@skylabs-digital/react-identity-access 3.2.1 → 3.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/index.es.js +789 -743
  2. package/dist/index.es.js.map +1 -1
  3. package/dist/index.js +2 -2
  4. package/dist/index.js.map +1 -1
  5. package/dist/providers/AuthProvider.d.ts.map +1 -1
  6. package/dist/services/AuthApiService.d.ts +2 -1
  7. package/dist/services/AuthApiService.d.ts.map +1 -1
  8. package/dist/services/HttpService.d.ts.map +1 -1
  9. package/dist/services/SessionManager.d.ts +12 -0
  10. package/dist/services/SessionManager.d.ts.map +1 -1
  11. package/package.json +1 -1
package/dist/index.es.js CHANGED
@@ -1,6 +1,6 @@
1
- import { jsx as s, Fragment as B, jsxs as f } from "react/jsx-runtime";
2
- import me, { createContext as fe, useState as N, useRef as Ee, useCallback as te, useMemo as V, useEffect as re, useContext as ne } from "react";
3
- import { useLocation as xe, Navigate as be, useNavigate as wt, useSearchParams as vt } from "react-router-dom";
1
+ import { jsx as s, Fragment as U, jsxs as f } from "react/jsx-runtime";
2
+ import me, { createContext as fe, useState as N, useRef as ye, useCallback as te, useMemo as V, useEffect as re, useContext as ne } from "react";
3
+ import { useLocation as xe, Navigate as we, useNavigate as vt, useSearchParams as Tt } from "react-router-dom";
4
4
  class he {
5
5
  constructor(e, t = 1e4) {
6
6
  this.baseUrl = e.replace(/\/$/, ""), this.timeout = t;
@@ -11,30 +11,37 @@ class he {
11
11
  getBaseUrl() {
12
12
  return this.baseUrl;
13
13
  }
14
- async executeRequest(e, t, n, i) {
15
- const a = `${this.baseUrl}${t.startsWith("/") ? t : `/${t}`}`, l = (i == null ? void 0 : i.timeout) || this.timeout;
16
- let d = {
14
+ async executeRequest(e, t, n, i, a = !1) {
15
+ const l = `${this.baseUrl}${t.startsWith("/") ? t : `/${t}`}`, h = (i == null ? void 0 : i.timeout) || this.timeout;
16
+ let S = {
17
17
  "Content-Type": "application/json",
18
18
  ...i == null ? void 0 : i.headers
19
19
  };
20
20
  if (!(i != null && i.skipAuth) && this.sessionManager) {
21
21
  const c = await this.sessionManager.getValidAccessToken();
22
- d = { ...d, Authorization: `Bearer ${c}` };
22
+ S = { ...S, Authorization: `Bearer ${c}` };
23
23
  }
24
- const T = new AbortController(), A = setTimeout(() => T.abort(), l);
24
+ const k = new AbortController(), T = setTimeout(() => k.abort(), h);
25
25
  try {
26
- const c = await fetch(a, {
26
+ const c = await fetch(l, {
27
27
  method: e,
28
- headers: d,
28
+ headers: S,
29
29
  body: n ? JSON.stringify(n) : void 0,
30
- signal: T.signal
30
+ signal: k.signal
31
31
  });
32
- if (clearTimeout(A), !c.ok)
32
+ if (clearTimeout(T), c.status === 401 && !(i != null && i.skipAuth) && this.sessionManager && !a) {
33
+ try {
34
+ await c.text();
35
+ } catch {
36
+ }
37
+ return await this.sessionManager.forceRefresh(), this.executeRequest(e, t, n, i, !0);
38
+ }
39
+ if (!c.ok)
33
40
  throw new Error(`HTTP ${c.status}: ${c.statusText}`);
34
- const S = c.headers.get("content-type");
35
- return !S || !S.includes("application/json") ? {} : await c.json();
41
+ const d = c.headers.get("content-type");
42
+ return !d || !d.includes("application/json") ? {} : await c.json();
36
43
  } catch (c) {
37
- throw clearTimeout(A), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${l}ms`) : c;
44
+ throw clearTimeout(T), c instanceof Error && c.name === "AbortError" ? new Error(`Request timeout after ${h}ms`) : c;
38
45
  }
39
46
  }
40
47
  async get(e, t) {
@@ -98,10 +105,10 @@ class Je {
98
105
  return (await this.httpService.get(`/apps/${e}/export-config`)).data;
99
106
  }
100
107
  }
101
- const $e = fe(null), Tt = 5 * 60 * 1e3;
102
- function Sr({ config: r, children: e }) {
103
- var k, m, g;
104
- const { appId: t, baseUrl: n } = r, i = (((k = r.cache) == null ? void 0 : k.enabled) ?? !0) && !!t, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? Tt, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? (t ? `app_cache_${t}` : ""), [d, T] = N(() => {
108
+ const $e = fe(null), St = 5 * 60 * 1e3;
109
+ function kr({ config: r, children: e }) {
110
+ var E, m, g;
111
+ const { appId: t, baseUrl: n } = r, i = (((E = r.cache) == null ? void 0 : E.enabled) ?? !0) && !!t, a = ((m = r.cache) == null ? void 0 : m.ttl) ?? St, l = ((g = r.cache) == null ? void 0 : g.storageKey) ?? (t ? `app_cache_${t}` : ""), [h, S] = N(() => {
105
112
  if (!i) return null;
106
113
  try {
107
114
  const b = localStorage.getItem(l);
@@ -111,15 +118,15 @@ function Sr({ config: r, children: e }) {
111
118
  } catch {
112
119
  return null;
113
120
  }
114
- }), [A, c] = N(!!t && !d), [S, h] = N(null), x = Ee(d);
115
- x.current = d;
121
+ }), [k, T] = N(!!t && !h), [c, d] = N(null), A = ye(h);
122
+ A.current = h;
116
123
  const P = te(
117
124
  async (b = !1) => {
118
- if (t && !(!b && i && x.current))
125
+ if (t && !(!b && i && A.current))
119
126
  try {
120
- c(!0), h(null);
127
+ T(!0), d(null);
121
128
  const o = await new Je(new he(n)).getPublicAppInfo(t);
122
- if (T(o), i)
129
+ if (S(o), i)
123
130
  try {
124
131
  const p = {
125
132
  data: o,
@@ -132,27 +139,27 @@ function Sr({ config: r, children: e }) {
132
139
  }
133
140
  } catch (C) {
134
141
  const o = C instanceof Error ? C : new Error("Failed to load app information");
135
- h(o), T(null);
142
+ d(o), S(null);
136
143
  } finally {
137
- c(!1);
144
+ T(!1);
138
145
  }
139
146
  },
140
147
  [n, t, i, l]
141
148
  ), I = te(async () => {
142
- if (!(!t || !i || !x.current))
149
+ if (!(!t || !i || !A.current))
143
150
  try {
144
151
  const b = localStorage.getItem(l);
145
152
  if (!b) return;
146
153
  const C = JSON.parse(b);
147
154
  if (Date.now() - C.timestamp <= a * 0.5) return;
148
155
  const p = await new Je(new he(n)).getPublicAppInfo(t);
149
- T(p);
150
- const E = {
156
+ S(p);
157
+ const x = {
151
158
  data: p,
152
159
  timestamp: Date.now(),
153
160
  appId: t
154
161
  };
155
- localStorage.setItem(l, JSON.stringify(E));
162
+ localStorage.setItem(l, JSON.stringify(x));
156
163
  } catch (b) {
157
164
  process.env.NODE_ENV === "development" && console.warn("[AppProvider] Background app refresh failed:", b);
158
165
  }
@@ -160,17 +167,17 @@ function Sr({ config: r, children: e }) {
160
167
  () => ({
161
168
  appId: t,
162
169
  baseUrl: n,
163
- appInfo: d,
164
- isAppLoading: A,
165
- appError: S,
170
+ appInfo: h,
171
+ isAppLoading: k,
172
+ appError: c,
166
173
  retryApp: () => {
167
174
  P(!0);
168
175
  }
169
176
  }),
170
- [t, n, d, A, S, P]
177
+ [t, n, h, k, c, P]
171
178
  );
172
179
  return re(() => {
173
- t && (x.current ? I() : P());
180
+ t && (A.current ? I() : P());
174
181
  }, []), /* @__PURE__ */ s($e.Provider, { value: R, children: e });
175
182
  }
176
183
  function Ae() {
@@ -182,8 +189,8 @@ function Ae() {
182
189
  function Ue() {
183
190
  return ne($e);
184
191
  }
185
- const kr = Ae;
186
- class ee extends Error {
192
+ const Er = Ae;
193
+ class Z extends Error {
187
194
  constructor(e, t) {
188
195
  const n = {
189
196
  token_expired: "Refresh token has expired",
@@ -193,12 +200,12 @@ class ee extends Error {
193
200
  super(t || n[e]), this.name = "SessionExpiredError", this.reason = e;
194
201
  }
195
202
  }
196
- class St extends Error {
203
+ class kt extends Error {
197
204
  constructor(e) {
198
205
  super(`Token refresh timed out after ${e}ms`), this.name = "TokenRefreshTimeoutError", this.timeoutMs = e;
199
206
  }
200
207
  }
201
- class kt extends Error {
208
+ class Et extends Error {
202
209
  constructor(e, t) {
203
210
  super(
204
211
  `Token refresh failed after ${e} attempts: ${(t == null ? void 0 : t.message) || "Unknown error"}`
@@ -207,10 +214,10 @@ class kt extends Error {
207
214
  }
208
215
  class oe extends Error {
209
216
  constructor(e, t, n) {
210
- super(`Invalid configuration "${e}": ${n} (received: ${Et(t)})`), this.name = "ConfigurationError", this.field = e, this.received = t;
217
+ super(`Invalid configuration "${e}": ${n} (received: ${xt(t)})`), this.name = "ConfigurationError", this.field = e, this.received = t;
211
218
  }
212
219
  }
213
- function Et(r) {
220
+ function xt(r) {
214
221
  if (r === void 0) return "undefined";
215
222
  try {
216
223
  const e = JSON.stringify(r);
@@ -235,19 +242,19 @@ function Ke(r) {
235
242
  const e = Re(r), t = e == null ? void 0 : e.payload.exp;
236
243
  return typeof t == "number" ? t * 1e3 : void 0;
237
244
  }
238
- function xt(r, e) {
245
+ function At(r, e) {
239
246
  var n;
240
247
  const t = (n = Re(r)) == null ? void 0 : n.payload[e];
241
248
  return typeof t == "string" ? t : void 0;
242
249
  }
243
- const At = /^(javascript|data|vbscript|file):/i, Rt = /^https?:\/\//i;
244
- function Pt(r, e = "baseUrl") {
250
+ const Rt = /^(javascript|data|vbscript|file):/i, Pt = /^https?:\/\//i;
251
+ function It(r, e = "baseUrl") {
245
252
  if (!(r == null || r === "")) {
246
253
  if (typeof r != "string")
247
254
  throw new oe(e, r, "must be a string");
248
- if (At.test(r))
255
+ if (Rt.test(r))
249
256
  throw new oe(e, r, "dangerous URL scheme is not allowed");
250
- if (!Rt.test(r))
257
+ if (!Pt.test(r))
251
258
  throw new oe(e, r, "must start with http:// or https://");
252
259
  }
253
260
  }
@@ -265,7 +272,7 @@ function Ye(r, e) {
265
272
  if (e !== void 0 && typeof e != "boolean")
266
273
  throw new oe(r, e, "must be a boolean");
267
274
  }
268
- function It(r, e = "accessToken") {
275
+ function Lt(r, e = "accessToken") {
269
276
  if (typeof r != "string" || r.length === 0)
270
277
  throw new oe(e, r, "must be a non-empty string");
271
278
  if (!r.includes(".")) return;
@@ -283,11 +290,11 @@ function It(r, e = "accessToken") {
283
290
  "JWT header or payload is not valid base64url-encoded JSON"
284
291
  );
285
292
  }
286
- function Lt(r) {
293
+ function Ft(r) {
287
294
  if (r !== void 0 && (typeof r != "number" || !Number.isFinite(r) || r <= 0))
288
295
  throw new oe("expiresIn", r, "must be a finite positive number (seconds)");
289
296
  }
290
- function Ft(r) {
297
+ function Nt(r) {
291
298
  if (r !== void 0 && (typeof r != "number" || !Number.isFinite(r) || r <= 0))
292
299
  throw new oe(
293
300
  "expiresAt",
@@ -321,7 +328,7 @@ const ie = class ie {
321
328
  return e.storageKey || "auth_tokens";
322
329
  }
323
330
  static validateConfig(e) {
324
- Pt(e.baseUrl), Ye("enableCookieSession", e.enableCookieSession), Ye("autoRefresh", e.autoRefresh), ge("refreshThreshold", e.refreshThreshold, { min: 0 }), ge("proactiveRefreshMargin", e.proactiveRefreshMargin, { min: 0 }), ge("refreshQueueTimeout", e.refreshQueueTimeout, { min: 1 }), ge("maxRefreshRetries", e.maxRefreshRetries, { min: 0 }), ge("retryBackoffBase", e.retryBackoffBase, { min: 1 });
331
+ It(e.baseUrl), Ye("enableCookieSession", e.enableCookieSession), Ye("autoRefresh", e.autoRefresh), ge("refreshThreshold", e.refreshThreshold, { min: 0 }), ge("proactiveRefreshMargin", e.proactiveRefreshMargin, { min: 0 }), ge("refreshQueueTimeout", e.refreshQueueTimeout, { min: 1 }), ge("maxRefreshRetries", e.maxRefreshRetries, { min: 0 }), ge("retryBackoffBase", e.retryBackoffBase, { min: 1 });
325
332
  }
326
333
  /** Update mutable config (callbacks, baseUrl) on an existing instance. */
327
334
  updateConfig(e) {
@@ -390,9 +397,9 @@ const ie = class ie {
390
397
  }
391
398
  // --- Token CRUD ---
392
399
  setTokens(e) {
393
- if (It(e.accessToken, "accessToken"), e.refreshToken !== void 0 && typeof e.refreshToken != "string")
400
+ if (Lt(e.accessToken, "accessToken"), e.refreshToken !== void 0 && typeof e.refreshToken != "string")
394
401
  throw new oe("refreshToken", e.refreshToken, "must be a string");
395
- Lt(e.expiresIn), Ft(e.expiresAt);
402
+ Ft(e.expiresIn), Nt(e.expiresAt);
396
403
  const t = e.expiresAt || (e.expiresIn ? Date.now() + e.expiresIn * 1e3 : void 0) || Ke(e.accessToken), n = {
397
404
  ...e,
398
405
  expiresAt: t
@@ -472,13 +479,13 @@ const ie = class ie {
472
479
  this.startRefreshAndResolveQueue(e.refreshToken).then(() => {
473
480
  this.consecutiveBackgroundFailures = 0;
474
481
  }).catch((n) => {
475
- if (!(n instanceof ee)) {
482
+ if (!(n instanceof Z)) {
476
483
  if (this.sessionGeneration === t) {
477
484
  if (this.consecutiveBackgroundFailures++, this.consecutiveBackgroundFailures >= ie.MAX_BACKGROUND_FAILURES) {
478
485
  process.env.NODE_ENV === "development" && console.error(
479
486
  `[SessionManager] Background refresh failed ${this.consecutiveBackgroundFailures} consecutive times — expiring session`
480
487
  ), this.consecutiveBackgroundFailures = 0, this.handleSessionExpired(
481
- new ee("token_invalid", "Background refresh failed repeatedly")
488
+ new Z("token_invalid", "Background refresh failed repeatedly")
482
489
  );
483
490
  return;
484
491
  }
@@ -545,17 +552,40 @@ const ie = class ie {
545
552
  async getValidAccessToken() {
546
553
  const e = this.getTokens();
547
554
  if (!(e != null && e.accessToken)) {
548
- const t = new ee("token_invalid", "No tokens available");
555
+ const t = new Z("token_invalid", "No tokens available");
549
556
  throw this.handleSessionExpired(t), t;
550
557
  }
551
558
  if (!this.shouldRefreshToken(e) && !this.isTokenExpired(e))
552
559
  return e.accessToken;
553
560
  if (!e.refreshToken) {
554
- const t = new ee("token_invalid", "No refresh token available");
561
+ const t = new Z("token_invalid", "No refresh token available");
555
562
  throw this.handleSessionExpired(t), t;
556
563
  }
557
564
  return this.refreshPromise ? this.enqueueForToken() : this.startRefreshAndResolveQueue(e.refreshToken);
558
565
  }
566
+ /**
567
+ * Force a refresh ignoring local expiry heuristics. Callers (e.g. HttpService
568
+ * retrying a 401) use this when the backend rejected the current access token
569
+ * as invalid even though `expiresAt` claims it's still valid. Shares the same
570
+ * refreshPromise/queue as getValidAccessToken, so concurrent forceRefresh
571
+ * calls deduplicate to a single refresh network call.
572
+ *
573
+ * @throws {SessionExpiredError} if no refresh token → caller should logout
574
+ * @throws {TokenRefreshTimeoutError} if queue wait exceeds timeout
575
+ * @throws {TokenRefreshError} if refresh fails after all retries
576
+ */
577
+ async forceRefresh() {
578
+ const e = this.getTokens();
579
+ if (!(e != null && e.accessToken)) {
580
+ const t = new Z("token_invalid", "No tokens available");
581
+ throw this.handleSessionExpired(t), t;
582
+ }
583
+ if (!e.refreshToken) {
584
+ const t = new Z("token_invalid", "No refresh token available");
585
+ throw this.handleSessionExpired(t), t;
586
+ }
587
+ return this.refreshPromise ? this.enqueueForToken() : this.startRefreshAndResolveQueue(e.refreshToken, !0);
588
+ }
559
589
  /**
560
590
  * Backward-compatible getAuthHeaders — now delegates to getValidAccessToken.
561
591
  */
@@ -563,27 +593,27 @@ const ie = class ie {
563
593
  try {
564
594
  return { Authorization: `Bearer ${await this.getValidAccessToken()}` };
565
595
  } catch (e) {
566
- return e instanceof ee && this.onRefreshFailed && this.onRefreshFailed(), {};
596
+ return e instanceof Z && this.onRefreshFailed && this.onRefreshFailed(), {};
567
597
  }
568
598
  }
569
599
  enqueueForToken() {
570
600
  return new Promise((e, t) => {
571
601
  const n = setTimeout(() => {
572
602
  const i = this.refreshQueue.findIndex((a) => a.timeoutId === n);
573
- i !== -1 && this.refreshQueue.splice(i, 1), t(new St(this.refreshQueueTimeout));
603
+ i !== -1 && this.refreshQueue.splice(i, 1), t(new kt(this.refreshQueueTimeout));
574
604
  }, this.refreshQueueTimeout);
575
605
  this.refreshQueue.push({ resolve: e, reject: t, timeoutId: n });
576
606
  });
577
607
  }
578
- async startRefreshAndResolveQueue(e) {
579
- this.refreshPromise = this.executeRefreshWithRetry(e);
608
+ async startRefreshAndResolveQueue(e, t = !1) {
609
+ this.refreshPromise = this.executeRefreshWithRetry(e, t);
580
610
  try {
581
611
  await this.refreshPromise;
582
- const t = this.getTokens(), n = (t == null ? void 0 : t.accessToken) || "";
583
- return this.resolveQueue(n), n;
584
- } catch (t) {
585
- const n = t instanceof Error ? t : new Error("Token refresh failed");
586
- throw n instanceof ee ? (this.rejectQueue(n), this.handleSessionExpired(n)) : this.rejectQueue(n), n;
612
+ const n = this.getTokens(), i = (n == null ? void 0 : n.accessToken) || "";
613
+ return this.resolveQueue(i), i;
614
+ } catch (n) {
615
+ const i = n instanceof Error ? n : new Error("Token refresh failed");
616
+ throw i instanceof Z ? (this.rejectQueue(i), this.handleSessionExpired(i)) : this.rejectQueue(i), i;
587
617
  } finally {
588
618
  this.refreshPromise = null;
589
619
  }
@@ -601,74 +631,74 @@ const ie = class ie {
601
631
  clearTimeout(n.timeoutId), n.reject(e);
602
632
  }
603
633
  // --- Refresh with retry + error classification ---
604
- async executeRefreshWithRetry(e) {
605
- let t;
606
- const n = this.sessionGeneration;
607
- for (let i = 0; i <= this.maxRefreshRetries; i++) {
608
- if (this.sessionGeneration !== n)
609
- throw new ee("token_invalid", "Session cleared during refresh");
634
+ async executeRefreshWithRetry(e, t = !1) {
635
+ let n;
636
+ const i = this.sessionGeneration;
637
+ for (let a = 0; a <= this.maxRefreshRetries; a++) {
638
+ if (this.sessionGeneration !== i)
639
+ throw new Z("token_invalid", "Session cleared during refresh");
610
640
  try {
611
- await this.performTokenRefresh(e, n);
641
+ await this.performTokenRefresh(e, i, t);
612
642
  return;
613
- } catch (a) {
614
- const l = a instanceof Error ? a : new Error(String(a));
615
- if (l instanceof ee)
616
- throw l;
617
- if (t = l, i < this.maxRefreshRetries) {
618
- const d = this.retryBackoffBase * Math.pow(2, i);
619
- await this.sleep(d);
643
+ } catch (l) {
644
+ const h = l instanceof Error ? l : new Error(String(l));
645
+ if (h instanceof Z)
646
+ throw h;
647
+ if (n = h, a < this.maxRefreshRetries) {
648
+ const S = this.retryBackoffBase * Math.pow(2, a);
649
+ await this.sleep(S);
620
650
  }
621
651
  }
622
652
  }
623
- throw new kt(this.maxRefreshRetries + 1, t);
653
+ throw new Et(this.maxRefreshRetries + 1, n);
624
654
  }
625
655
  /**
626
656
  * Single refresh attempt with error classification.
627
657
  * Throws SessionExpiredError for fatal errors (no retry).
628
658
  * Throws generic Error for transient errors (will be retried).
629
659
  */
630
- async performTokenRefresh(e, t) {
660
+ async performTokenRefresh(e, t, n = !1) {
631
661
  return typeof navigator < "u" && navigator.locks ? navigator.locks.request(
632
662
  `session-refresh:${this.storageKey}`,
633
- () => this.performTokenRefreshInner(e, t)
634
- ) : this.performTokenRefreshInner(e, t);
663
+ () => this.performTokenRefreshInner(e, t, n)
664
+ ) : this.performTokenRefreshInner(e, t, n);
635
665
  }
636
- async performTokenRefreshInner(e, t) {
666
+ async performTokenRefreshInner(e, t, n = !1) {
637
667
  if (!this.baseUrl)
638
668
  throw new Error("Base URL not configured for token refresh");
639
- const n = this.getTokens();
640
- if (n != null && n.accessToken && !this.isTokenExpired(n) && !this.shouldRefreshToken(n))
669
+ const i = this.getTokens();
670
+ if (!n && (i != null && i.accessToken) && !this.isTokenExpired(i) && !this.shouldRefreshToken(i))
641
671
  return;
642
- const i = (n == null ? void 0 : n.refreshToken) || e, a = `${this.baseUrl}/auth/refresh`, l = xt(i, "deviceId"), d = { refreshToken: i };
643
- l && (d.deviceId = l);
644
- let T;
672
+ const a = (i == null ? void 0 : i.refreshToken) || e, l = `${this.baseUrl}/auth/refresh`, h = At(a, "deviceId"), S = { refreshToken: a };
673
+ h && (S.deviceId = h);
674
+ let k;
645
675
  try {
646
- T = await fetch(a, {
676
+ k = await fetch(l, {
647
677
  method: "POST",
648
678
  headers: { "Content-Type": "application/json" },
649
- body: JSON.stringify(d),
679
+ body: JSON.stringify(S),
650
680
  ...this.enableCookieSession && { credentials: "include" }
651
681
  });
652
682
  } catch (c) {
653
683
  throw c instanceof Error ? c : new Error("Network error during token refresh");
654
684
  }
655
- if (!T.ok) {
685
+ if (!k.ok) {
656
686
  let c = "";
657
687
  try {
658
- const S = await T.json();
659
- c = (S.message || S.error || "").toLowerCase();
688
+ const d = await k.json();
689
+ c = (d.message || d.error || "").toLowerCase();
660
690
  } catch {
661
- c = T.statusText.toLowerCase();
691
+ c = k.statusText.toLowerCase();
662
692
  }
663
- throw T.status === 401 ? c.includes("expired") ? new ee("token_expired") : c.includes("invalid") ? new ee("token_invalid") : new ee("token_invalid", `Unauthorized: ${c}`) : T.status === 400 ? c.includes("inactive") ? new ee("user_inactive") : c.includes("expired") || c.includes("invalid") ? new ee("token_invalid", c) : c.includes("reuse") || c.includes("revoked") ? new ee("token_invalid", c) : new Error(`Token refresh failed (400): ${c}`) : new Error(`Token refresh failed: ${T.status} ${c}`);
693
+ throw k.status === 401 ? c.includes("expired") ? new Z("token_expired") : c.includes("invalid") ? new Z("token_invalid") : new Z("token_invalid", `Unauthorized: ${c}`) : k.status === 400 ? c.includes("inactive") ? new Z("user_inactive") : c.includes("expired") || c.includes("invalid") ? new Z("token_invalid", c) : c.includes("reuse") || c.includes("revoked") ? new Z("token_invalid", c) : new Error(`Token refresh failed (400): ${c}`) : new Error(`Token refresh failed: ${k.status} ${c}`);
664
694
  }
665
695
  if (this.sessionGeneration !== t)
666
- throw new ee("token_invalid", "Session cleared during refresh");
667
- const A = await T.json();
696
+ throw new Z("token_invalid", "Session cleared during refresh");
697
+ const T = await k.json();
668
698
  this.setTokens({
669
- accessToken: A.accessToken,
670
- refreshToken: A.refreshToken || i,
671
- expiresIn: A.expiresIn
699
+ accessToken: T.accessToken,
700
+ refreshToken: T.refreshToken || a,
701
+ expiresIn: T.expiresIn
672
702
  });
673
703
  }
674
704
  // --- Session expiry handler ---
@@ -691,7 +721,7 @@ const ie = class ie {
691
721
  // --- Session lifecycle ---
692
722
  clearSession() {
693
723
  this.sessionGeneration++, this.cancelProactiveTimer(), this.clearTokens();
694
- const e = new ee("token_invalid", "Session cleared");
724
+ const e = new Z("token_invalid", "Session cleared");
695
725
  this.rejectQueue(e);
696
726
  }
697
727
  /**
@@ -700,7 +730,7 @@ const ie = class ie {
700
730
  */
701
731
  destroy() {
702
732
  this.isDestroyed = !0, ie.instances.delete(this.storageKey), this.cancelProactiveTimer(), this.detachVisibilityListener();
703
- const e = new ee("token_invalid", "SessionManager destroyed");
733
+ const e = new Z("token_invalid", "SessionManager destroyed");
704
734
  this.rejectQueue(e);
705
735
  }
706
736
  // --- JWT helpers ---
@@ -729,9 +759,9 @@ const ie = class ie {
729
759
  };
730
760
  ie.instances = /* @__PURE__ */ new Map(), ie.MAX_BACKGROUND_FAILURES = 3;
731
761
  let Me = ie;
732
- class Nt {
762
+ class Ct {
733
763
  constructor(e) {
734
- this.httpService = e, this.pendingVerifications = /* @__PURE__ */ new Map(), this.pendingMagicLinks = /* @__PURE__ */ new Map();
764
+ this.httpService = e, this.verificationCache = /* @__PURE__ */ new Map(), this.VERIFY_CACHE_TTL_MS = 6e4, this.pendingMagicLinks = /* @__PURE__ */ new Map();
735
765
  }
736
766
  // Public endpoints - no auth required.
737
767
  // Must pass `{ skipAuth: true }` so HttpService does NOT call
@@ -780,12 +810,24 @@ class Nt {
780
810
  return this.pendingMagicLinks.set(t, i), i;
781
811
  }
782
812
  async verifyMagicLink(e) {
783
- const t = e.token, n = this.pendingVerifications.get(t);
784
- if (n) return n;
785
- const i = this.httpService.post("/auth/magic-link/verify", e, { skipAuth: !0 }).finally(() => {
786
- this.pendingVerifications.delete(t);
787
- });
788
- return this.pendingVerifications.set(t, i), i;
813
+ const t = e.token, n = this.verificationCache.get(t);
814
+ if (n) return n.promise;
815
+ const i = this.httpService.post(
816
+ "/auth/magic-link/verify",
817
+ e,
818
+ { skipAuth: !0 }
819
+ ), a = { promise: i };
820
+ return this.verificationCache.set(t, a), i.then(
821
+ () => {
822
+ a.timer = setTimeout(
823
+ () => this.verificationCache.delete(t),
824
+ this.VERIFY_CACHE_TTL_MS
825
+ );
826
+ },
827
+ () => {
828
+ this.verificationCache.delete(t);
829
+ }
830
+ ), i;
789
831
  }
790
832
  async confirmPasswordReset(e) {
791
833
  await this.httpService.post("/auth/password-reset/confirm", e, { skipAuth: !0 });
@@ -794,7 +836,7 @@ class Nt {
794
836
  await this.httpService.post("/auth/change-password", e);
795
837
  }
796
838
  }
797
- class Ct {
839
+ class Dt {
798
840
  constructor(e) {
799
841
  this.httpService = e;
800
842
  }
@@ -830,7 +872,7 @@ class Ct {
830
872
  return { roles: n.data, meta: n.meta };
831
873
  }
832
874
  }
833
- class Dt {
875
+ class Mt {
834
876
  constructor(e) {
835
877
  this.httpService = e;
836
878
  }
@@ -853,7 +895,7 @@ class Dt {
853
895
  await this.httpService.delete(`/users/${e}`);
854
896
  }
855
897
  }
856
- class ye {
898
+ class be {
857
899
  constructor(e, t) {
858
900
  this.httpService = e, this.appId = t;
859
901
  }
@@ -897,7 +939,7 @@ class ye {
897
939
  )).data;
898
940
  }
899
941
  }
900
- function Mt(r, e) {
942
+ function $t(r, e) {
901
943
  if (r === "localhost" || r.startsWith("127.") || r.startsWith("192.168."))
902
944
  return null;
903
945
  if (e) {
@@ -913,24 +955,24 @@ function Mt(r, e) {
913
955
  const n = r.split(".");
914
956
  return n.length >= 3 && n[0] !== "www" ? n[0] : null;
915
957
  }
916
- function $t(r, e = "tenant", t) {
958
+ function Ut(r, e = "tenant", t) {
917
959
  const i = new URLSearchParams(r).get(e);
918
960
  return i ? (t && t.setItem("tenant", i), i) : t ? t.getItem("tenant") : null;
919
961
  }
920
- function Ut(r, e, t) {
962
+ function Bt(r, e, t) {
921
963
  const { tenantMode: n, baseDomain: i, selectorParam: a, fixedTenantSlug: l } = r;
922
- return n === "fixed" ? l || null : n === "subdomain" ? Mt(e.hostname, i) : n === "selector" ? $t(e.search, a, t) : null;
964
+ return n === "fixed" ? l || null : n === "subdomain" ? $t(e.hostname, i) : n === "selector" ? Ut(e.search, a, t) : null;
923
965
  }
924
- function Bt(r, e, t) {
966
+ function _t(r, e, t) {
925
967
  if (t)
926
968
  return `${r}.${t}`;
927
969
  const n = e.split(".");
928
970
  return n.length === 2 ? `${r}.${e}` : n.length >= 3 ? (n[0] = r, n.join(".")) : null;
929
971
  }
930
972
  const Be = fe(null);
931
- function Er({ config: r, children: e }) {
932
- var j, Z, $;
933
- const { baseUrl: t, appInfo: n, appId: i } = Ae(), a = te(() => typeof window > "u" ? null : Ut(
973
+ function xr({ config: r, children: e }) {
974
+ var j, K, $;
975
+ const { baseUrl: t, appInfo: n, appId: i } = Ae(), a = te(() => typeof window > "u" ? null : Bt(
934
976
  {
935
977
  tenantMode: r.tenantMode || "selector",
936
978
  baseDomain: r.baseDomain,
@@ -942,101 +984,101 @@ function Er({ config: r, children: e }) {
942
984
  search: window.location.search
943
985
  },
944
986
  window.localStorage
945
- ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, d] = N(() => a()), T = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, A = ((Z = r.cache) == null ? void 0 : Z.ttl) ?? 5 * 60 * 1e3, c = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, S = V(
946
- () => ({ enabled: T, ttl: A, storageKey: c }),
947
- [T, A, c]
948
- ), [h, x] = N(() => {
987
+ ), [r.tenantMode, r.baseDomain, r.selectorParam, r.fixedTenantSlug]), [l, h] = N(() => a()), S = ((j = r.cache) == null ? void 0 : j.enabled) ?? !0, k = ((K = r.cache) == null ? void 0 : K.ttl) ?? 5 * 60 * 1e3, T = (($ = r.cache) == null ? void 0 : $.storageKey) ?? `tenant_cache_${l || "default"}`, c = V(
988
+ () => ({ enabled: S, ttl: k, storageKey: T }),
989
+ [S, k, T]
990
+ ), [d, A] = N(() => {
949
991
  if (r.initialTenant) return r.initialTenant;
950
- if (!S.enabled || !l) return null;
992
+ if (!c.enabled || !l) return null;
951
993
  try {
952
- const U = localStorage.getItem(S.storageKey);
953
- if (!U) return null;
954
- const L = JSON.parse(U);
955
- return Date.now() - L.timestamp < S.ttl && L.tenantSlug === l ? L.data : (localStorage.removeItem(S.storageKey), null);
994
+ const B = localStorage.getItem(c.storageKey);
995
+ if (!B) return null;
996
+ const L = JSON.parse(B);
997
+ return Date.now() - L.timestamp < c.ttl && L.tenantSlug === l ? L.data : (localStorage.removeItem(c.storageKey), null);
956
998
  } catch {
957
999
  return null;
958
1000
  }
959
- }), [P, I] = N(!h && !r.initialTenant), [R, k] = N(null), [m, g] = N(null), [b, C] = N(!1), [o, p] = N(null);
1001
+ }), [P, I] = N(!d && !r.initialTenant), [R, E] = N(null), [m, g] = N(null), [b, C] = N(!1), [o, p] = N(null);
960
1002
  re(() => {
961
1003
  if (r.tenantMode === "fixed") return;
962
- const U = a();
963
- d(U);
1004
+ const B = a();
1005
+ h(B);
964
1006
  }, [a, r.tenantMode]);
965
- const E = (n == null ? void 0 : n.settingsSchema) || null, y = te(
966
- async (U, L = !1) => {
967
- if (!(!L && S.enabled && h && h.subdomain === U))
1007
+ const x = (n == null ? void 0 : n.settingsSchema) || null, y = te(
1008
+ async (B, L = !1) => {
1009
+ if (!(!L && c.enabled && d && d.subdomain === B))
968
1010
  try {
969
- I(!0), k(null);
970
- const q = new he(t), W = await new ye(q, i).getPublicTenantInfo(U);
971
- if (x(W), S.enabled)
1011
+ I(!0), E(null);
1012
+ const q = new he(t), W = await new be(q, i).getPublicTenantInfo(B);
1013
+ if (A(W), c.enabled)
972
1014
  try {
973
- const K = {
1015
+ const Y = {
974
1016
  data: W,
975
1017
  timestamp: Date.now(),
976
- tenantSlug: U
1018
+ tenantSlug: B
977
1019
  };
978
- localStorage.setItem(S.storageKey, JSON.stringify(K));
979
- } catch (K) {
980
- process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Failed to cache tenant info:", K);
1020
+ localStorage.setItem(c.storageKey, JSON.stringify(Y));
1021
+ } catch (Y) {
1022
+ process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Failed to cache tenant info:", Y);
981
1023
  }
982
1024
  } catch (q) {
983
1025
  const _ = q instanceof Error ? q : new Error("Failed to load tenant information");
984
- k(_), x(null);
1026
+ E(_), A(null);
985
1027
  } finally {
986
1028
  I(!1);
987
1029
  }
988
1030
  },
989
- [t, i, S, h]
1031
+ [t, i, c, d]
990
1032
  ), u = te(async () => {
991
- if (!(!S.enabled || !h || !l))
1033
+ if (!(!c.enabled || !d || !l))
992
1034
  try {
993
- const U = localStorage.getItem(S.storageKey);
994
- if (!U) return;
995
- const L = JSON.parse(U);
996
- if (Date.now() - L.timestamp > S.ttl * 0.5) {
997
- const _ = new he(t), K = await new ye(_, i).getPublicTenantInfo(l);
998
- x(K);
999
- const Y = {
1000
- data: K,
1035
+ const B = localStorage.getItem(c.storageKey);
1036
+ if (!B) return;
1037
+ const L = JSON.parse(B);
1038
+ if (Date.now() - L.timestamp > c.ttl * 0.5) {
1039
+ const _ = new he(t), Y = await new be(_, i).getPublicTenantInfo(l);
1040
+ A(Y);
1041
+ const X = {
1042
+ data: Y,
1001
1043
  timestamp: Date.now(),
1002
1044
  tenantSlug: l
1003
1045
  };
1004
- localStorage.setItem(S.storageKey, JSON.stringify(Y));
1046
+ localStorage.setItem(c.storageKey, JSON.stringify(X));
1005
1047
  }
1006
- } catch (U) {
1007
- process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Background tenant refresh failed:", U);
1048
+ } catch (B) {
1049
+ process.env.NODE_ENV === "development" && console.warn("[TenantProvider] Background tenant refresh failed:", B);
1008
1050
  }
1009
- }, [t, i, S, h, l]), v = te(async () => {
1010
- if (h != null && h.id)
1051
+ }, [t, i, c, d, l]), v = te(async () => {
1052
+ if (d != null && d.id)
1011
1053
  try {
1012
1054
  C(!0), p(null);
1013
- const U = new he(t), q = await new ye(U, h.appId).getTenantSettings(h.id);
1055
+ const B = new he(t), q = await new be(B, d.appId).getTenantSettings(d.id);
1014
1056
  g(q);
1015
- } catch (U) {
1016
- const L = U instanceof Error ? U : new Error("Failed to load tenant settings");
1057
+ } catch (B) {
1058
+ const L = B instanceof Error ? B : new Error("Failed to load tenant settings");
1017
1059
  p(L), g(null);
1018
1060
  } finally {
1019
1061
  C(!1);
1020
1062
  }
1021
- }, [t, h]), D = te(() => {
1063
+ }, [t, d]), D = te(() => {
1022
1064
  v();
1023
1065
  }, [v]), se = te(
1024
- (U) => {
1025
- if (!E)
1066
+ (B) => {
1067
+ if (!x)
1026
1068
  return { isValid: !0, errors: [] };
1027
1069
  const L = [];
1028
1070
  try {
1029
- return E.properties && Object.entries(E.properties).forEach(([q, _]) => {
1030
- var K;
1031
- const W = U[q];
1032
- if ((K = E.required) != null && K.includes(q) && W == null) {
1071
+ return x.properties && Object.entries(x.properties).forEach(([q, _]) => {
1072
+ var Y;
1073
+ const W = B[q];
1074
+ if ((Y = x.required) != null && Y.includes(q) && W == null) {
1033
1075
  L.push(`Field '${q}' is required`);
1034
1076
  return;
1035
1077
  }
1036
1078
  if (W != null) {
1037
1079
  if (_.type) {
1038
- const Y = _.type, le = typeof W;
1039
- Y === "string" && le !== "string" ? L.push(`Field '${q}' must be a string`) : (Y === "number" || Y === "integer") && le !== "number" ? L.push(`Field '${q}' must be a number`) : Y === "boolean" && le !== "boolean" ? L.push(`Field '${q}' must be a boolean`) : Y === "array" && !Array.isArray(W) && L.push(`Field '${q}' must be an array`);
1080
+ const X = _.type, le = typeof W;
1081
+ X === "string" && le !== "string" ? L.push(`Field '${q}' must be a string`) : (X === "number" || X === "integer") && le !== "number" ? L.push(`Field '${q}' must be a number`) : X === "boolean" && le !== "boolean" ? L.push(`Field '${q}' must be a boolean`) : X === "array" && !Array.isArray(W) && L.push(`Field '${q}' must be an array`);
1040
1082
  }
1041
1083
  _.minLength !== void 0 && typeof W == "string" && W.length < _.minLength && L.push(
1042
1084
  `Field '${q}' must be at least ${_.minLength} characters long`
@@ -1055,15 +1097,15 @@ function Er({ config: r, children: e }) {
1055
1097
  };
1056
1098
  }
1057
1099
  },
1058
- [E]
1100
+ [x]
1059
1101
  );
1060
1102
  re(() => {
1061
- !r.initialTenant && l ? h ? u() : y(l) : !r.initialTenant && !l && (x(null), k(null), I(!1));
1062
- }, [r.initialTenant, l, h, y, u]), re(() => {
1063
- h != null && h.id ? v() : (g(null), p(null), C(!1));
1064
- }, [h == null ? void 0 : h.id, v]);
1103
+ !r.initialTenant && l ? d ? u() : y(l) : !r.initialTenant && !l && (A(null), E(null), I(!1));
1104
+ }, [r.initialTenant, l, d, y, u]), re(() => {
1105
+ d != null && d.id ? v() : (g(null), p(null), C(!1));
1106
+ }, [d == null ? void 0 : d.id, v]);
1065
1107
  const F = te(
1066
- (U, L) => {
1108
+ (B, L) => {
1067
1109
  const { mode: q = "reload", redirectPath: _ } = L || {}, W = r.tenantMode || "selector";
1068
1110
  if (W === "fixed") {
1069
1111
  process.env.NODE_ENV === "development" && console.warn(
@@ -1072,38 +1114,38 @@ function Er({ config: r, children: e }) {
1072
1114
  ), _ && (window.location.href = _);
1073
1115
  return;
1074
1116
  }
1075
- if (localStorage.setItem("tenant", U), W === "subdomain") {
1076
- const K = window.location.hostname, Y = Bt(
1077
- U,
1078
- K,
1117
+ if (localStorage.setItem("tenant", B), W === "subdomain") {
1118
+ const Y = window.location.hostname, X = _t(
1119
+ B,
1120
+ Y,
1079
1121
  r.baseDomain
1080
1122
  );
1081
- if (!Y) {
1123
+ if (!X) {
1082
1124
  process.env.NODE_ENV === "development" && console.warn(
1083
1125
  "[TenantProvider] Cannot switch subdomain, invalid hostname:",
1084
- K
1126
+ Y
1085
1127
  );
1086
1128
  return;
1087
1129
  }
1088
- const le = _ || window.location.pathname, Te = new URL(`${window.location.protocol}//${Y}${le}`);
1130
+ const le = _ || window.location.pathname, Se = new URL(`${window.location.protocol}//${X}${le}`);
1089
1131
  new URLSearchParams(window.location.search).forEach((Fe, Ne) => {
1090
- Te.searchParams.set(Ne, Fe);
1091
- }), window.location.href = Te.toString();
1132
+ Se.searchParams.set(Ne, Fe);
1133
+ }), window.location.href = Se.toString();
1092
1134
  } else if (W === "selector") {
1093
- const K = _ || window.location.pathname, Y = new URLSearchParams(window.location.search);
1094
- if (Y.set(r.selectorParam || "tenant", U), q === "reload") {
1095
- const le = `${K}?${Y.toString()}${window.location.hash}`;
1135
+ const Y = _ || window.location.pathname, X = new URLSearchParams(window.location.search);
1136
+ if (X.set(r.selectorParam || "tenant", B), q === "reload") {
1137
+ const le = `${Y}?${X.toString()}${window.location.hash}`;
1096
1138
  window.location.href = le;
1097
1139
  } else {
1098
- const le = `${K}?${Y.toString()}${window.location.hash}`;
1099
- window.history.pushState({}, "", le), d(U), y(U);
1140
+ const le = `${Y}?${X.toString()}${window.location.hash}`;
1141
+ window.history.pushState({}, "", le), h(B), y(B);
1100
1142
  }
1101
1143
  }
1102
1144
  },
1103
1145
  [r.tenantMode, r.selectorParam, r.baseDomain, r.fixedTenantSlug, y]
1104
1146
  ), H = V(() => ({
1105
1147
  // Tenant info
1106
- tenant: h,
1148
+ tenant: d,
1107
1149
  tenantSlug: l,
1108
1150
  isTenantLoading: P,
1109
1151
  tenantError: R,
@@ -1112,7 +1154,7 @@ function Er({ config: r, children: e }) {
1112
1154
  },
1113
1155
  // Settings
1114
1156
  settings: m,
1115
- settingsSchema: E,
1157
+ settingsSchema: x,
1116
1158
  isSettingsLoading: b,
1117
1159
  settingsError: o,
1118
1160
  // Actions
@@ -1121,12 +1163,12 @@ function Er({ config: r, children: e }) {
1121
1163
  // Validation
1122
1164
  validateSettings: se
1123
1165
  }), [
1124
- h,
1166
+ d,
1125
1167
  l,
1126
1168
  P,
1127
1169
  R,
1128
1170
  m,
1129
- E,
1171
+ x,
1130
1172
  b,
1131
1173
  o,
1132
1174
  D,
@@ -1135,7 +1177,7 @@ function Er({ config: r, children: e }) {
1135
1177
  ]);
1136
1178
  return /* @__PURE__ */ s(Be.Provider, { value: H, children: e });
1137
1179
  }
1138
- function ve() {
1180
+ function Te() {
1139
1181
  const r = ne(Be);
1140
1182
  if (!r)
1141
1183
  throw new Error("useTenant must be used within a TenantProvider");
@@ -1144,9 +1186,9 @@ function ve() {
1144
1186
  function pe() {
1145
1187
  return ne(Be);
1146
1188
  }
1147
- const xr = ve;
1148
- function Ar() {
1149
- const { settings: r, settingsSchema: e, isSettingsLoading: t, settingsError: n, validateSettings: i } = ve();
1189
+ const Ar = Te;
1190
+ function Rr() {
1191
+ const { settings: r, settingsSchema: e, isSettingsLoading: t, settingsError: n, validateSettings: i } = Te();
1150
1192
  return {
1151
1193
  settings: r,
1152
1194
  settingsSchema: e,
@@ -1156,7 +1198,7 @@ function Ar() {
1156
1198
  };
1157
1199
  }
1158
1200
  function ot() {
1159
- const { tenant: r, tenantSlug: e, isTenantLoading: t, tenantError: n, retryTenant: i } = ve();
1201
+ const { tenant: r, tenantSlug: e, isTenantLoading: t, tenantError: n, retryTenant: i } = Te();
1160
1202
  return {
1161
1203
  tenant: r,
1162
1204
  tenantSlug: e,
@@ -1166,7 +1208,7 @@ function ot() {
1166
1208
  };
1167
1209
  }
1168
1210
  const _e = "userTenants";
1169
- function _t() {
1211
+ function Ot() {
1170
1212
  try {
1171
1213
  const r = localStorage.getItem(_e);
1172
1214
  return r ? JSON.parse(r) : [];
@@ -1187,14 +1229,14 @@ function et() {
1187
1229
  }
1188
1230
  }
1189
1231
  const Pe = fe(null), Ie = fe(null);
1190
- function Rr({ config: r = {}, children: e }) {
1191
- const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? r.baseUrl ?? "", a = (t == null ? void 0 : t.appId) ?? r.appId, l = (n == null ? void 0 : n.tenant) ?? null, d = (n == null ? void 0 : n.tenantSlug) ?? null, T = (n == null ? void 0 : n.switchTenant) ?? (() => {
1232
+ function Pr({ config: r = {}, children: e }) {
1233
+ const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? r.baseUrl ?? "", a = (t == null ? void 0 : t.appId) ?? r.appId, l = (n == null ? void 0 : n.tenant) ?? null, h = (n == null ? void 0 : n.tenantSlug) ?? null, S = (n == null ? void 0 : n.switchTenant) ?? (() => {
1192
1234
  });
1193
1235
  if (!i)
1194
1236
  throw new Error(
1195
1237
  "[AuthProvider] baseUrl is required. Provide it via AppProvider or AuthConfig.baseUrl."
1196
1238
  );
1197
- const [A, c] = N(r.initialRoles || []), [S, h] = N(!r.initialRoles), [x, P] = N(null), [I, R] = N(!1), [k, m] = N(null), [g, b] = N(() => _t()), C = Ee({ done: !1 });
1239
+ const [k, T] = N(r.initialRoles || []), [c, d] = N(!r.initialRoles), [A, P] = N(null), [I, R] = N(!1), [E, m] = N(null), [g, b] = N(() => Ot()), C = ye({ done: !1 });
1198
1240
  C.current.done || (C.current.done = !0);
1199
1241
  const o = V(() => Me.getInstance({
1200
1242
  baseUrl: i,
@@ -1209,27 +1251,27 @@ function Rr({ config: r = {}, children: e }) {
1209
1251
  r.enableCookieSession,
1210
1252
  r.refreshQueueTimeout,
1211
1253
  r.proactiveRefreshMargin
1212
- ]), [p, E] = N(() => {
1254
+ ]), [p, x] = N(() => {
1213
1255
  const w = o.getTokens();
1214
1256
  return w ? o.hasValidSession() || !!w.refreshToken : !!r.enableCookieSession;
1215
1257
  }), y = C.current.done && !p, u = V(() => {
1216
1258
  const w = new he(i);
1217
1259
  return w.setSessionManager(o), w;
1218
1260
  }, [i, o]), v = V(
1219
- () => new Nt(u),
1261
+ () => new Ct(u),
1220
1262
  [u]
1221
1263
  ), D = V(
1222
- () => new Dt(u),
1264
+ () => new Mt(u),
1223
1265
  [u]
1224
1266
  ), se = V(
1225
- () => new Ct(u),
1267
+ () => new Dt(u),
1226
1268
  [u]
1227
- ), F = V(() => x != null && x.roleId && A.find((w) => w.id === x.roleId) || null, [x, A]), H = V(() => (F == null ? void 0 : F.permissions) || [], [F]), j = V(
1228
- () => o.hasValidSession() && x !== null,
1229
- [o, x]
1230
- ), Z = V(() => (x == null ? void 0 : x.tenantId) != null, [x]), $ = Ee(null), U = async (w = !1) => {
1269
+ ), F = V(() => A != null && A.roleId && k.find((w) => w.id === A.roleId) || null, [A, k]), H = V(() => (F == null ? void 0 : F.permissions) || [], [F]), j = V(
1270
+ () => o.hasValidSession() && A !== null,
1271
+ [o, A]
1272
+ ), K = V(() => (A == null ? void 0 : A.tenantId) != null, [A]), $ = ye(null), B = ye(/* @__PURE__ */ new Set()), L = async (w = !1) => {
1231
1273
  try {
1232
- if (!o.hasValidSession() || !w && x) return;
1274
+ if (!o.hasValidSession() || !w && A) return;
1233
1275
  const M = o.getUserId();
1234
1276
  if (!M) {
1235
1277
  process.env.NODE_ENV === "development" && console.warn("[AuthProvider] No userId available in token or storage");
@@ -1244,17 +1286,17 @@ function Rr({ config: r = {}, children: e }) {
1244
1286
  } finally {
1245
1287
  R(!1);
1246
1288
  }
1247
- }, L = async (w) => {
1289
+ }, q = async (w) => {
1248
1290
  var He;
1249
- const { username: M, password: z, tenantSlug: O, redirectPath: Q } = w;
1250
- let X = l == null ? void 0 : l.id, J = d;
1251
- O && (X = (await new ye(u, a).getPublicTenantInfo(O)).id, J = O);
1291
+ const { username: M, password: z, tenantSlug: O, redirectPath: J } = w;
1292
+ let ee = l == null ? void 0 : l.id, Q = h;
1293
+ O && (ee = (await new be(u, a).getPublicTenantInfo(O)).id, Q = O);
1252
1294
  const G = await v.login({
1253
1295
  username: M,
1254
1296
  password: z,
1255
1297
  appId: a,
1256
- tenantId: X
1257
- }), Se = O && O !== d;
1298
+ tenantId: ee
1299
+ }), ke = O && O !== h;
1258
1300
  if (o.setTokens({
1259
1301
  accessToken: G.accessToken,
1260
1302
  refreshToken: G.refreshToken,
@@ -1262,100 +1304,104 @@ function Rr({ config: r = {}, children: e }) {
1262
1304
  }), G.user) {
1263
1305
  o.setUser(G.user), P(G.user);
1264
1306
  try {
1265
- await U();
1266
- } catch (ke) {
1267
- process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after login:", ke);
1307
+ await L();
1308
+ } catch (Ee) {
1309
+ process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after login:", Ee);
1268
1310
  }
1269
1311
  }
1270
1312
  G.tenants && G.tenants.length > 0 && (b(G.tenants), Xe(G.tenants));
1271
1313
  const Ge = ((He = G.user) == null ? void 0 : He.tenantId) !== null;
1272
- if (Se && J)
1273
- return T(J, { redirectPath: Q }), G;
1274
- if (Q && Q !== window.location.pathname)
1275
- return T(J || d || "", { redirectPath: Q }), G;
1314
+ if (ke && Q)
1315
+ return S(Q, { redirectPath: J }), G;
1316
+ if (J && J !== window.location.pathname)
1317
+ return S(Q || h || "", { redirectPath: J }), G;
1276
1318
  if (!Ge && G.tenants && G.tenants.length > 0) {
1277
- const ke = w.autoSwitch !== !1 && r.autoSwitchSingleTenant !== !1;
1278
- if (G.tenants.length === 1 && ke) {
1319
+ const Ee = w.autoSwitch !== !1 && r.autoSwitchSingleTenant !== !1;
1320
+ if (G.tenants.length === 1 && Ee) {
1279
1321
  const Qe = G.tenants[0];
1280
- return T(Qe.subdomain, { redirectPath: Q }), G;
1322
+ return S(Qe.subdomain, { redirectPath: J }), G;
1281
1323
  } else G.tenants.length > 1 && r.onTenantSelectionRequired && r.onTenantSelectionRequired(G.tenants);
1282
1324
  }
1283
1325
  return G;
1284
- }, q = async (w) => {
1285
- const { email: M, phoneNumber: z, name: O, password: Q, lastName: X, tenantId: J } = w;
1326
+ }, _ = async (w) => {
1327
+ const { email: M, phoneNumber: z, name: O, password: J, lastName: ee, tenantId: Q } = w;
1286
1328
  if (!M && !z)
1287
1329
  throw new Error("Either email or phoneNumber is required");
1288
- if (!O || !Q)
1330
+ if (!O || !J)
1289
1331
  throw new Error("Name and password are required");
1290
1332
  return v.signup({
1291
1333
  email: M,
1292
1334
  phoneNumber: z,
1293
1335
  name: O,
1294
- password: Q,
1295
- tenantId: J ?? (l == null ? void 0 : l.id),
1296
- lastName: X,
1336
+ password: J,
1337
+ tenantId: Q ?? (l == null ? void 0 : l.id),
1338
+ lastName: ee,
1297
1339
  appId: a
1298
1340
  });
1299
- }, _ = async (w) => {
1300
- const { email: M, phoneNumber: z, name: O, password: Q, tenantName: X, lastName: J } = w;
1341
+ }, W = async (w) => {
1342
+ const { email: M, phoneNumber: z, name: O, password: J, tenantName: ee, lastName: Q } = w;
1301
1343
  if (!M && !z)
1302
1344
  throw new Error("Either email or phoneNumber is required");
1303
- if (!O || !Q || !X)
1345
+ if (!O || !J || !ee)
1304
1346
  throw new Error("Name, password, and tenantName are required");
1305
1347
  return v.signupTenantAdmin({
1306
1348
  email: M,
1307
1349
  phoneNumber: z,
1308
1350
  name: O,
1309
- password: Q,
1310
- tenantName: X,
1351
+ password: J,
1352
+ tenantName: ee,
1311
1353
  appId: a,
1312
- lastName: J
1354
+ lastName: Q
1313
1355
  });
1314
- }, W = async (w) => {
1356
+ }, Y = async (w) => {
1315
1357
  await v.changePassword(w);
1316
- }, K = async (w) => {
1358
+ }, X = async (w) => {
1317
1359
  const { email: M, tenantId: z } = w, O = z ?? (l == null ? void 0 : l.id);
1318
1360
  if (!O)
1319
1361
  throw new Error("tenantId is required for password reset");
1320
1362
  await v.requestPasswordReset({ email: M, tenantId: O });
1321
- }, Y = async (w) => {
1322
- await v.confirmPasswordReset(w);
1323
1363
  }, le = async (w) => {
1324
- const { email: M, frontendUrl: z, name: O, lastName: Q, tenantId: X } = w, J = X ?? (l == null ? void 0 : l.id);
1325
- if (!J)
1364
+ await v.confirmPasswordReset(w);
1365
+ }, Se = async (w) => {
1366
+ const { email: M, frontendUrl: z, name: O, lastName: J, tenantId: ee } = w, Q = ee ?? (l == null ? void 0 : l.id);
1367
+ if (!Q)
1326
1368
  throw new Error("tenantId is required for magic link authentication");
1327
1369
  return v.sendMagicLink({
1328
1370
  email: M,
1329
- tenantId: J,
1371
+ tenantId: Q,
1330
1372
  frontendUrl: z,
1331
1373
  name: O,
1332
- lastName: Q,
1374
+ lastName: J,
1333
1375
  appId: a
1334
1376
  });
1335
- }, Te = async (w) => {
1377
+ }, We = async (w) => {
1336
1378
  const { token: M, email: z, tenantSlug: O } = w;
1337
- let Q = l == null ? void 0 : l.id, X = d;
1338
- O && (Q = (await new ye(u, a).getPublicTenantInfo(O)).id, X = O);
1339
- const J = await v.verifyMagicLink({
1379
+ let J = l == null ? void 0 : l.id, ee = h;
1380
+ O && (J = (await new be(u, a).getPublicTenantInfo(O)).id, ee = O);
1381
+ const Q = await v.verifyMagicLink({
1340
1382
  token: M,
1341
1383
  email: z,
1342
1384
  appId: a,
1343
- tenantId: Q
1344
- }), G = O && O !== d;
1385
+ tenantId: J
1386
+ });
1387
+ if (B.current.has(M))
1388
+ return Q;
1389
+ B.current.add(M);
1390
+ const G = O && O !== h;
1345
1391
  if (o.setTokens({
1346
- accessToken: J.accessToken,
1347
- refreshToken: J.refreshToken,
1348
- expiresIn: J.expiresIn
1349
- }), J.user) {
1350
- o.setUser(J.user), P(J.user);
1392
+ accessToken: Q.accessToken,
1393
+ refreshToken: Q.refreshToken,
1394
+ expiresIn: Q.expiresIn
1395
+ }), Q.user) {
1396
+ o.setUser(Q.user), P(Q.user);
1351
1397
  try {
1352
- await U();
1353
- } catch (Se) {
1354
- process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after magic link:", Se);
1398
+ await L();
1399
+ } catch (ke) {
1400
+ process.env.NODE_ENV === "development" && console.warn("[AuthProvider] Failed to load complete user data after magic link:", ke);
1355
1401
  }
1356
1402
  }
1357
- return G && X && X !== d && T(X), J;
1358
- }, We = async () => {
1403
+ return G && ee && ee !== h && S(ee), Q;
1404
+ }, Fe = async () => {
1359
1405
  const w = o.getTokens();
1360
1406
  if (!(w != null && w.refreshToken))
1361
1407
  throw new Error("No refresh token available");
@@ -1367,63 +1413,63 @@ function Rr({ config: r = {}, children: e }) {
1367
1413
  refreshToken: M.refreshToken || w.refreshToken,
1368
1414
  expiresIn: M.expiresIn
1369
1415
  });
1370
- }, Fe = () => {
1416
+ }, Ne = () => {
1371
1417
  o.clearSession(), P(null), m(null), b([]), et();
1372
- }, Ne = (w) => {
1418
+ }, ht = (w) => {
1373
1419
  o.setTokens(w);
1374
- }, ht = () => o.hasValidSession(), pt = () => {
1420
+ }, pt = () => o.hasValidSession(), ft = () => {
1375
1421
  o.clearSession(), P(null), m(null);
1376
- }, ft = async () => {
1422
+ }, mt = async () => {
1377
1423
  if (a)
1378
1424
  try {
1379
- h(!0);
1425
+ d(!0);
1380
1426
  const { roles: w } = await se.getRolesByApp(a);
1381
- c(w);
1427
+ T(w);
1382
1428
  } catch (w) {
1383
1429
  process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to fetch roles:", w);
1384
1430
  } finally {
1385
- h(!1);
1431
+ d(!1);
1386
1432
  }
1387
- }, mt = async (w, M) => {
1433
+ }, gt = async (w, M) => {
1388
1434
  const { redirectPath: z } = M || {}, O = o.getTokens();
1389
1435
  if (!(O != null && O.refreshToken))
1390
1436
  throw new Error("No refresh token available for tenant switch");
1391
- const Q = await v.switchTenant({
1437
+ const J = await v.switchTenant({
1392
1438
  refreshToken: O.refreshToken,
1393
1439
  tenantId: w
1394
1440
  });
1395
1441
  o.setTokens({
1396
- accessToken: Q.accessToken,
1442
+ accessToken: J.accessToken,
1397
1443
  refreshToken: O.refreshToken,
1398
- expiresIn: Q.expiresIn
1399
- }), P(Q.user), o.setUser(Q.user);
1400
- const X = g.find((J) => J.id === w);
1401
- X && T(X.subdomain, { redirectPath: z });
1402
- }, gt = async () => {
1444
+ expiresIn: J.expiresIn
1445
+ }), P(J.user), o.setUser(J.user);
1446
+ const ee = g.find((Q) => Q.id === w);
1447
+ ee && S(ee.subdomain, { redirectPath: z });
1448
+ }, yt = async () => {
1403
1449
  const w = await v.getUserTenants();
1404
1450
  return b(w), Xe(w), w;
1405
1451
  };
1406
1452
  $.current = {
1407
- login: L,
1408
- signup: q,
1409
- signupTenantAdmin: _,
1410
- sendMagicLink: le,
1411
- verifyMagicLink: Te,
1412
- changePassword: W,
1413
- requestPasswordReset: K,
1414
- confirmPasswordReset: Y,
1415
- refreshToken: We,
1416
- logout: Fe,
1417
- setTokens: Ne,
1418
- hasValidSession: ht,
1419
- clearSession: pt,
1420
- loadUserData: U,
1421
- refreshUser: () => U(),
1422
- refreshRoles: ft,
1423
- switchToTenant: mt,
1424
- refreshUserTenants: gt
1453
+ login: q,
1454
+ signup: _,
1455
+ signupTenantAdmin: W,
1456
+ sendMagicLink: Se,
1457
+ verifyMagicLink: We,
1458
+ changePassword: Y,
1459
+ requestPasswordReset: X,
1460
+ confirmPasswordReset: le,
1461
+ refreshToken: Fe,
1462
+ logout: Ne,
1463
+ setTokens: ht,
1464
+ hasValidSession: pt,
1465
+ clearSession: ft,
1466
+ loadUserData: L,
1467
+ refreshUser: () => L(),
1468
+ refreshRoles: mt,
1469
+ switchToTenant: gt,
1470
+ refreshUserTenants: yt
1425
1471
  };
1426
- const yt = V(
1472
+ const bt = V(
1427
1473
  () => ({
1428
1474
  login: (w) => $.current.login(w),
1429
1475
  signup: (w) => $.current.signup(w),
@@ -1445,21 +1491,21 @@ function Rr({ config: r = {}, children: e }) {
1445
1491
  refreshUserTenants: () => $.current.refreshUserTenants()
1446
1492
  }),
1447
1493
  []
1448
- ), bt = V(() => {
1494
+ ), wt = V(() => {
1449
1495
  const w = (M) => !H || H.length === 0 ? !1 : typeof M == "string" ? H.includes(M) : H.includes(`${M.resource}.${M.action}`);
1450
1496
  return {
1451
1497
  isAuthenticated: j,
1452
1498
  isAuthInitializing: !y,
1453
1499
  isAuthReady: y,
1454
- currentUser: x,
1500
+ currentUser: A,
1455
1501
  isUserLoading: I,
1456
- userError: k,
1502
+ userError: E,
1457
1503
  userRole: F,
1458
1504
  userPermissions: H,
1459
- availableRoles: A,
1460
- rolesLoading: S,
1505
+ availableRoles: k,
1506
+ rolesLoading: c,
1461
1507
  userTenants: g,
1462
- hasTenantContext: Z,
1508
+ hasTenantContext: K,
1463
1509
  sessionManager: o,
1464
1510
  authenticatedHttpService: u,
1465
1511
  hasPermission: w,
@@ -1470,27 +1516,27 @@ function Rr({ config: r = {}, children: e }) {
1470
1516
  }, [
1471
1517
  j,
1472
1518
  y,
1473
- x,
1519
+ A,
1474
1520
  I,
1475
- k,
1521
+ E,
1476
1522
  F,
1477
1523
  H,
1478
- A,
1479
- S,
1524
+ k,
1525
+ c,
1480
1526
  g,
1481
- Z,
1527
+ K,
1482
1528
  o,
1483
1529
  u
1484
1530
  ]);
1485
1531
  return re(() => {
1486
1532
  if (r.initialRoles || !a) return;
1487
1533
  let w = !1;
1488
- return h(!0), se.getRolesByApp(a).then(({ roles: M }) => {
1489
- w || c(M);
1534
+ return d(!0), se.getRolesByApp(a).then(({ roles: M }) => {
1535
+ w || T(M);
1490
1536
  }).catch((M) => {
1491
1537
  process.env.NODE_ENV === "development" && console.error("[AuthProvider] Failed to fetch roles:", M);
1492
1538
  }).finally(() => {
1493
- w || h(!1);
1539
+ w || d(!1);
1494
1540
  }), () => {
1495
1541
  w = !0;
1496
1542
  };
@@ -1501,24 +1547,24 @@ function Rr({ config: r = {}, children: e }) {
1501
1547
  if (!o.hasValidSession() && ((O = o.getTokens()) != null && O.refreshToken) && await o.waitForPendingRefresh(), w || !o.hasValidSession() && !o.getTokens() && r.enableCookieSession && (await o.attemptCookieSessionRestore(), w))
1502
1548
  return;
1503
1549
  const z = o.getUser();
1504
- z && o.hasValidSession() && P(z), E(!1);
1550
+ z && o.hasValidSession() && P(z), x(!1);
1505
1551
  })(), () => {
1506
1552
  w = !0;
1507
1553
  };
1508
1554
  }, [o, r.enableCookieSession]), re(() => {
1509
- !x && !I && !k && o.hasValidSession() ? $.current.loadUserData().catch(() => {
1555
+ !A && !I && !E && o.hasValidSession() ? $.current.loadUserData().catch(() => {
1510
1556
  }).finally(() => {
1511
- E(!1);
1512
- }) : E(!1);
1513
- }, [x, I, k, o]), /* @__PURE__ */ s(Ie.Provider, { value: yt, children: /* @__PURE__ */ s(Pe.Provider, { value: bt, children: e }) });
1557
+ x(!1);
1558
+ }) : x(!1);
1559
+ }, [A, I, E, o]), /* @__PURE__ */ s(Ie.Provider, { value: bt, children: /* @__PURE__ */ s(Pe.Provider, { value: wt, children: e }) });
1514
1560
  }
1515
- function Pr() {
1561
+ function Ir() {
1516
1562
  const r = ne(Pe);
1517
1563
  if (!r)
1518
1564
  throw new Error("useAuthState must be used within an AuthProvider");
1519
1565
  return r;
1520
1566
  }
1521
- function Ir() {
1567
+ function Lr() {
1522
1568
  const r = ne(Ie);
1523
1569
  if (!r)
1524
1570
  throw new Error("useAuthActions must be used within an AuthProvider");
@@ -1534,7 +1580,7 @@ function Oe() {
1534
1580
  const r = ne(Pe), e = ne(Ie);
1535
1581
  return V(() => !r || !e ? null : { ...r, ...e }, [r, e]);
1536
1582
  }
1537
- class Ot {
1583
+ class Vt {
1538
1584
  constructor(e) {
1539
1585
  this.httpService = e;
1540
1586
  }
@@ -1582,24 +1628,24 @@ class Ot {
1582
1628
  }
1583
1629
  }
1584
1630
  const Ve = fe(null);
1585
- function Lr({ config: r = {}, children: e }) {
1586
- const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [d, T] = N([]), [A, c] = N(!1), [S, h] = N(null), [x, P] = N(!1), I = V(() => {
1631
+ function Fr({ config: r = {}, children: e }) {
1632
+ const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (t == null ? void 0 : t.appId) ?? "", l = (n == null ? void 0 : n.tenant) ?? null, [h, S] = N([]), [k, T] = N(!1), [c, d] = N(null), [A, P] = N(!1), I = V(() => {
1587
1633
  const m = new he(i);
1588
- return new Ot(m);
1634
+ return new Vt(m);
1589
1635
  }, [i]), R = async () => {
1590
1636
  if (!(l != null && l.id)) {
1591
- T([]);
1637
+ S([]);
1592
1638
  return;
1593
1639
  }
1594
- c(!0), h(null);
1640
+ T(!0), d(null);
1595
1641
  try {
1596
1642
  const m = await I.getTenantFeatureFlags(l.id, a);
1597
- T(m);
1643
+ S(m);
1598
1644
  } catch (m) {
1599
1645
  const g = m instanceof Error ? m.message : "Failed to fetch feature flags";
1600
- h(g), r.onError && r.onError(m instanceof Error ? m : new Error(g));
1646
+ d(g), r.onError && r.onError(m instanceof Error ? m : new Error(g));
1601
1647
  } finally {
1602
- c(!1);
1648
+ T(!1);
1603
1649
  }
1604
1650
  };
1605
1651
  re(() => {
@@ -1608,30 +1654,30 @@ function Lr({ config: r = {}, children: e }) {
1608
1654
  const m = r.refreshInterval || 5 * 60 * 1e3, g = setInterval(R, m);
1609
1655
  return () => clearInterval(g);
1610
1656
  }, [l == null ? void 0 : l.id, i, a, r.refreshInterval]);
1611
- const k = V(() => {
1657
+ const E = V(() => {
1612
1658
  const m = (p) => {
1613
- const E = d.find((y) => y.key === p);
1614
- return (E == null ? void 0 : E.value) === !0;
1615
- }, g = (p) => d.find((E) => E.key === p), b = (p) => {
1616
- const E = d.find((y) => y.key === p);
1617
- return E ? E.value ? "enabled" : "disabled" : "not_found";
1659
+ const x = h.find((y) => y.key === p);
1660
+ return (x == null ? void 0 : x.value) === !0;
1661
+ }, g = (p) => h.find((x) => x.key === p), b = (p) => {
1662
+ const x = h.find((y) => y.key === p);
1663
+ return x ? x.value ? "enabled" : "disabled" : "not_found";
1618
1664
  }, C = async () => {
1619
1665
  await R();
1620
- }, o = !!(i && a) && (x || !(l != null && l.id));
1666
+ }, o = !!(i && a) && (A || !(l != null && l.id));
1621
1667
  return {
1622
- featureFlags: d,
1623
- loading: A,
1624
- error: S,
1668
+ featureFlags: h,
1669
+ loading: k,
1670
+ error: c,
1625
1671
  isReady: o,
1626
1672
  isEnabled: m,
1627
1673
  getFlag: g,
1628
1674
  getFlagState: b,
1629
1675
  refresh: C
1630
1676
  };
1631
- }, [d, A, S, i, a, l == null ? void 0 : l.id, x]);
1632
- return /* @__PURE__ */ s(Ve.Provider, { value: k, children: e });
1677
+ }, [h, k, c, i, a, l == null ? void 0 : l.id, A]);
1678
+ return /* @__PURE__ */ s(Ve.Provider, { value: E, children: e });
1633
1679
  }
1634
- function Vt() {
1680
+ function qt() {
1635
1681
  const r = ne(Ve);
1636
1682
  if (!r)
1637
1683
  throw new Error("useFeatureFlags must be used within a FeatureFlagProvider");
@@ -1640,7 +1686,7 @@ function Vt() {
1640
1686
  function at() {
1641
1687
  return ne(Ve);
1642
1688
  }
1643
- class qt {
1689
+ class zt {
1644
1690
  constructor(e) {
1645
1691
  this.httpService = e;
1646
1692
  }
@@ -1681,46 +1727,46 @@ class qt {
1681
1727
  }
1682
1728
  }
1683
1729
  const qe = fe(void 0);
1684
- function Fr({ config: r = {}, children: e }) {
1685
- const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, d] = N(null), [T, A] = N(!1), [c, S] = N(null), [h, x] = N(!1), P = V(() => {
1686
- const k = new he(i);
1687
- return new qt(k);
1730
+ function Nr({ config: r = {}, children: e }) {
1731
+ const t = Ue(), n = pe(), i = (t == null ? void 0 : t.baseUrl) ?? "", a = (n == null ? void 0 : n.tenant) ?? null, [l, h] = N(null), [S, k] = N(!1), [T, c] = N(null), [d, A] = N(!1), P = V(() => {
1732
+ const E = new he(i);
1733
+ return new zt(E);
1688
1734
  }, [i]), I = async () => {
1689
1735
  if (!(a != null && a.id)) {
1690
- d(null);
1736
+ h(null);
1691
1737
  return;
1692
1738
  }
1693
- A(!0), S(null);
1739
+ k(!0), c(null);
1694
1740
  try {
1695
- const k = await P.getTenantSubscriptionFeatures(a.id);
1696
- d(k);
1697
- } catch (k) {
1698
- const m = k instanceof Error ? k.message : "Failed to fetch subscription";
1699
- S(m), r.onError && r.onError(k instanceof Error ? k : new Error(m));
1741
+ const E = await P.getTenantSubscriptionFeatures(a.id);
1742
+ h(E);
1743
+ } catch (E) {
1744
+ const m = E instanceof Error ? E.message : "Failed to fetch subscription";
1745
+ c(m), r.onError && r.onError(E instanceof Error ? E : new Error(m));
1700
1746
  } finally {
1701
- A(!1);
1747
+ k(!1);
1702
1748
  }
1703
1749
  };
1704
1750
  re(() => {
1705
- if (!i || (I().finally(() => x(!0)), !r.refreshInterval)) return;
1706
- const k = r.refreshInterval || 10 * 60 * 1e3, m = setInterval(I, k);
1751
+ if (!i || (I().finally(() => A(!0)), !r.refreshInterval)) return;
1752
+ const E = r.refreshInterval || 10 * 60 * 1e3, m = setInterval(I, E);
1707
1753
  return () => clearInterval(m);
1708
1754
  }, [a == null ? void 0 : a.id, i, r.refreshInterval]);
1709
1755
  const R = V(() => {
1710
- const k = (l == null ? void 0 : l.features) || [], m = (E) => {
1711
- const y = k.find((u) => u.key === E);
1756
+ const E = (l == null ? void 0 : l.features) || [], m = (x) => {
1757
+ const y = E.find((u) => u.key === x);
1712
1758
  return y ? y.type === "BOOLEAN" || y.type === "boolean" ? y.value === !0 : !!y.value : !1;
1713
- }, g = (E) => k.find((y) => y.key === E), b = (E, y) => {
1714
- const u = k.find((v) => v.key === E);
1759
+ }, g = (x) => E.find((y) => y.key === x), b = (x, y) => {
1760
+ const u = E.find((v) => v.key === x);
1715
1761
  return u ? u.value : y;
1716
- }, C = (E) => !l || !l.isActive ? !1 : E.includes(l.planId), o = async () => {
1762
+ }, C = (x) => !l || !l.isActive ? !1 : x.includes(l.planId), o = async () => {
1717
1763
  await I();
1718
- }, p = !!i && (h || !(a != null && a.id));
1764
+ }, p = !!i && (d || !(a != null && a.id));
1719
1765
  return {
1720
1766
  subscription: l,
1721
- features: k,
1722
- loading: T,
1723
- error: c,
1767
+ features: E,
1768
+ loading: S,
1769
+ error: T,
1724
1770
  isReady: p,
1725
1771
  isFeatureEnabled: m,
1726
1772
  getFeature: g,
@@ -1728,10 +1774,10 @@ function Fr({ config: r = {}, children: e }) {
1728
1774
  hasAllowedPlan: C,
1729
1775
  refresh: o
1730
1776
  };
1731
- }, [l, T, c, i, a == null ? void 0 : a.id, h]);
1777
+ }, [l, S, T, i, a == null ? void 0 : a.id, d]);
1732
1778
  return /* @__PURE__ */ s(qe.Provider, { value: R, children: e });
1733
1779
  }
1734
- function zt() {
1780
+ function jt() {
1735
1781
  const r = ne(qe);
1736
1782
  if (r === void 0)
1737
1783
  throw new Error("useSubscription must be used within a SubscriptionProvider");
@@ -1766,7 +1812,7 @@ const ze = {
1766
1812
  admin: { tenant: "required", auth: "required", userType: ae.TENANT_ADMIN },
1767
1813
  // Fully open
1768
1814
  open: { tenant: "optional", auth: "optional" }
1769
- }, je = fe(null), jt = {
1815
+ }, je = fe(null), Wt = {
1770
1816
  zoneRoots: ze,
1771
1817
  presets: ct,
1772
1818
  loadingFallback: null,
@@ -1775,7 +1821,7 @@ const ze = {
1775
1821
  returnToParam: "returnTo",
1776
1822
  returnToStorage: "url"
1777
1823
  };
1778
- function Nr({ config: r = {}, children: e }) {
1824
+ function Cr({ config: r = {}, children: e }) {
1779
1825
  const t = V(() => {
1780
1826
  const n = {
1781
1827
  ...ze,
@@ -1796,14 +1842,14 @@ function Nr({ config: r = {}, children: e }) {
1796
1842
  }, [r]);
1797
1843
  return /* @__PURE__ */ s(je.Provider, { value: t, children: e });
1798
1844
  }
1799
- function Cr() {
1845
+ function Dr() {
1800
1846
  const r = ne(je);
1801
1847
  if (!r)
1802
1848
  throw new Error("useRouting must be used within a RoutingProvider");
1803
1849
  return r;
1804
1850
  }
1805
- function Wt() {
1806
- return ne(je) ?? jt;
1851
+ function Gt() {
1852
+ return ne(je) ?? Wt;
1807
1853
  }
1808
1854
  const tt = () => /* @__PURE__ */ f(
1809
1855
  "div",
@@ -1864,7 +1910,7 @@ const tt = () => /* @__PURE__ */ f(
1864
1910
  children: [
1865
1911
  /* @__PURE__ */ s("div", { style: { fontSize: "2rem", marginBottom: "10px" }, children: "⚠️" }),
1866
1912
  /* @__PURE__ */ s("h3", { style: { color: "#856404", marginBottom: "10px" }, children: "Insufficient Permissions" }),
1867
- e && r ? /* @__PURE__ */ f(B, { children: [
1913
+ e && r ? /* @__PURE__ */ f(U, { children: [
1868
1914
  /* @__PURE__ */ f("p", { style: { color: "#856404", fontSize: "14px", marginBottom: "10px" }, children: [
1869
1915
  "This content requires ",
1870
1916
  /* @__PURE__ */ s("strong", { children: e }),
@@ -1874,7 +1920,7 @@ const tt = () => /* @__PURE__ */ f(
1874
1920
  "Your current access level: ",
1875
1921
  /* @__PURE__ */ s("strong", { children: r })
1876
1922
  ] })
1877
- ] }) : /* @__PURE__ */ f(B, { children: [
1923
+ ] }) : /* @__PURE__ */ f(U, { children: [
1878
1924
  /* @__PURE__ */ s("p", { style: { color: "#856404", fontSize: "14px", marginBottom: "10px" }, children: "You don't have the required permissions to view this content." }),
1879
1925
  t && t.length > 0 && /* @__PURE__ */ f("p", { style: { color: "#6c757d", fontSize: "12px" }, children: [
1880
1926
  "Required permissions: ",
@@ -1883,7 +1929,7 @@ const tt = () => /* @__PURE__ */ f(
1883
1929
  ] })
1884
1930
  ]
1885
1931
  }
1886
- ), Gt = (r, e) => {
1932
+ ), Ht = (r, e) => {
1887
1933
  const t = {
1888
1934
  [ae.USER]: 1,
1889
1935
  [ae.TENANT_ADMIN]: 2,
@@ -1891,28 +1937,28 @@ const tt = () => /* @__PURE__ */ f(
1891
1937
  };
1892
1938
  return t[r] >= t[e];
1893
1939
  };
1894
- function Dr({
1940
+ function Mr({
1895
1941
  children: r,
1896
1942
  fallback: e,
1897
1943
  minUserType: t,
1898
1944
  requiredPermissions: n,
1899
1945
  requireAllPermissions: i = !1
1900
1946
  }) {
1901
- const { hasValidSession: a, sessionManager: l, hasPermission: d, hasAnyPermission: T, hasAllPermissions: A } = de();
1947
+ const { hasValidSession: a, sessionManager: l, hasPermission: h, hasAnyPermission: S, hasAllPermissions: k } = de();
1902
1948
  if (!a())
1903
- return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
1904
- const c = l.getUser();
1905
- if (!c)
1906
- return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(tt, {}) });
1907
- if (t && !Gt(c.userType, t))
1908
- return /* @__PURE__ */ s(rt, { userType: c.userType, minUserType: t });
1909
- if (n && n.length > 0 && !(i ? A(n) : T(n))) {
1910
- const h = n.filter((x) => !d(x)).map((x) => typeof x == "string" ? x : x.name);
1911
- return /* @__PURE__ */ s(rt, { missingPermissions: h });
1912
- }
1913
- return /* @__PURE__ */ s(B, { children: r });
1914
- }
1915
- const Ht = ({ redirectPath: r }) => /* @__PURE__ */ s(
1949
+ return /* @__PURE__ */ s(U, { children: e || /* @__PURE__ */ s(tt, {}) });
1950
+ const T = l.getUser();
1951
+ if (!T)
1952
+ return /* @__PURE__ */ s(U, { children: e || /* @__PURE__ */ s(tt, {}) });
1953
+ if (t && !Ht(T.userType, t))
1954
+ return /* @__PURE__ */ s(rt, { userType: T.userType, minUserType: t });
1955
+ if (n && n.length > 0 && !(i ? k(n) : S(n))) {
1956
+ const d = n.filter((A) => !h(A)).map((A) => typeof A == "string" ? A : A.name);
1957
+ return /* @__PURE__ */ s(rt, { missingPermissions: d });
1958
+ }
1959
+ return /* @__PURE__ */ s(U, { children: r });
1960
+ }
1961
+ const Qt = ({ redirectPath: r }) => /* @__PURE__ */ s(
1916
1962
  "div",
1917
1963
  {
1918
1964
  style: {
@@ -1978,7 +2024,7 @@ const Ht = ({ redirectPath: r }) => /* @__PURE__ */ s(
1978
2024
  children: [
1979
2025
  /* @__PURE__ */ s("div", { style: { fontSize: "3rem", marginBottom: "1rem" }, children: "⚠️" }),
1980
2026
  /* @__PURE__ */ s("h2", { style: { color: "#374151", marginBottom: "1rem" }, children: "Insufficient Permissions" }),
1981
- e && r ? /* @__PURE__ */ f(B, { children: [
2027
+ e && r ? /* @__PURE__ */ f(U, { children: [
1982
2028
  /* @__PURE__ */ f("p", { style: { color: "#6b7280", marginBottom: "1rem" }, children: [
1983
2029
  "This page requires ",
1984
2030
  /* @__PURE__ */ s("strong", { children: e }),
@@ -1988,7 +2034,7 @@ const Ht = ({ redirectPath: r }) => /* @__PURE__ */ s(
1988
2034
  "Your current user type: ",
1989
2035
  /* @__PURE__ */ s("strong", { children: r })
1990
2036
  ] })
1991
- ] }) : /* @__PURE__ */ f(B, { children: [
2037
+ ] }) : /* @__PURE__ */ f(U, { children: [
1992
2038
  /* @__PURE__ */ s("p", { style: { color: "#6b7280", marginBottom: "1rem" }, children: "You don't have the required permissions to access this page." }),
1993
2039
  t && t.length > 0 && /* @__PURE__ */ f("p", { style: { color: "#9ca3af", fontSize: "0.875rem" }, children: [
1994
2040
  "Required permissions: ",
@@ -1999,8 +2045,8 @@ const Ht = ({ redirectPath: r }) => /* @__PURE__ */ s(
1999
2045
  }
2000
2046
  )
2001
2047
  }
2002
- ), Qt = (r, e) => r === e;
2003
- function Mr({
2048
+ ), Jt = (r, e) => r === e;
2049
+ function $r({
2004
2050
  children: r,
2005
2051
  redirectTo: e = "/login",
2006
2052
  requiredUserType: t,
@@ -2008,34 +2054,34 @@ function Mr({
2008
2054
  requireAllPermissions: i = !1,
2009
2055
  fallback: a
2010
2056
  }) {
2011
- const { hasValidSession: l, sessionManager: d, hasPermission: T, hasAnyPermission: A, hasAllPermissions: c } = de(), S = xe();
2057
+ const { hasValidSession: l, sessionManager: h, hasPermission: S, hasAnyPermission: k, hasAllPermissions: T } = de(), c = xe();
2012
2058
  if (re(() => {
2013
2059
  process.env.NODE_ENV === "development" && console.warn(
2014
2060
  "[react-identity-access] ProtectedRoute is deprecated. Use AuthenticatedZone or AdminZone from ZoneRoute instead."
2015
2061
  );
2016
2062
  }, []), !l())
2017
- return a ? /* @__PURE__ */ s(B, { children: a }) : /* @__PURE__ */ f(B, { children: [
2018
- /* @__PURE__ */ s(Ht, { redirectPath: e }),
2019
- /* @__PURE__ */ s(be, { to: e, state: { from: S.pathname }, replace: !0 })
2063
+ return a ? /* @__PURE__ */ s(U, { children: a }) : /* @__PURE__ */ f(U, { children: [
2064
+ /* @__PURE__ */ s(Qt, { redirectPath: e }),
2065
+ /* @__PURE__ */ s(we, { to: e, state: { from: c.pathname }, replace: !0 })
2020
2066
  ] });
2021
- const h = d.getUser();
2022
- if (!h)
2023
- return /* @__PURE__ */ s(be, { to: e, state: { from: S.pathname }, replace: !0 });
2024
- if (t && !Qt(h.userType, t))
2067
+ const d = h.getUser();
2068
+ if (!d)
2069
+ return /* @__PURE__ */ s(we, { to: e, state: { from: c.pathname }, replace: !0 });
2070
+ if (t && !Jt(d.userType, t))
2025
2071
  return /* @__PURE__ */ s(
2026
2072
  nt,
2027
2073
  {
2028
- userType: h.userType,
2074
+ userType: d.userType,
2029
2075
  requiredUserType: t
2030
2076
  }
2031
2077
  );
2032
- if (n && n.length > 0 && !(i ? c(n) : A(n))) {
2033
- const P = n.filter((I) => !T(I)).map((I) => typeof I == "string" ? I : I.name);
2078
+ if (n && n.length > 0 && !(i ? T(n) : k(n))) {
2079
+ const P = n.filter((I) => !S(I)).map((I) => typeof I == "string" ? I : I.name);
2034
2080
  return /* @__PURE__ */ s(nt, { missingPermissions: P });
2035
2081
  }
2036
- return /* @__PURE__ */ s(B, { children: r });
2082
+ return /* @__PURE__ */ s(U, { children: r });
2037
2083
  }
2038
- const Jt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2084
+ const Zt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2039
2085
  "div",
2040
2086
  {
2041
2087
  style: {
@@ -2072,18 +2118,18 @@ const Jt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2072
2118
  )
2073
2119
  }
2074
2120
  );
2075
- function $r({ children: r, redirectTo: e = "/", fallback: t }) {
2121
+ function Ur({ children: r, redirectTo: e = "/", fallback: t }) {
2076
2122
  const { tenant: n, isLoading: i, error: a } = ot(), l = xe();
2077
2123
  return re(() => {
2078
2124
  process.env.NODE_ENV === "development" && console.warn(
2079
2125
  "[react-identity-access] TenantRoute is deprecated. Use TenantZone from ZoneRoute instead."
2080
2126
  );
2081
- }, []), i || a ? null : n ? /* @__PURE__ */ s(B, { children: r }) : t ? /* @__PURE__ */ s(B, { children: t }) : /* @__PURE__ */ f(B, { children: [
2082
- /* @__PURE__ */ s(Jt, { redirectPath: e }),
2083
- /* @__PURE__ */ s(be, { to: e, state: { from: l.pathname }, replace: !0 })
2127
+ }, []), i || a ? null : n ? /* @__PURE__ */ s(U, { children: r }) : t ? /* @__PURE__ */ s(U, { children: t }) : /* @__PURE__ */ f(U, { children: [
2128
+ /* @__PURE__ */ s(Zt, { redirectPath: e }),
2129
+ /* @__PURE__ */ s(we, { to: e, state: { from: l.pathname }, replace: !0 })
2084
2130
  ] });
2085
2131
  }
2086
- const Zt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2132
+ const Kt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2087
2133
  "div",
2088
2134
  {
2089
2135
  style: {
@@ -2120,36 +2166,36 @@ const Zt = ({ redirectPath: r }) => /* @__PURE__ */ s(
2120
2166
  )
2121
2167
  }
2122
2168
  );
2123
- function Ur({ children: r, redirectTo: e = "/dashboard", fallback: t }) {
2169
+ function Br({ children: r, redirectTo: e = "/dashboard", fallback: t }) {
2124
2170
  const { tenant: n, isLoading: i, error: a } = ot(), l = xe();
2125
2171
  return re(() => {
2126
2172
  process.env.NODE_ENV === "development" && console.warn(
2127
2173
  "[react-identity-access] LandingRoute is deprecated. Use PublicZone from ZoneRoute instead."
2128
2174
  );
2129
- }, []), i || a ? null : n ? t ? /* @__PURE__ */ s(B, { children: t }) : /* @__PURE__ */ f(B, { children: [
2130
- /* @__PURE__ */ s(Zt, { redirectPath: e }),
2131
- /* @__PURE__ */ s(be, { to: e, state: { from: l.pathname }, replace: !0 })
2132
- ] }) : /* @__PURE__ */ s(B, { children: r });
2175
+ }, []), i || a ? null : n ? t ? /* @__PURE__ */ s(U, { children: t }) : /* @__PURE__ */ f(U, { children: [
2176
+ /* @__PURE__ */ s(Kt, { redirectPath: e }),
2177
+ /* @__PURE__ */ s(we, { to: e, state: { from: l.pathname }, replace: !0 })
2178
+ ] }) : /* @__PURE__ */ s(U, { children: r });
2133
2179
  }
2134
- function Kt(r, e) {
2180
+ function Yt(r, e) {
2135
2181
  return e ? r ? Array.isArray(e) ? e.includes(r) : r === e : !1 : !0;
2136
2182
  }
2137
2183
  function st(r, e) {
2138
2184
  return !r || r === "optional" ? "skip" : r === "required" ? e ? "pass" : "fail" : r === "forbidden" ? e ? "fail" : "pass" : "skip";
2139
2185
  }
2140
- function Yt(r, e) {
2141
- return st(r.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : st(r.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : r.userType && e.isAuthenticated && !Kt(e.userType, r.userType) ? "wrong_user_type" : r.permissions && r.permissions.length > 0 && !(r.requireAllPermissions !== !1 ? (a) => a.every((l) => e.permissions.includes(l)) : (a) => a.some((l) => e.permissions.includes(l)))(r.permissions) ? "missing_permissions" : null;
2142
- }
2143
2186
  function Xt(r, e) {
2187
+ return st(r.tenant, e.hasTenant) === "fail" ? e.hasTenant ? "has_tenant" : "no_tenant" : st(r.auth, e.isAuthenticated) === "fail" ? e.isAuthenticated ? "already_authenticated" : "not_authenticated" : r.userType && e.isAuthenticated && !Yt(e.userType, r.userType) ? "wrong_user_type" : r.permissions && r.permissions.length > 0 && !(r.requireAllPermissions !== !1 ? (a) => a.every((l) => e.permissions.includes(l)) : (a) => a.some((l) => e.permissions.includes(l)))(r.permissions) ? "missing_permissions" : null;
2188
+ }
2189
+ function er(r, e) {
2144
2190
  return r.hasTenant ? r.isAuthenticated ? r.userType === ae.TENANT_ADMIN ? e.tenantAdmin : e.tenantUser : e.tenantGuest : r.isAuthenticated ? r.userType === ae.TENANT_ADMIN ? e.publicAdmin : e.publicUser : e.publicGuest;
2145
2191
  }
2146
- function er(r, e, t, n, i) {
2192
+ function tr(r, e, t, n, i) {
2147
2193
  if (!e || i !== "url")
2148
2194
  return r;
2149
2195
  const a = typeof e == "string" ? e : t, l = r.includes("?") ? "&" : "?";
2150
2196
  return `${r}${l}${n}=${encodeURIComponent(a)}`;
2151
2197
  }
2152
- function tr(r, e, t) {
2198
+ function rr(r, e, t) {
2153
2199
  if (!r || t === "url") return;
2154
2200
  const n = typeof r == "string" ? r : e, i = "zone_return_to";
2155
2201
  t === "session" ? sessionStorage.setItem(i, n) : t === "local" && localStorage.setItem(i, n);
@@ -2162,13 +2208,13 @@ const ue = ({
2162
2208
  userType: i,
2163
2209
  requiredPermissions: a,
2164
2210
  requireAllPermissions: l = !0,
2165
- returnTo: d,
2166
- onAccessDenied: T,
2167
- redirectTo: A,
2168
- loadingFallback: c,
2169
- accessDeniedFallback: S
2211
+ returnTo: h,
2212
+ onAccessDenied: S,
2213
+ redirectTo: k,
2214
+ loadingFallback: T,
2215
+ accessDeniedFallback: c
2170
2216
  }) => {
2171
- const h = xe(), { isAuthenticated: x, isAuthInitializing: P, currentUser: I, userPermissions: R } = de(), { tenant: k, isTenantLoading: m } = ve(), g = Wt(), b = V(() => {
2217
+ const d = xe(), { isAuthenticated: A, isAuthInitializing: P, currentUser: I, userPermissions: R } = de(), { tenant: E, isTenantLoading: m } = Te(), g = Gt(), b = V(() => {
2172
2218
  if (e)
2173
2219
  return g.presets[e];
2174
2220
  }, [e, g.presets]), C = V(
@@ -2182,21 +2228,21 @@ const ue = ({
2182
2228
  [t, n, i, a, b, l]
2183
2229
  ), o = V(
2184
2230
  () => ({
2185
- hasTenant: !!k,
2186
- isAuthenticated: x,
2231
+ hasTenant: !!E,
2232
+ isAuthenticated: A,
2187
2233
  userType: I == null ? void 0 : I.userType,
2188
2234
  permissions: R,
2189
2235
  isLoading: P || m
2190
2236
  }),
2191
2237
  [
2192
- k,
2193
- x,
2238
+ E,
2239
+ A,
2194
2240
  I == null ? void 0 : I.userType,
2195
2241
  R,
2196
2242
  P,
2197
2243
  m
2198
2244
  ]
2199
- ), p = V(() => o.isLoading ? null : Yt(C, o), [C, o]), E = V(() => p ? A || Xt(o, g.zoneRoots) : null, [p, A, o, g.zoneRoots]), y = V(() => !p || !E ? null : {
2245
+ ), p = V(() => o.isLoading ? null : Xt(C, o), [C, o]), x = V(() => p ? k || er(o, g.zoneRoots) : null, [p, k, o, g.zoneRoots]), y = V(() => !p || !x ? null : {
2200
2246
  type: p,
2201
2247
  required: {
2202
2248
  tenant: C.tenant,
@@ -2210,35 +2256,35 @@ const ue = ({
2210
2256
  userType: o.userType,
2211
2257
  permissions: o.permissions
2212
2258
  },
2213
- redirectTo: E
2214
- }, [p, E, C, o]);
2259
+ redirectTo: x
2260
+ }, [p, x, C, o]);
2215
2261
  if (re(() => {
2216
- y && (T ? T(y) : g.onAccessDenied && g.onAccessDenied(y));
2217
- }, [y, T, g]), re(() => {
2218
- y && d && tr(d, h.pathname + h.search, g.returnToStorage);
2262
+ y && (S ? S(y) : g.onAccessDenied && g.onAccessDenied(y));
2263
+ }, [y, S, g]), re(() => {
2264
+ y && h && rr(h, d.pathname + d.search, g.returnToStorage);
2219
2265
  }, [
2220
2266
  y,
2221
- d,
2222
- h.pathname,
2223
- h.search,
2267
+ h,
2268
+ d.pathname,
2269
+ d.search,
2224
2270
  g.returnToStorage
2225
2271
  ]), o.isLoading)
2226
- return /* @__PURE__ */ s(B, { children: c ?? g.loadingFallback ?? null });
2227
- if (y && E) {
2228
- const u = S ?? g.accessDeniedFallback;
2272
+ return /* @__PURE__ */ s(U, { children: T ?? g.loadingFallback ?? null });
2273
+ if (y && x) {
2274
+ const u = c ?? g.accessDeniedFallback;
2229
2275
  if (u)
2230
- return /* @__PURE__ */ s(B, { children: u });
2231
- const v = er(
2232
- E,
2233
- d,
2234
- h.pathname + h.search,
2276
+ return /* @__PURE__ */ s(U, { children: u });
2277
+ const v = tr(
2278
+ x,
2279
+ h,
2280
+ d.pathname + d.search,
2235
2281
  g.returnToParam,
2236
2282
  g.returnToStorage
2237
2283
  );
2238
- return /* @__PURE__ */ s(be, { to: v, replace: !0 });
2284
+ return /* @__PURE__ */ s(we, { to: v, replace: !0 });
2239
2285
  }
2240
- return /* @__PURE__ */ s(B, { children: r });
2241
- }, Br = (r) => /* @__PURE__ */ s(ue, { tenant: "required", ...r }), _r = (r) => /* @__PURE__ */ s(ue, { tenant: "forbidden", ...r }), Or = (r) => /* @__PURE__ */ s(ue, { auth: "required", ...r }), Vr = (r) => /* @__PURE__ */ s(ue, { auth: "forbidden", ...r }), qr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.TENANT_ADMIN, ...r }), zr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.USER, ...r }), jr = (r) => /* @__PURE__ */ s(ue, { tenant: "optional", auth: "optional", ...r }), Wr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "required", ...r }), Gr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "optional", ...r }), Hr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "forbidden", ...r }), rr = () => /* @__PURE__ */ f(
2286
+ return /* @__PURE__ */ s(U, { children: r });
2287
+ }, _r = (r) => /* @__PURE__ */ s(ue, { tenant: "required", ...r }), Or = (r) => /* @__PURE__ */ s(ue, { tenant: "forbidden", ...r }), Vr = (r) => /* @__PURE__ */ s(ue, { auth: "required", ...r }), qr = (r) => /* @__PURE__ */ s(ue, { auth: "forbidden", ...r }), zr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.TENANT_ADMIN, ...r }), jr = (r) => /* @__PURE__ */ s(ue, { auth: "required", userType: ae.USER, ...r }), Wr = (r) => /* @__PURE__ */ s(ue, { tenant: "optional", auth: "optional", ...r }), Gr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "required", ...r }), Hr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "optional", ...r }), Qr = (r) => /* @__PURE__ */ s(ue, { tenant: "required", auth: "forbidden", ...r }), nr = () => /* @__PURE__ */ f(
2242
2288
  "div",
2243
2289
  {
2244
2290
  style: {
@@ -2255,14 +2301,14 @@ const ue = ({
2255
2301
  ]
2256
2302
  }
2257
2303
  );
2258
- function Qr({
2304
+ function Jr({
2259
2305
  children: r,
2260
- fallback: e = /* @__PURE__ */ s(rr, {}),
2306
+ fallback: e = /* @__PURE__ */ s(nr, {}),
2261
2307
  allowedPlans: t,
2262
2308
  requiredFeature: n
2263
2309
  }) {
2264
- const { subscription: i, hasAllowedPlan: a, isFeatureEnabled: l, loading: d } = zt();
2265
- return d ? /* @__PURE__ */ s(
2310
+ const { subscription: i, hasAllowedPlan: a, isFeatureEnabled: l, loading: h } = jt();
2311
+ return h ? /* @__PURE__ */ s(
2266
2312
  "div",
2267
2313
  {
2268
2314
  style: {
@@ -2272,9 +2318,9 @@ function Qr({
2272
2318
  },
2273
2319
  children: "Loading subscription..."
2274
2320
  }
2275
- ) : i ? i.isActive ? t && t.length > 0 && !a(t) ? /* @__PURE__ */ s(B, { children: e }) : n && !l(n) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: r }) : /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: e });
2321
+ ) : i ? i.isActive ? t && t.length > 0 && !a(t) ? /* @__PURE__ */ s(U, { children: e }) : n && !l(n) ? /* @__PURE__ */ s(U, { children: e }) : /* @__PURE__ */ s(U, { children: r }) : /* @__PURE__ */ s(U, { children: e }) : /* @__PURE__ */ s(U, { children: e });
2276
2322
  }
2277
- const nr = ({ flagName: r }) => /* @__PURE__ */ f(
2323
+ const sr = ({ flagName: r }) => /* @__PURE__ */ f(
2278
2324
  "div",
2279
2325
  {
2280
2326
  style: {
@@ -2301,8 +2347,8 @@ const nr = ({ flagName: r }) => /* @__PURE__ */ f(
2301
2347
  ]
2302
2348
  }
2303
2349
  );
2304
- function Jr({ name: r, children: e, fallback: t }) {
2305
- const { isEnabled: n, loading: i } = Vt();
2350
+ function Zr({ name: r, children: e, fallback: t }) {
2351
+ const { isEnabled: n, loading: i } = qt();
2306
2352
  return i ? /* @__PURE__ */ s(
2307
2353
  "div",
2308
2354
  {
@@ -2316,32 +2362,32 @@ function Jr({ name: r, children: e, fallback: t }) {
2316
2362
  },
2317
2363
  children: "Loading feature flags..."
2318
2364
  }
2319
- ) : n(r) ? /* @__PURE__ */ s(B, { children: e }) : /* @__PURE__ */ s(B, { children: t || /* @__PURE__ */ s(nr, { flagName: r }) });
2320
- }
2321
- function we(r) {
2322
- const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, d] = N(!1), [T, A] = N(""), [c, S] = N({}), h = te((R, k) => {
2323
- S((m) => ({ ...m, [R]: k }));
2324
- }, []), x = te((R) => {
2325
- S((k) => {
2326
- if (!k[R]) return k;
2327
- const m = { ...k };
2365
+ ) : n(r) ? /* @__PURE__ */ s(U, { children: e }) : /* @__PURE__ */ s(U, { children: t || /* @__PURE__ */ s(sr, { flagName: r }) });
2366
+ }
2367
+ function ve(r) {
2368
+ const { submit: e, defaultErrorMessage: t, validate: n, onSuccess: i, onError: a } = r, [l, h] = N(!1), [S, k] = N(""), [T, c] = N({}), d = te((R, E) => {
2369
+ c((m) => ({ ...m, [R]: E }));
2370
+ }, []), A = te((R) => {
2371
+ c((E) => {
2372
+ if (!E[R]) return E;
2373
+ const m = { ...E };
2328
2374
  return delete m[R], m;
2329
2375
  });
2330
2376
  }, []), P = te(() => {
2331
- A(""), S({});
2377
+ k(""), c({});
2332
2378
  }, []), I = te(
2333
2379
  async (R) => {
2334
2380
  if (R && R.preventDefault(), !(n && !n())) {
2335
- d(!0), A("");
2381
+ h(!0), k("");
2336
2382
  try {
2337
- const k = await e();
2338
- return i == null || i(k), k;
2339
- } catch (k) {
2340
- const m = k instanceof Error ? k.message : t;
2341
- A(m), a == null || a(m);
2383
+ const E = await e();
2384
+ return i == null || i(E), E;
2385
+ } catch (E) {
2386
+ const m = E instanceof Error ? E.message : t;
2387
+ k(m), a == null || a(m);
2342
2388
  return;
2343
2389
  } finally {
2344
- d(!1);
2390
+ h(!1);
2345
2391
  }
2346
2392
  }
2347
2393
  },
@@ -2349,11 +2395,11 @@ function we(r) {
2349
2395
  );
2350
2396
  return {
2351
2397
  loading: l,
2352
- error: T,
2353
- setError: A,
2354
- fieldErrors: c,
2355
- setFieldError: h,
2356
- clearFieldError: x,
2398
+ error: S,
2399
+ setError: k,
2400
+ fieldErrors: T,
2401
+ setFieldError: d,
2402
+ clearFieldError: A,
2357
2403
  resetErrors: P,
2358
2404
  handleSubmit: I
2359
2405
  };
@@ -2533,7 +2579,7 @@ function Le(r, e) {
2533
2579
  }
2534
2580
  };
2535
2581
  }
2536
- const sr = () => me.createElement(
2582
+ const ir = () => me.createElement(
2537
2583
  "svg",
2538
2584
  {
2539
2585
  width: "16",
@@ -2548,7 +2594,7 @@ const sr = () => me.createElement(
2548
2594
  },
2549
2595
  me.createElement("path", { d: "M1 12s4-8 11-8 11 8 11 8-4 8-11 8-11-8-11-8z" }),
2550
2596
  me.createElement("circle", { cx: "12", cy: "12", r: "3" })
2551
- ), ir = () => me.createElement(
2597
+ ), or = () => me.createElement(
2552
2598
  "svg",
2553
2599
  {
2554
2600
  width: "16",
@@ -2565,10 +2611,10 @@ const sr = () => me.createElement(
2565
2611
  d: "M17.94 17.94A10.07 10.07 0 0 1 12 20c-7 0-11-8-11-8a18.45 18.45 0 0 1 5.06-5.94M9.9 4.24A9.12 9.12 0 0 1 12 4c7 0 11 8 11 8a18.5 18.5 0 0 1-2.16 3.19m-6.72-1.07a3 3 0 1 1-4.24-4.24"
2566
2612
  }),
2567
2613
  me.createElement("line", { x1: "1", y1: "1", x2: "23", y2: "23" })
2568
- ), or = {
2569
- showPassword: /* @__PURE__ */ s(sr, {}),
2570
- hidePassword: /* @__PURE__ */ s(ir, {})
2571
- }, ar = {
2614
+ ), ar = {
2615
+ showPassword: /* @__PURE__ */ s(ir, {}),
2616
+ hidePassword: /* @__PURE__ */ s(or, {})
2617
+ }, lr = {
2572
2618
  title: "Sign In",
2573
2619
  usernameLabel: "Email or Phone",
2574
2620
  usernamePlaceholder: "Enter your email or phone number",
@@ -2587,7 +2633,7 @@ const sr = () => me.createElement(
2587
2633
  showPasswordAriaLabel: "Show password",
2588
2634
  hidePasswordAriaLabel: "Hide password"
2589
2635
  };
2590
- function Zr({
2636
+ function Kr({
2591
2637
  copy: r = {},
2592
2638
  styles: e = {},
2593
2639
  icons: t = {},
@@ -2595,30 +2641,30 @@ function Zr({
2595
2641
  onError: i,
2596
2642
  onForgotPassword: a,
2597
2643
  onSignupClick: l,
2598
- onMagicLinkClick: d,
2599
- showForgotPassword: T = !0,
2600
- showSignupLink: A = !0,
2601
- showMagicLinkOption: c = !0,
2602
- className: S
2644
+ onMagicLinkClick: h,
2645
+ showForgotPassword: S = !0,
2646
+ showSignupLink: k = !0,
2647
+ showMagicLinkOption: T = !0,
2648
+ className: c
2603
2649
  }) {
2604
- const [h, x] = N(""), [P, I] = N(""), [R, k] = N(!1), { login: m } = de(), g = { ...ar, ...r }, b = Le("#3b82f6", e), C = { ...or, ...t }, o = we({
2650
+ const [d, A] = N(""), [P, I] = N(""), [R, E] = N(!1), { login: m } = de(), g = { ...lr, ...r }, b = Le("#3b82f6", e), C = { ...ar, ...t }, o = ve({
2605
2651
  defaultErrorMessage: g.errorMessage,
2606
2652
  validate: () => {
2607
2653
  const u = [];
2608
- return h.trim() || u.push("username"), P.trim() || u.push("password"), u.forEach((v) => o.setFieldError(v, !0)), u.length === 0;
2654
+ return d.trim() || u.push("username"), P.trim() || u.push("password"), u.forEach((v) => o.setFieldError(v, !0)), u.length === 0;
2609
2655
  },
2610
- submit: () => m({ username: h, password: P }),
2656
+ submit: () => m({ username: d, password: P }),
2611
2657
  onSuccess: n,
2612
2658
  onError: i
2613
2659
  }), p = (u) => ({
2614
2660
  ...b.input,
2615
2661
  ...o.fieldErrors[u] ? b.inputError : {}
2616
- }), E = !h || !P || o.loading, y = {
2662
+ }), x = !d || !P || o.loading, y = {
2617
2663
  ...b.button,
2618
2664
  ...o.loading ? b.buttonLoading : {},
2619
- ...E ? b.buttonDisabled : {}
2665
+ ...x ? b.buttonDisabled : {}
2620
2666
  };
2621
- return /* @__PURE__ */ f("div", { className: S, style: b.container, children: [
2667
+ return /* @__PURE__ */ f("div", { className: c, style: b.container, children: [
2622
2668
  /* @__PURE__ */ s("h2", { style: b.title, children: g.title }),
2623
2669
  /* @__PURE__ */ f("form", { onSubmit: o.handleSubmit, style: b.form, children: [
2624
2670
  /* @__PURE__ */ f("div", { style: b.fieldGroup, children: [
@@ -2629,9 +2675,9 @@ function Zr({
2629
2675
  id: "username",
2630
2676
  name: "username",
2631
2677
  type: "text",
2632
- value: h,
2678
+ value: d,
2633
2679
  onChange: (u) => {
2634
- x(u.target.value), o.clearFieldError("username");
2680
+ A(u.target.value), o.clearFieldError("username");
2635
2681
  },
2636
2682
  placeholder: g.usernamePlaceholder,
2637
2683
  style: p("username"),
@@ -2661,7 +2707,7 @@ function Zr({
2661
2707
  "button",
2662
2708
  {
2663
2709
  type: "button",
2664
- onClick: () => k(!R),
2710
+ onClick: () => E(!R),
2665
2711
  style: b.passwordToggle,
2666
2712
  disabled: o.loading,
2667
2713
  "aria-label": R ? g.hidePasswordAriaLabel : g.showPasswordAriaLabel,
@@ -2670,21 +2716,21 @@ function Zr({
2670
2716
  )
2671
2717
  ] })
2672
2718
  ] }),
2673
- /* @__PURE__ */ s("button", { type: "submit", disabled: E, style: y, children: o.loading ? g.loadingText : g.submitButton }),
2719
+ /* @__PURE__ */ s("button", { type: "submit", disabled: x, style: y, children: o.loading ? g.loadingText : g.submitButton }),
2674
2720
  o.error && /* @__PURE__ */ s("div", { style: b.errorText, children: o.error })
2675
2721
  ] }),
2676
- (T || A || c) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
2677
- c && /* @__PURE__ */ f("div", { children: [
2722
+ (S || k || T) && /* @__PURE__ */ f("div", { style: b.linkContainer, children: [
2723
+ T && /* @__PURE__ */ f("div", { children: [
2678
2724
  /* @__PURE__ */ f("span", { style: b.divider, children: [
2679
2725
  g.magicLinkText,
2680
2726
  " "
2681
2727
  ] }),
2682
- /* @__PURE__ */ s("a", { onClick: d, style: b.link, children: g.magicLinkLink })
2728
+ /* @__PURE__ */ s("a", { onClick: h, style: b.link, children: g.magicLinkLink })
2683
2729
  ] }),
2684
- c && (T || A) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
2685
- T && /* @__PURE__ */ s("a", { onClick: a, style: b.link, children: g.forgotPasswordLink }),
2686
- T && A && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
2687
- A && /* @__PURE__ */ f("div", { children: [
2730
+ T && (S || k) && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
2731
+ S && /* @__PURE__ */ s("a", { onClick: a, style: b.link, children: g.forgotPasswordLink }),
2732
+ S && k && /* @__PURE__ */ s("div", { style: b.divider, children: g.dividerBullet }),
2733
+ k && /* @__PURE__ */ f("div", { children: [
2688
2734
  /* @__PURE__ */ f("span", { style: b.divider, children: [
2689
2735
  g.signupText,
2690
2736
  " "
@@ -2694,7 +2740,7 @@ function Zr({
2694
2740
  ] })
2695
2741
  ] });
2696
2742
  }
2697
- const lr = {
2743
+ const cr = {
2698
2744
  title: "Create Account",
2699
2745
  nameLabel: "First Name",
2700
2746
  namePlaceholder: "Enter your first name",
@@ -2724,7 +2770,7 @@ const lr = {
2724
2770
  tenantNotFoundError: "Tenant not found",
2725
2771
  dividerBullet: "•"
2726
2772
  };
2727
- function Kr({
2773
+ function Yr({
2728
2774
  copy: r = {},
2729
2775
  styles: e = {},
2730
2776
  signupType: t = "user",
@@ -2732,45 +2778,45 @@ function Kr({
2732
2778
  onError: i,
2733
2779
  onLoginClick: a,
2734
2780
  onMagicLinkClick: l,
2735
- showLoginLink: d = !0,
2736
- showMagicLinkOption: T = !0,
2737
- className: A
2781
+ showLoginLink: h = !0,
2782
+ showMagicLinkOption: S = !0,
2783
+ className: k
2738
2784
  }) {
2739
- var U;
2740
- const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [R, k] = N(""), [m, g] = N(""), [b, C] = N(""), [o, p] = N(""), { signup: E, signupTenantAdmin: y } = de(), u = ((U = pe()) == null ? void 0 : U.tenant) ?? null, v = { ...lr, ...r }, D = Le("#10b981", e), se = !!c && (!!P || !!R) && !!m && !!b && (t === "user" || !!o), F = we({
2785
+ var B;
2786
+ const [T, c] = N(""), [d, A] = N(""), [P, I] = N(""), [R, E] = N(""), [m, g] = N(""), [b, C] = N(""), [o, p] = N(""), { signup: x, signupTenantAdmin: y } = de(), u = ((B = pe()) == null ? void 0 : B.tenant) ?? null, v = { ...cr, ...r }, D = Le("#10b981", e), se = !!T && (!!P || !!R) && !!m && !!b && (t === "user" || !!o), F = ve({
2741
2787
  defaultErrorMessage: v.errorMessage,
2742
2788
  validate: () => {
2743
2789
  const L = [];
2744
- return c.trim() || L.push("name"), !P.trim() && !R.trim() && (L.push("email"), L.push("phoneNumber")), m.trim() || L.push("password"), b.trim() || L.push("confirmPassword"), t === "tenant" && !o.trim() && L.push("tenantName"), L.forEach((q) => F.setFieldError(q, !0)), L.length > 0 ? !1 : m !== b ? (F.setError(v.passwordMismatchError), F.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (F.setError(v.tenantNotFoundError), !1) : !0;
2790
+ return T.trim() || L.push("name"), !P.trim() && !R.trim() && (L.push("email"), L.push("phoneNumber")), m.trim() || L.push("password"), b.trim() || L.push("confirmPassword"), t === "tenant" && !o.trim() && L.push("tenantName"), L.forEach((q) => F.setFieldError(q, !0)), L.length > 0 ? !1 : m !== b ? (F.setError(v.passwordMismatchError), F.setFieldError("confirmPassword", !0), !1) : t === "user" && !(u != null && u.id) ? (F.setError(v.tenantNotFoundError), !1) : !0;
2745
2791
  },
2746
2792
  submit: async () => t === "tenant" ? y({
2747
2793
  email: P || void 0,
2748
2794
  phoneNumber: R || void 0,
2749
- name: c,
2795
+ name: T,
2750
2796
  password: m,
2751
2797
  tenantName: o,
2752
- lastName: h || void 0
2753
- }) : E({
2798
+ lastName: d || void 0
2799
+ }) : x({
2754
2800
  email: P || void 0,
2755
2801
  phoneNumber: R || void 0,
2756
- name: c,
2802
+ name: T,
2757
2803
  password: m,
2758
2804
  tenantId: u.id,
2759
- lastName: h || void 0
2805
+ lastName: d || void 0
2760
2806
  }),
2761
2807
  onSuccess: n,
2762
2808
  onError: i
2763
2809
  }), H = (L) => ({
2764
2810
  ...D.input,
2765
2811
  ...F.fieldErrors[L] ? D.inputError : {}
2766
- }), j = !se || F.loading, Z = {
2812
+ }), j = !se || F.loading, K = {
2767
2813
  ...D.button,
2768
2814
  ...F.loading ? D.buttonLoading : {},
2769
2815
  ...j ? D.buttonDisabled : {}
2770
2816
  }, $ = () => {
2771
2817
  F.clearFieldError("email"), F.clearFieldError("phoneNumber");
2772
2818
  };
2773
- return /* @__PURE__ */ f("div", { className: A, style: D.container, children: [
2819
+ return /* @__PURE__ */ f("div", { className: k, style: D.container, children: [
2774
2820
  /* @__PURE__ */ s("h2", { style: D.title, children: v.title }),
2775
2821
  /* @__PURE__ */ f("form", { onSubmit: F.handleSubmit, style: D.form, children: [
2776
2822
  /* @__PURE__ */ f("div", { style: D.fieldGroup, children: [
@@ -2781,9 +2827,9 @@ function Kr({
2781
2827
  id: "name",
2782
2828
  name: "name",
2783
2829
  type: "text",
2784
- value: c,
2830
+ value: T,
2785
2831
  onChange: (L) => {
2786
- S(L.target.value), F.clearFieldError("name");
2832
+ c(L.target.value), F.clearFieldError("name");
2787
2833
  },
2788
2834
  placeholder: v.namePlaceholder,
2789
2835
  style: H("name"),
@@ -2799,8 +2845,8 @@ function Kr({
2799
2845
  id: "lastName",
2800
2846
  name: "lastName",
2801
2847
  type: "text",
2802
- value: h,
2803
- onChange: (L) => x(L.target.value),
2848
+ value: d,
2849
+ onChange: (L) => A(L.target.value),
2804
2850
  placeholder: v.lastNamePlaceholder,
2805
2851
  style: D.input,
2806
2852
  disabled: F.loading
@@ -2835,7 +2881,7 @@ function Kr({
2835
2881
  type: "tel",
2836
2882
  value: R,
2837
2883
  onChange: (L) => {
2838
- k(L.target.value), $();
2884
+ E(L.target.value), $();
2839
2885
  },
2840
2886
  placeholder: v.phoneNumberPlaceholder,
2841
2887
  style: H("phoneNumber"),
@@ -2898,19 +2944,19 @@ function Kr({
2898
2944
  }
2899
2945
  )
2900
2946
  ] }),
2901
- /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: Z, children: F.loading ? v.loadingText : v.submitButton }),
2947
+ /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: K, children: F.loading ? v.loadingText : v.submitButton }),
2902
2948
  F.error && /* @__PURE__ */ s("div", { style: D.errorText, children: F.error })
2903
2949
  ] }),
2904
- (d || T) && /* @__PURE__ */ f("div", { style: D.linkContainer, children: [
2905
- T && /* @__PURE__ */ f("div", { children: [
2950
+ (h || S) && /* @__PURE__ */ f("div", { style: D.linkContainer, children: [
2951
+ S && /* @__PURE__ */ f("div", { children: [
2906
2952
  /* @__PURE__ */ f("span", { style: D.divider, children: [
2907
2953
  v.magicLinkText,
2908
2954
  " "
2909
2955
  ] }),
2910
2956
  /* @__PURE__ */ s("a", { onClick: l, style: D.link, children: v.magicLinkLink })
2911
2957
  ] }),
2912
- T && d && /* @__PURE__ */ s("div", { style: D.divider, children: v.dividerBullet }),
2913
- d && /* @__PURE__ */ f("div", { children: [
2958
+ S && h && /* @__PURE__ */ s("div", { style: D.divider, children: v.dividerBullet }),
2959
+ h && /* @__PURE__ */ f("div", { children: [
2914
2960
  /* @__PURE__ */ f("span", { style: D.divider, children: [
2915
2961
  v.loginText,
2916
2962
  " "
@@ -2920,7 +2966,7 @@ function Kr({
2920
2966
  ] })
2921
2967
  ] });
2922
2968
  }
2923
- const cr = {
2969
+ const ur = {
2924
2970
  title: "Sign In with Magic Link",
2925
2971
  emailLabel: "Email",
2926
2972
  emailPlaceholder: "Enter your email",
@@ -2945,7 +2991,7 @@ const cr = {
2945
2991
  missingTenantOrEmailError: "Missing tenant or email",
2946
2992
  dividerBullet: "•"
2947
2993
  };
2948
- function Yr({
2994
+ function Xr({
2949
2995
  copy: r = {},
2950
2996
  styles: e = {},
2951
2997
  onSuccess: t,
@@ -2953,62 +2999,62 @@ function Yr({
2953
2999
  onLoginClick: i,
2954
3000
  onSignupClick: a,
2955
3001
  showTraditionalLinks: l = !0,
2956
- className: d,
2957
- verifyToken: T,
2958
- frontendUrl: A
3002
+ className: h,
3003
+ verifyToken: S,
3004
+ frontendUrl: k
2959
3005
  }) {
2960
3006
  var H;
2961
- const [c, S] = N(""), [h, x] = N(""), [P, I] = N(""), [R, k] = N(!1), [m, g] = N(""), [b, C] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = de(), E = ((H = pe()) == null ? void 0 : H.tenant) ?? null, y = { ...cr, ...r }, u = Le("#3b82f6", e), v = we({
3007
+ const [T, c] = N(""), [d, A] = N(""), [P, I] = N(""), [R, E] = N(!1), [m, g] = N(""), [b, C] = N(!1), { sendMagicLink: o, verifyMagicLink: p } = de(), x = ((H = pe()) == null ? void 0 : H.tenant) ?? null, y = { ...ur, ...r }, u = Le("#3b82f6", e), v = ve({
2962
3008
  defaultErrorMessage: y.errorMessage,
2963
3009
  validate: () => {
2964
3010
  const j = [];
2965
- return c.trim() || j.push("email"), b && !h.trim() && j.push("name"), j.forEach((Z) => v.setFieldError(Z, !0)), j.length > 0 ? !1 : E != null && E.id ? !0 : (v.setError(y.tenantNotFoundError), !1);
3011
+ return T.trim() || j.push("email"), b && !d.trim() && j.push("name"), j.forEach((K) => v.setFieldError(K, !0)), j.length > 0 ? !1 : x != null && x.id ? !0 : (v.setError(y.tenantNotFoundError), !1);
2966
3012
  },
2967
3013
  submit: async () => {
2968
3014
  g("");
2969
- const j = A || (typeof window < "u" ? window.location.origin : ""), Z = await o({
2970
- email: c,
2971
- tenantId: E.id,
3015
+ const j = k || (typeof window < "u" ? window.location.origin : ""), K = await o({
3016
+ email: T,
3017
+ tenantId: x.id,
2972
3018
  frontendUrl: j,
2973
- name: b ? h : void 0,
3019
+ name: b ? d : void 0,
2974
3020
  lastName: b ? P : void 0
2975
3021
  });
2976
- return g(y.successMessage), Z;
3022
+ return g(y.successMessage), K;
2977
3023
  },
2978
3024
  onSuccess: t,
2979
3025
  onError: n
2980
3026
  });
2981
3027
  re(() => {
2982
- if (!T) return;
3028
+ if (!S) return;
2983
3029
  (async () => {
2984
- if (!E || !c) {
3030
+ if (!x || !T) {
2985
3031
  v.setError(y.missingTenantOrEmailError);
2986
3032
  return;
2987
3033
  }
2988
- k(!0), v.setError("");
3034
+ E(!0), v.setError("");
2989
3035
  try {
2990
- const Z = await p({ token: T, email: c });
2991
- t == null || t(Z);
2992
- } catch (Z) {
2993
- const $ = Z instanceof Error ? Z.message : "Failed to verify magic link";
3036
+ const K = await p({ token: S, email: T });
3037
+ t == null || t(K);
3038
+ } catch (K) {
3039
+ const $ = K instanceof Error ? K.message : "Failed to verify magic link";
2994
3040
  v.setError($), n == null || n($);
2995
3041
  } finally {
2996
- k(!1);
3042
+ E(!1);
2997
3043
  }
2998
3044
  })();
2999
- }, [T]);
3045
+ }, [S]);
3000
3046
  const D = (j) => ({
3001
3047
  ...u.input,
3002
3048
  ...v.fieldErrors[j] ? u.inputError : {}
3003
- }), se = !c || v.loading || R, F = {
3049
+ }), se = !T || v.loading || R, F = {
3004
3050
  ...u.button,
3005
3051
  ...v.loading || R ? u.buttonLoading : {},
3006
3052
  ...se ? u.buttonDisabled : {}
3007
3053
  };
3008
- return R ? /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
3054
+ return R ? /* @__PURE__ */ f("div", { className: h, style: u.container, children: [
3009
3055
  /* @__PURE__ */ s("h2", { style: u.title, children: y.verifyingText }),
3010
3056
  /* @__PURE__ */ s("div", { style: u.verifyingContainer, children: /* @__PURE__ */ s("div", { style: u.verifyingText, children: y.verifyingDescription }) })
3011
- ] }) : /* @__PURE__ */ f("div", { className: d, style: u.container, children: [
3057
+ ] }) : /* @__PURE__ */ f("div", { className: h, style: u.container, children: [
3012
3058
  /* @__PURE__ */ s("h2", { style: u.title, children: y.title }),
3013
3059
  /* @__PURE__ */ s("p", { style: u.description, children: y.description }),
3014
3060
  /* @__PURE__ */ f("form", { onSubmit: v.handleSubmit, style: u.form, children: [
@@ -3020,9 +3066,9 @@ function Yr({
3020
3066
  id: "email",
3021
3067
  name: "email",
3022
3068
  type: "email",
3023
- value: c,
3069
+ value: T,
3024
3070
  onChange: (j) => {
3025
- S(j.target.value), v.clearFieldError("email");
3071
+ c(j.target.value), v.clearFieldError("email");
3026
3072
  },
3027
3073
  placeholder: y.emailPlaceholder,
3028
3074
  style: D("email"),
@@ -3039,7 +3085,7 @@ function Yr({
3039
3085
  children: y.showNameToggle
3040
3086
  }
3041
3087
  ) }),
3042
- b && /* @__PURE__ */ f(B, { children: [
3088
+ b && /* @__PURE__ */ f(U, { children: [
3043
3089
  /* @__PURE__ */ f("div", { style: u.fieldGroup, children: [
3044
3090
  /* @__PURE__ */ s("label", { style: u.label, children: y.nameLabel }),
3045
3091
  /* @__PURE__ */ s(
@@ -3048,9 +3094,9 @@ function Yr({
3048
3094
  id: "name",
3049
3095
  name: "name",
3050
3096
  type: "text",
3051
- value: h,
3097
+ value: d,
3052
3098
  onChange: (j) => {
3053
- x(j.target.value), v.clearFieldError("name");
3099
+ A(j.target.value), v.clearFieldError("name");
3054
3100
  },
3055
3101
  placeholder: y.namePlaceholder,
3056
3102
  style: D("name"),
@@ -3079,7 +3125,7 @@ function Yr({
3079
3125
  {
3080
3126
  type: "button",
3081
3127
  onClick: () => {
3082
- C(!1), x(""), I("");
3128
+ C(!1), A(""), I("");
3083
3129
  },
3084
3130
  style: u.toggleLink,
3085
3131
  children: y.hideNameToggle
@@ -3109,7 +3155,7 @@ function Yr({
3109
3155
  ] })
3110
3156
  ] });
3111
3157
  }
3112
- const ur = {
3158
+ const dr = {
3113
3159
  title: "Verifying Magic Link",
3114
3160
  verifyingMessage: "Please wait while we verify your magic link...",
3115
3161
  successMessage: "Magic link verified successfully! You are now logged in.",
@@ -3211,7 +3257,7 @@ const ur = {
3211
3257
  backButtonHover: {
3212
3258
  backgroundColor: "#e5e7eb"
3213
3259
  }
3214
- }, dr = () => /* @__PURE__ */ s("div", { style: ut.spinner }), hr = () => /* @__PURE__ */ f(
3260
+ }, hr = () => /* @__PURE__ */ s("div", { style: ut.spinner }), pr = () => /* @__PURE__ */ f(
3215
3261
  "svg",
3216
3262
  {
3217
3263
  width: "48",
@@ -3228,7 +3274,7 @@ const ur = {
3228
3274
  /* @__PURE__ */ s("polyline", { points: "22,4 12,14.01 9,11.01" })
3229
3275
  ]
3230
3276
  }
3231
- ), pr = () => /* @__PURE__ */ f(
3277
+ ), fr = () => /* @__PURE__ */ f(
3232
3278
  "svg",
3233
3279
  {
3234
3280
  width: "48",
@@ -3246,12 +3292,12 @@ const ur = {
3246
3292
  /* @__PURE__ */ s("line", { x1: "9", y1: "9", x2: "15", y2: "15" })
3247
3293
  ]
3248
3294
  }
3249
- ), fr = {
3250
- loading: /* @__PURE__ */ s(dr, {}),
3251
- success: /* @__PURE__ */ s(hr, {}),
3252
- error: /* @__PURE__ */ s(pr, {})
3295
+ ), mr = {
3296
+ loading: /* @__PURE__ */ s(hr, {}),
3297
+ success: /* @__PURE__ */ s(pr, {}),
3298
+ error: /* @__PURE__ */ s(fr, {})
3253
3299
  };
3254
- function Xr({
3300
+ function en({
3255
3301
  copy: r = {},
3256
3302
  styles: e = {},
3257
3303
  icons: t = {},
@@ -3259,21 +3305,21 @@ function Xr({
3259
3305
  onError: i,
3260
3306
  onRetry: a,
3261
3307
  onBackToLogin: l,
3262
- className: d,
3263
- token: T,
3264
- email: A,
3265
- appId: c,
3266
- tenantSlug: S,
3267
- autoRedirectDelay: h = 3e3
3308
+ className: h,
3309
+ token: S,
3310
+ email: k,
3311
+ appId: T,
3312
+ tenantSlug: c,
3313
+ autoRedirectDelay: d = 3e3
3268
3314
  }) {
3269
- const [x, P] = N("verifying"), [I, R] = N(""), { verifyMagicLink: k } = de(), m = { ...ur, ...r }, g = { ...ut, ...e }, b = { ...fr, ...t }, C = () => {
3315
+ const [A, P] = N("verifying"), [I, R] = N(""), { verifyMagicLink: E } = de(), m = { ...dr, ...r }, g = { ...ut, ...e }, b = { ...mr, ...t }, C = () => {
3270
3316
  if (typeof window > "u") return {};
3271
3317
  const u = new URLSearchParams(window.location.search);
3272
3318
  return {
3273
- token: T || u.get("token") || "",
3274
- email: A || u.get("email") || "",
3275
- appId: c || u.get("appId") || "",
3276
- tenantSlug: S || u.get("tenantSlug") || void 0
3319
+ token: S || u.get("token") || "",
3320
+ email: k || u.get("email") || "",
3321
+ appId: T || u.get("appId") || "",
3322
+ tenantSlug: c || u.get("tenantSlug") || void 0
3277
3323
  };
3278
3324
  }, o = async () => {
3279
3325
  P("verifying"), R("");
@@ -3281,45 +3327,45 @@ function Xr({
3281
3327
  const u = C();
3282
3328
  if (!u.token || !u.email)
3283
3329
  throw new Error(m.missingParamsError);
3284
- const v = await k({
3330
+ const v = await E({
3285
3331
  token: u.token,
3286
3332
  email: u.email,
3287
3333
  tenantSlug: u.tenantSlug
3288
3334
  });
3289
- P("success"), n == null || n(v), h > 0 && setTimeout(() => {
3335
+ P("success"), n == null || n(v), d > 0 && setTimeout(() => {
3290
3336
  P("redirecting");
3291
- }, h);
3337
+ }, d);
3292
3338
  } catch (u) {
3293
3339
  const v = u.message || m.errorMessage;
3294
3340
  R(v), P("error"), i == null || i(v);
3295
3341
  }
3296
3342
  }, p = () => {
3297
3343
  a == null || a(), o();
3298
- }, E = () => {
3344
+ }, x = () => {
3299
3345
  l == null || l();
3300
3346
  };
3301
3347
  re(() => {
3302
3348
  o();
3303
3349
  }, []);
3304
3350
  const y = () => {
3305
- switch (x) {
3351
+ switch (A) {
3306
3352
  case "verifying":
3307
3353
  return /* @__PURE__ */ f("div", { style: g.message, children: [
3308
3354
  b.loading,
3309
3355
  m.verifyingMessage
3310
3356
  ] });
3311
3357
  case "success":
3312
- return /* @__PURE__ */ f(B, { children: [
3358
+ return /* @__PURE__ */ f(U, { children: [
3313
3359
  b.success,
3314
3360
  /* @__PURE__ */ s("div", { style: g.successMessage, children: m.successMessage })
3315
3361
  ] });
3316
3362
  case "redirecting":
3317
- return /* @__PURE__ */ f(B, { children: [
3363
+ return /* @__PURE__ */ f(U, { children: [
3318
3364
  b.loading,
3319
3365
  /* @__PURE__ */ s("div", { style: g.message, children: m.redirectingMessage })
3320
3366
  ] });
3321
3367
  case "error":
3322
- return /* @__PURE__ */ f(B, { children: [
3368
+ return /* @__PURE__ */ f(U, { children: [
3323
3369
  b.error,
3324
3370
  /* @__PURE__ */ s("div", { style: g.errorMessage, children: I || m.errorMessage }),
3325
3371
  /* @__PURE__ */ f("div", { style: g.buttonContainer, children: [
@@ -3343,7 +3389,7 @@ function Xr({
3343
3389
  /* @__PURE__ */ s(
3344
3390
  "button",
3345
3391
  {
3346
- onClick: E,
3392
+ onClick: x,
3347
3393
  style: g.backButton,
3348
3394
  onMouseOver: (u) => {
3349
3395
  Object.assign(u.currentTarget.style, g.backButtonHover);
@@ -3363,7 +3409,7 @@ function Xr({
3363
3409
  return null;
3364
3410
  }
3365
3411
  };
3366
- return /* @__PURE__ */ f("div", { style: g.container, className: d, children: [
3412
+ return /* @__PURE__ */ f("div", { style: g.container, className: h, children: [
3367
3413
  /* @__PURE__ */ s("style", { children: `
3368
3414
  @keyframes spin {
3369
3415
  0% { transform: rotate(0deg); }
@@ -3374,7 +3420,7 @@ function Xr({
3374
3420
  y()
3375
3421
  ] });
3376
3422
  }
3377
- const mr = {
3423
+ const gr = {
3378
3424
  title: "Reset Password",
3379
3425
  subtitle: "Enter your email address and we'll send you a link to reset your password.",
3380
3426
  emailLabel: "Email",
@@ -3401,7 +3447,7 @@ const mr = {
3401
3447
  tenantNotFoundError: "Tenant not found",
3402
3448
  dividerBullet: "•"
3403
3449
  };
3404
- function en({
3450
+ function tn({
3405
3451
  copy: r = {},
3406
3452
  styles: e = {},
3407
3453
  mode: t = "request",
@@ -3409,26 +3455,26 @@ function en({
3409
3455
  onSuccess: i,
3410
3456
  onError: a,
3411
3457
  onBackToLogin: l,
3412
- onModeChange: d,
3413
- className: T
3458
+ onModeChange: h,
3459
+ className: S
3414
3460
  }) {
3415
3461
  var se;
3416
- const [A, c] = N(""), [S, h] = N(n), [x, P] = N(""), [I, R] = N(""), [k, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = de(), C = ((se = pe()) == null ? void 0 : se.tenant) ?? null, o = { ...mr, ...r }, p = Le("#f59e0b", e), E = we({
3462
+ const [k, T] = N(""), [c, d] = N(n), [A, P] = N(""), [I, R] = N(""), [E, m] = N(""), { requestPasswordReset: g, confirmPasswordReset: b } = de(), C = ((se = pe()) == null ? void 0 : se.tenant) ?? null, o = { ...gr, ...r }, p = Le("#f59e0b", e), x = ve({
3417
3463
  defaultErrorMessage: o.errorMessage,
3418
- validate: () => A.trim() ? C != null && C.id ? !0 : (E.setError(o.tenantNotFoundError), !1) : (E.setFieldError("email", !0), !1),
3464
+ validate: () => k.trim() ? C != null && C.id ? !0 : (x.setError(o.tenantNotFoundError), !1) : (x.setFieldError("email", !0), !1),
3419
3465
  submit: async () => {
3420
- m(""), await g({ email: A, tenantId: C.id }), m(o.successMessage);
3466
+ m(""), await g({ email: k, tenantId: C.id }), m(o.successMessage);
3421
3467
  },
3422
3468
  onSuccess: () => i == null ? void 0 : i(),
3423
3469
  onError: a
3424
- }), y = we({
3470
+ }), y = ve({
3425
3471
  defaultErrorMessage: o.errorMessage,
3426
3472
  validate: () => {
3427
3473
  const F = [];
3428
- return S.trim() || F.push("token"), x.trim() || F.push("newPassword"), I.trim() || F.push("confirmPassword"), F.forEach((H) => y.setFieldError(H, !0)), F.length > 0 ? !1 : x !== I ? (y.setError(o.passwordMismatchError), y.setFieldError("confirmPassword", !0), !1) : !0;
3474
+ return c.trim() || F.push("token"), A.trim() || F.push("newPassword"), I.trim() || F.push("confirmPassword"), F.forEach((H) => y.setFieldError(H, !0)), F.length > 0 ? !1 : A !== I ? (y.setError(o.passwordMismatchError), y.setFieldError("confirmPassword", !0), !1) : !0;
3429
3475
  },
3430
3476
  submit: async () => {
3431
- m(""), await b({ token: S, newPassword: x }), m(o.resetSuccessMessage);
3477
+ m(""), await b({ token: c, newPassword: A }), m(o.resetSuccessMessage);
3432
3478
  },
3433
3479
  onSuccess: () => i == null ? void 0 : i(),
3434
3480
  onError: a
@@ -3437,12 +3483,12 @@ function en({
3437
3483
  const F = ($) => ({
3438
3484
  ...p.input,
3439
3485
  ...y.fieldErrors[$] ? p.inputError : {}
3440
- }), j = !(!!S && !!x && !!I) || y.loading, Z = {
3486
+ }), j = !(!!c && !!A && !!I) || y.loading, K = {
3441
3487
  ...p.button,
3442
3488
  ...y.loading ? p.buttonLoading : {},
3443
3489
  ...j ? p.buttonDisabled : {}
3444
3490
  };
3445
- return /* @__PURE__ */ f("div", { className: T, style: p.container, children: [
3491
+ return /* @__PURE__ */ f("div", { className: S, style: p.container, children: [
3446
3492
  /* @__PURE__ */ s("h2", { style: p.title, children: o.resetTitle }),
3447
3493
  /* @__PURE__ */ s("p", { style: p.subtitle, children: o.resetSubtitle }),
3448
3494
  /* @__PURE__ */ f("form", { onSubmit: y.handleSubmit, style: p.form, children: [
@@ -3452,9 +3498,9 @@ function en({
3452
3498
  "input",
3453
3499
  {
3454
3500
  type: "text",
3455
- value: S,
3501
+ value: c,
3456
3502
  onChange: ($) => {
3457
- h($.target.value), y.clearFieldError("token");
3503
+ d($.target.value), y.clearFieldError("token");
3458
3504
  },
3459
3505
  placeholder: o.tokenPlaceholder,
3460
3506
  style: F("token"),
@@ -3468,7 +3514,7 @@ function en({
3468
3514
  "input",
3469
3515
  {
3470
3516
  type: "password",
3471
- value: x,
3517
+ value: A,
3472
3518
  onChange: ($) => {
3473
3519
  P($.target.value), y.clearFieldError("newPassword");
3474
3520
  },
@@ -3494,61 +3540,61 @@ function en({
3494
3540
  }
3495
3541
  )
3496
3542
  ] }),
3497
- /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: Z, children: y.loading ? o.resetLoadingText : o.resetSubmitButton }),
3543
+ /* @__PURE__ */ s("button", { type: "submit", disabled: j, style: K, children: y.loading ? o.resetLoadingText : o.resetSubmitButton }),
3498
3544
  y.error && /* @__PURE__ */ s("div", { style: p.errorText, children: y.error }),
3499
- k && /* @__PURE__ */ s("div", { style: p.successText, children: k })
3545
+ E && /* @__PURE__ */ s("div", { style: p.successText, children: E })
3500
3546
  ] }),
3501
3547
  /* @__PURE__ */ f("div", { style: p.linkContainer, children: [
3502
3548
  /* @__PURE__ */ s("a", { onClick: l, style: p.link, children: o.backToLoginLink }),
3503
- d && /* @__PURE__ */ f(B, { children: [
3549
+ h && /* @__PURE__ */ f(U, { children: [
3504
3550
  /* @__PURE__ */ s("span", { style: p.modeSwitchDivider, children: o.dividerBullet }),
3505
- /* @__PURE__ */ s("a", { onClick: () => d("request"), style: p.link, children: o.requestNewLinkLink })
3551
+ /* @__PURE__ */ s("a", { onClick: () => h("request"), style: p.link, children: o.requestNewLinkLink })
3506
3552
  ] })
3507
3553
  ] })
3508
3554
  ] });
3509
3555
  }
3510
3556
  const u = (F) => ({
3511
3557
  ...p.input,
3512
- ...E.fieldErrors[F] ? p.inputError : {}
3513
- }), v = !A || E.loading, D = {
3558
+ ...x.fieldErrors[F] ? p.inputError : {}
3559
+ }), v = !k || x.loading, D = {
3514
3560
  ...p.button,
3515
- ...E.loading ? p.buttonLoading : {},
3561
+ ...x.loading ? p.buttonLoading : {},
3516
3562
  ...v ? p.buttonDisabled : {}
3517
3563
  };
3518
- return /* @__PURE__ */ f("div", { className: T, style: p.container, children: [
3564
+ return /* @__PURE__ */ f("div", { className: S, style: p.container, children: [
3519
3565
  /* @__PURE__ */ s("h2", { style: p.title, children: o.title }),
3520
3566
  /* @__PURE__ */ s("p", { style: p.subtitle, children: o.subtitle }),
3521
- /* @__PURE__ */ f("form", { onSubmit: E.handleSubmit, style: p.form, children: [
3567
+ /* @__PURE__ */ f("form", { onSubmit: x.handleSubmit, style: p.form, children: [
3522
3568
  /* @__PURE__ */ f("div", { style: p.fieldGroup, children: [
3523
3569
  /* @__PURE__ */ s("label", { style: p.label, children: o.emailLabel }),
3524
3570
  /* @__PURE__ */ s(
3525
3571
  "input",
3526
3572
  {
3527
3573
  type: "email",
3528
- value: A,
3574
+ value: k,
3529
3575
  onChange: (F) => {
3530
- c(F.target.value), E.clearFieldError("email");
3576
+ T(F.target.value), x.clearFieldError("email");
3531
3577
  },
3532
3578
  placeholder: o.emailPlaceholder,
3533
3579
  style: u("email"),
3534
- disabled: E.loading
3580
+ disabled: x.loading
3535
3581
  }
3536
3582
  )
3537
3583
  ] }),
3538
- /* @__PURE__ */ s("button", { type: "submit", disabled: v, style: D, children: E.loading ? o.loadingText : o.submitButton }),
3539
- E.error && /* @__PURE__ */ s("div", { style: p.errorText, children: E.error }),
3540
- k && /* @__PURE__ */ s("div", { style: p.successText, children: k })
3584
+ /* @__PURE__ */ s("button", { type: "submit", disabled: v, style: D, children: x.loading ? o.loadingText : o.submitButton }),
3585
+ x.error && /* @__PURE__ */ s("div", { style: p.errorText, children: x.error }),
3586
+ E && /* @__PURE__ */ s("div", { style: p.successText, children: E })
3541
3587
  ] }),
3542
3588
  /* @__PURE__ */ f("div", { style: p.linkContainer, children: [
3543
3589
  /* @__PURE__ */ s("a", { onClick: l, style: p.link, children: o.backToLoginLink }),
3544
- d && /* @__PURE__ */ f(B, { children: [
3590
+ h && /* @__PURE__ */ f(U, { children: [
3545
3591
  /* @__PURE__ */ s("span", { style: p.modeSwitchDivider, children: o.dividerBullet }),
3546
- /* @__PURE__ */ s("a", { onClick: () => d("reset"), style: p.link, children: o.haveTokenLink })
3592
+ /* @__PURE__ */ s("a", { onClick: () => h("reset"), style: p.link, children: o.haveTokenLink })
3547
3593
  ] })
3548
3594
  ] })
3549
3595
  ] });
3550
3596
  }
3551
- const gr = () => /* @__PURE__ */ s(
3597
+ const yr = () => /* @__PURE__ */ s(
3552
3598
  "div",
3553
3599
  {
3554
3600
  style: {
@@ -3560,7 +3606,7 @@ const gr = () => /* @__PURE__ */ s(
3560
3606
  },
3561
3607
  children: /* @__PURE__ */ s("div", { children: "Loading..." })
3562
3608
  }
3563
- ), yr = ({ error: r, retry: e }) => /* @__PURE__ */ f(
3609
+ ), br = ({ error: r, retry: e }) => /* @__PURE__ */ f(
3564
3610
  "div",
3565
3611
  {
3566
3612
  style: {
@@ -3594,43 +3640,43 @@ const gr = () => /* @__PURE__ */ s(
3594
3640
  ]
3595
3641
  }
3596
3642
  );
3597
- function tn({
3643
+ function rn({
3598
3644
  children: r,
3599
3645
  loadingFallback: e,
3600
3646
  errorFallback: t,
3601
3647
  requireTenant: n = !0
3602
3648
  }) {
3603
- const { isAppLoading: i, appError: a, retryApp: l } = Ae(), d = pe(), T = Oe(), A = at(), c = lt(), S = (d == null ? void 0 : d.isTenantLoading) ?? !1, h = (d == null ? void 0 : d.tenantError) ?? null, x = (d == null ? void 0 : d.tenantSlug) ?? null, P = (d == null ? void 0 : d.retryTenant) ?? (() => {
3604
- }), I = (T == null ? void 0 : T.isAuthReady) ?? !0, R = (A == null ? void 0 : A.isReady) ?? !0, k = (c == null ? void 0 : c.isReady) ?? !0, m = n && d && x, o = i || m && S || T && !I || A && !R || c && !k, p = a || (m ? h : null), E = () => {
3605
- a && l(), h && d && P();
3649
+ const { isAppLoading: i, appError: a, retryApp: l } = Ae(), h = pe(), S = Oe(), k = at(), T = lt(), c = (h == null ? void 0 : h.isTenantLoading) ?? !1, d = (h == null ? void 0 : h.tenantError) ?? null, A = (h == null ? void 0 : h.tenantSlug) ?? null, P = (h == null ? void 0 : h.retryTenant) ?? (() => {
3650
+ }), I = (S == null ? void 0 : S.isAuthReady) ?? !0, R = (k == null ? void 0 : k.isReady) ?? !0, E = (T == null ? void 0 : T.isReady) ?? !0, m = n && h && A, o = i || m && c || S && !I || k && !R || T && !E, p = a || (m ? d : null), x = () => {
3651
+ a && l(), d && h && P();
3606
3652
  };
3607
3653
  if (o)
3608
- return /* @__PURE__ */ s(B, { children: e || /* @__PURE__ */ s(gr, {}) });
3654
+ return /* @__PURE__ */ s(U, { children: e || /* @__PURE__ */ s(yr, {}) });
3609
3655
  if (p) {
3610
- const y = typeof t == "function" ? t(p, E) : t || /* @__PURE__ */ s(yr, { error: p, retry: E });
3611
- return /* @__PURE__ */ s(B, { children: y });
3656
+ const y = typeof t == "function" ? t(p, x) : t || /* @__PURE__ */ s(br, { error: p, retry: x });
3657
+ return /* @__PURE__ */ s(U, { children: y });
3612
3658
  }
3613
- return /* @__PURE__ */ s(B, { children: r });
3659
+ return /* @__PURE__ */ s(U, { children: r });
3614
3660
  }
3615
- function rn(r = !0) {
3616
- const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = Ae(), a = pe(), l = Oe(), d = at(), T = lt(), A = (a == null ? void 0 : a.isTenantLoading) ?? !1, c = (a == null ? void 0 : a.tenantError) ?? null, S = (a == null ? void 0 : a.tenant) ?? null, h = (a == null ? void 0 : a.tenantSlug) ?? null, x = (a == null ? void 0 : a.retryTenant) ?? (() => {
3617
- }), P = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (d == null ? void 0 : d.isReady) ?? !0, R = (T == null ? void 0 : T.isReady) ?? !0, k = r && a && h, C = e || k && A || l && !P || d && !I || T && !R, o = t || (k ? c : null);
3661
+ function nn(r = !0) {
3662
+ const { isAppLoading: e, appError: t, retryApp: n, appInfo: i } = Ae(), a = pe(), l = Oe(), h = at(), S = lt(), k = (a == null ? void 0 : a.isTenantLoading) ?? !1, T = (a == null ? void 0 : a.tenantError) ?? null, c = (a == null ? void 0 : a.tenant) ?? null, d = (a == null ? void 0 : a.tenantSlug) ?? null, A = (a == null ? void 0 : a.retryTenant) ?? (() => {
3663
+ }), P = (l == null ? void 0 : l.isAuthReady) ?? !0, I = (h == null ? void 0 : h.isReady) ?? !0, R = (S == null ? void 0 : S.isReady) ?? !0, E = r && a && d, C = e || E && k || l && !P || h && !I || S && !R, o = t || (E ? T : null);
3618
3664
  return {
3619
3665
  isLoading: C,
3620
3666
  error: o,
3621
- isReady: !C && !o && i !== null && (!k || S !== null),
3667
+ isReady: !C && !o && i !== null && (!E || c !== null),
3622
3668
  retry: () => {
3623
- t && n(), c && a && x();
3669
+ t && n(), T && a && A();
3624
3670
  },
3625
3671
  // Individual states
3626
3672
  app: { isLoading: e, error: t, data: i },
3627
- tenant: a ? { isLoading: A, error: c, data: S } : null,
3673
+ tenant: a ? { isLoading: k, error: T, data: c } : null,
3628
3674
  auth: l ? { isReady: P } : null,
3629
- featureFlags: d ? { isReady: I } : null,
3630
- subscription: T ? { isReady: R } : null
3675
+ featureFlags: h ? { isReady: I } : null,
3676
+ subscription: S ? { isReady: R } : null
3631
3677
  };
3632
3678
  }
3633
- const br = {
3679
+ const wr = {
3634
3680
  wrapper: {
3635
3681
  position: "relative"
3636
3682
  },
@@ -3674,7 +3720,7 @@ const br = {
3674
3720
  marginLeft: 8
3675
3721
  }
3676
3722
  };
3677
- function nn({
3723
+ function sn({
3678
3724
  tenants: r,
3679
3725
  currentTenantId: e,
3680
3726
  onSelect: t,
@@ -3682,14 +3728,14 @@ function nn({
3682
3728
  className: i = "",
3683
3729
  dropdownClassName: a = "",
3684
3730
  itemClassName: l = "",
3685
- renderItem: d,
3686
- placeholder: T = "Select tenant",
3687
- disabled: A = !1,
3688
- showCurrentTenant: c = !0
3731
+ renderItem: h,
3732
+ placeholder: S = "Select tenant",
3733
+ disabled: k = !1,
3734
+ showCurrentTenant: T = !0
3689
3735
  }) {
3690
3736
  var C;
3691
- const S = { ...br, ...n }, h = Oe(), [x, P] = N(!1), I = Ee(null), R = r ?? (h == null ? void 0 : h.userTenants) ?? [], k = e ?? ((C = h == null ? void 0 : h.currentUser) == null ? void 0 : C.tenantId) ?? null, m = async (o) => {
3692
- P(!1), t ? t(o) : h != null && h.switchToTenant && await h.switchToTenant(o);
3737
+ const c = { ...wr, ...n }, d = Oe(), [A, P] = N(!1), I = ye(null), R = r ?? (d == null ? void 0 : d.userTenants) ?? [], E = e ?? ((C = d == null ? void 0 : d.currentUser) == null ? void 0 : C.tenantId) ?? null, m = async (o) => {
3738
+ P(!1), t ? t(o) : d != null && d.switchToTenant && await d.switchToTenant(o);
3693
3739
  };
3694
3740
  re(() => {
3695
3741
  const o = (p) => {
@@ -3697,66 +3743,66 @@ function nn({
3697
3743
  };
3698
3744
  return document.addEventListener("mousedown", o), () => document.removeEventListener("mousedown", o);
3699
3745
  }, []);
3700
- const g = R.find((o) => o.id === k);
3746
+ const g = R.find((o) => o.id === E);
3701
3747
  if (R.length === 0)
3702
3748
  return null;
3703
- if (R.length === 1 && c)
3749
+ if (R.length === 1 && T)
3704
3750
  return /* @__PURE__ */ s("div", { className: i, children: /* @__PURE__ */ s("span", { children: R[0].name }) });
3705
3751
  const b = (o, p) => /* @__PURE__ */ f("span", { style: { fontWeight: p ? "bold" : "normal" }, children: [
3706
3752
  o.name,
3707
- o.role && /* @__PURE__ */ f("span", { style: S.itemRole, children: [
3753
+ o.role && /* @__PURE__ */ f("span", { style: c.itemRole, children: [
3708
3754
  "(",
3709
3755
  o.role,
3710
3756
  ")"
3711
3757
  ] })
3712
3758
  ] });
3713
- return /* @__PURE__ */ f("div", { ref: I, className: i, style: S.wrapper, children: [
3759
+ return /* @__PURE__ */ f("div", { ref: I, className: i, style: c.wrapper, children: [
3714
3760
  /* @__PURE__ */ f(
3715
3761
  "button",
3716
3762
  {
3717
3763
  type: "button",
3718
- onClick: () => !A && P(!x),
3719
- disabled: A,
3764
+ onClick: () => !k && P(!A),
3765
+ disabled: k,
3720
3766
  style: {
3721
- ...S.button,
3722
- ...A ? S.buttonDisabled : {}
3767
+ ...c.button,
3768
+ ...k ? c.buttonDisabled : {}
3723
3769
  },
3724
3770
  children: [
3725
- g ? g.name : T,
3726
- /* @__PURE__ */ s("span", { style: S.arrow, children: x ? "▲" : "▼" })
3771
+ g ? g.name : S,
3772
+ /* @__PURE__ */ s("span", { style: c.arrow, children: A ? "▲" : "▼" })
3727
3773
  ]
3728
3774
  }
3729
3775
  ),
3730
- x && /* @__PURE__ */ s("div", { className: a, style: S.dropdown, children: R.map((o) => {
3731
- const p = o.id === k;
3776
+ A && /* @__PURE__ */ s("div", { className: a, style: c.dropdown, children: R.map((o) => {
3777
+ const p = o.id === E;
3732
3778
  return /* @__PURE__ */ s(
3733
3779
  "div",
3734
3780
  {
3735
3781
  className: l,
3736
3782
  onClick: () => m(o.id),
3737
3783
  style: {
3738
- ...S.item,
3739
- ...p ? S.itemSelected : {}
3784
+ ...c.item,
3785
+ ...p ? c.itemSelected : {}
3740
3786
  },
3741
- onMouseEnter: (E) => {
3742
- p || Object.assign(E.currentTarget.style, S.itemHover);
3787
+ onMouseEnter: (x) => {
3788
+ p || Object.assign(x.currentTarget.style, c.itemHover);
3743
3789
  },
3744
- onMouseLeave: (E) => {
3790
+ onMouseLeave: (x) => {
3745
3791
  if (!p) {
3746
- const y = S.item || {};
3747
- Object.keys(S.itemHover || {}).forEach((u) => {
3748
- E.currentTarget.style[u] = y[u] ?? "";
3792
+ const y = c.item || {};
3793
+ Object.keys(c.itemHover || {}).forEach((u) => {
3794
+ x.currentTarget.style[u] = y[u] ?? "";
3749
3795
  });
3750
3796
  }
3751
3797
  },
3752
- children: d ? d(o, p) : b(o, p)
3798
+ children: h ? h(o, p) : b(o, p)
3753
3799
  },
3754
3800
  o.id
3755
3801
  );
3756
3802
  }) })
3757
3803
  ] });
3758
3804
  }
3759
- class sn {
3805
+ class on {
3760
3806
  constructor(e) {
3761
3807
  this.httpService = e;
3762
3808
  }
@@ -3789,7 +3835,7 @@ class sn {
3789
3835
  return { permissions: n.data, meta: n.meta };
3790
3836
  }
3791
3837
  }
3792
- class on {
3838
+ class an {
3793
3839
  constructor(e) {
3794
3840
  this.httpService = e;
3795
3841
  }
@@ -3820,7 +3866,7 @@ class on {
3820
3866
  await this.httpService.delete(`/subscription-plans/${e}`);
3821
3867
  }
3822
3868
  }
3823
- class an {
3869
+ class ln {
3824
3870
  constructor(e) {
3825
3871
  this.httpService = e;
3826
3872
  }
@@ -3830,12 +3876,12 @@ class an {
3830
3876
  }
3831
3877
  }
3832
3878
  const dt = "returnTo", Ce = "zone_return_to", De = "zone_return_to";
3833
- function ln(r = {}) {
3879
+ function cn(r = {}) {
3834
3880
  const {
3835
3881
  zoneRoots: e = {},
3836
3882
  returnToParam: t = dt,
3837
3883
  returnToStorage: n = "url"
3838
- } = r, i = wt(), [a, l] = vt(), { isAuthenticated: d, currentUser: T } = de(), { tenant: A } = ve(), c = V(() => ({ ...ze, ...e }), [e]), S = !!A, h = T == null ? void 0 : T.userType, x = V(() => {
3884
+ } = r, i = vt(), [a, l] = Tt(), { isAuthenticated: h, currentUser: S } = de(), { tenant: k } = Te(), T = V(() => ({ ...ze, ...e }), [e]), c = !!k, d = S == null ? void 0 : S.userType, A = V(() => {
3839
3885
  switch (n) {
3840
3886
  case "url":
3841
3887
  return a.get(t);
@@ -3879,92 +3925,92 @@ function ln(r = {}) {
3879
3925
  [n, a, t, l]
3880
3926
  ), R = te(
3881
3927
  (m) => {
3882
- const g = c[m] || c.default;
3928
+ const g = T[m] || T.default;
3883
3929
  i(g);
3884
3930
  },
3885
- [i, c]
3886
- ), k = te(() => S ? d ? h === ae.TENANT_ADMIN ? c.tenantAdmin : c.tenantUser : c.tenantGuest : d ? h === ae.TENANT_ADMIN ? c.publicAdmin : c.publicUser : c.publicGuest, [S, d, h, c]);
3931
+ [i, T]
3932
+ ), E = te(() => c ? h ? d === ae.TENANT_ADMIN ? T.tenantAdmin : T.tenantUser : T.tenantGuest : h ? d === ae.TENANT_ADMIN ? T.publicAdmin : T.publicUser : T.publicGuest, [c, h, d, T]);
3887
3933
  return {
3888
- returnToUrl: x,
3934
+ returnToUrl: A,
3889
3935
  clearReturnTo: P,
3890
3936
  setReturnTo: I,
3891
3937
  navigateToZone: R,
3892
- getSmartRedirect: k
3938
+ getSmartRedirect: E
3893
3939
  };
3894
3940
  }
3895
- function cn(r, e, t = dt, n = "url") {
3941
+ function un(r, e, t = dt, n = "url") {
3896
3942
  if (!e || n !== "url")
3897
3943
  return r;
3898
3944
  const i = new URL(r, window.location.origin);
3899
3945
  return i.searchParams.set(t, e), i.pathname + i.search;
3900
3946
  }
3901
3947
  export {
3902
- qr as AdminZone,
3948
+ zr as AdminZone,
3903
3949
  Je as AppApiService,
3904
- tn as AppLoader,
3905
- Sr as AppProvider,
3906
- Nt as AuthApiService,
3907
- Rr as AuthProvider,
3908
- Or as AuthenticatedZone,
3950
+ rn as AppLoader,
3951
+ kr as AppProvider,
3952
+ Ct as AuthApiService,
3953
+ Pr as AuthProvider,
3954
+ Vr as AuthenticatedZone,
3909
3955
  oe as ConfigurationError,
3910
3956
  ct as DEFAULT_ZONE_PRESETS,
3911
3957
  ze as DEFAULT_ZONE_ROOTS,
3912
- Jr as FeatureFlag,
3913
- Ot as FeatureFlagApiService,
3914
- Lr as FeatureFlagProvider,
3915
- Vr as GuestZone,
3916
- an as HealthApiService,
3958
+ Zr as FeatureFlag,
3959
+ Vt as FeatureFlagApiService,
3960
+ Fr as FeatureFlagProvider,
3961
+ qr as GuestZone,
3962
+ ln as HealthApiService,
3917
3963
  he as HttpService,
3918
- Ur as LandingRoute,
3919
- Zr as LoginForm,
3920
- Yr as MagicLinkForm,
3921
- Xr as MagicLinkVerify,
3922
- jr as OpenZone,
3923
- en as PasswordRecoveryForm,
3924
- sn as PermissionApiService,
3925
- Dr as Protected,
3926
- Mr as ProtectedRoute,
3927
- _r as PublicZone,
3928
- Ct as RoleApiService,
3929
- Nr as RoutingProvider,
3930
- ee as SessionExpiredError,
3964
+ Br as LandingRoute,
3965
+ Kr as LoginForm,
3966
+ Xr as MagicLinkForm,
3967
+ en as MagicLinkVerify,
3968
+ Wr as OpenZone,
3969
+ tn as PasswordRecoveryForm,
3970
+ on as PermissionApiService,
3971
+ Mr as Protected,
3972
+ $r as ProtectedRoute,
3973
+ Or as PublicZone,
3974
+ Dt as RoleApiService,
3975
+ Cr as RoutingProvider,
3976
+ Z as SessionExpiredError,
3931
3977
  Me as SessionManager,
3932
- Kr as SignupForm,
3933
- qt as SubscriptionApiService,
3934
- Qr as SubscriptionGuard,
3935
- on as SubscriptionPlanApiService,
3936
- Fr as SubscriptionProvider,
3937
- ye as TenantApiService,
3938
- Wr as TenantAuthenticatedZone,
3939
- Hr as TenantGuestZone,
3940
- Gr as TenantOpenZone,
3941
- Er as TenantProvider,
3942
- $r as TenantRoute,
3943
- nn as TenantSelector,
3944
- Br as TenantZone,
3945
- kt as TokenRefreshError,
3946
- St as TokenRefreshTimeoutError,
3947
- Dt as UserApiService,
3978
+ Yr as SignupForm,
3979
+ zt as SubscriptionApiService,
3980
+ Jr as SubscriptionGuard,
3981
+ an as SubscriptionPlanApiService,
3982
+ Nr as SubscriptionProvider,
3983
+ be as TenantApiService,
3984
+ Gr as TenantAuthenticatedZone,
3985
+ Qr as TenantGuestZone,
3986
+ Hr as TenantOpenZone,
3987
+ xr as TenantProvider,
3988
+ Ur as TenantRoute,
3989
+ sn as TenantSelector,
3990
+ _r as TenantZone,
3991
+ Et as TokenRefreshError,
3992
+ kt as TokenRefreshTimeoutError,
3993
+ Mt as UserApiService,
3948
3994
  ae as UserType,
3949
- zr as UserZone,
3995
+ jr as UserZone,
3950
3996
  ue as ZoneRoute,
3951
- cn as buildRedirectUrl,
3952
- kr as useApi,
3997
+ un as buildRedirectUrl,
3998
+ Er as useApi,
3953
3999
  Ae as useApp,
3954
- rn as useAppLoaderState,
4000
+ nn as useAppLoaderState,
3955
4001
  de as useAuth,
3956
- Ir as useAuthActions,
4002
+ Lr as useAuthActions,
3957
4003
  Oe as useAuthOptional,
3958
- Pr as useAuthState,
3959
- Vt as useFeatureFlags,
3960
- Cr as useRouting,
3961
- Wt as useRoutingOptional,
3962
- Ar as useSettings,
3963
- zt as useSubscription,
3964
- ve as useTenant,
4004
+ Ir as useAuthState,
4005
+ qt as useFeatureFlags,
4006
+ Dr as useRouting,
4007
+ Gt as useRoutingOptional,
4008
+ Rr as useSettings,
4009
+ jt as useSubscription,
4010
+ Te as useTenant,
3965
4011
  ot as useTenantInfo,
3966
4012
  pe as useTenantOptional,
3967
- xr as useTenantSettings,
3968
- ln as useZoneNavigation
4013
+ Ar as useTenantSettings,
4014
+ cn as useZoneNavigation
3969
4015
  };
3970
4016
  //# sourceMappingURL=index.es.js.map