@skylabs-digital/react-identity-access 2.20.0 → 2.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.es.js +533 -481
  2. package/dist/index.es.js.map +1 -1
  3. package/dist/index.js +2 -2
  4. package/dist/index.js.map +1 -1
  5. package/dist/providers/AuthProvider.d.ts.map +1 -1
  6. package/dist/services/SessionManager.d.ts +18 -0
  7. package/dist/services/SessionManager.d.ts.map +1 -1
  8. package/package.json +1 -1
package/dist/index.es.js CHANGED
@@ -1,7 +1,7 @@
1
1
  import { jsx as s, Fragment as _, jsxs as d } from "react/jsx-runtime";
2
- import { createContext as fe, useMemo as J, useState as T, useCallback as se, useEffect as ee, useContext as ae, useRef as Qe } from "react";
3
- import { useLocation as Te, Navigate as be, useNavigate as ft, useSearchParams as gt } from "react-router-dom";
4
- class le {
2
+ import { createContext as me, useMemo as Z, useState as T, useCallback as ie, useEffect as ee, useContext as le, useRef as Ke } from "react";
3
+ import { useLocation as Ae, Navigate as Te, useNavigate as gt, useSearchParams as mt } from "react-router-dom";
4
+ class ce {
5
5
  constructor(e, t = 1e4) {
6
6
  this.baseUrl = e.replace(/\/$/, ""), this.timeout = t;
7
7
  }
@@ -50,7 +50,7 @@ class le {
50
50
  return this.executeRequest("DELETE", e, void 0, t);
51
51
  }
52
52
  }
53
- class Oe {
53
+ class ze {
54
54
  constructor(e, t) {
55
55
  this.httpService = e, this.sessionManager = t;
56
56
  }
@@ -109,9 +109,9 @@ class Oe {
109
109
  })).data;
110
110
  }
111
111
  }
112
- const Le = fe(null);
113
- function mr({ config: n, children: e }) {
114
- const t = J(
112
+ const Fe = me(null);
113
+ function yr({ config: n, children: e }) {
114
+ const t = Z(
115
115
  () => {
116
116
  var p, x, R;
117
117
  return {
@@ -132,7 +132,7 @@ function mr({ config: n, children: e }) {
132
132
  } catch {
133
133
  return null;
134
134
  }
135
- }), [o, a] = T(!r), [f, g] = T(null), w = J(() => {
135
+ }), [o, a] = T(!r), [f, g] = T(null), w = Z(() => {
136
136
  const p = () => {
137
137
  c();
138
138
  };
@@ -145,12 +145,12 @@ function mr({ config: n, children: e }) {
145
145
  appError: f,
146
146
  retryApp: p
147
147
  };
148
- }, [n, r, o, f]), c = se(
148
+ }, [n, r, o, f]), c = ie(
149
149
  async (p = !1) => {
150
150
  if (!(!p && t.enabled && r))
151
151
  try {
152
152
  a(!0), g(null);
153
- const x = new le(n.baseUrl), F = await new Oe(x, {}).getPublicAppInfo(n.appId);
153
+ const x = new ce(n.baseUrl), F = await new ze(x, {}).getPublicAppInfo(n.appId);
154
154
  if (i(F), t.enabled)
155
155
  try {
156
156
  const E = {
@@ -170,14 +170,14 @@ function mr({ config: n, children: e }) {
170
170
  }
171
171
  },
172
172
  [n.baseUrl, n.appId, t, r]
173
- ), I = se(async () => {
173
+ ), I = ie(async () => {
174
174
  if (!(!t.enabled || !r))
175
175
  try {
176
176
  const p = localStorage.getItem(t.storageKey);
177
177
  if (!p) return;
178
178
  const x = JSON.parse(p);
179
179
  if (Date.now() - x.timestamp > t.ttl * 0.5) {
180
- const F = new le(n.baseUrl), A = await new Oe(F, {}).getPublicAppInfo(n.appId);
180
+ const F = new ce(n.baseUrl), A = await new ze(F, {}).getPublicAppInfo(n.appId);
181
181
  i(A);
182
182
  const u = {
183
183
  data: A,
@@ -192,19 +192,19 @@ function mr({ config: n, children: e }) {
192
192
  }, [n, t, r]);
193
193
  return ee(() => {
194
194
  r ? I() : c();
195
- }, []), /* @__PURE__ */ s(Le.Provider, { value: w, children: e });
195
+ }, []), /* @__PURE__ */ s(Fe.Provider, { value: w, children: e });
196
196
  }
197
- function Se() {
198
- const n = ae(Le);
197
+ function ke() {
198
+ const n = le(Fe);
199
199
  if (!n)
200
200
  throw new Error("useApp must be used within an AppProvider");
201
201
  return n;
202
202
  }
203
203
  function Ze() {
204
- return ae(Le);
204
+ return le(Fe);
205
205
  }
206
- const yr = Se;
207
- class ie extends Error {
206
+ const wr = ke;
207
+ class se extends Error {
208
208
  constructor(e, t) {
209
209
  const r = {
210
210
  token_expired: "Refresh token has expired",
@@ -214,21 +214,46 @@ class ie extends Error {
214
214
  super(t || r[e]), this.name = "SessionExpiredError", this.reason = e;
215
215
  }
216
216
  }
217
- class mt extends Error {
217
+ class yt extends Error {
218
218
  constructor(e) {
219
219
  super(`Token refresh timed out after ${e}ms`), this.name = "TokenRefreshTimeoutError", this.timeoutMs = e;
220
220
  }
221
221
  }
222
- class yt extends Error {
222
+ class wt extends Error {
223
223
  constructor(e, t) {
224
224
  super(
225
225
  `Token refresh failed after ${e} attempts: ${(t == null ? void 0 : t.message) || "Unknown error"}`
226
226
  ), this.name = "TokenRefreshError", this.attempts = e, this.lastError = t;
227
227
  }
228
228
  }
229
- class pe {
229
+ const oe = class oe {
230
230
  constructor(e = {}) {
231
- this.refreshPromise = null, this.refreshQueue = [], this.proactiveTimerId = null, this.backgroundRetryTimerId = null, this.isDestroyed = !1, e.tenantSlug !== void 0 ? this.storageKey = e.tenantSlug ? `auth_tokens_${e.tenantSlug}` : "auth_tokens" : this.storageKey = e.storageKey || "auth_tokens", this.autoRefresh = e.autoRefresh ?? !0, this.refreshThreshold = e.refreshThreshold || 3e5, this.onRefreshFailed = e.onRefreshFailed, this.onSessionExpired = e.onSessionExpired, this.baseUrl = e.baseUrl || "", this.proactiveRefreshMargin = e.proactiveRefreshMargin ?? 6e4, this.refreshQueueTimeout = e.refreshQueueTimeout ?? 1e4, this.maxRefreshRetries = e.maxRefreshRetries ?? 3, this.retryBackoffBase = e.retryBackoffBase ?? 1e3, this.tokenStorage = e.tokenStorage || this.createTokenStorage(this.storageKey), this.scheduleProactiveRefresh();
231
+ this.refreshPromise = null, this.refreshQueue = [], this.proactiveTimerId = null, this.backgroundRetryTimerId = null, this.isDestroyed = !1, this.sessionGeneration = 0, e.tenantSlug !== void 0 ? this.storageKey = e.tenantSlug ? `auth_tokens_${e.tenantSlug}` : "auth_tokens" : this.storageKey = e.storageKey || "auth_tokens", this.autoRefresh = e.autoRefresh ?? !0, this.refreshThreshold = e.refreshThreshold || 3e5, this.onRefreshFailed = e.onRefreshFailed, this.onSessionExpired = e.onSessionExpired, this.baseUrl = e.baseUrl || "", this.proactiveRefreshMargin = e.proactiveRefreshMargin ?? 6e4, this.refreshQueueTimeout = e.refreshQueueTimeout ?? 1e4, this.maxRefreshRetries = e.maxRefreshRetries ?? 3, this.retryBackoffBase = e.retryBackoffBase ?? 1e3, this.tokenStorage = e.tokenStorage || this.createTokenStorage(this.storageKey), this.scheduleProactiveRefresh();
232
+ }
233
+ /**
234
+ * Get or create a SessionManager instance for the given config.
235
+ * Returns the same instance when called with the same storageKey/tenantSlug.
236
+ * Mutable config (callbacks, baseUrl) is updated on the existing instance.
237
+ */
238
+ static getInstance(e = {}) {
239
+ const t = oe.resolveStorageKey(e), r = oe.instances.get(t);
240
+ if (r)
241
+ return r.updateConfig(e), r;
242
+ const i = new oe(e);
243
+ return oe.instances.set(t, i), i;
244
+ }
245
+ /** Reset all singleton instances. For testing only. */
246
+ static resetAllInstances() {
247
+ for (const e of oe.instances.values())
248
+ e.destroy();
249
+ oe.instances.clear();
250
+ }
251
+ static resolveStorageKey(e) {
252
+ return e.storageKey ? e.storageKey : e.tenantSlug !== void 0 && e.tenantSlug ? `auth_tokens_${e.tenantSlug}` : "auth_tokens";
253
+ }
254
+ /** Update mutable config (callbacks, baseUrl) on an existing instance. */
255
+ updateConfig(e) {
256
+ e.onSessionExpired !== void 0 && (this.onSessionExpired = e.onSessionExpired), e.onRefreshFailed !== void 0 && (this.onRefreshFailed = e.onRefreshFailed), e.baseUrl && (this.baseUrl = e.baseUrl);
232
257
  }
233
258
  // --- Storage helpers ---
234
259
  createTokenStorage(e) {
@@ -271,7 +296,7 @@ class pe {
271
296
  }
272
297
  }
273
298
  setTokens(e) {
274
- const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || pe.extractJwtExpiry(e.accessToken), r = {
299
+ const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || oe.extractJwtExpiry(e.accessToken), r = {
275
300
  ...e,
276
301
  expiresAt: t
277
302
  };
@@ -281,7 +306,7 @@ class pe {
281
306
  const { accessToken: e, refreshToken: t, expiresAt: r, expiresIn: i, tokenType: o } = this.tokenStorage.get() || {};
282
307
  if (!e)
283
308
  return null;
284
- const a = r || pe.extractJwtExpiry(e);
309
+ const a = r || oe.extractJwtExpiry(e);
285
310
  return {
286
311
  accessToken: e,
287
312
  refreshToken: t,
@@ -312,9 +337,7 @@ class pe {
312
337
  if (!(e != null && e.expiresAt) || !e.refreshToken) return;
313
338
  const r = e.expiresAt - this.proactiveRefreshMargin - Date.now();
314
339
  if (r <= 0) {
315
- this.proactiveTimerId = setTimeout(() => {
316
- this.backgroundRefresh();
317
- }, 0);
340
+ this.backgroundRefresh();
318
341
  return;
319
342
  }
320
343
  this.proactiveTimerId = setTimeout(() => {
@@ -327,15 +350,29 @@ class pe {
327
350
  backgroundRefresh() {
328
351
  if (this.isDestroyed) return;
329
352
  const e = this.getTokens();
330
- e != null && e.refreshToken && (this.refreshPromise || this.startRefreshAndResolveQueue(e.refreshToken).then(() => {
331
- }).catch((t) => {
332
- t instanceof ie || (console.warn(
353
+ if (!(e != null && e.refreshToken) || this.refreshPromise) return;
354
+ const t = this.sessionGeneration;
355
+ this.startRefreshAndResolveQueue(e.refreshToken).then(() => {
356
+ }).catch((r) => {
357
+ r instanceof se || this.sessionGeneration === t && (console.warn(
333
358
  "[SessionManager] Background refresh failed, retrying in 30s:",
334
- t.message
359
+ r.message
335
360
  ), this.backgroundRetryTimerId = setTimeout(() => {
336
361
  this.backgroundRefresh();
337
362
  }, 3e4));
338
- }));
363
+ });
364
+ }
365
+ /**
366
+ * Wait for any in-progress token refresh to settle.
367
+ * Returns true if refresh succeeded, false if it failed or no refresh was pending.
368
+ */
369
+ async waitForPendingRefresh() {
370
+ if (!this.refreshPromise) return !1;
371
+ try {
372
+ return await this.refreshPromise, !0;
373
+ } catch {
374
+ return !1;
375
+ }
339
376
  }
340
377
  // --- Core: getValidAccessToken with queue + timeout ---
341
378
  /**
@@ -349,13 +386,13 @@ class pe {
349
386
  async getValidAccessToken() {
350
387
  const e = this.getTokens();
351
388
  if (!(e != null && e.accessToken)) {
352
- const t = new ie("token_invalid", "No tokens available");
389
+ const t = new se("token_invalid", "No tokens available");
353
390
  throw this.handleSessionExpired(t), t;
354
391
  }
355
392
  if (!this.shouldRefreshToken(e) && !this.isTokenExpired(e))
356
393
  return e.accessToken;
357
394
  if (!e.refreshToken) {
358
- const t = new ie("token_invalid", "No refresh token available");
395
+ const t = new se("token_invalid", "No refresh token available");
359
396
  throw this.handleSessionExpired(t), t;
360
397
  }
361
398
  return this.refreshPromise ? this.enqueueForToken() : this.startRefreshAndResolveQueue(e.refreshToken);
@@ -367,14 +404,14 @@ class pe {
367
404
  try {
368
405
  return { Authorization: `Bearer ${await this.getValidAccessToken()}` };
369
406
  } catch (e) {
370
- return e instanceof ie && this.onRefreshFailed && this.onRefreshFailed(), {};
407
+ return e instanceof se && this.onRefreshFailed && this.onRefreshFailed(), {};
371
408
  }
372
409
  }
373
410
  enqueueForToken() {
374
411
  return new Promise((e, t) => {
375
412
  const r = setTimeout(() => {
376
413
  const i = this.refreshQueue.findIndex((o) => o.timeoutId === r);
377
- i !== -1 && this.refreshQueue.splice(i, 1), t(new mt(this.refreshQueueTimeout));
414
+ i !== -1 && this.refreshQueue.splice(i, 1), t(new yt(this.refreshQueueTimeout));
378
415
  }, this.refreshQueueTimeout);
379
416
  this.refreshQueue.push({ resolve: e, reject: t, timeoutId: r });
380
417
  });
@@ -387,7 +424,7 @@ class pe {
387
424
  return this.resolveQueue(r), r;
388
425
  } catch (t) {
389
426
  const r = t instanceof Error ? t : new Error("Token refresh failed");
390
- throw r instanceof ie ? (this.rejectQueue(r), this.handleSessionExpired(r)) : this.rejectQueue(r), r;
427
+ throw r instanceof se ? (this.rejectQueue(r), this.handleSessionExpired(r)) : this.rejectQueue(r), r;
391
428
  } finally {
392
429
  this.refreshPromise = null;
393
430
  }
@@ -407,20 +444,24 @@ class pe {
407
444
  // --- Refresh with retry + error classification ---
408
445
  async executeRefreshWithRetry(e) {
409
446
  let t;
410
- for (let r = 0; r <= this.maxRefreshRetries; r++)
447
+ const r = this.sessionGeneration;
448
+ for (let i = 0; i <= this.maxRefreshRetries; i++) {
449
+ if (this.sessionGeneration !== r)
450
+ throw new se("token_invalid", "Session cleared during refresh");
411
451
  try {
412
452
  await this.performTokenRefresh(e);
413
453
  return;
414
- } catch (i) {
415
- const o = i instanceof Error ? i : new Error(String(i));
416
- if (o instanceof ie)
417
- throw o;
418
- if (t = o, r < this.maxRefreshRetries) {
419
- const a = this.retryBackoffBase * Math.pow(2, r);
420
- await this.sleep(a);
454
+ } catch (o) {
455
+ const a = o instanceof Error ? o : new Error(String(o));
456
+ if (a instanceof se)
457
+ throw a;
458
+ if (t = a, i < this.maxRefreshRetries) {
459
+ const f = this.retryBackoffBase * Math.pow(2, i);
460
+ await this.sleep(f);
421
461
  }
422
462
  }
423
- throw new yt(this.maxRefreshRetries + 1, t);
463
+ }
464
+ throw new wt(this.maxRefreshRetries + 1, t);
424
465
  }
425
466
  /**
426
467
  * Single refresh attempt with error classification.
@@ -449,7 +490,7 @@ class pe {
449
490
  } catch {
450
491
  o = r.statusText.toLowerCase();
451
492
  }
452
- throw r.status === 401 ? o.includes("expired") ? new ie("token_expired") : o.includes("invalid") ? new ie("token_invalid") : new ie("token_invalid", `Unauthorized: ${o}`) : r.status === 400 ? o.includes("inactive") ? new ie("user_inactive") : new Error(`Token refresh failed (400): ${o}`) : new Error(`Token refresh failed: ${r.status} ${o}`);
493
+ throw r.status === 401 ? o.includes("expired") ? new se("token_expired") : o.includes("invalid") ? new se("token_invalid") : new se("token_invalid", `Unauthorized: ${o}`) : r.status === 400 ? o.includes("inactive") ? new se("user_inactive") : new Error(`Token refresh failed (400): ${o}`) : new Error(`Token refresh failed: ${r.status} ${o}`);
453
494
  }
454
495
  const i = await r.json();
455
496
  this.setTokens({
@@ -477,8 +518,8 @@ class pe {
477
518
  }
478
519
  // --- Session lifecycle ---
479
520
  clearSession() {
480
- this.cancelProactiveTimer(), this.clearTokens(), this.clearUser();
481
- const e = new ie("token_invalid", "Session cleared");
521
+ this.sessionGeneration++, this.cancelProactiveTimer(), this.clearTokens(), this.clearUser();
522
+ const e = new se("token_invalid", "Session cleared");
482
523
  this.rejectQueue(e);
483
524
  }
484
525
  /**
@@ -486,8 +527,8 @@ class pe {
486
527
  * Cancels all timers and rejects pending queue entries.
487
528
  */
488
529
  destroy() {
489
- this.isDestroyed = !0, this.cancelProactiveTimer();
490
- const e = new ie("token_invalid", "SessionManager destroyed");
530
+ this.isDestroyed = !0, oe.instances.delete(this.storageKey), this.cancelProactiveTimer();
531
+ const e = new se("token_invalid", "SessionManager destroyed");
491
532
  this.rejectQueue(e);
492
533
  }
493
534
  // --- JWT helpers ---
@@ -524,8 +565,10 @@ class pe {
524
565
  sleep(e) {
525
566
  return new Promise((t) => setTimeout(t, e));
526
567
  }
527
- }
528
- class wt {
568
+ };
569
+ oe.instances = /* @__PURE__ */ new Map();
570
+ let Se = oe;
571
+ class bt {
529
572
  constructor(e) {
530
573
  this.httpService = e;
531
574
  }
@@ -581,7 +624,7 @@ class wt {
581
624
  });
582
625
  }
583
626
  }
584
- class ze {
627
+ class _e {
585
628
  constructor(e, t) {
586
629
  this.httpService = e, this.sessionManager = t;
587
630
  }
@@ -657,7 +700,7 @@ class ze {
657
700
  };
658
701
  }
659
702
  }
660
- class bt {
703
+ class St {
661
704
  constructor(e, t) {
662
705
  this.httpService = e, this.sessionManager = t;
663
706
  }
@@ -697,7 +740,7 @@ class bt {
697
740
  });
698
741
  }
699
742
  }
700
- class we {
743
+ class ve {
701
744
  constructor(e, t, r) {
702
745
  this.httpService = e, this.appId = t, this.sessionManager = r;
703
746
  }
@@ -775,7 +818,7 @@ class we {
775
818
  )).data;
776
819
  }
777
820
  }
778
- function St(n, e) {
821
+ function vt(n, e) {
779
822
  if (n === "localhost" || n.startsWith("127.") || n.startsWith("192.168."))
780
823
  return null;
781
824
  if (e) {
@@ -791,26 +834,26 @@ function St(n, e) {
791
834
  const r = n.split(".");
792
835
  return r.length >= 3 && r[0] !== "www" ? r[0] : null;
793
836
  }
794
- function vt(n, e = "tenant", t) {
837
+ function Tt(n, e = "tenant", t) {
795
838
  const i = new URLSearchParams(n).get(e);
796
839
  return i ? (t && t.setItem("tenant", i), i) : t ? t.getItem("tenant") : null;
797
840
  }
798
- function Tt(n, e, t) {
841
+ function kt(n, e, t) {
799
842
  const { tenantMode: r, baseDomain: i, selectorParam: o, fixedTenantSlug: a } = n;
800
- return r === "fixed" ? a || null : r === "subdomain" ? St(e.hostname, i) : r === "selector" ? vt(e.search, o, t) : null;
843
+ return r === "fixed" ? a || null : r === "subdomain" ? vt(e.hostname, i) : r === "selector" ? Tt(e.search, o, t) : null;
801
844
  }
802
- function kt(n, e, t) {
845
+ function xt(n, e, t) {
803
846
  if (t)
804
847
  return `${n}.${t}`;
805
848
  const r = e.split(".");
806
849
  return r.length === 2 ? `${n}.${e}` : r.length >= 3 ? (r[0] = n, r.join(".")) : null;
807
850
  }
808
- const he = "_auth";
809
- function _e(n) {
851
+ const ge = "_auth";
852
+ function We(n) {
810
853
  const e = JSON.stringify(n);
811
854
  return btoa(e).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
812
855
  }
813
- function xt(n) {
856
+ function At(n) {
814
857
  try {
815
858
  let e = n.replace(/-/g, "+").replace(/_/g, "/");
816
859
  for (; e.length % 4; )
@@ -821,16 +864,16 @@ function xt(n) {
821
864
  return null;
822
865
  }
823
866
  }
824
- function At() {
867
+ function Pt() {
825
868
  if (typeof window > "u")
826
869
  return console.log("[CrossDomainAuth] SSR environment, skipping URL token extraction"), null;
827
- const e = new URLSearchParams(window.location.search).get(he);
870
+ const e = new URLSearchParams(window.location.search).get(ge);
828
871
  if (console.log("[CrossDomainAuth] extractAuthTokensFromUrl called", {
829
872
  hasAuthParam: !!e,
830
873
  searchParams: window.location.search,
831
874
  encodedLength: e == null ? void 0 : e.length
832
875
  }), !e) return null;
833
- const t = xt(e);
876
+ const t = At(e);
834
877
  return console.log("[CrossDomainAuth] Token decode result:", {
835
878
  success: !!t,
836
879
  hasAccessToken: !!(t != null && t.accessToken),
@@ -838,17 +881,17 @@ function At() {
838
881
  expiresIn: t == null ? void 0 : t.expiresIn
839
882
  }), t;
840
883
  }
841
- function Pt() {
884
+ function Rt() {
842
885
  if (typeof window > "u") return;
843
886
  const n = new URL(window.location.href);
844
- n.searchParams.delete(he), console.log("[CrossDomainAuth] Clearing auth tokens from URL", {
887
+ n.searchParams.delete(ge), console.log("[CrossDomainAuth] Clearing auth tokens from URL", {
845
888
  oldUrl: window.location.href,
846
889
  newUrl: n.toString()
847
890
  }), window.history.replaceState({}, "", n.toString());
848
891
  }
849
- const Fe = fe(null);
850
- function wr({ config: n, children: e }) {
851
- const { baseUrl: t, appInfo: r, appId: i } = Se(), o = se(() => typeof window > "u" ? null : Tt(
892
+ const De = me(null);
893
+ function br({ config: n, children: e }) {
894
+ const { baseUrl: t, appInfo: r, appId: i } = ke(), o = ie(() => typeof window > "u" ? null : kt(
852
895
  {
853
896
  tenantMode: n.tenantMode || "selector",
854
897
  baseDomain: n.baseDomain,
@@ -860,7 +903,7 @@ function wr({ config: n, children: e }) {
860
903
  search: window.location.search
861
904
  },
862
905
  window.localStorage
863
- ), [n.tenantMode, n.baseDomain, n.selectorParam, n.fixedTenantSlug]), [a, f] = T(() => o()), g = J(
906
+ ), [n.tenantMode, n.baseDomain, n.selectorParam, n.fixedTenantSlug]), [a, f] = T(() => o()), g = Z(
864
907
  () => {
865
908
  var h, C, S;
866
909
  return {
@@ -888,12 +931,12 @@ function wr({ config: n, children: e }) {
888
931
  const h = o();
889
932
  f(h);
890
933
  }, [o, n.tenantMode]);
891
- const M = (r == null ? void 0 : r.settingsSchema) || null, L = se(
934
+ const M = (r == null ? void 0 : r.settingsSchema) || null, L = ie(
892
935
  async (h, C = !1) => {
893
936
  if (!(!C && g.enabled && w && w.domain === h))
894
937
  try {
895
938
  p(!0), R(null);
896
- const S = new le(t), y = await new we(S, i).getPublicTenantInfo(h);
939
+ const S = new ce(t), y = await new ve(S, i).getPublicTenantInfo(h);
897
940
  if (c(y), g.enabled)
898
941
  try {
899
942
  const v = {
@@ -913,30 +956,30 @@ function wr({ config: n, children: e }) {
913
956
  }
914
957
  },
915
958
  [t, i, g, w]
916
- ), D = se(async () => {
959
+ ), D = ie(async () => {
917
960
  if (!(!g.enabled || !w || !a))
918
961
  try {
919
962
  const h = localStorage.getItem(g.storageKey);
920
963
  if (!h) return;
921
964
  const C = JSON.parse(h);
922
965
  if (Date.now() - C.timestamp > g.ttl * 0.5) {
923
- const b = new le(t), v = await new we(b, i).getPublicTenantInfo(a);
966
+ const b = new ce(t), v = await new ve(b, i).getPublicTenantInfo(a);
924
967
  c(v);
925
- const j = {
968
+ const G = {
926
969
  data: v,
927
970
  timestamp: Date.now(),
928
971
  tenantSlug: a
929
972
  };
930
- localStorage.setItem(g.storageKey, JSON.stringify(j));
973
+ localStorage.setItem(g.storageKey, JSON.stringify(G));
931
974
  }
932
975
  } catch (h) {
933
976
  console.warn("Background tenant refresh failed:", h);
934
977
  }
935
- }, [t, i, g, w, a]), P = se(async () => {
978
+ }, [t, i, g, w, a]), P = ie(async () => {
936
979
  if (w != null && w.id)
937
980
  try {
938
981
  u(!0), m(null);
939
- const h = new le(t), S = await new we(h, w.appId).getTenantSettings(w.id);
982
+ const h = new ce(t), S = await new ve(h, w.appId).getTenantSettings(w.id);
940
983
  E(S);
941
984
  } catch (h) {
942
985
  const C = h instanceof Error ? h : new Error("Failed to load tenant settings");
@@ -944,9 +987,9 @@ function wr({ config: n, children: e }) {
944
987
  } finally {
945
988
  u(!1);
946
989
  }
947
- }, [t, w]), U = se(() => {
990
+ }, [t, w]), U = ie(() => {
948
991
  P();
949
- }, [P]), l = se(
992
+ }, [P]), l = ie(
950
993
  (h) => {
951
994
  if (!M)
952
995
  return { isValid: !0, errors: [] };
@@ -961,8 +1004,8 @@ function wr({ config: n, children: e }) {
961
1004
  }
962
1005
  if (y != null) {
963
1006
  if (b.type) {
964
- const j = b.type, Q = typeof y;
965
- j === "string" && Q !== "string" ? C.push(`Field '${S}' must be a string`) : (j === "number" || j === "integer") && Q !== "number" ? C.push(`Field '${S}' must be a number`) : j === "boolean" && Q !== "boolean" ? C.push(`Field '${S}' must be a boolean`) : j === "array" && !Array.isArray(y) && C.push(`Field '${S}' must be an array`);
1007
+ const G = b.type, Q = typeof y;
1008
+ G === "string" && Q !== "string" ? C.push(`Field '${S}' must be a string`) : (G === "number" || G === "integer") && Q !== "number" ? C.push(`Field '${S}' must be a number`) : G === "boolean" && Q !== "boolean" ? C.push(`Field '${S}' must be a boolean`) : G === "array" && !Array.isArray(y) && C.push(`Field '${S}' must be an array`);
966
1009
  }
967
1010
  b.minLength !== void 0 && typeof y == "string" && y.length < b.minLength && C.push(
968
1011
  `Field '${S}' must be at least ${b.minLength} characters long`
@@ -988,7 +1031,7 @@ function wr({ config: n, children: e }) {
988
1031
  }, [n.initialTenant, a, w, L, D]), ee(() => {
989
1032
  w != null && w.id ? P() : (E(null), m(null), u(!1));
990
1033
  }, [w == null ? void 0 : w.id, P]);
991
- const N = se(
1034
+ const N = ie(
992
1035
  (h, C) => {
993
1036
  const { mode: S = "reload", tokens: b, redirectPath: y } = C || {}, v = n.tenantMode || "selector";
994
1037
  if (v === "fixed") {
@@ -999,35 +1042,35 @@ function wr({ config: n, children: e }) {
999
1042
  return;
1000
1043
  }
1001
1044
  if (localStorage.setItem("tenant", h), v === "subdomain") {
1002
- const j = window.location.hostname, Q = kt(
1045
+ const G = window.location.hostname, Q = xt(
1003
1046
  h,
1004
- j,
1047
+ G,
1005
1048
  n.baseDomain
1006
1049
  );
1007
1050
  if (!Q) {
1008
1051
  console.warn(
1009
1052
  "[TenantProvider] Cannot switch subdomain, invalid hostname:",
1010
- j
1053
+ G
1011
1054
  );
1012
1055
  return;
1013
1056
  }
1014
1057
  const O = y || window.location.pathname, q = new URL(`${window.location.protocol}//${Q}${O}`);
1015
1058
  new URLSearchParams(window.location.search).forEach((B, X) => {
1016
- X !== he && q.searchParams.set(X, B);
1017
- }), b && q.searchParams.set(he, _e(b)), window.location.href = q.toString();
1059
+ X !== ge && q.searchParams.set(X, B);
1060
+ }), b && q.searchParams.set(ge, We(b)), window.location.href = q.toString();
1018
1061
  } else if (v === "selector") {
1019
- const j = y || window.location.pathname, Q = new URLSearchParams(window.location.search);
1020
- if (Q.set(n.selectorParam || "tenant", h), Q.delete(he), b && Q.set(he, _e(b)), S === "reload") {
1021
- const O = `${j}?${Q.toString()}${window.location.hash}`;
1062
+ const G = y || window.location.pathname, Q = new URLSearchParams(window.location.search);
1063
+ if (Q.set(n.selectorParam || "tenant", h), Q.delete(ge), b && Q.set(ge, We(b)), S === "reload") {
1064
+ const O = `${G}?${Q.toString()}${window.location.hash}`;
1022
1065
  window.location.href = O;
1023
1066
  } else {
1024
- const O = `${j}?${Q.toString()}${window.location.hash}`;
1067
+ const O = `${G}?${Q.toString()}${window.location.hash}`;
1025
1068
  window.history.pushState({}, "", O), f(h), L(h);
1026
1069
  }
1027
1070
  }
1028
1071
  },
1029
1072
  [n.tenantMode, n.selectorParam, n.baseDomain, L]
1030
- ), $ = J(() => ({
1073
+ ), $ = Z(() => ({
1031
1074
  // Tenant info
1032
1075
  tenant: w,
1033
1076
  tenantSlug: a,
@@ -1059,20 +1102,20 @@ function wr({ config: n, children: e }) {
1059
1102
  N,
1060
1103
  l
1061
1104
  ]);
1062
- return /* @__PURE__ */ s(Fe.Provider, { value: $, children: e });
1105
+ return /* @__PURE__ */ s(De.Provider, { value: $, children: e });
1063
1106
  }
1064
- function ge() {
1065
- const n = ae(Fe);
1107
+ function ye() {
1108
+ const n = le(De);
1066
1109
  if (!n)
1067
1110
  throw new Error("useTenant must be used within a TenantProvider");
1068
1111
  return n;
1069
1112
  }
1070
- function ke() {
1071
- return ae(Fe);
1113
+ function Pe() {
1114
+ return le(De);
1072
1115
  }
1073
- const br = ge;
1074
- function Sr() {
1075
- const { settings: n, settingsSchema: e, isSettingsLoading: t, settingsError: r, validateSettings: i } = ge();
1116
+ const Sr = ye;
1117
+ function vr() {
1118
+ const { settings: n, settingsSchema: e, isSettingsLoading: t, settingsError: r, validateSettings: i } = ye();
1076
1119
  return {
1077
1120
  settings: n,
1078
1121
  settingsSchema: e,
@@ -1081,8 +1124,8 @@ function Sr() {
1081
1124
  validateSettings: i
1082
1125
  };
1083
1126
  }
1084
- function me() {
1085
- const { tenant: n, tenantSlug: e, isTenantLoading: t, tenantError: r, retryTenant: i } = ge();
1127
+ function we() {
1128
+ const { tenant: n, tenantSlug: e, isTenantLoading: t, tenantError: r, retryTenant: i } = ye();
1086
1129
  return {
1087
1130
  tenant: n,
1088
1131
  tenantSlug: e,
@@ -1091,186 +1134,190 @@ function me() {
1091
1134
  retry: i
1092
1135
  };
1093
1136
  }
1094
- const De = fe(null);
1095
- function vr({ config: n = {}, children: e }) {
1096
- const { appId: t, baseUrl: r } = Se(), { tenant: i, tenantSlug: o, switchTenant: a } = ge(), [f, g] = T(n.initialRoles || []), [w, c] = T(!n.initialRoles), [I, p] = T(null), [x, R] = T(!1), [F, E] = T(null), [A, u] = T(0), [k, m] = T(() => {
1137
+ const Ne = me(null);
1138
+ function Tr({ config: n = {}, children: e }) {
1139
+ const { appId: t, baseUrl: r } = ke(), { tenant: i, tenantSlug: o, switchTenant: a } = ye(), [f, g] = T(n.initialRoles || []), [w, c] = T(!n.initialRoles), [I, p] = T(null), [x, R] = T(!1), [F, E] = T(null), [A, u] = T(0), [k, m] = T(() => {
1097
1140
  try {
1098
- const G = localStorage.getItem("userTenants");
1099
- return G ? JSON.parse(G) : [];
1141
+ const V = localStorage.getItem("userTenants");
1142
+ return V ? JSON.parse(V) : [];
1100
1143
  } catch {
1101
1144
  return [];
1102
1145
  }
1103
- }), [M, L] = T(!1), D = Qe({ done: !1, urlTokens: null });
1104
- D.current.done || (D.current.done = !0, D.current.urlTokens = At(), D.current.urlTokens && console.log(
1146
+ }), [M, L] = T(!1), D = Ke({ done: !1, urlTokens: null });
1147
+ D.current.done || (D.current.done = !0, D.current.urlTokens = Pt(), D.current.urlTokens && console.log(
1105
1148
  "[AuthProvider] SYNC: URL tokens found, will block isAuthReady until user loaded"
1106
1149
  ));
1107
1150
  const [P, U] = T(() => {
1108
- const G = D.current.urlTokens !== null;
1109
- return console.log("[AuthProvider] SYNC: isLoadingAfterUrlTokens initial:", G), G;
1110
- }), l = J(() => {
1111
- const G = new pe({
1151
+ const V = D.current.urlTokens !== null;
1152
+ return console.log("[AuthProvider] SYNC: isLoadingAfterUrlTokens initial:", V), V;
1153
+ }), l = Z(() => {
1154
+ const V = Se.getInstance({
1112
1155
  tenantSlug: o,
1113
1156
  baseUrl: r,
1114
1157
  refreshQueueTimeout: n.refreshQueueTimeout,
1115
1158
  proactiveRefreshMargin: n.proactiveRefreshMargin,
1116
- onSessionExpired: (ue) => {
1159
+ onSessionExpired: (he) => {
1117
1160
  p(null), E(null), m([]), L(!1);
1118
1161
  try {
1119
1162
  localStorage.removeItem("userTenants");
1120
1163
  } catch {
1121
1164
  }
1122
- n.onSessionExpired ? n.onSessionExpired(ue) : n.onRefreshFailed && n.onRefreshFailed();
1165
+ n.onSessionExpired ? n.onSessionExpired(he) : n.onRefreshFailed && n.onRefreshFailed();
1123
1166
  }
1124
1167
  });
1125
- return D.current.urlTokens && (console.log("[AuthProvider] SYNC: Saving URL tokens to session manager"), G.setTokens({
1168
+ return D.current.urlTokens && (console.log("[AuthProvider] SYNC: Saving URL tokens to session manager"), V.setTokens({
1126
1169
  accessToken: D.current.urlTokens.accessToken,
1127
1170
  refreshToken: D.current.urlTokens.refreshToken,
1128
1171
  expiresIn: D.current.urlTokens.expiresIn
1129
- }), console.log("[AuthProvider] SYNC: Session valid:", G.hasValidSession())), G;
1130
- }, [o, r, n.refreshQueueTimeout, n.proactiveRefreshMargin]), [N, $] = T(() => D.current.urlTokens ? !1 : l.hasValidSession()), h = D.current.done && !P && !N, C = J(() => {
1131
- const G = new le(r);
1132
- return G.setSessionManager(l), G;
1133
- }, [r, l]), S = J(() => new wt(new le(r)), [r]), b = J(() => new bt(C, l), [C, l]), y = J(() => new ze(new le(r)), [r]), v = J(() => I || l.getUser(), [I, l]), j = J(() => v != null && v.roleId && f.find((G) => G.id === v.roleId) || null, [v, f]), Q = J(() => (j == null ? void 0 : j.permissions) || [], [j]), O = J(() => l.hasValidSession() && I !== null, [l, I]), q = 5 * 60 * 1e3, W = J(() => {
1134
- const G = async (H = !1) => {
1172
+ }), console.log("[AuthProvider] SYNC: Session valid:", V.hasValidSession())), V;
1173
+ }, [o, r, n.refreshQueueTimeout, n.proactiveRefreshMargin]), [N, $] = T(() => {
1174
+ if (D.current.urlTokens) return !1;
1175
+ const V = l.getTokens();
1176
+ return V ? l.hasValidSession() || !!V.refreshToken : !1;
1177
+ }), h = D.current.done && !P && !N, C = Z(() => {
1178
+ const V = new ce(r);
1179
+ return V.setSessionManager(l), V;
1180
+ }, [r, l]), S = Z(() => new bt(new ce(r)), [r]), b = Z(() => new St(C, l), [C, l]), y = Z(() => new _e(new ce(r)), [r]), v = Z(() => I || l.getUser(), [I, l]), G = Z(() => v != null && v.roleId && f.find((V) => V.id === v.roleId) || null, [v, f]), Q = Z(() => (G == null ? void 0 : G.permissions) || [], [G]), O = Z(() => l.hasValidSession() && I !== null, [l, I]), q = 5 * 60 * 1e3, W = Z(() => {
1181
+ const V = async (H = !1) => {
1135
1182
  try {
1136
1183
  if (!l.hasValidSession())
1137
1184
  return;
1138
1185
  const z = Date.now();
1139
1186
  if (!H && z - A < q && I)
1140
1187
  return;
1141
- const V = l.getUserId();
1142
- if (!V) {
1188
+ const j = l.getUserId();
1189
+ if (!j) {
1143
1190
  console.warn("[AuthProvider] No userId available in token or storage");
1144
1191
  return;
1145
1192
  }
1146
1193
  R(!0), E(null);
1147
- const K = await b.getUserById(V);
1148
- p(K), l.setUser(K), u(Date.now());
1194
+ const J = await b.getUserById(j);
1195
+ p(J), l.setUser(J), u(Date.now());
1149
1196
  } catch (z) {
1150
1197
  const Y = z instanceof Error ? z : new Error("Failed to load user data");
1151
1198
  E(Y), console.error("[AuthProvider] Failed to load user data:", Y);
1152
1199
  } finally {
1153
1200
  R(!1);
1154
1201
  }
1155
- }, ue = async () => {
1156
- await G();
1157
- }, xe = async (H) => {
1158
- var Be;
1159
- const { username: z, password: Y, tenantSlug: V, redirectPath: K } = H;
1202
+ }, he = async () => {
1203
+ await V();
1204
+ }, fe = async (H) => {
1205
+ var qe;
1206
+ const { username: z, password: Y, tenantSlug: j, redirectPath: J } = H;
1160
1207
  let te = i == null ? void 0 : i.id, re = o, ne = l;
1161
- V && (te = (await new we(C, t).getPublicTenantInfo(V)).id, re = V);
1162
- const Z = await S.login({
1208
+ j && (te = (await new ve(C, t).getPublicTenantInfo(j)).id, re = j);
1209
+ const K = await S.login({
1163
1210
  username: z,
1164
1211
  password: Y,
1165
1212
  appId: t,
1166
1213
  tenantId: te
1167
- }), ye = V && V !== o;
1168
- if (ye && (ne = new pe({
1214
+ }), be = j && j !== o;
1215
+ if (be && (ne = new Se({
1169
1216
  tenantSlug: re,
1170
1217
  baseUrl: r
1171
1218
  })), ne.setTokens({
1172
- accessToken: Z.accessToken,
1173
- refreshToken: Z.refreshToken,
1174
- expiresIn: Z.expiresIn
1175
- }), Z.user) {
1176
- ne.setUser(Z.user), p(Z.user);
1219
+ accessToken: K.accessToken,
1220
+ refreshToken: K.refreshToken,
1221
+ expiresIn: K.expiresIn
1222
+ }), K.user) {
1223
+ ne.setUser(K.user), p(K.user);
1177
1224
  try {
1178
- await G();
1179
- } catch (ve) {
1180
- console.warn("Failed to load complete user data after login:", ve);
1225
+ await V();
1226
+ } catch (xe) {
1227
+ console.warn("Failed to load complete user data after login:", xe);
1181
1228
  }
1182
1229
  }
1183
- if (Z.tenants && Z.tenants.length > 0) {
1184
- m(Z.tenants);
1230
+ if (K.tenants && K.tenants.length > 0) {
1231
+ m(K.tenants);
1185
1232
  try {
1186
- localStorage.setItem("userTenants", JSON.stringify(Z.tenants));
1233
+ localStorage.setItem("userTenants", JSON.stringify(K.tenants));
1187
1234
  } catch {
1188
1235
  }
1189
1236
  }
1190
- const Re = ((Be = Z.user) == null ? void 0 : Be.tenantId) !== null;
1191
- L(Re);
1192
- const Ie = {
1193
- accessToken: Z.accessToken,
1194
- refreshToken: Z.refreshToken,
1195
- expiresIn: Z.expiresIn
1237
+ const Ie = ((qe = K.user) == null ? void 0 : qe.tenantId) !== null;
1238
+ L(Ie);
1239
+ const Ee = {
1240
+ accessToken: K.accessToken,
1241
+ refreshToken: K.refreshToken,
1242
+ expiresIn: K.expiresIn
1196
1243
  };
1197
- if (ye && re)
1198
- return a(re, { tokens: Ie, redirectPath: K }), Z;
1199
- if (K && K !== window.location.pathname)
1200
- return a(re || o || "", { tokens: Ie, redirectPath: K }), Z;
1201
- if (!Re && Z.tenants && Z.tenants.length > 0) {
1202
- const ve = H.autoSwitch !== !1 && n.autoSwitchSingleTenant !== !1;
1203
- if (Z.tenants.length === 1 && ve) {
1204
- const qe = Z.tenants[0];
1205
- return a(qe.subdomain, { tokens: Ie, redirectPath: K }), Z;
1206
- } else Z.tenants.length > 1 && n.onTenantSelectionRequired && n.onTenantSelectionRequired(Z.tenants);
1244
+ if (be && re)
1245
+ return a(re, { tokens: Ee, redirectPath: J }), K;
1246
+ if (J && J !== window.location.pathname)
1247
+ return a(re || o || "", { tokens: Ee, redirectPath: J }), K;
1248
+ if (!Ie && K.tenants && K.tenants.length > 0) {
1249
+ const xe = H.autoSwitch !== !1 && n.autoSwitchSingleTenant !== !1;
1250
+ if (K.tenants.length === 1 && xe) {
1251
+ const Oe = K.tenants[0];
1252
+ return a(Oe.subdomain, { tokens: Ee, redirectPath: J }), K;
1253
+ } else K.tenants.length > 1 && n.onTenantSelectionRequired && n.onTenantSelectionRequired(K.tenants);
1207
1254
  }
1208
- return Z;
1209
- }, Ae = async (H) => {
1210
- const { email: z, phoneNumber: Y, name: V, password: K, lastName: te, tenantId: re } = H;
1255
+ return K;
1256
+ }, pe = async (H) => {
1257
+ const { email: z, phoneNumber: Y, name: j, password: J, lastName: te, tenantId: re } = H;
1211
1258
  if (!z && !Y)
1212
1259
  throw new Error("Either email or phoneNumber is required");
1213
- if (!V || !K)
1260
+ if (!j || !J)
1214
1261
  throw new Error("Name and password are required");
1215
1262
  const ne = re ?? (i == null ? void 0 : i.id);
1216
1263
  return await S.signup({
1217
1264
  email: z,
1218
1265
  phoneNumber: Y,
1219
- name: V,
1220
- password: K,
1266
+ name: j,
1267
+ password: J,
1221
1268
  tenantId: ne,
1222
1269
  lastName: te,
1223
1270
  appId: t
1224
1271
  });
1225
- }, tt = async (H) => {
1226
- const { email: z, phoneNumber: Y, name: V, password: K, tenantName: te, lastName: re } = H;
1272
+ }, rt = async (H) => {
1273
+ const { email: z, phoneNumber: Y, name: j, password: J, tenantName: te, lastName: re } = H;
1227
1274
  if (!z && !Y)
1228
1275
  throw new Error("Either email or phoneNumber is required");
1229
- if (!V || !K || !te)
1276
+ if (!j || !J || !te)
1230
1277
  throw new Error("Name, password, and tenantName are required");
1231
1278
  return await S.signupTenantAdmin({
1232
1279
  email: z,
1233
1280
  phoneNumber: Y,
1234
- name: V,
1235
- password: K,
1281
+ name: j,
1282
+ password: J,
1236
1283
  tenantName: te,
1237
1284
  appId: t,
1238
1285
  lastName: re
1239
1286
  });
1240
- }, rt = async (H) => {
1241
- const { currentPassword: z, newPassword: Y } = H, V = await l.getAuthHeaders();
1242
- await S.changePassword({ currentPassword: z, newPassword: Y }, V);
1243
1287
  }, nt = async (H) => {
1244
- const { email: z, tenantId: Y } = H, V = Y ?? (i == null ? void 0 : i.id);
1245
- if (!V)
1246
- throw new Error("tenantId is required for password reset");
1247
- await S.requestPasswordReset({ email: z, tenantId: V });
1288
+ const { currentPassword: z, newPassword: Y } = H, j = await l.getAuthHeaders();
1289
+ await S.changePassword({ currentPassword: z, newPassword: Y }, j);
1248
1290
  }, st = async (H) => {
1291
+ const { email: z, tenantId: Y } = H, j = Y ?? (i == null ? void 0 : i.id);
1292
+ if (!j)
1293
+ throw new Error("tenantId is required for password reset");
1294
+ await S.requestPasswordReset({ email: z, tenantId: j });
1295
+ }, it = async (H) => {
1249
1296
  const { token: z, newPassword: Y } = H;
1250
1297
  await S.confirmPasswordReset({ token: z, newPassword: Y });
1251
- }, it = async (H) => {
1252
- const { email: z, frontendUrl: Y, name: V, lastName: K, tenantId: te } = H, re = te ?? (i == null ? void 0 : i.id);
1298
+ }, ot = async (H) => {
1299
+ const { email: z, frontendUrl: Y, name: j, lastName: J, tenantId: te } = H, re = te ?? (i == null ? void 0 : i.id);
1253
1300
  if (!re)
1254
1301
  throw new Error("tenantId is required for magic link authentication");
1255
1302
  return await S.sendMagicLink({
1256
1303
  email: z,
1257
1304
  tenantId: re,
1258
1305
  frontendUrl: Y,
1259
- name: V,
1260
- lastName: K,
1306
+ name: j,
1307
+ lastName: J,
1261
1308
  appId: t
1262
1309
  });
1263
- }, ot = async (H) => {
1264
- const { token: z, email: Y, tenantSlug: V } = H;
1265
- let K = i == null ? void 0 : i.id, te = o, re = l;
1266
- V && (K = (await new we(C, t).getPublicTenantInfo(V)).id, te = V);
1310
+ }, at = async (H) => {
1311
+ const { token: z, email: Y, tenantSlug: j } = H;
1312
+ let J = i == null ? void 0 : i.id, te = o, re = l;
1313
+ j && (J = (await new ve(C, t).getPublicTenantInfo(j)).id, te = j);
1267
1314
  const ne = await S.verifyMagicLink({
1268
1315
  token: z,
1269
1316
  email: Y,
1270
1317
  appId: t,
1271
- tenantId: K
1272
- }), Z = V && V !== o;
1273
- if (Z && (re = new pe({
1318
+ tenantId: J
1319
+ }), K = j && j !== o;
1320
+ if (K && (re = new Se({
1274
1321
  tenantSlug: te,
1275
1322
  baseUrl: r
1276
1323
  })), re.setTokens({
@@ -1280,19 +1327,19 @@ function vr({ config: n = {}, children: e }) {
1280
1327
  }), ne.user) {
1281
1328
  re.setUser(ne.user), p(ne.user);
1282
1329
  try {
1283
- await G();
1284
- } catch (ye) {
1285
- console.warn("Failed to load complete user data after magic link login:", ye);
1330
+ await V();
1331
+ } catch (be) {
1332
+ console.warn("Failed to load complete user data after magic link login:", be);
1286
1333
  }
1287
1334
  }
1288
- return Z && te && te !== o && a(te, {
1335
+ return K && te && te !== o && a(te, {
1289
1336
  tokens: {
1290
1337
  accessToken: ne.accessToken,
1291
1338
  refreshToken: ne.refreshToken,
1292
1339
  expiresIn: ne.expiresIn
1293
1340
  }
1294
1341
  }), ne;
1295
- }, at = async () => {
1342
+ }, lt = async () => {
1296
1343
  const H = l.getTokens();
1297
1344
  if (!(H != null && H.refreshToken))
1298
1345
  throw new Error("No refresh token available");
@@ -1304,17 +1351,17 @@ function vr({ config: n = {}, children: e }) {
1304
1351
  refreshToken: z.refreshToken || H.refreshToken,
1305
1352
  expiresIn: z.expiresIn
1306
1353
  });
1307
- }, lt = () => {
1354
+ }, ct = () => {
1308
1355
  l.clearSession(), p(null), E(null), m([]), L(!1);
1309
1356
  try {
1310
1357
  localStorage.removeItem("userTenants");
1311
1358
  } catch {
1312
1359
  }
1313
- }, ct = (H) => {
1360
+ }, dt = (H) => {
1314
1361
  l.setTokens(H);
1315
- }, dt = () => l.hasValidSession(), ut = () => {
1362
+ }, ut = () => l.hasValidSession(), ht = () => {
1316
1363
  l.clearSession(), p(null), E(null);
1317
- }, ht = async () => {
1364
+ }, ft = async () => {
1318
1365
  if (t)
1319
1366
  try {
1320
1367
  c(!0);
@@ -1326,8 +1373,8 @@ function vr({ config: n = {}, children: e }) {
1326
1373
  c(!1);
1327
1374
  }
1328
1375
  }, pt = async () => {
1329
- await ht();
1330
- }, Pe = (H) => {
1376
+ await ft();
1377
+ }, Re = (H) => {
1331
1378
  if (!Q || Q.length === 0)
1332
1379
  return !1;
1333
1380
  if (typeof H == "string")
@@ -1340,58 +1387,58 @@ function vr({ config: n = {}, children: e }) {
1340
1387
  isAuthenticated: O,
1341
1388
  sessionManager: l,
1342
1389
  authenticatedHttpService: C,
1343
- login: xe,
1344
- signup: Ae,
1345
- signupTenantAdmin: tt,
1346
- sendMagicLink: it,
1347
- verifyMagicLink: ot,
1348
- changePassword: rt,
1349
- requestPasswordReset: nt,
1350
- confirmPasswordReset: st,
1351
- refreshToken: at,
1352
- logout: lt,
1353
- setTokens: ct,
1354
- hasValidSession: dt,
1355
- clearSession: ut,
1390
+ login: fe,
1391
+ signup: pe,
1392
+ signupTenantAdmin: rt,
1393
+ sendMagicLink: ot,
1394
+ verifyMagicLink: at,
1395
+ changePassword: nt,
1396
+ requestPasswordReset: st,
1397
+ confirmPasswordReset: it,
1398
+ refreshToken: lt,
1399
+ logout: ct,
1400
+ setTokens: dt,
1401
+ hasValidSession: ut,
1402
+ clearSession: ht,
1356
1403
  currentUser: I,
1357
1404
  isUserLoading: x,
1358
1405
  userError: F,
1359
- loadUserData: G,
1360
- refreshUser: ue,
1406
+ loadUserData: V,
1407
+ refreshUser: he,
1361
1408
  isAuthInitializing: !h,
1362
1409
  isAuthReady: h,
1363
- userRole: j,
1410
+ userRole: G,
1364
1411
  userPermissions: Q,
1365
1412
  availableRoles: f,
1366
1413
  rolesLoading: w,
1367
- hasPermission: Pe,
1368
- hasAnyPermission: (H) => H.some((z) => Pe(z)),
1369
- hasAllPermissions: (H) => H.every((z) => Pe(z)),
1414
+ hasPermission: Re,
1415
+ hasAnyPermission: (H) => H.some((z) => Re(z)),
1416
+ hasAllPermissions: (H) => H.every((z) => Re(z)),
1370
1417
  getUserPermissionStrings: () => Q || [],
1371
1418
  refreshRoles: pt,
1372
1419
  // RFC-004: Multi-tenant user membership
1373
1420
  userTenants: k,
1374
1421
  hasTenantContext: M,
1375
1422
  switchToTenant: async (H, z) => {
1376
- const { redirectPath: Y } = z || {}, V = l.getTokens();
1377
- if (!(V != null && V.refreshToken))
1423
+ const { redirectPath: Y } = z || {}, j = l.getTokens();
1424
+ if (!(j != null && j.refreshToken))
1378
1425
  throw new Error("No refresh token available for tenant switch");
1379
- const K = await S.switchTenant({
1380
- refreshToken: V.refreshToken,
1426
+ const J = await S.switchTenant({
1427
+ refreshToken: j.refreshToken,
1381
1428
  tenantId: H
1382
1429
  });
1383
1430
  l.setTokens({
1384
- accessToken: K.accessToken,
1385
- refreshToken: V.refreshToken,
1431
+ accessToken: J.accessToken,
1432
+ refreshToken: j.refreshToken,
1386
1433
  // Keep the same refresh token
1387
- expiresIn: K.expiresIn
1388
- }), p(K.user), l.setUser(K.user), L(!0);
1434
+ expiresIn: J.expiresIn
1435
+ }), p(J.user), l.setUser(J.user), L(!0);
1389
1436
  const te = k.find((re) => re.id === H);
1390
1437
  te && a(te.subdomain, {
1391
1438
  tokens: {
1392
- accessToken: K.accessToken,
1393
- refreshToken: V.refreshToken,
1394
- expiresIn: K.expiresIn
1439
+ accessToken: J.accessToken,
1440
+ refreshToken: j.refreshToken,
1441
+ expiresIn: J.expiresIn
1395
1442
  },
1396
1443
  redirectPath: Y
1397
1444
  });
@@ -1424,21 +1471,19 @@ function vr({ config: n = {}, children: e }) {
1424
1471
  k,
1425
1472
  M,
1426
1473
  h,
1427
- j,
1474
+ G,
1428
1475
  Q,
1429
1476
  A,
1430
1477
  q
1431
1478
  ]);
1432
- ee(() => () => {
1433
- l.destroy();
1434
- }, [l]), ee(() => {
1479
+ ee(() => {
1435
1480
  !n.initialRoles && t && (async () => {
1436
1481
  try {
1437
1482
  c(!0);
1438
- const ue = new le(r), xe = new ze(ue), { roles: Ae } = await xe.getRolesByApp(t);
1439
- g(Ae);
1440
- } catch (ue) {
1441
- console.error("Failed to fetch roles:", ue);
1483
+ const he = new ce(r), fe = new _e(he), { roles: pe } = await fe.getRolesByApp(t);
1484
+ g(pe);
1485
+ } catch (he) {
1486
+ console.error("Failed to fetch roles:", he);
1442
1487
  } finally {
1443
1488
  c(!1);
1444
1489
  }
@@ -1446,14 +1491,21 @@ function vr({ config: n = {}, children: e }) {
1446
1491
  }, [t, r, n.initialRoles]);
1447
1492
  const [B, X] = T(!1);
1448
1493
  return ee(() => {
1449
- B || (X(!0), D.current.urlTokens && (console.log("[AuthProvider] EFFECT: Cleaning up URL after sync token processing"), Pt(), U(!0), console.log("[AuthProvider] EFFECT: Loading user data (blocking isAuthReady)..."), W.loadUserData().catch((G) => {
1450
- console.error("[AuthProvider] Failed to load user data:", G);
1494
+ B || (X(!0), D.current.urlTokens && (console.log("[AuthProvider] EFFECT: Cleaning up URL after sync token processing"), Rt(), U(!0), console.log("[AuthProvider] EFFECT: Loading user data (blocking isAuthReady)..."), W.loadUserData().catch((V) => {
1495
+ console.error("[AuthProvider] Failed to load user data:", V);
1451
1496
  }).finally(() => {
1452
1497
  console.log("[AuthProvider] EFFECT: User data loaded, releasing isAuthReady"), U(!1);
1453
1498
  })));
1454
1499
  }, [W, B]), ee(() => {
1455
- const G = l.getUser();
1456
- G && l.hasValidSession() ? (p(G), $(!1)) : l.hasValidSession() || $(!1);
1500
+ let V = !1;
1501
+ return (async () => {
1502
+ var pe;
1503
+ if (!l.hasValidSession() && ((pe = l.getTokens()) != null && pe.refreshToken) && await l.waitForPendingRefresh(), V) return;
1504
+ const fe = l.getUser();
1505
+ fe && l.hasValidSession() ? (p(fe), $(!1)) : l.hasValidSession() || $(!1);
1506
+ })(), () => {
1507
+ V = !0;
1508
+ };
1457
1509
  }, [l]), ee(() => {
1458
1510
  B && (D.current.urlTokens || (!I && !x && l.hasValidSession() ? (console.log("[AuthProvider] Auto-loading user data..."), W.loadUserData().catch(() => {
1459
1511
  }).finally(() => {
@@ -1462,23 +1514,23 @@ function vr({ config: n = {}, children: e }) {
1462
1514
  }, [I, x, W, l, B]), ee(() => {
1463
1515
  if (!l.hasValidSession() || !I)
1464
1516
  return;
1465
- const G = setInterval(() => {
1517
+ const V = setInterval(() => {
1466
1518
  W.loadUserData().catch(() => {
1467
1519
  });
1468
1520
  }, q);
1469
- return () => clearInterval(G);
1470
- }, [l, I, W, q]), /* @__PURE__ */ s(De.Provider, { value: W, children: e });
1521
+ return () => clearInterval(V);
1522
+ }, [l, I, W, q]), /* @__PURE__ */ s(Ne.Provider, { value: W, children: e });
1471
1523
  }
1472
- function de() {
1473
- const n = ae(De);
1524
+ function ue() {
1525
+ const n = le(Ne);
1474
1526
  if (!n)
1475
1527
  throw new Error("useAuth must be used within an AuthProvider");
1476
1528
  return n;
1477
1529
  }
1478
- function Ne() {
1479
- return ae(De);
1530
+ function Ce() {
1531
+ return le(Ne);
1480
1532
  }
1481
- class Rt {
1533
+ class It {
1482
1534
  constructor(e, t) {
1483
1535
  this.httpService = e, this.sessionManager = t;
1484
1536
  }
@@ -1558,11 +1610,11 @@ class Rt {
1558
1610
  })).data;
1559
1611
  }
1560
1612
  }
1561
- const Ce = fe(null);
1562
- function Tr({ config: n = {}, children: e }) {
1563
- const t = Ze(), r = ke(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (t == null ? void 0 : t.appId) ?? "", a = (r == null ? void 0 : r.tenant) ?? null, [f, g] = T([]), [w, c] = T(!1), [I, p] = T(null), [x, R] = T(!1), F = J(() => {
1564
- const u = new le(i);
1565
- return new Rt(u);
1613
+ const Ue = me(null);
1614
+ function kr({ config: n = {}, children: e }) {
1615
+ const t = Ze(), r = Pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (t == null ? void 0 : t.appId) ?? "", a = (r == null ? void 0 : r.tenant) ?? null, [f, g] = T([]), [w, c] = T(!1), [I, p] = T(null), [x, R] = T(!1), F = Z(() => {
1616
+ const u = new ce(i);
1617
+ return new It(u);
1566
1618
  }, [i]), E = async () => {
1567
1619
  if (!(a != null && a.id)) {
1568
1620
  g([]);
@@ -1585,7 +1637,7 @@ function Tr({ config: n = {}, children: e }) {
1585
1637
  const u = n.refreshInterval || 5 * 60 * 1e3, k = setInterval(E, u);
1586
1638
  return () => clearInterval(k);
1587
1639
  }, [a == null ? void 0 : a.id, i, o, n.refreshInterval]);
1588
- const A = J(() => {
1640
+ const A = Z(() => {
1589
1641
  const u = (D) => {
1590
1642
  const P = f.find((U) => U.key === D);
1591
1643
  return (P == null ? void 0 : P.value) === !0;
@@ -1606,18 +1658,18 @@ function Tr({ config: n = {}, children: e }) {
1606
1658
  refresh: M
1607
1659
  };
1608
1660
  }, [f, w, I, i, o, a == null ? void 0 : a.id, x]);
1609
- return /* @__PURE__ */ s(Ce.Provider, { value: A, children: e });
1661
+ return /* @__PURE__ */ s(Ue.Provider, { value: A, children: e });
1610
1662
  }
1611
- function It() {
1612
- const n = ae(Ce);
1663
+ function Et() {
1664
+ const n = le(Ue);
1613
1665
  if (!n)
1614
1666
  throw new Error("useFeatureFlags must be used within a FeatureFlagProvider");
1615
1667
  return n;
1616
1668
  }
1617
1669
  function Je() {
1618
- return ae(Ce);
1670
+ return le(Ue);
1619
1671
  }
1620
- class Et {
1672
+ class Mt {
1621
1673
  constructor(e, t) {
1622
1674
  this.httpService = e, this.sessionManager = t;
1623
1675
  }
@@ -1683,11 +1735,11 @@ class Et {
1683
1735
  )).data;
1684
1736
  }
1685
1737
  }
1686
- const Ue = fe(void 0);
1687
- function kr({ config: n = {}, children: e }) {
1688
- const t = Ze(), r = ke(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (r == null ? void 0 : r.tenant) ?? null, [a, f] = T(null), [g, w] = T(!1), [c, I] = T(null), [p, x] = T(!1), R = J(() => {
1689
- const A = new le(i);
1690
- return new Et(A);
1738
+ const $e = me(void 0);
1739
+ function xr({ config: n = {}, children: e }) {
1740
+ const t = Ze(), r = Pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", o = (r == null ? void 0 : r.tenant) ?? null, [a, f] = T(null), [g, w] = T(!1), [c, I] = T(null), [p, x] = T(!1), R = Z(() => {
1741
+ const A = new ce(i);
1742
+ return new Mt(A);
1691
1743
  }, [i]), F = async () => {
1692
1744
  if (!(o != null && o.id)) {
1693
1745
  f(null);
@@ -1709,7 +1761,7 @@ function kr({ config: n = {}, children: e }) {
1709
1761
  const A = n.refreshInterval || 10 * 60 * 1e3, u = setInterval(F, A);
1710
1762
  return () => clearInterval(u);
1711
1763
  }, [o == null ? void 0 : o.id, i, n.refreshInterval]);
1712
- const E = J(() => {
1764
+ const E = Z(() => {
1713
1765
  const A = (a == null ? void 0 : a.features) || [], u = (P) => {
1714
1766
  const U = A.find((l) => l.key === P);
1715
1767
  return U ? U.type === "BOOLEAN" || U.type === "boolean" ? U.value === !0 : !!U.value : !1;
@@ -1732,19 +1784,19 @@ function kr({ config: n = {}, children: e }) {
1732
1784
  refresh: L
1733
1785
  };
1734
1786
  }, [a, g, c, i, o == null ? void 0 : o.id, p]);
1735
- return /* @__PURE__ */ s(Ue.Provider, { value: E, children: e });
1787
+ return /* @__PURE__ */ s($e.Provider, { value: E, children: e });
1736
1788
  }
1737
- function Mt() {
1738
- const n = ae(Ue);
1789
+ function Lt() {
1790
+ const n = le($e);
1739
1791
  if (n === void 0)
1740
1792
  throw new Error("useSubscription must be used within a SubscriptionProvider");
1741
1793
  return n;
1742
1794
  }
1743
- function Ke() {
1744
- return ae(Ue) ?? null;
1795
+ function Ye() {
1796
+ return le($e) ?? null;
1745
1797
  }
1746
- var oe = /* @__PURE__ */ ((n) => (n.SUPERUSER = "SUPERUSER", n.TENANT_ADMIN = "TENANT_ADMIN", n.USER = "USER", n))(oe || {});
1747
- const $e = {
1798
+ var ae = /* @__PURE__ */ ((n) => (n.SUPERUSER = "SUPERUSER", n.TENANT_ADMIN = "TENANT_ADMIN", n.USER = "USER", n))(ae || {});
1799
+ const He = {
1748
1800
  publicGuest: "/",
1749
1801
  publicUser: "/account",
1750
1802
  publicAdmin: "/admin",
@@ -1752,7 +1804,7 @@ const $e = {
1752
1804
  tenantUser: "/dashboard",
1753
1805
  tenantAdmin: "/admin/dashboard",
1754
1806
  default: "/"
1755
- }, Ye = {
1807
+ }, Xe = {
1756
1808
  // Public/Landing zones
1757
1809
  landing: { tenant: "forbidden", auth: "optional" },
1758
1810
  publicOnly: { tenant: "forbidden", auth: "forbidden" },
@@ -1765,18 +1817,18 @@ const $e = {
1765
1817
  tenantOpen: { tenant: "required", auth: "optional" },
1766
1818
  tenantAuth: { tenant: "required", auth: "required" },
1767
1819
  // User type zones
1768
- user: { tenant: "required", auth: "required", userType: oe.USER },
1769
- admin: { tenant: "required", auth: "required", userType: oe.TENANT_ADMIN },
1820
+ user: { tenant: "required", auth: "required", userType: ae.USER },
1821
+ admin: { tenant: "required", auth: "required", userType: ae.TENANT_ADMIN },
1770
1822
  // Fully open
1771
1823
  open: { tenant: "optional", auth: "optional" }
1772
- }, He = fe(null);
1773
- function xr({ config: n = {}, children: e }) {
1774
- const t = J(() => {
1824
+ }, Be = me(null);
1825
+ function Ar({ config: n = {}, children: e }) {
1826
+ const t = Z(() => {
1775
1827
  const r = {
1776
- ...$e,
1828
+ ...He,
1777
1829
  ...n.zoneRoots
1778
1830
  }, i = {
1779
- ...Ye,
1831
+ ...Xe,
1780
1832
  ...n.presets
1781
1833
  };
1782
1834
  return {
@@ -1789,19 +1841,19 @@ function xr({ config: n = {}, children: e }) {
1789
1841
  returnToStorage: n.returnToStorage ?? "url"
1790
1842
  };
1791
1843
  }, [n]);
1792
- return /* @__PURE__ */ s(He.Provider, { value: t, children: e });
1844
+ return /* @__PURE__ */ s(Be.Provider, { value: t, children: e });
1793
1845
  }
1794
- function Ar() {
1795
- const n = ae(He);
1846
+ function Pr() {
1847
+ const n = le(Be);
1796
1848
  if (!n)
1797
1849
  throw new Error("useRouting must be used within a RoutingProvider");
1798
1850
  return n;
1799
1851
  }
1800
- function Lt() {
1801
- const n = ae(He);
1852
+ function Ft() {
1853
+ const n = le(Be);
1802
1854
  return n || {
1803
- zoneRoots: $e,
1804
- presets: Ye,
1855
+ zoneRoots: He,
1856
+ presets: Xe,
1805
1857
  loadingFallback: null,
1806
1858
  accessDeniedFallback: null,
1807
1859
  onAccessDenied: void 0,
@@ -1809,7 +1861,7 @@ function Lt() {
1809
1861
  returnToStorage: "url"
1810
1862
  };
1811
1863
  }
1812
- const We = () => /* @__PURE__ */ d(
1864
+ const Ve = () => /* @__PURE__ */ d(
1813
1865
  "div",
1814
1866
  {
1815
1867
  style: {
@@ -1846,7 +1898,7 @@ const We = () => /* @__PURE__ */ d(
1846
1898
  )
1847
1899
  ]
1848
1900
  }
1849
- ), Ve = ({
1901
+ ), je = ({
1850
1902
  userType: n,
1851
1903
  minUserType: e,
1852
1904
  missingPermissions: t
@@ -1887,36 +1939,36 @@ const We = () => /* @__PURE__ */ d(
1887
1939
  ] })
1888
1940
  ]
1889
1941
  }
1890
- ), Ft = (n, e) => {
1942
+ ), Dt = (n, e) => {
1891
1943
  const t = {
1892
- [oe.USER]: 1,
1893
- [oe.TENANT_ADMIN]: 2,
1894
- [oe.SUPERUSER]: 3
1944
+ [ae.USER]: 1,
1945
+ [ae.TENANT_ADMIN]: 2,
1946
+ [ae.SUPERUSER]: 3
1895
1947
  };
1896
1948
  return t[n] >= t[e];
1897
1949
  };
1898
- function Pr({
1950
+ function Rr({
1899
1951
  children: n,
1900
1952
  fallback: e,
1901
1953
  minUserType: t,
1902
1954
  requiredPermissions: r,
1903
1955
  requireAllPermissions: i = !1
1904
1956
  }) {
1905
- const { hasValidSession: o, sessionManager: a, hasPermission: f, hasAnyPermission: g, hasAllPermissions: w } = de();
1957
+ const { hasValidSession: o, sessionManager: a, hasPermission: f, hasAnyPermission: g, hasAllPermissions: w } = ue();
1906
1958
  if (!o())
1907
- return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(We, {}) });
1959
+ return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(Ve, {}) });
1908
1960
  const c = a.getUser();
1909
1961
  if (!c)
1910
- return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(We, {}) });
1911
- if (t && !Ft(c.userType, t))
1912
- return /* @__PURE__ */ s(Ve, { userType: c.userType, minUserType: t });
1962
+ return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(Ve, {}) });
1963
+ if (t && !Dt(c.userType, t))
1964
+ return /* @__PURE__ */ s(je, { userType: c.userType, minUserType: t });
1913
1965
  if (r && r.length > 0 && !(i ? w(r) : g(r))) {
1914
1966
  const p = r.filter((x) => !f(x)).map((x) => typeof x == "string" ? x : x.name);
1915
- return /* @__PURE__ */ s(Ve, { missingPermissions: p });
1967
+ return /* @__PURE__ */ s(je, { missingPermissions: p });
1916
1968
  }
1917
1969
  return /* @__PURE__ */ s(_, { children: n });
1918
1970
  }
1919
- const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
1971
+ const Nt = ({ redirectPath: n }) => /* @__PURE__ */ s(
1920
1972
  "div",
1921
1973
  {
1922
1974
  style: {
@@ -1952,7 +2004,7 @@ const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
1952
2004
  }
1953
2005
  )
1954
2006
  }
1955
- ), je = ({
2007
+ ), Ge = ({
1956
2008
  userType: n,
1957
2009
  requiredUserType: e,
1958
2010
  missingPermissions: t
@@ -2003,8 +2055,8 @@ const Dt = ({ redirectPath: n }) => /* @__PURE__ */ s(
2003
2055
  }
2004
2056
  )
2005
2057
  }
2006
- ), Nt = (n, e) => n === e;
2007
- function Rr({
2058
+ ), Ct = (n, e) => n === e;
2059
+ function Ir({
2008
2060
  children: n,
2009
2061
  redirectTo: e = "/login",
2010
2062
  requiredUserType: t,
@@ -2012,22 +2064,22 @@ function Rr({
2012
2064
  requireAllPermissions: i = !1,
2013
2065
  fallback: o
2014
2066
  }) {
2015
- const { hasValidSession: a, sessionManager: f, hasPermission: g, hasAnyPermission: w, hasAllPermissions: c } = de(), I = Te();
2067
+ const { hasValidSession: a, sessionManager: f, hasPermission: g, hasAnyPermission: w, hasAllPermissions: c } = ue(), I = Ae();
2016
2068
  if (ee(() => {
2017
2069
  process.env.NODE_ENV === "development" && console.warn(
2018
2070
  "[react-identity-access] ProtectedRoute is deprecated. Use AuthenticatedZone or AdminZone from ZoneRoute instead."
2019
2071
  );
2020
2072
  }, []), !a())
2021
2073
  return o ? /* @__PURE__ */ s(_, { children: o }) : /* @__PURE__ */ d(_, { children: [
2022
- /* @__PURE__ */ s(Dt, { redirectPath: e }),
2023
- /* @__PURE__ */ s(be, { to: e, state: { from: I.pathname }, replace: !0 })
2074
+ /* @__PURE__ */ s(Nt, { redirectPath: e }),
2075
+ /* @__PURE__ */ s(Te, { to: e, state: { from: I.pathname }, replace: !0 })
2024
2076
  ] });
2025
2077
  const p = f.getUser();
2026
2078
  if (!p)
2027
- return /* @__PURE__ */ s(be, { to: e, state: { from: I.pathname }, replace: !0 });
2028
- if (t && !Nt(p.userType, t))
2079
+ return /* @__PURE__ */ s(Te, { to: e, state: { from: I.pathname }, replace: !0 });
2080
+ if (t && !Ct(p.userType, t))
2029
2081
  return /* @__PURE__ */ s(
2030
- je,
2082
+ Ge,
2031
2083
  {
2032
2084
  userType: p.userType,
2033
2085
  requiredUserType: t
@@ -2035,11 +2087,11 @@ function Rr({
2035
2087
  );
2036
2088
  if (r && r.length > 0 && !(i ? c(r) : w(r))) {
2037
2089
  const R = r.filter((F) => !g(F)).map((F) => typeof F == "string" ? F : F.name);
2038
- return /* @__PURE__ */ s(je, { missingPermissions: R });
2090
+ return /* @__PURE__ */ s(Ge, { missingPermissions: R });
2039
2091
  }
2040
2092
  return /* @__PURE__ */ s(_, { children: n });
2041
2093
  }
2042
- const Ct = ({ redirectPath: n }) => /* @__PURE__ */ s(
2094
+ const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
2043
2095
  "div",
2044
2096
  {
2045
2097
  style: {
@@ -2076,18 +2128,18 @@ const Ct = ({ redirectPath: n }) => /* @__PURE__ */ s(
2076
2128
  )
2077
2129
  }
2078
2130
  );
2079
- function Ir({ children: n, redirectTo: e = "/", fallback: t }) {
2080
- const { tenant: r, isLoading: i, error: o } = me(), a = Te();
2131
+ function Er({ children: n, redirectTo: e = "/", fallback: t }) {
2132
+ const { tenant: r, isLoading: i, error: o } = we(), a = Ae();
2081
2133
  return ee(() => {
2082
2134
  process.env.NODE_ENV === "development" && console.warn(
2083
2135
  "[react-identity-access] TenantRoute is deprecated. Use TenantZone from ZoneRoute instead."
2084
2136
  );
2085
2137
  }, []), i || o ? null : r ? /* @__PURE__ */ s(_, { children: n }) : t ? /* @__PURE__ */ s(_, { children: t }) : /* @__PURE__ */ d(_, { children: [
2086
- /* @__PURE__ */ s(Ct, { redirectPath: e }),
2087
- /* @__PURE__ */ s(be, { to: e, state: { from: a.pathname }, replace: !0 })
2138
+ /* @__PURE__ */ s(Ut, { redirectPath: e }),
2139
+ /* @__PURE__ */ s(Te, { to: e, state: { from: a.pathname }, replace: !0 })
2088
2140
  ] });
2089
2141
  }
2090
- const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
2142
+ const $t = ({ redirectPath: n }) => /* @__PURE__ */ s(
2091
2143
  "div",
2092
2144
  {
2093
2145
  style: {
@@ -2124,41 +2176,41 @@ const Ut = ({ redirectPath: n }) => /* @__PURE__ */ s(
2124
2176
  )
2125
2177
  }
2126
2178
  );
2127
- function Er({ children: n, redirectTo: e = "/dashboard", fallback: t }) {
2128
- const { tenant: r, isLoading: i, error: o } = me(), a = Te();
2179
+ function Mr({ children: n, redirectTo: e = "/dashboard", fallback: t }) {
2180
+ const { tenant: r, isLoading: i, error: o } = we(), a = Ae();
2129
2181
  return ee(() => {
2130
2182
  process.env.NODE_ENV === "development" && console.warn(
2131
2183
  "[react-identity-access] LandingRoute is deprecated. Use PublicZone from ZoneRoute instead."
2132
2184
  );
2133
2185
  }, []), i || o ? null : r ? t ? /* @__PURE__ */ s(_, { children: t }) : /* @__PURE__ */ d(_, { children: [
2134
- /* @__PURE__ */ s(Ut, { redirectPath: e }),
2135
- /* @__PURE__ */ s(be, { to: e, state: { from: a.pathname }, replace: !0 })
2186
+ /* @__PURE__ */ s($t, { redirectPath: e }),
2187
+ /* @__PURE__ */ s(Te, { to: e, state: { from: a.pathname }, replace: !0 })
2136
2188
  ] }) : /* @__PURE__ */ s(_, { children: n });
2137
2189
  }
2138
- function $t(n, e) {
2190
+ function Ht(n, e) {
2139
2191
  return e ? n ? Array.isArray(e) ? e.includes(n) : n === e : !1 : !0;
2140
2192
  }
2141
- function Ge(n, e) {
2193
+ function Qe(n, e) {
2142
2194
  return !n || n === "optional" ? "skip" : n === "required" ? e ? "pass" : "fail" : n === "forbidden" ? e ? "fail" : "pass" : "skip";
2143
2195
  }
2144
- function Ht(n, e) {
2145
- return Ge(n.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : Ge(n.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : n.userType && e.isAuthenticated && !$t(e.userType, n.userType) ? "wrong_user_type" : n.permissions && n.permissions.length > 0 && !(n.requireAllPermissions !== !1 ? (o) => o.every((a) => e.permissions.includes(a)) : (o) => o.some((a) => e.permissions.includes(a)))(n.permissions) ? "missing_permissions" : null;
2146
- }
2147
2196
  function Bt(n, e) {
2148
- return n.hasTenant ? n.isAuthenticated ? n.userType === oe.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : n.isAuthenticated ? n.userType === oe.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
2197
+ return Qe(n.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : Qe(n.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : n.userType && e.isAuthenticated && !Ht(e.userType, n.userType) ? "wrong_user_type" : n.permissions && n.permissions.length > 0 && !(n.requireAllPermissions !== !1 ? (o) => o.every((a) => e.permissions.includes(a)) : (o) => o.some((a) => e.permissions.includes(a)))(n.permissions) ? "missing_permissions" : null;
2198
+ }
2199
+ function qt(n, e) {
2200
+ return n.hasTenant ? n.isAuthenticated ? n.userType === ae.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : n.isAuthenticated ? n.userType === ae.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
2149
2201
  }
2150
- function qt(n, e, t, r, i) {
2202
+ function Ot(n, e, t, r, i) {
2151
2203
  if (!e || i !== "url")
2152
2204
  return n;
2153
2205
  const o = typeof e == "string" ? e : t, a = n.includes("?") ? "&" : "?";
2154
2206
  return `${n}${a}${r}=${encodeURIComponent(o)}`;
2155
2207
  }
2156
- function Ot(n, e, t) {
2208
+ function zt(n, e, t) {
2157
2209
  if (!n || t === "url") return;
2158
2210
  const r = typeof n == "string" ? n : e, i = "zone_return_to";
2159
2211
  t === "session" ? sessionStorage.setItem(i, r) : t === "local" && localStorage.setItem(i, r);
2160
2212
  }
2161
- const ce = ({
2213
+ const de = ({
2162
2214
  children: n,
2163
2215
  preset: e,
2164
2216
  tenant: t,
@@ -2172,10 +2224,10 @@ const ce = ({
2172
2224
  loadingFallback: c,
2173
2225
  accessDeniedFallback: I
2174
2226
  }) => {
2175
- const p = Te(), { isAuthenticated: x, isAuthInitializing: R, currentUser: F, userPermissions: E } = de(), { tenant: A, isTenantLoading: u } = ge(), k = Lt(), m = J(() => {
2227
+ const p = Ae(), { isAuthenticated: x, isAuthInitializing: R, currentUser: F, userPermissions: E } = ue(), { tenant: A, isTenantLoading: u } = ye(), k = Ft(), m = Z(() => {
2176
2228
  if (e)
2177
2229
  return k.presets[e];
2178
- }, [e, k.presets]), M = J(
2230
+ }, [e, k.presets]), M = Z(
2179
2231
  () => ({
2180
2232
  tenant: t ?? (m == null ? void 0 : m.tenant),
2181
2233
  auth: r ?? (m == null ? void 0 : m.auth),
@@ -2184,7 +2236,7 @@ const ce = ({
2184
2236
  requireAllPermissions: a
2185
2237
  }),
2186
2238
  [t, r, i, o, m, a]
2187
- ), L = J(
2239
+ ), L = Z(
2188
2240
  () => ({
2189
2241
  hasTenant: !!A,
2190
2242
  isAuthenticated: x,
@@ -2200,7 +2252,7 @@ const ce = ({
2200
2252
  R,
2201
2253
  u
2202
2254
  ]
2203
- ), D = J(() => L.isLoading ? null : Ht(M, L), [M, L]), P = J(() => D ? w || Bt(L, k.zoneRoots) : null, [D, w, L, k.zoneRoots]), U = J(() => !D || !P ? null : {
2255
+ ), D = Z(() => L.isLoading ? null : Bt(M, L), [M, L]), P = Z(() => D ? w || qt(L, k.zoneRoots) : null, [D, w, L, k.zoneRoots]), U = Z(() => !D || !P ? null : {
2204
2256
  type: D,
2205
2257
  required: {
2206
2258
  tenant: M.tenant,
@@ -2219,7 +2271,7 @@ const ce = ({
2219
2271
  if (ee(() => {
2220
2272
  U && (g ? g(U) : k.onAccessDenied && k.onAccessDenied(U));
2221
2273
  }, [U, g, k]), ee(() => {
2222
- U && f && Ot(f, p.pathname + p.search, k.returnToStorage);
2274
+ U && f && zt(f, p.pathname + p.search, k.returnToStorage);
2223
2275
  }, [
2224
2276
  U,
2225
2277
  f,
@@ -2232,17 +2284,17 @@ const ce = ({
2232
2284
  const l = I ?? k.accessDeniedFallback;
2233
2285
  if (l)
2234
2286
  return /* @__PURE__ */ s(_, { children: l });
2235
- const N = qt(
2287
+ const N = Ot(
2236
2288
  P,
2237
2289
  f,
2238
2290
  p.pathname + p.search,
2239
2291
  k.returnToParam,
2240
2292
  k.returnToStorage
2241
2293
  );
2242
- return /* @__PURE__ */ s(be, { to: N, replace: !0 });
2294
+ return /* @__PURE__ */ s(Te, { to: N, replace: !0 });
2243
2295
  }
2244
2296
  return /* @__PURE__ */ s(_, { children: n });
2245
- }, Mr = (n) => /* @__PURE__ */ s(ce, { tenant: "required", ...n }), Lr = (n) => /* @__PURE__ */ s(ce, { tenant: "forbidden", ...n }), Fr = (n) => /* @__PURE__ */ s(ce, { auth: "required", ...n }), Dr = (n) => /* @__PURE__ */ s(ce, { auth: "forbidden", ...n }), Nr = (n) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.TENANT_ADMIN, ...n }), Cr = (n) => /* @__PURE__ */ s(ce, { auth: "required", userType: oe.USER, ...n }), Ur = (n) => /* @__PURE__ */ s(ce, { tenant: "optional", auth: "optional", ...n }), $r = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "required", ...n }), Hr = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "optional", ...n }), Br = (n) => /* @__PURE__ */ s(ce, { tenant: "required", auth: "forbidden", ...n }), zt = () => /* @__PURE__ */ d(
2297
+ }, Lr = (n) => /* @__PURE__ */ s(de, { tenant: "required", ...n }), Fr = (n) => /* @__PURE__ */ s(de, { tenant: "forbidden", ...n }), Dr = (n) => /* @__PURE__ */ s(de, { auth: "required", ...n }), Nr = (n) => /* @__PURE__ */ s(de, { auth: "forbidden", ...n }), Cr = (n) => /* @__PURE__ */ s(de, { auth: "required", userType: ae.TENANT_ADMIN, ...n }), Ur = (n) => /* @__PURE__ */ s(de, { auth: "required", userType: ae.USER, ...n }), $r = (n) => /* @__PURE__ */ s(de, { tenant: "optional", auth: "optional", ...n }), Hr = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "required", ...n }), Br = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "optional", ...n }), qr = (n) => /* @__PURE__ */ s(de, { tenant: "required", auth: "forbidden", ...n }), _t = () => /* @__PURE__ */ d(
2246
2298
  "div",
2247
2299
  {
2248
2300
  style: {
@@ -2259,13 +2311,13 @@ const ce = ({
2259
2311
  ]
2260
2312
  }
2261
2313
  );
2262
- function qr({
2314
+ function Or({
2263
2315
  children: n,
2264
- fallback: e = /* @__PURE__ */ s(zt, {}),
2316
+ fallback: e = /* @__PURE__ */ s(_t, {}),
2265
2317
  allowedPlans: t,
2266
2318
  requiredFeature: r
2267
2319
  }) {
2268
- const { subscription: i, hasAllowedPlan: o, isFeatureEnabled: a, loading: f } = Mt();
2320
+ const { subscription: i, hasAllowedPlan: o, isFeatureEnabled: a, loading: f } = Lt();
2269
2321
  return f ? /* @__PURE__ */ s(
2270
2322
  "div",
2271
2323
  {
@@ -2278,7 +2330,7 @@ function qr({
2278
2330
  }
2279
2331
  ) : i ? i.isActive ? t && t.length > 0 && !o(t) ? /* @__PURE__ */ s(_, { children: e }) : r && !a(r) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: n }) : /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: e });
2280
2332
  }
2281
- const _t = ({ flagName: n }) => /* @__PURE__ */ d(
2333
+ const Wt = ({ flagName: n }) => /* @__PURE__ */ d(
2282
2334
  "div",
2283
2335
  {
2284
2336
  style: {
@@ -2305,8 +2357,8 @@ const _t = ({ flagName: n }) => /* @__PURE__ */ d(
2305
2357
  ]
2306
2358
  }
2307
2359
  );
2308
- function Or({ name: n, children: e, fallback: t }) {
2309
- const { isEnabled: r, loading: i } = It();
2360
+ function zr({ name: n, children: e, fallback: t }) {
2361
+ const { isEnabled: r, loading: i } = Et();
2310
2362
  return i ? /* @__PURE__ */ s(
2311
2363
  "div",
2312
2364
  {
@@ -2320,9 +2372,9 @@ function Or({ name: n, children: e, fallback: t }) {
2320
2372
  },
2321
2373
  children: "Loading feature flags..."
2322
2374
  }
2323
- ) : r(n) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: t || /* @__PURE__ */ s(_t, { flagName: n }) });
2375
+ ) : r(n) ? /* @__PURE__ */ s(_, { children: e }) : /* @__PURE__ */ s(_, { children: t || /* @__PURE__ */ s(Wt, { flagName: n }) });
2324
2376
  }
2325
- const Wt = () => /* @__PURE__ */ d(
2377
+ const Vt = () => /* @__PURE__ */ d(
2326
2378
  "svg",
2327
2379
  {
2328
2380
  width: "16",
@@ -2339,7 +2391,7 @@ const Wt = () => /* @__PURE__ */ d(
2339
2391
  /* @__PURE__ */ s("circle", { cx: "12", cy: "12", r: "3" })
2340
2392
  ]
2341
2393
  }
2342
- ), Vt = () => /* @__PURE__ */ d(
2394
+ ), jt = () => /* @__PURE__ */ d(
2343
2395
  "svg",
2344
2396
  {
2345
2397
  width: "16",
@@ -2356,10 +2408,10 @@ const Wt = () => /* @__PURE__ */ d(
2356
2408
  /* @__PURE__ */ s("line", { x1: "1", y1: "1", x2: "23", y2: "23" })
2357
2409
  ]
2358
2410
  }
2359
- ), jt = {
2360
- showPassword: /* @__PURE__ */ s(Wt, {}),
2361
- hidePassword: /* @__PURE__ */ s(Vt, {})
2362
- }, Gt = {
2411
+ ), Gt = {
2412
+ showPassword: /* @__PURE__ */ s(Vt, {}),
2413
+ hidePassword: /* @__PURE__ */ s(jt, {})
2414
+ }, Qt = {
2363
2415
  title: "Sign In",
2364
2416
  usernameLabel: "Email or Phone",
2365
2417
  usernamePlaceholder: "Enter your email or phone number",
@@ -2373,7 +2425,7 @@ const Wt = () => /* @__PURE__ */ d(
2373
2425
  magicLinkLink: "Use Magic Link",
2374
2426
  errorMessage: "Invalid credentials",
2375
2427
  loadingText: "Signing in..."
2376
- }, Qt = {
2428
+ }, Kt = {
2377
2429
  container: {
2378
2430
  maxWidth: "400px",
2379
2431
  width: "100%",
@@ -2480,7 +2532,7 @@ const Wt = () => /* @__PURE__ */ d(
2480
2532
  fontSize: "0.875rem"
2481
2533
  }
2482
2534
  };
2483
- function zr({
2535
+ function _r({
2484
2536
  copy: n = {},
2485
2537
  styles: e = {},
2486
2538
  icons: t = {},
@@ -2494,7 +2546,7 @@ function zr({
2494
2546
  showMagicLinkOption: c = !0,
2495
2547
  className: I
2496
2548
  }) {
2497
- const [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T({}), { login: P } = de(), { tenant: U } = me(), l = { ...Gt, ...n }, N = { ...Qt, ...e }, $ = { ...jt, ...t }, h = () => {
2549
+ const [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T({}), { login: P } = ue(), { tenant: U } = we(), l = { ...Qt, ...n }, N = { ...Kt, ...e }, $ = { ...Gt, ...t }, h = () => {
2498
2550
  const y = {};
2499
2551
  return p.trim() || (y.username = !0), R.trim() || (y.password = !0), D(y), Object.keys(y).length === 0;
2500
2552
  }, C = async (y) => {
@@ -2512,8 +2564,8 @@ function zr({
2512
2564
  });
2513
2565
  r == null || r(v);
2514
2566
  } catch (v) {
2515
- const j = v.message || l.errorMessage;
2516
- M(j), i == null || i(j);
2567
+ const G = v.message || l.errorMessage;
2568
+ M(G), i == null || i(G);
2517
2569
  } finally {
2518
2570
  k(!1);
2519
2571
  }
@@ -2731,7 +2783,7 @@ const Zt = {
2731
2783
  fontSize: "0.875rem"
2732
2784
  }
2733
2785
  };
2734
- function _r({
2786
+ function Wr({
2735
2787
  copy: n = {},
2736
2788
  styles: e = {},
2737
2789
  signupType: t = "user",
@@ -2743,11 +2795,11 @@ function _r({
2743
2795
  showMagicLinkOption: g = !0,
2744
2796
  className: w
2745
2797
  }) {
2746
- const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(""), [u, k] = T(""), [m, M] = T(""), [L, D] = T(""), [P, U] = T(!1), [l, N] = T(""), [$, h] = T({}), { signup: C, signupTenantAdmin: S } = de(), { tenant: b } = me(), y = { ...Zt, ...n }, v = { ...Jt, ...e }, j = () => {
2798
+ const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(""), [u, k] = T(""), [m, M] = T(""), [L, D] = T(""), [P, U] = T(!1), [l, N] = T(""), [$, h] = T({}), { signup: C, signupTenantAdmin: S } = ue(), { tenant: b } = we(), y = { ...Zt, ...n }, v = { ...Jt, ...e }, G = () => {
2747
2799
  const B = {};
2748
2800
  return c.trim() || (B.name = !0), !R.trim() && !E.trim() && (B.email = !0, B.phoneNumber = !0), u.trim() || (B.password = !0), m.trim() || (B.confirmPassword = !0), t === "tenant" && !L.trim() && (B.tenantName = !0), h(B), Object.keys(B).length === 0;
2749
2801
  }, Q = async (B) => {
2750
- if (B.preventDefault(), !!j()) {
2802
+ if (B.preventDefault(), !!G()) {
2751
2803
  if (u !== m) {
2752
2804
  N(y.passwordMismatchError), h({ confirmPassword: !0 });
2753
2805
  return;
@@ -2775,8 +2827,8 @@ function _r({
2775
2827
  lastName: p || void 0
2776
2828
  }), r == null || r(X);
2777
2829
  } catch (X) {
2778
- const G = X.message || y.errorMessage;
2779
- N(G), i == null || i(G);
2830
+ const V = X.message || y.errorMessage;
2831
+ N(V), i == null || i(V);
2780
2832
  } finally {
2781
2833
  U(!1);
2782
2834
  }
@@ -2950,7 +3002,7 @@ function _r({
2950
3002
  ] })
2951
3003
  ] });
2952
3004
  }
2953
- const Kt = {
3005
+ const Yt = {
2954
3006
  title: "Sign In with Magic Link",
2955
3007
  emailLabel: "Email",
2956
3008
  emailPlaceholder: "Enter your email",
@@ -2968,7 +3020,7 @@ const Kt = {
2968
3020
  loadingText: "Sending magic link...",
2969
3021
  verifyingText: "Verifying magic link...",
2970
3022
  description: "Enter your email to receive a magic link. If you don't have an account, we'll create one for you."
2971
- }, Yt = {
3023
+ }, Xt = {
2972
3024
  container: {
2973
3025
  maxWidth: "400px",
2974
3026
  width: "100%",
@@ -3071,7 +3123,7 @@ const Kt = {
3071
3123
  fontSize: "0.875rem"
3072
3124
  }
3073
3125
  };
3074
- function Wr({
3126
+ function Vr({
3075
3127
  copy: n = {},
3076
3128
  styles: e = {},
3077
3129
  onSuccess: t,
@@ -3083,7 +3135,7 @@ function Wr({
3083
3135
  verifyToken: g,
3084
3136
  frontendUrl: w
3085
3137
  }) {
3086
- const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T(""), [P, U] = T({}), [l, N] = T(!1), { sendMagicLink: $, verifyMagicLink: h } = de(), { tenant: C } = me(), S = { ...Kt, ...n }, b = { ...Yt, ...e };
3138
+ const [c, I] = T(""), [p, x] = T(""), [R, F] = T(""), [E, A] = T(!1), [u, k] = T(!1), [m, M] = T(""), [L, D] = T(""), [P, U] = T({}), [l, N] = T(!1), { sendMagicLink: $, verifyMagicLink: h } = ue(), { tenant: C } = we(), S = { ...Yt, ...n }, b = { ...Xt, ...e };
3087
3139
  ee(() => {
3088
3140
  g && y(g);
3089
3141
  }, [g]);
@@ -3109,7 +3161,7 @@ function Wr({
3109
3161
  }, v = () => {
3110
3162
  const q = {};
3111
3163
  return c.trim() || (q.email = !0), l && !p.trim() && (q.name = !0), U(q), Object.keys(q).length === 0;
3112
- }, j = async (q) => {
3164
+ }, G = async (q) => {
3113
3165
  if (q.preventDefault(), !!v()) {
3114
3166
  if (!(C != null && C.id)) {
3115
3167
  M("Tenant not found");
@@ -3146,7 +3198,7 @@ function Wr({
3146
3198
  ] }) : /* @__PURE__ */ d("div", { className: f, style: b.container, children: [
3147
3199
  /* @__PURE__ */ s("h2", { style: b.title, children: S.title }),
3148
3200
  /* @__PURE__ */ s("p", { style: b.description, children: S.description }),
3149
- /* @__PURE__ */ d("form", { onSubmit: j, style: b.form, children: [
3201
+ /* @__PURE__ */ d("form", { onSubmit: G, style: b.form, children: [
3150
3202
  /* @__PURE__ */ d("div", { style: b.fieldGroup, children: [
3151
3203
  /* @__PURE__ */ s("label", { style: b.label, children: S.emailLabel }),
3152
3204
  /* @__PURE__ */ s(
@@ -3258,7 +3310,7 @@ function Wr({
3258
3310
  ] })
3259
3311
  ] });
3260
3312
  }
3261
- const Xt = {
3313
+ const er = {
3262
3314
  title: "Verifying Magic Link",
3263
3315
  verifyingMessage: "Please wait while we verify your magic link...",
3264
3316
  successMessage: "Magic link verified successfully! You are now logged in.",
@@ -3266,7 +3318,7 @@ const Xt = {
3266
3318
  redirectingMessage: "Redirecting you to the dashboard...",
3267
3319
  retryButton: "Try Again",
3268
3320
  backToLoginButton: "Back to Login"
3269
- }, Xe = {
3321
+ }, et = {
3270
3322
  container: {
3271
3323
  maxWidth: "400px",
3272
3324
  width: "100%",
@@ -3353,7 +3405,7 @@ const Xt = {
3353
3405
  cursor: "pointer",
3354
3406
  transition: "all 0.15s ease-in-out"
3355
3407
  }
3356
- }, er = () => /* @__PURE__ */ s("div", { style: Xe.spinner }), tr = () => /* @__PURE__ */ d(
3408
+ }, tr = () => /* @__PURE__ */ s("div", { style: et.spinner }), rr = () => /* @__PURE__ */ d(
3357
3409
  "svg",
3358
3410
  {
3359
3411
  width: "48",
@@ -3370,7 +3422,7 @@ const Xt = {
3370
3422
  /* @__PURE__ */ s("polyline", { points: "22,4 12,14.01 9,11.01" })
3371
3423
  ]
3372
3424
  }
3373
- ), rr = () => /* @__PURE__ */ d(
3425
+ ), nr = () => /* @__PURE__ */ d(
3374
3426
  "svg",
3375
3427
  {
3376
3428
  width: "48",
@@ -3388,12 +3440,12 @@ const Xt = {
3388
3440
  /* @__PURE__ */ s("line", { x1: "9", y1: "9", x2: "15", y2: "15" })
3389
3441
  ]
3390
3442
  }
3391
- ), nr = {
3392
- loading: /* @__PURE__ */ s(er, {}),
3393
- success: /* @__PURE__ */ s(tr, {}),
3394
- error: /* @__PURE__ */ s(rr, {})
3443
+ ), sr = {
3444
+ loading: /* @__PURE__ */ s(tr, {}),
3445
+ success: /* @__PURE__ */ s(rr, {}),
3446
+ error: /* @__PURE__ */ s(nr, {})
3395
3447
  };
3396
- function Vr({
3448
+ function jr({
3397
3449
  copy: n = {},
3398
3450
  styles: e = {},
3399
3451
  icons: t = {},
@@ -3408,7 +3460,7 @@ function Vr({
3408
3460
  tenantSlug: I,
3409
3461
  autoRedirectDelay: p = 3e3
3410
3462
  }) {
3411
- const [x, R] = T("verifying"), [F, E] = T(""), { verifyMagicLink: A } = de(), u = { ...Xt, ...n }, k = { ...Xe, ...e }, m = { ...nr, ...t }, M = () => {
3463
+ const [x, R] = T("verifying"), [F, E] = T(""), { verifyMagicLink: A } = ue(), u = { ...er, ...n }, k = { ...et, ...e }, m = { ...sr, ...t }, M = () => {
3412
3464
  if (typeof window > "u") return {};
3413
3465
  const l = new URLSearchParams(window.location.search);
3414
3466
  return {
@@ -3510,7 +3562,7 @@ function Vr({
3510
3562
  U()
3511
3563
  ] });
3512
3564
  }
3513
- const sr = {
3565
+ const ir = {
3514
3566
  title: "Reset Password",
3515
3567
  subtitle: "Enter your email address and we'll send you a link to reset your password.",
3516
3568
  emailLabel: "Email",
@@ -3532,7 +3584,7 @@ const sr = {
3532
3584
  resetLoadingText: "Resetting...",
3533
3585
  resetSuccessMessage: "Password reset successfully!",
3534
3586
  passwordMismatchError: "Passwords do not match"
3535
- }, ir = {
3587
+ }, or = {
3536
3588
  container: {
3537
3589
  maxWidth: "400px",
3538
3590
  margin: "0 auto",
@@ -3624,7 +3676,7 @@ const sr = {
3624
3676
  cursor: "pointer"
3625
3677
  }
3626
3678
  };
3627
- function jr({
3679
+ function Gr({
3628
3680
  copy: n = {},
3629
3681
  styles: e = {},
3630
3682
  mode: t = "request",
@@ -3635,7 +3687,7 @@ function jr({
3635
3687
  onModeChange: f,
3636
3688
  className: g
3637
3689
  }) {
3638
- const [w, c] = T(""), [I, p] = T(r), [x, R] = T(""), [F, E] = T(""), [A, u] = T(!1), [k, m] = T(""), [M, L] = T(""), [D, P] = T({}), { requestPasswordReset: U, confirmPasswordReset: l } = de(), { tenant: N } = me(), $ = { ...sr, ...n }, h = { ...ir, ...e }, C = () => {
3690
+ const [w, c] = T(""), [I, p] = T(r), [x, R] = T(""), [F, E] = T(""), [A, u] = T(!1), [k, m] = T(""), [M, L] = T(""), [D, P] = T({}), { requestPasswordReset: U, confirmPasswordReset: l } = ue(), { tenant: N } = we(), $ = { ...ir, ...n }, h = { ...or, ...e }, C = () => {
3639
3691
  const O = {};
3640
3692
  return w.trim() || (O.email = !0), P(O), Object.keys(O).length === 0;
3641
3693
  }, S = () => {
@@ -3676,7 +3728,7 @@ function jr({
3676
3728
  }, v = (O) => ({
3677
3729
  ...h.input,
3678
3730
  ...D[O] ? h.inputError : {}
3679
- }), j = () => ({
3731
+ }), G = () => ({
3680
3732
  ...h.button,
3681
3733
  ...A ? h.buttonLoading : {}
3682
3734
  });
@@ -3740,7 +3792,7 @@ function jr({
3740
3792
  type: "submit",
3741
3793
  disabled: !O || A,
3742
3794
  style: {
3743
- ...j(),
3795
+ ...G(),
3744
3796
  ...!O || A ? h.buttonDisabled : {}
3745
3797
  },
3746
3798
  children: A ? $.resetLoadingText : $.resetSubmitButton
@@ -3785,7 +3837,7 @@ function jr({
3785
3837
  type: "submit",
3786
3838
  disabled: !Q || A,
3787
3839
  style: {
3788
- ...j(),
3840
+ ...G(),
3789
3841
  ...!Q || A ? h.buttonDisabled : {}
3790
3842
  },
3791
3843
  children: A ? $.loadingText : $.submitButton
@@ -3803,7 +3855,7 @@ function jr({
3803
3855
  ] })
3804
3856
  ] });
3805
3857
  }
3806
- const or = () => /* @__PURE__ */ s(
3858
+ const ar = () => /* @__PURE__ */ s(
3807
3859
  "div",
3808
3860
  {
3809
3861
  style: {
@@ -3815,7 +3867,7 @@ const or = () => /* @__PURE__ */ s(
3815
3867
  },
3816
3868
  children: /* @__PURE__ */ s("div", { children: "Loading..." })
3817
3869
  }
3818
- ), ar = ({ error: n, retry: e }) => /* @__PURE__ */ d(
3870
+ ), lr = ({ error: n, retry: e }) => /* @__PURE__ */ d(
3819
3871
  "div",
3820
3872
  {
3821
3873
  style: {
@@ -3849,26 +3901,26 @@ const or = () => /* @__PURE__ */ s(
3849
3901
  ]
3850
3902
  }
3851
3903
  );
3852
- function Gr({
3904
+ function Qr({
3853
3905
  children: n,
3854
3906
  loadingFallback: e,
3855
3907
  errorFallback: t,
3856
3908
  requireTenant: r = !0
3857
3909
  }) {
3858
- const { isAppLoading: i, appError: o, retryApp: a } = Se(), f = ke(), g = Ne(), w = Je(), c = Ke(), I = (f == null ? void 0 : f.isTenantLoading) ?? !1, p = (f == null ? void 0 : f.tenantError) ?? null, x = (f == null ? void 0 : f.tenantSlug) ?? null, R = (f == null ? void 0 : f.retryTenant) ?? (() => {
3910
+ const { isAppLoading: i, appError: o, retryApp: a } = ke(), f = Pe(), g = Ce(), w = Je(), c = Ye(), I = (f == null ? void 0 : f.isTenantLoading) ?? !1, p = (f == null ? void 0 : f.tenantError) ?? null, x = (f == null ? void 0 : f.tenantSlug) ?? null, R = (f == null ? void 0 : f.retryTenant) ?? (() => {
3859
3911
  }), F = (g == null ? void 0 : g.isAuthReady) ?? !0, E = (w == null ? void 0 : w.isReady) ?? !0, A = (c == null ? void 0 : c.isReady) ?? !0, u = r && f && x, L = i || u && I || g && !F || w && !E || c && !A, D = o || (u ? p : null), P = () => {
3860
3912
  o && a(), p && f && R();
3861
3913
  };
3862
3914
  if (L)
3863
- return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(or, {}) });
3915
+ return /* @__PURE__ */ s(_, { children: e || /* @__PURE__ */ s(ar, {}) });
3864
3916
  if (D) {
3865
- const U = typeof t == "function" ? t(D, P) : t || /* @__PURE__ */ s(ar, { error: D, retry: P });
3917
+ const U = typeof t == "function" ? t(D, P) : t || /* @__PURE__ */ s(lr, { error: D, retry: P });
3866
3918
  return /* @__PURE__ */ s(_, { children: U });
3867
3919
  }
3868
3920
  return /* @__PURE__ */ s(_, { children: n });
3869
3921
  }
3870
- function Qr(n = !0) {
3871
- const { isAppLoading: e, appError: t, retryApp: r, appInfo: i } = Se(), o = ke(), a = Ne(), f = Je(), g = Ke(), w = (o == null ? void 0 : o.isTenantLoading) ?? !1, c = (o == null ? void 0 : o.tenantError) ?? null, I = (o == null ? void 0 : o.tenant) ?? null, p = (o == null ? void 0 : o.tenantSlug) ?? null, x = (o == null ? void 0 : o.retryTenant) ?? (() => {
3922
+ function Kr(n = !0) {
3923
+ const { isAppLoading: e, appError: t, retryApp: r, appInfo: i } = ke(), o = Pe(), a = Ce(), f = Je(), g = Ye(), w = (o == null ? void 0 : o.isTenantLoading) ?? !1, c = (o == null ? void 0 : o.tenantError) ?? null, I = (o == null ? void 0 : o.tenant) ?? null, p = (o == null ? void 0 : o.tenantSlug) ?? null, x = (o == null ? void 0 : o.retryTenant) ?? (() => {
3872
3924
  }), R = (a == null ? void 0 : a.isAuthReady) ?? !0, F = (f == null ? void 0 : f.isReady) ?? !0, E = (g == null ? void 0 : g.isReady) ?? !0, A = n && o && p, M = e || A && w || a && !R || f && !F || g && !E, L = t || (A ? c : null);
3873
3925
  return {
3874
3926
  isLoading: M,
@@ -3898,7 +3950,7 @@ function Zr({
3898
3950
  showCurrentTenant: w = !0
3899
3951
  }) {
3900
3952
  var k;
3901
- const c = Ne(), [I, p] = T(!1), x = Qe(null), R = n ?? (c == null ? void 0 : c.userTenants) ?? [], F = e ?? ((k = c == null ? void 0 : c.currentUser) == null ? void 0 : k.tenantId) ?? null, E = async (m) => {
3953
+ const c = Ce(), [I, p] = T(!1), x = Ke(null), R = n ?? (c == null ? void 0 : c.userTenants) ?? [], F = e ?? ((k = c == null ? void 0 : c.currentUser) == null ? void 0 : k.tenantId) ?? null, E = async (m) => {
3902
3954
  p(!1), t ? t(m) : c != null && c.switchToTenant && await c.switchToTenant(m);
3903
3955
  };
3904
3956
  ee(() => {
@@ -4049,7 +4101,7 @@ class Jr {
4049
4101
  };
4050
4102
  }
4051
4103
  }
4052
- class Kr {
4104
+ class Yr {
4053
4105
  constructor(e, t) {
4054
4106
  this.httpService = e, this.sessionManager = t;
4055
4107
  }
@@ -4100,7 +4152,7 @@ class Kr {
4100
4152
  });
4101
4153
  }
4102
4154
  }
4103
- class Yr {
4155
+ class Xr {
4104
4156
  constructor(e) {
4105
4157
  this.httpService = e;
4106
4158
  }
@@ -4109,7 +4161,7 @@ class Yr {
4109
4161
  return await this.httpService.get("/health");
4110
4162
  }
4111
4163
  }
4112
- class Xr {
4164
+ class en {
4113
4165
  // Date string to Date object
4114
4166
  static toDate(e) {
4115
4167
  return new Date(e);
@@ -4231,24 +4283,24 @@ class Xr {
4231
4283
  }), t;
4232
4284
  }
4233
4285
  }
4234
- const et = "returnTo", Ee = "zone_return_to", Me = "zone_return_to";
4235
- function en(n = {}) {
4286
+ const tt = "returnTo", Me = "zone_return_to", Le = "zone_return_to";
4287
+ function tn(n = {}) {
4236
4288
  const {
4237
4289
  zoneRoots: e = {},
4238
- returnToParam: t = et,
4290
+ returnToParam: t = tt,
4239
4291
  returnToStorage: r = "url"
4240
- } = n, i = ft(), [o, a] = gt(), { isAuthenticated: f, currentUser: g } = de(), { tenant: w } = ge(), c = J(() => ({ ...$e, ...e }), [e]), I = !!w, p = g == null ? void 0 : g.userType, x = J(() => {
4292
+ } = n, i = gt(), [o, a] = mt(), { isAuthenticated: f, currentUser: g } = ue(), { tenant: w } = ye(), c = Z(() => ({ ...He, ...e }), [e]), I = !!w, p = g == null ? void 0 : g.userType, x = Z(() => {
4241
4293
  switch (r) {
4242
4294
  case "url":
4243
4295
  return o.get(t);
4244
4296
  case "session":
4245
- return sessionStorage.getItem(Ee);
4297
+ return sessionStorage.getItem(Me);
4246
4298
  case "local":
4247
- return localStorage.getItem(Me);
4299
+ return localStorage.getItem(Le);
4248
4300
  default:
4249
4301
  return null;
4250
4302
  }
4251
- }, [r, o, t]), R = se(() => {
4303
+ }, [r, o, t]), R = ie(() => {
4252
4304
  switch (r) {
4253
4305
  case "url": {
4254
4306
  const u = new URLSearchParams(o);
@@ -4256,13 +4308,13 @@ function en(n = {}) {
4256
4308
  break;
4257
4309
  }
4258
4310
  case "session":
4259
- sessionStorage.removeItem(Ee);
4311
+ sessionStorage.removeItem(Me);
4260
4312
  break;
4261
4313
  case "local":
4262
- localStorage.removeItem(Me);
4314
+ localStorage.removeItem(Le);
4263
4315
  break;
4264
4316
  }
4265
- }, [r, o, t, a]), F = se(
4317
+ }, [r, o, t, a]), F = ie(
4266
4318
  (u) => {
4267
4319
  switch (r) {
4268
4320
  case "url": {
@@ -4271,21 +4323,21 @@ function en(n = {}) {
4271
4323
  break;
4272
4324
  }
4273
4325
  case "session":
4274
- sessionStorage.setItem(Ee, u);
4326
+ sessionStorage.setItem(Me, u);
4275
4327
  break;
4276
4328
  case "local":
4277
- localStorage.setItem(Me, u);
4329
+ localStorage.setItem(Le, u);
4278
4330
  break;
4279
4331
  }
4280
4332
  },
4281
4333
  [r, o, t, a]
4282
- ), E = se(
4334
+ ), E = ie(
4283
4335
  (u) => {
4284
4336
  const k = c[u] || c.default;
4285
4337
  i(k);
4286
4338
  },
4287
4339
  [i, c]
4288
- ), A = se(() => I ? f ? p === oe.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : f ? p === oe.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [I, f, p, c]);
4340
+ ), A = ie(() => I ? f ? p === ae.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : f ? p === ae.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [I, f, p, c]);
4289
4341
  return {
4290
4342
  returnToUrl: x,
4291
4343
  clearReturnTo: R,
@@ -4294,76 +4346,76 @@ function en(n = {}) {
4294
4346
  getSmartRedirect: A
4295
4347
  };
4296
4348
  }
4297
- function tn(n, e, t = et, r = "url") {
4349
+ function rn(n, e, t = tt, r = "url") {
4298
4350
  if (!e || r !== "url")
4299
4351
  return n;
4300
4352
  const i = new URL(n, window.location.origin);
4301
4353
  return i.searchParams.set(t, e), i.pathname + i.search;
4302
4354
  }
4303
4355
  export {
4304
- Nr as AdminZone,
4305
- Xr as ApiMappers,
4306
- Oe as AppApiService,
4307
- Gr as AppLoader,
4308
- mr as AppProvider,
4309
- wt as AuthApiService,
4310
- vr as AuthProvider,
4311
- Fr as AuthenticatedZone,
4312
- Ye as DEFAULT_ZONE_PRESETS,
4313
- $e as DEFAULT_ZONE_ROOTS,
4314
- Or as FeatureFlag,
4315
- Rt as FeatureFlagApiService,
4316
- Tr as FeatureFlagProvider,
4317
- Dr as GuestZone,
4318
- Yr as HealthApiService,
4319
- le as HttpService,
4320
- Er as LandingRoute,
4321
- zr as LoginForm,
4322
- Wr as MagicLinkForm,
4323
- Vr as MagicLinkVerify,
4324
- Ur as OpenZone,
4325
- jr as PasswordRecoveryForm,
4356
+ Cr as AdminZone,
4357
+ en as ApiMappers,
4358
+ ze as AppApiService,
4359
+ Qr as AppLoader,
4360
+ yr as AppProvider,
4361
+ bt as AuthApiService,
4362
+ Tr as AuthProvider,
4363
+ Dr as AuthenticatedZone,
4364
+ Xe as DEFAULT_ZONE_PRESETS,
4365
+ He as DEFAULT_ZONE_ROOTS,
4366
+ zr as FeatureFlag,
4367
+ It as FeatureFlagApiService,
4368
+ kr as FeatureFlagProvider,
4369
+ Nr as GuestZone,
4370
+ Xr as HealthApiService,
4371
+ ce as HttpService,
4372
+ Mr as LandingRoute,
4373
+ _r as LoginForm,
4374
+ Vr as MagicLinkForm,
4375
+ jr as MagicLinkVerify,
4376
+ $r as OpenZone,
4377
+ Gr as PasswordRecoveryForm,
4326
4378
  Jr as PermissionApiService,
4327
- Pr as Protected,
4328
- Rr as ProtectedRoute,
4329
- Lr as PublicZone,
4330
- ze as RoleApiService,
4331
- xr as RoutingProvider,
4332
- ie as SessionExpiredError,
4333
- pe as SessionManager,
4334
- _r as SignupForm,
4335
- Et as SubscriptionApiService,
4336
- qr as SubscriptionGuard,
4337
- Kr as SubscriptionPlanApiService,
4338
- kr as SubscriptionProvider,
4339
- we as TenantApiService,
4340
- $r as TenantAuthenticatedZone,
4341
- Br as TenantGuestZone,
4342
- Hr as TenantOpenZone,
4343
- wr as TenantProvider,
4344
- Ir as TenantRoute,
4379
+ Rr as Protected,
4380
+ Ir as ProtectedRoute,
4381
+ Fr as PublicZone,
4382
+ _e as RoleApiService,
4383
+ Ar as RoutingProvider,
4384
+ se as SessionExpiredError,
4385
+ Se as SessionManager,
4386
+ Wr as SignupForm,
4387
+ Mt as SubscriptionApiService,
4388
+ Or as SubscriptionGuard,
4389
+ Yr as SubscriptionPlanApiService,
4390
+ xr as SubscriptionProvider,
4391
+ ve as TenantApiService,
4392
+ Hr as TenantAuthenticatedZone,
4393
+ qr as TenantGuestZone,
4394
+ Br as TenantOpenZone,
4395
+ br as TenantProvider,
4396
+ Er as TenantRoute,
4345
4397
  Zr as TenantSelector,
4346
- Mr as TenantZone,
4347
- yt as TokenRefreshError,
4348
- mt as TokenRefreshTimeoutError,
4349
- bt as UserApiService,
4350
- oe as UserType,
4351
- Cr as UserZone,
4352
- ce as ZoneRoute,
4353
- tn as buildRedirectUrl,
4354
- yr as useApi,
4355
- Se as useApp,
4356
- Qr as useAppLoaderState,
4357
- de as useAuth,
4358
- It as useFeatureFlags,
4359
- Ar as useRouting,
4360
- Lt as useRoutingOptional,
4361
- Sr as useSettings,
4362
- Mt as useSubscription,
4363
- ge as useTenant,
4364
- me as useTenantInfo,
4365
- ke as useTenantOptional,
4366
- br as useTenantSettings,
4367
- en as useZoneNavigation
4398
+ Lr as TenantZone,
4399
+ wt as TokenRefreshError,
4400
+ yt as TokenRefreshTimeoutError,
4401
+ St as UserApiService,
4402
+ ae as UserType,
4403
+ Ur as UserZone,
4404
+ de as ZoneRoute,
4405
+ rn as buildRedirectUrl,
4406
+ wr as useApi,
4407
+ ke as useApp,
4408
+ Kr as useAppLoaderState,
4409
+ ue as useAuth,
4410
+ Et as useFeatureFlags,
4411
+ Pr as useRouting,
4412
+ Ft as useRoutingOptional,
4413
+ vr as useSettings,
4414
+ Lt as useSubscription,
4415
+ ye as useTenant,
4416
+ we as useTenantInfo,
4417
+ Pe as useTenantOptional,
4418
+ Sr as useTenantSettings,
4419
+ tn as useZoneNavigation
4368
4420
  };
4369
4421
  //# sourceMappingURL=index.es.js.map