npm - @sirketio/auth - Versions diffs - 0.0.1 - Mend

@sirketio/auth 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (594) hide show

package/dist/_virtual/_rolldown/runtime.mjs +36 -0
package/dist/adapter/index.d.mts +4 -0
package/dist/adapter/index.mjs +7 -0
package/dist/api/index.d.mts +3872 -0
package/dist/api/index.mjs +206 -0
package/dist/api/index.mjs.map +1 -0
package/dist/api/middlewares/index.d.mts +1 -0
package/dist/api/middlewares/index.mjs +3 -0
package/dist/api/middlewares/origin-check.d.mts +18 -0
package/dist/api/middlewares/origin-check.mjs +140 -0
package/dist/api/middlewares/origin-check.mjs.map +1 -0
package/dist/api/rate-limiter/index.mjs +204 -0
package/dist/api/rate-limiter/index.mjs.map +1 -0
package/dist/api/routes/account.d.mts +410 -0
package/dist/api/routes/account.mjs +493 -0
package/dist/api/routes/account.mjs.map +1 -0
package/dist/api/routes/callback.d.mts +31 -0
package/dist/api/routes/callback.mjs +179 -0
package/dist/api/routes/callback.mjs.map +1 -0
package/dist/api/routes/email-verification.d.mts +161 -0
package/dist/api/routes/email-verification.mjs +299 -0
package/dist/api/routes/email-verification.mjs.map +1 -0
package/dist/api/routes/error.d.mts +28 -0
package/dist/api/routes/error.mjs +386 -0
package/dist/api/routes/error.mjs.map +1 -0
package/dist/api/routes/index.d.mts +11 -0
package/dist/api/routes/index.mjs +13 -0
package/dist/api/routes/ok.d.mts +36 -0
package/dist/api/routes/ok.mjs +30 -0
package/dist/api/routes/ok.mjs.map +1 -0
package/dist/api/routes/password.d.mts +182 -0
package/dist/api/routes/password.mjs +198 -0
package/dist/api/routes/password.mjs.map +1 -0
package/dist/api/routes/session.d.mts +415 -0
package/dist/api/routes/session.mjs +483 -0
package/dist/api/routes/session.mjs.map +1 -0
package/dist/api/routes/sign-in.d.mts +171 -0
package/dist/api/routes/sign-in.mjs +263 -0
package/dist/api/routes/sign-in.mjs.map +1 -0
package/dist/api/routes/sign-out.d.mts +36 -0
package/dist/api/routes/sign-out.mjs +33 -0
package/dist/api/routes/sign-out.mjs.map +1 -0
package/dist/api/routes/sign-up.d.mts +160 -0
package/dist/api/routes/sign-up.mjs +227 -0
package/dist/api/routes/sign-up.mjs.map +1 -0
package/dist/api/routes/update-user.d.mts +445 -0
package/dist/api/routes/update-user.mjs +493 -0
package/dist/api/routes/update-user.mjs.map +1 -0
package/dist/api/state/oauth.d.mts +18 -0
package/dist/api/state/oauth.mjs +8 -0
package/dist/api/state/oauth.mjs.map +1 -0
package/dist/api/state/should-session-refresh.d.mts +13 -0
package/dist/api/state/should-session-refresh.mjs +16 -0
package/dist/api/state/should-session-refresh.mjs.map +1 -0
package/dist/api/to-auth-endpoints.mjs +197 -0
package/dist/api/to-auth-endpoints.mjs.map +1 -0
package/dist/auth/base.mjs +45 -0
package/dist/auth/base.mjs.map +1 -0
package/dist/auth/minimal.d.mts +12 -0
package/dist/auth/minimal.mjs +14 -0
package/dist/auth/minimal.mjs.map +1 -0
package/dist/auth/trusted-origins.mjs +31 -0
package/dist/auth/trusted-origins.mjs.map +1 -0
package/dist/client/broadcast-channel.d.mts +20 -0
package/dist/client/broadcast-channel.mjs +46 -0
package/dist/client/broadcast-channel.mjs.map +1 -0
package/dist/client/config.mjs +90 -0
package/dist/client/config.mjs.map +1 -0
package/dist/client/fetch-plugins.mjs +18 -0
package/dist/client/fetch-plugins.mjs.map +1 -0
package/dist/client/focus-manager.d.mts +11 -0
package/dist/client/focus-manager.mjs +32 -0
package/dist/client/focus-manager.mjs.map +1 -0
package/dist/client/index.d.mts +33 -0
package/dist/client/index.mjs +21 -0
package/dist/client/index.mjs.map +1 -0
package/dist/client/online-manager.d.mts +12 -0
package/dist/client/online-manager.mjs +35 -0
package/dist/client/online-manager.mjs.map +1 -0
package/dist/client/parser.mjs +73 -0
package/dist/client/parser.mjs.map +1 -0
package/dist/client/path-to-object.d.mts +65 -0
package/dist/client/plugins/index.d.mts +53 -0
package/dist/client/plugins/index.mjs +30 -0
package/dist/client/plugins/infer-plugin.d.mts +16 -0
package/dist/client/plugins/infer-plugin.mjs +11 -0
package/dist/client/plugins/infer-plugin.mjs.map +1 -0
package/dist/client/proxy.mjs +79 -0
package/dist/client/proxy.mjs.map +1 -0
package/dist/client/query.d.mts +23 -0
package/dist/client/query.mjs +98 -0
package/dist/client/query.mjs.map +1 -0
package/dist/client/react/index.d.mts +128 -0
package/dist/client/react/index.mjs +24 -0
package/dist/client/react/index.mjs.map +1 -0
package/dist/client/react/react-store.d.mts +47 -0
package/dist/client/react/react-store.mjs +47 -0
package/dist/client/react/react-store.mjs.map +1 -0
package/dist/client/session-atom.mjs +29 -0
package/dist/client/session-atom.mjs.map +1 -0
package/dist/client/session-refresh.d.mts +28 -0
package/dist/client/session-refresh.mjs +140 -0
package/dist/client/session-refresh.mjs.map +1 -0
package/dist/client/types.d.mts +41 -0
package/dist/client/vanilla.d.mts +127 -0
package/dist/client/vanilla.mjs +20 -0
package/dist/client/vanilla.mjs.map +1 -0
package/dist/context/create-context.mjs +211 -0
package/dist/context/create-context.mjs.map +1 -0
package/dist/context/helpers.mjs +83 -0
package/dist/context/helpers.mjs.map +1 -0
package/dist/context/init.mjs +20 -0
package/dist/context/init.mjs.map +1 -0
package/dist/cookies/cookie-utils.d.mts +29 -0
package/dist/cookies/cookie-utils.mjs +105 -0
package/dist/cookies/cookie-utils.mjs.map +1 -0
package/dist/cookies/index.d.mts +121 -0
package/dist/cookies/index.mjs +261 -0
package/dist/cookies/index.mjs.map +1 -0
package/dist/cookies/session-store.d.mts +36 -0
package/dist/cookies/session-store.mjs +200 -0
package/dist/cookies/session-store.mjs.map +1 -0
package/dist/crypto/buffer.d.mts +8 -0
package/dist/crypto/buffer.mjs +18 -0
package/dist/crypto/buffer.mjs.map +1 -0
package/dist/crypto/index.d.mts +27 -0
package/dist/crypto/index.mjs +38 -0
package/dist/crypto/index.mjs.map +1 -0
package/dist/crypto/jwt.d.mts +8 -0
package/dist/crypto/jwt.mjs +95 -0
package/dist/crypto/jwt.mjs.map +1 -0
package/dist/crypto/password.d.mts +12 -0
package/dist/crypto/password.mjs +36 -0
package/dist/crypto/password.mjs.map +1 -0
package/dist/crypto/random.d.mts +5 -0
package/dist/crypto/random.mjs +8 -0
package/dist/crypto/random.mjs.map +1 -0
package/dist/db/adapter-base.d.mts +8 -0
package/dist/db/adapter-base.mjs +19 -0
package/dist/db/adapter-base.mjs.map +1 -0
package/dist/db/field-converter.d.mts +8 -0
package/dist/db/field-converter.mjs +21 -0
package/dist/db/field-converter.mjs.map +1 -0
package/dist/db/field.d.mts +42 -0
package/dist/db/get-schema.d.mts +11 -0
package/dist/db/get-schema.mjs +39 -0
package/dist/db/get-schema.mjs.map +1 -0
package/dist/db/index.d.mts +18 -0
package/dist/db/index.mjs +34 -0
package/dist/db/index.mjs.map +1 -0
package/dist/db/internal-adapter.d.mts +14 -0
package/dist/db/internal-adapter.mjs +616 -0
package/dist/db/internal-adapter.mjs.map +1 -0
package/dist/db/schema.d.mts +49 -0
package/dist/db/schema.mjs +118 -0
package/dist/db/schema.mjs.map +1 -0
package/dist/db/to-zod.d.mts +36 -0
package/dist/db/to-zod.mjs +26 -0
package/dist/db/to-zod.mjs.map +1 -0
package/dist/db/verification-token-storage.mjs +28 -0
package/dist/db/verification-token-storage.mjs.map +1 -0
package/dist/db/with-hooks.d.mts +33 -0
package/dist/db/with-hooks.mjs +159 -0
package/dist/db/with-hooks.mjs.map +1 -0
package/dist/index.d.mts +53 -0
package/dist/index.mjs +27 -0
package/dist/integrations/next-js.d.mts +29 -0
package/dist/integrations/next-js.mjs +85 -0
package/dist/integrations/next-js.mjs.map +1 -0
package/dist/oauth2/index.d.mts +5 -0
package/dist/oauth2/index.mjs +7 -0
package/dist/oauth2/link-account.d.mts +48 -0
package/dist/oauth2/link-account.mjs +143 -0
package/dist/oauth2/link-account.mjs.map +1 -0
package/dist/oauth2/state.d.mts +26 -0
package/dist/oauth2/state.mjs +51 -0
package/dist/oauth2/state.mjs.map +1 -0
package/dist/oauth2/utils.d.mts +8 -0
package/dist/oauth2/utils.mjs +31 -0
package/dist/oauth2/utils.mjs.map +1 -0
package/dist/plugins/access/access.d.mts +30 -0
package/dist/plugins/access/access.mjs +46 -0
package/dist/plugins/access/access.mjs.map +1 -0
package/dist/plugins/access/index.d.mts +3 -0
package/dist/plugins/access/index.mjs +3 -0
package/dist/plugins/access/types.d.mts +17 -0
package/dist/plugins/additional-fields/client.d.mts +96 -0
package/dist/plugins/additional-fields/client.mjs +11 -0
package/dist/plugins/additional-fields/client.mjs.map +1 -0
package/dist/plugins/admin/access/index.d.mts +2 -0
package/dist/plugins/admin/access/index.mjs +3 -0
package/dist/plugins/admin/access/statement.d.mts +118 -0
package/dist/plugins/admin/access/statement.mjs +53 -0
package/dist/plugins/admin/access/statement.mjs.map +1 -0
package/dist/plugins/admin/admin.d.mts +911 -0
package/dist/plugins/admin/admin.mjs +95 -0
package/dist/plugins/admin/admin.mjs.map +1 -0
package/dist/plugins/admin/client.d.mts +76 -0
package/dist/plugins/admin/client.mjs +36 -0
package/dist/plugins/admin/client.mjs.map +1 -0
package/dist/plugins/admin/error-codes.d.mts +29 -0
package/dist/plugins/admin/error-codes.mjs +30 -0
package/dist/plugins/admin/error-codes.mjs.map +1 -0
package/dist/plugins/admin/has-permission.mjs +16 -0
package/dist/plugins/admin/has-permission.mjs.map +1 -0
package/dist/plugins/admin/index.d.mts +3 -0
package/dist/plugins/admin/index.mjs +3 -0
package/dist/plugins/admin/routes.mjs +841 -0
package/dist/plugins/admin/routes.mjs.map +1 -0
package/dist/plugins/admin/schema.d.mts +40 -0
package/dist/plugins/admin/schema.mjs +34 -0
package/dist/plugins/admin/schema.mjs.map +1 -0
package/dist/plugins/admin/types.d.mts +89 -0
package/dist/plugins/api-key/adapter.mjs +468 -0
package/dist/plugins/api-key/adapter.mjs.map +1 -0
package/dist/plugins/api-key/client.d.mts +46 -0
package/dist/plugins/api-key/client.mjs +19 -0
package/dist/plugins/api-key/client.mjs.map +1 -0
package/dist/plugins/api-key/error-codes.d.mts +33 -0
package/dist/plugins/api-key/error-codes.mjs +34 -0
package/dist/plugins/api-key/error-codes.mjs.map +1 -0
package/dist/plugins/api-key/index.d.mts +1251 -0
package/dist/plugins/api-key/index.mjs +134 -0
package/dist/plugins/api-key/index.mjs.map +1 -0
package/dist/plugins/api-key/rate-limit.mjs +74 -0
package/dist/plugins/api-key/rate-limit.mjs.map +1 -0
package/dist/plugins/api-key/routes/create-api-key.mjs +252 -0
package/dist/plugins/api-key/routes/create-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs +24 -0
package/dist/plugins/api-key/routes/delete-all-expired-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs +74 -0
package/dist/plugins/api-key/routes/delete-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/get-api-key.mjs +158 -0
package/dist/plugins/api-key/routes/get-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/index.mjs +71 -0
package/dist/plugins/api-key/routes/index.mjs.map +1 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs +194 -0
package/dist/plugins/api-key/routes/list-api-keys.mjs.map +1 -0
package/dist/plugins/api-key/routes/update-api-key.mjs +248 -0
package/dist/plugins/api-key/routes/update-api-key.mjs.map +1 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs +224 -0
package/dist/plugins/api-key/routes/verify-api-key.mjs.map +1 -0
package/dist/plugins/api-key/schema.d.mts +199 -0
package/dist/plugins/api-key/schema.mjs +130 -0
package/dist/plugins/api-key/schema.mjs.map +1 -0
package/dist/plugins/api-key/types.d.mts +346 -0
package/dist/plugins/bearer/index.d.mts +45 -0
package/dist/plugins/bearer/index.mjs +66 -0
package/dist/plugins/bearer/index.mjs.map +1 -0
package/dist/plugins/captcha/constants.d.mts +10 -0
package/dist/plugins/captcha/constants.mjs +22 -0
package/dist/plugins/captcha/constants.mjs.map +1 -0
package/dist/plugins/captcha/error-codes.mjs +16 -0
package/dist/plugins/captcha/error-codes.mjs.map +1 -0
package/dist/plugins/captcha/index.d.mts +21 -0
package/dist/plugins/captcha/index.mjs +62 -0
package/dist/plugins/captcha/index.mjs.map +1 -0
package/dist/plugins/captcha/types.d.mts +28 -0
package/dist/plugins/captcha/utils.mjs +11 -0
package/dist/plugins/captcha/utils.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs +28 -0
package/dist/plugins/captcha/verify-handlers/captchafox.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs +26 -0
package/dist/plugins/captcha/verify-handlers/cloudflare-turnstile.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs +30 -0
package/dist/plugins/captcha/verify-handlers/google-recaptcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs +28 -0
package/dist/plugins/captcha/verify-handlers/h-captcha.mjs.map +1 -0
package/dist/plugins/captcha/verify-handlers/index.mjs +6 -0
package/dist/plugins/custom-session/client.d.mts +17 -0
package/dist/plugins/custom-session/client.mjs +11 -0
package/dist/plugins/custom-session/client.mjs.map +1 -0
package/dist/plugins/custom-session/index.d.mts +72 -0
package/dist/plugins/custom-session/index.mjs +78 -0
package/dist/plugins/custom-session/index.mjs.map +1 -0
package/dist/plugins/device-authorization/client.d.mts +17 -0
package/dist/plugins/device-authorization/client.mjs +18 -0
package/dist/plugins/device-authorization/client.mjs.map +1 -0
package/dist/plugins/device-authorization/error-codes.mjs +21 -0
package/dist/plugins/device-authorization/error-codes.mjs.map +1 -0
package/dist/plugins/device-authorization/index.d.mts +424 -0
package/dist/plugins/device-authorization/index.mjs +50 -0
package/dist/plugins/device-authorization/index.mjs.map +1 -0
package/dist/plugins/device-authorization/routes.mjs +510 -0
package/dist/plugins/device-authorization/routes.mjs.map +1 -0
package/dist/plugins/device-authorization/schema.mjs +57 -0
package/dist/plugins/device-authorization/schema.mjs.map +1 -0
package/dist/plugins/email-otp/client.d.mts +21 -0
package/dist/plugins/email-otp/client.mjs +18 -0
package/dist/plugins/email-otp/client.mjs.map +1 -0
package/dist/plugins/email-otp/error-codes.d.mts +11 -0
package/dist/plugins/email-otp/error-codes.mjs +12 -0
package/dist/plugins/email-otp/error-codes.mjs.map +1 -0
package/dist/plugins/email-otp/index.d.mts +428 -0
package/dist/plugins/email-otp/index.mjs +130 -0
package/dist/plugins/email-otp/index.mjs.map +1 -0
package/dist/plugins/email-otp/otp-token.mjs +29 -0
package/dist/plugins/email-otp/otp-token.mjs.map +1 -0
package/dist/plugins/email-otp/routes.mjs +631 -0
package/dist/plugins/email-otp/routes.mjs.map +1 -0
package/dist/plugins/email-otp/types.d.mts +86 -0
package/dist/plugins/email-otp/utils.mjs +17 -0
package/dist/plugins/email-otp/utils.mjs.map +1 -0
package/dist/plugins/generic-oauth/client.d.mts +33 -0
package/dist/plugins/generic-oauth/client.mjs +14 -0
package/dist/plugins/generic-oauth/client.mjs.map +1 -0
package/dist/plugins/generic-oauth/error-codes.d.mts +16 -0
package/dist/plugins/generic-oauth/error-codes.mjs +17 -0
package/dist/plugins/generic-oauth/error-codes.mjs.map +1 -0
package/dist/plugins/generic-oauth/index.d.mts +201 -0
package/dist/plugins/generic-oauth/index.mjs +145 -0
package/dist/plugins/generic-oauth/index.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/auth0.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs +62 -0
package/dist/plugins/generic-oauth/providers/auth0.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/gumroad.d.mts +32 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs +60 -0
package/dist/plugins/generic-oauth/providers/gumroad.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/hubspot.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs +60 -0
package/dist/plugins/generic-oauth/providers/hubspot.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/index.d.mts +9 -0
package/dist/plugins/generic-oauth/providers/index.mjs +11 -0
package/dist/plugins/generic-oauth/providers/keycloak.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs +62 -0
package/dist/plugins/generic-oauth/providers/keycloak.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/line.d.mts +55 -0
package/dist/plugins/generic-oauth/providers/line.mjs +91 -0
package/dist/plugins/generic-oauth/providers/line.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs +66 -0
package/dist/plugins/generic-oauth/providers/microsoft-entra-id.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/okta.d.mts +37 -0
package/dist/plugins/generic-oauth/providers/okta.mjs +62 -0
package/dist/plugins/generic-oauth/providers/okta.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/patreon.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs +59 -0
package/dist/plugins/generic-oauth/providers/patreon.mjs.map +1 -0
package/dist/plugins/generic-oauth/providers/slack.d.mts +30 -0
package/dist/plugins/generic-oauth/providers/slack.mjs +61 -0
package/dist/plugins/generic-oauth/providers/slack.mjs.map +1 -0
package/dist/plugins/generic-oauth/routes.mjs +411 -0
package/dist/plugins/generic-oauth/routes.mjs.map +1 -0
package/dist/plugins/generic-oauth/types.d.mts +159 -0
package/dist/plugins/haveibeenpwned/index.d.mts +46 -0
package/dist/plugins/haveibeenpwned/index.mjs +57 -0
package/dist/plugins/haveibeenpwned/index.mjs.map +1 -0
package/dist/plugins/index.d.mts +65 -0
package/dist/plugins/index.mjs +48 -0
package/dist/plugins/jwt/adapter.mjs +27 -0
package/dist/plugins/jwt/adapter.mjs.map +1 -0
package/dist/plugins/jwt/client.d.mts +40 -0
package/dist/plugins/jwt/client.mjs +19 -0
package/dist/plugins/jwt/client.mjs.map +1 -0
package/dist/plugins/jwt/index.d.mts +224 -0
package/dist/plugins/jwt/index.mjs +202 -0
package/dist/plugins/jwt/index.mjs.map +1 -0
package/dist/plugins/jwt/schema.d.mts +26 -0
package/dist/plugins/jwt/schema.mjs +23 -0
package/dist/plugins/jwt/schema.mjs.map +1 -0
package/dist/plugins/jwt/sign.d.mts +57 -0
package/dist/plugins/jwt/sign.mjs +66 -0
package/dist/plugins/jwt/sign.mjs.map +1 -0
package/dist/plugins/jwt/types.d.mts +194 -0
package/dist/plugins/jwt/utils.d.mts +42 -0
package/dist/plugins/jwt/utils.mjs +64 -0
package/dist/plugins/jwt/utils.mjs.map +1 -0
package/dist/plugins/jwt/verify.d.mts +12 -0
package/dist/plugins/jwt/verify.mjs +46 -0
package/dist/plugins/jwt/verify.mjs.map +1 -0
package/dist/plugins/last-login-method/client.d.mts +38 -0
package/dist/plugins/last-login-method/client.mjs +32 -0
package/dist/plugins/last-login-method/client.mjs.map +1 -0
package/dist/plugins/last-login-method/index.d.mts +118 -0
package/dist/plugins/last-login-method/index.mjs +76 -0
package/dist/plugins/last-login-method/index.mjs.map +1 -0
package/dist/plugins/magic-link/client.d.mts +10 -0
package/dist/plugins/magic-link/client.mjs +11 -0
package/dist/plugins/magic-link/client.mjs.map +1 -0
package/dist/plugins/magic-link/index.d.mts +193 -0
package/dist/plugins/magic-link/index.mjs +177 -0
package/dist/plugins/magic-link/index.mjs.map +1 -0
package/dist/plugins/magic-link/utils.mjs +12 -0
package/dist/plugins/magic-link/utils.mjs.map +1 -0
package/dist/plugins/mcp/authorize.mjs +133 -0
package/dist/plugins/mcp/authorize.mjs.map +1 -0
package/dist/plugins/mcp/index.d.mts +458 -0
package/dist/plugins/mcp/index.mjs +717 -0
package/dist/plugins/mcp/index.mjs.map +1 -0
package/dist/plugins/multi-session/client.d.mts +19 -0
package/dist/plugins/multi-session/client.mjs +20 -0
package/dist/plugins/multi-session/client.mjs.map +1 -0
package/dist/plugins/multi-session/error-codes.d.mts +9 -0
package/dist/plugins/multi-session/error-codes.mjs +8 -0
package/dist/plugins/multi-session/error-codes.mjs.map +1 -0
package/dist/plugins/multi-session/index.d.mts +235 -0
package/dist/plugins/multi-session/index.mjs +172 -0
package/dist/plugins/multi-session/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/index.d.mts +97 -0
package/dist/plugins/oauth-proxy/index.mjs +305 -0
package/dist/plugins/oauth-proxy/index.mjs.map +1 -0
package/dist/plugins/oauth-proxy/utils.mjs +51 -0
package/dist/plugins/oauth-proxy/utils.mjs.map +1 -0
package/dist/plugins/oidc-provider/authorize.mjs +194 -0
package/dist/plugins/oidc-provider/authorize.mjs.map +1 -0
package/dist/plugins/oidc-provider/client.d.mts +12 -0
package/dist/plugins/oidc-provider/client.mjs +11 -0
package/dist/plugins/oidc-provider/client.mjs.map +1 -0
package/dist/plugins/oidc-provider/error.mjs +17 -0
package/dist/plugins/oidc-provider/error.mjs.map +1 -0
package/dist/plugins/oidc-provider/index.d.mts +702 -0
package/dist/plugins/oidc-provider/index.mjs +1093 -0
package/dist/plugins/oidc-provider/index.mjs.map +1 -0
package/dist/plugins/oidc-provider/schema.d.mts +160 -0
package/dist/plugins/oidc-provider/schema.mjs +132 -0
package/dist/plugins/oidc-provider/schema.mjs.map +1 -0
package/dist/plugins/oidc-provider/types.d.mts +517 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs +19 -0
package/dist/plugins/oidc-provider/utils/prompt.mjs.map +1 -0
package/dist/plugins/oidc-provider/utils.mjs +15 -0
package/dist/plugins/oidc-provider/utils.mjs.map +1 -0
package/dist/plugins/one-tap/client.d.mts +174 -0
package/dist/plugins/one-tap/client.mjs +188 -0
package/dist/plugins/one-tap/client.mjs.map +1 -0
package/dist/plugins/one-tap/index.d.mts +83 -0
package/dist/plugins/one-tap/index.mjs +95 -0
package/dist/plugins/one-tap/index.mjs.map +1 -0
package/dist/plugins/one-time-token/client.d.mts +10 -0
package/dist/plugins/one-time-token/client.mjs +11 -0
package/dist/plugins/one-time-token/client.mjs.map +1 -0
package/dist/plugins/one-time-token/index.d.mts +133 -0
package/dist/plugins/one-time-token/index.mjs +82 -0
package/dist/plugins/one-time-token/index.mjs.map +1 -0
package/dist/plugins/one-time-token/utils.mjs +12 -0
package/dist/plugins/one-time-token/utils.mjs.map +1 -0
package/dist/plugins/open-api/generator.d.mts +115 -0
package/dist/plugins/open-api/generator.mjs +315 -0
package/dist/plugins/open-api/generator.mjs.map +1 -0
package/dist/plugins/open-api/index.d.mts +97 -0
package/dist/plugins/open-api/index.mjs +67 -0
package/dist/plugins/open-api/index.mjs.map +1 -0
package/dist/plugins/open-api/logo.mjs +15 -0
package/dist/plugins/open-api/logo.mjs.map +1 -0
package/dist/plugins/organization/access/index.d.mts +2 -0
package/dist/plugins/organization/access/index.mjs +3 -0
package/dist/plugins/organization/access/statement.d.mts +249 -0
package/dist/plugins/organization/access/statement.mjs +81 -0
package/dist/plugins/organization/access/statement.mjs.map +1 -0
package/dist/plugins/organization/adapter.d.mts +792 -0
package/dist/plugins/organization/adapter.mjs +624 -0
package/dist/plugins/organization/adapter.mjs.map +1 -0
package/dist/plugins/organization/call.mjs +19 -0
package/dist/plugins/organization/call.mjs.map +1 -0
package/dist/plugins/organization/client.d.mts +372 -0
package/dist/plugins/organization/client.mjs +95 -0
package/dist/plugins/organization/client.mjs.map +1 -0
package/dist/plugins/organization/error-codes.d.mts +65 -0
package/dist/plugins/organization/error-codes.mjs +66 -0
package/dist/plugins/organization/error-codes.mjs.map +1 -0
package/dist/plugins/organization/has-permission.mjs +35 -0
package/dist/plugins/organization/has-permission.mjs.map +1 -0
package/dist/plugins/organization/index.d.mts +5 -0
package/dist/plugins/organization/index.mjs +4 -0
package/dist/plugins/organization/organization.d.mts +394 -0
package/dist/plugins/organization/organization.mjs +428 -0
package/dist/plugins/organization/organization.mjs.map +1 -0
package/dist/plugins/organization/permission.d.mts +17 -0
package/dist/plugins/organization/permission.mjs +16 -0
package/dist/plugins/organization/permission.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-access-control.d.mts +394 -0
package/dist/plugins/organization/routes/crud-access-control.mjs +678 -0
package/dist/plugins/organization/routes/crud-access-control.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-invites.d.mts +1031 -0
package/dist/plugins/organization/routes/crud-invites.mjs +551 -0
package/dist/plugins/organization/routes/crud-invites.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-members.d.mts +940 -0
package/dist/plugins/organization/routes/crud-members.mjs +466 -0
package/dist/plugins/organization/routes/crud-members.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-org.d.mts +708 -0
package/dist/plugins/organization/routes/crud-org.mjs +423 -0
package/dist/plugins/organization/routes/crud-org.mjs.map +1 -0
package/dist/plugins/organization/routes/crud-team.d.mts +1071 -0
package/dist/plugins/organization/routes/crud-team.mjs +676 -0
package/dist/plugins/organization/routes/crud-team.mjs.map +1 -0
package/dist/plugins/organization/schema.d.mts +376 -0
package/dist/plugins/organization/schema.mjs +68 -0
package/dist/plugins/organization/schema.mjs.map +1 -0
package/dist/plugins/organization/types.d.mts +677 -0
package/dist/plugins/phone-number/client.d.mts +31 -0
package/dist/plugins/phone-number/client.mjs +20 -0
package/dist/plugins/phone-number/client.mjs.map +1 -0
package/dist/plugins/phone-number/error-codes.d.mts +20 -0
package/dist/plugins/phone-number/error-codes.mjs +21 -0
package/dist/plugins/phone-number/error-codes.mjs.map +1 -0
package/dist/plugins/phone-number/index.d.mts +318 -0
package/dist/plugins/phone-number/index.mjs +49 -0
package/dist/plugins/phone-number/index.mjs.map +1 -0
package/dist/plugins/phone-number/routes.mjs +472 -0
package/dist/plugins/phone-number/routes.mjs.map +1 -0
package/dist/plugins/phone-number/schema.d.mts +23 -0
package/dist/plugins/phone-number/schema.mjs +20 -0
package/dist/plugins/phone-number/schema.mjs.map +1 -0
package/dist/plugins/phone-number/types.d.mts +118 -0
package/dist/plugins/two-factor/backup-codes/index.d.mts +279 -0
package/dist/plugins/two-factor/backup-codes/index.mjs +277 -0
package/dist/plugins/two-factor/backup-codes/index.mjs.map +1 -0
package/dist/plugins/two-factor/client.d.mts +55 -0
package/dist/plugins/two-factor/client.mjs +37 -0
package/dist/plugins/two-factor/client.mjs.map +1 -0
package/dist/plugins/two-factor/constant.mjs +8 -0
package/dist/plugins/two-factor/constant.mjs.map +1 -0
package/dist/plugins/two-factor/error-code.d.mts +17 -0
package/dist/plugins/two-factor/error-code.mjs +18 -0
package/dist/plugins/two-factor/error-code.mjs.map +1 -0
package/dist/plugins/two-factor/index.d.mts +670 -0
package/dist/plugins/two-factor/index.mjs +228 -0
package/dist/plugins/two-factor/index.mjs.map +1 -0
package/dist/plugins/two-factor/otp/index.d.mts +216 -0
package/dist/plugins/two-factor/otp/index.mjs +199 -0
package/dist/plugins/two-factor/otp/index.mjs.map +1 -0
package/dist/plugins/two-factor/schema.d.mts +41 -0
package/dist/plugins/two-factor/schema.mjs +36 -0
package/dist/plugins/two-factor/schema.mjs.map +1 -0
package/dist/plugins/two-factor/totp/index.d.mts +210 -0
package/dist/plugins/two-factor/totp/index.mjs +157 -0
package/dist/plugins/two-factor/totp/index.mjs.map +1 -0
package/dist/plugins/two-factor/types.d.mts +73 -0
package/dist/plugins/two-factor/utils.mjs +12 -0
package/dist/plugins/two-factor/utils.mjs.map +1 -0
package/dist/plugins/two-factor/verify-two-factor.mjs +85 -0
package/dist/plugins/two-factor/verify-two-factor.mjs.map +1 -0
package/dist/plugins/username/client.d.mts +26 -0
package/dist/plugins/username/client.mjs +18 -0
package/dist/plugins/username/client.mjs.map +1 -0
package/dist/plugins/username/error-codes.d.mts +16 -0
package/dist/plugins/username/error-codes.mjs +17 -0
package/dist/plugins/username/error-codes.mjs.map +1 -0
package/dist/plugins/username/index.d.mts +251 -0
package/dist/plugins/username/index.mjs +234 -0
package/dist/plugins/username/index.mjs.map +1 -0
package/dist/plugins/username/schema.d.mts +33 -0
package/dist/plugins/username/schema.mjs +26 -0
package/dist/plugins/username/schema.mjs.map +1 -0
package/dist/providers/index.d.mts +1 -0
package/dist/providers/index.mjs +3 -0
package/dist/state.d.mts +42 -0
package/dist/state.mjs +107 -0
package/dist/state.mjs.map +1 -0
package/dist/types/adapter.d.mts +2 -0
package/dist/types/api.d.mts +29 -0
package/dist/types/auth.d.mts +29 -0
package/dist/types/helper.d.mts +10 -0
package/dist/types/index.d.mts +11 -0
package/dist/types/index.mjs +1 -0
package/dist/types/models.d.mts +11 -0
package/dist/types/plugins.d.mts +20 -0
package/dist/utils/boolean.mjs +8 -0
package/dist/utils/boolean.mjs.map +1 -0
package/dist/utils/constants.mjs +6 -0
package/dist/utils/constants.mjs.map +1 -0
package/dist/utils/date.mjs +8 -0
package/dist/utils/date.mjs.map +1 -0
package/dist/utils/get-request-ip.d.mts +7 -0
package/dist/utils/get-request-ip.mjs +23 -0
package/dist/utils/get-request-ip.mjs.map +1 -0
package/dist/utils/hide-metadata.d.mts +7 -0
package/dist/utils/hide-metadata.mjs +6 -0
package/dist/utils/hide-metadata.mjs.map +1 -0
package/dist/utils/index.d.mts +4 -0
package/dist/utils/index.mjs +6 -0
package/dist/utils/is-api-error.d.mts +7 -0
package/dist/utils/is-api-error.mjs +11 -0
package/dist/utils/is-api-error.mjs.map +1 -0
package/dist/utils/is-atom.mjs +8 -0
package/dist/utils/is-atom.mjs.map +1 -0
package/dist/utils/is-promise.mjs +8 -0
package/dist/utils/is-promise.mjs.map +1 -0
package/dist/utils/middleware-response.mjs +9 -0
package/dist/utils/middleware-response.mjs.map +1 -0
package/dist/utils/password.mjs +26 -0
package/dist/utils/password.mjs.map +1 -0
package/dist/utils/plugin-helper.mjs +17 -0
package/dist/utils/plugin-helper.mjs.map +1 -0
package/dist/utils/shim.mjs +24 -0
package/dist/utils/shim.mjs.map +1 -0
package/dist/utils/time.d.mts +49 -0
package/dist/utils/time.mjs +100 -0
package/dist/utils/time.mjs.map +1 -0
package/dist/utils/url.d.mts +8 -0
package/dist/utils/url.mjs +92 -0
package/dist/utils/url.mjs.map +1 -0
package/dist/utils/wildcard.mjs +108 -0
package/dist/utils/wildcard.mjs.map +1 -0
package/package.json +428 -0

package/dist/plugins/organization/routes/crud-access-control.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"crud-access-control.mjs","names":[],"sources":["../../../../src/plugins/organization/routes/crud-access-control.ts"],"sourcesContent":["import type { GenericEndpointContext } from \"@better-auth/core\";\nimport { createAuthEndpoint } from \"@better-auth/core/api\";\nimport type { Where } from \"@better-auth/core/db/adapter\";\nimport { APIError } from \"@better-auth/core/error\";\nimport * as z from \"zod\";\nimport type { InferAdditionalFieldsFromPluginOptions } from \"../../../db\";\nimport { toZodSchema } from \"../../../db\";\nimport type { User } from \"../../../types\";\nimport type { AccessControl } from \"../../access\";\nimport { orgSessionMiddleware } from \"../call\";\nimport { ORGANIZATION_ERROR_CODES } from \"../error-codes\";\nimport { hasPermission } from \"../has-permission\";\nimport type { Member, OrganizationRole } from \"../schema\";\nimport type { OrganizationOptions } from \"../types\";\n\ntype IsExactlyEmptyObject<T> = keyof T extends never // no keys\n\t? T extends {} // is assignable to {}\n\t\t? {} extends T\n\t\t\t? true\n\t\t\t: false // and {} is assignable to it\n\t\t: false\n\t: false;\n\nconst normalizeRoleName = (role: string) => role.toLowerCase();\nconst DEFAULT_MAXIMUM_ROLES_PER_ORGANIZATION = Number.POSITIVE_INFINITY;\n\nconst getAdditionalFields = <\n\tO extends OrganizationOptions,\n\tAllPartial extends boolean = false,\n>(\n\toptions: O,\n\tshouldBePartial: AllPartial = false as AllPartial,\n) => {\n\tconst additionalFields =\n\t\toptions?.schema?.organizationRole?.additionalFields || {};\n\tif (shouldBePartial) {\n\t\tfor (const key in additionalFields) {\n\t\t\tadditionalFields[key]!.required = false;\n\t\t}\n\t}\n\tconst additionalFieldsSchema = toZodSchema({\n\t\tfields: additionalFields,\n\t\tisClientSide: true,\n\t});\n\ttype AdditionalFields = AllPartial extends true\n\t\t? Partial<InferAdditionalFieldsFromPluginOptions<\"organizationRole\", O>>\n\t\t: InferAdditionalFieldsFromPluginOptions<\"organizationRole\", O>;\n\ttype ReturnAdditionalFields = InferAdditionalFieldsFromPluginOptions<\n\t\t\"organizationRole\",\n\t\tO,\n\t\tfalse\n\t>;\n\n\treturn {\n\t\tadditionalFieldsSchema,\n\t\t$AdditionalFields: {} as AdditionalFields,\n\t\t$ReturnAdditionalFields: {} as ReturnAdditionalFields,\n\t};\n};\n\nconst baseCreateOrgRoleSchema = z.object({\n\torganizationId: z.string().optional().meta({\n\t\tdescription:\n\t\t\t\"The id of the organization to create the role in. If not provided, the user's active organization will be used.\",\n\t}),\n\trole: z.string().meta({\n\t\tdescription: \"The name of the role to create\",\n\t}),\n\tpermission: z.record(z.string(), z.array(z.string())).meta({\n\t\tdescription: \"The permission to assign to the role\",\n\t}),\n});\n\nexport const createOrgRole = <O extends OrganizationOptions>(options: O) => {\n\tconst { additionalFieldsSchema, $AdditionalFields, $ReturnAdditionalFields } =\n\t\tgetAdditionalFields<O>(options, false);\n\ttype AdditionalFields = typeof $AdditionalFields;\n\ttype ReturnAdditionalFields = typeof $ReturnAdditionalFields;\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/create-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: baseCreateOrgRoleSchema.safeExtend({\n\t\t\t\tadditionalFields: z\n\t\t\t\t\t.object({ ...additionalFieldsSchema.shape })\n\t\t\t\t\t.optional(),\n\t\t\t}),\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\torganizationId?: string | undefined;\n\t\t\t\t\t\trole: string;\n\t\t\t\t\t\tpermission: Record<string, string[]>;\n\t\t\t\t\t} & (IsExactlyEmptyObject<AdditionalFields> extends true\n\t\t\t\t\t\t? { additionalFields?: {} | undefined }\n\t\t\t\t\t\t: { additionalFields: AdditionalFields }),\n\t\t\t\t},\n\t\t\t},\n\t\t\trequireHeaders: true,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, user } = ctx.context.session;\n\t\t\tlet roleName = ctx.body.role;\n\t\t\tconst permission = ctx.body.permission;\n\t\t\tconst additionalFields = ctx.body.additionalFields;\n\n\t\t\tconst ac = options.ac;\n\t\t\tif (!ac) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The organization plugin is missing a pre-defined ac instance.`,\n\t\t\t\t\t`\\nPlease refer to the documentation here: https://better-auth.com/docs/plugins/organization#dynamic-access-control`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"NOT_IMPLEMENTED\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.MISSING_AC_INSTANCE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\t// Get the organization id where the role will be created.\n\t\t\t// We can verify if the org id is valid and associated with the user in the next step when we try to find the member.\n\t\t\tconst organizationId =\n\t\t\t\tctx.body.organizationId ?? session.activeOrganizationId;\n\t\t\tif (!organizationId) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The session is missing an active organization id to create a role. Either set an active org id, or pass an organizationId in the request body.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\troleName = normalizeRoleName(roleName);\n\n\t\t\tawait checkIfRoleNameIsTakenByPreDefinedRole({\n\t\t\t\trole: roleName,\n\t\t\t\torganizationId,\n\t\t\t\toptions,\n\t\t\t\tctx,\n\t\t\t});\n\n\t\t\t// Get the user's role associated with the organization.\n\t\t\t// This also serves as a check to ensure the org id is valid.\n\t\t\tconst member = await ctx.context.adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not a member of the organization to create a role.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst canCreateRole = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tac: [\"create\"],\n\t\t\t\t\t},\n\t\t\t\t\trole: member.role,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (!canCreateRole) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not permitted to create a role. If this is unexpected, please make sure the role associated to that member has the \"ac\" resource with the \"create\" permission.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\trole: member.role,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst maximumRolesPerOrganization =\n\t\t\t\ttypeof options.dynamicAccessControl?.maximumRolesPerOrganization ===\n\t\t\t\t\"function\"\n\t\t\t\t\t? await options.dynamicAccessControl.maximumRolesPerOrganization(\n\t\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\t)\n\t\t\t\t\t: (options.dynamicAccessControl?.maximumRolesPerOrganization ??\n\t\t\t\t\t\tDEFAULT_MAXIMUM_ROLES_PER_ORGANIZATION);\n\t\t\tconst rolesInDB = await ctx.context.adapter.count({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (rolesInDB >= maximumRolesPerOrganization) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] Failed to create a new role, the organization has too many roles. Maximum allowed roles is ${maximumRolesPerOrganization}.`,\n\t\t\t\t\t{\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\tmaximumRolesPerOrganization,\n\t\t\t\t\t\trolesInDB,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.TOO_MANY_ROLES,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait checkForInvalidResources({ ac, ctx, permission });\n\n\t\t\tawait checkIfMemberHasPermission({\n\t\t\t\tctx,\n\t\t\t\tmember,\n\t\t\t\toptions,\n\t\t\t\torganizationId,\n\t\t\t\tpermissionRequired: permission,\n\t\t\t\tuser,\n\t\t\t\taction: \"create\",\n\t\t\t});\n\n\t\t\tawait checkIfRoleNameIsTakenByRoleInDB({\n\t\t\t\tctx,\n\t\t\t\torganizationId,\n\t\t\t\trole: roleName,\n\t\t\t});\n\n\t\t\tconst newRole = ac.newRole(permission);\n\n\t\t\tconst newRoleInDB = await ctx.context.adapter.create<\n\t\t\t\tOmit<OrganizationRole, \"permission\"> & { permission: string }\n\t\t\t>({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\tdata: {\n\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermission: JSON.stringify(permission),\n\t\t\t\t\trole: roleName,\n\t\t\t\t\t...additionalFields,\n\t\t\t\t},\n\t\t\t});\n\n\t\t\tconst data = {\n\t\t\t\t...newRoleInDB,\n\t\t\t\tpermission,\n\t\t\t} as OrganizationRole & ReturnAdditionalFields;\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t\troleData: data,\n\t\t\t\tstatements: newRole.statements,\n\t\t\t});\n\t\t},\n\t);\n};\n\nconst deleteOrgRoleBodySchema = z\n\t.object({\n\t\torganizationId: z.string().optional().meta({\n\t\t\tdescription:\n\t\t\t\t\"The id of the organization to create the role in. If not provided, the user's active organization will be used.\",\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\troleName: z.string().nonempty().meta({\n\t\t\t\t\tdescription: \"The name of the role to delete\",\n\t\t\t\t}),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\troleId: z.string().nonempty().meta({\n\t\t\t\t\tdescription: \"The id of the role to delete\",\n\t\t\t\t}),\n\t\t\t}),\n\t\t]),\n\t);\n\nexport const deleteOrgRole = <O extends OrganizationOptions>(options: O) => {\n\treturn createAuthEndpoint(\n\t\t\"/organization/delete-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: deleteOrgRoleBodySchema,\n\t\t\trequireHeaders: true,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\troleName?: string | undefined;\n\t\t\t\t\t\troleId?: string | undefined;\n\t\t\t\t\t\torganizationId?: string | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, user } = ctx.context.session;\n\n\t\t\tconst organizationId =\n\t\t\t\tctx.body.organizationId ?? session.activeOrganizationId;\n\t\t\tif (!organizationId) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The session is missing an active organization id to delete a role. Either set an active org id, or pass an organizationId in the request body.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst member = await ctx.context.adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not a member of the organization to delete a role.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst canDeleteRole = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tac: [\"delete\"],\n\t\t\t\t\t},\n\t\t\t\t\trole: member.role,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (!canDeleteRole) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not permitted to delete a role. If this is unexpected, please make sure the role associated to that member has the \"ac\" resource with the \"delete\" permission.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\trole: member.role,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tif (ctx.body.roleName) {\n\t\t\t\tconst roleName = ctx.body.roleName;\n\t\t\t\tconst defaultRoles = options.roles\n\t\t\t\t\t? Object.keys(options.roles)\n\t\t\t\t\t: [\"owner\", \"admin\", \"member\"];\n\t\t\t\tif (defaultRoles.includes(roleName)) {\n\t\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\t`[Dynamic Access Control] Cannot delete a pre-defined role.`,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\troleName,\n\t\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\t\tdefaultRoles,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\t\tORGANIZATION_ERROR_CODES.CANNOT_DELETE_A_PRE_DEFINED_ROLE,\n\t\t\t\t\t);\n\t\t\t\t}\n\t\t\t}\n\n\t\t\tlet condition: Where;\n\t\t\tif (ctx.body.roleName) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"role\",\n\t\t\t\t\tvalue: ctx.body.roleName,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else if (ctx.body.roleId) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: ctx.body.roleId,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\t// shouldn't be able to reach here given the schema validation.\n\t\t\t\t// But just in case, throw an error.\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id is not provided in the request body.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst existingRoleInDB =\n\t\t\t\tawait ctx.context.adapter.findOne<OrganizationRole>({\n\t\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcondition,\n\t\t\t\t\t],\n\t\t\t\t});\n\t\t\tif (!existingRoleInDB) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id does not exist in the database.`,\n\t\t\t\t\t{\n\t\t\t\t\t\t...(\"roleName\" in ctx.body\n\t\t\t\t\t\t\t? { roleName: ctx.body.roleName }\n\t\t\t\t\t\t\t: { roleId: ctx.body.roleId }),\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\texistingRoleInDB.permission = JSON.parse(\n\t\t\t\texistingRoleInDB.permission as never as string,\n\t\t\t);\n\n\t\t\t// Check if any members are assigned to this role\n\t\t\tconst roleToDelete = existingRoleInDB.role;\n\t\t\tconst members = await ctx.context.adapter.findMany<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"role\",\n\t\t\t\t\t\tvalue: roleToDelete,\n\t\t\t\t\t\toperator: \"contains\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tconst memberWithRole = members.find((member) => {\n\t\t\t\tconst memberRoles = member.role.split(\",\").map((r) => r.trim());\n\t\t\t\treturn memberRoles.includes(roleToDelete);\n\t\t\t});\n\t\t\tif (memberWithRole) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] Cannot delete a role that is assigned to members.`,\n\t\t\t\t\t{\n\t\t\t\t\t\trole: existingRoleInDB.role,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_IS_ASSIGNED_TO_MEMBERS,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tawait ctx.context.adapter.delete({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\tcondition,\n\t\t\t\t],\n\t\t\t});\n\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t});\n\t\t},\n\t);\n};\n\nconst listOrgRolesQuerySchema = z\n\t.object({\n\t\torganizationId: z.string().optional().meta({\n\t\t\tdescription:\n\t\t\t\t\"The id of the organization to list roles for. If not provided, the user's active organization will be used.\",\n\t\t}),\n\t})\n\t.optional();\n\nexport const listOrgRoles = <O extends OrganizationOptions>(options: O) => {\n\tconst { $ReturnAdditionalFields } = getAdditionalFields<O>(options, false);\n\ttype ReturnAdditionalFields = typeof $ReturnAdditionalFields;\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/list-roles\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\trequireHeaders: true,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tquery: listOrgRolesQuerySchema,\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, user } = ctx.context.session;\n\n\t\t\tconst organizationId =\n\t\t\t\tctx.query?.organizationId ?? session.activeOrganizationId;\n\t\t\tif (!organizationId) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The session is missing an active organization id to list roles. Either set an active org id, or pass an organizationId in the request query.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst member = await ctx.context.adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not a member of the organization to list roles.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst canListRoles = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tac: [\"read\"],\n\t\t\t\t\t},\n\t\t\t\t\trole: member.role,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (!canListRoles) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not permitted to list roles.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\trole: member.role,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tlet roles = await ctx.context.adapter.findMany<\n\t\t\t\tOrganizationRole & ReturnAdditionalFields\n\t\t\t>({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\n\t\t\troles = roles.map((x) => ({\n\t\t\t\t...x,\n\t\t\t\tpermission: JSON.parse(x.permission as never as string),\n\t\t\t}));\n\n\t\t\treturn ctx.json(roles);\n\t\t},\n\t);\n};\n\nconst getOrgRoleQuerySchema = z\n\t.object({\n\t\torganizationId: z.string().optional().meta({\n\t\t\tdescription:\n\t\t\t\t\"The id of the organization to read a role for. If not provided, the user's active organization will be used.\",\n\t\t}),\n\t})\n\t.and(\n\t\tz.union([\n\t\t\tz.object({\n\t\t\t\troleName: z.string().nonempty().meta({\n\t\t\t\t\tdescription: \"The name of the role to read\",\n\t\t\t\t}),\n\t\t\t}),\n\t\t\tz.object({\n\t\t\t\troleId: z.string().nonempty().meta({\n\t\t\t\t\tdescription: \"The id of the role to read\",\n\t\t\t\t}),\n\t\t\t}),\n\t\t]),\n\t)\n\t.optional();\n\nexport const getOrgRole = <O extends OrganizationOptions>(options: O) => {\n\tconst { $ReturnAdditionalFields } = getAdditionalFields<O>(options, false);\n\ttype ReturnAdditionalFields = typeof $ReturnAdditionalFields;\n\treturn createAuthEndpoint(\n\t\t\"/organization/get-role\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\trequireHeaders: true,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t\tquery: getOrgRoleQuerySchema,\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tquery: {} as {\n\t\t\t\t\t\torganizationId?: string | undefined;\n\t\t\t\t\t\troleName?: string | undefined;\n\t\t\t\t\t\troleId?: string | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, user } = ctx.context.session;\n\n\t\t\tconst organizationId =\n\t\t\t\tctx.query?.organizationId ?? session.activeOrganizationId;\n\t\t\tif (!organizationId) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The session is missing an active organization id to read a role. Either set an active org id, or pass an organizationId in the request query.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst member = await ctx.context.adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not a member of the organization to read a role.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst canListRoles = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tac: [\"read\"],\n\t\t\t\t\t},\n\t\t\t\t\trole: member.role,\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (!canListRoles) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not permitted to read a role.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\trole: member.role,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tlet condition: Where;\n\t\t\tif (ctx.query.roleName) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"role\",\n\t\t\t\t\tvalue: ctx.query.roleName,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else if (ctx.query.roleId) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: ctx.query.roleId,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\t// shouldn't be able to reach here given the schema validation.\n\t\t\t\t// But just in case, throw an error.\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id is not provided in the request query.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst role = await ctx.context.adapter.findOne<OrganizationRole>({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\tcondition,\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!role) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id does not exist in the database.`,\n\t\t\t\t\t{\n\t\t\t\t\t\t...(\"roleName\" in ctx.query\n\t\t\t\t\t\t\t? { roleName: ctx.query.roleName }\n\t\t\t\t\t\t\t: { roleId: ctx.query.roleId }),\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\trole.permission = JSON.parse(role.permission as never as string);\n\n\t\t\treturn ctx.json(role as OrganizationRole & ReturnAdditionalFields);\n\t\t},\n\t);\n};\n\nconst roleNameOrIdSchema = z.union([\n\tz.object({\n\t\troleName: z.string().nonempty().meta({\n\t\t\tdescription: \"The name of the role to update\",\n\t\t}),\n\t}),\n\tz.object({\n\t\troleId: z.string().nonempty().meta({\n\t\t\tdescription: \"The id of the role to update\",\n\t\t}),\n\t}),\n]);\n\nexport const updateOrgRole = <O extends OrganizationOptions>(options: O) => {\n\tconst { additionalFieldsSchema, $AdditionalFields, $ReturnAdditionalFields } =\n\t\tgetAdditionalFields<O, true>(options, true);\n\ttype AdditionalFields = typeof $AdditionalFields;\n\ttype ReturnAdditionalFields = typeof $ReturnAdditionalFields;\n\n\treturn createAuthEndpoint(\n\t\t\"/organization/update-role\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: z\n\t\t\t\t.object({\n\t\t\t\t\torganizationId: z.string().optional().meta({\n\t\t\t\t\t\tdescription:\n\t\t\t\t\t\t\t\"The id of the organization to update the role in. If not provided, the user's active organization will be used.\",\n\t\t\t\t\t}),\n\t\t\t\t\tdata: z.object({\n\t\t\t\t\t\tpermission: z\n\t\t\t\t\t\t\t.record(z.string(), z.array(z.string()))\n\t\t\t\t\t\t\t.optional()\n\t\t\t\t\t\t\t.meta({\n\t\t\t\t\t\t\t\tdescription: \"The permission to update the role with\",\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\troleName: z.string().optional().meta({\n\t\t\t\t\t\t\tdescription: \"The name of the role to update\",\n\t\t\t\t\t\t}),\n\t\t\t\t\t\t...additionalFieldsSchema.shape,\n\t\t\t\t\t}),\n\t\t\t\t})\n\t\t\t\t.and(roleNameOrIdSchema),\n\t\t\tmetadata: {\n\t\t\t\t$Infer: {\n\t\t\t\t\tbody: {} as {\n\t\t\t\t\t\torganizationId?: string | undefined;\n\t\t\t\t\t\tdata: {\n\t\t\t\t\t\t\tpermission?: Record<string, string[]> | undefined;\n\t\t\t\t\t\t\troleName?: string | undefined;\n\t\t\t\t\t\t} & AdditionalFields;\n\t\t\t\t\t\troleName?: string | undefined;\n\t\t\t\t\t\troleId?: string | undefined;\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\trequireHeaders: true,\n\t\t\tuse: [orgSessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst { session, user } = ctx.context.session;\n\n\t\t\tconst ac = options.ac;\n\t\t\tif (!ac) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The organization plugin is missing a pre-defined ac instance.`,\n\t\t\t\t\t`\\nPlease refer to the documentation here: https://better-auth.com/docs/plugins/organization#dynamic-access-control`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"NOT_IMPLEMENTED\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.MISSING_AC_INSTANCE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst organizationId =\n\t\t\t\tctx.body.organizationId ?? session.activeOrganizationId;\n\t\t\tif (!organizationId) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The session is missing an active organization id to update a role. Either set an active org id, or pass an organizationId in the request body.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.NO_ACTIVE_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst member = await ctx.context.adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!member) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not a member of the organization to update a role.`,\n\t\t\t\t\t{\n\t\t\t\t\t\tuserId: user.id,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst canUpdateRole = await hasPermission(\n\t\t\t\t{\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\trole: member.role,\n\t\t\t\t\tpermissions: {\n\t\t\t\t\t\tac: [\"update\"],\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tctx,\n\t\t\t);\n\t\t\tif (!canUpdateRole) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The user is not permitted to update a role.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"FORBIDDEN\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tlet condition: Where;\n\t\t\tif (ctx.body.roleName) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"role\",\n\t\t\t\t\tvalue: ctx.body.roleName,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else if (ctx.body.roleId) {\n\t\t\t\tcondition = {\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: ctx.body.roleId,\n\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t};\n\t\t\t} else {\n\t\t\t\t// shouldn't be able to reach here given the schema validation.\n\t\t\t\t// But just in case, throw an error.\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id is not provided in the request body.`,\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\t\t\tconst role = await ctx.context.adapter.findOne<OrganizationRole>({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\tcondition,\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!role) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t`[Dynamic Access Control] The role name/id does not exist in the database.`,\n\t\t\t\t\t{\n\t\t\t\t\t\t...(\"roleName\" in ctx.body\n\t\t\t\t\t\t\t? { roleName: ctx.body.roleName }\n\t\t\t\t\t\t\t: { roleId: ctx.body.roleId }),\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t},\n\t\t\t\t);\n\t\t\t\tthrow APIError.from(\n\t\t\t\t\t\"BAD_REQUEST\",\n\t\t\t\t\tORGANIZATION_ERROR_CODES.ROLE_NOT_FOUND,\n\t\t\t\t);\n\t\t\t}\n\t\t\trole.permission = role.permission\n\t\t\t\t? JSON.parse(role.permission as never as string)\n\t\t\t\t: undefined;\n\n\t\t\tconst {\n\t\t\t\tpermission: _,\n\t\t\t\troleName: __,\n\t\t\t\t...additionalFields\n\t\t\t} = ctx.body.data;\n\n\t\t\tconst updateData: Partial<OrganizationRole> = {\n\t\t\t\t...additionalFields,\n\t\t\t};\n\n\t\t\tif (ctx.body.data.permission) {\n\t\t\t\tconst newPermission = ctx.body.data.permission;\n\n\t\t\t\tawait checkForInvalidResources({ ac, ctx, permission: newPermission });\n\n\t\t\t\tawait checkIfMemberHasPermission({\n\t\t\t\t\tctx,\n\t\t\t\t\tmember,\n\t\t\t\t\toptions,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tpermissionRequired: newPermission,\n\t\t\t\t\tuser,\n\t\t\t\t\taction: \"update\",\n\t\t\t\t});\n\n\t\t\t\tupdateData.permission = newPermission;\n\t\t\t}\n\t\t\tif (ctx.body.data.roleName) {\n\t\t\t\tlet newRoleName = ctx.body.data.roleName;\n\n\t\t\t\tnewRoleName = normalizeRoleName(newRoleName);\n\n\t\t\t\tawait checkIfRoleNameIsTakenByPreDefinedRole({\n\t\t\t\t\trole: newRoleName,\n\t\t\t\t\torganizationId,\n\t\t\t\t\toptions,\n\t\t\t\t\tctx,\n\t\t\t\t});\n\t\t\t\tawait checkIfRoleNameIsTakenByRoleInDB({\n\t\t\t\t\trole: newRoleName,\n\t\t\t\t\torganizationId,\n\t\t\t\t\tctx,\n\t\t\t\t});\n\n\t\t\t\tupdateData.role = newRoleName;\n\t\t\t}\n\n\t\t\t// -----\n\t\t\t// Apply the updates\n\t\t\tconst update = {\n\t\t\t\t...updateData,\n\t\t\t\t...(updateData.permission\n\t\t\t\t\t? { permission: JSON.stringify(updateData.permission) }\n\t\t\t\t\t: {}),\n\t\t\t};\n\t\t\tawait ctx.context.adapter.update<OrganizationRole>({\n\t\t\t\tmodel: \"organizationRole\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: organizationId,\n\t\t\t\t\t\toperator: \"eq\",\n\t\t\t\t\t\tconnector: \"AND\",\n\t\t\t\t\t},\n\t\t\t\t\tcondition,\n\t\t\t\t],\n\t\t\t\tupdate,\n\t\t\t});\n\n\t\t\t// -----\n\t\t\t// Return the updated role\n\t\t\treturn ctx.json({\n\t\t\t\tsuccess: true,\n\t\t\t\troleData: {\n\t\t\t\t\t...role,\n\t\t\t\t\t...update,\n\t\t\t\t\tpermission: updateData.permission || role.permission || null,\n\t\t\t\t} as OrganizationRole & ReturnAdditionalFields,\n\t\t\t});\n\t\t},\n\t);\n};\n\nasync function checkForInvalidResources({\n\tac,\n\tctx,\n\tpermission,\n}: {\n\tac: AccessControl;\n\tctx: GenericEndpointContext;\n\tpermission: Record<string, string[]>;\n}) {\n\tconst validResources = Object.keys(ac.statements);\n\tconst providedResources = Object.keys(permission);\n\tconst hasInvalidResource = providedResources.some(\n\t\t(r) => !validResources.includes(r),\n\t);\n\tif (hasInvalidResource) {\n\t\tctx.context.logger.error(\n\t\t\t`[Dynamic Access Control] The provided permission includes an invalid resource.`,\n\t\t\t{\n\t\t\t\tprovidedResources,\n\t\t\t\tvalidResources,\n\t\t\t},\n\t\t);\n\t\tthrow APIError.from(\n\t\t\t\"BAD_REQUEST\",\n\t\t\tORGANIZATION_ERROR_CODES.INVALID_RESOURCE,\n\t\t);\n\t}\n}\n\nasync function checkIfMemberHasPermission({\n\tctx,\n\tpermissionRequired: permission,\n\toptions,\n\torganizationId,\n\tmember,\n\tuser,\n\taction,\n}: {\n\tctx: GenericEndpointContext;\n\tpermissionRequired: Record<string, string[]>;\n\toptions: OrganizationOptions;\n\torganizationId: string;\n\tmember: Member;\n\tuser: User;\n\taction: \"create\" | \"update\" | \"delete\" | \"read\" | \"list\" | \"get\";\n}) {\n\tconst hasNecessaryPermissions: {\n\t\tresource: { [x: string]: string[] };\n\t\thasPermission: boolean;\n\t}[] = [];\n\tconst permissionEntries = Object.entries(permission);\n\tfor await (const [resource, permissions] of permissionEntries) {\n\t\tfor await (const perm of permissions) {\n\t\t\thasNecessaryPermissions.push({\n\t\t\t\tresource: { [resource]: [perm] },\n\t\t\t\thasPermission: await hasPermission(\n\t\t\t\t\t{\n\t\t\t\t\t\toptions,\n\t\t\t\t\t\torganizationId,\n\t\t\t\t\t\tpermissions: { [resource]: [perm] },\n\t\t\t\t\t\tuseMemoryCache: true,\n\t\t\t\t\t\trole: member.role,\n\t\t\t\t\t},\n\t\t\t\t\tctx,\n\t\t\t\t),\n\t\t\t});\n\t\t}\n\t}\n\tconst missingPermissions = hasNecessaryPermissions\n\t\t.filter((x) => x.hasPermission === false)\n\t\t.map((x) => {\n\t\t\tconst key = Object.keys(x.resource)[0]!;\n\t\t\treturn `${key}:${x.resource[key]![0]}` as const;\n\t\t});\n\tif (missingPermissions.length > 0) {\n\t\tctx.context.logger.error(\n\t\t\t`[Dynamic Access Control] The user is missing permissions necessary to ${action} a role with those set of permissions.\\n`,\n\t\t\t{\n\t\t\t\tuserId: user.id,\n\t\t\t\torganizationId,\n\t\t\t\trole: member.role,\n\t\t\t\tmissingPermissions,\n\t\t\t},\n\t\t);\n\t\tlet error: { code: string; message: string };\n\t\tif (action === \"create\")\n\t\t\terror = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_CREATE_A_ROLE;\n\t\telse if (action === \"update\")\n\t\t\terror = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_UPDATE_A_ROLE;\n\t\telse if (action === \"delete\")\n\t\t\terror = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_DELETE_A_ROLE;\n\t\telse if (action === \"read\")\n\t\t\terror = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_READ_A_ROLE;\n\t\telse if (action === \"list\")\n\t\t\terror = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_LIST_A_ROLE;\n\t\telse error = ORGANIZATION_ERROR_CODES.YOU_ARE_NOT_ALLOWED_TO_GET_A_ROLE;\n\n\t\tthrow APIError.fromStatus(\"FORBIDDEN\", {\n\t\t\tmessage: error.message,\n\t\t\tcode: error.code,\n\t\t\tmissingPermissions,\n\t\t});\n\t}\n}\n\nasync function checkIfRoleNameIsTakenByPreDefinedRole({\n\toptions,\n\torganizationId,\n\trole,\n\tctx,\n}: {\n\toptions: OrganizationOptions;\n\torganizationId: string;\n\trole: string;\n\tctx: GenericEndpointContext;\n}) {\n\tconst defaultRoles = options.roles\n\t\t? Object.keys(options.roles)\n\t\t: [\"owner\", \"admin\", \"member\"];\n\tif (defaultRoles.includes(role)) {\n\t\tctx.context.logger.error(\n\t\t\t`[Dynamic Access Control] The role name \"${role}\" is already taken by a pre-defined role.`,\n\t\t\t{\n\t\t\t\trole,\n\t\t\t\torganizationId,\n\t\t\t\tdefaultRoles,\n\t\t\t},\n\t\t);\n\t\tthrow APIError.from(\n\t\t\t\"BAD_REQUEST\",\n\t\t\tORGANIZATION_ERROR_CODES.ROLE_NAME_IS_ALREADY_TAKEN,\n\t\t);\n\t}\n}\n\nasync function checkIfRoleNameIsTakenByRoleInDB({\n\torganizationId,\n\trole,\n\tctx,\n}: {\n\tctx: GenericEndpointContext;\n\torganizationId: string;\n\trole: string;\n}) {\n\tconst existingRoleInDB = await ctx.context.adapter.findOne<OrganizationRole>({\n\t\tmodel: \"organizationRole\",\n\t\twhere: [\n\t\t\t{\n\t\t\t\tfield: \"organizationId\",\n\t\t\t\tvalue: organizationId,\n\t\t\t\toperator: \"eq\",\n\t\t\t\tconnector: \"AND\",\n\t\t\t},\n\t\t\t{\n\t\t\t\tfield: \"role\",\n\t\t\t\tvalue: role,\n\t\t\t\toperator: \"eq\",\n\t\t\t\tconnector: \"AND\",\n\t\t\t},\n\t\t],\n\t});\n\tif (existingRoleInDB) {\n\t\tctx.context.logger.error(\n\t\t\t`[Dynamic Access Control] The role name \"${role}\" is already taken by a role in the database.`,\n\t\t\t{\n\t\t\t\trole,\n\t\t\t\torganizationId,\n\t\t\t},\n\t\t);\n\t\tthrow APIError.from(\n\t\t\t\"BAD_REQUEST\",\n\t\t\tORGANIZATION_ERROR_CODES.ROLE_NAME_IS_ALREADY_TAKEN,\n\t\t);\n\t}\n}\n"],"mappings":";;;;;;;;;;AAuBA,MAAM,qBAAqB,SAAiB,KAAK,aAAa;AAC9D,MAAM,yCAAyC,OAAO;AAEtD,MAAM,uBAIL,SACA,kBAA8B,UAC1B;CACJ,MAAM,mBACL,SAAS,QAAQ,kBAAkB,oBAAoB,EAAE;AAC1D,KAAI,gBACH,MAAK,MAAM,OAAO,iBACjB,kBAAiB,KAAM,WAAW;AAgBpC,QAAO;EACN,wBAd8B,YAAY;GAC1C,QAAQ;GACR,cAAc;GACd,CAAC;EAYD,mBAAmB,EAAE;EACrB,yBAAyB,EAAE;EAC3B;;AAGF,MAAM,0BAA0B,EAAE,OAAO;CACxC,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAC1C,aACC,mHACD,CAAC;CACF,MAAM,EAAE,QAAQ,CAAC,KAAK,EACrB,aAAa,kCACb,CAAC;CACF,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,KAAK,EAC1D,aAAa,wCACb,CAAC;CACF,CAAC;AAEF,MAAa,iBAAgD,YAAe;CAC3E,MAAM,EAAE,wBAAwB,mBAAmB,4BAClD,oBAAuB,SAAS,MAAM;AAIvC,QAAO,mBACN,6BACA;EACC,QAAQ;EACR,MAAM,wBAAwB,WAAW,EACxC,kBAAkB,EAChB,OAAO,EAAE,GAAG,uBAAuB,OAAO,CAAC,CAC3C,UAAU,EACZ,CAAC;EACF,UAAU,EACT,QAAQ,EACP,MAAM,EAAE,EAOR,EACD;EACD,gBAAgB;EAChB,KAAK,CAAC,qBAAqB;EAC3B,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,SAAS,SAAS,IAAI,QAAQ;EACtC,IAAI,WAAW,IAAI,KAAK;EACxB,MAAM,aAAa,IAAI,KAAK;EAC5B,MAAM,mBAAmB,IAAI,KAAK;EAElC,MAAM,KAAK,QAAQ;AACnB,MAAI,CAAC,IAAI;AACR,OAAI,QAAQ,OAAO,MAClB,0FACA,qHACA;AACD,SAAM,SAAS,KACd,mBACA,yBAAyB,oBACzB;;EAKF,MAAM,iBACL,IAAI,KAAK,kBAAkB,QAAQ;AACpC,MAAI,CAAC,gBAAgB;AACpB,OAAI,QAAQ,OAAO,MAClB,0KACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,gDACzB;;AAGF,aAAW,kBAAkB,SAAS;AAEtC,QAAM,uCAAuC;GAC5C,MAAM;GACN;GACA;GACA;GACA,CAAC;EAIF,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,QAAgB;GACxD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO,KAAK;IACZ,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,CAAC,QAAQ;AACZ,OAAI,QAAQ,OAAO,MAClB,2FACA;IACC,QAAQ,KAAK;IACb;IACA,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,0CACzB;;AAcF,MAAI,CAXkB,MAAM,cAC3B;GACC;GACA;GACA,aAAa,EACZ,IAAI,CAAC,SAAS,EACd;GACD,MAAM,OAAO;GACb,EACD,IACA,EACmB;AACnB,OAAI,QAAQ,OAAO,MAClB,uMACA;IACC,QAAQ,KAAK;IACb;IACA,MAAM,OAAO;IACb,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,qCACzB;;EAGF,MAAM,8BACL,OAAO,QAAQ,sBAAsB,gCACrC,aACG,MAAM,QAAQ,qBAAqB,4BACnC,eACA,GACC,QAAQ,sBAAsB,+BAChC;EACH,MAAM,YAAY,MAAM,IAAI,QAAQ,QAAQ,MAAM;GACjD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,aAAa,6BAA6B;AAC7C,OAAI,QAAQ,OAAO,MAClB,uHAAuH,4BAA4B,IACnJ;IACC;IACA;IACA;IACA,CACD;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;AAGF,QAAM,yBAAyB;GAAE;GAAI;GAAK;GAAY,CAAC;AAEvD,QAAM,2BAA2B;GAChC;GACA;GACA;GACA;GACA,oBAAoB;GACpB;GACA,QAAQ;GACR,CAAC;AAEF,QAAM,iCAAiC;GACtC;GACA;GACA,MAAM;GACN,CAAC;EAEF,MAAM,UAAU,GAAG,QAAQ,WAAW;EAetC,MAAM,OAAO;GACZ,GAdmB,MAAM,IAAI,QAAQ,QAAQ,OAE5C;IACD,OAAO;IACP,MAAM;KACL,2BAAW,IAAI,MAAM;KACrB;KACA,YAAY,KAAK,UAAU,WAAW;KACtC,MAAM;KACN,GAAG;KACH;IACD,CAAC;GAID;GACA;AACD,SAAO,IAAI,KAAK;GACf,SAAS;GACT,UAAU;GACV,YAAY,QAAQ;GACpB,CAAC;GAEH;;AAGF,MAAM,0BAA0B,EAC9B,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAC1C,aACC,mHACD,CAAC,EACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO,EACR,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aAAa,kCACb,CAAC,EACF,CAAC,EACF,EAAE,OAAO,EACR,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAClC,aAAa,gCACb,CAAC,EACF,CAAC,CACF,CAAC,CACF;AAEF,MAAa,iBAAgD,YAAe;AAC3E,QAAO,mBACN,6BACA;EACC,QAAQ;EACR,MAAM;EACN,gBAAgB;EAChB,KAAK,CAAC,qBAAqB;EAC3B,UAAU,EACT,QAAQ,EACP,MAAM,EAAE,EAKR,EACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,SAAS,SAAS,IAAI,QAAQ;EAEtC,MAAM,iBACL,IAAI,KAAK,kBAAkB,QAAQ;AACpC,MAAI,CAAC,gBAAgB;AACpB,OAAI,QAAQ,OAAO,MAClB,0KACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;;EAGF,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,QAAgB;GACxD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO,KAAK;IACZ,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,CAAC,QAAQ;AACZ,OAAI,QAAQ,OAAO,MAClB,2FACA;IACC,QAAQ,KAAK;IACb;IACA,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,0CACzB;;AAcF,MAAI,CAXkB,MAAM,cAC3B;GACC;GACA;GACA,aAAa,EACZ,IAAI,CAAC,SAAS,EACd;GACD,MAAM,OAAO;GACb,EACD,IACA,EACmB;AACnB,OAAI,QAAQ,OAAO,MAClB,uMACA;IACC,QAAQ,KAAK;IACb;IACA,MAAM,OAAO;IACb,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,qCACzB;;AAGF,MAAI,IAAI,KAAK,UAAU;GACtB,MAAM,WAAW,IAAI,KAAK;GAC1B,MAAM,eAAe,QAAQ,QAC1B,OAAO,KAAK,QAAQ,MAAM,GAC1B;IAAC;IAAS;IAAS;IAAS;AAC/B,OAAI,aAAa,SAAS,SAAS,EAAE;AACpC,QAAI,QAAQ,OAAO,MAClB,8DACA;KACC;KACA;KACA;KACA,CACD;AACD,UAAM,SAAS,KACd,eACA,yBAAyB,iCACzB;;;EAIH,IAAI;AACJ,MAAI,IAAI,KAAK,SACZ,aAAY;GACX,OAAO;GACP,OAAO,IAAI,KAAK;GAChB,UAAU;GACV,WAAW;GACX;WACS,IAAI,KAAK,OACnB,aAAY;GACX,OAAO;GACP,OAAO,IAAI,KAAK;GAChB,UAAU;GACV,WAAW;GACX;OACK;AAGN,OAAI,QAAQ,OAAO,MAClB,iFACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;EAEF,MAAM,mBACL,MAAM,IAAI,QAAQ,QAAQ,QAA0B;GACnD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD,UACA;GACD,CAAC;AACH,MAAI,CAAC,kBAAkB;AACtB,OAAI,QAAQ,OAAO,MAClB,6EACA;IACC,GAAI,cAAc,IAAI,OACnB,EAAE,UAAU,IAAI,KAAK,UAAU,GAC/B,EAAE,QAAQ,IAAI,KAAK,QAAQ;IAC9B;IACA,CACD;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;AAGF,mBAAiB,aAAa,KAAK,MAClC,iBAAiB,WACjB;EAGD,MAAM,eAAe,iBAAiB;AAqBtC,OApBgB,MAAM,IAAI,QAAQ,QAAQ,SAAiB;GAC1D,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,CACD;GACD,CAAC,EAC6B,MAAM,WAAW;AAE/C,UADoB,OAAO,KAAK,MAAM,IAAI,CAAC,KAAK,MAAM,EAAE,MAAM,CAAC,CAC5C,SAAS,aAAa;IACxC,EACkB;AACnB,OAAI,QAAQ,OAAO,MAClB,8EACA;IACC,MAAM,iBAAiB;IACvB;IACA,CACD;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,4BACzB;;AAGF,QAAM,IAAI,QAAQ,QAAQ,OAAO;GAChC,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD,UACA;GACD,CAAC;AAEF,SAAO,IAAI,KAAK,EACf,SAAS,MACT,CAAC;GAEH;;AAGF,MAAM,0BAA0B,EAC9B,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAC1C,aACC,+GACD,CAAC,EACF,CAAC,CACD,UAAU;AAEZ,MAAa,gBAA+C,YAAe;CAC1E,MAAM,EAAE,4BAA4B,oBAAuB,SAAS,MAAM;AAG1E,QAAO,mBACN,4BACA;EACC,QAAQ;EACR,gBAAgB;EAChB,KAAK,CAAC,qBAAqB;EAC3B,OAAO;EACP,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,SAAS,SAAS,IAAI,QAAQ;EAEtC,MAAM,iBACL,IAAI,OAAO,kBAAkB,QAAQ;AACtC,MAAI,CAAC,gBAAgB;AACpB,OAAI,QAAQ,OAAO,MAClB,wKACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;;EAGF,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,QAAgB;GACxD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO,KAAK;IACZ,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,CAAC,QAAQ;AACZ,OAAI,QAAQ,OAAO,MAClB,wFACA;IACC,QAAQ,KAAK;IACb;IACA,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,0CACzB;;AAcF,MAAI,CAXiB,MAAM,cAC1B;GACC;GACA;GACA,aAAa,EACZ,IAAI,CAAC,OAAO,EACZ;GACD,MAAM,OAAO;GACb,EACD,IACA,EACkB;AAClB,OAAI,QAAQ,OAAO,MAClB,qEACA;IACC,QAAQ,KAAK;IACb;IACA,MAAM,OAAO;IACb,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,mCACzB;;EAGF,IAAI,QAAQ,MAAM,IAAI,QAAQ,QAAQ,SAEpC;GACD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AAEF,UAAQ,MAAM,KAAK,OAAO;GACzB,GAAG;GACH,YAAY,KAAK,MAAM,EAAE,WAA8B;GACvD,EAAE;AAEH,SAAO,IAAI,KAAK,MAAM;GAEvB;;AAGF,MAAM,wBAAwB,EAC5B,OAAO,EACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAC1C,aACC,gHACD,CAAC,EACF,CAAC,CACD,IACA,EAAE,MAAM,CACP,EAAE,OAAO,EACR,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aAAa,gCACb,CAAC,EACF,CAAC,EACF,EAAE,OAAO,EACR,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAClC,aAAa,8BACb,CAAC,EACF,CAAC,CACF,CAAC,CACF,CACA,UAAU;AAEZ,MAAa,cAA6C,YAAe;CACxE,MAAM,EAAE,4BAA4B,oBAAuB,SAAS,MAAM;AAE1E,QAAO,mBACN,0BACA;EACC,QAAQ;EACR,gBAAgB;EAChB,KAAK,CAAC,qBAAqB;EAC3B,OAAO;EACP,UAAU,EACT,QAAQ,EACP,OAAO,EAAE,EAKT,EACD;EACD,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,SAAS,SAAS,IAAI,QAAQ;EAEtC,MAAM,iBACL,IAAI,OAAO,kBAAkB,QAAQ;AACtC,MAAI,CAAC,gBAAgB;AACpB,OAAI,QAAQ,OAAO,MAClB,yKACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;;EAGF,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,QAAgB;GACxD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO,KAAK;IACZ,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,CAAC,QAAQ;AACZ,OAAI,QAAQ,OAAO,MAClB,yFACA;IACC,QAAQ,KAAK;IACb;IACA,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,0CACzB;;AAcF,MAAI,CAXiB,MAAM,cAC1B;GACC;GACA;GACA,aAAa,EACZ,IAAI,CAAC,OAAO,EACZ;GACD,MAAM,OAAO;GACb,EACD,IACA,EACkB;AAClB,OAAI,QAAQ,OAAO,MAClB,sEACA;IACC,QAAQ,KAAK;IACb;IACA,MAAM,OAAO;IACb,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,mCACzB;;EAGF,IAAI;AACJ,MAAI,IAAI,MAAM,SACb,aAAY;GACX,OAAO;GACP,OAAO,IAAI,MAAM;GACjB,UAAU;GACV,WAAW;GACX;WACS,IAAI,MAAM,OACpB,aAAY;GACX,OAAO;GACP,OAAO,IAAI,MAAM;GACjB,UAAU;GACV,WAAW;GACX;OACK;AAGN,OAAI,QAAQ,OAAO,MAClB,kFACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;EAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAA0B;GAChE,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD,UACA;GACD,CAAC;AACF,MAAI,CAAC,MAAM;AACV,OAAI,QAAQ,OAAO,MAClB,6EACA;IACC,GAAI,cAAc,IAAI,QACnB,EAAE,UAAU,IAAI,MAAM,UAAU,GAChC,EAAE,QAAQ,IAAI,MAAM,QAAQ;IAC/B;IACA,CACD;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;AAGF,OAAK,aAAa,KAAK,MAAM,KAAK,WAA8B;AAEhE,SAAO,IAAI,KAAK,KAAkD;GAEnE;;AAGF,MAAM,qBAAqB,EAAE,MAAM,CAClC,EAAE,OAAO,EACR,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aAAa,kCACb,CAAC,EACF,CAAC,EACF,EAAE,OAAO,EACR,QAAQ,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAClC,aAAa,gCACb,CAAC,EACF,CAAC,CACF,CAAC;AAEF,MAAa,iBAAgD,YAAe;CAC3E,MAAM,EAAE,wBAAwB,mBAAmB,4BAClD,oBAA6B,SAAS,KAAK;AAI5C,QAAO,mBACN,6BACA;EACC,QAAQ;EACR,MAAM,EACJ,OAAO;GACP,gBAAgB,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EAC1C,aACC,mHACD,CAAC;GACF,MAAM,EAAE,OAAO;IACd,YAAY,EACV,OAAO,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CACvC,UAAU,CACV,KAAK,EACL,aAAa,0CACb,CAAC;IACH,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,KAAK,EACpC,aAAa,kCACb,CAAC;IACF,GAAG,uBAAuB;IAC1B,CAAC;GACF,CAAC,CACD,IAAI,mBAAmB;EACzB,UAAU,EACT,QAAQ,EACP,MAAM,EAAE,EASR,EACD;EACD,gBAAgB;EAChB,KAAK,CAAC,qBAAqB;EAC3B,EACD,OAAO,QAAQ;EACd,MAAM,EAAE,SAAS,SAAS,IAAI,QAAQ;EAEtC,MAAM,KAAK,QAAQ;AACnB,MAAI,CAAC,IAAI;AACR,OAAI,QAAQ,OAAO,MAClB,0FACA,qHACA;AACD,SAAM,SAAS,KACd,mBACA,yBAAyB,oBACzB;;EAGF,MAAM,iBACL,IAAI,KAAK,kBAAkB,QAAQ;AACpC,MAAI,CAAC,gBAAgB;AACpB,OAAI,QAAQ,OAAO,MAClB,0KACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,uBACzB;;EAGF,MAAM,SAAS,MAAM,IAAI,QAAQ,QAAQ,QAAgB;GACxD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD;IACC,OAAO;IACP,OAAO,KAAK;IACZ,UAAU;IACV,WAAW;IACX,CACD;GACD,CAAC;AACF,MAAI,CAAC,QAAQ;AACZ,OAAI,QAAQ,OAAO,MAClB,2FACA;IACC,QAAQ,KAAK;IACb;IACA,CACD;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,0CACzB;;AAcF,MAAI,CAXkB,MAAM,cAC3B;GACC;GACA;GACA,MAAM,OAAO;GACb,aAAa,EACZ,IAAI,CAAC,SAAS,EACd;GACD,EACD,IACA,EACmB;AACnB,OAAI,QAAQ,OAAO,MAClB,uEACA;AACD,SAAM,SAAS,KACd,aACA,yBAAyB,qCACzB;;EAGF,IAAI;AACJ,MAAI,IAAI,KAAK,SACZ,aAAY;GACX,OAAO;GACP,OAAO,IAAI,KAAK;GAChB,UAAU;GACV,WAAW;GACX;WACS,IAAI,KAAK,OACnB,aAAY;GACX,OAAO;GACP,OAAO,IAAI,KAAK;GAChB,UAAU;GACV,WAAW;GACX;OACK;AAGN,OAAI,QAAQ,OAAO,MAClB,iFACA;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;EAEF,MAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAA0B;GAChE,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD,UACA;GACD,CAAC;AACF,MAAI,CAAC,MAAM;AACV,OAAI,QAAQ,OAAO,MAClB,6EACA;IACC,GAAI,cAAc,IAAI,OACnB,EAAE,UAAU,IAAI,KAAK,UAAU,GAC/B,EAAE,QAAQ,IAAI,KAAK,QAAQ;IAC9B;IACA,CACD;AACD,SAAM,SAAS,KACd,eACA,yBAAyB,eACzB;;AAEF,OAAK,aAAa,KAAK,aACpB,KAAK,MAAM,KAAK,WAA8B,GAC9C;EAEH,MAAM,EACL,YAAY,GACZ,UAAU,IACV,GAAG,qBACA,IAAI,KAAK;EAEb,MAAM,aAAwC,EAC7C,GAAG,kBACH;AAED,MAAI,IAAI,KAAK,KAAK,YAAY;GAC7B,MAAM,gBAAgB,IAAI,KAAK,KAAK;AAEpC,SAAM,yBAAyB;IAAE;IAAI;IAAK,YAAY;IAAe,CAAC;AAEtE,SAAM,2BAA2B;IAChC;IACA;IACA;IACA;IACA,oBAAoB;IACpB;IACA,QAAQ;IACR,CAAC;AAEF,cAAW,aAAa;;AAEzB,MAAI,IAAI,KAAK,KAAK,UAAU;GAC3B,IAAI,cAAc,IAAI,KAAK,KAAK;AAEhC,iBAAc,kBAAkB,YAAY;AAE5C,SAAM,uCAAuC;IAC5C,MAAM;IACN;IACA;IACA;IACA,CAAC;AACF,SAAM,iCAAiC;IACtC,MAAM;IACN;IACA;IACA,CAAC;AAEF,cAAW,OAAO;;EAKnB,MAAM,SAAS;GACd,GAAG;GACH,GAAI,WAAW,aACZ,EAAE,YAAY,KAAK,UAAU,WAAW,WAAW,EAAE,GACrD,EAAE;GACL;AACD,QAAM,IAAI,QAAQ,QAAQ,OAAyB;GAClD,OAAO;GACP,OAAO,CACN;IACC,OAAO;IACP,OAAO;IACP,UAAU;IACV,WAAW;IACX,EACD,UACA;GACD;GACA,CAAC;AAIF,SAAO,IAAI,KAAK;GACf,SAAS;GACT,UAAU;IACT,GAAG;IACH,GAAG;IACH,YAAY,WAAW,cAAc,KAAK,cAAc;IACxD;GACD,CAAC;GAEH;;AAGF,eAAe,yBAAyB,EACvC,IACA,KACA,cAKE;CACF,MAAM,iBAAiB,OAAO,KAAK,GAAG,WAAW;CACjD,MAAM,oBAAoB,OAAO,KAAK,WAAW;AAIjD,KAH2B,kBAAkB,MAC3C,MAAM,CAAC,eAAe,SAAS,EAAE,CAClC,EACuB;AACvB,MAAI,QAAQ,OAAO,MAClB,kFACA;GACC;GACA;GACA,CACD;AACD,QAAM,SAAS,KACd,eACA,yBAAyB,iBACzB;;;AAIH,eAAe,2BAA2B,EACzC,KACA,oBAAoB,YACpB,SACA,gBACA,QACA,MACA,UASE;CACF,MAAM,0BAGA,EAAE;CACR,MAAM,oBAAoB,OAAO,QAAQ,WAAW;AACpD,YAAW,MAAM,CAAC,UAAU,gBAAgB,kBAC3C,YAAW,MAAM,QAAQ,YACxB,yBAAwB,KAAK;EAC5B,UAAU,GAAG,WAAW,CAAC,KAAK,EAAE;EAChC,eAAe,MAAM,cACpB;GACC;GACA;GACA,aAAa,GAAG,WAAW,CAAC,KAAK,EAAE;GACnC,gBAAgB;GAChB,MAAM,OAAO;GACb,EACD,IACA;EACD,CAAC;CAGJ,MAAM,qBAAqB,wBACzB,QAAQ,MAAM,EAAE,kBAAkB,MAAM,CACxC,KAAK,MAAM;EACX,MAAM,MAAM,OAAO,KAAK,EAAE,SAAS,CAAC;AACpC,SAAO,GAAG,IAAI,GAAG,EAAE,SAAS,KAAM;GACjC;AACH,KAAI,mBAAmB,SAAS,GAAG;AAClC,MAAI,QAAQ,OAAO,MAClB,yEAAyE,OAAO,2CAChF;GACC,QAAQ,KAAK;GACb;GACA,MAAM,OAAO;GACb;GACA,CACD;EACD,IAAI;AACJ,MAAI,WAAW,SACd,SAAQ,yBAAyB;WACzB,WAAW,SACnB,SAAQ,yBAAyB;WACzB,WAAW,SACnB,SAAQ,yBAAyB;WACzB,WAAW,OACnB,SAAQ,yBAAyB;WACzB,WAAW,OACnB,SAAQ,yBAAyB;MAC7B,SAAQ,yBAAyB;AAEtC,QAAM,SAAS,WAAW,aAAa;GACtC,SAAS,MAAM;GACf,MAAM,MAAM;GACZ;GACA,CAAC;;;AAIJ,eAAe,uCAAuC,EACrD,SACA,gBACA,MACA,OAME;CACF,MAAM,eAAe,QAAQ,QAC1B,OAAO,KAAK,QAAQ,MAAM,GAC1B;EAAC;EAAS;EAAS;EAAS;AAC/B,KAAI,aAAa,SAAS,KAAK,EAAE;AAChC,MAAI,QAAQ,OAAO,MAClB,2CAA2C,KAAK,4CAChD;GACC;GACA;GACA;GACA,CACD;AACD,QAAM,SAAS,KACd,eACA,yBAAyB,2BACzB;;;AAIH,eAAe,iCAAiC,EAC/C,gBACA,MACA,OAKE;AAkBF,KAjByB,MAAM,IAAI,QAAQ,QAAQ,QAA0B;EAC5E,OAAO;EACP,OAAO,CACN;GACC,OAAO;GACP,OAAO;GACP,UAAU;GACV,WAAW;GACX,EACD;GACC,OAAO;GACP,OAAO;GACP,UAAU;GACV,WAAW;GACX,CACD;EACD,CAAC,EACoB;AACrB,MAAI,QAAQ,OAAO,MAClB,2CAA2C,KAAK,gDAChD;GACC;GACA;GACA,CACD;AACD,QAAM,SAAS,KACd,eACA,yBAAyB,2BACzB"}