {
|
|
674
|
+
if (typeof prop === "string" && !(prop in target)) {
|
|
675
|
+
throw new UnknownExportError({
|
|
676
|
+
attemptedName: `auth.account.${prop}`,
|
|
677
|
+
canonicalName: ACCOUNT_HALLUCINATED_NAMES[prop] ??
|
|
678
|
+
"auth.account.getSecurity() / auth.account.requireSecurity()",
|
|
679
|
+
});
|
|
680
|
+
}
|
|
681
|
+
return Reflect.get(target, prop, receiver);
|
|
682
|
+
},
|
|
683
|
+
});
|
|
342
684
|
// ---------------------------------------------------------------------------
|
|
343
685
|
// SDK proxy intercepting hallucinated names.
|
|
344
686
|
// ---------------------------------------------------------------------------
|
|
@@ -358,7 +700,40 @@ const HALLUCINATED_NAMES = {
|
|
|
358
700
|
getUser: "auth.user()",
|
|
359
701
|
getToken: "auth.requireUser() then user.sessionId (tokens are not exposed)",
|
|
360
702
|
protect: "auth.requireUser() / auth.requireRole(...)",
|
|
703
|
+
// Section 5 — forbidden legacy mint names + common top-level typos.
|
|
704
|
+
signInResponse: "throw auth.invalidCredentials() on failure, then auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
705
|
+
InvalidCredentialsError: "auth.invalidCredentials()",
|
|
706
|
+
createResponseFromTenantSubject: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
707
|
+
createResponseFromTenantAssertion: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
708
|
+
createResponseFromIdentity: "auth.sessions.createResponseFromIdentity({ provider, subject, proof, amr })",
|
|
709
|
+
};
|
|
710
|
+
/** `auth.sessions.*` proxy — mirrors the top-level `auth` proxy so forbidden
|
|
711
|
+
* legacy names (`createResponseFromTenantSubject`, `signInResponse`) and
|
|
712
|
+
* typos throw the structured unknown-export error pointing at the canonical
|
|
713
|
+
* primitive, instead of silently returning `undefined`. */
|
|
714
|
+
const SESSIONS_HALLUCINATED_NAMES = {
|
|
715
|
+
createResponseFromTenantSubject: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
716
|
+
signInResponse: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
717
|
+
fromIdentity: "auth.sessions.createResponseFromIdentity({ ... })",
|
|
718
|
+
fromTenantAssertion: "auth.sessions.createResponseFromTenantAssertion({ tenant, user, method })",
|
|
361
719
|
};
|
|
720
|
+
const baseSessions = {
|
|
721
|
+
createResponseFromIdentity,
|
|
722
|
+
createResponseFromTenantAssertion,
|
|
723
|
+
endResponse,
|
|
724
|
+
};
|
|
725
|
+
const sessions = new Proxy(baseSessions, {
|
|
726
|
+
get(target, prop, receiver) {
|
|
727
|
+
if (typeof prop === "string" && !(prop in target)) {
|
|
728
|
+
throw new UnknownExportError({
|
|
729
|
+
attemptedName: `auth.sessions.${prop}`,
|
|
730
|
+
canonicalName: SESSIONS_HALLUCINATED_NAMES[prop] ??
|
|
731
|
+
"auth.sessions.createResponseFromIdentity / createResponseFromTenantAssertion / endResponse",
|
|
732
|
+
});
|
|
733
|
+
}
|
|
734
|
+
return Reflect.get(target, prop, receiver);
|
|
735
|
+
},
|
|
736
|
+
});
|
|
362
737
|
const baseAuth = {
|
|
363
738
|
user,
|
|
364
739
|
requireUser,
|
|
@@ -368,13 +743,12 @@ const baseAuth = {
|
|
|
368
743
|
fetch: authFetch,
|
|
369
744
|
csrfToken,
|
|
370
745
|
csrfField,
|
|
746
|
+
invalidCredentials,
|
|
747
|
+
account,
|
|
371
748
|
identities: {
|
|
372
749
|
link: linkIdentity,
|
|
373
750
|
},
|
|
374
|
-
sessions
|
|
375
|
-
createResponseFromIdentity,
|
|
376
|
-
endResponse,
|
|
377
|
-
},
|
|
751
|
+
sessions,
|
|
378
752
|
};
|
|
379
753
|
/** Hallucinated-name proxy. Property access for a name not in
|
|
380
754
|
* `baseAuth` throws `R402_AUTH_UNKNOWN_EXPORT` with the canonical
|
|
@@ -449,5 +823,5 @@ function currentReturnTo() {
|
|
|
449
823
|
return undefined;
|
|
450
824
|
return ctx.request.url;
|
|
451
825
|
}
|
|
452
|
-
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, Run402AuthError, } from "./errors.js";
|
|
826
|
+
export { AuthRequiredError, InsufficientRoleError, InsufficientMembershipError, FreshnessRequiredError, FetchAbsoluteUrlError, PrerenderedError, UnknownExportError, SessionBridgeUnverifiedError, IdentityLinkConflictError, UnknownIdentityError, InvalidCredentialsError, TenantSubjectInvalidError, RenamedExportError, Run402AuthError, } from "./errors.js";
|
|
453
827
|
//# sourceMappingURL=index.js.map
|
package/dist/auth/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EAErB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAMrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,MAAM,GAAG,GAAG,oBAAoB,CAAC,sBAAsB,CAAC,CAAC;IACzD,MAAM,WAAW,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,0BAA0B,EAAE;QAC3D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,8CAA8C;QAC9C,8DAA8D;QAC9D,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,yBAAyB,CAAC;YAChE,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC,CAAC;IACL,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B,CAAC;YACnE,MAAM,EAAG,IAA0B,CAAC,IAAI,IAAI,gBAAgB,GAAG,CAAC,MAAM,EAAE;SACzE,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;CACtD,CAAC;AA2BF,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ,EAAE;QACR,0BAA0B;QAC1B,WAAW;KACZ;CACF,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AAID,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AAEH,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,gBAAgB,GAEjB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,GAAG,MAAM,eAAe,CAAC;AAChC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,uBAAuB,EAEvB,kBAAkB,EAClB,yBAAyB,EACzB,kBAAkB,GACnB,MAAM,aAAa,CAAC;AAQrB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,8EAA8E;AAC9E,mCAAmC;AACnC,8EAA8E;AAE9E,KAAK,UAAU,IAAI;IACjB,oEAAoE;IACpE,8DAA8D;IAC9D,gBAAgB,EAAE,CAAC;IACnB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,mEAAmE;QACnE,gEAAgE;QAChE,mEAAmE;QACnE,gEAAgE;QAChE,+DAA+D;QAC/D,qEAAqE;QACrE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,+DAA+D;IAC/D,mDAAmD;IACnD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;QACd,OAAO,yBAAyB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7D,CAAC;IACD,uEAAuE;IACvE,uEAAuE;IACvE,uEAAuE;IACvE,8DAA8D;IAC9D,uEAAuE;IACvE,uEAAuE;IACvE,IAAI,GAAG,CAAC,cAAc,KAAK,aAAa,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,oEAAoE;IACpE,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,kEAAkE;IAClE,+DAA+D;IAC/D,2DAA2D;IAC3D,OAAO,4BAA4B,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED;;;;;;;;;;iBAUiB;AACjB,SAAS,4BAA4B,CACnC,GAAsD;IAEtD,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC;IACpC,kEAAkE;IAClE,qEAAqE;IACrE,8BAA8B;IAC9B,IAAI,UAA8B,CAAC;IACnC,8DAA8D;IAC9D,MAAM,CAAC,GAAG,OAAc,CAAC;IACzB,IAAI,OAAO,CAAC,EAAE,GAAG,KAAK,UAAU,EAAE,CAAC;QACjC,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS,CAAC;IAC7E,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC;QACzD,UAAU,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACjD,CAAC;IACD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAClE,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CASvB,KAAK,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QAC7B,IAAI,OAAO,CAAC,UAAU,KAAK,GAAG,CAAC,SAAS;YAAE,OAAO,IAAI,CAAC;QACtD,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,SAAS,EAAE,OAAO,CAAC,UAAU;YAC7B,SAAS,EAAE,OAAO,CAAC,UAAU,IAAI,UAAU,OAAO,CAAC,GAAG,EAAE;YACxD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,aAAa,EAAE,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAC5D,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvD,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,iBAAiB,CAAC,EAAE,QAAQ,EAAE,eAAe,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,IAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,uEAAuE;IACvE,gEAAgE;IAChE,mEAAmE;IACnE,kCAAkC;IAClC,MAAM,GAAG,GAAG,oBAAoB,CAAC,kBAAkB,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;IACzE,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;QACxB,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAC/B,CAAC;IACD,MAAM,IAAI,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,UAAU,CACjB,OAAsD,EACtD,IAAY;IAEZ,MAAM,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACtF,OAAO,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACrC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAa;IAEb,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,wEAAwE;IACxE,wEAAwE;IACxE,oEAAoE;IACpE,MAAM,GAAG,GAAG,oBAAoB,CAAC,wBAAwB,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,0BAA0B,CAAC,CAAC;IACrF,IAAI,gBAAgB,KAAK,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IACD,MAAM,IAAI,2BAA2B,CAAC,UAAU,CAAC,CAAC;AACpD,CAAC;AAaD,KAAK,UAAU,YAAY,CAAC,IAAyB;IACnD,gBAAgB,EAAE,CAAC;IACnB,MAAM,KAAK,GAAG,MAAM,WAAW,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE;YAClC,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAClC,OAAO,OAAO,EAAE,KAAK,QAAQ,IAAI,MAAM,GAAG,EAAE,IAAI,SAAS,CAAC;QAC5D,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,IAAI,sBAAsB,CAAC;gBAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,QAAQ,EAAE,eAAe,EAAE;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO;IACT,CAAC;IACD,IAAI,MAAM,GAAG,KAAK,CAAC,QAAQ,IAAI,SAAS;QAAE,OAAO;IACjD,MAAM,IAAI,sBAAsB,CAAC;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,EAAE,EAAE;QACP,QAAQ,EAAE,eAAe,EAAE;KAC5B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,EAAE,GAAG,oBAAoB,CAAC;IAChC,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAE,CAAC,WAAW,EAAE,EAAE,CAAC;YAC5B,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,CAAC;gBACX,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;gBAClB,MAAM;YACR,KAAK,GAAG;gBACN,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC;gBACnB,MAAM;QACV,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,0DAA0D;AAC1D,8EAA8E;AAE9E,KAAK,UAAU,SAAS,CACtB,KAAwB,EACxB,IAAkB;IAElB,MAAM,GAAG,GAAG,oBAAoB,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,sBAAsB,CAAC,KAAK,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,CAAC;IACxE,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;QACf,MAAM,IAAI,qBAAqB,CAAC;YAC9B,SAAS,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;YACpG,MAAM,EAAE,MAAM,CAAC,MAAM;SACtB,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,kEAAkE;IAClE,6DAA6D;IAC7D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC3C,kEAAkE;IAClE,sEAAsE;IACtE,mEAAmE;IACnE,kEAAkE;IAClE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACzB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEzB,MAAM,WAAW,GAAgB;QAC/B,GAAG,IAAI;QACP,OAAO;QACP,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,QAAQ;KACrC,CAAC;IACF,OAAO,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AAC/C,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,8EAA8E;AAE9E,SAAS,SAAS;IAChB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACvB,kEAAkE;QAClE,kEAAkE;QAClE,8DAA8D;QAC9D,yBAAyB;QACzB,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,oEAAoE;IACpE,mEAAmE;IACnE,mEAAmE;IACnE,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qDAAqD;IACrD,MAAM,KAAK,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,GAAG,CAAC,KAAK,CAAC,QAAQ,OAAO,CAAC;IAClE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACtF,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,4CAA4C,UAAU,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,OAAO,CAAC;SACL,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC5B,CAAC;AAED,8EAA8E;AAC9E,6DAA6D;AAC7D,EAAE;AACF,0EAA0E;AAC1E,0EAA0E;AAC1E,yEAAyE;AACzE,wEAAwE;AACxE,4CAA4C;AAC5C,8EAA8E;AAE9E,KAAK,UAAU,0BAA0B,CACvC,IAAuC;IAEvC,MAAM,GAAG,GAAG,oBAAoB,CAAC,0CAA0C,CAAC,CAAC;IAC7E,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,+DAA+D;IAC/D,qEAAqE;IACrE,kEAAkE;IAClE,gEAAgE;IAChE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,iCAAiC,EAAE;QAClE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;QAC1B,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;yCAKyC;AACzC,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC;AAE/D;;;;;;;;;;;;;;;;;;;GAmBG;AACH,KAAK,UAAU,iCAAiC,CAC9C,IAA8C;IAE9C,2EAA2E;IAC3E,oBAAoB,CAAC,iDAAiD,CAAC,CAAC;IAExE,2EAA2E;IAC3E,wEAAwE;IACxE,MAAM,MAAM,GAAG,OAAO,IAAI,EAAE,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC1E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,yBAAyB,CAAC,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,EAAE,GAAG,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7D,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,gEAAgE;SACzE,CAAC,CAAC;IACL,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACtE,6EAA6E;IAC7E,IAAI,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,KAAK,EAAE,CAAC;QACrC,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,uDAAuD;SAChE,CAAC,CAAC;IACL,CAAC;IACD,IAAI,IAAI,CAAC,MAAM,KAAK,UAAU,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QACxD,MAAM,IAAI,yBAAyB,CAAC;YAClC,MAAM,EAAE,sCAAsC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,MAAM,SAAS,GAAG;QAChB,CAAC,EAAE,CAAU;QACb,MAAM;QACN,IAAI,EAAE;YACJ,EAAE;YACF,KAAK;YACL,aAAa,EAAE,IAAI,CAAC,aAAa,KAAK,IAAI;YAC1C,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACjE;QACD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACxE,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CACrE,WAAW,CACZ,CAAC;IACF,6EAA6E;IAC7E,gBAAgB,EAAE,CAAC;IACnB,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;QAChD,MAAM,EAAE,GAAG;QACX,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,CAAC,qBAAqB,CAAC,EAAE,OAAO;SACjC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;kEAIkE;AAClE,SAAS,kBAAkB;IACzB,OAAO,IAAI,uBAAuB,EAAE,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,oBAAoB,CAAC,2BAA2B,CAAC,CAAC;IAC9D,MAAM,MAAM,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,uBAAuB,EAAE;QACxD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E;;;;kFAIkF;AAClF,KAAK,UAAU,YAAY,CAAC,KAA0B;IACpD,MAAM,IAAI,kBAAkB,CAAC;QAC3B,OAAO,EAAE,sBAAsB;QAC/B,OAAO,EAAE,mCAAmC;KAC7C,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,wEAAwE;AACxE,6EAA6E;AAC7E,8CAA8C;AAC9C,8EAA8E;AAE9E;;;;;;;;;GASG;AACH,KAAK,UAAU,WAAW;IACxB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,KAAK,GAAG,MAAM,IAAI,EAAE,CAAC;IAC3B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAC;IACxB,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,KAAa,CAAC;IAClB,IAAI,CAAC;QACH,KAAK,GAAG,GAAG,CAAC,IAAI,CACd;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;SACjB,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,2EAA2E;IAC3E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,MAAM,SAAS,GAAG,WAAW,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CACf,GAAG,MAAM,CAAC,QAAQ,wCAAwC,kBAAkB,CAAC,SAAS,CAAC,EAAE,EACzF;YACE,OAAO,EAAE;gBACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;gBAChC,MAAM,EAAE,kBAAkB;aAC3B;YACD,QAAQ,EAAE,QAAQ;SACnB,CACF,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAExC,CAAC;IACT,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,4EAA4E;IAC5E,OAAO,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,CAAC;AAED,kDAAkD;AAClD,KAAK,UAAU,eAAe;IAC5B,MAAM,QAAQ,GAAG,MAAM,WAAW,EAAE,CAAC;IACrC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC7C,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,8EAA8E;AAC9E,2EAA2E;AAC3E,mEAAmE;AACnE,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,8EAA8E;AAE9E;;gFAEgF;AAChF,SAAS,sBAAsB,CAAC,KAAY;IAC1C,IAAI,CAAC,MAAM,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,CACb;YACE,GAAG,EAAE,KAAK,CAAC,EAAE;YACb,IAAI,EAAE,eAAwB;YAC9B,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,UAAU,EAAE,KAAK,CAAC,SAAS;YAC3B,GAAG,EAAE,SAAkB;YACvB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM,GAAG,EAAE;YAChB,SAAS,EAAE,KAAK,CAAC,QAAQ;SAC1B,EACD,MAAM,CAAC,UAAU,CAClB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;gFAEgF;AAChF,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,IAAgE;IAEhE,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACxC,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAClD,MAAM,KAAK,GAAG,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAC5C,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAC1C,4EAA4E;IAC5E,8EAA8E;IAC9E,mEAAmE;IACnE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,EAAE,EAAE;QACnD,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,OAAO,EAAE;YACP,MAAM,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC7B,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,MAAM,EAAE,kBAAkB;YAC1B,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3E;QACD,IAAI,EAAE,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;QACrE,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAA6B,CAAC;QAC9E,IAAI,IAAI,EAAE,IAAI,KAAK,8BAA8B,EAAE,CAAC;YAClD,MAAM,IAAI,sBAAsB,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,IAAI,iBAAiB,EAAE,CAAC;IAChC,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,YAAY,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,OAAO,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAY,CAAC;AACzD,CAAC;AAED;;0EAE0E;AAC1E,KAAK,UAAU,WAAW,CAAC,WAAmB,EAAE,KAA2B;IACzE,MAAM,oBAAoB,CAAC,2BAA2B,EAAE;QACtD,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE;KACpC,CAAC,CAAC;AACL,CAAC;AAED,sEAAsE;AACtE,KAAK,UAAU,iBAAiB;IAC9B,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,sCAAsC,EAAE;QAC9E,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE;KACT,CAAC,CAA+B,CAAC;IAClC,OAAO,EAAE,aAAa,EAAE,OAAO,GAAG,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC1F,CAAC;AAED,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;IACD;;iDAE6C;IAC7C,GAAG,EAAE,GAAU,EAAE;QACf,MAAM,IAAI,KAAK,CACb,sMAAsM,CACvM,CAAC;IACJ,CAAC;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,6BAA6B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAExF,CAAC;QACF,OAAO,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;IAC9B,CAAC;IACD;;;;wEAIoE;IACpE,SAAS,EAAE,KAAK,EAAE,IAIjB,EAA4D,EAAE;QAC7D,IAAI,CAAC,IAAI,EAAE,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAChG,IAAI,CAAC,IAAI,EAAE,WAAW;YACpB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,kBAAkB,IAAI,CAAC,QAAQ,QAAQ,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,UAAU,EAAE;SACxF,CAAC,CAAwD,CAAC;QAC3D,IAAI,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;QAC9F,CAAC;QACD,OAAO;YACL,gBAAgB,EAAE,GAAG,CAAC,iBAAiB;YACvC,SAAS,EAAE,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG;SACrE,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,IAA2C,EAAiB,EAAE;QAC3E,MAAM,oBAAoB,CAAC,oCAAoC,EAAE;YAC/D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE;SACzD,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF,MAAM,eAAe,GAAG;IACtB,IAAI,EAAE,KAAK,IAAwB,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,MAAM,oBAAoB,CAAC,2BAA2B,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAEtF,CAAC;QACF,OAAO,GAAG,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC5B,CAAC;IACD,MAAM,EAAE,KAAK,EAAE,SAAiB,EAAiB,EAAE;QACjD,MAAM,oBAAoB,CAAC,kCAAkC,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE;SAChC,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;;;8CAI8C;AAC9C,MAAM,0BAA0B,GAA2B;IACzD,GAAG,EAAE,6DAA6D;IAClE,MAAM,EACJ,4FAA4F;IAC9F,KAAK,EAAE,wDAAwD;IAC/D,WAAW,EAAE,aAAa;IAC1B,IAAI,EAAE,aAAa;CACpB,CAAC;AAEF,MAAM,WAAW,GAAG;IAClB,WAAW;IACX,eAAe;IACf,WAAW;IACX,iBAAiB;IACjB,QAAQ,EAAE,eAAe;IACzB,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,eAAe;CAC1B,CAAC;AAEF,MAAM,OAAO,GAA6B,IAAI,KAAK,CAAC,WAAW,EAAE;IAC/D,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,gBAAgB,IAAI,EAAE;gBACrC,aAAa,EACX,0BAA0B,CAAC,IAAI,CAAC;oBAChC,6DAA6D;aAChE,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,8EAA8E;AAC9E,6CAA6C;AAC7C,8EAA8E;AAE9E,MAAM,kBAAkB,GAA2B;IACjD,OAAO,EAAE,gDAAgD;IACzD,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,aAAa;IAC1B,cAAc,EAAE,aAAa;IAC7B,WAAW,EAAE,oBAAoB;IACjC,UAAU,EAAE,6CAA6C;IACzD,MAAM,EAAE,sFAAsF;IAC9F,OAAO,EAAE,6BAA6B;IACtC,OAAO,EAAE,6BAA6B;IACtC,MAAM,EAAE,6BAA6B;IACrC,KAAK,EAAE,iDAAiD;IACxD,gBAAgB,EAAE,yCAAyC;IAC3D,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,iEAAiE;IAC3E,OAAO,EAAE,4CAA4C;IACrD,oEAAoE;IACpE,cAAc,EACZ,4HAA4H;IAC9H,uBAAuB,EAAE,2BAA2B;IACpD,+BAA+B,EAC7B,2EAA2E;IAC7E,iCAAiC,EAC/B,2EAA2E;IAC7E,0BAA0B,EACxB,6EAA6E;CAChF,CAAC;AAmEF;;;4DAG4D;AAC5D,MAAM,2BAA2B,GAA2B;IAC1D,+BAA+B,EAC7B,2EAA2E;IAC7E,cAAc,EACZ,2EAA2E;IAC7E,YAAY,EAAE,mDAAmD;IACjE,mBAAmB,EACjB,2EAA2E;CAC9E,CAAC;AAEF,MAAM,YAAY,GAAG;IACnB,0BAA0B;IAC1B,iCAAiC;IACjC,WAAW;CACZ,CAAC;AAEF,MAAM,QAAQ,GAA8B,IAAI,KAAK,CAAC,YAAY,EAAE;IAClE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,iBAAiB,IAAI,EAAE;gBACtC,aAAa,EACX,2BAA2B,CAAC,IAAI,CAAC;oBACjC,4FAA4F;aAC/F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH,MAAM,QAAQ,GAAkB;IAC9B,IAAI;IACJ,WAAW;IACX,WAAW;IACX,iBAAiB;IACjB,YAAY;IACZ,KAAK,EAAE,SAAS;IAChB,SAAS;IACT,SAAS;IACT,kBAAkB;IAClB,OAAO;IACP,UAAU,EAAE;QACV,IAAI,EAAE,YAAY;KACnB;IACD,QAAQ;CACT,CAAC;AAEF;;;gEAGgE;AAChE,MAAM,CAAC,MAAM,IAAI,GAAkB,IAAI,KAAK,CAAC,QAAQ,EAAE;IACrD,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ;QACxB,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;YAC7C,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,IAAI,kBAAkB,CAAC;oBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;oBAC7B,aAAa,EAAE,WAAW;iBAC3B,CAAC,CAAC;YACL,CAAC;YACD,MAAM,IAAI,kBAAkB,CAAC;gBAC3B,aAAa,EAAE,QAAQ,IAAI,EAAE;gBAC7B,aAAa,EAAE,0EAA0E;aAC1F,CAAC,CAAC;QACL,CAAC;QACD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;CACF,CAAC,CAAC;AAEH;;;;;;;;GAQG;AAEH,6DAA6D;AAC7D,MAAM,UAAU,UAAU;IACxB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC9F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAC/F,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,cAAc;IAC5B,MAAM,IAAI,kBAAkB,CAAC,EAAE,aAAa,EAAE,gBAAgB,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC,CAAC;AAClG,CAAC;AAED,qCAAqC;AACrC,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,kBAAkB,CAAC;QAC3B,aAAa,EAAE,kBAAkB;QACjC,aAAa,EAAE,aAAa;KAC7B,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,SAAS,yBAAyB,CAChC,QAA6B,EAC7B,SAAiB;IAEjB,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,OAAO;QACL,EAAE,EAAE,QAAQ,CAAC,EAAE;QACf,SAAS;QACT,SAAS,EAAE,QAAQ,CAAC,SAAS;QAC7B,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,aAAa,EAAE,QAAQ,CAAC,aAAa;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAQ;QAC3B,GAAG,EAAE,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC;QACtB,QAAQ,EAAE,EAAE,GAAG,QAAQ,CAAC,QAAQ,EAAE;KACnC,CAAC;AACJ,CAAC;AAED,SAAS,eAAe;IACtB,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC;AACzB,CAAC;AAYD,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,4BAA4B,EAC5B,yBAAyB,EACzB,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,GAChB,MAAM,aAAa,CAAC"}
|
package/dist/auth/types.d.ts
CHANGED
|
@@ -55,4 +55,71 @@ export interface IdentityLinkOptions {
|
|
|
55
55
|
subject: string;
|
|
56
56
|
proof: IdentityProof;
|
|
57
57
|
}
|
|
58
|
+
/** The tenant's view of a user it has already authenticated against its OWN
|
|
59
|
+
* store (bcrypt, custom DB, external IdP). `id` MUST be a stable primary key
|
|
60
|
+
* — NOT a bare email. Platform identity uniqueness is `(project_id, issuer,
|
|
61
|
+
* id)`; linking is by `(issuer, id)` only, never implicitly by email. */
|
|
62
|
+
export interface TenantUser {
|
|
63
|
+
id: string;
|
|
64
|
+
email: string;
|
|
65
|
+
emailVerified: boolean;
|
|
66
|
+
displayName?: string;
|
|
67
|
+
avatarUrl?: string;
|
|
68
|
+
}
|
|
69
|
+
/** A Run402-verified federated identity link (OAuth / cryptographic proof). */
|
|
70
|
+
export interface Run402Identity {
|
|
71
|
+
provider: string;
|
|
72
|
+
provider_sub: string;
|
|
73
|
+
provider_email: string | null;
|
|
74
|
+
created_at: string;
|
|
75
|
+
}
|
|
76
|
+
/** A tenant-vouched assertion link (from `createResponseFromTenantAssertion`).
|
|
77
|
+
* `last_amr` reflects the tenant provenance (e.g. `["tenant_password"]`),
|
|
78
|
+
* intentionally distinct from Run402-verified amr values. */
|
|
79
|
+
export interface TenantAssertionRef {
|
|
80
|
+
issuer: string;
|
|
81
|
+
last_amr: string[];
|
|
82
|
+
}
|
|
83
|
+
/** The rich account/security read returned by `auth.account.getSecurity()` —
|
|
84
|
+
* distinct from the cheap per-request `auth.user()` Actor. Credentials are
|
|
85
|
+
* qualified to Run402 ownership (`has_run402_password`, `run402_passkey_count`,
|
|
86
|
+
* `run402_identities`) so a tenant-vouched user (no Run402 password) reads
|
|
87
|
+
* `has_run402_password: false`.
|
|
88
|
+
*
|
|
89
|
+
* §4.8 — branch parity with the shipped `GET /auth/v1/user`. Every UI branch
|
|
90
|
+
* the old fields drove is preserved by the ownership-qualified mapping:
|
|
91
|
+
* - `has_password` → `has_run402_password` (set-vs-change password)
|
|
92
|
+
* - `has_passkeys`/`passkey_count` → `run402_passkey_count` (offer "Add passkey")
|
|
93
|
+
* - `has_passkey_for_current_rp` → `has_run402_passkey_for_current_rp`
|
|
94
|
+
* - `identities` → `run402_identities` (connected accounts)
|
|
95
|
+
* - `current_rp_id` → `current_rp_id` (unchanged)
|
|
96
|
+
* Plus the new `passkey_rp_scope` and `tenant_assertions` (tenant provenance,
|
|
97
|
+
* which the old endpoint conflated into `has_password`/`identities`). */
|
|
98
|
+
export interface AccountSecurity {
|
|
99
|
+
user: Actor;
|
|
100
|
+
has_run402_password: boolean;
|
|
101
|
+
run402_passkey_count: number;
|
|
102
|
+
has_run402_passkey_for_current_rp: boolean | null;
|
|
103
|
+
run402_identities: Run402Identity[];
|
|
104
|
+
current_rp_id: string | null;
|
|
105
|
+
passkey_rp_scope: "host" | "realm";
|
|
106
|
+
tenant_assertions: TenantAssertionRef[];
|
|
107
|
+
}
|
|
108
|
+
/** Options for `auth.sessions.createResponseFromTenantAssertion`. Agent-proof
|
|
109
|
+
* by design: the platform derives `issuer: "tenant:<tenant>"` from `tenant`
|
|
110
|
+
* and `amr` from `method` (`"password"` → `tenant_password`, `"sso"` →
|
|
111
|
+
* `tenant_sso`). The agent never hand-builds `issuer`/`amr`; arbitrary amr is
|
|
112
|
+
* available only via the `advanced` escape hatch. */
|
|
113
|
+
export interface CreateResponseFromTenantAssertionOptions {
|
|
114
|
+
/** Short tenant identifier; becomes `issuer: "tenant:<tenant>"`. */
|
|
115
|
+
tenant: string;
|
|
116
|
+
/** The tenant-verified user. Requires a stable `user.id`. */
|
|
117
|
+
user: TenantUser;
|
|
118
|
+
/** The credential class the tenant verified. */
|
|
119
|
+
method: "password" | "sso";
|
|
120
|
+
/** Escape hatch for arbitrary amr values — agents should not need this. */
|
|
121
|
+
advanced?: {
|
|
122
|
+
amr: string[];
|
|
123
|
+
};
|
|
124
|
+
}
|
|
58
125
|
//# sourceMappingURL=types.d.ts.map
|
package/dist/auth/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,WAAW,KAAK;IACpB,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,uDAAuD;IACvD,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED;;;uCAGuC;AACvC,MAAM,MAAM,aAAa,GACrB;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACpE;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEzD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,CAAC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;IACrB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd;;uEAEmE;IACnE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,aAAa,CAAC;CACtB;AAED;;;0EAG0E;AAC1E,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,+EAA+E;AAC/E,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;8DAE8D;AAC9D,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;;;;;;;;;;;;;0EAc0E;AAC1E,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,KAAK,CAAC;IACZ,mBAAmB,EAAE,OAAO,CAAC;IAC7B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,iCAAiC,EAAE,OAAO,GAAG,IAAI,CAAC;IAClD,iBAAiB,EAAE,cAAc,EAAE,CAAC;IACpC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC;IACnC,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;CACzC;AAED;;;;sDAIsD;AACtD,MAAM,WAAW,wCAAwC;IACvD,oEAAoE;IACpE,MAAM,EAAE,MAAM,CAAC;IACf,6DAA6D;IAC7D,IAAI,EAAE,UAAU,CAAC;IACjB,gDAAgD;IAChD,MAAM,EAAE,UAAU,GAAG,KAAK,CAAC;IAC3B,2EAA2E;IAC3E,QAAQ,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;CAC9B"}
|