@sirketio/auth 0.0.1

package/dist/plugins/admin/routes.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.mjs","names":[],"sources":["../../../src/plugins/admin/routes.ts"],"sourcesContent":["import {\n\tcreateAuthEndpoint,\n\tcreateAuthMiddleware,\n} from \"@better-auth/core/api\";\nimport type { Session } from \"@better-auth/core/db\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { whereOperators } from \"@better-auth/core/db/adapter\";\nimport { APIError, BASE_ERROR_CODES } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport { getSessionFromCtx } from \"../../api\";\nimport {\n\tdeleteSessionCookie,\n\texpireCookie,\n\tsetSessionCookie,\n} from \"../../cookies\";\nimport { parseSessionOutput, parseUserOutput } from \"../../db/schema\";\nimport { getDate } from \"../../utils/date\";\nimport type { AccessControl } from \"../access\";\nimport type { defaultStatements } from \"./access\";\nimport { ADMIN_ERROR_CODES } from \"./error-codes\";\nimport { hasPermission } from \"./has-permission\";\nimport type {\n\tAdminOptions,\n\tInferAdminRolesFromOption,\n\tSessionWithImpersonatedBy,\n\tUserWithRole,\n} from \"./types\";\n\n/**\n * Ensures a valid session, if not will throw.\n * Will also provide additional types on the user to include role types.\n */\nconst adminMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session) {\n\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t} as {\n\t\tsession: {\n\t\t\tuser: UserWithRole;\n\t\t\tsession: Session;\n\t\t};\n\t};\n});\n\nfunction parseRoles(roles: string | string[]): string {\n\treturn Array.isArray(roles) ? roles.join(\",\") : roles;\n}\n\nconst setRoleBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role to set. `admin` or `user` by default\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles to set. `admin` or `user` by default\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t\"The role to set, this can be a string or an array of strings. Eg: `admin` or `[admin, user]`\",\n\t\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-role`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setRole`\n *\n * **client:**\n * `authClient.admin.setRole`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-role)\n */\nexport const setRole = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserRole\",\n\t\t\t\t\tsummary: \"Set the role of a user\",\n\t\t\t\t\tdescription: \"Set the role of a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User role updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\tuserId: string;\n\t\t\t\t\t\trole: InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[];\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetRole = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetRole) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst roles = opts.roles;\n\t\t\tif (roles) {\n\t\t\t\tconst inputRoles = Array.isArray(ctx.body.role)\n\t\t\t\t\t? ctx.body.role\n\t\t\t\t\t: [ctx.body.role];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (!roles[role as keyof typeof roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\trole: parseRoles(ctx.body.role),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst getUserQuerySchema = z.object({\n\tid: z.string().meta({\n\t\tdescription: \"The id of the User\",\n\t}),\n});\n\nexport const getUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/get-user\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tquery: getUserQuerySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"getUser\",\n\t\t\t\t\tsummary: \"Get an existing user\",\n\t\t\t\t\tdescription: \"Get an existing user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { id } = ctx.query;\n\n\t\t\tconst canGetUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"get\"],\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tif (!canGetUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_USER,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(id);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\treturn parseUserOutput(ctx.context.options, user) as UserWithRole;\n\t\t},\n\t);\n\nconst createUserBodySchema = z.object({\n\temail: z.string().meta({\n\t\tdescription: \"The email of the user\",\n\t}),\n\tpassword: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The password of the user. If not provided, the user will be created without a credential account (useful for magic link or social login only users).\",\n\t}),\n\tname: z.string().meta({\n\t\tdescription: \"The name of the user\",\n\t}),\n\trole: z\n\t\t.union([\n\t\t\tz.string().meta({\n\t\t\t\tdescription: \"The role of the user\",\n\t\t\t}),\n\t\t\tz.array(\n\t\t\t\tz.string().meta({\n\t\t\t\t\tdescription: \"The roles of user\",\n\t\t\t\t}),\n\t\t\t),\n\t\t])\n\t\t.optional()\n\t\t.meta({\n\t\t\tdescription: `A string or array of strings representing the roles to apply to the new user. Eg: \\\"user\\\"`,\n\t\t}),\n\t/**\n\t * extra fields for user\n\t */\n\tdata: z.record(z.string(), z.any()).optional().meta({\n\t\tdescription:\n\t\t\t\"Extra fields for the user. Including custom additional fields.\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/create-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.createUser`\n *\n * **client:**\n * `authClient.admin.createUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-create-user)\n */\nexport const createUser = <O extends AdminOptions>(opts: O) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/create-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: createUserBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"createUser\",\n\t\t\t\t\tsummary: \"Create a new user\",\n\t\t\t\t\tdescription: \"Create a new user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tpassword?: string | undefined;\n\t\t\t\t\t\tname: string;\n\t\t\t\t\t\trole?:\n\t\t\t\t\t\t\t| (InferAdminRolesFromOption<O> | InferAdminRolesFromOption<O>[])\n\t\t\t\t\t\t\t| undefined;\n\t\t\t\t\t\tdata?: Record<string, any> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<{ role: string }>(ctx);\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow ctx.error(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (session) {\n\t\t\t\tconst canCreateUser = hasPermission({\n\t\t\t\t\tuserId: session.user.id,\n\t\t\t\t\trole: session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canCreateUser) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_USERS,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tconst email = ctx.body.email.toLowerCase();\n\t\t\tconst isValidEmail = z.email().safeParse(email);\n\t\t\tif (!isValidEmail.success) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.INVALID_EMAIL);\n\t\t\t}\n\n\t\t\tconst existUser =\n\t\t\t\tawait ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (existUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.createUser<UserWithRole>({\n\t\t\t\temail: email,\n\t\t\t\tname: ctx.body.name,\n\t\t\t\trole:\n\t\t\t\t\t(ctx.body.role && parseRoles(ctx.body.role)) ??\n\t\t\t\t\topts?.defaultRole ??\n\t\t\t\t\t\"user\",\n\t\t\t\t...ctx.body.data,\n\t\t\t});\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\t// Only create credential account if password is provided\n\t\t\tif (ctx.body.password) {\n\t\t\t\tconst hashedPassword = await ctx.context.password.hash(\n\t\t\t\t\tctx.body.password,\n\t\t\t\t);\n\t\t\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tproviderId: \"credential\",\n\t\t\t\t\tpassword: hashedPassword,\n\t\t\t\t\tuserId: user.id,\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst adminUpdateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\tdata: z.record(z.any(), z.any()).meta({\n\t\tdescription: \"The user data to update\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/update-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.adminUpdateUser`\n *\n * **client:**\n * `authClient.admin.updateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-update-user)\n */\nexport const adminUpdateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/update-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: adminUpdateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"updateUser\",\n\t\t\t\t\tsummary: \"Update a user\",\n\t\t\t\t\tdescription: \"Update a user's details\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User updated\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canUpdateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"update\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canUpdateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (Object.keys(ctx.body.data).length === 0) {\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", ADMIN_ERROR_CODES.NO_DATA_TO_UPDATE);\n\t\t\t}\n\n\t\t\t// Role changes must be guarded by `user:set-role` and validated against the role allow-list.\n\t\t\tif (Object.prototype.hasOwnProperty.call(ctx.body.data, \"role\")) {\n\t\t\t\tconst canSetRole = hasPermission({\n\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\t\toptions: opts,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tuser: [\"set-role\"],\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!canSetRole) {\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CHANGE_USERS_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\n\t\t\t\tconst roleValue = (ctx.body.data as Record<string, any>).role;\n\t\t\t\tconst inputRoles = Array.isArray(roleValue) ? roleValue : [roleValue];\n\t\t\t\tfor (const role of inputRoles) {\n\t\t\t\t\tif (typeof role !== \"string\") {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.INVALID_ROLE_TYPE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\tif (opts.roles && !opts.roles[role as keyof typeof opts.roles]) {\n\t\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_NON_EXISTENT_VALUE,\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t\t(ctx.body.data as Record<string, any>).role = parseRoles(\n\t\t\t\t\tinputRoles as string[],\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\tctx.body.data,\n\t\t\t);\n\n\t\t\treturn ctx.json(\n\t\t\t\tparseUserOutput(ctx.context.options, updatedUser) as UserWithRole,\n\t\t\t);\n\t\t},\n\t);\n\nconst listUsersQuerySchema = z.object({\n\tsearchValue: z.string().optional().meta({\n\t\tdescription: 'The value to search for. Eg: \"some name\"',\n\t}),\n\tsearchField: z\n\t\t.enum([\"email\", \"name\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The field to search in, defaults to email. Can be `email` or `name`. Eg: \"name\"',\n\t\t})\n\t\t.optional(),\n\tsearchOperator: z\n\t\t.enum([\"contains\", \"starts_with\", \"ends_with\"])\n\t\t.meta({\n\t\t\tdescription:\n\t\t\t\t'The operator to use for the search. Can be `contains`, `starts_with` or `ends_with`. Eg: \"contains\"',\n\t\t})\n\t\t.optional(),\n\tlimit: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The number of users to return\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\toffset: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The offset to start from\",\n\t\t})\n\t\t.or(z.number())\n\t\t.optional(),\n\tsortBy: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to sort by\",\n\t\t})\n\t\t.optional(),\n\tsortDirection: z\n\t\t.enum([\"asc\", \"desc\"])\n\t\t.meta({\n\t\t\tdescription: \"The direction to sort by\",\n\t\t})\n\t\t.optional(),\n\tfilterField: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The field to filter by\",\n\t\t})\n\t\t.optional(),\n\tfilterValue: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The value to filter by\",\n\t\t})\n\t\t.or(z.number())\n\t\t.or(z.boolean())\n\t\t.or(z.array(z.string()))\n\t\t.or(z.array(z.number()))\n\t\t.optional(),\n\tfilterOperator: z\n\t\t.enum(whereOperators)\n\t\t.meta({\n\t\t\tdescription: \"The operator to use for the filter\",\n\t\t})\n\t\t.optional(),\n});\n\nexport const listUsers = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-users\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tquery: listUsersQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUsers\",\n\t\t\t\t\tsummary: \"List users\",\n\t\t\t\t\tdescription: \"List users\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of users\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tusers: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\ttotal: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tlimit: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\toffset: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"users\", \"total\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListUsers = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListUsers) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst where: Where[] = [];\n\n\t\t\tif (ctx.query?.searchValue) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.searchField || \"email\",\n\t\t\t\t\toperator: ctx.query.searchOperator || \"contains\",\n\t\t\t\t\tvalue: ctx.query.searchValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\tif (ctx.query?.filterValue !== undefined) {\n\t\t\t\twhere.push({\n\t\t\t\t\tfield: ctx.query.filterField || \"email\",\n\t\t\t\t\toperator: ctx.query.filterOperator || \"eq\",\n\t\t\t\t\tvalue: ctx.query.filterValue,\n\t\t\t\t});\n\t\t\t}\n\n\t\t\ttry {\n\t\t\t\tconst users = await ctx.context.internalAdapter.listUsers(\n\t\t\t\t\tNumber(ctx.query?.limit) || undefined,\n\t\t\t\t\tNumber(ctx.query?.offset) || undefined,\n\t\t\t\t\tctx.query?.sortBy\n\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\tfield: ctx.query.sortBy,\n\t\t\t\t\t\t\t\tdirection: ctx.query.sortDirection || \"asc\",\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t: undefined,\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\tconst total = await ctx.context.internalAdapter.countTotalUsers(\n\t\t\t\t\twhere.length ? where : undefined,\n\t\t\t\t);\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: users.map((user) =>\n\t\t\t\t\t\tparseUserOutput(ctx.context.options, user),\n\t\t\t\t\t) as UserWithRole[],\n\t\t\t\t\ttotal: total,\n\t\t\t\t\tlimit: Number(ctx.query?.limit) || undefined,\n\t\t\t\t\toffset: Number(ctx.query?.offset) || undefined,\n\t\t\t\t});\n\t\t\t} catch {\n\t\t\t\treturn ctx.json({\n\t\t\t\t\tusers: [] as UserWithRole[],\n\t\t\t\t\ttotal: 0,\n\t\t\t\t});\n\t\t\t}\n\t\t},\n\t);\n\nconst listUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/list-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.listUserSessions`\n *\n * **client:**\n * `authClient.admin.listUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-list-user-sessions)\n */\nexport const listUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/list-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [adminMiddleware],\n\t\t\tbody: listUserSessionsBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"listUserSessions\",\n\t\t\t\t\tsummary: \"List user sessions\",\n\t\t\t\t\tdescription: \"List user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"List of user sessions\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsessions: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"array\",\n\t\t\t\t\t\t\t\t\t\t\t\titems: {\n\t\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canListSessions = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"list\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canListSessions) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst sessions: SessionWithImpersonatedBy[] =\n\t\t\t\tawait ctx.context.internalAdapter.listSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsessions: sessions.map((s) =>\n\t\t\t\t\tparseSessionOutput(ctx.context.options, s),\n\t\t\t\t),\n\t\t\t});\n\t\t},\n\t);\n\nconst unbanUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/unban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.unbanUser`\n *\n * **client:**\n * `authClient.admin.unbanUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-unban-user)\n */\nexport const unbanUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/unban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: unbanUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"unbanUser\",\n\t\t\t\t\tsummary: \"Unban a user\",\n\t\t\t\t\tdescription: \"Unban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User unbanned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: false,\n\t\t\t\t\tbanExpires: null,\n\t\t\t\t\tbanReason: null,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst banUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n\t/**\n\t * Reason for the ban\n\t */\n\tbanReason: z\n\t\t.string()\n\t\t.meta({\n\t\t\tdescription: \"The reason for the ban\",\n\t\t})\n\t\t.optional(),\n\t/**\n\t * Number of seconds until the ban expires\n\t */\n\tbanExpiresIn: z\n\t\t.number()\n\t\t.meta({\n\t\t\tdescription: \"The number of seconds until the ban expires\",\n\t\t})\n\t\t.optional(),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/ban-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.banUser`\n *\n * **client:**\n * `authClient.admin.banUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-ban-user)\n */\nexport const banUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/ban-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: banUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"banUser\",\n\t\t\t\t\tsummary: \"Ban a user\",\n\t\t\t\t\tdescription: \"Ban a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User banned\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canBanUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"ban\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canBanUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_BAN_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst foundUser = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!foundUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_BAN_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.updateUser(\n\t\t\t\tctx.body.userId,\n\t\t\t\t{\n\t\t\t\t\tbanned: true,\n\t\t\t\t\tbanReason:\n\t\t\t\t\t\tctx.body.banReason || opts?.defaultBanReason || \"No reason\",\n\t\t\t\t\tbanExpires: ctx.body.banExpiresIn\n\t\t\t\t\t\t? getDate(ctx.body.banExpiresIn, \"sec\")\n\t\t\t\t\t\t: opts?.defaultBanExpiresIn\n\t\t\t\t\t\t\t? getDate(opts.defaultBanExpiresIn, \"sec\")\n\t\t\t\t\t\t\t: undefined,\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t);\n\t\t\t//revoke all sessions\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tuser: parseUserOutput(ctx.context.options, user) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\nconst impersonateUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/impersonate-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.impersonateUser`\n *\n * **client:**\n * `authClient.admin.impersonateUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-impersonate-user)\n */\nexport const impersonateUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/impersonate-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: impersonateUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"impersonateUser\",\n\t\t\t\t\tsummary: \"Impersonate a user\",\n\t\t\t\t\tdescription: \"Impersonate a user\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Impersonation session created\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsession: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/Session\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tuser: {\n\t\t\t\t\t\t\t\t\t\t\t\t$ref: \"#/components/schemas/User\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canImpersonateUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"impersonate\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canImpersonateUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_IMPERSONATE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst targetUser = (await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t)) as UserWithRole | null;\n\n\t\t\tif (!targetUser) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tconst adminRoles = (\n\t\t\t\tArray.isArray(opts.adminRoles)\n\t\t\t\t\t? opts.adminRoles\n\t\t\t\t\t: opts.adminRoles?.split(\",\") || []\n\t\t\t).map((role) => role.trim());\n\t\t\tconst targetUserRole = (\n\t\t\t\ttargetUser.role ||\n\t\t\t\topts.defaultRole ||\n\t\t\t\t\"user\"\n\t\t\t).split(\",\");\n\t\t\tif (\n\t\t\t\topts.allowImpersonatingAdmins !== true &&\n\t\t\t\t(targetUserRole.some((role) => adminRoles.includes(role)) ||\n\t\t\t\t\topts.adminUserIds?.includes(targetUser.id))\n\t\t\t) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_IMPERSONATE_ADMINS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\ttargetUser.id,\n\t\t\t\ttrue,\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: ctx.context.session.user.id,\n\t\t\t\t\texpiresAt: opts?.impersonationSessionDuration\n\t\t\t\t\t\t? getDate(opts.impersonationSessionDuration, \"sec\")\n\t\t\t\t\t\t: getDate(60 * 60, \"sec\"), // 1 hour\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tADMIN_ERROR_CODES.FAILED_TO_CREATE_USER,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst authCookies = ctx.context.authCookies;\n\t\t\tdeleteSessionCookie(ctx);\n\t\t\tconst dontRememberMeCookie = await ctx.getSignedCookie(\n\t\t\t\tctx.context.authCookies.dontRememberToken.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tconst adminCookieProp = ctx.context.createAuthCookie(\"admin_session\");\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tadminCookieProp.name,\n\t\t\t\t`${ctx.context.session.session.token}:${dontRememberMeCookie || \"\"}`,\n\t\t\t\tctx.context.secret,\n\t\t\t\tauthCookies.sessionToken.attributes,\n\t\t\t);\n\t\t\tawait setSessionCookie(\n\t\t\t\tctx,\n\t\t\t\t{\n\t\t\t\t\tsession: session,\n\t\t\t\t\tuser: targetUser,\n\t\t\t\t},\n\t\t\t\ttrue,\n\t\t\t);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: session,\n\t\t\t\tuser: parseUserOutput(ctx.context.options, targetUser) as UserWithRole,\n\t\t\t});\n\t\t},\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/stop-impersonating`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.stopImpersonating`\n *\n * **client:**\n * `authClient.admin.stopImpersonating`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-stop-impersonating)\n */\nexport const stopImpersonating = () =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/stop-impersonating\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\trequireHeaders: true,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = await getSessionFromCtx<\n\t\t\t\t{},\n\t\t\t\t{\n\t\t\t\t\timpersonatedBy: string;\n\t\t\t\t}\n\t\t\t>(ctx);\n\t\t\tif (!session) {\n\t\t\t\tthrow APIError.fromStatus(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session.session.impersonatedBy) {\n\t\t\t\tthrow APIError.fromStatus(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"You are not impersonating anyone\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tsession.session.impersonatedBy,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find user\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst adminSessionCookie = ctx.context.createAuthCookie(\"admin_session\");\n\n\t\t\tconst adminCookie = await ctx.getSignedCookie(\n\t\t\t\tadminSessionCookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\n\t\t\tif (!adminCookie) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst [adminSessionToken, dontRememberMeCookie] = adminCookie?.split(\":\");\n\t\t\tconst adminSession = await ctx.context.internalAdapter.findSession(\n\t\t\t\tadminSessionToken!,\n\t\t\t);\n\t\t\tif (!adminSession || adminSession.session.userId !== user.id) {\n\t\t\t\tthrow APIError.fromStatus(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\t\tmessage: \"Failed to find admin session\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.deleteSession(session.session.token);\n\t\t\tawait setSessionCookie(ctx, adminSession, !!dontRememberMeCookie);\n\t\t\texpireCookie(ctx, adminSessionCookie);\n\t\t\treturn ctx.json({\n\t\t\t\tsession: parseSessionOutput(ctx.context.options, adminSession.session),\n\t\t\t\tuser: parseUserOutput(ctx.context.options, adminSession.user),\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionBodySchema = z.object({\n\tsessionToken: z.string().meta({\n\t\tdescription: \"The session token\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-session`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSession`\n *\n * **client:**\n * `authClient.admin.revokeUserSession`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-session)\n */\nexport const revokeUserSession = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-session\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSession\",\n\t\t\t\t\tsummary: \"Revoke a user session\",\n\t\t\t\t\tdescription: \"Revoke a user session\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Session revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSession(ctx.body.sessionToken);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst revokeUserSessionsBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n/**\n * ### Endpoint\n *\n * POST `/admin/revoke-user-sessions`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.revokeUserSessions`\n *\n * **client:**\n * `authClient.admin.revokeUserSessions`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-revoke-user-sessions)\n */\nexport const revokeUserSessions = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/revoke-user-sessions\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: revokeUserSessionsBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"revokeUserSessions\",\n\t\t\t\t\tsummary: \"Revoke all user sessions\",\n\t\t\t\t\tdescription: \"Revoke all user sessions\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Sessions revoked\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canRevokeSession = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tsession: [\"revoke\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canRevokeSession) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_REVOKE_USERS_SESSIONS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteSessions(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst removeUserBodySchema = z.object({\n\tuserId: z.coerce.string().meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/remove-user`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.removeUser`\n *\n * **client:**\n * `authClient.admin.removeUser`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-remove-user)\n */\nexport const removeUser = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/remove-user\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: removeUserBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"removeUser\",\n\t\t\t\t\tsummary: \"Remove a user\",\n\t\t\t\t\tdescription:\n\t\t\t\t\t\t\"Delete a user and all their sessions and accounts. Cannot be undone.\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"User removed\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst session = ctx.context.session;\n\t\t\tconst canDeleteUser = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"delete\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canDeleteUser) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_USERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.userId === ctx.context.session.user.id) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_CANNOT_REMOVE_YOURSELF,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst user = await ctx.context.internalAdapter.findUserById(\n\t\t\t\tctx.body.userId,\n\t\t\t);\n\n\t\t\tif (!user) {\n\t\t\t\tthrow APIError.from(\"NOT_FOUND\", BASE_ERROR_CODES.USER_NOT_FOUND);\n\t\t\t}\n\n\t\t\tawait ctx.context.internalAdapter.deleteUser(ctx.body.userId);\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst setUserPasswordBodySchema = z.object({\n\tnewPassword: z.string().nonempty(\"newPassword cannot be empty\").meta({\n\t\tdescription: \"The new password\",\n\t}),\n\tuserId: z.coerce.string().nonempty(\"userId cannot be empty\").meta({\n\t\tdescription: \"The user id\",\n\t}),\n});\n\n/**\n * ### Endpoint\n *\n * POST `/admin/set-user-password`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.setUserPassword`\n *\n * **client:**\n * `authClient.admin.setUserPassword`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-set-user-password)\n */\nexport const setUserPassword = (opts: AdminOptions) =>\n\tcreateAuthEndpoint(\n\t\t\"/admin/set-user-password\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: setUserPasswordBodySchema,\n\t\t\tuse: [adminMiddleware],\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\toperationId: \"setUserPassword\",\n\t\t\t\t\tsummary: \"Set a user's password\",\n\t\t\t\t\tdescription: \"Set a user's password\",\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t200: {\n\t\t\t\t\t\t\tdescription: \"Password set\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\tstatus: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst canSetUserPassword = hasPermission({\n\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\trole: ctx.context.session.user.role,\n\t\t\t\toptions: opts,\n\t\t\t\tpermissions: {\n\t\t\t\t\tuser: [\"set-password\"],\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!canSetUserPassword) {\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tADMIN_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_SET_USERS_PASSWORD,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst { newPassword, userId } = ctx.body;\n\t\t\tconst minPasswordLength = ctx.context.password.config.minPasswordLength;\n\t\t\tif (newPassword.length < minPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_SHORT);\n\t\t\t}\n\t\t\tconst maxPasswordLength = ctx.context.password.config.maxPasswordLength;\n\t\t\tif (newPassword.length > maxPasswordLength) {\n\t\t\t\tctx.context.logger.error(\"Password is too long\");\n\t\t\t\tthrow APIError.from(\"BAD_REQUEST\", BASE_ERROR_CODES.PASSWORD_TOO_LONG);\n\t\t\t}\n\t\t\tconst hashedPassword = await ctx.context.password.hash(newPassword);\n\t\t\tawait ctx.context.internalAdapter.updatePassword(userId, hashedPassword);\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t},\n\t);\n\nconst userHasPermissionBodySchema = z\n\t.object({\n\t\tuserId: z.coerce.string().optional().meta({\n\t\t\tdescription: `The user id. Eg: \"user-id\"`,\n\t\t}),\n\t\trole: z.string().optional().meta({\n\t\t\tdescription: `The role to check permission for. Eg: \"admin\"`,\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\tpermissions: z.undefined(),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\tpermission: z.undefined(),\n\t\t\t\tpermissions: z.record(z.string(), z.array(z.string())),\n\t\t\t}),\n\t\t]),\n\t);\n\n/**\n * ### Endpoint\n *\n * POST `/admin/has-permission`\n *\n * ### API Methods\n *\n * **server:**\n * `auth.api.userHasPermission`\n *\n * **client:**\n * `authClient.admin.hasPermission`\n *\n * @see [Read our docs to learn more.](https://better-auth.com/docs/plugins/admin#api-method-admin-has-permission)\n */\nexport const userHasPermission = <O extends AdminOptions>(opts: O) => {\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements =\n\t\tO[\"ac\"] extends AccessControl<infer S> ? S : DefaultStatements;\n\n\ttype PermissionType = {\n\t\t[key in keyof Statements]?: Array<\n\t\t\tStatements[key] extends readonly unknown[]\n\t\t\t\t? Statements[key][number]\n\t\t\t\t: never\n\t\t>;\n\t};\n\ttype PermissionExclusive = {\n\t\tpermissions: PermissionType;\n\t};\n\n\treturn createAuthEndpoint(\n\t\t\"/admin/has-permission\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: userHasPermissionBodySchema,\n\t\t\tmetadata: {\n\t\t\t\topenapi: {\n\t\t\t\t\tdescription: \"Check if the user has permission\",\n\t\t\t\t\trequestBody: {\n\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\tpermissions: {\n\t\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\t\tdescription: \"The permission to check\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\trequired: [\"permissions\"],\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tresponses: {\n\t\t\t\t\t\t\"200\": {\n\t\t\t\t\t\t\tdescription: \"Success\",\n\t\t\t\t\t\t\tcontent: {\n\t\t\t\t\t\t\t\t\"application/json\": {\n\t\t\t\t\t\t\t\t\tschema: {\n\t\t\t\t\t\t\t\t\t\ttype: \"object\",\n\t\t\t\t\t\t\t\t\t\tproperties: {\n\t\t\t\t\t\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\tsuccess: {\n\t\t\t\t\t\t\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\trequired: [\"success\"],\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as PermissionExclusive & {\n\t\t\t\t\t\tuserId?: string | undefined;\n\t\t\t\t\t\trole?: InferAdminRolesFromOption<O> | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!ctx.body?.permissions) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"invalid permission check. no permission(s) were passed.\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = await getSessionFromCtx(ctx);\n\n\t\t\tif (!session && (ctx.request || ctx.headers)) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t\t}\n\t\t\tif (!session && !ctx.body.userId && !ctx.body.role) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user id or role is required\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user =\n\t\t\t\tsession?.user ||\n\t\t\t\t(ctx.body.role\n\t\t\t\t\t? { id: ctx.body.userId || \"\", role: ctx.body.role }\n\t\t\t\t\t: null) ||\n\t\t\t\t(ctx.body.userId\n\t\t\t\t\t? ((await ctx.context.internalAdapter.findUserById(\n\t\t\t\t\t\t\tctx.body.userId as string,\n\t\t\t\t\t\t)) as { role?: string | undefined; id: string })\n\t\t\t\t\t: null);\n\t\t\tif (!user) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"user not found\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst result = hasPermission({\n\t\t\t\tuserId: user.id,\n\t\t\t\trole: user.role,\n\t\t\t\toptions: opts as AdminOptions,\n\t\t\t\tpermissions: ctx.body.permissions as any,\n\t\t\t});\n\t\t\treturn ctx.json({\n\t\t\t\terror: null,\n\t\t\t\tsuccess: result,\n\t\t\t});\n\t\t},\n\t);\n};\n"],"mappings":";;;;;;;;;;;;;;;;;AAgCA,MAAM,kBAAkB,qBAAqB,OAAO,QAAQ;CAC3D,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAC5C,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,QAAO,EACN,SACA;EAMA;AAEF,SAAS,WAAW,OAAkC;AACrD,QAAO,MAAM,QAAQ,MAAM,GAAG,MAAM,KAAK,IAAI,GAAG;;AAGjD,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,iDACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,kDACb,CAAC,CACF,CACD,CAAC,CACD,KAAK,EACL,aACC,gGACD,CAAC;CACH,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAmC,SAC/C,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,gBAAgB;CAChB,KAAK,CAAC,gBAAgB;CACtB,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EAIR;EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAEF,MAAM,QAAQ,KAAK;AACnB,KAAI,OAAO;EACV,MAAM,aAAa,MAAM,QAAQ,IAAI,KAAK,KAAK,GAC5C,IAAI,KAAK,OACT,CAAC,IAAI,KAAK,KAAK;AAClB,OAAK,MAAM,QAAQ,WAClB,KAAI,CAAC,MAAM,MACV,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;CAIJ,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,EACC,MAAM,WAAW,IAAI,KAAK,KAAK,EAC/B,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,YAAY,EACvD,CAAC;EAEH;AAEF,MAAM,qBAAqB,EAAE,OAAO,EACnC,IAAI,EAAE,QAAQ,CAAC,KAAK,EACnB,aAAa,sBACb,CAAC,EACF,CAAC;AAEF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,OAAO;CACP,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,EAAE,OAAO,IAAI;AAWnB,KAAI,CATe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAGD,OAAM,SAAS,KACd,aACA,kBAAkB,gCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAAa,GAAG;AAE/D,KAAI,CAAC,KACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,QAAO,gBAAgB,IAAI,QAAQ,SAAS,KAAK;EAElD;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,OAAO,EAAE,QAAQ,CAAC,KAAK,EACtB,aAAa,yBACb,CAAC;CACF,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aACC,wJACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,wBACb,CAAC;CACF,MAAM,EACJ,MAAM,CACN,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,wBACb,CAAC,EACF,EAAE,MACD,EAAE,QAAQ,CAAC,KAAK,EACf,aAAa,qBACb,CAAC,CACF,CACD,CAAC,CACD,UAAU,CACV,KAAK,EACL,aAAa,8FACb,CAAC;CAIH,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,KAAK,CAAC,CAAC,UAAU,CAAC,KAAK,EACnD,aACC,kEACD,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAsC,SAClD,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,UAAU;EACT,SAAS;GACR,aAAa;GACb,SAAS;GACT,aAAa;GACb,WAAW,EACV,KAAK;IACJ,aAAa;IACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;KACD,EACD,EACD;IACD,EACD;GACD;EACD,QAAQ,EACP,MAAM,EAAE,EASR;EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAAoC,IAAI;AAC9D,KAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,MAAM,eAAe;AAEhC,KAAI,SASH;MAAI,CARkB,cAAc;GACnC,QAAQ,QAAQ,KAAK;GACrB,MAAM,QAAQ,KAAK;GACnB,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;;CAIH,MAAM,QAAQ,IAAI,KAAK,MAAM,aAAa;AAE1C,KAAI,CADiB,EAAE,OAAO,CAAC,UAAU,MAAM,CAC7B,QACjB,OAAM,SAAS,KAAK,eAAe,iBAAiB,cAAc;AAKnE,KADC,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,MAAM,CAExD,OAAM,SAAS,KACd,eACA,kBAAkB,sCAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAAyB;EAChE;EACP,MAAM,IAAI,KAAK;EACf,OACE,IAAI,KAAK,QAAQ,WAAW,IAAI,KAAK,KAAK,KAC3C,MAAM,eACN;EACD,GAAG,IAAI,KAAK;EACZ,CAAC;AAEF,KAAI,CAAC,KACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;AAGF,KAAI,IAAI,KAAK,UAAU;EACtB,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KACjD,IAAI,KAAK,SACT;AACD,QAAM,IAAI,QAAQ,gBAAgB,YAAY;GAC7C,WAAW,KAAK;GAChB,YAAY;GACZ,UAAU;GACV,QAAQ,KAAK;GACb,CAAC;;AAEH,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CACF,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,CAAC,KAAK,EACrC,aAAa,2BACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,OAAO,KAAK,IAAI,KAAK,KAAK,CAAC,WAAW,EACzC,OAAM,SAAS,KAAK,eAAe,kBAAkB,kBAAkB;AAIxE,KAAI,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,MAAM,OAAO,EAAE;AAShE,MAAI,CARe,cAAc;GAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;GACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;GAC/B,SAAS;GACT,aAAa,EACZ,MAAM,CAAC,WAAW,EAClB;GACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;EAGF,MAAM,YAAa,IAAI,KAAK,KAA6B;EACzD,MAAM,aAAa,MAAM,QAAQ,UAAU,GAAG,YAAY,CAAC,UAAU;AACrE,OAAK,MAAM,QAAQ,YAAY;AAC9B,OAAI,OAAO,SAAS,SACnB,OAAM,SAAS,KACd,eACA,kBAAkB,kBAClB;AAEF,OAAI,KAAK,SAAS,CAAC,KAAK,MAAM,MAC7B,OAAM,SAAS,KACd,eACA,kBAAkB,8CAClB;;AAGH,EAAC,IAAI,KAAK,KAA6B,OAAO,WAC7C,WACA;;CAEF,MAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WACrD,IAAI,KAAK,QACT,IAAI,KAAK,KACT;AAED,QAAO,IAAI,KACV,gBAAgB,IAAI,QAAQ,SAAS,YAAY,CACjD;EAEF;AAEF,MAAM,uBAAuB,EAAE,OAAO;CACrC,aAAa,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACvC,aAAa,8CACb,CAAC;CACF,aAAa,EACX,KAAK,CAAC,SAAS,OAAO,CAAC,CACvB,KAAK,EACL,aACC,qFACD,CAAC,CACD,UAAU;CACZ,gBAAgB,EACd,KAAK;EAAC;EAAY;EAAe;EAAY,CAAC,CAC9C,KAAK,EACL,aACC,yGACD,CAAC,CACD,UAAU;CACZ,OAAO,EACL,QAAQ,CACR,KAAK,EACL,aAAa,iCACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,4BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,UAAU;CACZ,QAAQ,EACN,QAAQ,CACR,KAAK,EACL,aAAa,wBACb,CAAC,CACD,UAAU;CACZ,eAAe,EACb,KAAK,CAAC,OAAO,OAAO,CAAC,CACrB,KAAK,EACL,aAAa,4BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CACZ,aAAa,EACX,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,GAAG,EAAE,QAAQ,CAAC,CACd,GAAG,EAAE,SAAS,CAAC,CACf,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,GAAG,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvB,UAAU;CACZ,gBAAgB,EACd,KAAK,eAAe,CACpB,KAAK,EACL,aAAa,sCACb,CAAC,CACD,UAAU;CACZ,CAAC;AAEF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,OAAO;CACP,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,OAAO;MACN,MAAM;MACN,OAAO,EACN,MAAM,6BACN;MACD;KACD,OAAO,EACN,MAAM,UACN;KACD,OAAO,EACN,MAAM,UACN;KACD,QAAQ,EACP,MAAM,UACN;KACD;IACD,UAAU,CAAC,SAAS,QAAQ;IAC5B,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARiB,cAAc;EAClC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,OAAO,EACd;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,kCAClB;CAGF,MAAM,QAAiB,EAAE;AAEzB,KAAI,IAAI,OAAO,YACd,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI,IAAI,OAAO,gBAAgB,OAC9B,OAAM,KAAK;EACV,OAAO,IAAI,MAAM,eAAe;EAChC,UAAU,IAAI,MAAM,kBAAkB;EACtC,OAAO,IAAI,MAAM;EACjB,CAAC;AAGH,KAAI;EACH,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,UAC/C,OAAO,IAAI,OAAO,MAAM,IAAI,QAC5B,OAAO,IAAI,OAAO,OAAO,IAAI,QAC7B,IAAI,OAAO,SACR;GACA,OAAO,IAAI,MAAM;GACjB,WAAW,IAAI,MAAM,iBAAiB;GACtC,GACA,QACH,MAAM,SAAS,QAAQ,OACvB;EACD,MAAM,QAAQ,MAAM,IAAI,QAAQ,gBAAgB,gBAC/C,MAAM,SAAS,QAAQ,OACvB;AACD,SAAO,IAAI,KAAK;GACf,OAAO,MAAM,KAAK,SACjB,gBAAgB,IAAI,QAAQ,SAAS,KAAK,CAC1C;GACM;GACP,OAAO,OAAO,IAAI,OAAO,MAAM,IAAI;GACnC,QAAQ,OAAO,IAAI,OAAO,OAAO,IAAI;GACrC,CAAC;SACK;AACP,SAAO,IAAI,KAAK;GACf,OAAO,EAAE;GACT,OAAO;GACP,CAAC;;EAGJ;AAEF,MAAM,6BAA6B,EAAE,OAAO,EAC3C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,oBAAoB,SAChC,mBACC,6BACA;CACC,QAAQ;CACR,KAAK,CAAC,gBAAgB;CACtB,MAAM;CACN,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,UAAU;KACT,MAAM;KACN,OAAO,EACN,MAAM,gCACN;KACD,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARoB,cAAc;EACrC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,OAAO,EACjB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,2CAClB;CAGF,MAAM,WACL,MAAM,IAAI,QAAQ,gBAAgB,aAAa,IAAI,KAAK,OAAO;AAChE,QAAO,IAAI,KAAK,EACf,UAAU,SAAS,KAAK,MACvB,mBAAmB,IAAI,QAAQ,SAAS,EAAE,CAC1C,EACD,CAAC;EAEH;AAEF,MAAM,sBAAsB,EAAE,OAAO,EACpC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,aAAa,SACzB,mBACC,qBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;CAGF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,YAAY;EACZ,WAAW;EACX,2BAAW,IAAI,MAAM;EACrB,CACD;AACD,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,oBAAoB,EAAE,OAAO;CAClC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC;CAIF,WAAW,EACT,QAAQ,CACR,KAAK,EACL,aAAa,0BACb,CAAC,CACD,UAAU;CAIZ,cAAc,EACZ,QAAQ,CACR,KAAK,EACL,aAAa,+CACb,CAAC,CACD,UAAU;CACZ,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,WAAW,SACvB,mBACC,mBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,MAAM,EACL,MAAM,6BACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARe,cAAc;EAChC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,MAAM,EACb;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,iCAClB;AAOF,KAAI,CAJc,MAAM,IAAI,QAAQ,gBAAgB,aACnD,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,wBAClB;CAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,WAC9C,IAAI,KAAK,QACT;EACC,QAAQ;EACR,WACC,IAAI,KAAK,aAAa,MAAM,oBAAoB;EACjD,YAAY,IAAI,KAAK,eAClB,QAAQ,IAAI,KAAK,cAAc,MAAM,GACrC,MAAM,sBACL,QAAQ,KAAK,qBAAqB,MAAM,GACxC;EACJ,2BAAW,IAAI,MAAM;EACrB,CACD;AAED,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,MAAM,gBAAgB,IAAI,QAAQ,SAAS,KAAK,EAChD,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO,EAC1C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,mBAAmB,SAC/B,mBACC,2BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY;KACX,SAAS,EACR,MAAM,gCACN;KACD,MAAM,EACL,MAAM,6BACN;KACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,cAAc,EACrB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,yCAClB;CAGF,MAAM,aAAc,MAAM,IAAI,QAAQ,gBAAgB,aACrD,IAAI,KAAK,OACT;AAED,KAAI,CAAC,WACJ,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;CAGlE,MAAM,cACL,MAAM,QAAQ,KAAK,WAAW,GAC3B,KAAK,aACL,KAAK,YAAY,MAAM,IAAI,IAAI,EAAE,EACnC,KAAK,SAAS,KAAK,MAAM,CAAC;CAC5B,MAAM,kBACL,WAAW,QACX,KAAK,eACL,QACC,MAAM,IAAI;AACZ,KACC,KAAK,6BAA6B,SACjC,eAAe,MAAM,SAAS,WAAW,SAAS,KAAK,CAAC,IACxD,KAAK,cAAc,SAAS,WAAW,GAAG,EAE3C,OAAM,SAAS,KACd,aACA,kBAAkB,8BAClB;CAGF,MAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB,cACjD,WAAW,IACX,MACA;EACC,gBAAgB,IAAI,QAAQ,QAAQ,KAAK;EACzC,WAAW,MAAM,+BACd,QAAQ,KAAK,8BAA8B,MAAM,GACjD,QAAQ,MAAS,MAAM;EAC1B,EACD,KACA;AACD,KAAI,CAAC,QACJ,OAAM,SAAS,KACd,yBACA,kBAAkB,sBAClB;CAEF,MAAM,cAAc,IAAI,QAAQ;AAChC,qBAAoB,IAAI;CACxB,MAAM,uBAAuB,MAAM,IAAI,gBACtC,IAAI,QAAQ,YAAY,kBAAkB,MAC1C,IAAI,QAAQ,OACZ;CACD,MAAM,kBAAkB,IAAI,QAAQ,iBAAiB,gBAAgB;AACrE,OAAM,IAAI,gBACT,gBAAgB,MAChB,GAAG,IAAI,QAAQ,QAAQ,QAAQ,MAAM,GAAG,wBAAwB,MAChE,IAAI,QAAQ,QACZ,YAAY,aAAa,WACzB;AACD,OAAM,iBACL,KACA;EACU;EACT,MAAM;EACN,EACD,KACA;AACD,QAAO,IAAI,KAAK;EACN;EACT,MAAM,gBAAgB,IAAI,QAAQ,SAAS,WAAW;EACtD,CAAC;EAEH;;;;;;;;;;;;;;;;AAiBF,MAAa,0BACZ,mBACC,6BACA;CACC,QAAQ;CACR,gBAAgB;CAChB,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,MAAM,kBAKpB,IAAI;AACN,KAAI,CAAC,QACJ,OAAM,SAAS,WAAW,eAAe;AAE1C,KAAI,CAAC,QAAQ,QAAQ,eACpB,OAAM,SAAS,WAAW,eAAe,EACxC,SAAS,oCACT,CAAC;CAEH,MAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,QAAQ,QAAQ,eAChB;AACD,KAAI,CAAC,KACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,uBACT,CAAC;CAEH,MAAM,qBAAqB,IAAI,QAAQ,iBAAiB,gBAAgB;CAExE,MAAM,cAAc,MAAM,IAAI,gBAC7B,mBAAmB,MACnB,IAAI,QAAQ,OACZ;AAED,KAAI,CAAC,YACJ,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;CAEH,MAAM,CAAC,mBAAmB,wBAAwB,aAAa,MAAM,IAAI;CACzE,MAAM,eAAe,MAAM,IAAI,QAAQ,gBAAgB,YACtD,kBACA;AACD,KAAI,CAAC,gBAAgB,aAAa,QAAQ,WAAW,KAAK,GACzD,OAAM,SAAS,WAAW,yBAAyB,EAClD,SAAS,gCACT,CAAC;AAEH,OAAM,IAAI,QAAQ,gBAAgB,cAAc,QAAQ,QAAQ,MAAM;AACtE,OAAM,iBAAiB,KAAK,cAAc,CAAC,CAAC,qBAAqB;AACjE,cAAa,KAAK,mBAAmB;AACrC,QAAO,IAAI,KAAK;EACf,SAAS,mBAAmB,IAAI,QAAQ,SAAS,aAAa,QAAQ;EACtE,MAAM,gBAAgB,IAAI,QAAQ,SAAS,aAAa,KAAK;EAC7D,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAAE,OAAO,EAC5C,cAAc,EAAE,QAAQ,CAAC,KAAK,EAC7B,aAAa,qBACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,qBAAqB,SACjC,mBACC,8BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,cAAc,IAAI,KAAK,aAAa;AACtE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,+BAA+B,EAAE,OAAO,EAC7C,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAgBF,MAAa,sBAAsB,SAClC,mBACC,+BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARqB,cAAc;EACtC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,SAAS,CAAC,SAAS,EACnB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,6CAClB;AAGF,OAAM,IAAI,QAAQ,gBAAgB,eAAe,IAAI,KAAK,OAAO;AACjE,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,uBAAuB,EAAE,OAAO,EACrC,QAAQ,EAAE,OAAO,QAAQ,CAAC,KAAK,EAC9B,aAAa,eACb,CAAC,EACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,cAAc,SAC1B,mBACC,sBACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aACC;EACD,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,SAAS,EACR,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;CACd,MAAM,UAAU,IAAI,QAAQ;AAS5B,KAAI,CARkB,cAAc;EACnC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,QAAQ,KAAK;EACnB,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,SAAS,EAChB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,oCAClB;AAGF,KAAI,IAAI,KAAK,WAAW,IAAI,QAAQ,QAAQ,KAAK,GAChD,OAAM,SAAS,KACd,eACA,kBAAkB,2BAClB;AAOF,KAAI,CAJS,MAAM,IAAI,QAAQ,gBAAgB,aAC9C,IAAI,KAAK,OACT,CAGA,OAAM,SAAS,KAAK,aAAa,iBAAiB,eAAe;AAGlE,OAAM,IAAI,QAAQ,gBAAgB,WAAW,IAAI,KAAK,OAAO;AAC7D,QAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;EAEH;AAEF,MAAM,4BAA4B,EAAE,OAAO;CAC1C,aAAa,EAAE,QAAQ,CAAC,SAAS,8BAA8B,CAAC,KAAK,EACpE,aAAa,oBACb,CAAC;CACF,QAAQ,EAAE,OAAO,QAAQ,CAAC,SAAS,yBAAyB,CAAC,KAAK,EACjE,aAAa,eACb,CAAC;CACF,CAAC;;;;;;;;;;;;;;;;AAiBF,MAAa,mBAAmB,SAC/B,mBACC,4BACA;CACC,QAAQ;CACR,MAAM;CACN,KAAK,CAAC,gBAAgB;CACtB,UAAU,EACT,SAAS;EACR,aAAa;EACb,SAAS;EACT,aAAa;EACb,WAAW,EACV,KAAK;GACJ,aAAa;GACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;IACP,MAAM;IACN,YAAY,EACX,QAAQ,EACP,MAAM,WACN,EACD;IACD,EACD,EACD;GACD,EACD;EACD,EACD;CACD,EACD,OAAO,QAAQ;AASd,KAAI,CARuB,cAAc;EACxC,QAAQ,IAAI,QAAQ,QAAQ,KAAK;EACjC,MAAM,IAAI,QAAQ,QAAQ,KAAK;EAC/B,SAAS;EACT,aAAa,EACZ,MAAM,CAAC,eAAe,EACtB;EACD,CAAC,CAED,OAAM,SAAS,KACd,aACA,kBAAkB,0CAClB;CAGF,MAAM,EAAE,aAAa,WAAW,IAAI;CACpC,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,wBAAwB;AACjD,QAAM,SAAS,KAAK,eAAe,iBAAiB,mBAAmB;;CAExE,MAAM,oBAAoB,IAAI,QAAQ,SAAS,OAAO;AACtD,KAAI,YAAY,SAAS,mBAAmB;AAC3C,MAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,QAAM,SAAS,KAAK,eAAe,iBAAiB,kBAAkB;;CAEvE,MAAM,iBAAiB,MAAM,IAAI,QAAQ,SAAS,KAAK,YAAY;AACnE,OAAM,IAAI,QAAQ,gBAAgB,eAAe,QAAQ,eAAe;AACxE,QAAO,IAAI,KAAK,EACf,QAAQ,MACR,CAAC;EAEH;AAEF,MAAM,8BAA8B,EAClC,OAAO;CACP,QAAQ,EAAE,OAAO,QAAQ,CAAC,UAAU,CAAC,KAAK,EACzC,aAAa,8BACb,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAChC,aAAa,iDACb,CAAC;CACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO;CACR,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACrD,aAAa,EAAE,WAAW;CAC1B,CAAC,EACF,EAAE,OAAO;CACR,YAAY,EAAE,WAAW;CACzB,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;CACtD,CAAC,CACF,CAAC,CACF;;;;;;;;;;;;;;;;AAiBF,MAAa,qBAA6C,SAAY;AAgBrE,QAAO,mBACN,yBACA;EACC,QAAQ;EACR,MAAM;EACN,UAAU;GACT,SAAS;IACR,aAAa;IACb,aAAa,EACZ,SAAS,EACR,oBAAoB,EACnB,QAAQ;KACP,MAAM;KACN,YAAY,EACX,aAAa;MACZ,MAAM;MACN,aAAa;MACb,EACD;KACD,UAAU,CAAC,cAAc;KACzB,EACD,EACD,EACD;IACD,WAAW,EACV,OAAO;KACN,aAAa;KACb,SAAS,EACR,oBAAoB,EACnB,QAAQ;MACP,MAAM;MACN,YAAY;OACX,OAAO,EACN,MAAM,UACN;OACD,SAAS,EACR,MAAM,WACN;OACD;MACD,UAAU,CAAC,UAAU;MACrB,EACD,EACD;KACD,EACD;IACD;GACD,QAAQ,EACP,MAAM,EAAE,EAIR;GACD;EACD,EACD,OAAO,QAAQ;AACd,MAAI,CAAC,IAAI,MAAM,YACd,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,2DACT,CAAC;EAEH,MAAM,UAAU,MAAM,kBAAkB,IAAI;AAE5C,MAAI,CAAC,YAAY,IAAI,WAAW,IAAI,SACnC,OAAM,IAAI,SAAS,eAAe;AAEnC,MAAI,CAAC,WAAW,CAAC,IAAI,KAAK,UAAU,CAAC,IAAI,KAAK,KAC7C,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,+BACT,CAAC;EAEH,MAAM,OACL,SAAS,SACR,IAAI,KAAK,OACP;GAAE,IAAI,IAAI,KAAK,UAAU;GAAI,MAAM,IAAI,KAAK;GAAM,GAClD,UACF,IAAI,KAAK,SACL,MAAM,IAAI,QAAQ,gBAAgB,aACpC,IAAI,KAAK,OACT,GACA;AACJ,MAAI,CAAC,KACJ,OAAM,IAAI,SAAS,eAAe,EACjC,SAAS,kBACT,CAAC;EAEH,MAAM,SAAS,cAAc;GAC5B,QAAQ,KAAK;GACb,MAAM,KAAK;GACX,SAAS;GACT,aAAa,IAAI,KAAK;GACtB,CAAC;AACF,SAAO,IAAI,KAAK;GACf,OAAO;GACP,SAAS;GACT,CAAC;GAEH"}

package/dist/plugins/admin/schema.d.mts

@@ -0,0 +1,40 @@
+//#region src/plugins/admin/schema.d.ts
+declare const schema: {
+  user: {
+    fields: {
+      role: {
+        type: "string";
+        required: false;
+        input: false;
+      };
+      banned: {
+        type: "boolean";
+        defaultValue: false;
+        required: false;
+        input: false;
+      };
+      banReason: {
+        type: "string";
+        required: false;
+        input: false;
+      };
+      banExpires: {
+        type: "date";
+        required: false;
+        input: false;
+      };
+    };
+  };
+  session: {
+    fields: {
+      impersonatedBy: {
+        type: "string";
+        required: false;
+      };
+    };
+  };
+};
+type AdminSchema = typeof schema;
+//#endregion
+export { AdminSchema };
+//# sourceMappingURL=schema.d.mts.map

package/dist/plugins/admin/schema.mjs

@@ -0,0 +1,34 @@
+//#region src/plugins/admin/schema.ts
+const schema = {
+	user: { fields: {
+		role: {
+			type: "string",
+			required: false,
+			input: false
+		},
+		banned: {
+			type: "boolean",
+			defaultValue: false,
+			required: false,
+			input: false
+		},
+		banReason: {
+			type: "string",
+			required: false,
+			input: false
+		},
+		banExpires: {
+			type: "date",
+			required: false,
+			input: false
+		}
+	} },
+	session: { fields: { impersonatedBy: {
+		type: "string",
+		required: false
+	} } }
+};
+
+//#endregion
+export { schema };
+//# sourceMappingURL=schema.mjs.map

package/dist/plugins/admin/schema.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.mjs","names":[],"sources":["../../../src/plugins/admin/schema.ts"],"sourcesContent":["import type { BetterAuthPluginDBSchema } from \"@better-auth/core/db\";\n\nexport const schema = {\n\tuser: {\n\t\tfields: {\n\t\t\trole: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanned: {\n\t\t\t\ttype: \"boolean\",\n\t\t\t\tdefaultValue: false,\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanReason: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t\tbanExpires: {\n\t\t\t\ttype: \"date\",\n\t\t\t\trequired: false,\n\t\t\t\tinput: false,\n\t\t\t},\n\t\t},\n\t},\n\tsession: {\n\t\tfields: {\n\t\t\timpersonatedBy: {\n\t\t\t\ttype: \"string\",\n\t\t\t\trequired: false,\n\t\t\t},\n\t\t},\n\t},\n} satisfies BetterAuthPluginDBSchema;\n\nexport type AdminSchema = typeof schema;\n"],"mappings":";AAEA,MAAa,SAAS;CACrB,MAAM,EACL,QAAQ;EACP,MAAM;GACL,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,QAAQ;GACP,MAAM;GACN,cAAc;GACd,UAAU;GACV,OAAO;GACP;EACD,WAAW;GACV,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,YAAY;GACX,MAAM;GACN,UAAU;GACV,OAAO;GACP;EACD,EACD;CACD,SAAS,EACR,QAAQ,EACP,gBAAgB;EACf,MAAM;EACN,UAAU;EACV,EACD,EACD;CACD"}

package/dist/plugins/admin/types.d.mts

@@ -0,0 +1,89 @@
+import { Session, User } from "../../types/models.mjs";
+import { InferOptionSchema } from "../../types/plugins.mjs";
+import "../../types/index.mjs";
+import { AccessControl, Role } from "../access/types.mjs";
+import "../access/index.mjs";
+import { AdminSchema } from "./schema.mjs";
+
+//#region src/plugins/admin/types.d.ts
+interface UserWithRole extends User {
+  role?: string | undefined;
+  banned: boolean | null;
+  banReason?: (string | null) | undefined;
+  banExpires?: (Date | null) | undefined;
+}
+interface SessionWithImpersonatedBy extends Session {
+  impersonatedBy?: string | undefined;
+}
+interface AdminOptions {
+  /**
+   * The default role for a user
+   *
+   * @default "user"
+   */
+  defaultRole?: string | undefined;
+  /**
+   * Roles that are considered admin roles.
+   *
+   * Any user role that isn't in this list, even if they have the permission,
+   * will not be considered an admin.
+   *
+   * @default ["admin"]
+   */
+  adminRoles?: (string | string[]) | undefined;
+  /**
+   * A default ban reason
+   *
+   * By default, no reason is provided
+   */
+  defaultBanReason?: string | undefined;
+  /**
+   * Number of seconds until the ban expires
+   *
+   * By default, the ban never expires
+   */
+  defaultBanExpiresIn?: number | undefined;
+  /**
+   * Duration of the impersonation session in seconds
+   *
+   * By default, the impersonation session lasts 1 hour
+   */
+  impersonationSessionDuration?: number | undefined;
+  /**
+   * Custom schema for the admin plugin
+   */
+  schema?: InferOptionSchema<AdminSchema> | undefined;
+  /**
+   * Configure the roles and permissions for the admin
+   * plugin.
+   */
+  ac?: AccessControl | undefined;
+  /**
+   * Custom permissions for roles.
+   */
+  roles?: { [key in string]?: Role } | undefined;
+  /**
+   * List of user ids that should have admin access
+   *
+   * If this is set, the `adminRole` option is ignored
+   */
+  adminUserIds?: string[] | undefined;
+  /**
+   * Message to show when a user is banned
+   *
+   * By default, the message is "You have been banned from this application"
+   */
+  bannedUserMessage?: string | undefined;
+  /**
+   * Whether to allow impersonating other admins
+   *
+   * @default false
+   */
+  allowImpersonatingAdmins?: boolean | undefined;
+}
+type InferAdminRolesFromOption<O extends AdminOptions | undefined> = O extends {
+  roles: Record<string, unknown>;
+} ? keyof O["roles"] : "user" | "admin";
+//#endregion
+export { AdminOptions, InferAdminRolesFromOption, SessionWithImpersonatedBy, UserWithRole };
+//# sourceMappingURL=types.d.mts.map