@spfn/auth 0.2.0-beta.2 → 0.2.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/README.md +635 -180
  2. package/dist/{dto-CLYtuAom.d.ts → authenticate-BmzJ6hTF.d.ts} +364 -154
  3. package/dist/config.d.ts +58 -40
  4. package/dist/config.js +64 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/index.d.ts +256 -103
  7. package/dist/index.js +35 -1
  8. package/dist/index.js.map +1 -1
  9. package/dist/nextjs/api.js +187 -1
  10. package/dist/nextjs/api.js.map +1 -1
  11. package/dist/nextjs/client.d.ts +28 -0
  12. package/dist/nextjs/client.js +80 -0
  13. package/dist/nextjs/client.js.map +1 -0
  14. package/dist/nextjs/server.d.ts +68 -2
  15. package/dist/nextjs/server.js +125 -4
  16. package/dist/nextjs/server.js.map +1 -1
  17. package/dist/server.d.ts +427 -360
  18. package/dist/server.js +943 -477
  19. package/dist/server.js.map +1 -1
  20. package/migrations/0000_premium_famine.sql +292 -0
  21. package/migrations/meta/0000_snapshot.json +1 -1
  22. package/migrations/meta/_journal.json +2 -2
  23. package/package.json +15 -11
  24. package/migrations/0000_marvelous_justice.sql +0 -197
package/dist/config.d.ts CHANGED
@@ -33,6 +33,7 @@ declare const authEnvSchema: {
33
33
  fallbackKeys: string[];
34
34
  validator: _spfn_core_env.Parser<string>;
35
35
  sensitive: boolean;
36
+ nextjs: boolean;
36
37
  examples: string[];
37
38
  type: "string";
38
39
  } & {
@@ -42,6 +43,7 @@ declare const authEnvSchema: {
42
43
  description: string;
43
44
  default: string;
44
45
  required: boolean;
46
+ nextjs: boolean;
45
47
  examples: string[];
46
48
  type: "string";
47
49
  } & {
@@ -143,74 +145,81 @@ declare const authEnvSchema: {
143
145
  } & {
144
146
  key: "SPFN_API_URL";
145
147
  };
146
- SPFN_AUTH_AWS_REGION: {
148
+ NEXT_PUBLIC_SPFN_API_URL: {
147
149
  description: string;
148
- default: string;
149
150
  required: boolean;
150
151
  examples: string[];
151
152
  type: "string";
152
153
  } & {
153
- key: "SPFN_AUTH_AWS_REGION";
154
+ key: "NEXT_PUBLIC_SPFN_API_URL";
154
155
  };
155
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
156
+ SPFN_APP_URL: {
156
157
  description: string;
158
+ default: string;
157
159
  required: boolean;
158
- sensitive: boolean;
159
160
  examples: string[];
160
161
  type: "string";
161
162
  } & {
162
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
163
+ key: "SPFN_APP_URL";
163
164
  };
164
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
165
+ NEXT_PUBLIC_SPFN_APP_URL: {
165
166
  description: string;
166
167
  required: boolean;
167
- sensitive: boolean;
168
168
  examples: string[];
169
169
  type: "string";
170
170
  } & {
171
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
171
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
172
172
  };
173
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
173
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
174
174
  description: string;
175
175
  required: boolean;
176
176
  examples: string[];
177
177
  type: "string";
178
178
  } & {
179
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
179
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
180
180
  };
181
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
181
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
182
182
  description: string;
183
183
  required: boolean;
184
184
  sensitive: boolean;
185
185
  examples: string[];
186
186
  type: "string";
187
187
  } & {
188
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
188
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
189
189
  };
190
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
190
+ SPFN_AUTH_GOOGLE_SCOPES: {
191
191
  description: string;
192
192
  required: boolean;
193
- sensitive: boolean;
194
193
  examples: string[];
195
194
  type: "string";
196
195
  } & {
197
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
196
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
198
197
  };
199
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
198
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
200
199
  description: string;
201
200
  required: boolean;
202
201
  examples: string[];
203
202
  type: "string";
204
203
  } & {
205
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
204
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
206
205
  };
207
- SPFN_AUTH_AWS_SES_FROM_NAME: {
206
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
208
207
  description: string;
209
208
  required: boolean;
209
+ default: string;
210
+ examples: string[];
211
+ type: "string";
212
+ } & {
213
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
214
+ };
215
+ SPFN_AUTH_OAUTH_ERROR_URL: {
216
+ description: string;
217
+ required: boolean;
218
+ default: string;
210
219
  examples: string[];
211
220
  type: "string";
212
221
  } & {
213
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
222
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
214
223
  };
215
224
  };
216
225
 
@@ -221,6 +230,7 @@ declare const env: _spfn_core_env.InferEnvType<{
221
230
  fallbackKeys: string[];
222
231
  validator: _spfn_core_env.Parser<string>;
223
232
  sensitive: boolean;
233
+ nextjs: boolean;
224
234
  examples: string[];
225
235
  type: "string";
226
236
  } & {
@@ -230,6 +240,7 @@ declare const env: _spfn_core_env.InferEnvType<{
230
240
  description: string;
231
241
  default: string;
232
242
  required: boolean;
243
+ nextjs: boolean;
233
244
  examples: string[];
234
245
  type: "string";
235
246
  } & {
@@ -331,74 +342,81 @@ declare const env: _spfn_core_env.InferEnvType<{
331
342
  } & {
332
343
  key: "SPFN_API_URL";
333
344
  };
334
- SPFN_AUTH_AWS_REGION: {
345
+ NEXT_PUBLIC_SPFN_API_URL: {
335
346
  description: string;
336
- default: string;
337
347
  required: boolean;
338
348
  examples: string[];
339
349
  type: "string";
340
350
  } & {
341
- key: "SPFN_AUTH_AWS_REGION";
351
+ key: "NEXT_PUBLIC_SPFN_API_URL";
342
352
  };
343
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
353
+ SPFN_APP_URL: {
344
354
  description: string;
355
+ default: string;
345
356
  required: boolean;
346
- sensitive: boolean;
347
357
  examples: string[];
348
358
  type: "string";
349
359
  } & {
350
- key: "SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID";
360
+ key: "SPFN_APP_URL";
351
361
  };
352
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
362
+ NEXT_PUBLIC_SPFN_APP_URL: {
353
363
  description: string;
354
364
  required: boolean;
355
- sensitive: boolean;
356
365
  examples: string[];
357
366
  type: "string";
358
367
  } & {
359
- key: "SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY";
368
+ key: "NEXT_PUBLIC_SPFN_APP_URL";
360
369
  };
361
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
370
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
362
371
  description: string;
363
372
  required: boolean;
364
373
  examples: string[];
365
374
  type: "string";
366
375
  } & {
367
- key: "SPFN_AUTH_AWS_SNS_SENDER_ID";
376
+ key: "SPFN_AUTH_GOOGLE_CLIENT_ID";
368
377
  };
369
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
378
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
370
379
  description: string;
371
380
  required: boolean;
372
381
  sensitive: boolean;
373
382
  examples: string[];
374
383
  type: "string";
375
384
  } & {
376
- key: "SPFN_AUTH_AWS_SES_ACCESS_KEY_ID";
385
+ key: "SPFN_AUTH_GOOGLE_CLIENT_SECRET";
377
386
  };
378
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
387
+ SPFN_AUTH_GOOGLE_SCOPES: {
379
388
  description: string;
380
389
  required: boolean;
381
- sensitive: boolean;
382
390
  examples: string[];
383
391
  type: "string";
384
392
  } & {
385
- key: "SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY";
393
+ key: "SPFN_AUTH_GOOGLE_SCOPES";
386
394
  };
387
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
395
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
388
396
  description: string;
389
397
  required: boolean;
390
398
  examples: string[];
391
399
  type: "string";
392
400
  } & {
393
- key: "SPFN_AUTH_AWS_SES_FROM_EMAIL";
401
+ key: "SPFN_AUTH_GOOGLE_REDIRECT_URI";
394
402
  };
395
- SPFN_AUTH_AWS_SES_FROM_NAME: {
403
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
396
404
  description: string;
397
405
  required: boolean;
406
+ default: string;
407
+ examples: string[];
408
+ type: "string";
409
+ } & {
410
+ key: "SPFN_AUTH_OAUTH_SUCCESS_URL";
411
+ };
412
+ SPFN_AUTH_OAUTH_ERROR_URL: {
413
+ description: string;
414
+ required: boolean;
415
+ default: string;
398
416
  examples: string[];
399
417
  type: "string";
400
418
  } & {
401
- key: "SPFN_AUTH_AWS_SES_FROM_NAME";
419
+ key: "SPFN_AUTH_OAUTH_ERROR_URL";
402
420
  };
403
421
  }>;
404
422
 
package/dist/config.js CHANGED
@@ -24,6 +24,8 @@ var authEnvSchema = defineEnvSchema({
24
24
  minEntropy: 3.5
25
25
  }),
26
26
  sensitive: true,
27
+ nextjs: true,
28
+ // Required for Next.js RSC session validation
27
29
  examples: [
28
30
  "my-super-secret-session-key-at-least-32-chars-long",
29
31
  "use-a-cryptographically-secure-random-string-here"
@@ -35,6 +37,8 @@ var authEnvSchema = defineEnvSchema({
35
37
  description: "Session TTL (time to live) - supports duration strings like '7d', '12h', '45m'",
36
38
  default: "7d",
37
39
  required: false,
40
+ nextjs: true,
41
+ // May be needed for session validation in Next.js RSC
38
42
  examples: ["7d", "30d", "12h", "45m", "3600"]
39
43
  })
40
44
  },
@@ -152,7 +156,7 @@ var authEnvSchema = defineEnvSchema({
152
156
  // ============================================================================
153
157
  SPFN_API_URL: {
154
158
  ...envString({
155
- description: "Base API URL for invitation links and other external-facing URLs",
159
+ description: "Internal API URL for server-to-server communication",
156
160
  default: "http://localhost:8790",
157
161
  required: false,
158
162
  examples: [
@@ -161,71 +165,96 @@ var authEnvSchema = defineEnvSchema({
161
165
  ]
162
166
  })
163
167
  },
164
- // ============================================================================
165
- // AWS SNS Configuration (SMS)
166
- // ============================================================================
167
- SPFN_AUTH_AWS_REGION: {
168
+ NEXT_PUBLIC_SPFN_API_URL: {
168
169
  ...envString({
169
- description: "AWS region for SNS service",
170
- default: "ap-northeast-2",
170
+ description: "Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.",
171
171
  required: false,
172
- examples: ["ap-northeast-2", "us-east-1", "eu-west-1"]
172
+ examples: [
173
+ "https://api.example.com",
174
+ "http://localhost:8790"
175
+ ]
173
176
  })
174
177
  },
175
- SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {
178
+ SPFN_APP_URL: {
176
179
  ...envString({
177
- description: "AWS SNS access key ID (optional, uses default credentials chain if not provided)",
180
+ description: "Next.js application URL (internal). Used for server-to-server communication.",
181
+ default: "http://localhost:3000",
178
182
  required: false,
179
- sensitive: true,
180
- examples: ["AKIAIOSFODNN7EXAMPLE"]
183
+ examples: [
184
+ "https://app.example.com",
185
+ "http://localhost:3000"
186
+ ]
181
187
  })
182
188
  },
183
- SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {
189
+ NEXT_PUBLIC_SPFN_APP_URL: {
184
190
  ...envString({
185
- description: "AWS SNS secret access key (optional, uses default credentials chain if not provided)",
191
+ description: "Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.",
186
192
  required: false,
187
- sensitive: true,
188
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
193
+ examples: [
194
+ "https://app.example.com",
195
+ "http://localhost:3000"
196
+ ]
189
197
  })
190
198
  },
191
- SPFN_AUTH_AWS_SNS_SENDER_ID: {
199
+ // ============================================================================
200
+ // OAuth Configuration - Google
201
+ // ============================================================================
202
+ SPFN_AUTH_GOOGLE_CLIENT_ID: {
192
203
  ...envString({
193
- description: "SMS sender ID displayed to recipients (max 11 characters, alphanumeric)",
204
+ description: "Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.",
194
205
  required: false,
195
- examples: ["MyApp", "YourBrand"]
206
+ examples: ["123456789-abc123.apps.googleusercontent.com"]
196
207
  })
197
208
  },
198
- // ============================================================================
199
- // AWS SES Configuration (Email)
200
- // ============================================================================
201
- SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {
209
+ SPFN_AUTH_GOOGLE_CLIENT_SECRET: {
202
210
  ...envString({
203
- description: "AWS SES access key ID (optional, uses default credentials chain if not provided)",
211
+ description: "Google OAuth 2.0 Client Secret",
204
212
  required: false,
205
213
  sensitive: true,
206
- examples: ["AKIAIOSFODNN7EXAMPLE"]
214
+ examples: ["GOCSPX-abcdefghijklmnop"]
207
215
  })
208
216
  },
209
- SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {
217
+ SPFN_AUTH_GOOGLE_SCOPES: {
210
218
  ...envString({
211
- description: "AWS SES secret access key (optional, uses default credentials chain if not provided)",
219
+ description: 'Comma-separated Google OAuth scopes. Defaults to "email,profile" if not set.',
212
220
  required: false,
213
- sensitive: true,
214
- examples: ["wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"]
221
+ examples: [
222
+ "email,profile",
223
+ "email,profile,https://www.googleapis.com/auth/gmail.readonly",
224
+ "email,profile,https://www.googleapis.com/auth/calendar.readonly"
225
+ ]
226
+ })
227
+ },
228
+ SPFN_AUTH_GOOGLE_REDIRECT_URI: {
229
+ ...envString({
230
+ description: "Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback",
231
+ required: false,
232
+ examples: [
233
+ "https://api.example.com/_auth/oauth/google/callback",
234
+ "http://localhost:8790/_auth/oauth/google/callback"
235
+ ]
215
236
  })
216
237
  },
217
- SPFN_AUTH_AWS_SES_FROM_EMAIL: {
238
+ SPFN_AUTH_OAUTH_SUCCESS_URL: {
218
239
  ...envString({
219
- description: "Sender email address (must be verified in AWS SES)",
240
+ description: "OAuth callback page URL. This page should use OAuthCallback component to finalize session.",
220
241
  required: false,
221
- examples: ["noreply@example.com", "auth@yourdomain.com"]
242
+ default: "/auth/callback",
243
+ examples: [
244
+ "/auth/callback",
245
+ "https://app.example.com/auth/callback"
246
+ ]
222
247
  })
223
248
  },
224
- SPFN_AUTH_AWS_SES_FROM_NAME: {
249
+ SPFN_AUTH_OAUTH_ERROR_URL: {
225
250
  ...envString({
226
- description: "Sender display name",
251
+ description: "URL to redirect after OAuth error. Use {error} placeholder for error message.",
227
252
  required: false,
228
- examples: ["MyApp", "Your Company"]
253
+ default: "http://localhost:3000/auth/error?error={error}",
254
+ examples: [
255
+ "https://app.example.com/auth/error?error={error}",
256
+ "http://localhost:3000/auth/error?error={error}"
257
+ ]
229
258
  })
230
259
  }
231
260
  });
package/dist/config.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Base API URL for invitation links and other external-facing URLs',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n // ============================================================================\n // AWS SNS Configuration (SMS)\n // ============================================================================\n SPFN_AUTH_AWS_REGION: {\n ...envString({\n description: 'AWS region for SNS service',\n default: 'ap-northeast-2',\n required: false,\n examples: ['ap-northeast-2', 'us-east-1', 'eu-west-1'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SNS access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SNS secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SNS_SENDER_ID: {\n ...envString({\n description: 'SMS sender ID displayed to recipients (max 11 characters, alphanumeric)',\n required: false,\n examples: ['MyApp', 'YourBrand'],\n }),\n },\n\n // ============================================================================\n // AWS SES Configuration (Email)\n // ============================================================================\n SPFN_AUTH_AWS_SES_ACCESS_KEY_ID: {\n ...envString({\n description: 'AWS SES access key ID (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['AKIAIOSFODNN7EXAMPLE'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY: {\n ...envString({\n description: 'AWS SES secret access key (optional, uses default credentials chain if not provided)',\n required: false,\n sensitive: true,\n examples: ['wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_EMAIL: {\n ...envString({\n description: 'Sender email address (must be verified in AWS SES)',\n required: false,\n examples: ['noreply@example.com', 'auth@yourdomain.com'],\n }),\n },\n\n SPFN_AUTH_AWS_SES_FROM_NAME: {\n ...envString({\n description: 'Sender display name',\n required: false,\n examples: ['MyApp', 'Your Company'],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,kBAAkB,aAAa,WAAW;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,WAAW;AAAA,IACnC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,iCAAiC;AAAA,IAC7B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,sBAAsB;AAAA,IACrC,CAAC;AAAA,EACL;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,0CAA0C;AAAA,IACzD,CAAC;AAAA,EACL;AAAA,EAEA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,uBAAuB,qBAAqB;AAAA,IAC3D,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,SAAS,cAAc;AAAA,IACtC,CAAC;AAAA,EACL;AACJ,CAAC;;;AD5PD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}
1
+ {"version":3,"sources":["../src/config/index.ts","../src/config/schema.ts"],"sourcesContent":["/**\n * Core Package Configuration\n *\n * @example\n * ```typescript\n * import { registry } from '@spfn/core/config';\n *\n * const env = registry.validate();\n * console.log(env.DB_POOL_MAX);\n * ```\n *\n * @module config\n */\n\nimport { createEnvRegistry } from '@spfn/core/env';\nimport { authEnvSchema } from './schema';\n\nexport { authEnvSchema as envSchema } from './schema';\n\n/**\n * Environment registry\n */\nconst registry = createEnvRegistry(authEnvSchema);\nexport const env = registry.validate();","/**\n * Auth Environment Variable Schema\n *\n * Centralized schema definition for all environment variables used in @spfn/auth.\n * This provides type safety, validation, and documentation for Auth configuration.\n *\n * @module config/schema\n */\n\nimport {\n defineEnvSchema,\n envString,\n envNumber,\n createSecureSecretParser,\n createPasswordParser,\n} from '@spfn/core/env';\n\n/**\n * Auth environment variable schema\n *\n * Defines all Auth environment variables with:\n * - Type information\n * - Default values\n * - Validation rules\n * - Documentation\n *\n * @example\n * ```typescript\n * import { authEnvSchema } from '@spfn/auth/config';\n *\n * // Access schema information\n * console.log(authEnvSchema.SPFN_AUTH_SESSION_SECRET.description);\n * console.log(authEnvSchema.SPFN_AUTH_JWT_EXPIRES_IN.default);\n * ```\n */\nexport const authEnvSchema = defineEnvSchema({\n // ============================================================================\n // Session Configuration\n // ============================================================================\n SPFN_AUTH_SESSION_SECRET: {\n ...envString({\n description: 'Session encryption secret (minimum 32 characters for AES-256)',\n required: true,\n fallbackKeys: ['SESSION_SECRET'],\n validator: createSecureSecretParser({\n minLength: 32,\n minUniqueChars: 16,\n minEntropy: 3.5,\n }),\n sensitive: true,\n nextjs: true, // Required for Next.js RSC session validation\n examples: [\n 'my-super-secret-session-key-at-least-32-chars-long',\n 'use-a-cryptographically-secure-random-string-here',\n ],\n }),\n },\n\n SPFN_AUTH_SESSION_TTL: {\n ...envString({\n description: 'Session TTL (time to live) - supports duration strings like \\'7d\\', \\'12h\\', \\'45m\\'',\n default: '7d',\n required: false,\n nextjs: true, // May be needed for session validation in Next.js RSC\n examples: ['7d', '30d', '12h', '45m', '3600'],\n }),\n },\n\n // ============================================================================\n // JWT Configuration\n // ============================================================================\n SPFN_AUTH_JWT_SECRET: {\n ...envString({\n description: 'JWT signing secret for server-signed tokens (legacy mode)',\n default: 'dev-secret-key-change-in-production',\n required: false,\n examples: [\n 'your-jwt-secret-key-here',\n 'use-different-from-session-secret',\n ],\n }),\n },\n\n SPFN_AUTH_JWT_EXPIRES_IN: {\n ...envString({\n description: 'JWT token expiration time (e.g., \\'7d\\', \\'24h\\', \\'1h\\')',\n default: '7d',\n required: false,\n examples: ['7d', '24h', '1h', '30m'],\n }),\n },\n\n // ============================================================================\n // Security Configuration\n // ============================================================================\n SPFN_AUTH_BCRYPT_SALT_ROUNDS: {\n ...envNumber({\n description: 'Bcrypt salt rounds (cost factor, higher = more secure but slower)',\n default: 10,\n required: false,\n examples: [10, 12, 14],\n }),\n key: 'SPFN_AUTH_BCRYPT_SALT_ROUNDS',\n },\n\n SPFN_AUTH_VERIFICATION_TOKEN_SECRET: {\n ...envString({\n description: 'Verification token secret for email verification, password reset, etc.',\n required: true,\n examples: [\n 'your-verification-token-secret',\n 'can-be-different-from-jwt-secret',\n ],\n }),\n },\n\n // ============================================================================\n // Admin Account Configuration\n // ============================================================================\n SPFN_AUTH_ADMIN_ACCOUNTS: {\n ...envString({\n description: 'JSON array of admin accounts (recommended for multiple admins)',\n required: false,\n examples: [\n '[{\"email\":\"admin@example.com\",\"password\":\"secure-pass\",\"role\":\"admin\"}]',\n '[{\"email\":\"super@example.com\",\"password\":\"pass1\",\"role\":\"superadmin\"},{\"email\":\"admin@example.com\",\"password\":\"pass2\",\"role\":\"admin\"}]',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAILS: {\n ...envString({\n description: 'Comma-separated list of admin emails (legacy CSV format)',\n required: false,\n examples: [\n 'admin@example.com,user@example.com',\n 'super@example.com,admin@example.com,user@example.com',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORDS: {\n ...envString({\n description: 'Comma-separated list of admin passwords (legacy CSV format)',\n required: false,\n examples: [\n 'admin-pass,user-pass',\n 'super-pass,admin-pass,user-pass',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_ROLES: {\n ...envString({\n description: 'Comma-separated list of admin roles (legacy CSV format)',\n required: false,\n examples: [\n 'admin,user',\n 'superadmin,admin,user',\n ],\n }),\n },\n\n SPFN_AUTH_ADMIN_EMAIL: {\n ...envString({\n description: 'Single admin email (simplest format)',\n required: false,\n examples: ['admin@example.com'],\n }),\n },\n\n SPFN_AUTH_ADMIN_PASSWORD: {\n ...envString({\n description: 'Single admin password (simplest format)',\n required: false,\n validator: createPasswordParser({\n minLength: 8,\n requireUppercase: true,\n requireLowercase: true,\n requireNumber: true,\n requireSpecial: true,\n }),\n sensitive: true,\n examples: ['SecureAdmin123!'],\n }),\n },\n\n // ============================================================================\n // API Configuration\n // ============================================================================\n SPFN_API_URL: {\n ...envString({\n description: 'Internal API URL for server-to-server communication',\n default: 'http://localhost:8790',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_API_URL: {\n ...envString({\n description: 'Public-facing API URL used for browser-facing redirects (e.g. OAuth callback). Falls back to SPFN_API_URL if not set.',\n required: false,\n examples: [\n 'https://api.example.com',\n 'http://localhost:8790',\n ],\n }),\n },\n\n SPFN_APP_URL: {\n ...envString({\n description: 'Next.js application URL (internal). Used for server-to-server communication.',\n default: 'http://localhost:3000',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n NEXT_PUBLIC_SPFN_APP_URL: {\n ...envString({\n description: 'Public-facing Next.js app URL for browser redirects (e.g. OAuth redirect). Falls back to SPFN_APP_URL if not set.',\n required: false,\n examples: [\n 'https://app.example.com',\n 'http://localhost:3000',\n ],\n }),\n },\n\n // ============================================================================\n // OAuth Configuration - Google\n // ============================================================================\n SPFN_AUTH_GOOGLE_CLIENT_ID: {\n ...envString({\n description: 'Google OAuth 2.0 Client ID. When set, Google OAuth routes are automatically enabled.',\n required: false,\n examples: ['123456789-abc123.apps.googleusercontent.com'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_CLIENT_SECRET: {\n ...envString({\n description: 'Google OAuth 2.0 Client Secret',\n required: false,\n sensitive: true,\n examples: ['GOCSPX-abcdefghijklmnop'],\n }),\n },\n\n SPFN_AUTH_GOOGLE_SCOPES: {\n ...envString({\n description: 'Comma-separated Google OAuth scopes. Defaults to \"email,profile\" if not set.',\n required: false,\n examples: [\n 'email,profile',\n 'email,profile,https://www.googleapis.com/auth/gmail.readonly',\n 'email,profile,https://www.googleapis.com/auth/calendar.readonly',\n ],\n }),\n },\n\n SPFN_AUTH_GOOGLE_REDIRECT_URI: {\n ...envString({\n description: 'Google OAuth callback URL. Defaults to {NEXT_PUBLIC_SPFN_API_URL || SPFN_API_URL}/_auth/oauth/google/callback',\n required: false,\n examples: [\n 'https://api.example.com/_auth/oauth/google/callback',\n 'http://localhost:8790/_auth/oauth/google/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_SUCCESS_URL: {\n ...envString({\n description: 'OAuth callback page URL. This page should use OAuthCallback component to finalize session.',\n required: false,\n default: '/auth/callback',\n examples: [\n '/auth/callback',\n 'https://app.example.com/auth/callback',\n ],\n }),\n },\n\n SPFN_AUTH_OAUTH_ERROR_URL: {\n ...envString({\n description: 'URL to redirect after OAuth error. Use {error} placeholder for error message.',\n required: false,\n default: 'http://localhost:3000/auth/error?error={error}',\n examples: [\n 'https://app.example.com/auth/error?error={error}',\n 'http://localhost:3000/auth/error?error={error}',\n ],\n }),\n },\n});"],"mappings":";AAcA,SAAS,yBAAyB;;;ACLlC;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AAoBA,IAAM,gBAAgB,gBAAgB;AAAA;AAAA;AAAA;AAAA,EAIzC,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,cAAc,CAAC,gBAAgB;AAAA,MAC/B,WAAW,yBAAyB;AAAA,QAChC,WAAW;AAAA,QACX,gBAAgB;AAAA,QAChB,YAAY;AAAA,MAChB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,QAAQ;AAAA;AAAA,MACR,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,QAAQ;AAAA;AAAA,MACR,UAAU,CAAC,MAAM,OAAO,OAAO,OAAO,MAAM;AAAA,IAChD,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB;AAAA,IAClB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,MAAM,OAAO,MAAM,KAAK;AAAA,IACvC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,8BAA8B;AAAA,IAC1B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU,CAAC,IAAI,IAAI,EAAE;AAAA,IACzB,CAAC;AAAA,IACD,KAAK;AAAA,EACT;AAAA,EAEA,qCAAqC;AAAA,IACjC,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,wBAAwB;AAAA,IACpB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,uBAAuB;AAAA,IACnB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,mBAAmB;AAAA,IAClC,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW,qBAAqB;AAAA,QAC5B,WAAW;AAAA,QACX,kBAAkB;AAAA,QAClB,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,gBAAgB;AAAA,MACpB,CAAC;AAAA,MACD,WAAW;AAAA,MACX,UAAU,CAAC,iBAAiB;AAAA,IAChC,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,cAAc;AAAA,IACV,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,SAAS;AAAA,MACT,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,0BAA0B;AAAA,IACtB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA,EAKA,4BAA4B;AAAA,IACxB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU,CAAC,6CAA6C;AAAA,IAC5D,CAAC;AAAA,EACL;AAAA,EAEA,gCAAgC;AAAA,IAC5B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,WAAW;AAAA,MACX,UAAU,CAAC,yBAAyB;AAAA,IACxC,CAAC;AAAA,EACL;AAAA,EAEA,yBAAyB;AAAA,IACrB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,+BAA+B;AAAA,IAC3B,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,6BAA6B;AAAA,IACzB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,2BAA2B;AAAA,IACvB,GAAG,UAAU;AAAA,MACT,aAAa;AAAA,MACb,UAAU;AAAA,MACV,SAAS;AAAA,MACT,UAAU;AAAA,QACN;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,CAAC;AAAA,EACL;AACJ,CAAC;;;ADxRD,IAAM,WAAW,kBAAkB,aAAa;AACzC,IAAM,MAAM,SAAS,SAAS;","names":[]}