@smg-automotive/auth 7.0.0 → 7.1.0-always-mount-auth-under-proxy-segment.2

package/dist/cjs/server/middleware/login.js

@@ -0,0 +1,37 @@
+'use strict';
+
+const addLoginParamsFromCookies = ({ request, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const hasSellerId = searchParams.has('seller_id');
+    if (!hasSellerId) {
+        const sellerId = request.cookies.get(selectedSellerIdCookie.name)?.value;
+        if (sellerId) {
+            searchParams.set('seller_id', sellerId);
+        }
+    }
+    const hasImpersonateSellerId = searchParams.has('impersonate_seller_id');
+    if (!hasImpersonateSellerId) {
+        const impersonatedSellerId = request.cookies.get(impersonatedSellerIdCookie.name)?.value;
+        if (impersonatedSellerId) {
+            searchParams.set('impersonate_seller_id', impersonatedSellerId);
+        }
+    }
+    request.nextUrl.search = searchParams.toString();
+};
+const setLoginRelatedCookies = ({ request, response, auth0Config: { selectedSellerIdCookie, impersonatedSellerIdCookie, loginEndpoint, }, }) => {
+    if (request.nextUrl.pathname !== loginEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    if (searchParams.has('seller_id')) {
+        response.cookies.set(selectedSellerIdCookie.name, searchParams.get('seller_id'), selectedSellerIdCookie);
+    }
+    if (searchParams.has('impersonate_seller_id')) {
+        response.cookies.set(impersonatedSellerIdCookie.name, searchParams.get('impersonate_seller_id'), impersonatedSellerIdCookie);
+    }
+};
+
+exports.addLoginParamsFromCookies = addLoginParamsFromCookies;
+exports.setLoginRelatedCookies = setLoginRelatedCookies;
+//# sourceMappingURL=login.js.map

package/dist/cjs/server/middleware/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sources":["../../../../../src/server/middleware/login.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAIO,MAAM,yBAAyB,GAAG,CAAC,EACxC,OAAO,EACP,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAIF,KAAI;AACH,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAChE,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC;IACjD,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK;QACxE,IAAI,QAAQ,EAAE;AACZ,YAAA,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC;QACzC;IACF;IAEA,MAAM,sBAAsB,GAAG,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACxE,IAAI,CAAC,sBAAsB,EAAE;AAC3B,QAAA,MAAM,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAC9C,0BAA0B,CAAC,IAAI,CAChC,EAAE,KAAK;QAER,IAAI,oBAAoB,EAAE;AACxB,YAAA,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC;QACjE;IACF;IAEA,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;MAEa,sBAAsB,GAAG,CAAC,EACrC,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,sBAAsB,EACtB,0BAA0B,EAC1B,aAAa,GACd,GAKF,KAAI;AACH,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,aAAa;QAAE;IAEhD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;AAChE,IAAA,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;AACjC,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,sBAAsB,CAAC,IAAI,EAC3B,YAAY,CAAC,GAAG,CAAC,WAAW,CAAE,EAC9B,sBAAsB,CACvB;IACH;AAEA,IAAA,IAAI,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE;AAC7C,QAAA,QAAQ,CAAC,OAAO,CAAC,GAAG,CAClB,0BAA0B,CAAC,IAAI,EAC/B,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAE,EAC1C,0BAA0B,CAC3B;IACH;AACF;;;;;"}

package/dist/cjs/server/middleware/logout.d.ts

@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Config } from 'src/types';
+export declare const handleCrossDomainLogout: ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }: {
+    host: string;
+    protocol: string;
+    request: NextRequest;
+    auth0Config: Auth0Config;
+}) => NextResponse | void;
+export declare const deleteRelatedSessionCookies: ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }: {
+    host: string;
+    request: NextRequest;
+    response: NextResponse;
+    auth0Config: Auth0Config;
+}) => void;

package/dist/cjs/server/middleware/logout.js

@@ -0,0 +1,118 @@
+'use strict';
+
+var server = require('next/server');
+
+const validateReturnTo = ({ pathOrUrl, host, protocol, otherDomainHost, crossDomainLogout, }) => {
+    if (typeof pathOrUrl !== 'string')
+        return false;
+    if (pathOrUrl.length > 2048)
+        return false;
+    try {
+        const decodedPathOrUrl = decodeURIComponent(pathOrUrl);
+        const isUrl = decodedPathOrUrl.startsWith('http');
+        const parsedUrlOrPath = new URL(isUrl ? decodedPathOrUrl : `${protocol}://${host}${decodedPathOrUrl}`);
+        const decodedPath = parsedUrlOrPath.pathname;
+        if (crossDomainLogout &&
+            isUrl &&
+            parsedUrlOrPath.host !== otherDomainHost) {
+            return false;
+        }
+        if (!crossDomainLogout && parsedUrlOrPath.host !== host) {
+            return false;
+        }
+        if (!decodedPath.startsWith('/') || decodedPath.startsWith('//')) {
+            return false;
+        }
+        // Limit chars in return to path to prevent injections
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        const SAFE_PATH_REGEX = /^\/[a-zA-Z0-9/_\-?.=]*$/;
+        return SAFE_PATH_REGEX.test(decodedPath);
+    }
+    catch (error) {
+        // eslint-disable-next-line no-console
+        console.warn('Error parsing URL or path:', error);
+        return false;
+    }
+};
+const getOtherDomainHost = (currentHost) => {
+    if (currentHost.includes('autoscout24')) {
+        return currentHost.replace('autoscout24', 'motoscout24');
+    }
+    if (currentHost.includes('motoscout24')) {
+        return currentHost.replace('motoscout24', 'autoscout24');
+    }
+    return currentHost;
+};
+const handleCrossDomainLogout = ({ host, protocol, request, auth0Config: { languageConfig, logoutEndpoint }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint)
+        return;
+    const searchParams = new URLSearchParams(request.nextUrl.search);
+    const specifiedReturnTo = searchParams.get('returnTo') || '';
+    const crossDomainLogout = searchParams.get('crossDomain') === 'true';
+    const otherDomainHost = getOtherDomainHost(host);
+    let returnTo = `/${searchParams.get('locale') || languageConfig.default}`;
+    const isSafePath = validateReturnTo({
+        protocol,
+        host,
+        otherDomainHost,
+        pathOrUrl: specifiedReturnTo,
+        crossDomainLogout,
+    });
+    if (isSafePath) {
+        returnTo = specifiedReturnTo;
+    }
+    if (!crossDomainLogout && otherDomainHost && otherDomainHost !== host) {
+        const currentDomainUrl = `${protocol}://${host}`;
+        const backToCurrentDomainUrl = new URL(logoutEndpoint, currentDomainUrl);
+        backToCurrentDomainUrl.searchParams.set('returnTo', returnTo);
+        backToCurrentDomainUrl.searchParams.set('crossDomain', 'true');
+        const otherDomainLogoutUrl = new URL(logoutEndpoint, `${protocol}://${otherDomainHost}`);
+        otherDomainLogoutUrl.searchParams.set('crossDomain', 'true');
+        otherDomainLogoutUrl.searchParams.set('returnTo', backToCurrentDomainUrl.toString());
+        return server.NextResponse.redirect(otherDomainLogoutUrl, {
+            status: 302,
+        });
+    }
+    searchParams.set('returnTo', returnTo);
+    request.nextUrl.search = searchParams.toString();
+};
+const getLegacyCookieDomain = (hostname) => {
+    const parts = hostname.split('.');
+    if (parts.length < 2)
+        return `.${hostname}`;
+    const base = parts.slice(-2).join('.');
+    return `.${base}`;
+};
+const deleteRelatedSessionCookies = ({ host, request, response, auth0Config: { logoutEndpoint, authCookieNames, legacyAccessTokenName, legacyRefreshTokenName, }, }) => {
+    if (request.nextUrl.pathname !== logoutEndpoint || !response)
+        return;
+    authCookieNames.forEach((cookieName) => {
+        response.cookies.delete({
+            name: cookieName,
+            maxAge: 0,
+            path: '/',
+        });
+        response.cookies.delete({
+            name: `${cookieName}__0`,
+            maxAge: 0,
+            path: '/',
+        });
+    });
+    const legacyCookieDomain = getLegacyCookieDomain(host);
+    response.cookies.delete({
+        name: legacyAccessTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+    response.cookies.delete({
+        name: legacyRefreshTokenName,
+        maxAge: 0,
+        path: '/',
+        domain: legacyCookieDomain,
+    });
+};
+
+exports.deleteRelatedSessionCookies = deleteRelatedSessionCookies;
+exports.handleCrossDomainLogout = handleCrossDomainLogout;
+//# sourceMappingURL=logout.js.map

package/dist/cjs/server/middleware/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sources":["../../../../../src/server/middleware/logout.ts"],"sourcesContent":[null],"names":["NextResponse"],"mappings":";;;;AAIA,MAAM,gBAAgB,GAAG,CAAC,EACxB,SAAS,EACT,IAAI,EACJ,QAAQ,EACR,eAAe,EACf,iBAAiB,GAOlB,KAAI;IACH,IAAI,OAAO,SAAS,KAAK,QAAQ;AAAE,QAAA,OAAO,KAAK;AAC/C,IAAA,IAAI,SAAS,CAAC,MAAM,GAAG,IAAI;AAAE,QAAA,OAAO,KAAK;AAEzC,IAAA,IAAI;AACF,QAAA,MAAM,gBAAgB,GAAG,kBAAkB,CAAC,SAAS,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,CAAC,UAAU,CAAC,MAAM,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,GAAG,CAC7B,KAAK,GAAG,gBAAgB,GAAG,GAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,CAAA,EAAG,gBAAgB,CAAA,CAAE,CACtE;AACD,QAAA,MAAM,WAAW,GAAG,eAAe,CAAC,QAAQ;AAE5C,QAAA,IACE,iBAAiB;YACjB,KAAK;AACL,YAAA,eAAe,CAAC,IAAI,KAAK,eAAe,EACxC;AACA,YAAA,OAAO,KAAK;QACd;QAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,CAAC,IAAI,KAAK,IAAI,EAAE;AACvD,YAAA,OAAO,KAAK;QACd;AAEA,QAAA,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChE,YAAA,OAAO,KAAK;QACd;;;QAIA,MAAM,eAAe,GAAG,yBAAyB;AACjD,QAAA,OAAO,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;IAC1C;IAAE,OAAO,KAAK,EAAE;;AAEd,QAAA,OAAO,CAAC,IAAI,CAAC,4BAA4B,EAAE,KAAK,CAAC;AACjD,QAAA,OAAO,KAAK;IACd;AACF,CAAC;AAED,MAAM,kBAAkB,GAAG,CAAC,WAAmB,KAAY;AACzD,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,IAAI,WAAW,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;QACvC,OAAO,WAAW,CAAC,OAAO,CAAC,aAAa,EAAE,aAAa,CAAC;IAC1D;AACA,IAAA,OAAO,WAAW;AACpB,CAAC;MAEY,uBAAuB,GAAG,CAAC,EACtC,IAAI,EACJ,QAAQ,EACR,OAAO,EACP,WAAW,EAAE,EAAE,cAAc,EAAE,cAAc,EAAE,GAMhD,KAAyB;AACxB,IAAA,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc;QAAE;IAEjD,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhE,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE;IAC5D,MAAM,iBAAiB,GAAG,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,MAAM;AAEpE,IAAA,MAAM,eAAe,GAAG,kBAAkB,CAAC,IAAI,CAAC;AAChD,IAAA,IAAI,QAAQ,GAAG,CAAA,CAAA,EAAI,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE;IACzE,MAAM,UAAU,GAAG,gBAAgB,CAAC;QAClC,QAAQ;QACR,IAAI;QACJ,eAAe;AACf,QAAA,SAAS,EAAE,iBAAiB;QAC5B,iBAAiB;AAClB,KAAA,CAAC;IACF,IAAI,UAAU,EAAE;QACd,QAAQ,GAAG,iBAAiB;IAC9B;IAEA,IAAI,CAAC,iBAAiB,IAAI,eAAe,IAAI,eAAe,KAAK,IAAI,EAAE;AACrE,QAAA,MAAM,gBAAgB,GAAG,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,IAAI,EAAE;QAChD,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,gBAAgB,CAAC;QACxE,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;QAC7D,sBAAsB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAE9D,QAAA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,cAAc,EACd,CAAA,EAAG,QAAQ,CAAA,GAAA,EAAM,eAAe,CAAA,CAAE,CACnC;QACD,oBAAoB,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC;AAC5D,QAAA,oBAAoB,CAAC,YAAY,CAAC,GAAG,CACnC,UAAU,EACV,sBAAsB,CAAC,QAAQ,EAAE,CAClC;AAED,QAAA,OAAOA,mBAAY,CAAC,QAAQ,CAAC,oBAAoB,EAAE;AACjD,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CAAC;IACJ;AAEA,IAAA,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC;IACtC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,QAAQ,EAAE;AAClD;AAEA,MAAM,qBAAqB,GAAG,CAAC,QAAgB,KAAI;IACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC;AACjC,IAAA,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAE;AAE3C,IAAA,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;IACtC,OAAO,CAAA,CAAA,EAAI,IAAI,CAAA,CAAE;AACnB,CAAC;AAEM,MAAM,2BAA2B,GAAG,CAAC,EAC1C,IAAI,EACJ,OAAO,EACP,QAAQ,EACR,WAAW,EAAE,EACX,cAAc,EACd,eAAe,EACf,qBAAqB,EACrB,sBAAsB,GACvB,GAMF,KAAI;IACH,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,cAAc,IAAI,CAAC,QAAQ;QAAE;AAE9D,IAAA,eAAe,CAAC,OAAO,CAAC,CAAC,UAAU,KAAI;AACrC,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,YAAA,IAAI,EAAE,UAAU;AAChB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACF,QAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;YACtB,IAAI,EAAE,CAAA,EAAG,UAAU,CAAA,GAAA,CAAK;AACxB,YAAA,MAAM,EAAE,CAAC;AACT,YAAA,IAAI,EAAE,GAAG;AACV,SAAA,CAAC;AACJ,IAAA,CAAC,CAAC;AAEF,IAAA,MAAM,kBAAkB,GAAG,qBAAqB,CAAC,IAAI,CAAC;AACtD,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,qBAAqB;AAC3B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACF,IAAA,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;AACtB,QAAA,IAAI,EAAE,sBAAsB;AAC5B,QAAA,MAAM,EAAE,CAAC;AACT,QAAA,IAAI,EAAE,GAAG;AACT,QAAA,MAAM,EAAE,kBAAkB;AAC3B,KAAA,CAAC;AACJ;;;;;"}

package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.d.ts

@@ -0,0 +1,12 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types/auth0/config';
+export declare const proactivelyRefreshAccessToken: ({ request, response, auth0Instance, auth0Config, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+}) => Promise<{
+    token: string;
+    expiresAt: number;
+}>;

package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js

@@ -0,0 +1,13 @@
+'use strict';
+
+const proactivelyRefreshAccessToken = async ({ request, response, auth0Instance, auth0Config, }) => {
+    const session = await auth0Instance.getSession(request);
+    const shouldRefresh = auth0Config.debugForceTokenRefresh ||
+        (session?.tokenSet.expiresAt || 0) < Date.now() / 1000 + 30;
+    return auth0Instance.getAccessToken(request, response, {
+        refresh: shouldRefresh,
+    });
+};
+
+exports.proactivelyRefreshAccessToken = proactivelyRefreshAccessToken;
+//# sourceMappingURL=proactivelyRefreshAccessToken.js.map

package/dist/cjs/server/middleware/proactivelyRefreshAccessToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proactivelyRefreshAccessToken.js","sources":["../../../../../src/server/middleware/proactivelyRefreshAccessToken.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAKO,MAAM,6BAA6B,GAAG,OAAO,EAClD,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,GAMZ,KAAmD;IAClD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;AAEvD,IAAA,MAAM,aAAa,GACjB,WAAW,CAAC,sBAAsB;AAClC,QAAA,CAAC,OAAO,EAAE,QAAQ,CAAC,SAAS,IAAI,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE;AAC7D,IAAA,OAAO,aAAa,CAAC,cAAc,CAAC,OAAO,EAAE,QAAQ,EAAE;AACrD,QAAA,OAAO,EAAE,aAAa;AACvB,KAAA,CAAC;AACJ;;;;"}

package/dist/cjs/server/middleware/profile.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Brand } from 'src/types/brand';
+import { Auth0Config } from 'src/types';
+export declare const handleUserProfile: ({ request, auth0Instance, auth0Config, brand, }: {
+    request: NextRequest;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    brand: Brand;
+}) => Promise<NextResponse | void>;

package/dist/cjs/server/middleware/profile.js

@@ -0,0 +1,28 @@
+'use strict';
+
+var server = require('next/server');
+var session = require('../../lib/enrichUser/session.js');
+var addCachingHeaders = require('./addCachingHeaders.js');
+
+const handleUserProfile = async ({ request, auth0Instance, auth0Config, brand, }) => {
+    if (request.nextUrl.pathname === auth0Config.userProfileEndpoint) {
+        const session$1 = await auth0Instance.getSession(request);
+        if (!session$1) {
+            return new server.NextResponse(null, {
+                status: 401,
+            });
+        }
+        const user = session$1.user;
+        const enrichedUser = await session.enrichUser({
+            user,
+            accessToken: session$1.tokenSet.accessToken,
+            brand,
+        });
+        const userResponse = server.NextResponse.json(enrichedUser);
+        addCachingHeaders.addCachingHeaders(userResponse);
+        return userResponse;
+    }
+};
+
+exports.handleUserProfile = handleUserProfile;
+//# sourceMappingURL=profile.js.map

package/dist/cjs/server/middleware/profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"profile.js","sources":["../../../../../src/server/middleware/profile.ts"],"sourcesContent":[null],"names":["session","NextResponse","enrichUser","addCachingHeaders"],"mappings":";;;;;;AASO,MAAM,iBAAiB,GAAG,OAAO,EACtC,OAAO,EACP,aAAa,EACb,WAAW,EACX,KAAK,GAMN,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,mBAAmB,EAAE;QAChE,MAAMA,SAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;QAEvD,IAAI,CAACA,SAAO,EAAE;AACZ,YAAA,OAAO,IAAIC,mBAAY,CAAC,IAAI,EAAE;AAC5B,gBAAA,MAAM,EAAE,GAAG;AACZ,aAAA,CAAC;QACJ;AAEA,QAAA,MAAM,IAAI,GAAGD,SAAO,CAAC,IAAmB;AAExC,QAAA,MAAM,YAAY,GAAG,MAAME,kBAAU,CAAC;YACpC,IAAI;AACJ,YAAA,WAAW,EAAEF,SAAO,CAAC,QAAQ,CAAC,WAAW;YACzC,KAAK;AACN,SAAA,CAAC;QAEF,MAAM,YAAY,GAAGC,mBAAY,CAAC,IAAI,CAAC,YAAY,CAAC;QACpDE,mCAAiB,CAAC,YAAY,CAAC;AAC/B,QAAA,OAAO,YAAY;IACrB;AACF;;;;"}

package/dist/cjs/server/middleware/protectRoute.d.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Language } from '@smg-automotive/i18n-pkg';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const protectRoute: ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }: {
+    isProtected: boolean;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    language: Language;
+    request: NextRequest;
+    response: NextResponse;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/cjs/server/middleware/protectRoute.js

@@ -0,0 +1,52 @@
+'use strict';
+
+var server = require('next/server');
+var authLinks = require('../../lib/authLinks.js');
+var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
+
+const redirectToLogin = ({ auth0Config, language, returnTo, origin, }) => {
+    const loginUrl = authLinks.getLoginLink({
+        auth0Config,
+        language,
+        returnTo,
+    });
+    return server.NextResponse.redirect(new URL(loginUrl, origin), {
+        status: 307,
+    });
+};
+const protectRoute = async ({ isProtected, auth0Instance, auth0Config, language, request, response, onError, }) => {
+    const session = await auth0Instance.getSession(request);
+    const { pathname, search, origin } = request.nextUrl;
+    if (!isProtected && !session?.user) {
+        return response;
+    }
+    if (!session && isProtected) {
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+    try {
+        await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+            auth0Config,
+        });
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return redirectToLogin({
+            auth0Config,
+            language,
+            returnTo: `${pathname}${search}`,
+            origin,
+        });
+    }
+};
+
+exports.protectRoute = protectRoute;
+//# sourceMappingURL=protectRoute.js.map

package/dist/cjs/server/middleware/protectRoute.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"protectRoute.js","sources":["../../../../../src/server/middleware/protectRoute.ts"],"sourcesContent":[null],"names":["getLoginLink","NextResponse","proactivelyRefreshAccessToken"],"mappings":";;;;;;AAUA,MAAM,eAAe,GAAG,CAAC,EACvB,WAAW,EACX,QAAQ,EACR,QAAQ,EACR,MAAM,GAMP,KAAkB;IACjB,MAAM,QAAQ,GAAGA,sBAAY,CAAC;QAC5B,WAAW;QACX,QAAQ;QACR,QAAQ;AACT,KAAA,CAAC;IAEF,OAAOC,mBAAY,CAAC,QAAQ,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE;AACtD,QAAA,MAAM,EAAE,GAAG;AACZ,KAAA,CAAC;AACJ,CAAC;MAEY,YAAY,GAAG,OAAO,EACjC,WAAW,EACX,aAAa,EACb,WAAW,EACX,QAAQ,EACR,OAAO,EACP,QAAQ,EACR,OAAO,GASR,KAAkC;IACjC,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IACvD,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO;IAEpD,IAAI,CAAC,WAAW,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE;AAClC,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,IAAI,CAAC,OAAO,IAAI,WAAW,EAAE;AAC3B,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AAEA,IAAA,IAAI;AACF,QAAA,MAAMC,2DAA6B,CAAC;YAClC,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;IACJ;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AAEpB,QAAA,OAAO,eAAe,CAAC;YACrB,WAAW;YACX,QAAQ;AACR,YAAA,QAAQ,EAAE,CAAA,EAAG,QAAQ,CAAA,EAAG,MAAM,CAAA,CAAE;YAChC,MAAM;AACP,SAAA,CAAC;IACJ;AACF;;;;"}

package/dist/cjs/server/middleware/token.d.ts

@@ -0,0 +1,10 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { Auth0Client } from '@auth0/nextjs-auth0/server';
+import { Auth0Config } from 'src/types';
+export declare const handleAccessTokenRequest: ({ request, response, auth0Instance, auth0Config, onError, }: {
+    request: NextRequest;
+    response: NextResponse;
+    auth0Instance: Auth0Client;
+    auth0Config: Auth0Config;
+    onError?: (error: Error) => void;
+}) => Promise<NextResponse | void>;

package/dist/cjs/server/middleware/token.js

@@ -0,0 +1,44 @@
+'use strict';
+
+var server = require('next/server');
+var errors = require('@auth0/nextjs-auth0/errors');
+var proactivelyRefreshAccessToken = require('./proactivelyRefreshAccessToken.js');
+var addCachingHeaders = require('./addCachingHeaders.js');
+
+const handleAccessTokenRequest = async ({ request, response, auth0Instance, auth0Config, onError, }) => {
+    if (request.nextUrl.pathname !== auth0Config.tokenEndpoint)
+        return;
+    const session = await auth0Instance.getSession(request);
+    if (!session) {
+        return server.NextResponse.json({
+            error: {
+                message: 'The user does not have an active session.',
+                code: errors.AccessTokenErrorCode.MISSING_SESSION,
+            },
+        }, {
+            status: 401,
+        });
+    }
+    try {
+        const { token, expiresAt } = await proactivelyRefreshAccessToken.proactivelyRefreshAccessToken({
+            request,
+            response,
+            auth0Instance,
+            auth0Config,
+        });
+        const tokenResponse = server.NextResponse.json({
+            token,
+            expiresAt,
+        });
+        addCachingHeaders.addCachingHeaders(tokenResponse);
+        return tokenResponse;
+    }
+    catch (error) {
+        const authError = error;
+        onError?.(authError);
+        return server.NextResponse.json({ error: { message: authError.message, code: authError.code } }, { status: 401 });
+    }
+};
+
+exports.handleAccessTokenRequest = handleAccessTokenRequest;
+//# sourceMappingURL=token.js.map

package/dist/cjs/server/middleware/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sources":["../../../../../src/server/middleware/token.ts"],"sourcesContent":[null],"names":["NextResponse","AccessTokenErrorCode","proactivelyRefreshAccessToken","addCachingHeaders"],"mappings":";;;;;;;AASO,MAAM,wBAAwB,GAAG,OAAO,EAC7C,OAAO,EACP,QAAQ,EACR,aAAa,EACb,WAAW,EACX,OAAO,GAOR,KAAkC;IACjC,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC,aAAa;QAAE;IAE5D,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,OAAO,CAAC;IAEvD,IAAI,CAAC,OAAO,EAAE;QACZ,OAAOA,mBAAY,CAAC,IAAI,CACtB;AACE,YAAA,KAAK,EAAE;AACL,gBAAA,OAAO,EAAE,2CAA2C;gBACpD,IAAI,EAAEC,2BAAoB,CAAC,eAAe;AAC3C,aAAA;SACF,EACD;AACE,YAAA,MAAM,EAAE,GAAG;AACZ,SAAA,CACF;IACH;AAEA,IAAA,IAAI;QACF,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAMC,2DAA6B,CAAC;YAC/D,OAAO;YACP,QAAQ;YACR,aAAa;YACb,WAAW;AACZ,SAAA,CAAC;AACF,QAAA,MAAM,aAAa,GAAGF,mBAAY,CAAC,IAAI,CAAC;YACtC,KAAK;YACL,SAAS;AACV,SAAA,CAAC;QACFG,mCAAiB,CAAC,aAAa,CAAC;AAChC,QAAA,OAAO,aAAa;IACtB;IAAE,OAAO,KAAK,EAAE;QACd,MAAM,SAAS,GAAG,KAAiB;AACnC,QAAA,OAAO,GAAG,SAAS,CAAC;AACpB,QAAA,OAAOH,mBAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB;IACH;AACF;;;;"}

package/dist/cjs/server/redisSessionStore.d.ts

@@ -0,0 +1,15 @@
+import { SessionData, SessionDataStore } from '@auth0/nextjs-auth0/types';
+type RedisSessionStoreOptions = {
+    prefix: string;
+    ttlSeconds: number;
+    redisUrl: string;
+};
+export declare class RedisSessionStore implements SessionDataStore {
+    #private;
+    constructor(options: RedisSessionStoreOptions);
+    private key;
+    get(id: string): Promise<SessionData | null>;
+    set(id: string, session: SessionData): Promise<void>;
+    delete(id: string): Promise<void>;
+}
+export {};

package/dist/cjs/server.d.ts

@@ -1,4 +1,2 @@
-export * from './getServerAuthProps';
-export * from './apiRoutes';
-export * from './lib/request/getUserAndAccessToken';
-export * from './lib/request/isLoggedIn';
+export * from './server/middleware';
+export * from './server/helpers';

package/dist/cjs/server.js

@@ -1,17 +1,16 @@
 'use strict';
 
-var pages = require('./getServerAuthProps/pages.js');
-var app = require('./getServerAuthProps/app.js');
-var index = require('./apiRoutes/handlers/index.js');
-var getUserAndAccessToken = require('./lib/request/getUserAndAccessToken.js');
-var isLoggedIn = require('./lib/request/isLoggedIn.js');
+var index = require('./server/middleware/index.js');
+var getAccessToken = require('./server/helpers/getAccessToken.js');
+var getAuthProps = require('./server/helpers/getAuthProps.js');
+var getUser = require('./server/helpers/getUser.js');
+var isLoggedIn = require('./server/helpers/isLoggedIn.js');
 
 
 
-exports.getServerAuthPropsPages = pages.getServerAuthProps;
-exports.getServerAuthPropsApp = app.getServerAuthProps;
-exports.apiRoutesHandler = index.apiRoutesHandler;
-exports.getUser = getUserAndAccessToken.getUser;
-exports.getUserAndAccessToken = getUserAndAccessToken.getUserAndAccessToken;
+exports.authMiddleware = index.authMiddleware;
+exports.getAccessToken = getAccessToken.getAccessToken;
+exports.getAuthProps = getAuthProps.getAuthProps;
+exports.getUser = getUser.getUser;
 exports.isLoggedIn = isLoggedIn.isLoggedIn;
 //# sourceMappingURL=server.js.map

package/dist/cjs/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;"}
+{"version":3,"file":"server.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;"}

package/dist/cjs/test/mocks.d.ts

@@ -0,0 +1 @@
+import 'whatwg-fetch';

package/dist/cjs/test/mocks.js

@@ -0,0 +1,10 @@
+'use strict';
+
+var util = require('util');
+require('../node_modules/whatwg-fetch/fetch.js');
+
+Object.assign(global, {
+    TextEncoder: util.TextEncoder,
+    TextDecoder: util.TextDecoder,
+});
+//# sourceMappingURL=mocks.js.map

package/dist/cjs/test/mocks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mocks.js","sources":["../../../../src/test/mocks.ts"],"sourcesContent":[null],"names":["ImportedTextEncoder","ImportedTextDecoder"],"mappings":";;;;;AAKA,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;AACpB,IAAA,WAAW,EAAEA,gBAAmB;AAChC,IAAA,WAAW,EAAEC,gBAAmB;AACjC,CAAA,CAAC;;"}

package/dist/cjs/test/setup.d.ts

@@ -0,0 +1,2 @@
+import type { Config } from '@jest/types';
+export declare const transpileESMModulesForJest: (asyncConfig: () => Promise<Config.InitialProjectOptions>) => Promise<Config.InitialProjectOptions>;

package/dist/cjs/test/setup.js

@@ -0,0 +1,28 @@
+'use strict';
+
+const customTranspiledPackages = ['@auth0/nextjs-auth0', 'jose', '@panva/hkdf'];
+const transpileESMModulesForJest = async (asyncConfig) => {
+    const config = await asyncConfig();
+    const currentPackages = config.transformIgnorePatterns
+        ?.filter((pattern) => pattern.includes('node_modules'))
+        ?.map((pattern) => pattern
+        .replace('/node_modules/(?!.pnpm)(?!(', '')
+        .replace(')/)', '')
+        .replace('/node_modules/.pnpm/(?!(', '')
+        .replace(')@)', '')) || [];
+    const uniqueCurrentPackages = [...new Set(currentPackages)];
+    const currentNonPackages = config.transformIgnorePatterns?.filter((pattern) => !pattern.includes('node_modules')) || [];
+    const transpiledPackages = [
+        ...customTranspiledPackages,
+        ...uniqueCurrentPackages,
+    ].join('|');
+    config.transformIgnorePatterns = [
+        `/node_modules/(?!.pnpm)(?!(${transpiledPackages})/)`,
+        `/node_modules/.pnpm/(?!(${transpiledPackages.replace(/\//g, '\\+')})@)`,
+        ...currentNonPackages,
+    ];
+    return config;
+};
+
+exports.transpileESMModulesForJest = transpileESMModulesForJest;
+//# sourceMappingURL=setup.js.map

package/dist/cjs/test/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sources":["../../../../src/test/setup.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAEA,MAAM,wBAAwB,GAAG,CAAC,qBAAqB,EAAE,MAAM,EAAE,aAAa,CAAC;MAClE,0BAA0B,GAAG,OACxC,WAAwD,KACtD;AACF,IAAA,MAAM,MAAM,GAAG,MAAM,WAAW,EAAE;AAElC,IAAA,MAAM,eAAe,GACnB,MAAM,CAAC;AACL,UAAE,MAAM,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC;AACtD,UAAE,GAAG,CAAC,CAAC,OAAO,KACZ;AACG,SAAA,OAAO,CAAC,6BAA6B,EAAE,EAAE;AACzC,SAAA,OAAO,CAAC,KAAK,EAAE,EAAE;AACjB,SAAA,OAAO,CAAC,0BAA0B,EAAE,EAAE;SACtC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CACtB,IAAI,EAAE;IACX,MAAM,qBAAqB,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GACtB,MAAM,CAAC,uBAAuB,EAAE,MAAM,CACpC,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAC/C,IAAI,EAAE;AAET,IAAA,MAAM,kBAAkB,GAAG;AACzB,QAAA,GAAG,wBAAwB;AAC3B,QAAA,GAAG,qBAAqB;AACzB,KAAA,CAAC,IAAI,CAAC,GAAG,CAAC;IACX,MAAM,CAAC,uBAAuB,GAAG;AAC/B,QAAA,CAAA,2BAAA,EAA8B,kBAAkB,CAAA,GAAA,CAAK;QACrD,CAAA,wBAAA,EAA2B,kBAAkB,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA,GAAA,CAAK;AACxE,QAAA,GAAG,kBAAkB;KACtB;AACD,IAAA,OAAO,MAAM;AACf;;;;"}

package/dist/cjs/types/auth0/config.d.ts

@@ -6,14 +6,11 @@ export type Auth0Config = {
     tokenEndpoint: string;
     callbackEndpoint: string;
     userProfileEndpoint: string;
-    intervalDelayInMs: number;
-    refreshThresholdInMs: number;
     selectedSellerIdCookie: CookieOptions;
     impersonatedSellerIdCookie: CookieOptions;
     proxyPathSegment: string;
     legacyAccessTokenName: string;
     legacyRefreshTokenName: string;
-    providerInterval: number;
     debugForceTokenRefresh: boolean;
     languageConfig: {
         default: Language;
@@ -22,4 +19,7 @@ export type Auth0Config = {
     scopes: string;
     globalAuthErrorPath: string;
     authCookieNames: string[];
+    sessionCookieName: string;
+    audience: string;
+    sessionDuration: number;
 };

package/dist/cjs/types/auth0/jwtPayload.d.ts

@@ -11,4 +11,6 @@ export type Auth0JWTPayload = {
     azp: string;
     user_id: string;
     permissions: string[];
+    isMultiTenantUser: boolean;
+    isImpersonated?: boolean;
 };

package/dist/cjs/types/auth0/user.d.ts

@@ -6,5 +6,4 @@ export type Auth0User = {
     email: string;
     email_verified: boolean;
     sub: string;
-    sid: string;
 };

package/dist/cjs/types/cookieOptions.d.ts

@@ -3,6 +3,6 @@ export type CookieOptions = {
     httpOnly: boolean;
     maxAge: number;
     secure: boolean;
-    sameSite: string;
+    sameSite: boolean | 'lax' | 'strict' | 'none' | undefined;
     path: string;
 };

package/dist/esm/api/baseUrl.js

@@ -1,8 +1,8 @@
-var apiConfig = {
+const apiConfig = {
     apiRoot: process.env.API_ROOT,
     apiVersion: process.env.API_VERSION,
 };
-var baseUrl = "https://".concat(apiConfig.apiRoot, "/").concat(apiConfig.apiVersion);
+const baseUrl = `https://${apiConfig.apiRoot}/${apiConfig.apiVersion}`;
 
 export { baseUrl };
 //# sourceMappingURL=baseUrl.js.map

package/dist/esm/api/baseUrl.js.map

@@ -1 +1 @@
-{"version":3,"file":"baseUrl.js","sources":["../../../../src/api/baseUrl.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,IAAM,SAAS,GAAG;AAChB,IAAA,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ;AAC7B,IAAA,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW;CAC3B;AAEH,IAAM,OAAO,GAAG,UAAA,CAAA,MAAA,CAAW,SAAS,CAAC,OAAO,EAAA,GAAA,CAAA,CAAA,MAAA,CAAI,SAAS,CAAC,UAAU;;;;"}
+{"version":3,"file":"baseUrl.js","sources":["../../../../src/api/baseUrl.ts"],"sourcesContent":[null],"names":[],"mappings":"AAAA,MAAM,SAAS,GAAG;AAChB,IAAA,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ;AAC7B,IAAA,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,WAAW;CAC3B;AAEH,MAAM,OAAO,GAAG,CAAA,QAAA,EAAW,SAAS,CAAC,OAAO,CAAA,CAAA,EAAI,SAAS,CAAC,UAAU;;;;"}

package/dist/esm/api/entitlements/client.js

@@ -1,8 +1,8 @@
 import { ApiClient } from '@smg-automotive/api-client-pkg';
 import { baseUrl } from '../baseUrl.js';
 
-var entitlementsClient = ApiClient({
-    baseUrl: baseUrl,
+const entitlementsClient = ApiClient({
+    baseUrl,
     headers: {
         'Content-Type': 'application/json',
     },

package/dist/esm/api/entitlements/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sources":["../../../../../src/api/entitlements/client.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAkBO,IAAM,kBAAkB,GAE3B,SAAS,CAAkC;AAC7C,IAAA,OAAO,EAAA,OAAA;AACP,IAAA,OAAO,EAAE;AACP,QAAA,cAAc,EAAE,kBAAkB;AACnC,KAAA;AACF,CAAA;;;;"}
+{"version":3,"file":"client.js","sources":["../../../../../src/api/entitlements/client.ts"],"sourcesContent":[null],"names":[],"mappings":";;;AAkBO,MAAM,kBAAkB,GAE3B,SAAS,CAAkC;IAC7C,OAAO;AACP,IAAA,OAAO,EAAE;AACP,QAAA,cAAc,EAAE,kBAAkB;AACnC,KAAA;AACF,CAAA;;;;"}