@spidy092/auth-client 3.0.2 β 3.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api.cjs +1 -1
- package/dist/api.cjs.map +1 -1
- package/dist/api.js +1 -1
- package/dist/api.js.map +1 -1
- package/dist/index.cjs +66 -9
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +66 -9
- package/dist/index.js.map +1 -1
- package/dist/react/AuthProvider.cjs +66 -9
- package/dist/react/AuthProvider.cjs.map +1 -1
- package/dist/react/AuthProvider.js +66 -9
- package/dist/react/AuthProvider.js.map +1 -1
- package/dist/react/useSessionMonitor.cjs +66 -9
- package/dist/react/useSessionMonitor.cjs.map +1 -1
- package/dist/react/useSessionMonitor.js +66 -9
- package/dist/react/useSessionMonitor.js.map +1 -1
- package/package.json +2 -2
package/dist/index.cjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../index.js","../token.js","../config.js","../core.js","../api.js","../utils/jwt.js","../react/AuthProvider.jsx","../react/useAuth.js","../react/useSessionMonitor.js"],"sourcesContent":["// auth-client/index.js\nimport { setConfig, getConfig, isRouterMode } from './config';\nimport {\n login,\n logout,\n handleCallback,\n refreshToken,\n resetCallbackState,\n validateCurrentSession,\n // Session Security Functions\n startProactiveRefresh,\n stopProactiveRefresh,\n startSessionMonitor,\n stopSessionMonitor,\n startSessionSecurity,\n stopSessionSecurity,\n onSessionInvalid\n} from './core';\nimport {\n getToken,\n setToken,\n clearToken,\n setRefreshToken,\n getRefreshToken,\n clearRefreshToken,\n addTokenListener,\n removeTokenListener,\n getListenerCount,\n // Token Expiry Utilities\n getTokenExpiryTime,\n getTimeUntilExpiry,\n willExpireSoon\n} from './token';\nimport api from './api';\nimport { decodeToken, isTokenExpired, isAuthenticated } from './utils/jwt';\n\nexport const auth = {\n // π§ Config\n setConfig,\n getConfig,\n isRouterMode,\n\n // π Core flows\n login,\n logout,\n handleCallback,\n refreshToken,\n resetCallbackState,\n validateCurrentSession,\n\n // π Token management\n getToken,\n setToken,\n clearToken,\n setRefreshToken, // β
Refresh token for HTTP dev\n getRefreshToken,\n clearRefreshToken,\n addTokenListener, // β
Export new functions\n removeTokenListener,\n getListenerCount, // β
Debug function\n\n // π Authenticated API client\n api,\n\n // π§ͺ Utilities\n decodeToken,\n isTokenExpired,\n isAuthenticated,\n\n // β±οΈ Token Expiry Utilities (NEW)\n getTokenExpiryTime, // Get token expiry as Date object\n getTimeUntilExpiry, // Get seconds until token expires\n willExpireSoon, // Check if token expires within N seconds\n\n // π Session Security (NEW - Short-lived tokens + Periodic validation)\n startProactiveRefresh, // Start proactive token refresh before expiry\n stopProactiveRefresh, // Stop proactive refresh\n startSessionMonitor, // Start periodic session validation\n stopSessionMonitor, // Stop session validation\n startSessionSecurity, // Start both proactive refresh AND session monitoring\n stopSessionSecurity, // Stop all session security\n onSessionInvalid, // Register callback for session invalidation\n\n // π Legacy auto-refresh (DEPRECATED - use startSessionSecurity instead)\n startTokenRefresh: () => {\n console.warn('β οΈ startTokenRefresh is deprecated. Use startSessionSecurity() instead for better session management.');\n const interval = setInterval(async () => {\n const token = getToken();\n if (token && isTokenExpired(token, 300)) {\n try {\n await refreshToken();\n console.log('π Auto-refresh successful');\n } catch (err) {\n console.error('Auto-refresh failed:', err);\n clearInterval(interval);\n }\n }\n }, 60000);\n return interval;\n }\n};\n\nexport { AuthProvider } from './react/AuthProvider';\nexport { useAuth } from './react/useAuth';\nexport { useSessionMonitor } from './react/useSessionMonitor';\n\n","// auth-client/token.js - MINIMAL WORKING VERSION\n\nimport { jwtDecode } from 'jwt-decode';\n\nlet accessToken = null;\nconst listeners = new Set();\n\nconst REFRESH_COOKIE = 'account_refresh_token';\nconst COOKIE_MAX_AGE = 7 * 24 * 60 * 60;\n\nfunction secureAttribute() {\n try {\n return typeof window !== 'undefined' && window.location?.protocol === 'https:'\n ? '; Secure'\n : '';\n } catch (err) {\n return '';\n }\n}\n\n// ========== ACCESS TOKEN ==========\nfunction writeAccessToken(token) {\n if (!token) {\n try {\n localStorage.removeItem('authToken');\n } catch (err) {\n console.warn('Could not clear token from localStorage:', err);\n }\n return;\n }\n\n try {\n localStorage.setItem('authToken', token);\n } catch (err) {\n console.warn('Could not persist token to localStorage:', err);\n }\n}\n\nfunction readAccessToken() {\n try {\n return localStorage.getItem('authToken');\n } catch (err) {\n console.warn('Could not read token from localStorage:', err);\n return null;\n }\n}\n\n// ========== REFRESH TOKEN (KEEP SIMPLE) ==========\n// export function setRefreshToken(token) {\n// if (!token) {\n// clearRefreshToken();\n// return;\n// }\n\n// const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);\n\n// try {\n// document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;\n// } catch (err) {\n// console.warn('Could not set refresh token:', err);\n// }\n// }\n\n// export function getRefreshToken() {\n// try {\n// const match = document.cookie\n// ?.split('; ')\n// ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));\n\n// if (match) {\n// return decodeURIComponent(match.split('=')[1]);\n// }\n// } catch (err) {\n// console.warn('Could not read refresh token:', err);\n// }\n\n// return null;\n// }\n\n// export function clearRefreshToken() {\n// try {\n// document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Lax${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n// } catch (err) {\n// console.warn('Could not clear refresh token:', err);\n// }\n// }\n\n// ========== ACCESS TOKEN FUNCTIONS ==========\nfunction decode(token) {\n try {\n return jwtDecode(token);\n } catch (err) {\n return null;\n }\n}\n\nfunction isExpired(token, bufferSeconds = 60) {\n if (!token) return true;\n const decoded = decode(token);\n if (!decoded?.exp) return true;\n const now = Date.now() / 1000;\n return decoded.exp < now + bufferSeconds;\n}\n\n// ========== TOKEN EXPIRY UTILITIES ==========\n// Get the exact expiry time of a token as a Date object\nexport function getTokenExpiryTime(token) {\n if (!token) return null;\n const decoded = decode(token);\n if (!decoded?.exp) return null;\n return new Date(decoded.exp * 1000);\n}\n\n// Get seconds until token expires (negative if already expired)\nexport function getTimeUntilExpiry(token) {\n if (!token) return -1;\n const decoded = decode(token);\n if (!decoded?.exp) return -1;\n const now = Date.now() / 1000;\n return Math.floor(decoded.exp - now);\n}\n\n// Check if token will expire within the next N seconds\nexport function willExpireSoon(token, withinSeconds = 60) {\n const timeLeft = getTimeUntilExpiry(token);\n return timeLeft >= 0 && timeLeft <= withinSeconds;\n}\n\nexport function setToken(token) {\n const previousToken = accessToken;\n accessToken = token || null;\n writeAccessToken(accessToken);\n\n if (previousToken !== accessToken) {\n listeners.forEach((listener) => {\n try {\n listener(accessToken, previousToken);\n } catch (err) {\n console.warn('Token listener error:', err);\n }\n });\n }\n}\n\nexport function getToken() {\n if (accessToken) return accessToken;\n accessToken = readAccessToken();\n return accessToken;\n}\n\nexport function clearToken() {\n if (!accessToken) {\n writeAccessToken(null);\n clearRefreshToken();\n return;\n }\n\n const previousToken = accessToken;\n accessToken = null;\n writeAccessToken(null);\n clearRefreshToken();\n\n listeners.forEach((listener) => {\n try {\n listener(null, previousToken);\n } catch (err) {\n console.warn('Token listener error:', err);\n }\n });\n}\n\n// ========== REFRESH TOKEN STORAGE ==========\n// By default:\n// HTTP β localStorage (cookies don't work cross-origin in dev)\n// HTTPS β httpOnly cookies (secure, managed by server)\n// When persistRefreshToken is enabled:\n// Always use localStorage (for local HTTPS with mkcert/self-signed certs)\nconst REFRESH_TOKEN_KEY = 'auth_refresh_token';\n\n// β
Persistence flag - controlled by config.persistRefreshToken\nlet _persistRefreshToken = false;\n\nexport function enableRefreshTokenPersistence(enabled) {\n _persistRefreshToken = !!enabled;\n console.log(`π§ Refresh token persistence: ${_persistRefreshToken ? 'ENABLED' : 'DISABLED'}`);\n}\n\nfunction shouldUseLocalStorage() {\n // If persistence is forced, always use localStorage\n if (_persistRefreshToken) return true;\n // Otherwise, only use localStorage on HTTP (dev mode)\n try {\n return typeof window !== 'undefined' &&\n window.location?.protocol === 'http:';\n } catch (err) {\n return false;\n }\n}\n\nexport function setRefreshToken(token) {\n if (!token) {\n clearRefreshToken();\n return;\n }\n\n if (shouldUseLocalStorage()) {\n try {\n localStorage.setItem(REFRESH_TOKEN_KEY, token);\n console.log(`π¦ Refresh token stored in localStorage (${_persistRefreshToken ? 'persistence enabled' : 'HTTP dev mode'})`);\n } catch (err) {\n console.warn('Could not store refresh token:', err);\n }\n } else {\n // HTTPS without persistence: refresh token is in httpOnly cookie only\n console.log('π Refresh token managed by server httpOnly cookie (production mode)');\n }\n}\n\nexport function getRefreshToken() {\n if (shouldUseLocalStorage()) {\n try {\n const token = localStorage.getItem(REFRESH_TOKEN_KEY);\n return token;\n } catch (err) {\n console.warn('Could not read refresh token:', err);\n return null;\n }\n }\n\n // HTTPS without persistence: refresh token is in httpOnly cookie (not accessible via JS)\n // The refresh endpoint uses credentials: 'include' to send the cookie\n return null;\n}\n\nexport function clearRefreshToken() {\n // Clear localStorage (for HTTP dev)\n try {\n localStorage.removeItem(REFRESH_TOKEN_KEY);\n } catch (err) {\n // Ignore\n }\n\n // Clear cookie (for production)\n try {\n document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n } catch (err) {\n console.warn('Could not clear refresh token cookie:', err);\n }\n\n // Clear sessionStorage\n try {\n sessionStorage.removeItem(REFRESH_COOKIE);\n } catch (err) {\n // Ignore\n }\n}\n\nexport function addTokenListener(listener) {\n if (typeof listener !== 'function') {\n throw new Error('Token listener must be a function');\n }\n listeners.add(listener);\n return () => {\n listeners.delete(listener);\n };\n}\n\nexport function removeTokenListener(listener) {\n listeners.delete(listener);\n}\n\nexport function getListenerCount() {\n return listeners.size;\n}\n\nexport function isAuthenticated() {\n const token = getToken();\n return !!token && !isExpired(token, 15);\n}\n\n\n\n","// auth-client/config.js\nimport { enableRefreshTokenPersistence } from './token';\n\n// ========== SESSION SECURITY CONFIGURATION ==========\n// These settings control how the auth-client handles token refresh and session validation\n// to ensure deleted sessions in Keycloak are detected quickly.\n\nlet config = {\n clientKey: null,\n authBaseUrl: null,\n redirectUri: null,\n accountUiUrl: null,\n isRouter: false, // β
Add router flag\n\n // ========== SESSION SECURITY SETTINGS ==========\n // Buffer time (in seconds) before token expiry to trigger proactive refresh\n // With 5-minute access tokens, refreshing 60s before expiry ensures seamless UX\n tokenRefreshBuffer: 60,\n\n // Interval (in milliseconds) for periodic session validation\n // Validates that the session still exists in Keycloak (not deleted by admin)\n // Default: 15 minutes (900000ms) - Increased from 2m to avoid frequent checks\n sessionValidationInterval: 15 * 60 * 1000,\n\n // Enable/disable periodic session validation\n // When enabled, the client will ping the server to verify session is still active\n enableSessionValidation: true,\n\n // Enable/disable proactive token refresh\n // When enabled, tokens are refreshed before they expire (using tokenRefreshBuffer)\n enableProactiveRefresh: true,\n\n // Validate session when browser tab becomes visible again\n // Catches session deletions that happened while the tab was inactive\n validateOnVisibility: true,\n\n // ========== REFRESH TOKEN PERSISTENCE ==========\n // When true, stores refresh token in localStorage even on HTTPS\n // Required for local dev with mkcert/self-signed certs where httpOnly cookies\n // may not work reliably across origins\n // β οΈ In true production, set to false and rely on httpOnly cookies\n persistRefreshToken: false,\n};\n\nexport function setConfig(customConfig = {}) {\n if (!customConfig.clientKey || !customConfig.authBaseUrl) {\n throw new Error('Missing required config: clientKey and authBaseUrl are required');\n }\n\n config = {\n ...config,\n ...customConfig,\n redirectUri: customConfig.redirectUri || window.location.origin + '/callback',\n // β
Auto-detect router mode\n isRouter: customConfig.isRouter || customConfig.clientKey === 'account-ui'\n };\n\n // β
Wire persistRefreshToken to token.js\n if (config.persistRefreshToken) {\n enableRefreshTokenPersistence(true);\n console.log('π¦ Refresh token persistence ENABLED (localStorage on HTTPS)');\n }\n\n console.log(`π§ Auth Client Mode: ${config.isRouter ? 'ROUTER' : 'CLIENT'}`, {\n clientKey: config.clientKey,\n isRouter: config.isRouter,\n persistRefreshToken: config.persistRefreshToken\n });\n}\n\nexport function getConfig() {\n return { ...config };\n}\n\n// β
Helper function\nexport function isRouterMode() {\n return config.isRouter;\n}\n","// auth-client/core.js - MINIMAL WORKING VERSION\n\nimport {\n setToken,\n clearToken,\n getToken,\n setRefreshToken,\n getRefreshToken,\n clearRefreshToken,\n getTimeUntilExpiry,\n} from './token';\nimport { getConfig, isRouterMode } from './config';\n\nlet callbackProcessed = false;\n\nexport function login(clientKeyArg, redirectUriArg) {\n // β
Reset callback state when starting new login\n resetCallbackState();\n\n const {\n clientKey: defaultClientKey,\n authBaseUrl,\n redirectUri: defaultRedirectUri,\n accountUiUrl\n } = getConfig();\n\n const clientKey = clientKeyArg || defaultClientKey;\n const redirectUri = redirectUriArg || defaultRedirectUri;\n\n console.log('π Smart Login initiated:', {\n mode: isRouterMode() ? 'ROUTER' : 'CLIENT',\n clientKey,\n redirectUri\n });\n\n if (!clientKey || !redirectUri) {\n throw new Error('Missing clientKey or redirectUri');\n }\n\n sessionStorage.setItem('originalApp', clientKey);\n sessionStorage.setItem('returnUrl', redirectUri);\n\n if (isRouterMode()) {\n // Router mode: Direct backend authentication\n return routerLogin(clientKey, redirectUri);\n } else {\n // Client mode: Redirect to centralized login\n return clientLogin(clientKey, redirectUri);\n }\n}\n\n// β
Router mode: Direct backend call\nfunction routerLogin(clientKey, redirectUri) {\n const { authBaseUrl } = getConfig();\n\n const params = new URLSearchParams();\n if (redirectUri) {\n params.append('redirect_uri', redirectUri);\n }\n const query = params.toString();\n const backendLoginUrl = `${authBaseUrl}/login/${clientKey}${query ? `?${query}` : ''}`;\n\n console.log('π Router Login: Direct backend authentication', {\n clientKey,\n redirectUri,\n backendUrl: backendLoginUrl\n });\n\n window.location.href = backendLoginUrl;\n}\n\n// β
Client mode: Centralized login\nfunction clientLogin(clientKey, redirectUri) {\n const { accountUiUrl } = getConfig();\n\n const params = new URLSearchParams({\n client: clientKey\n });\n if (redirectUri) {\n params.append('redirect_uri', redirectUri);\n }\n const centralizedLoginUrl = `${accountUiUrl}/login?${params.toString()}`;\n\n console.log('π Client Login: Redirecting to centralized login', {\n clientKey,\n redirectUri,\n centralizedUrl: centralizedLoginUrl\n });\n\n window.location.href = centralizedLoginUrl;\n}\n\nexport function logout() {\n resetCallbackState();\n\n const { clientKey, authBaseUrl, accountUiUrl } = getConfig();\n const token = getToken();\n\n console.log('πͺ Smart Logout initiated');\n\n clearToken();\n clearRefreshToken();\n sessionStorage.removeItem('originalApp');\n sessionStorage.removeItem('returnUrl');\n\n if (isRouterMode()) {\n return routerLogout(clientKey, authBaseUrl, accountUiUrl, token);\n } else {\n return clientLogout(clientKey, accountUiUrl);\n }\n}\n\nasync function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {\n console.log('π Router Logout');\n\n const refreshToken = getRefreshToken();\n\n try {\n const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {\n method: 'POST',\n credentials: 'include',\n headers: {\n 'Authorization': token ? `Bearer ${token}` : '',\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({\n refreshToken: refreshToken\n })\n });\n\n const data = await response.json();\n console.log('β
Logout response:', data);\n\n clearRefreshToken();\n clearToken();\n\n // Skip Keycloak confirmation page - redirect directly to login\n // Backend has already revoked the session/tokens\n console.log('π Redirecting to login (skipping Keycloak confirmation)');\n window.location.href = '/login';\n\n } catch (error) {\n console.warn('β οΈ Logout failed:', error);\n clearRefreshToken();\n clearToken();\n // Still redirect to login even on error\n window.location.href = '/login';\n }\n}\n\nfunction clientLogout(clientKey, accountUiUrl) {\n console.log('π Client Logout');\n const logoutUrl = `${accountUiUrl}/login?client=${clientKey}&logout=true`;\n window.location.href = logoutUrl;\n}\n\nexport function handleCallback() {\n const params = new URLSearchParams(window.location.search);\n const accessToken = params.get('access_token');\n const error = params.get('error');\n\n console.log('π Callback handling:', {\n hasAccessToken: !!accessToken,\n error\n });\n\n // β
Prevent duplicate callback processing\n if (callbackProcessed) {\n const existingToken = getToken();\n if (existingToken) {\n console.log('β
Callback already processed, returning existing token');\n return existingToken;\n }\n // Reset if no token found (might be a retry)\n callbackProcessed = false;\n }\n\n callbackProcessed = true;\n sessionStorage.removeItem('originalApp');\n sessionStorage.removeItem('returnUrl');\n\n if (error) {\n const errorDescription = params.get('error_description') || error;\n throw new Error(`Authentication failed: ${errorDescription}`);\n }\n\n if (accessToken) {\n setToken(accessToken);\n\n // β
Store refresh token from URL when persistence is enabled OR in HTTP dev mode\n // When persistRefreshToken is true, we always store it (needed for local HTTPS with mkcert)\n // When false, only store on HTTP (HTTPS relies on httpOnly cookies from server)\n const refreshTokenInUrl = params.get('refresh_token');\n if (refreshTokenInUrl) {\n const { persistRefreshToken } = getConfig();\n const isHttpDev = typeof window !== 'undefined' && window.location?.protocol === 'http:';\n if (persistRefreshToken || isHttpDev) {\n console.log(`π¦ Storing refresh token from callback URL (${persistRefreshToken ? 'persistence enabled' : 'HTTP dev mode'})`);\n setRefreshToken(refreshTokenInUrl);\n } else {\n console.log('π HTTPS mode: Refresh token is in httpOnly cookie (ignoring URL param)');\n }\n }\n\n const url = new URL(window.location);\n url.searchParams.delete('access_token');\n url.searchParams.delete('refresh_token');\n url.searchParams.delete('state');\n url.searchParams.delete('error');\n url.searchParams.delete('error_description');\n window.history.replaceState({}, '', url);\n\n console.log('β
Callback processed successfully, token stored');\n return accessToken;\n }\n\n throw new Error('No access token found in callback URL');\n}\n\nexport function resetCallbackState() {\n callbackProcessed = false;\n}\n\n// β
Add refresh lock to prevent concurrent refresh calls\nlet refreshInProgress = false;\nlet refreshPromise = null;\n\nexport async function refreshToken() {\n const { clientKey, authBaseUrl } = getConfig();\n\n // β
Prevent concurrent refresh calls\n if (refreshInProgress && refreshPromise) {\n console.log('π Token refresh already in progress, waiting...');\n return refreshPromise;\n }\n\n refreshInProgress = true;\n refreshPromise = (async () => {\n try {\n // Get stored refresh token (for HTTP development)\n const storedRefreshToken = getRefreshToken();\n\n console.log('π Refreshing token:', {\n clientKey,\n mode: isRouterMode() ? 'ROUTER' : 'CLIENT',\n hasStoredRefreshToken: !!storedRefreshToken\n });\n\n // Build request options - send refresh token in body and header for HTTP dev\n const requestOptions = {\n method: 'POST',\n credentials: 'include', // β
Include httpOnly cookies (for HTTPS)\n headers: {\n 'Content-Type': 'application/json'\n }\n };\n\n // For HTTP development, send refresh token in body and header\n if (storedRefreshToken) {\n requestOptions.headers['X-Refresh-Token'] = storedRefreshToken;\n requestOptions.body = JSON.stringify({ refreshToken: storedRefreshToken });\n }\n\n const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, requestOptions);\n\n if (!response.ok) {\n const errorText = await response.text();\n console.error('β Token refresh failed:', response.status, errorText);\n throw new Error(`Refresh failed: ${response.status}`);\n }\n\n const data = await response.json();\n const { access_token, refresh_token: new_refresh_token } = data;\n\n if (!access_token) {\n throw new Error('No access token in refresh response');\n }\n\n // β
This will trigger token listeners\n setToken(access_token);\n\n // β
Store new refresh token if provided (token rotation)\n if (new_refresh_token) {\n setRefreshToken(new_refresh_token);\n console.log('π New refresh token stored from rotation');\n }\n\n console.log('β
Token refresh successful, listeners notified');\n return access_token;\n } catch (err) {\n console.error('β Token refresh error:', err);\n // β
This will trigger token listeners\n clearToken();\n clearRefreshToken();\n throw err;\n } finally {\n refreshInProgress = false;\n refreshPromise = null;\n }\n })();\n\n return refreshPromise;\n}\n\nexport async function validateCurrentSession() {\n try {\n const { authBaseUrl } = getConfig();\n const token = getToken();\n\n if (!token || !authBaseUrl) {\n return false;\n }\n\n const response = await fetch(`${authBaseUrl}/account/validate-session`, {\n method: 'GET',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json'\n },\n credentials: 'include'\n });\n\n if (!response.ok) {\n if (response.status === 401) {\n return false;\n }\n throw new Error(`HTTP ${response.status}: ${response.statusText}`);\n }\n\n const data = await response.json();\n return data.valid === true;\n } catch (error) {\n console.warn('Session validation failed:', error.message);\n if (error.message.includes('401')) {\n return false;\n }\n throw error;\n }\n}\n\n// ========== SESSION SECURITY: PROACTIVE REFRESH & VALIDATION ==========\n// These functions ensure that:\n// 1. Tokens are refreshed before they expire (proactive refresh)\n// 2. Sessions deleted in Keycloak Admin UI are detected quickly (periodic validation)\n\nlet proactiveRefreshTimer = null;\nlet sessionValidationTimer = null;\nlet visibilityHandler = null;\nlet sessionInvalidCallbacks = new Set();\n\n// Register a callback to be called when session is invalidated\nexport function onSessionInvalid(callback) {\n if (typeof callback === 'function') {\n sessionInvalidCallbacks.add(callback);\n }\n return () => sessionInvalidCallbacks.delete(callback);\n}\n\n// Notify all registered callbacks that session is invalid\nfunction notifySessionInvalid(reason = 'session_deleted') {\n console.log('π¨ Session invalidated:', reason);\n sessionInvalidCallbacks.forEach(callback => {\n try {\n callback(reason);\n } catch (err) {\n console.error('Session invalid callback error:', err);\n }\n });\n}\n\n// ========== PROACTIVE TOKEN REFRESH ==========\n// Schedules token refresh before expiry to ensure seamless UX\n\nexport function startProactiveRefresh() {\n const { enableProactiveRefresh, tokenRefreshBuffer } = getConfig();\n\n if (!enableProactiveRefresh) {\n console.log('βΈοΈ Proactive refresh disabled by config');\n return null;\n }\n\n // Clear any existing timer\n stopProactiveRefresh();\n\n const token = getToken();\n if (!token) {\n console.log('βΈοΈ No token, skipping proactive refresh setup');\n return null;\n }\n\n const timeUntilExpiry = getTimeUntilExpiry(token);\n\n if (timeUntilExpiry <= 0) {\n console.log('β οΈ Token already expired, attempting immediate refresh');\n refreshToken().catch(err => {\n console.error('β Immediate refresh failed:', err);\n notifySessionInvalid('token_expired');\n });\n return null;\n }\n\n // Schedule refresh for (expiry - buffer) seconds from now\n const refreshIn = Math.max(0, (timeUntilExpiry - tokenRefreshBuffer)) * 1000;\n\n console.log(`π Scheduling proactive refresh in ${Math.round(refreshIn / 1000)}s (token expires in ${timeUntilExpiry}s)`);\n\n proactiveRefreshTimer = setTimeout(async () => {\n try {\n console.log('π Proactive token refresh triggered');\n await refreshToken();\n console.log('β
Proactive refresh successful, scheduling next refresh');\n // Schedule next refresh after successful refresh\n startProactiveRefresh();\n } catch (err) {\n console.error('β Proactive refresh failed:', err);\n\n // Check if this is a permanent failure (token revoked, invalid, etc.)\n const errorMessage = err.message?.toLowerCase() || '';\n const isPermanentFailure =\n errorMessage.includes('401') ||\n errorMessage.includes('revoked') ||\n errorMessage.includes('invalid') ||\n errorMessage.includes('expired') ||\n errorMessage.includes('unauthorized');\n\n if (isPermanentFailure) {\n console.log('π¨ Token permanently invalid, triggering session expiry');\n notifySessionInvalid('refresh_token_revoked');\n } else {\n // Temporary failure (network issue), try again in 30 seconds\n proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 30000);\n }\n }\n }, refreshIn);\n\n return proactiveRefreshTimer;\n}\n\nexport function stopProactiveRefresh() {\n if (proactiveRefreshTimer) {\n clearTimeout(proactiveRefreshTimer);\n proactiveRefreshTimer = null;\n console.log('βΉοΈ Proactive refresh stopped');\n }\n}\n\n// ========== PERIODIC SESSION VALIDATION ==========\n// Validates with server that session still exists in Keycloak\n// Catches session deletions from Keycloak Admin UI\n\nexport function startSessionMonitor(onInvalid) {\n const { enableSessionValidation, sessionValidationInterval, validateOnVisibility } = getConfig();\n\n if (!enableSessionValidation) {\n console.log('βΈοΈ Session validation disabled by config');\n return null;\n }\n\n // Register callback if provided\n if (onInvalid && typeof onInvalid === 'function') {\n sessionInvalidCallbacks.add(onInvalid);\n }\n\n // Clear any existing timer\n stopSessionMonitor();\n\n const token = getToken();\n if (!token) {\n console.log('βΈοΈ No token, skipping session monitor setup');\n return null;\n }\n\n console.log(`ποΈ Starting session monitor (interval: ${sessionValidationInterval / 1000}s)`);\n\n // Periodic validation\n sessionValidationTimer = setInterval(async () => {\n try {\n const currentToken = getToken();\n if (!currentToken) {\n console.log('βΈοΈ No token, stopping session validation');\n stopSessionMonitor();\n return;\n }\n\n console.log('π Validating session...');\n const isValid = await validateCurrentSession();\n\n if (!isValid) {\n console.log('β Session no longer valid on server');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted');\n } else {\n console.log('β
Session still valid');\n }\n } catch (error) {\n console.warn('β οΈ Session validation check failed:', error.message);\n // Don't invalidate on network errors - wait for next check\n }\n }, sessionValidationInterval);\n\n // Visibility-based validation (when tab becomes visible again)\n if (validateOnVisibility && typeof document !== 'undefined') {\n visibilityHandler = async () => {\n if (document.visibilityState === 'visible') {\n const currentToken = getToken();\n if (!currentToken) return;\n\n console.log('ποΈ Tab visible - validating session');\n try {\n const isValid = await validateCurrentSession();\n if (!isValid) {\n console.log('β Session expired while tab was hidden');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted_while_hidden');\n }\n } catch (error) {\n console.warn('β οΈ Visibility check failed:', error.message);\n }\n }\n };\n document.addEventListener('visibilitychange', visibilityHandler);\n }\n\n return sessionValidationTimer;\n}\n\nexport function stopSessionMonitor() {\n if (sessionValidationTimer) {\n clearInterval(sessionValidationTimer);\n sessionValidationTimer = null;\n console.log('βΉοΈ Session monitor stopped');\n }\n\n if (visibilityHandler && typeof document !== 'undefined') {\n document.removeEventListener('visibilitychange', visibilityHandler);\n visibilityHandler = null;\n }\n}\n\n// ========== COMBINED SESSION SECURITY ==========\n// Start both proactive refresh and session monitoring\n\nexport function startSessionSecurity(onSessionInvalidCallback) {\n console.log('π Starting session security (proactive refresh + session monitoring)');\n\n startProactiveRefresh();\n startSessionMonitor(onSessionInvalidCallback);\n\n return {\n stopAll: () => {\n stopProactiveRefresh();\n stopSessionMonitor();\n }\n };\n}\n\nexport function stopSessionSecurity() {\n stopProactiveRefresh();\n stopSessionMonitor();\n sessionInvalidCallbacks.clear();\n console.log('π Session security stopped');\n}\n\n","// auth-client/api.js\nimport axios from 'axios';\nimport { getConfig } from './config';\nimport { getToken, setToken, clearToken } from './token';\nimport { refreshToken as performRefresh } from './core';\n\nconst api = axios.create({\n withCredentials: true,\n});\n\napi.interceptors.request.use((config) => {\n const runtimeConfig = getConfig();\n\n if (!config.baseURL) {\n\n config.baseURL = runtimeConfig?.authBaseUrl || 'http://auth.local.test:4000/auth';\n }\n\n if (!config.headers) {\n config.headers = {};\n }\n\n if (runtimeConfig?.clientKey && !config.headers['X-Client-Key']) {\n config.headers['X-Client-Key'] = runtimeConfig.clientKey;\n }\n\n const token = getToken();\n if (token) {\n config.headers.Authorization = `Bearer ${token}`;\n }\n\n return config;\n});\n\nlet refreshPromise = null;\n\napi.interceptors.response.use(\n (response) => response,\n async (error) => {\n const { response, config } = error || {};\n\n if (!response || !config) {\n return Promise.reject(error);\n }\n\n if (response.status !== 401 || config._retry) {\n return Promise.reject(error);\n }\n\n config._retry = true;\n\n if (!refreshPromise) {\n refreshPromise = performRefresh()\n .then((newToken) => {\n refreshPromise = null;\n if (newToken) {\n setToken(newToken);\n }\n return newToken;\n })\n .catch((refreshError) => {\n refreshPromise = null;\n clearToken();\n throw refreshError;\n });\n }\n\n try {\n const refreshedToken = await refreshPromise;\n\n if (refreshedToken) {\n config.headers.Authorization = `Bearer ${refreshedToken}`;\n return api(config);\n }\n } catch (refreshErr) {\n return Promise.reject(refreshErr);\n }\n\n return Promise.reject(error);\n }\n);\n\napi.validateSession = async () => {\n try {\n const response = await api.get('/account/validate-session');\n return response.data.valid;\n } catch (err) {\n if (err.response?.status === 401) {\n return false;\n }\n throw err;\n }\n};\n\nexport default api;\n","// auth-client/utils/jwt.js\nimport { jwtDecode } from 'jwt-decode';\nimport { getToken } from '../token';\n\nexport function decodeToken(token) {\n try {\n return jwtDecode(token);\n } catch (err) {\n console.warn('Failed to decode JWT:', err);\n return null;\n }\n}\n\nexport function isTokenExpired(token, bufferSeconds = 60) {\n const decoded = decodeToken(token);\n if (!decoded || !decoded.exp) return true;\n const currentTime = Date.now() / 1000;\n return decoded.exp < currentTime + bufferSeconds;\n}\n\n\n// β
Check if user is authenticated\nexport function isAuthenticated() {\n const token = getToken();\n return !!token && !isTokenExpired(token);\n}\n\n","// auth-client/react/AuthProvider.jsx\nimport React, { createContext, useState, useEffect, useRef } from 'react';\nimport { getToken, setToken, clearToken } from '../token';\nimport { getConfig } from '../config';\nimport { \n login as coreLogin, \n logout as coreLogout,\n startSessionSecurity,\n stopSessionSecurity,\n onSessionInvalid\n} from '../core';\n\nexport const AuthContext = createContext();\n\nexport function AuthProvider({ children, onSessionExpired }) {\n const [token, setTokenState] = useState(getToken());\n const [user, setUser] = useState(null);\n const [loading, setLoading] = useState(!!token); // Loading if we have a token to validate\n const [sessionValid, setSessionValid] = useState(true);\n const sessionSecurityRef = useRef(null);\n\n // Handle session invalidation (from Keycloak admin deletion or expiry)\n const handleSessionInvalid = (reason) => {\n console.log('π¨ AuthProvider: Session invalidated -', reason);\n setSessionValid(false);\n setUser(null);\n setTokenState(null);\n \n // Call custom callback if provided\n if (onSessionExpired && typeof onSessionExpired === 'function') {\n onSessionExpired(reason);\n }\n };\n\n // Start session security on mount (when we have a token)\n useEffect(() => {\n if (token && !sessionSecurityRef.current) {\n console.log('π AuthProvider: Starting session security');\n \n // Register session invalid handler\n const unsubscribe = onSessionInvalid(handleSessionInvalid);\n \n // Start proactive refresh + session monitoring\n sessionSecurityRef.current = startSessionSecurity(handleSessionInvalid);\n \n return () => {\n unsubscribe();\n if (sessionSecurityRef.current) {\n sessionSecurityRef.current.stopAll();\n sessionSecurityRef.current = null;\n }\n };\n }\n \n // Cleanup when token is removed\n if (!token && sessionSecurityRef.current) {\n sessionSecurityRef.current.stopAll();\n sessionSecurityRef.current = null;\n }\n }, [token]);\n\n useEffect(() => {\n console.log('π AuthProvider useEffect triggered:', { \n hasToken: !!token, \n tokenLength: token?.length \n });\n \n if (!token) {\n console.log('β οΈ AuthProvider: No token, setting loading=false');\n setLoading(false);\n return;\n }\n \n const { authBaseUrl } = getConfig();\n if (!authBaseUrl) {\n console.warn('AuthProvider: No authBaseUrl configured');\n setLoading(false);\n return;\n }\n\n console.log('π AuthProvider: Fetching profile with token...', {\n authBaseUrl,\n tokenPreview: token.slice(0, 50) + '...'\n });\n\n fetch(`${authBaseUrl}/account/profile`, {\n headers: { Authorization: `Bearer ${token}` },\n credentials: 'include',\n })\n .then(res => {\n console.log('π₯ Profile response status:', res.status);\n if (!res.ok) throw new Error('Failed to fetch user');\n return res.json();\n })\n .then(userData => {\n console.log('β
Profile fetched successfully:', userData.email);\n setUser(userData);\n setSessionValid(true);\n setLoading(false);\n })\n .catch(err => {\n console.error('β Fetch user error:', err);\n clearToken();\n setTokenState(null);\n setUser(null);\n setLoading(false);\n });\n }, [token]);\n\n const login = (clientKey, redirectUri, state) => {\n coreLogin(clientKey, redirectUri, state);\n };\n\n const logout = () => {\n // Stop session security before logout\n stopSessionSecurity();\n sessionSecurityRef.current = null;\n \n coreLogout();\n setUser(null);\n setTokenState(null);\n setSessionValid(true);\n };\n\n const value = {\n token,\n user,\n loading,\n login,\n logout,\n isAuthenticated: !!token && !!user && sessionValid,\n sessionValid,\n setUser,\n setToken: (newToken) => {\n setToken(newToken);\n setTokenState(newToken);\n setSessionValid(true);\n },\n clearToken: () => {\n stopSessionSecurity();\n sessionSecurityRef.current = null;\n clearToken();\n setTokenState(null);\n setUser(null);\n },\n };\n\n return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;\n}\n\n","import { useContext } from 'react';\nimport { AuthContext } from './AuthProvider';\n\nexport function useAuth() {\n const context = useContext(AuthContext);\n if (!context) {\n throw new Error('useAuth must be used within an AuthProvider');\n }\n return context;\n}","// auth-client/react/useSessionMonitor.js\n// Enhanced session monitoring hook for detecting Keycloak admin session deletions\nimport { useQuery, useQueryClient } from '@tanstack/react-query';\nimport { useEffect, useCallback } from 'react';\nimport { auth } from '../index';\n\n/**\n * useSessionMonitor - React hook for periodic session validation\n * \n * This hook validates that the user's session still exists in Keycloak.\n * When an admin deletes a session from Keycloak Admin UI, this hook\n * will detect it and trigger the onSessionInvalid callback.\n * \n * @param {Object} options Configuration options\n * @param {boolean} options.enabled - Enable/disable monitoring (default: true)\n * @param {number} options.refetchInterval - Validation interval in ms (default: 120000 = 2 min)\n * @param {Function} options.onSessionInvalid - Callback when session is deleted\n * @param {Function} options.onError - Callback for validation errors\n * @param {boolean} options.autoLogout - Auto logout on invalid session (default: true)\n * @param {boolean} options.validateOnMount - Validate session immediately on mount (default: true)\n */\nexport const useSessionMonitor = (options = {}) => {\n const queryClient = useQueryClient();\n\n const {\n enabled = true,\n refetchInterval = 2 * 60 * 1000, // 2 minutes (matching config default)\n onSessionInvalid,\n onError,\n autoLogout = true,\n validateOnMount = true,\n } = options;\n\n // Handle session invalidation\n const handleInvalid = useCallback(() => {\n console.log('π¨ useSessionMonitor: Session invalid detected');\n\n // Clear all react-query cache\n queryClient.clear();\n\n // Auto logout if enabled\n if (autoLogout) {\n auth.clearToken();\n auth.clearRefreshToken();\n }\n\n // Call custom callback\n if (onSessionInvalid) {\n onSessionInvalid();\n }\n }, [queryClient, autoLogout, onSessionInvalid]);\n\n // Session validation query\n const query = useQuery({\n queryKey: ['session-validation'],\n queryFn: async () => {\n try {\n const token = auth.getToken();\n if (!token) {\n return { valid: false, reason: 'no_token' };\n }\n\n console.log('π useSessionMonitor: Validating session...');\n const isValid = await auth.validateCurrentSession();\n\n if (!isValid) {\n console.log('β useSessionMonitor: Session no longer valid');\n handleInvalid();\n return { valid: false, reason: 'session_deleted' };\n }\n\n console.log('β
useSessionMonitor: Session still valid');\n return { valid: true };\n } catch (error) {\n console.error('β οΈ useSessionMonitor: Validation error:', error);\n if (onError) {\n onError(error);\n }\n throw error;\n }\n },\n enabled: enabled && !!auth.getToken(),\n refetchInterval,\n refetchIntervalInBackground: true,\n retry: 2,\n retryDelay: 5000,\n staleTime: refetchInterval / 2, // Consider stale at half the interval\n });\n\n // Validate on visibility change (when user returns to tab)\n useEffect(() => {\n if (!enabled) return;\n\n const handleVisibilityChange = () => {\n if (document.visibilityState === 'visible' && auth.getToken()) {\n console.log('ποΈ useSessionMonitor: Tab visible - triggering validation');\n queryClient.invalidateQueries({ queryKey: ['session-validation'] });\n }\n };\n\n document.addEventListener('visibilitychange', handleVisibilityChange);\n return () => {\n document.removeEventListener('visibilitychange', handleVisibilityChange);\n };\n }, [enabled, queryClient]);\n\n // Validate immediately on mount if enabled\n useEffect(() => {\n if (validateOnMount && enabled && auth.getToken()) {\n queryClient.invalidateQueries({ queryKey: ['session-validation'] });\n }\n }, [validateOnMount, enabled, queryClient]);\n\n return {\n ...query,\n isSessionValid: query.data?.valid ?? true,\n invalidationReason: query.data?.reason,\n manualValidate: () => queryClient.invalidateQueries({ queryKey: ['session-validation'] }),\n };\n};\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEA,wBAA0B;AAE1B,IAAI,cAAc;AAClB,IAAM,YAAY,oBAAI,IAAI;AAE1B,IAAM,iBAAiB;AACvB,IAAM,iBAAiB,IAAI,KAAK,KAAK;AAErC,SAAS,kBAAkB;AAV3B;AAWE,MAAI;AACF,WAAO,OAAO,WAAW,iBAAe,YAAO,aAAP,mBAAiB,cAAa,WAClE,aACA;AAAA,EACN,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAGA,SAAS,iBAAiB,OAAO;AAC/B,MAAI,CAAC,OAAO;AACV,QAAI;AACF,mBAAa,WAAW,WAAW;AAAA,IACrC,SAAS,KAAK;AACZ,cAAQ,KAAK,4CAA4C,GAAG;AAAA,IAC9D;AACA;AAAA,EACF;AAEA,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AAAA,EACzC,SAAS,KAAK;AACZ,YAAQ,KAAK,4CAA4C,GAAG;AAAA,EAC9D;AACF;AAEA,SAAS,kBAAkB;AACzB,MAAI;AACF,WAAO,aAAa,QAAQ,WAAW;AAAA,EACzC,SAAS,KAAK;AACZ,YAAQ,KAAK,2CAA2C,GAAG;AAC3D,WAAO;AAAA,EACT;AACF;AA2CA,SAAS,OAAO,OAAO;AACrB,MAAI;AACF,eAAO,6BAAU,KAAK;AAAA,EACxB,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAYO,SAAS,mBAAmB,OAAO;AACxC,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,EAAC,mCAAS,KAAK,QAAO;AAC1B,SAAO,IAAI,KAAK,QAAQ,MAAM,GAAI;AACpC;AAGO,SAAS,mBAAmB,OAAO;AACxC,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,EAAC,mCAAS,KAAK,QAAO;AAC1B,QAAM,MAAM,KAAK,IAAI,IAAI;AACzB,SAAO,KAAK,MAAM,QAAQ,MAAM,GAAG;AACrC;AAGO,SAAS,eAAe,OAAO,gBAAgB,IAAI;AACxD,QAAM,WAAW,mBAAmB,KAAK;AACzC,SAAO,YAAY,KAAK,YAAY;AACtC;AAEO,SAAS,SAAS,OAAO;AAC9B,QAAM,gBAAgB;AACtB,gBAAc,SAAS;AACvB,mBAAiB,WAAW;AAE5B,MAAI,kBAAkB,aAAa;AACjC,cAAU,QAAQ,CAAC,aAAa;AAC9B,UAAI;AACF,iBAAS,aAAa,aAAa;AAAA,MACrC,SAAS,KAAK;AACZ,gBAAQ,KAAK,yBAAyB,GAAG;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEO,SAAS,WAAW;AACzB,MAAI,YAAa,QAAO;AACxB,gBAAc,gBAAgB;AAC9B,SAAO;AACT;AAEO,SAAS,aAAa;AAC3B,MAAI,CAAC,aAAa;AAChB,qBAAiB,IAAI;AACrB,sBAAkB;AAClB;AAAA,EACF;AAEA,QAAM,gBAAgB;AACtB,gBAAc;AACd,mBAAiB,IAAI;AACrB,oBAAkB;AAElB,YAAU,QAAQ,CAAC,aAAa;AAC9B,QAAI;AACF,eAAS,MAAM,aAAa;AAAA,IAC9B,SAAS,KAAK;AACZ,cAAQ,KAAK,yBAAyB,GAAG;AAAA,IAC3C;AAAA,EACF,CAAC;AACH;AAQA,IAAM,oBAAoB;AAG1B,IAAI,uBAAuB;AAEpB,SAAS,8BAA8B,SAAS;AACrD,yBAAuB,CAAC,CAAC;AACzB,UAAQ,IAAI,wCAAiC,uBAAuB,YAAY,UAAU,EAAE;AAC9F;AAEA,SAAS,wBAAwB;AA3LjC;AA6LE,MAAI,qBAAsB,QAAO;AAEjC,MAAI;AACF,WAAO,OAAO,WAAW,iBACvB,YAAO,aAAP,mBAAiB,cAAa;AAAA,EAClC,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAEO,SAAS,gBAAgB,OAAO;AACrC,MAAI,CAAC,OAAO;AACV,sBAAkB;AAClB;AAAA,EACF;AAEA,MAAI,sBAAsB,GAAG;AAC3B,QAAI;AACF,mBAAa,QAAQ,mBAAmB,KAAK;AAC7C,cAAQ,IAAI,mDAA4C,uBAAuB,wBAAwB,eAAe,GAAG;AAAA,IAC3H,SAAS,KAAK;AACZ,cAAQ,KAAK,kCAAkC,GAAG;AAAA,IACpD;AAAA,EACF,OAAO;AAEL,YAAQ,IAAI,6EAAsE;AAAA,EACpF;AACF;AAEO,SAAS,kBAAkB;AAChC,MAAI,sBAAsB,GAAG;AAC3B,QAAI;AACF,YAAM,QAAQ,aAAa,QAAQ,iBAAiB;AACpD,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,KAAK,iCAAiC,GAAG;AACjD,aAAO;AAAA,IACT;AAAA,EACF;AAIA,SAAO;AACT;AAEO,SAAS,oBAAoB;AAElC,MAAI;AACF,iBAAa,WAAW,iBAAiB;AAAA,EAC3C,SAAS,KAAK;AAAA,EAEd;AAGA,MAAI;AACF,aAAS,SAAS,GAAG,cAAc,6BAA6B,gBAAgB,CAAC;AAAA,EACnF,SAAS,KAAK;AACZ,YAAQ,KAAK,yCAAyC,GAAG;AAAA,EAC3D;AAGA,MAAI;AACF,mBAAe,WAAW,cAAc;AAAA,EAC1C,SAAS,KAAK;AAAA,EAEd;AACF;AAEO,SAAS,iBAAiB,UAAU;AACzC,MAAI,OAAO,aAAa,YAAY;AAClC,UAAM,IAAI,MAAM,mCAAmC;AAAA,EACrD;AACA,YAAU,IAAI,QAAQ;AACtB,SAAO,MAAM;AACX,cAAU,OAAO,QAAQ;AAAA,EAC3B;AACF;AAEO,SAAS,oBAAoB,UAAU;AAC5C,YAAU,OAAO,QAAQ;AAC3B;AAEO,SAAS,mBAAmB;AACjC,SAAO,UAAU;AACnB;;;AC1QA,IAAI,SAAS;AAAA,EACX,WAAW;AAAA,EACX,aAAa;AAAA,EACb,aAAa;AAAA,EACb,cAAc;AAAA,EACd,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA,EAKV,oBAAoB;AAAA;AAAA;AAAA;AAAA,EAKpB,2BAA2B,KAAK,KAAK;AAAA;AAAA;AAAA,EAIrC,yBAAyB;AAAA;AAAA;AAAA,EAIzB,wBAAwB;AAAA;AAAA;AAAA,EAIxB,sBAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOtB,qBAAqB;AACvB;AAEO,SAAS,UAAU,eAAe,CAAC,GAAG;AAC3C,MAAI,CAAC,aAAa,aAAa,CAAC,aAAa,aAAa;AACxD,UAAM,IAAI,MAAM,iEAAiE;AAAA,EACnF;AAEA,WAAS;AAAA,IACP,GAAG;AAAA,IACH,GAAG;AAAA,IACH,aAAa,aAAa,eAAe,OAAO,SAAS,SAAS;AAAA;AAAA,IAElE,UAAU,aAAa,YAAY,aAAa,cAAc;AAAA,EAChE;AAGA,MAAI,OAAO,qBAAqB;AAC9B,kCAA8B,IAAI;AAClC,YAAQ,IAAI,qEAA8D;AAAA,EAC5E;AAEA,UAAQ,IAAI,+BAAwB,OAAO,WAAW,WAAW,QAAQ,IAAI;AAAA,IAC3E,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,qBAAqB,OAAO;AAAA,EAC9B,CAAC;AACH;AAEO,SAAS,YAAY;AAC1B,SAAO,EAAE,GAAG,OAAO;AACrB;AAGO,SAAS,eAAe;AAC7B,SAAO,OAAO;AAChB;;;AChEA,IAAI,oBAAoB;AAEjB,SAAS,MAAM,cAAc,gBAAgB;AAElD,qBAAmB;AAEnB,QAAM;AAAA,IACJ,WAAW;AAAA,IACX;AAAA,IACA,aAAa;AAAA,IACb;AAAA,EACF,IAAI,UAAU;AAEd,QAAM,YAAY,gBAAgB;AAClC,QAAM,cAAc,kBAAkB;AAEtC,UAAQ,IAAI,oCAA6B;AAAA,IACvC,MAAM,aAAa,IAAI,WAAW;AAAA,IAClC;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,CAAC,aAAa,CAAC,aAAa;AAC9B,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AAEA,iBAAe,QAAQ,eAAe,SAAS;AAC/C,iBAAe,QAAQ,aAAa,WAAW;AAE/C,MAAI,aAAa,GAAG;AAElB,WAAO,YAAY,WAAW,WAAW;AAAA,EAC3C,OAAO;AAEL,WAAO,YAAY,WAAW,WAAW;AAAA,EAC3C;AACF;AAGA,SAAS,YAAY,WAAW,aAAa;AAC3C,QAAM,EAAE,YAAY,IAAI,UAAU;AAElC,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,aAAa;AACf,WAAO,OAAO,gBAAgB,WAAW;AAAA,EAC3C;AACA,QAAM,QAAQ,OAAO,SAAS;AAC9B,QAAM,kBAAkB,GAAG,WAAW,UAAU,SAAS,GAAG,QAAQ,IAAI,KAAK,KAAK,EAAE;AAEpF,UAAQ,IAAI,yDAAkD;AAAA,IAC5D;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,CAAC;AAED,SAAO,SAAS,OAAO;AACzB;AAGA,SAAS,YAAY,WAAW,aAAa;AAC3C,QAAM,EAAE,aAAa,IAAI,UAAU;AAEnC,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,QAAQ;AAAA,EACV,CAAC;AACD,MAAI,aAAa;AACf,WAAO,OAAO,gBAAgB,WAAW;AAAA,EAC3C;AACA,QAAM,sBAAsB,GAAG,YAAY,UAAU,OAAO,SAAS,CAAC;AAEtE,UAAQ,IAAI,4DAAqD;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,EAClB,CAAC;AAED,SAAO,SAAS,OAAO;AACzB;AAEO,SAAS,SAAS;AACvB,qBAAmB;AAEnB,QAAM,EAAE,WAAW,aAAa,aAAa,IAAI,UAAU;AAC3D,QAAM,QAAQ,SAAS;AAEvB,UAAQ,IAAI,kCAA2B;AAEvC,aAAW;AACX,oBAAkB;AAClB,iBAAe,WAAW,aAAa;AACvC,iBAAe,WAAW,WAAW;AAErC,MAAI,aAAa,GAAG;AAClB,WAAO,aAAa,WAAW,aAAa,cAAc,KAAK;AAAA,EACjE,OAAO;AACL,WAAO,aAAa,WAAW,YAAY;AAAA,EAC7C;AACF;AAEA,eAAe,aAAa,WAAW,aAAa,cAAc,OAAO;AACvE,UAAQ,IAAI,yBAAkB;AAE9B,QAAMA,gBAAe,gBAAgB;AAErC,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,WAAW,WAAW,SAAS,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,SAAS;AAAA,QACP,iBAAiB,QAAQ,UAAU,KAAK,KAAK;AAAA,QAC7C,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB,cAAcA;AAAA,MAChB,CAAC;AAAA,IACH,CAAC;AAED,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,2BAAsB,IAAI;AAEtC,sBAAkB;AAClB,eAAW;AAIX,YAAQ,IAAI,iEAA0D;AACtE,WAAO,SAAS,OAAO;AAAA,EAEzB,SAAS,OAAO;AACd,YAAQ,KAAK,+BAAqB,KAAK;AACvC,sBAAkB;AAClB,eAAW;AAEX,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAEA,SAAS,aAAa,WAAW,cAAc;AAC7C,UAAQ,IAAI,yBAAkB;AAC9B,QAAM,YAAY,GAAG,YAAY,iBAAiB,SAAS;AAC3D,SAAO,SAAS,OAAO;AACzB;AAEO,SAAS,iBAAiB;AA5JjC;AA6JE,QAAM,SAAS,IAAI,gBAAgB,OAAO,SAAS,MAAM;AACzD,QAAMC,eAAc,OAAO,IAAI,cAAc;AAC7C,QAAM,QAAQ,OAAO,IAAI,OAAO;AAEhC,UAAQ,IAAI,gCAAyB;AAAA,IACnC,gBAAgB,CAAC,CAACA;AAAA,IAClB;AAAA,EACF,CAAC;AAGD,MAAI,mBAAmB;AACrB,UAAM,gBAAgB,SAAS;AAC/B,QAAI,eAAe;AACjB,cAAQ,IAAI,6DAAwD;AACpE,aAAO;AAAA,IACT;AAEA,wBAAoB;AAAA,EACtB;AAEA,sBAAoB;AACpB,iBAAe,WAAW,aAAa;AACvC,iBAAe,WAAW,WAAW;AAErC,MAAI,OAAO;AACT,UAAM,mBAAmB,OAAO,IAAI,mBAAmB,KAAK;AAC5D,UAAM,IAAI,MAAM,0BAA0B,gBAAgB,EAAE;AAAA,EAC9D;AAEA,MAAIA,cAAa;AACf,aAASA,YAAW;AAKpB,UAAM,oBAAoB,OAAO,IAAI,eAAe;AACpD,QAAI,mBAAmB;AACrB,YAAM,EAAE,oBAAoB,IAAI,UAAU;AAC1C,YAAM,YAAY,OAAO,WAAW,iBAAe,YAAO,aAAP,mBAAiB,cAAa;AACjF,UAAI,uBAAuB,WAAW;AACpC,gBAAQ,IAAI,sDAA+C,sBAAsB,wBAAwB,eAAe,GAAG;AAC3H,wBAAgB,iBAAiB;AAAA,MACnC,OAAO;AACL,gBAAQ,IAAI,gFAAyE;AAAA,MACvF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,OAAO,QAAQ;AACnC,QAAI,aAAa,OAAO,cAAc;AACtC,QAAI,aAAa,OAAO,eAAe;AACvC,QAAI,aAAa,OAAO,OAAO;AAC/B,QAAI,aAAa,OAAO,OAAO;AAC/B,QAAI,aAAa,OAAO,mBAAmB;AAC3C,WAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,GAAG;AAEvC,YAAQ,IAAI,sDAAiD;AAC7D,WAAOA;AAAA,EACT;AAEA,QAAM,IAAI,MAAM,uCAAuC;AACzD;AAEO,SAAS,qBAAqB;AACnC,sBAAoB;AACtB;AAGA,IAAI,oBAAoB;AACxB,IAAI,iBAAiB;AAErB,eAAsB,eAAe;AACnC,QAAM,EAAE,WAAW,YAAY,IAAI,UAAU;AAG7C,MAAI,qBAAqB,gBAAgB;AACvC,YAAQ,IAAI,yDAAkD;AAC9D,WAAO;AAAA,EACT;AAEA,sBAAoB;AACpB,oBAAkB,YAAY;AAC5B,QAAI;AAEF,YAAM,qBAAqB,gBAAgB;AAE3C,cAAQ,IAAI,+BAAwB;AAAA,QAClC;AAAA,QACA,MAAM,aAAa,IAAI,WAAW;AAAA,QAClC,uBAAuB,CAAC,CAAC;AAAA,MAC3B,CAAC;AAGD,YAAM,iBAAiB;AAAA,QACrB,QAAQ;AAAA,QACR,aAAa;AAAA;AAAA,QACb,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF;AAGA,UAAI,oBAAoB;AACtB,uBAAe,QAAQ,iBAAiB,IAAI;AAC5C,uBAAe,OAAO,KAAK,UAAU,EAAE,cAAc,mBAAmB,CAAC;AAAA,MAC3E;AAEA,YAAM,WAAW,MAAM,MAAM,GAAG,WAAW,YAAY,SAAS,IAAI,cAAc;AAElF,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,gBAAQ,MAAM,gCAA2B,SAAS,QAAQ,SAAS;AACnE,cAAM,IAAI,MAAM,mBAAmB,SAAS,MAAM,EAAE;AAAA,MACtD;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,EAAE,cAAc,eAAe,kBAAkB,IAAI;AAE3D,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,MAAM,qCAAqC;AAAA,MACvD;AAGA,eAAS,YAAY;AAGrB,UAAI,mBAAmB;AACrB,wBAAgB,iBAAiB;AACjC,gBAAQ,IAAI,kDAA2C;AAAA,MACzD;AAEA,cAAQ,IAAI,qDAAgD;AAC5D,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,MAAM,+BAA0B,GAAG;AAE3C,iBAAW;AACX,wBAAkB;AAClB,YAAM;AAAA,IACR,UAAE;AACA,0BAAoB;AACpB,uBAAiB;AAAA,IACnB;AAAA,EACF,GAAG;AAEH,SAAO;AACT;AAEA,eAAsB,yBAAyB;AAC7C,MAAI;AACF,UAAM,EAAE,YAAY,IAAI,UAAU;AAClC,UAAM,QAAQ,SAAS;AAEvB,QAAI,CAAC,SAAS,CAAC,aAAa;AAC1B,aAAO;AAAA,IACT;AAEA,UAAM,WAAW,MAAM,MAAM,GAAG,WAAW,6BAA6B;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,iBAAiB,UAAU,KAAK;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AACA,YAAM,IAAI,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU,EAAE;AAAA,IACnE;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK,UAAU;AAAA,EACxB,SAAS,OAAO;AACd,YAAQ,KAAK,8BAA8B,MAAM,OAAO;AACxD,QAAI,MAAM,QAAQ,SAAS,KAAK,GAAG;AACjC,aAAO;AAAA,IACT;AACA,UAAM;AAAA,EACR;AACF;AAOA,IAAI,wBAAwB;AAC5B,IAAI,yBAAyB;AAC7B,IAAI,oBAAoB;AACxB,IAAI,0BAA0B,oBAAI,IAAI;AAG/B,SAAS,iBAAiB,UAAU;AACzC,MAAI,OAAO,aAAa,YAAY;AAClC,4BAAwB,IAAI,QAAQ;AAAA,EACtC;AACA,SAAO,MAAM,wBAAwB,OAAO,QAAQ;AACtD;AAGA,SAAS,qBAAqB,SAAS,mBAAmB;AACxD,UAAQ,IAAI,kCAA2B,MAAM;AAC7C,0BAAwB,QAAQ,cAAY;AAC1C,QAAI;AACF,eAAS,MAAM;AAAA,IACjB,SAAS,KAAK;AACZ,cAAQ,MAAM,mCAAmC,GAAG;AAAA,IACtD;AAAA,EACF,CAAC;AACH;AAKO,SAAS,wBAAwB;AACtC,QAAM,EAAE,wBAAwB,mBAAmB,IAAI,UAAU;AAEjE,MAAI,CAAC,wBAAwB;AAC3B,YAAQ,IAAI,mDAAyC;AACrD,WAAO;AAAA,EACT;AAGA,uBAAqB;AAErB,QAAM,QAAQ,SAAS;AACvB,MAAI,CAAC,OAAO;AACV,YAAQ,IAAI,yDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,QAAM,kBAAkB,mBAAmB,KAAK;AAEhD,MAAI,mBAAmB,GAAG;AACxB,YAAQ,IAAI,kEAAwD;AACpE,iBAAa,EAAE,MAAM,SAAO;AAC1B,cAAQ,MAAM,oCAA+B,GAAG;AAChD,2BAAqB,eAAe;AAAA,IACtC,CAAC;AACD,WAAO;AAAA,EACT;AAGA,QAAM,YAAY,KAAK,IAAI,GAAI,kBAAkB,kBAAmB,IAAI;AAExE,UAAQ,IAAI,6CAAsC,KAAK,MAAM,YAAY,GAAI,CAAC,uBAAuB,eAAe,IAAI;AAExH,0BAAwB,WAAW,YAAY;AAtZjD;AAuZI,QAAI;AACF,cAAQ,IAAI,6CAAsC;AAClD,YAAM,aAAa;AACnB,cAAQ,IAAI,8DAAyD;AAErE,4BAAsB;AAAA,IACxB,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAA+B,GAAG;AAGhD,YAAM,iBAAe,SAAI,YAAJ,mBAAa,kBAAiB;AACnD,YAAM,qBACJ,aAAa,SAAS,KAAK,KAC3B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,cAAc;AAEtC,UAAI,oBAAoB;AACtB,gBAAQ,IAAI,gEAAyD;AACrE,6BAAqB,uBAAuB;AAAA,MAC9C,OAAO;AAEL,gCAAwB,WAAW,MAAM,sBAAsB,GAAG,GAAK;AAAA,MACzE;AAAA,IACF;AAAA,EACF,GAAG,SAAS;AAEZ,SAAO;AACT;AAEO,SAAS,uBAAuB;AACrC,MAAI,uBAAuB;AACzB,iBAAa,qBAAqB;AAClC,4BAAwB;AACxB,YAAQ,IAAI,wCAA8B;AAAA,EAC5C;AACF;AAMO,SAAS,oBAAoB,WAAW;AAC7C,QAAM,EAAE,yBAAyB,2BAA2B,qBAAqB,IAAI,UAAU;AAE/F,MAAI,CAAC,yBAAyB;AAC5B,YAAQ,IAAI,oDAA0C;AACtD,WAAO;AAAA,EACT;AAGA,MAAI,aAAa,OAAO,cAAc,YAAY;AAChD,4BAAwB,IAAI,SAAS;AAAA,EACvC;AAGA,qBAAmB;AAEnB,QAAM,QAAQ,SAAS;AACvB,MAAI,CAAC,OAAO;AACV,YAAQ,IAAI,uDAA6C;AACzD,WAAO;AAAA,EACT;AAEA,UAAQ,IAAI,uDAA2C,4BAA4B,GAAI,IAAI;AAG3F,2BAAyB,YAAY,YAAY;AAC/C,QAAI;AACF,YAAM,eAAe,SAAS;AAC9B,UAAI,CAAC,cAAc;AACjB,gBAAQ,IAAI,oDAA0C;AACtD,2BAAmB;AACnB;AAAA,MACF;AAEA,cAAQ,IAAI,iCAA0B;AACtC,YAAM,UAAU,MAAM,uBAAuB;AAE7C,UAAI,CAAC,SAAS;AACZ,gBAAQ,IAAI,0CAAqC;AACjD,2BAAmB;AACnB,6BAAqB;AACrB,mBAAW;AACX,0BAAkB;AAClB,6BAAqB,iBAAiB;AAAA,MACxC,OAAO;AACL,gBAAQ,IAAI,4BAAuB;AAAA,MACrC;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,iDAAuC,MAAM,OAAO;AAAA,IAEnE;AAAA,EACF,GAAG,yBAAyB;AAG5B,MAAI,wBAAwB,OAAO,aAAa,aAAa;AAC3D,wBAAoB,YAAY;AAC9B,UAAI,SAAS,oBAAoB,WAAW;AAC1C,cAAM,eAAe,SAAS;AAC9B,YAAI,CAAC,aAAc;AAEnB,gBAAQ,IAAI,kDAAsC;AAClD,YAAI;AACF,gBAAM,UAAU,MAAM,uBAAuB;AAC7C,cAAI,CAAC,SAAS;AACZ,oBAAQ,IAAI,6CAAwC;AACpD,+BAAmB;AACnB,iCAAqB;AACrB,uBAAW;AACX,8BAAkB;AAClB,iCAAqB,8BAA8B;AAAA,UACrD;AAAA,QACF,SAAS,OAAO;AACd,kBAAQ,KAAK,yCAA+B,MAAM,OAAO;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AACA,aAAS,iBAAiB,oBAAoB,iBAAiB;AAAA,EACjE;AAEA,SAAO;AACT;AAEO,SAAS,qBAAqB;AACnC,MAAI,wBAAwB;AAC1B,kBAAc,sBAAsB;AACpC,6BAAyB;AACzB,YAAQ,IAAI,sCAA4B;AAAA,EAC1C;AAEA,MAAI,qBAAqB,OAAO,aAAa,aAAa;AACxD,aAAS,oBAAoB,oBAAoB,iBAAiB;AAClE,wBAAoB;AAAA,EACtB;AACF;AAKO,SAAS,qBAAqB,0BAA0B;AAC7D,UAAQ,IAAI,8EAAuE;AAEnF,wBAAsB;AACtB,sBAAoB,wBAAwB;AAE5C,SAAO;AAAA,IACL,SAAS,MAAM;AACb,2BAAqB;AACrB,yBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,sBAAsB;AACpC,uBAAqB;AACrB,qBAAmB;AACnB,0BAAwB,MAAM;AAC9B,UAAQ,IAAI,oCAA6B;AAC3C;;;ACtjBA,mBAAkB;AAKlB,IAAM,MAAM,aAAAC,QAAM,OAAO;AAAA,EACvB,iBAAiB;AACnB,CAAC;AAED,IAAI,aAAa,QAAQ,IAAI,CAACC,YAAW;AACvC,QAAM,gBAAgB,UAAU;AAEhC,MAAI,CAACA,QAAO,SAAS;AAEnB,IAAAA,QAAO,WAAU,+CAAe,gBAAe;AAAA,EACjD;AAEA,MAAI,CAACA,QAAO,SAAS;AACnB,IAAAA,QAAO,UAAU,CAAC;AAAA,EACpB;AAEA,OAAI,+CAAe,cAAa,CAACA,QAAO,QAAQ,cAAc,GAAG;AAC/D,IAAAA,QAAO,QAAQ,cAAc,IAAI,cAAc;AAAA,EACjD;AAEA,QAAM,QAAQ,SAAS;AACvB,MAAI,OAAO;AACT,IAAAA,QAAO,QAAQ,gBAAgB,UAAU,KAAK;AAAA,EAChD;AAEA,SAAOA;AACT,CAAC;AAED,IAAIC,kBAAiB;AAErB,IAAI,aAAa,SAAS;AAAA,EACxB,CAAC,aAAa;AAAA,EACd,OAAO,UAAU;AACf,UAAM,EAAE,UAAU,QAAAD,QAAO,IAAI,SAAS,CAAC;AAEvC,QAAI,CAAC,YAAY,CAACA,SAAQ;AACxB,aAAO,QAAQ,OAAO,KAAK;AAAA,IAC7B;AAEA,QAAI,SAAS,WAAW,OAAOA,QAAO,QAAQ;AAC5C,aAAO,QAAQ,OAAO,KAAK;AAAA,IAC7B;AAEA,IAAAA,QAAO,SAAS;AAEhB,QAAI,CAACC,iBAAgB;AACnB,MAAAA,kBAAiB,aAAe,EAC7B,KAAK,CAAC,aAAa;AAClB,QAAAA,kBAAiB;AACjB,YAAI,UAAU;AACZ,mBAAS,QAAQ;AAAA,QACnB;AACA,eAAO;AAAA,MACT,CAAC,EACA,MAAM,CAAC,iBAAiB;AACvB,QAAAA,kBAAiB;AACjB,mBAAW;AACX,cAAM;AAAA,MACR,CAAC;AAAA,IACL;AAEA,QAAI;AACF,YAAM,iBAAiB,MAAMA;AAE7B,UAAI,gBAAgB;AAClB,QAAAD,QAAO,QAAQ,gBAAgB,UAAU,cAAc;AACvD,eAAO,IAAIA,OAAM;AAAA,MACnB;AAAA,IACF,SAAS,YAAY;AACnB,aAAO,QAAQ,OAAO,UAAU;AAAA,IAClC;AAEA,WAAO,QAAQ,OAAO,KAAK;AAAA,EAC7B;AACF;AAEA,IAAI,kBAAkB,YAAY;AAlFlC;AAmFE,MAAI;AACF,UAAM,WAAW,MAAM,IAAI,IAAI,2BAA2B;AAC1D,WAAO,SAAS,KAAK;AAAA,EACvB,SAAS,KAAK;AACZ,UAAI,SAAI,aAAJ,mBAAc,YAAW,KAAK;AAChC,aAAO;AAAA,IACT;AACA,UAAM;AAAA,EACR;AACF;AAEA,IAAO,cAAQ;;;AC7Ff,IAAAE,qBAA0B;AAGnB,SAAS,YAAY,OAAO;AACjC,MAAI;AACF,eAAO,8BAAU,KAAK;AAAA,EACxB,SAAS,KAAK;AACZ,YAAQ,KAAK,yBAAyB,GAAG;AACzC,WAAO;AAAA,EACT;AACF;AAEO,SAAS,eAAe,OAAO,gBAAgB,IAAI;AACxD,QAAM,UAAU,YAAY,KAAK;AACjC,MAAI,CAAC,WAAW,CAAC,QAAQ,IAAK,QAAO;AACrC,QAAM,cAAc,KAAK,IAAI,IAAI;AACjC,SAAO,QAAQ,MAAM,cAAc;AACrC;AAIO,SAAS,kBAAkB;AAChC,QAAM,QAAQ,SAAS;AACvB,SAAO,CAAC,CAAC,SAAS,CAAC,eAAe,KAAK;AACzC;;;ACxBA,mBAAkE;AAW3D,IAAM,kBAAc,4BAAc;AAElC,SAAS,aAAa,EAAE,UAAU,iBAAiB,GAAG;AAC3D,QAAM,CAAC,OAAO,aAAa,QAAI,uBAAS,SAAS,CAAC;AAClD,QAAM,CAAC,MAAM,OAAO,QAAI,uBAAS,IAAI;AACrC,QAAM,CAAC,SAAS,UAAU,QAAI,uBAAS,CAAC,CAAC,KAAK;AAC9C,QAAM,CAAC,cAAc,eAAe,QAAI,uBAAS,IAAI;AACrD,QAAM,yBAAqB,qBAAO,IAAI;AAGtC,QAAM,uBAAuB,CAAC,WAAW;AACvC,YAAQ,IAAI,iDAA0C,MAAM;AAC5D,oBAAgB,KAAK;AACrB,YAAQ,IAAI;AACZ,kBAAc,IAAI;AAGlB,QAAI,oBAAoB,OAAO,qBAAqB,YAAY;AAC9D,uBAAiB,MAAM;AAAA,IACzB;AAAA,EACF;AAGA,8BAAU,MAAM;AACd,QAAI,SAAS,CAAC,mBAAmB,SAAS;AACxC,cAAQ,IAAI,mDAA4C;AAGxD,YAAM,cAAc,iBAAiB,oBAAoB;AAGzD,yBAAmB,UAAU,qBAAqB,oBAAoB;AAEtE,aAAO,MAAM;AACX,oBAAY;AACZ,YAAI,mBAAmB,SAAS;AAC9B,6BAAmB,QAAQ,QAAQ;AACnC,6BAAmB,UAAU;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAGA,QAAI,CAAC,SAAS,mBAAmB,SAAS;AACxC,yBAAmB,QAAQ,QAAQ;AACnC,yBAAmB,UAAU;AAAA,IAC/B;AAAA,EACF,GAAG,CAAC,KAAK,CAAC;AAEV,8BAAU,MAAM;AACd,YAAQ,IAAI,+CAAwC;AAAA,MAClD,UAAU,CAAC,CAAC;AAAA,MACZ,aAAa,+BAAO;AAAA,IACtB,CAAC;AAED,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,4DAAkD;AAC9D,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,UAAM,EAAE,YAAY,IAAI,UAAU;AAClC,QAAI,CAAC,aAAa;AAChB,cAAQ,KAAK,yCAAyC;AACtD,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,YAAQ,IAAI,0DAAmD;AAAA,MAC7D;AAAA,MACA,cAAc,MAAM,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC,CAAC;AAED,UAAM,GAAG,WAAW,oBAAoB;AAAA,MACtC,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG;AAAA,MAC5C,aAAa;AAAA,IACf,CAAC,EACE,KAAK,SAAO;AACX,cAAQ,IAAI,sCAA+B,IAAI,MAAM;AACrD,UAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,sBAAsB;AACnD,aAAO,IAAI,KAAK;AAAA,IAClB,CAAC,EACA,KAAK,cAAY;AAChB,cAAQ,IAAI,wCAAmC,SAAS,KAAK;AAC7D,cAAQ,QAAQ;AAChB,sBAAgB,IAAI;AACpB,iBAAW,KAAK;AAAA,IAClB,CAAC,EACA,MAAM,SAAO;AACZ,cAAQ,MAAM,4BAAuB,GAAG;AACxC,iBAAW;AACX,oBAAc,IAAI;AAClB,cAAQ,IAAI;AACZ,iBAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACL,GAAG,CAAC,KAAK,CAAC;AAEV,QAAMC,SAAQ,CAAC,WAAW,aAAa,UAAU;AAC/C,UAAU,WAAW,aAAa,KAAK;AAAA,EACzC;AAEA,QAAMC,UAAS,MAAM;AAEnB,wBAAoB;AACpB,uBAAmB,UAAU;AAE7B,WAAW;AACX,YAAQ,IAAI;AACZ,kBAAc,IAAI;AAClB,oBAAgB,IAAI;AAAA,EACtB;AAEA,QAAM,QAAQ;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAAD;AAAA,IACA,QAAAC;AAAA,IACA,iBAAiB,CAAC,CAAC,SAAS,CAAC,CAAC,QAAQ;AAAA,IACtC;AAAA,IACA;AAAA,IACA,UAAU,CAAC,aAAa;AACtB,eAAS,QAAQ;AACjB,oBAAc,QAAQ;AACtB,sBAAgB,IAAI;AAAA,IACtB;AAAA,IACA,YAAY,MAAM;AAChB,0BAAoB;AACpB,yBAAmB,UAAU;AAC7B,iBAAW;AACX,oBAAc,IAAI;AAClB,cAAQ,IAAI;AAAA,IACd;AAAA,EACF;AAEA,SAAO,6BAAAC,QAAA,cAAC,YAAY,UAAZ,EAAqB,SAAe,QAAS;AACvD;;;ACpJA,IAAAC,gBAA2B;AAGpB,SAAS,UAAU;AACxB,QAAM,cAAU,0BAAW,WAAW;AACtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,SAAO;AACT;;;ACPA,yBAAyC;AACzC,IAAAC,gBAAuC;AAkBhC,IAAM,oBAAoB,CAAC,UAAU,CAAC,MAAM;AArBnD;AAsBE,QAAM,kBAAc,mCAAe;AAEnC,QAAM;AAAA,IACJ,UAAU;AAAA,IACV,kBAAkB,IAAI,KAAK;AAAA;AAAA,IAC3B,kBAAAC;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAGJ,QAAM,oBAAgB,2BAAY,MAAM;AACtC,YAAQ,IAAI,uDAAgD;AAG5D,gBAAY,MAAM;AAGlB,QAAI,YAAY;AACd,WAAK,WAAW;AAChB,WAAK,kBAAkB;AAAA,IACzB;AAGA,QAAIA,mBAAkB;AACpB,MAAAA,kBAAiB;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,aAAa,YAAYA,iBAAgB,CAAC;AAG9C,QAAM,YAAQ,6BAAS;AAAA,IACrB,UAAU,CAAC,oBAAoB;AAAA,IAC/B,SAAS,YAAY;AACnB,UAAI;AACF,cAAM,QAAQ,KAAK,SAAS;AAC5B,YAAI,CAAC,OAAO;AACV,iBAAO,EAAE,OAAO,OAAO,QAAQ,WAAW;AAAA,QAC5C;AAEA,gBAAQ,IAAI,oDAA6C;AACzD,cAAM,UAAU,MAAM,KAAK,uBAAuB;AAElD,YAAI,CAAC,SAAS;AACZ,kBAAQ,IAAI,mDAA8C;AAC1D,wBAAc;AACd,iBAAO,EAAE,OAAO,OAAO,QAAQ,kBAAkB;AAAA,QACnD;AAEA,gBAAQ,IAAI,+CAA0C;AACtD,eAAO,EAAE,OAAO,KAAK;AAAA,MACvB,SAAS,OAAO;AACd,gBAAQ,MAAM,qDAA2C,KAAK;AAC9D,YAAI,SAAS;AACX,kBAAQ,KAAK;AAAA,QACf;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,SAAS,WAAW,CAAC,CAAC,KAAK,SAAS;AAAA,IACpC;AAAA,IACA,6BAA6B;AAAA,IAC7B,OAAO;AAAA,IACP,YAAY;AAAA,IACZ,WAAW,kBAAkB;AAAA;AAAA,EAC/B,CAAC;AAGD,+BAAU,MAAM;AACd,QAAI,CAAC,QAAS;AAEd,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,aAAa,KAAK,SAAS,GAAG;AAC7D,gBAAQ,IAAI,wEAA4D;AACxE,oBAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,MACpE;AAAA,IACF;AAEA,aAAS,iBAAiB,oBAAoB,sBAAsB;AACpE,WAAO,MAAM;AACX,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,SAAS,WAAW,CAAC;AAGzB,+BAAU,MAAM;AACd,QAAI,mBAAmB,WAAW,KAAK,SAAS,GAAG;AACjD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,IACpE;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,WAAW,CAAC;AAE1C,SAAO;AAAA,IACL,GAAG;AAAA,IACH,kBAAgB,WAAM,SAAN,mBAAY,UAAS;AAAA,IACrC,qBAAoB,WAAM,SAAN,mBAAY;AAAA,IAChC,gBAAgB,MAAM,YAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,EAC1F;AACF;;;ARnFO,IAAM,OAAO;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA,mBAAmB,MAAM;AACvB,YAAQ,KAAK,iHAAuG;AACpH,UAAM,WAAW,YAAY,YAAY;AACvC,YAAM,QAAQ,SAAS;AACvB,UAAI,SAAS,eAAe,OAAO,GAAG,GAAG;AACvC,YAAI;AACF,gBAAM,aAAa;AACnB,kBAAQ,IAAI,mCAA4B;AAAA,QAC1C,SAAS,KAAK;AACZ,kBAAQ,MAAM,wBAAwB,GAAG;AACzC,wBAAc,QAAQ;AAAA,QACxB;AAAA,MACF;AAAA,IACF,GAAG,GAAK;AACR,WAAO;AAAA,EACT;AACF;","names":["refreshToken","accessToken","axios","config","refreshPromise","import_jwt_decode","login","logout","React","import_react","import_react","onSessionInvalid"]}
|
|
1
|
+
{"version":3,"sources":["../index.js","../token.js","../config.js","../core.js","../api.js","../utils/jwt.js","../react/AuthProvider.jsx","../react/useAuth.js","../react/useSessionMonitor.js"],"sourcesContent":["// auth-client/index.js\nimport { setConfig, getConfig, isRouterMode } from './config';\nimport {\n login,\n logout,\n handleCallback,\n refreshToken,\n resetCallbackState,\n validateCurrentSession,\n // Session Security Functions\n startProactiveRefresh,\n stopProactiveRefresh,\n startSessionMonitor,\n stopSessionMonitor,\n startSessionSecurity,\n stopSessionSecurity,\n onSessionInvalid\n} from './core';\nimport {\n getToken,\n setToken,\n clearToken,\n setRefreshToken,\n getRefreshToken,\n clearRefreshToken,\n addTokenListener,\n removeTokenListener,\n getListenerCount,\n // Token Expiry Utilities\n getTokenExpiryTime,\n getTimeUntilExpiry,\n willExpireSoon\n} from './token';\nimport api from './api';\nimport { decodeToken, isTokenExpired, isAuthenticated } from './utils/jwt';\n\nexport const auth = {\n // π§ Config\n setConfig,\n getConfig,\n isRouterMode,\n\n // π Core flows\n login,\n logout,\n handleCallback,\n refreshToken,\n resetCallbackState,\n validateCurrentSession,\n\n // π Token management\n getToken,\n setToken,\n clearToken,\n setRefreshToken, // β
Refresh token for HTTP dev\n getRefreshToken,\n clearRefreshToken,\n addTokenListener, // β
Export new functions\n removeTokenListener,\n getListenerCount, // β
Debug function\n\n // π Authenticated API client\n api,\n\n // π§ͺ Utilities\n decodeToken,\n isTokenExpired,\n isAuthenticated,\n\n // β±οΈ Token Expiry Utilities (NEW)\n getTokenExpiryTime, // Get token expiry as Date object\n getTimeUntilExpiry, // Get seconds until token expires\n willExpireSoon, // Check if token expires within N seconds\n\n // π Session Security (NEW - Short-lived tokens + Periodic validation)\n startProactiveRefresh, // Start proactive token refresh before expiry\n stopProactiveRefresh, // Stop proactive refresh\n startSessionMonitor, // Start periodic session validation\n stopSessionMonitor, // Stop session validation\n startSessionSecurity, // Start both proactive refresh AND session monitoring\n stopSessionSecurity, // Stop all session security\n onSessionInvalid, // Register callback for session invalidation\n\n // π Legacy auto-refresh (DEPRECATED - use startSessionSecurity instead)\n startTokenRefresh: () => {\n console.warn('β οΈ startTokenRefresh is deprecated. Use startSessionSecurity() instead for better session management.');\n const interval = setInterval(async () => {\n const token = getToken();\n if (token && isTokenExpired(token, 300)) {\n try {\n await refreshToken();\n console.log('π Auto-refresh successful');\n } catch (err) {\n console.error('Auto-refresh failed:', err);\n clearInterval(interval);\n }\n }\n }, 60000);\n return interval;\n }\n};\n\nexport { AuthProvider } from './react/AuthProvider';\nexport { useAuth } from './react/useAuth';\nexport { useSessionMonitor } from './react/useSessionMonitor';\n\n","// auth-client/token.js - MINIMAL WORKING VERSION\n\nimport { jwtDecode } from 'jwt-decode';\n\nlet accessToken = null;\nconst listeners = new Set();\n\nconst REFRESH_COOKIE = 'account_refresh_token';\nconst COOKIE_MAX_AGE = 7 * 24 * 60 * 60;\n\nfunction secureAttribute() {\n try {\n return typeof window !== 'undefined' && window.location?.protocol === 'https:'\n ? '; Secure'\n : '';\n } catch (err) {\n return '';\n }\n}\n\n// ========== ACCESS TOKEN ==========\nfunction writeAccessToken(token) {\n if (!token) {\n try {\n localStorage.removeItem('authToken');\n } catch (err) {\n console.warn('Could not clear token from localStorage:', err);\n }\n return;\n }\n\n try {\n localStorage.setItem('authToken', token);\n } catch (err) {\n console.warn('Could not persist token to localStorage:', err);\n }\n}\n\nfunction readAccessToken() {\n try {\n return localStorage.getItem('authToken');\n } catch (err) {\n console.warn('Could not read token from localStorage:', err);\n return null;\n }\n}\n\n// ========== REFRESH TOKEN (KEEP SIMPLE) ==========\n// export function setRefreshToken(token) {\n// if (!token) {\n// clearRefreshToken();\n// return;\n// }\n\n// const expires = new Date(Date.now() + COOKIE_MAX_AGE * 1000);\n\n// try {\n// document.cookie = `${REFRESH_COOKIE}=${encodeURIComponent(token)}; Path=/; SameSite=Lax${secureAttribute()}; Expires=${expires.toUTCString()}`;\n// } catch (err) {\n// console.warn('Could not set refresh token:', err);\n// }\n// }\n\n// export function getRefreshToken() {\n// try {\n// const match = document.cookie\n// ?.split('; ')\n// ?.find((row) => row.startsWith(`${REFRESH_COOKIE}=`));\n\n// if (match) {\n// return decodeURIComponent(match.split('=')[1]);\n// }\n// } catch (err) {\n// console.warn('Could not read refresh token:', err);\n// }\n\n// return null;\n// }\n\n// export function clearRefreshToken() {\n// try {\n// document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Lax${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n// } catch (err) {\n// console.warn('Could not clear refresh token:', err);\n// }\n// }\n\n// ========== ACCESS TOKEN FUNCTIONS ==========\nfunction decode(token) {\n try {\n return jwtDecode(token);\n } catch (err) {\n return null;\n }\n}\n\nfunction isExpired(token, bufferSeconds = 60) {\n if (!token) return true;\n const decoded = decode(token);\n if (!decoded?.exp) return true;\n const now = Date.now() / 1000;\n return decoded.exp < now + bufferSeconds;\n}\n\n// ========== TOKEN EXPIRY UTILITIES ==========\n// Get the exact expiry time of a token as a Date object\nexport function getTokenExpiryTime(token) {\n if (!token) return null;\n const decoded = decode(token);\n if (!decoded?.exp) return null;\n return new Date(decoded.exp * 1000);\n}\n\n// Get seconds until token expires (negative if already expired)\nexport function getTimeUntilExpiry(token) {\n if (!token) return -1;\n const decoded = decode(token);\n if (!decoded?.exp) return -1;\n const now = Date.now() / 1000;\n return Math.floor(decoded.exp - now);\n}\n\n// Check if token will expire within the next N seconds\nexport function willExpireSoon(token, withinSeconds = 60) {\n const timeLeft = getTimeUntilExpiry(token);\n return timeLeft >= 0 && timeLeft <= withinSeconds;\n}\n\nexport function setToken(token) {\n const previousToken = accessToken;\n accessToken = token || null;\n writeAccessToken(accessToken);\n\n if (previousToken !== accessToken) {\n listeners.forEach((listener) => {\n try {\n listener(accessToken, previousToken);\n } catch (err) {\n console.warn('Token listener error:', err);\n }\n });\n }\n}\n\nexport function getToken() {\n if (accessToken) return accessToken;\n accessToken = readAccessToken();\n return accessToken;\n}\n\nexport function clearToken() {\n if (!accessToken) {\n writeAccessToken(null);\n clearRefreshToken();\n return;\n }\n\n const previousToken = accessToken;\n accessToken = null;\n writeAccessToken(null);\n clearRefreshToken();\n\n listeners.forEach((listener) => {\n try {\n listener(null, previousToken);\n } catch (err) {\n console.warn('Token listener error:', err);\n }\n });\n}\n\n// ========== REFRESH TOKEN STORAGE ==========\n// By default:\n// HTTP β localStorage (cookies don't work cross-origin in dev)\n// HTTPS β httpOnly cookies (secure, managed by server)\n// When persistRefreshToken is enabled:\n// Always use localStorage (for local HTTPS with mkcert/self-signed certs)\nconst REFRESH_TOKEN_KEY = 'auth_refresh_token';\n\n// β
Persistence flag - controlled by config.persistRefreshToken\nlet _persistRefreshToken = false;\n\nexport function enableRefreshTokenPersistence(enabled) {\n _persistRefreshToken = !!enabled;\n console.log(`π§ Refresh token persistence: ${_persistRefreshToken ? 'ENABLED' : 'DISABLED'}`);\n}\n\nfunction shouldUseLocalStorage() {\n // If persistence is forced, always use localStorage\n if (_persistRefreshToken) return true;\n // Otherwise, only use localStorage on HTTP (dev mode)\n try {\n return typeof window !== 'undefined' &&\n window.location?.protocol === 'http:';\n } catch (err) {\n return false;\n }\n}\n\nexport function setRefreshToken(token) {\n if (!token) {\n clearRefreshToken();\n return;\n }\n\n if (shouldUseLocalStorage()) {\n try {\n localStorage.setItem(REFRESH_TOKEN_KEY, token);\n console.log(`π¦ Refresh token stored in localStorage (${_persistRefreshToken ? 'persistence enabled' : 'HTTP dev mode'})`);\n } catch (err) {\n console.warn('Could not store refresh token:', err);\n }\n } else {\n // HTTPS without persistence: refresh token is in httpOnly cookie only\n console.log('π Refresh token managed by server httpOnly cookie (production mode)');\n }\n}\n\nexport function getRefreshToken() {\n if (shouldUseLocalStorage()) {\n try {\n const token = localStorage.getItem(REFRESH_TOKEN_KEY);\n return token;\n } catch (err) {\n console.warn('Could not read refresh token:', err);\n return null;\n }\n }\n\n // HTTPS without persistence: refresh token is in httpOnly cookie (not accessible via JS)\n // The refresh endpoint uses credentials: 'include' to send the cookie\n return null;\n}\n\nexport function clearRefreshToken() {\n // Clear localStorage (for HTTP dev)\n try {\n localStorage.removeItem(REFRESH_TOKEN_KEY);\n } catch (err) {\n // Ignore\n }\n\n // Clear cookie (for production)\n try {\n document.cookie = `${REFRESH_COOKIE}=; Path=/; SameSite=Strict${secureAttribute()}; Expires=Thu, 01 Jan 1970 00:00:00 GMT`;\n } catch (err) {\n console.warn('Could not clear refresh token cookie:', err);\n }\n\n // Clear sessionStorage\n try {\n sessionStorage.removeItem(REFRESH_COOKIE);\n } catch (err) {\n // Ignore\n }\n}\n\nexport function addTokenListener(listener) {\n if (typeof listener !== 'function') {\n throw new Error('Token listener must be a function');\n }\n listeners.add(listener);\n return () => {\n listeners.delete(listener);\n };\n}\n\nexport function removeTokenListener(listener) {\n listeners.delete(listener);\n}\n\nexport function getListenerCount() {\n return listeners.size;\n}\n\nexport function isAuthenticated() {\n const token = getToken();\n return !!token && !isExpired(token, 15);\n}\n\n\n\n","// auth-client/config.js\nimport { enableRefreshTokenPersistence } from './token';\n\n// ========== SESSION SECURITY CONFIGURATION ==========\n// These settings control how the auth-client handles token refresh and session validation\n// to ensure deleted sessions in Keycloak are detected quickly.\n\nlet config = {\n clientKey: null,\n authBaseUrl: null,\n redirectUri: null,\n accountUiUrl: null,\n isRouter: false, // β
Add router flag\n\n // ========== SESSION SECURITY SETTINGS ==========\n // Buffer time (in seconds) before token expiry to trigger proactive refresh\n // With 5-minute access tokens, refreshing 60s before expiry ensures seamless UX\n tokenRefreshBuffer: 60,\n\n // Interval (in milliseconds) for periodic session validation\n // Validates that the session still exists in Keycloak (not deleted by admin)\n // Default: 15 minutes (900000ms) - Increased from 2m to avoid frequent checks\n sessionValidationInterval: 15 * 60 * 1000,\n\n // Enable/disable periodic session validation\n // When enabled, the client will ping the server to verify session is still active\n enableSessionValidation: true,\n\n // Enable/disable proactive token refresh\n // When enabled, tokens are refreshed before they expire (using tokenRefreshBuffer)\n enableProactiveRefresh: true,\n\n // Validate session when browser tab becomes visible again\n // Catches session deletions that happened while the tab was inactive\n validateOnVisibility: true,\n\n // ========== REFRESH TOKEN PERSISTENCE ==========\n // When true, stores refresh token in localStorage even on HTTPS\n // Required for local dev with mkcert/self-signed certs where httpOnly cookies\n // may not work reliably across origins\n // β οΈ In true production, set to false and rely on httpOnly cookies\n persistRefreshToken: false,\n};\n\nexport function setConfig(customConfig = {}) {\n if (!customConfig.clientKey || !customConfig.authBaseUrl) {\n throw new Error('Missing required config: clientKey and authBaseUrl are required');\n }\n\n config = {\n ...config,\n ...customConfig,\n redirectUri: customConfig.redirectUri || window.location.origin + '/callback',\n // β
Auto-detect router mode\n isRouter: customConfig.isRouter || customConfig.clientKey === 'account-ui'\n };\n\n // β
Wire persistRefreshToken to token.js\n if (config.persistRefreshToken) {\n enableRefreshTokenPersistence(true);\n console.log('π¦ Refresh token persistence ENABLED (localStorage on HTTPS)');\n }\n\n console.log(`π§ Auth Client Mode: ${config.isRouter ? 'ROUTER' : 'CLIENT'}`, {\n clientKey: config.clientKey,\n isRouter: config.isRouter,\n persistRefreshToken: config.persistRefreshToken\n });\n}\n\nexport function getConfig() {\n return { ...config };\n}\n\n// β
Helper function\nexport function isRouterMode() {\n return config.isRouter;\n}\n","// auth-client/core.js - MINIMAL WORKING VERSION\n\nimport {\n setToken,\n clearToken,\n getToken,\n setRefreshToken,\n getRefreshToken,\n clearRefreshToken,\n getTimeUntilExpiry,\n} from './token';\nimport { getConfig, isRouterMode } from './config';\n\nlet callbackProcessed = false;\n\nexport function login(clientKeyArg, redirectUriArg) {\n // β
Reset callback state when starting new login\n resetCallbackState();\n\n const {\n clientKey: defaultClientKey,\n authBaseUrl,\n redirectUri: defaultRedirectUri,\n accountUiUrl\n } = getConfig();\n\n const clientKey = clientKeyArg || defaultClientKey;\n const redirectUri = redirectUriArg || defaultRedirectUri;\n\n console.log('π Smart Login initiated:', {\n mode: isRouterMode() ? 'ROUTER' : 'CLIENT',\n clientKey,\n redirectUri\n });\n\n if (!clientKey || !redirectUri) {\n throw new Error('Missing clientKey or redirectUri');\n }\n\n sessionStorage.setItem('originalApp', clientKey);\n sessionStorage.setItem('returnUrl', redirectUri);\n\n if (isRouterMode()) {\n // Router mode: Direct backend authentication\n return routerLogin(clientKey, redirectUri);\n } else {\n // Client mode: Redirect to centralized login\n return clientLogin(clientKey, redirectUri);\n }\n}\n\n// β
Router mode: Direct backend call\nfunction routerLogin(clientKey, redirectUri) {\n const { authBaseUrl } = getConfig();\n\n const params = new URLSearchParams();\n if (redirectUri) {\n params.append('redirect_uri', redirectUri);\n }\n const query = params.toString();\n const backendLoginUrl = `${authBaseUrl}/login/${clientKey}${query ? `?${query}` : ''}`;\n\n console.log('π Router Login: Direct backend authentication', {\n clientKey,\n redirectUri,\n backendUrl: backendLoginUrl\n });\n\n window.location.href = backendLoginUrl;\n}\n\n// β
Client mode: Centralized login\nfunction clientLogin(clientKey, redirectUri) {\n const { accountUiUrl } = getConfig();\n\n const params = new URLSearchParams({\n client: clientKey\n });\n if (redirectUri) {\n params.append('redirect_uri', redirectUri);\n }\n const centralizedLoginUrl = `${accountUiUrl}/login?${params.toString()}`;\n\n console.log('π Client Login: Redirecting to centralized login', {\n clientKey,\n redirectUri,\n centralizedUrl: centralizedLoginUrl\n });\n\n window.location.href = centralizedLoginUrl;\n}\n\nexport function logout() {\n resetCallbackState();\n\n const { clientKey, authBaseUrl, accountUiUrl } = getConfig();\n const token = getToken();\n\n console.log('πͺ Smart Logout initiated');\n\n clearToken();\n clearRefreshToken();\n sessionStorage.removeItem('originalApp');\n sessionStorage.removeItem('returnUrl');\n\n if (isRouterMode()) {\n return routerLogout(clientKey, authBaseUrl, accountUiUrl, token);\n } else {\n return clientLogout(clientKey, accountUiUrl);\n }\n}\n\nasync function routerLogout(clientKey, authBaseUrl, accountUiUrl, token) {\n console.log('π Router Logout');\n\n const refreshToken = getRefreshToken();\n\n try {\n const response = await fetch(`${authBaseUrl}/logout/${clientKey}`, {\n method: 'POST',\n credentials: 'include',\n headers: {\n 'Authorization': token ? `Bearer ${token}` : '',\n 'Content-Type': 'application/json'\n },\n body: JSON.stringify({\n refreshToken: refreshToken\n })\n });\n\n const data = await response.json();\n console.log('β
Logout response:', data);\n\n clearRefreshToken();\n clearToken();\n\n // Skip Keycloak confirmation page - redirect directly to login\n // Backend has already revoked the session/tokens\n console.log('π Redirecting to login (skipping Keycloak confirmation)');\n window.location.href = '/login';\n\n } catch (error) {\n console.warn('β οΈ Logout failed:', error);\n clearRefreshToken();\n clearToken();\n // Still redirect to login even on error\n window.location.href = '/login';\n }\n}\n\nfunction clientLogout(clientKey, accountUiUrl) {\n console.log('π Client Logout');\n const logoutUrl = `${accountUiUrl}/login?client=${clientKey}&logout=true`;\n window.location.href = logoutUrl;\n}\n\nexport function handleCallback() {\n const params = new URLSearchParams(window.location.search);\n const accessToken = params.get('access_token');\n const error = params.get('error');\n\n console.log('π Callback handling:', {\n hasAccessToken: !!accessToken,\n error\n });\n\n // β
Prevent duplicate callback processing\n if (callbackProcessed) {\n const existingToken = getToken();\n if (existingToken) {\n console.log('β
Callback already processed, returning existing token');\n return existingToken;\n }\n // Reset if no token found (might be a retry)\n callbackProcessed = false;\n }\n\n callbackProcessed = true;\n sessionStorage.removeItem('originalApp');\n sessionStorage.removeItem('returnUrl');\n\n if (error) {\n const errorDescription = params.get('error_description') || error;\n throw new Error(`Authentication failed: ${errorDescription}`);\n }\n\n if (accessToken) {\n setToken(accessToken);\n\n // β
Store refresh token from URL when persistence is enabled OR in HTTP dev mode\n // When persistRefreshToken is true, we always store it (needed for local HTTPS with mkcert)\n // When false, only store on HTTP (HTTPS relies on httpOnly cookies from server)\n const refreshTokenInUrl = params.get('refresh_token');\n if (refreshTokenInUrl) {\n const { persistRefreshToken } = getConfig();\n const isHttpDev = typeof window !== 'undefined' && window.location?.protocol === 'http:';\n if (persistRefreshToken || isHttpDev) {\n console.log(`π¦ Storing refresh token from callback URL (${persistRefreshToken ? 'persistence enabled' : 'HTTP dev mode'})`);\n setRefreshToken(refreshTokenInUrl);\n } else {\n console.log('π HTTPS mode: Refresh token is in httpOnly cookie (ignoring URL param)');\n }\n }\n\n const url = new URL(window.location);\n url.searchParams.delete('access_token');\n url.searchParams.delete('refresh_token');\n url.searchParams.delete('state');\n url.searchParams.delete('error');\n url.searchParams.delete('error_description');\n window.history.replaceState({}, '', url);\n\n console.log('β
Callback processed successfully, token stored');\n return accessToken;\n }\n\n throw new Error('No access token found in callback URL');\n}\n\nexport function resetCallbackState() {\n callbackProcessed = false;\n}\n\n// β
Add refresh lock to prevent concurrent refresh calls\nlet refreshInProgress = false;\nlet refreshPromise = null;\n\nexport async function refreshToken() {\n const { clientKey, authBaseUrl } = getConfig();\n\n // β
Prevent concurrent refresh calls\n if (refreshInProgress && refreshPromise) {\n console.log('π Token refresh already in progress, waiting...');\n return refreshPromise;\n }\n\n refreshInProgress = true;\n refreshPromise = (async () => {\n try {\n // Get stored refresh token (for HTTP development)\n const storedRefreshToken = getRefreshToken();\n\n console.log('π Refreshing token:', {\n clientKey,\n mode: isRouterMode() ? 'ROUTER' : 'CLIENT',\n hasStoredRefreshToken: !!storedRefreshToken\n });\n\n // Build request options - send refresh token in body and header for HTTP dev\n const requestOptions = {\n method: 'POST',\n credentials: 'include', // β
Include httpOnly cookies (for HTTPS)\n headers: {\n 'Content-Type': 'application/json'\n }\n };\n\n // For HTTP development, send refresh token in body ONLY (header removed per user request)\n if (storedRefreshToken) {\n // requestOptions.headers['X-Refresh-Token'] = storedRefreshToken;\n requestOptions.body = JSON.stringify({ refreshToken: storedRefreshToken });\n console.log('π¦ Sending refresh token in body only (Header skipped) v3.0.2');\n }\n\n const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, requestOptions);\n\n if (!response.ok) {\n const errorText = await response.text();\n console.error('β Token refresh failed:', response.status, errorText);\n throw new Error(`Refresh failed: ${response.status}`);\n }\n\n const data = await response.json();\n const { access_token, refresh_token: new_refresh_token } = data;\n\n if (!access_token) {\n throw new Error('No access token in refresh response');\n }\n\n // β
This will trigger token listeners\n setToken(access_token);\n\n // β
Store new refresh token if provided (token rotation)\n if (new_refresh_token) {\n setRefreshToken(new_refresh_token);\n console.log('π New refresh token stored from rotation');\n }\n\n console.log('β
Token refresh successful, listeners notified');\n return access_token;\n } catch (err) {\n console.error('β Token refresh error:', err);\n // β
This will trigger token listeners\n clearToken();\n clearRefreshToken();\n throw err;\n } finally {\n refreshInProgress = false;\n refreshPromise = null;\n }\n })();\n\n return refreshPromise;\n}\n\nexport async function validateCurrentSession() {\n try {\n const { authBaseUrl } = getConfig();\n const token = getToken();\n\n if (!token || !authBaseUrl) {\n return false;\n }\n\n const response = await fetch(`${authBaseUrl}/account/validate-session`, {\n method: 'GET',\n headers: {\n 'Authorization': `Bearer ${token}`,\n 'Content-Type': 'application/json'\n },\n credentials: 'include'\n });\n\n if (!response.ok) {\n if (response.status === 401) {\n return false;\n }\n throw new Error(`HTTP ${response.status}: ${response.statusText}`);\n }\n\n const data = await response.json();\n return data.valid === true;\n } catch (error) {\n console.warn('Session validation failed:', error.message);\n if (error.message.includes('401')) {\n return false;\n }\n throw error;\n }\n}\n\n// ========== SESSION SECURITY: PROACTIVE REFRESH & VALIDATION ==========\n// These functions ensure that:\n// 1. Tokens are refreshed before they expire (proactive refresh)\n// 2. Sessions deleted in Keycloak Admin UI are detected quickly (periodic validation)\n\nlet proactiveRefreshTimer = null;\nlet sessionValidationTimer = null;\nlet visibilityHandler = null;\nlet sessionInvalidCallbacks = new Set();\n\n// Register a callback to be called when session is invalidated\nexport function onSessionInvalid(callback) {\n if (typeof callback === 'function') {\n sessionInvalidCallbacks.add(callback);\n }\n return () => sessionInvalidCallbacks.delete(callback);\n}\n\n// Notify all registered callbacks that session is invalid\nfunction notifySessionInvalid(reason = 'session_deleted') {\n console.log('π¨ Session invalidated:', reason);\n sessionInvalidCallbacks.forEach(callback => {\n try {\n callback(reason);\n } catch (err) {\n console.error('Session invalid callback error:', err);\n }\n });\n}\n\n// ========== PROACTIVE TOKEN REFRESH ==========\n// Schedules token refresh before expiry to ensure seamless UX\n\nexport function startProactiveRefresh() {\n const { enableProactiveRefresh, tokenRefreshBuffer } = getConfig();\n\n if (!enableProactiveRefresh) {\n console.log('βΈοΈ Proactive refresh disabled by config');\n return null;\n }\n\n // Clear any existing timer\n stopProactiveRefresh();\n\n const token = getToken();\n if (!token) {\n console.log('βΈοΈ No token, skipping proactive refresh setup');\n return null;\n }\n\n const timeUntilExpiry = getTimeUntilExpiry(token);\n\n if (timeUntilExpiry <= 0) {\n console.log('β οΈ Token already expired, attempting immediate refresh');\n refreshToken().catch(err => {\n console.error('β Immediate refresh failed:', err);\n notifySessionInvalid('token_expired');\n });\n return null;\n }\n\n // Schedule refresh for (expiry - buffer) seconds from now\n const refreshIn = Math.max(0, (timeUntilExpiry - tokenRefreshBuffer)) * 1000;\n\n console.log(`π Scheduling proactive refresh in ${Math.round(refreshIn / 1000)}s (token expires in ${timeUntilExpiry}s)`);\n\n proactiveRefreshTimer = setTimeout(async () => {\n try {\n console.log('π Proactive token refresh triggered');\n await refreshToken();\n console.log('β
Proactive refresh successful, scheduling next refresh');\n // Schedule next refresh after successful refresh\n startProactiveRefresh();\n } catch (err) {\n console.error('β Proactive refresh failed:', err);\n\n // Check if this is a permanent failure (token revoked, invalid, etc.)\n const errorMessage = err.message?.toLowerCase() || '';\n const isPermanentFailure =\n errorMessage.includes('401') ||\n errorMessage.includes('revoked') ||\n errorMessage.includes('invalid') ||\n errorMessage.includes('expired') ||\n errorMessage.includes('unauthorized');\n\n if (isPermanentFailure) {\n console.log('π¨ Token permanently invalid, triggering session expiry');\n notifySessionInvalid('refresh_token_revoked');\n } else {\n // Temporary failure (network issue), try again in 30 seconds\n proactiveRefreshTimer = setTimeout(() => startProactiveRefresh(), 30000);\n }\n }\n }, refreshIn);\n\n return proactiveRefreshTimer;\n}\n\nexport function stopProactiveRefresh() {\n if (proactiveRefreshTimer) {\n clearTimeout(proactiveRefreshTimer);\n proactiveRefreshTimer = null;\n console.log('βΉοΈ Proactive refresh stopped');\n }\n}\n\n// ========== PERIODIC SESSION VALIDATION ==========\n// Validates with server that session still exists in Keycloak\n// Catches session deletions from Keycloak Admin UI\n\nexport function startSessionMonitor(onInvalid) {\n const { enableSessionValidation, sessionValidationInterval, validateOnVisibility } = getConfig();\n\n if (!enableSessionValidation) {\n console.log('βΈοΈ Session validation disabled by config');\n return null;\n }\n\n // Register callback if provided\n if (onInvalid && typeof onInvalid === 'function') {\n sessionInvalidCallbacks.add(onInvalid);\n }\n\n // Clear any existing timer\n stopSessionMonitor();\n\n const token = getToken();\n if (!token) {\n console.log('βΈοΈ No token, skipping session monitor setup');\n return null;\n }\n\n console.log(`ποΈ Starting session monitor (interval: ${sessionValidationInterval / 1000}s)`);\n\n // Track when the tab was last hidden β used to decide if a full\n // server-side validation is warranted after the tab becomes visible.\n let hiddenAt = null;\n\n // ββ Periodic validation (catches admin-deleted sessions) ββ\n sessionValidationTimer = setInterval(async () => {\n try {\n const currentToken = getToken();\n if (!currentToken) {\n console.log('βΈοΈ No token, stopping session validation');\n stopSessionMonitor();\n return;\n }\n\n // If token is expired, refresh first so the validation call succeeds\n const ttl = getTimeUntilExpiry(currentToken);\n if (ttl <= 0) {\n console.log('οΏ½ Token expired before periodic check β refreshing');\n try {\n await refreshToken();\n } catch (refreshErr) {\n console.log('β Periodic refresh failed β session expired');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted');\n return;\n }\n }\n\n console.log('οΏ½π Validating session...');\n const isValid = await validateCurrentSession();\n\n if (!isValid) {\n console.log('β Session no longer valid on server');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted');\n } else {\n console.log('β
Session still valid');\n }\n } catch (error) {\n console.warn('β οΈ Session validation check failed:', error.message);\n // Don't invalidate on network errors - wait for next check\n }\n }, sessionValidationInterval);\n\n // ββ Visibility-based validation (smart, enterprise-grade) ββ\n if (validateOnVisibility && typeof document !== 'undefined') {\n visibilityHandler = async () => {\n // ββ Tab hidden: record timestamp ββ\n if (document.visibilityState === 'hidden') {\n hiddenAt = Date.now();\n return;\n }\n\n // ββ Tab visible: decide what to do ββ\n if (document.visibilityState === 'visible') {\n const currentToken = getToken();\n if (!currentToken) return;\n\n const ttl = getTimeUntilExpiry(currentToken);\n const hiddenDuration = hiddenAt ? Date.now() - hiddenAt : 0;\n hiddenAt = null;\n\n // ββ Case 1: Token still valid & tab was hidden briefly ββ\n // No network call needed β everything is fine.\n if (ttl > 0 && hiddenDuration < sessionValidationInterval) {\n console.log(`ποΈ Tab visible β token valid (${Math.round(ttl)}s left), hidden for ${Math.round(hiddenDuration / 1000)}s β skipping validation`);\n return;\n }\n\n // ββ Case 2: Token still valid BUT tab was hidden longer than validation interval ββ\n // Validate with server to catch admin-deleted sessions.\n if (ttl > 0 && hiddenDuration >= sessionValidationInterval) {\n console.log(`ποΈ Tab visible β token valid but hidden for ${Math.round(hiddenDuration / 1000)}s β server-validating`);\n try {\n const isValid = await validateCurrentSession();\n if (isValid) {\n console.log('β
Session confirmed valid on server');\n return;\n }\n // Server says invalid despite valid token β admin deleted session\n console.log('β Session deleted by admin while tab was hidden');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted_while_hidden');\n return;\n } catch (error) {\n // Network error β give benefit of the doubt, token is valid\n console.warn('β οΈ Server validation failed (network), token still valid β continuing');\n return;\n }\n }\n\n // ββ Case 3: Token expired (browser throttled the refresh timer) ββ\n // Try silent refresh β this is the most common case.\n console.log('β οΈ Token expired while tab was hidden β attempting silent refresh');\n try {\n await refreshToken();\n console.log('β
Token silently refreshed β session restored');\n\n // If hidden for a long time, also verify the session on server\n if (hiddenDuration >= sessionValidationInterval) {\n const isValid = await validateCurrentSession();\n if (!isValid) {\n console.log('β Token refreshed but session deleted on server');\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted_while_hidden');\n }\n }\n return;\n } catch (refreshErr) {\n console.log('β Silent refresh failed β session genuinely expired:', refreshErr.message);\n }\n\n // Both refresh AND validation failed β session truly dead\n stopSessionMonitor();\n stopProactiveRefresh();\n clearToken();\n clearRefreshToken();\n notifySessionInvalid('session_deleted_while_hidden');\n }\n };\n document.addEventListener('visibilitychange', visibilityHandler);\n }\n\n return sessionValidationTimer;\n}\n\nexport function stopSessionMonitor() {\n if (sessionValidationTimer) {\n clearInterval(sessionValidationTimer);\n sessionValidationTimer = null;\n console.log('βΉοΈ Session monitor stopped');\n }\n\n if (visibilityHandler && typeof document !== 'undefined') {\n document.removeEventListener('visibilitychange', visibilityHandler);\n visibilityHandler = null;\n }\n}\n\n// ========== COMBINED SESSION SECURITY ==========\n// Start both proactive refresh and session monitoring\n\nexport function startSessionSecurity(onSessionInvalidCallback) {\n console.log('π Starting session security (proactive refresh + session monitoring)');\n\n startProactiveRefresh();\n startSessionMonitor(onSessionInvalidCallback);\n\n return {\n stopAll: () => {\n stopProactiveRefresh();\n stopSessionMonitor();\n }\n };\n}\n\nexport function stopSessionSecurity() {\n stopProactiveRefresh();\n stopSessionMonitor();\n sessionInvalidCallbacks.clear();\n console.log('π Session security stopped');\n}\n\n","// auth-client/api.js\nimport axios from 'axios';\nimport { getConfig } from './config';\nimport { getToken, setToken, clearToken } from './token';\nimport { refreshToken as performRefresh } from './core';\n\nconst api = axios.create({\n withCredentials: true,\n});\n\napi.interceptors.request.use((config) => {\n const runtimeConfig = getConfig();\n\n if (!config.baseURL) {\n\n config.baseURL = runtimeConfig?.authBaseUrl || 'http://auth.local.test:4000/auth';\n }\n\n if (!config.headers) {\n config.headers = {};\n }\n\n if (runtimeConfig?.clientKey && !config.headers['X-Client-Key']) {\n config.headers['X-Client-Key'] = runtimeConfig.clientKey;\n }\n\n const token = getToken();\n if (token) {\n config.headers.Authorization = `Bearer ${token}`;\n }\n\n return config;\n});\n\nlet refreshPromise = null;\n\napi.interceptors.response.use(\n (response) => response,\n async (error) => {\n const { response, config } = error || {};\n\n if (!response || !config) {\n return Promise.reject(error);\n }\n\n if (response.status !== 401 || config._retry) {\n return Promise.reject(error);\n }\n\n config._retry = true;\n\n if (!refreshPromise) {\n refreshPromise = performRefresh()\n .then((newToken) => {\n refreshPromise = null;\n if (newToken) {\n setToken(newToken);\n }\n return newToken;\n })\n .catch((refreshError) => {\n refreshPromise = null;\n clearToken();\n throw refreshError;\n });\n }\n\n try {\n const refreshedToken = await refreshPromise;\n\n if (refreshedToken) {\n config.headers.Authorization = `Bearer ${refreshedToken}`;\n return api(config);\n }\n } catch (refreshErr) {\n return Promise.reject(refreshErr);\n }\n\n return Promise.reject(error);\n }\n);\n\napi.validateSession = async () => {\n try {\n const response = await api.get('/account/validate-session');\n return response.data.valid;\n } catch (err) {\n if (err.response?.status === 401) {\n return false;\n }\n throw err;\n }\n};\n\nexport default api;\n","// auth-client/utils/jwt.js\nimport { jwtDecode } from 'jwt-decode';\nimport { getToken } from '../token';\n\nexport function decodeToken(token) {\n try {\n return jwtDecode(token);\n } catch (err) {\n console.warn('Failed to decode JWT:', err);\n return null;\n }\n}\n\nexport function isTokenExpired(token, bufferSeconds = 60) {\n const decoded = decodeToken(token);\n if (!decoded || !decoded.exp) return true;\n const currentTime = Date.now() / 1000;\n return decoded.exp < currentTime + bufferSeconds;\n}\n\n\n// β
Check if user is authenticated\nexport function isAuthenticated() {\n const token = getToken();\n return !!token && !isTokenExpired(token);\n}\n\n","// auth-client/react/AuthProvider.jsx\nimport React, { createContext, useState, useEffect, useRef } from 'react';\nimport { getToken, setToken, clearToken } from '../token';\nimport { getConfig } from '../config';\nimport { \n login as coreLogin, \n logout as coreLogout,\n startSessionSecurity,\n stopSessionSecurity,\n onSessionInvalid\n} from '../core';\n\nexport const AuthContext = createContext();\n\nexport function AuthProvider({ children, onSessionExpired }) {\n const [token, setTokenState] = useState(getToken());\n const [user, setUser] = useState(null);\n const [loading, setLoading] = useState(!!token); // Loading if we have a token to validate\n const [sessionValid, setSessionValid] = useState(true);\n const sessionSecurityRef = useRef(null);\n\n // Handle session invalidation (from Keycloak admin deletion or expiry)\n const handleSessionInvalid = (reason) => {\n console.log('π¨ AuthProvider: Session invalidated -', reason);\n setSessionValid(false);\n setUser(null);\n setTokenState(null);\n \n // Call custom callback if provided\n if (onSessionExpired && typeof onSessionExpired === 'function') {\n onSessionExpired(reason);\n }\n };\n\n // Start session security on mount (when we have a token)\n useEffect(() => {\n if (token && !sessionSecurityRef.current) {\n console.log('π AuthProvider: Starting session security');\n \n // Register session invalid handler\n const unsubscribe = onSessionInvalid(handleSessionInvalid);\n \n // Start proactive refresh + session monitoring\n sessionSecurityRef.current = startSessionSecurity(handleSessionInvalid);\n \n return () => {\n unsubscribe();\n if (sessionSecurityRef.current) {\n sessionSecurityRef.current.stopAll();\n sessionSecurityRef.current = null;\n }\n };\n }\n \n // Cleanup when token is removed\n if (!token && sessionSecurityRef.current) {\n sessionSecurityRef.current.stopAll();\n sessionSecurityRef.current = null;\n }\n }, [token]);\n\n useEffect(() => {\n console.log('π AuthProvider useEffect triggered:', { \n hasToken: !!token, \n tokenLength: token?.length \n });\n \n if (!token) {\n console.log('β οΈ AuthProvider: No token, setting loading=false');\n setLoading(false);\n return;\n }\n \n const { authBaseUrl } = getConfig();\n if (!authBaseUrl) {\n console.warn('AuthProvider: No authBaseUrl configured');\n setLoading(false);\n return;\n }\n\n console.log('π AuthProvider: Fetching profile with token...', {\n authBaseUrl,\n tokenPreview: token.slice(0, 50) + '...'\n });\n\n fetch(`${authBaseUrl}/account/profile`, {\n headers: { Authorization: `Bearer ${token}` },\n credentials: 'include',\n })\n .then(res => {\n console.log('π₯ Profile response status:', res.status);\n if (!res.ok) throw new Error('Failed to fetch user');\n return res.json();\n })\n .then(userData => {\n console.log('β
Profile fetched successfully:', userData.email);\n setUser(userData);\n setSessionValid(true);\n setLoading(false);\n })\n .catch(err => {\n console.error('β Fetch user error:', err);\n clearToken();\n setTokenState(null);\n setUser(null);\n setLoading(false);\n });\n }, [token]);\n\n const login = (clientKey, redirectUri, state) => {\n coreLogin(clientKey, redirectUri, state);\n };\n\n const logout = () => {\n // Stop session security before logout\n stopSessionSecurity();\n sessionSecurityRef.current = null;\n \n coreLogout();\n setUser(null);\n setTokenState(null);\n setSessionValid(true);\n };\n\n const value = {\n token,\n user,\n loading,\n login,\n logout,\n isAuthenticated: !!token && !!user && sessionValid,\n sessionValid,\n setUser,\n setToken: (newToken) => {\n setToken(newToken);\n setTokenState(newToken);\n setSessionValid(true);\n },\n clearToken: () => {\n stopSessionSecurity();\n sessionSecurityRef.current = null;\n clearToken();\n setTokenState(null);\n setUser(null);\n },\n };\n\n return <AuthContext.Provider value={value}>{children}</AuthContext.Provider>;\n}\n\n","import { useContext } from 'react';\nimport { AuthContext } from './AuthProvider';\n\nexport function useAuth() {\n const context = useContext(AuthContext);\n if (!context) {\n throw new Error('useAuth must be used within an AuthProvider');\n }\n return context;\n}","// auth-client/react/useSessionMonitor.js\n// Enhanced session monitoring hook for detecting Keycloak admin session deletions\nimport { useQuery, useQueryClient } from '@tanstack/react-query';\nimport { useEffect, useCallback } from 'react';\nimport { auth } from '../index';\n\n/**\n * useSessionMonitor - React hook for periodic session validation\n * \n * This hook validates that the user's session still exists in Keycloak.\n * When an admin deletes a session from Keycloak Admin UI, this hook\n * will detect it and trigger the onSessionInvalid callback.\n * \n * @param {Object} options Configuration options\n * @param {boolean} options.enabled - Enable/disable monitoring (default: true)\n * @param {number} options.refetchInterval - Validation interval in ms (default: 120000 = 2 min)\n * @param {Function} options.onSessionInvalid - Callback when session is deleted\n * @param {Function} options.onError - Callback for validation errors\n * @param {boolean} options.autoLogout - Auto logout on invalid session (default: true)\n * @param {boolean} options.validateOnMount - Validate session immediately on mount (default: true)\n */\nexport const useSessionMonitor = (options = {}) => {\n const queryClient = useQueryClient();\n\n const {\n enabled = true,\n refetchInterval = 2 * 60 * 1000, // 2 minutes (matching config default)\n onSessionInvalid,\n onError,\n autoLogout = true,\n validateOnMount = true,\n } = options;\n\n // Handle session invalidation\n const handleInvalid = useCallback(() => {\n console.log('π¨ useSessionMonitor: Session invalid detected');\n\n // Clear all react-query cache\n queryClient.clear();\n\n // Auto logout if enabled\n if (autoLogout) {\n auth.clearToken();\n auth.clearRefreshToken();\n }\n\n // Call custom callback\n if (onSessionInvalid) {\n onSessionInvalid();\n }\n }, [queryClient, autoLogout, onSessionInvalid]);\n\n // Session validation query\n const query = useQuery({\n queryKey: ['session-validation'],\n queryFn: async () => {\n try {\n const token = auth.getToken();\n if (!token) {\n return { valid: false, reason: 'no_token' };\n }\n\n console.log('π useSessionMonitor: Validating session...');\n const isValid = await auth.validateCurrentSession();\n\n if (!isValid) {\n console.log('β useSessionMonitor: Session no longer valid');\n handleInvalid();\n return { valid: false, reason: 'session_deleted' };\n }\n\n console.log('β
useSessionMonitor: Session still valid');\n return { valid: true };\n } catch (error) {\n console.error('β οΈ useSessionMonitor: Validation error:', error);\n if (onError) {\n onError(error);\n }\n throw error;\n }\n },\n enabled: enabled && !!auth.getToken(),\n refetchInterval,\n refetchIntervalInBackground: true,\n retry: 2,\n retryDelay: 5000,\n staleTime: refetchInterval / 2, // Consider stale at half the interval\n });\n\n // Validate on visibility change (when user returns to tab)\n useEffect(() => {\n if (!enabled) return;\n\n const handleVisibilityChange = () => {\n if (document.visibilityState === 'visible' && auth.getToken()) {\n console.log('ποΈ useSessionMonitor: Tab visible - triggering validation');\n queryClient.invalidateQueries({ queryKey: ['session-validation'] });\n }\n };\n\n document.addEventListener('visibilitychange', handleVisibilityChange);\n return () => {\n document.removeEventListener('visibilitychange', handleVisibilityChange);\n };\n }, [enabled, queryClient]);\n\n // Validate immediately on mount if enabled\n useEffect(() => {\n if (validateOnMount && enabled && auth.getToken()) {\n queryClient.invalidateQueries({ queryKey: ['session-validation'] });\n }\n }, [validateOnMount, enabled, queryClient]);\n\n return {\n ...query,\n isSessionValid: query.data?.valid ?? true,\n invalidationReason: query.data?.reason,\n manualValidate: () => queryClient.invalidateQueries({ queryKey: ['session-validation'] }),\n };\n};\n\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEA,wBAA0B;AAE1B,IAAI,cAAc;AAClB,IAAM,YAAY,oBAAI,IAAI;AAE1B,IAAM,iBAAiB;AACvB,IAAM,iBAAiB,IAAI,KAAK,KAAK;AAErC,SAAS,kBAAkB;AAV3B;AAWE,MAAI;AACF,WAAO,OAAO,WAAW,iBAAe,YAAO,aAAP,mBAAiB,cAAa,WAClE,aACA;AAAA,EACN,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAGA,SAAS,iBAAiB,OAAO;AAC/B,MAAI,CAAC,OAAO;AACV,QAAI;AACF,mBAAa,WAAW,WAAW;AAAA,IACrC,SAAS,KAAK;AACZ,cAAQ,KAAK,4CAA4C,GAAG;AAAA,IAC9D;AACA;AAAA,EACF;AAEA,MAAI;AACF,iBAAa,QAAQ,aAAa,KAAK;AAAA,EACzC,SAAS,KAAK;AACZ,YAAQ,KAAK,4CAA4C,GAAG;AAAA,EAC9D;AACF;AAEA,SAAS,kBAAkB;AACzB,MAAI;AACF,WAAO,aAAa,QAAQ,WAAW;AAAA,EACzC,SAAS,KAAK;AACZ,YAAQ,KAAK,2CAA2C,GAAG;AAC3D,WAAO;AAAA,EACT;AACF;AA2CA,SAAS,OAAO,OAAO;AACrB,MAAI;AACF,eAAO,6BAAU,KAAK;AAAA,EACxB,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAYO,SAAS,mBAAmB,OAAO;AACxC,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,EAAC,mCAAS,KAAK,QAAO;AAC1B,SAAO,IAAI,KAAK,QAAQ,MAAM,GAAI;AACpC;AAGO,SAAS,mBAAmB,OAAO;AACxC,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,KAAK;AAC5B,MAAI,EAAC,mCAAS,KAAK,QAAO;AAC1B,QAAM,MAAM,KAAK,IAAI,IAAI;AACzB,SAAO,KAAK,MAAM,QAAQ,MAAM,GAAG;AACrC;AAGO,SAAS,eAAe,OAAO,gBAAgB,IAAI;AACxD,QAAM,WAAW,mBAAmB,KAAK;AACzC,SAAO,YAAY,KAAK,YAAY;AACtC;AAEO,SAAS,SAAS,OAAO;AAC9B,QAAM,gBAAgB;AACtB,gBAAc,SAAS;AACvB,mBAAiB,WAAW;AAE5B,MAAI,kBAAkB,aAAa;AACjC,cAAU,QAAQ,CAAC,aAAa;AAC9B,UAAI;AACF,iBAAS,aAAa,aAAa;AAAA,MACrC,SAAS,KAAK;AACZ,gBAAQ,KAAK,yBAAyB,GAAG;AAAA,MAC3C;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAEO,SAAS,WAAW;AACzB,MAAI,YAAa,QAAO;AACxB,gBAAc,gBAAgB;AAC9B,SAAO;AACT;AAEO,SAAS,aAAa;AAC3B,MAAI,CAAC,aAAa;AAChB,qBAAiB,IAAI;AACrB,sBAAkB;AAClB;AAAA,EACF;AAEA,QAAM,gBAAgB;AACtB,gBAAc;AACd,mBAAiB,IAAI;AACrB,oBAAkB;AAElB,YAAU,QAAQ,CAAC,aAAa;AAC9B,QAAI;AACF,eAAS,MAAM,aAAa;AAAA,IAC9B,SAAS,KAAK;AACZ,cAAQ,KAAK,yBAAyB,GAAG;AAAA,IAC3C;AAAA,EACF,CAAC;AACH;AAQA,IAAM,oBAAoB;AAG1B,IAAI,uBAAuB;AAEpB,SAAS,8BAA8B,SAAS;AACrD,yBAAuB,CAAC,CAAC;AACzB,UAAQ,IAAI,wCAAiC,uBAAuB,YAAY,UAAU,EAAE;AAC9F;AAEA,SAAS,wBAAwB;AA3LjC;AA6LE,MAAI,qBAAsB,QAAO;AAEjC,MAAI;AACF,WAAO,OAAO,WAAW,iBACvB,YAAO,aAAP,mBAAiB,cAAa;AAAA,EAClC,SAAS,KAAK;AACZ,WAAO;AAAA,EACT;AACF;AAEO,SAAS,gBAAgB,OAAO;AACrC,MAAI,CAAC,OAAO;AACV,sBAAkB;AAClB;AAAA,EACF;AAEA,MAAI,sBAAsB,GAAG;AAC3B,QAAI;AACF,mBAAa,QAAQ,mBAAmB,KAAK;AAC7C,cAAQ,IAAI,mDAA4C,uBAAuB,wBAAwB,eAAe,GAAG;AAAA,IAC3H,SAAS,KAAK;AACZ,cAAQ,KAAK,kCAAkC,GAAG;AAAA,IACpD;AAAA,EACF,OAAO;AAEL,YAAQ,IAAI,6EAAsE;AAAA,EACpF;AACF;AAEO,SAAS,kBAAkB;AAChC,MAAI,sBAAsB,GAAG;AAC3B,QAAI;AACF,YAAM,QAAQ,aAAa,QAAQ,iBAAiB;AACpD,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,KAAK,iCAAiC,GAAG;AACjD,aAAO;AAAA,IACT;AAAA,EACF;AAIA,SAAO;AACT;AAEO,SAAS,oBAAoB;AAElC,MAAI;AACF,iBAAa,WAAW,iBAAiB;AAAA,EAC3C,SAAS,KAAK;AAAA,EAEd;AAGA,MAAI;AACF,aAAS,SAAS,GAAG,cAAc,6BAA6B,gBAAgB,CAAC;AAAA,EACnF,SAAS,KAAK;AACZ,YAAQ,KAAK,yCAAyC,GAAG;AAAA,EAC3D;AAGA,MAAI;AACF,mBAAe,WAAW,cAAc;AAAA,EAC1C,SAAS,KAAK;AAAA,EAEd;AACF;AAEO,SAAS,iBAAiB,UAAU;AACzC,MAAI,OAAO,aAAa,YAAY;AAClC,UAAM,IAAI,MAAM,mCAAmC;AAAA,EACrD;AACA,YAAU,IAAI,QAAQ;AACtB,SAAO,MAAM;AACX,cAAU,OAAO,QAAQ;AAAA,EAC3B;AACF;AAEO,SAAS,oBAAoB,UAAU;AAC5C,YAAU,OAAO,QAAQ;AAC3B;AAEO,SAAS,mBAAmB;AACjC,SAAO,UAAU;AACnB;;;AC1QA,IAAI,SAAS;AAAA,EACX,WAAW;AAAA,EACX,aAAa;AAAA,EACb,aAAa;AAAA,EACb,cAAc;AAAA,EACd,UAAU;AAAA;AAAA;AAAA;AAAA;AAAA,EAKV,oBAAoB;AAAA;AAAA;AAAA;AAAA,EAKpB,2BAA2B,KAAK,KAAK;AAAA;AAAA;AAAA,EAIrC,yBAAyB;AAAA;AAAA;AAAA,EAIzB,wBAAwB;AAAA;AAAA;AAAA,EAIxB,sBAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOtB,qBAAqB;AACvB;AAEO,SAAS,UAAU,eAAe,CAAC,GAAG;AAC3C,MAAI,CAAC,aAAa,aAAa,CAAC,aAAa,aAAa;AACxD,UAAM,IAAI,MAAM,iEAAiE;AAAA,EACnF;AAEA,WAAS;AAAA,IACP,GAAG;AAAA,IACH,GAAG;AAAA,IACH,aAAa,aAAa,eAAe,OAAO,SAAS,SAAS;AAAA;AAAA,IAElE,UAAU,aAAa,YAAY,aAAa,cAAc;AAAA,EAChE;AAGA,MAAI,OAAO,qBAAqB;AAC9B,kCAA8B,IAAI;AAClC,YAAQ,IAAI,qEAA8D;AAAA,EAC5E;AAEA,UAAQ,IAAI,+BAAwB,OAAO,WAAW,WAAW,QAAQ,IAAI;AAAA,IAC3E,WAAW,OAAO;AAAA,IAClB,UAAU,OAAO;AAAA,IACjB,qBAAqB,OAAO;AAAA,EAC9B,CAAC;AACH;AAEO,SAAS,YAAY;AAC1B,SAAO,EAAE,GAAG,OAAO;AACrB;AAGO,SAAS,eAAe;AAC7B,SAAO,OAAO;AAChB;;;AChEA,IAAI,oBAAoB;AAEjB,SAAS,MAAM,cAAc,gBAAgB;AAElD,qBAAmB;AAEnB,QAAM;AAAA,IACJ,WAAW;AAAA,IACX;AAAA,IACA,aAAa;AAAA,IACb;AAAA,EACF,IAAI,UAAU;AAEd,QAAM,YAAY,gBAAgB;AAClC,QAAM,cAAc,kBAAkB;AAEtC,UAAQ,IAAI,oCAA6B;AAAA,IACvC,MAAM,aAAa,IAAI,WAAW;AAAA,IAClC;AAAA,IACA;AAAA,EACF,CAAC;AAED,MAAI,CAAC,aAAa,CAAC,aAAa;AAC9B,UAAM,IAAI,MAAM,kCAAkC;AAAA,EACpD;AAEA,iBAAe,QAAQ,eAAe,SAAS;AAC/C,iBAAe,QAAQ,aAAa,WAAW;AAE/C,MAAI,aAAa,GAAG;AAElB,WAAO,YAAY,WAAW,WAAW;AAAA,EAC3C,OAAO;AAEL,WAAO,YAAY,WAAW,WAAW;AAAA,EAC3C;AACF;AAGA,SAAS,YAAY,WAAW,aAAa;AAC3C,QAAM,EAAE,YAAY,IAAI,UAAU;AAElC,QAAM,SAAS,IAAI,gBAAgB;AACnC,MAAI,aAAa;AACf,WAAO,OAAO,gBAAgB,WAAW;AAAA,EAC3C;AACA,QAAM,QAAQ,OAAO,SAAS;AAC9B,QAAM,kBAAkB,GAAG,WAAW,UAAU,SAAS,GAAG,QAAQ,IAAI,KAAK,KAAK,EAAE;AAEpF,UAAQ,IAAI,yDAAkD;AAAA,IAC5D;AAAA,IACA;AAAA,IACA,YAAY;AAAA,EACd,CAAC;AAED,SAAO,SAAS,OAAO;AACzB;AAGA,SAAS,YAAY,WAAW,aAAa;AAC3C,QAAM,EAAE,aAAa,IAAI,UAAU;AAEnC,QAAM,SAAS,IAAI,gBAAgB;AAAA,IACjC,QAAQ;AAAA,EACV,CAAC;AACD,MAAI,aAAa;AACf,WAAO,OAAO,gBAAgB,WAAW;AAAA,EAC3C;AACA,QAAM,sBAAsB,GAAG,YAAY,UAAU,OAAO,SAAS,CAAC;AAEtE,UAAQ,IAAI,4DAAqD;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,gBAAgB;AAAA,EAClB,CAAC;AAED,SAAO,SAAS,OAAO;AACzB;AAEO,SAAS,SAAS;AACvB,qBAAmB;AAEnB,QAAM,EAAE,WAAW,aAAa,aAAa,IAAI,UAAU;AAC3D,QAAM,QAAQ,SAAS;AAEvB,UAAQ,IAAI,kCAA2B;AAEvC,aAAW;AACX,oBAAkB;AAClB,iBAAe,WAAW,aAAa;AACvC,iBAAe,WAAW,WAAW;AAErC,MAAI,aAAa,GAAG;AAClB,WAAO,aAAa,WAAW,aAAa,cAAc,KAAK;AAAA,EACjE,OAAO;AACL,WAAO,aAAa,WAAW,YAAY;AAAA,EAC7C;AACF;AAEA,eAAe,aAAa,WAAW,aAAa,cAAc,OAAO;AACvE,UAAQ,IAAI,yBAAkB;AAE9B,QAAMA,gBAAe,gBAAgB;AAErC,MAAI;AACF,UAAM,WAAW,MAAM,MAAM,GAAG,WAAW,WAAW,SAAS,IAAI;AAAA,MACjE,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,SAAS;AAAA,QACP,iBAAiB,QAAQ,UAAU,KAAK,KAAK;AAAA,QAC7C,gBAAgB;AAAA,MAClB;AAAA,MACA,MAAM,KAAK,UAAU;AAAA,QACnB,cAAcA;AAAA,MAChB,CAAC;AAAA,IACH,CAAC;AAED,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAQ,IAAI,2BAAsB,IAAI;AAEtC,sBAAkB;AAClB,eAAW;AAIX,YAAQ,IAAI,iEAA0D;AACtE,WAAO,SAAS,OAAO;AAAA,EAEzB,SAAS,OAAO;AACd,YAAQ,KAAK,+BAAqB,KAAK;AACvC,sBAAkB;AAClB,eAAW;AAEX,WAAO,SAAS,OAAO;AAAA,EACzB;AACF;AAEA,SAAS,aAAa,WAAW,cAAc;AAC7C,UAAQ,IAAI,yBAAkB;AAC9B,QAAM,YAAY,GAAG,YAAY,iBAAiB,SAAS;AAC3D,SAAO,SAAS,OAAO;AACzB;AAEO,SAAS,iBAAiB;AA5JjC;AA6JE,QAAM,SAAS,IAAI,gBAAgB,OAAO,SAAS,MAAM;AACzD,QAAMC,eAAc,OAAO,IAAI,cAAc;AAC7C,QAAM,QAAQ,OAAO,IAAI,OAAO;AAEhC,UAAQ,IAAI,gCAAyB;AAAA,IACnC,gBAAgB,CAAC,CAACA;AAAA,IAClB;AAAA,EACF,CAAC;AAGD,MAAI,mBAAmB;AACrB,UAAM,gBAAgB,SAAS;AAC/B,QAAI,eAAe;AACjB,cAAQ,IAAI,6DAAwD;AACpE,aAAO;AAAA,IACT;AAEA,wBAAoB;AAAA,EACtB;AAEA,sBAAoB;AACpB,iBAAe,WAAW,aAAa;AACvC,iBAAe,WAAW,WAAW;AAErC,MAAI,OAAO;AACT,UAAM,mBAAmB,OAAO,IAAI,mBAAmB,KAAK;AAC5D,UAAM,IAAI,MAAM,0BAA0B,gBAAgB,EAAE;AAAA,EAC9D;AAEA,MAAIA,cAAa;AACf,aAASA,YAAW;AAKpB,UAAM,oBAAoB,OAAO,IAAI,eAAe;AACpD,QAAI,mBAAmB;AACrB,YAAM,EAAE,oBAAoB,IAAI,UAAU;AAC1C,YAAM,YAAY,OAAO,WAAW,iBAAe,YAAO,aAAP,mBAAiB,cAAa;AACjF,UAAI,uBAAuB,WAAW;AACpC,gBAAQ,IAAI,sDAA+C,sBAAsB,wBAAwB,eAAe,GAAG;AAC3H,wBAAgB,iBAAiB;AAAA,MACnC,OAAO;AACL,gBAAQ,IAAI,gFAAyE;AAAA,MACvF;AAAA,IACF;AAEA,UAAM,MAAM,IAAI,IAAI,OAAO,QAAQ;AACnC,QAAI,aAAa,OAAO,cAAc;AACtC,QAAI,aAAa,OAAO,eAAe;AACvC,QAAI,aAAa,OAAO,OAAO;AAC/B,QAAI,aAAa,OAAO,OAAO;AAC/B,QAAI,aAAa,OAAO,mBAAmB;AAC3C,WAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,GAAG;AAEvC,YAAQ,IAAI,sDAAiD;AAC7D,WAAOA;AAAA,EACT;AAEA,QAAM,IAAI,MAAM,uCAAuC;AACzD;AAEO,SAAS,qBAAqB;AACnC,sBAAoB;AACtB;AAGA,IAAI,oBAAoB;AACxB,IAAI,iBAAiB;AAErB,eAAsB,eAAe;AACnC,QAAM,EAAE,WAAW,YAAY,IAAI,UAAU;AAG7C,MAAI,qBAAqB,gBAAgB;AACvC,YAAQ,IAAI,yDAAkD;AAC9D,WAAO;AAAA,EACT;AAEA,sBAAoB;AACpB,oBAAkB,YAAY;AAC5B,QAAI;AAEF,YAAM,qBAAqB,gBAAgB;AAE3C,cAAQ,IAAI,+BAAwB;AAAA,QAClC;AAAA,QACA,MAAM,aAAa,IAAI,WAAW;AAAA,QAClC,uBAAuB,CAAC,CAAC;AAAA,MAC3B,CAAC;AAGD,YAAM,iBAAiB;AAAA,QACrB,QAAQ;AAAA,QACR,aAAa;AAAA;AAAA,QACb,SAAS;AAAA,UACP,gBAAgB;AAAA,QAClB;AAAA,MACF;AAGA,UAAI,oBAAoB;AAEtB,uBAAe,OAAO,KAAK,UAAU,EAAE,cAAc,mBAAmB,CAAC;AACzE,gBAAQ,IAAI,sEAA+D;AAAA,MAC7E;AAEA,YAAM,WAAW,MAAM,MAAM,GAAG,WAAW,YAAY,SAAS,IAAI,cAAc;AAElF,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,YAAY,MAAM,SAAS,KAAK;AACtC,gBAAQ,MAAM,gCAA2B,SAAS,QAAQ,SAAS;AACnE,cAAM,IAAI,MAAM,mBAAmB,SAAS,MAAM,EAAE;AAAA,MACtD;AAEA,YAAM,OAAO,MAAM,SAAS,KAAK;AACjC,YAAM,EAAE,cAAc,eAAe,kBAAkB,IAAI;AAE3D,UAAI,CAAC,cAAc;AACjB,cAAM,IAAI,MAAM,qCAAqC;AAAA,MACvD;AAGA,eAAS,YAAY;AAGrB,UAAI,mBAAmB;AACrB,wBAAgB,iBAAiB;AACjC,gBAAQ,IAAI,kDAA2C;AAAA,MACzD;AAEA,cAAQ,IAAI,qDAAgD;AAC5D,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,cAAQ,MAAM,+BAA0B,GAAG;AAE3C,iBAAW;AACX,wBAAkB;AAClB,YAAM;AAAA,IACR,UAAE;AACA,0BAAoB;AACpB,uBAAiB;AAAA,IACnB;AAAA,EACF,GAAG;AAEH,SAAO;AACT;AAEA,eAAsB,yBAAyB;AAC7C,MAAI;AACF,UAAM,EAAE,YAAY,IAAI,UAAU;AAClC,UAAM,QAAQ,SAAS;AAEvB,QAAI,CAAC,SAAS,CAAC,aAAa;AAC1B,aAAO;AAAA,IACT;AAEA,UAAM,WAAW,MAAM,MAAM,GAAG,WAAW,6BAA6B;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,iBAAiB,UAAU,KAAK;AAAA,QAChC,gBAAgB;AAAA,MAClB;AAAA,MACA,aAAa;AAAA,IACf,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AAChB,UAAI,SAAS,WAAW,KAAK;AAC3B,eAAO;AAAA,MACT;AACA,YAAM,IAAI,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,UAAU,EAAE;AAAA,IACnE;AAEA,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,WAAO,KAAK,UAAU;AAAA,EACxB,SAAS,OAAO;AACd,YAAQ,KAAK,8BAA8B,MAAM,OAAO;AACxD,QAAI,MAAM,QAAQ,SAAS,KAAK,GAAG;AACjC,aAAO;AAAA,IACT;AACA,UAAM;AAAA,EACR;AACF;AAOA,IAAI,wBAAwB;AAC5B,IAAI,yBAAyB;AAC7B,IAAI,oBAAoB;AACxB,IAAI,0BAA0B,oBAAI,IAAI;AAG/B,SAAS,iBAAiB,UAAU;AACzC,MAAI,OAAO,aAAa,YAAY;AAClC,4BAAwB,IAAI,QAAQ;AAAA,EACtC;AACA,SAAO,MAAM,wBAAwB,OAAO,QAAQ;AACtD;AAGA,SAAS,qBAAqB,SAAS,mBAAmB;AACxD,UAAQ,IAAI,kCAA2B,MAAM;AAC7C,0BAAwB,QAAQ,cAAY;AAC1C,QAAI;AACF,eAAS,MAAM;AAAA,IACjB,SAAS,KAAK;AACZ,cAAQ,MAAM,mCAAmC,GAAG;AAAA,IACtD;AAAA,EACF,CAAC;AACH;AAKO,SAAS,wBAAwB;AACtC,QAAM,EAAE,wBAAwB,mBAAmB,IAAI,UAAU;AAEjE,MAAI,CAAC,wBAAwB;AAC3B,YAAQ,IAAI,mDAAyC;AACrD,WAAO;AAAA,EACT;AAGA,uBAAqB;AAErB,QAAM,QAAQ,SAAS;AACvB,MAAI,CAAC,OAAO;AACV,YAAQ,IAAI,yDAA+C;AAC3D,WAAO;AAAA,EACT;AAEA,QAAM,kBAAkB,mBAAmB,KAAK;AAEhD,MAAI,mBAAmB,GAAG;AACxB,YAAQ,IAAI,kEAAwD;AACpE,iBAAa,EAAE,MAAM,SAAO;AAC1B,cAAQ,MAAM,oCAA+B,GAAG;AAChD,2BAAqB,eAAe;AAAA,IACtC,CAAC;AACD,WAAO;AAAA,EACT;AAGA,QAAM,YAAY,KAAK,IAAI,GAAI,kBAAkB,kBAAmB,IAAI;AAExE,UAAQ,IAAI,6CAAsC,KAAK,MAAM,YAAY,GAAI,CAAC,uBAAuB,eAAe,IAAI;AAExH,0BAAwB,WAAW,YAAY;AAvZjD;AAwZI,QAAI;AACF,cAAQ,IAAI,6CAAsC;AAClD,YAAM,aAAa;AACnB,cAAQ,IAAI,8DAAyD;AAErE,4BAAsB;AAAA,IACxB,SAAS,KAAK;AACZ,cAAQ,MAAM,oCAA+B,GAAG;AAGhD,YAAM,iBAAe,SAAI,YAAJ,mBAAa,kBAAiB;AACnD,YAAM,qBACJ,aAAa,SAAS,KAAK,KAC3B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,SAAS,KAC/B,aAAa,SAAS,cAAc;AAEtC,UAAI,oBAAoB;AACtB,gBAAQ,IAAI,gEAAyD;AACrE,6BAAqB,uBAAuB;AAAA,MAC9C,OAAO;AAEL,gCAAwB,WAAW,MAAM,sBAAsB,GAAG,GAAK;AAAA,MACzE;AAAA,IACF;AAAA,EACF,GAAG,SAAS;AAEZ,SAAO;AACT;AAEO,SAAS,uBAAuB;AACrC,MAAI,uBAAuB;AACzB,iBAAa,qBAAqB;AAClC,4BAAwB;AACxB,YAAQ,IAAI,wCAA8B;AAAA,EAC5C;AACF;AAMO,SAAS,oBAAoB,WAAW;AAC7C,QAAM,EAAE,yBAAyB,2BAA2B,qBAAqB,IAAI,UAAU;AAE/F,MAAI,CAAC,yBAAyB;AAC5B,YAAQ,IAAI,oDAA0C;AACtD,WAAO;AAAA,EACT;AAGA,MAAI,aAAa,OAAO,cAAc,YAAY;AAChD,4BAAwB,IAAI,SAAS;AAAA,EACvC;AAGA,qBAAmB;AAEnB,QAAM,QAAQ,SAAS;AACvB,MAAI,CAAC,OAAO;AACV,YAAQ,IAAI,uDAA6C;AACzD,WAAO;AAAA,EACT;AAEA,UAAQ,IAAI,uDAA2C,4BAA4B,GAAI,IAAI;AAI3F,MAAI,WAAW;AAGf,2BAAyB,YAAY,YAAY;AAC/C,QAAI;AACF,YAAM,eAAe,SAAS;AAC9B,UAAI,CAAC,cAAc;AACjB,gBAAQ,IAAI,oDAA0C;AACtD,2BAAmB;AACnB;AAAA,MACF;AAGA,YAAM,MAAM,mBAAmB,YAAY;AAC3C,UAAI,OAAO,GAAG;AACZ,gBAAQ,IAAI,8DAAoD;AAChE,YAAI;AACF,gBAAM,aAAa;AAAA,QACrB,SAAS,YAAY;AACnB,kBAAQ,IAAI,uDAA6C;AACzD,6BAAmB;AACnB,+BAAqB;AACrB,qBAAW;AACX,4BAAkB;AAClB,+BAAqB,iBAAiB;AACtC;AAAA,QACF;AAAA,MACF;AAEA,cAAQ,IAAI,uCAA2B;AACvC,YAAM,UAAU,MAAM,uBAAuB;AAE7C,UAAI,CAAC,SAAS;AACZ,gBAAQ,IAAI,0CAAqC;AACjD,2BAAmB;AACnB,6BAAqB;AACrB,mBAAW;AACX,0BAAkB;AAClB,6BAAqB,iBAAiB;AAAA,MACxC,OAAO;AACL,gBAAQ,IAAI,4BAAuB;AAAA,MACrC;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,iDAAuC,MAAM,OAAO;AAAA,IAEnE;AAAA,EACF,GAAG,yBAAyB;AAG5B,MAAI,wBAAwB,OAAO,aAAa,aAAa;AAC3D,wBAAoB,YAAY;AAE9B,UAAI,SAAS,oBAAoB,UAAU;AACzC,mBAAW,KAAK,IAAI;AACpB;AAAA,MACF;AAGA,UAAI,SAAS,oBAAoB,WAAW;AAC1C,cAAM,eAAe,SAAS;AAC9B,YAAI,CAAC,aAAc;AAEnB,cAAM,MAAM,mBAAmB,YAAY;AAC3C,cAAM,iBAAiB,WAAW,KAAK,IAAI,IAAI,WAAW;AAC1D,mBAAW;AAIX,YAAI,MAAM,KAAK,iBAAiB,2BAA2B;AACzD,kBAAQ,IAAI,mDAAkC,KAAK,MAAM,GAAG,CAAC,uBAAuB,KAAK,MAAM,iBAAiB,GAAI,CAAC,8BAAyB;AAC9I;AAAA,QACF;AAIA,YAAI,MAAM,KAAK,kBAAkB,2BAA2B;AAC1D,kBAAQ,IAAI,iEAAgD,KAAK,MAAM,iBAAiB,GAAI,CAAC,4BAAuB;AACpH,cAAI;AACF,kBAAM,UAAU,MAAM,uBAAuB;AAC7C,gBAAI,SAAS;AACX,sBAAQ,IAAI,0CAAqC;AACjD;AAAA,YACF;AAEA,oBAAQ,IAAI,sDAAiD;AAC7D,+BAAmB;AACnB,iCAAqB;AACrB,uBAAW;AACX,8BAAkB;AAClB,iCAAqB,8BAA8B;AACnD;AAAA,UACF,SAAS,OAAO;AAEd,oBAAQ,KAAK,sFAAuE;AACpF;AAAA,UACF;AAAA,QACF;AAIA,gBAAQ,IAAI,kFAAmE;AAC/E,YAAI;AACF,gBAAM,aAAa;AACnB,kBAAQ,IAAI,yDAA+C;AAG3D,cAAI,kBAAkB,2BAA2B;AAC/C,kBAAM,UAAU,MAAM,uBAAuB;AAC7C,gBAAI,CAAC,SAAS;AACZ,sBAAQ,IAAI,sDAAiD;AAC7D,iCAAmB;AACnB,mCAAqB;AACrB,yBAAW;AACX,gCAAkB;AAClB,mCAAqB,8BAA8B;AAAA,YACrD;AAAA,UACF;AACA;AAAA,QACF,SAAS,YAAY;AACnB,kBAAQ,IAAI,kEAAwD,WAAW,OAAO;AAAA,QACxF;AAGA,2BAAmB;AACnB,6BAAqB;AACrB,mBAAW;AACX,0BAAkB;AAClB,6BAAqB,8BAA8B;AAAA,MACrD;AAAA,IACF;AACA,aAAS,iBAAiB,oBAAoB,iBAAiB;AAAA,EACjE;AAEA,SAAO;AACT;AAEO,SAAS,qBAAqB;AACnC,MAAI,wBAAwB;AAC1B,kBAAc,sBAAsB;AACpC,6BAAyB;AACzB,YAAQ,IAAI,sCAA4B;AAAA,EAC1C;AAEA,MAAI,qBAAqB,OAAO,aAAa,aAAa;AACxD,aAAS,oBAAoB,oBAAoB,iBAAiB;AAClE,wBAAoB;AAAA,EACtB;AACF;AAKO,SAAS,qBAAqB,0BAA0B;AAC7D,UAAQ,IAAI,8EAAuE;AAEnF,wBAAsB;AACtB,sBAAoB,wBAAwB;AAE5C,SAAO;AAAA,IACL,SAAS,MAAM;AACb,2BAAqB;AACrB,yBAAmB;AAAA,IACrB;AAAA,EACF;AACF;AAEO,SAAS,sBAAsB;AACpC,uBAAqB;AACrB,qBAAmB;AACnB,0BAAwB,MAAM;AAC9B,UAAQ,IAAI,oCAA6B;AAC3C;;;ACvoBA,mBAAkB;AAKlB,IAAM,MAAM,aAAAC,QAAM,OAAO;AAAA,EACvB,iBAAiB;AACnB,CAAC;AAED,IAAI,aAAa,QAAQ,IAAI,CAACC,YAAW;AACvC,QAAM,gBAAgB,UAAU;AAEhC,MAAI,CAACA,QAAO,SAAS;AAEnB,IAAAA,QAAO,WAAU,+CAAe,gBAAe;AAAA,EACjD;AAEA,MAAI,CAACA,QAAO,SAAS;AACnB,IAAAA,QAAO,UAAU,CAAC;AAAA,EACpB;AAEA,OAAI,+CAAe,cAAa,CAACA,QAAO,QAAQ,cAAc,GAAG;AAC/D,IAAAA,QAAO,QAAQ,cAAc,IAAI,cAAc;AAAA,EACjD;AAEA,QAAM,QAAQ,SAAS;AACvB,MAAI,OAAO;AACT,IAAAA,QAAO,QAAQ,gBAAgB,UAAU,KAAK;AAAA,EAChD;AAEA,SAAOA;AACT,CAAC;AAED,IAAIC,kBAAiB;AAErB,IAAI,aAAa,SAAS;AAAA,EACxB,CAAC,aAAa;AAAA,EACd,OAAO,UAAU;AACf,UAAM,EAAE,UAAU,QAAAD,QAAO,IAAI,SAAS,CAAC;AAEvC,QAAI,CAAC,YAAY,CAACA,SAAQ;AACxB,aAAO,QAAQ,OAAO,KAAK;AAAA,IAC7B;AAEA,QAAI,SAAS,WAAW,OAAOA,QAAO,QAAQ;AAC5C,aAAO,QAAQ,OAAO,KAAK;AAAA,IAC7B;AAEA,IAAAA,QAAO,SAAS;AAEhB,QAAI,CAACC,iBAAgB;AACnB,MAAAA,kBAAiB,aAAe,EAC7B,KAAK,CAAC,aAAa;AAClB,QAAAA,kBAAiB;AACjB,YAAI,UAAU;AACZ,mBAAS,QAAQ;AAAA,QACnB;AACA,eAAO;AAAA,MACT,CAAC,EACA,MAAM,CAAC,iBAAiB;AACvB,QAAAA,kBAAiB;AACjB,mBAAW;AACX,cAAM;AAAA,MACR,CAAC;AAAA,IACL;AAEA,QAAI;AACF,YAAM,iBAAiB,MAAMA;AAE7B,UAAI,gBAAgB;AAClB,QAAAD,QAAO,QAAQ,gBAAgB,UAAU,cAAc;AACvD,eAAO,IAAIA,OAAM;AAAA,MACnB;AAAA,IACF,SAAS,YAAY;AACnB,aAAO,QAAQ,OAAO,UAAU;AAAA,IAClC;AAEA,WAAO,QAAQ,OAAO,KAAK;AAAA,EAC7B;AACF;AAEA,IAAI,kBAAkB,YAAY;AAlFlC;AAmFE,MAAI;AACF,UAAM,WAAW,MAAM,IAAI,IAAI,2BAA2B;AAC1D,WAAO,SAAS,KAAK;AAAA,EACvB,SAAS,KAAK;AACZ,UAAI,SAAI,aAAJ,mBAAc,YAAW,KAAK;AAChC,aAAO;AAAA,IACT;AACA,UAAM;AAAA,EACR;AACF;AAEA,IAAO,cAAQ;;;AC7Ff,IAAAE,qBAA0B;AAGnB,SAAS,YAAY,OAAO;AACjC,MAAI;AACF,eAAO,8BAAU,KAAK;AAAA,EACxB,SAAS,KAAK;AACZ,YAAQ,KAAK,yBAAyB,GAAG;AACzC,WAAO;AAAA,EACT;AACF;AAEO,SAAS,eAAe,OAAO,gBAAgB,IAAI;AACxD,QAAM,UAAU,YAAY,KAAK;AACjC,MAAI,CAAC,WAAW,CAAC,QAAQ,IAAK,QAAO;AACrC,QAAM,cAAc,KAAK,IAAI,IAAI;AACjC,SAAO,QAAQ,MAAM,cAAc;AACrC;AAIO,SAAS,kBAAkB;AAChC,QAAM,QAAQ,SAAS;AACvB,SAAO,CAAC,CAAC,SAAS,CAAC,eAAe,KAAK;AACzC;;;ACxBA,mBAAkE;AAW3D,IAAM,kBAAc,4BAAc;AAElC,SAAS,aAAa,EAAE,UAAU,iBAAiB,GAAG;AAC3D,QAAM,CAAC,OAAO,aAAa,QAAI,uBAAS,SAAS,CAAC;AAClD,QAAM,CAAC,MAAM,OAAO,QAAI,uBAAS,IAAI;AACrC,QAAM,CAAC,SAAS,UAAU,QAAI,uBAAS,CAAC,CAAC,KAAK;AAC9C,QAAM,CAAC,cAAc,eAAe,QAAI,uBAAS,IAAI;AACrD,QAAM,yBAAqB,qBAAO,IAAI;AAGtC,QAAM,uBAAuB,CAAC,WAAW;AACvC,YAAQ,IAAI,iDAA0C,MAAM;AAC5D,oBAAgB,KAAK;AACrB,YAAQ,IAAI;AACZ,kBAAc,IAAI;AAGlB,QAAI,oBAAoB,OAAO,qBAAqB,YAAY;AAC9D,uBAAiB,MAAM;AAAA,IACzB;AAAA,EACF;AAGA,8BAAU,MAAM;AACd,QAAI,SAAS,CAAC,mBAAmB,SAAS;AACxC,cAAQ,IAAI,mDAA4C;AAGxD,YAAM,cAAc,iBAAiB,oBAAoB;AAGzD,yBAAmB,UAAU,qBAAqB,oBAAoB;AAEtE,aAAO,MAAM;AACX,oBAAY;AACZ,YAAI,mBAAmB,SAAS;AAC9B,6BAAmB,QAAQ,QAAQ;AACnC,6BAAmB,UAAU;AAAA,QAC/B;AAAA,MACF;AAAA,IACF;AAGA,QAAI,CAAC,SAAS,mBAAmB,SAAS;AACxC,yBAAmB,QAAQ,QAAQ;AACnC,yBAAmB,UAAU;AAAA,IAC/B;AAAA,EACF,GAAG,CAAC,KAAK,CAAC;AAEV,8BAAU,MAAM;AACd,YAAQ,IAAI,+CAAwC;AAAA,MAClD,UAAU,CAAC,CAAC;AAAA,MACZ,aAAa,+BAAO;AAAA,IACtB,CAAC;AAED,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,4DAAkD;AAC9D,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,UAAM,EAAE,YAAY,IAAI,UAAU;AAClC,QAAI,CAAC,aAAa;AAChB,cAAQ,KAAK,yCAAyC;AACtD,iBAAW,KAAK;AAChB;AAAA,IACF;AAEA,YAAQ,IAAI,0DAAmD;AAAA,MAC7D;AAAA,MACA,cAAc,MAAM,MAAM,GAAG,EAAE,IAAI;AAAA,IACrC,CAAC;AAED,UAAM,GAAG,WAAW,oBAAoB;AAAA,MACtC,SAAS,EAAE,eAAe,UAAU,KAAK,GAAG;AAAA,MAC5C,aAAa;AAAA,IACf,CAAC,EACE,KAAK,SAAO;AACX,cAAQ,IAAI,sCAA+B,IAAI,MAAM;AACrD,UAAI,CAAC,IAAI,GAAI,OAAM,IAAI,MAAM,sBAAsB;AACnD,aAAO,IAAI,KAAK;AAAA,IAClB,CAAC,EACA,KAAK,cAAY;AAChB,cAAQ,IAAI,wCAAmC,SAAS,KAAK;AAC7D,cAAQ,QAAQ;AAChB,sBAAgB,IAAI;AACpB,iBAAW,KAAK;AAAA,IAClB,CAAC,EACA,MAAM,SAAO;AACZ,cAAQ,MAAM,4BAAuB,GAAG;AACxC,iBAAW;AACX,oBAAc,IAAI;AAClB,cAAQ,IAAI;AACZ,iBAAW,KAAK;AAAA,IAClB,CAAC;AAAA,EACL,GAAG,CAAC,KAAK,CAAC;AAEV,QAAMC,SAAQ,CAAC,WAAW,aAAa,UAAU;AAC/C,UAAU,WAAW,aAAa,KAAK;AAAA,EACzC;AAEA,QAAMC,UAAS,MAAM;AAEnB,wBAAoB;AACpB,uBAAmB,UAAU;AAE7B,WAAW;AACX,YAAQ,IAAI;AACZ,kBAAc,IAAI;AAClB,oBAAgB,IAAI;AAAA,EACtB;AAEA,QAAM,QAAQ;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,IACA,OAAAD;AAAA,IACA,QAAAC;AAAA,IACA,iBAAiB,CAAC,CAAC,SAAS,CAAC,CAAC,QAAQ;AAAA,IACtC;AAAA,IACA;AAAA,IACA,UAAU,CAAC,aAAa;AACtB,eAAS,QAAQ;AACjB,oBAAc,QAAQ;AACtB,sBAAgB,IAAI;AAAA,IACtB;AAAA,IACA,YAAY,MAAM;AAChB,0BAAoB;AACpB,yBAAmB,UAAU;AAC7B,iBAAW;AACX,oBAAc,IAAI;AAClB,cAAQ,IAAI;AAAA,IACd;AAAA,EACF;AAEA,SAAO,6BAAAC,QAAA,cAAC,YAAY,UAAZ,EAAqB,SAAe,QAAS;AACvD;;;ACpJA,IAAAC,gBAA2B;AAGpB,SAAS,UAAU;AACxB,QAAM,cAAU,0BAAW,WAAW;AACtC,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,6CAA6C;AAAA,EAC/D;AACA,SAAO;AACT;;;ACPA,yBAAyC;AACzC,IAAAC,gBAAuC;AAkBhC,IAAM,oBAAoB,CAAC,UAAU,CAAC,MAAM;AArBnD;AAsBE,QAAM,kBAAc,mCAAe;AAEnC,QAAM;AAAA,IACJ,UAAU;AAAA,IACV,kBAAkB,IAAI,KAAK;AAAA;AAAA,IAC3B,kBAAAC;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAGJ,QAAM,oBAAgB,2BAAY,MAAM;AACtC,YAAQ,IAAI,uDAAgD;AAG5D,gBAAY,MAAM;AAGlB,QAAI,YAAY;AACd,WAAK,WAAW;AAChB,WAAK,kBAAkB;AAAA,IACzB;AAGA,QAAIA,mBAAkB;AACpB,MAAAA,kBAAiB;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,aAAa,YAAYA,iBAAgB,CAAC;AAG9C,QAAM,YAAQ,6BAAS;AAAA,IACrB,UAAU,CAAC,oBAAoB;AAAA,IAC/B,SAAS,YAAY;AACnB,UAAI;AACF,cAAM,QAAQ,KAAK,SAAS;AAC5B,YAAI,CAAC,OAAO;AACV,iBAAO,EAAE,OAAO,OAAO,QAAQ,WAAW;AAAA,QAC5C;AAEA,gBAAQ,IAAI,oDAA6C;AACzD,cAAM,UAAU,MAAM,KAAK,uBAAuB;AAElD,YAAI,CAAC,SAAS;AACZ,kBAAQ,IAAI,mDAA8C;AAC1D,wBAAc;AACd,iBAAO,EAAE,OAAO,OAAO,QAAQ,kBAAkB;AAAA,QACnD;AAEA,gBAAQ,IAAI,+CAA0C;AACtD,eAAO,EAAE,OAAO,KAAK;AAAA,MACvB,SAAS,OAAO;AACd,gBAAQ,MAAM,qDAA2C,KAAK;AAC9D,YAAI,SAAS;AACX,kBAAQ,KAAK;AAAA,QACf;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAAA,IACA,SAAS,WAAW,CAAC,CAAC,KAAK,SAAS;AAAA,IACpC;AAAA,IACA,6BAA6B;AAAA,IAC7B,OAAO;AAAA,IACP,YAAY;AAAA,IACZ,WAAW,kBAAkB;AAAA;AAAA,EAC/B,CAAC;AAGD,+BAAU,MAAM;AACd,QAAI,CAAC,QAAS;AAEd,UAAM,yBAAyB,MAAM;AACnC,UAAI,SAAS,oBAAoB,aAAa,KAAK,SAAS,GAAG;AAC7D,gBAAQ,IAAI,wEAA4D;AACxE,oBAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,MACpE;AAAA,IACF;AAEA,aAAS,iBAAiB,oBAAoB,sBAAsB;AACpE,WAAO,MAAM;AACX,eAAS,oBAAoB,oBAAoB,sBAAsB;AAAA,IACzE;AAAA,EACF,GAAG,CAAC,SAAS,WAAW,CAAC;AAGzB,+BAAU,MAAM;AACd,QAAI,mBAAmB,WAAW,KAAK,SAAS,GAAG;AACjD,kBAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,IACpE;AAAA,EACF,GAAG,CAAC,iBAAiB,SAAS,WAAW,CAAC;AAE1C,SAAO;AAAA,IACL,GAAG;AAAA,IACH,kBAAgB,WAAM,SAAN,mBAAY,UAAS;AAAA,IACrC,qBAAoB,WAAM,SAAN,mBAAY;AAAA,IAChC,gBAAgB,MAAM,YAAY,kBAAkB,EAAE,UAAU,CAAC,oBAAoB,EAAE,CAAC;AAAA,EAC1F;AACF;;;ARnFO,IAAM,OAAO;AAAA;AAAA,EAElB;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAGA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA;AAAA,EAGA,mBAAmB,MAAM;AACvB,YAAQ,KAAK,iHAAuG;AACpH,UAAM,WAAW,YAAY,YAAY;AACvC,YAAM,QAAQ,SAAS;AACvB,UAAI,SAAS,eAAe,OAAO,GAAG,GAAG;AACvC,YAAI;AACF,gBAAM,aAAa;AACnB,kBAAQ,IAAI,mCAA4B;AAAA,QAC1C,SAAS,KAAK;AACZ,kBAAQ,MAAM,wBAAwB,GAAG;AACzC,wBAAc,QAAQ;AAAA,QACxB;AAAA,MACF;AAAA,IACF,GAAG,GAAK;AACR,WAAO;AAAA,EACT;AACF;","names":["refreshToken","accessToken","axios","config","refreshPromise","import_jwt_decode","login","logout","React","import_react","import_react","onSessionInvalid"]}
|
package/dist/index.js
CHANGED
|
@@ -415,8 +415,8 @@ async function refreshToken() {
|
|
|
415
415
|
}
|
|
416
416
|
};
|
|
417
417
|
if (storedRefreshToken) {
|
|
418
|
-
requestOptions.headers["X-Refresh-Token"] = storedRefreshToken;
|
|
419
418
|
requestOptions.body = JSON.stringify({ refreshToken: storedRefreshToken });
|
|
419
|
+
console.log("\u{1F4E6} Sending refresh token in body only (Header skipped) v3.0.2");
|
|
420
420
|
}
|
|
421
421
|
const response = await fetch(`${authBaseUrl}/refresh/${clientKey}`, requestOptions);
|
|
422
422
|
if (!response.ok) {
|
|
@@ -566,6 +566,7 @@ function startSessionMonitor(onInvalid) {
|
|
|
566
566
|
return null;
|
|
567
567
|
}
|
|
568
568
|
console.log(`\u{1F441}\uFE0F Starting session monitor (interval: ${sessionValidationInterval / 1e3}s)`);
|
|
569
|
+
let hiddenAt = null;
|
|
569
570
|
sessionValidationTimer = setInterval(async () => {
|
|
570
571
|
try {
|
|
571
572
|
const currentToken = getToken();
|
|
@@ -574,7 +575,22 @@ function startSessionMonitor(onInvalid) {
|
|
|
574
575
|
stopSessionMonitor();
|
|
575
576
|
return;
|
|
576
577
|
}
|
|
577
|
-
|
|
578
|
+
const ttl = getTimeUntilExpiry(currentToken);
|
|
579
|
+
if (ttl <= 0) {
|
|
580
|
+
console.log("\uFFFD Token expired before periodic check \u2014 refreshing");
|
|
581
|
+
try {
|
|
582
|
+
await refreshToken();
|
|
583
|
+
} catch (refreshErr) {
|
|
584
|
+
console.log("\u274C Periodic refresh failed \u2014 session expired");
|
|
585
|
+
stopSessionMonitor();
|
|
586
|
+
stopProactiveRefresh();
|
|
587
|
+
clearToken();
|
|
588
|
+
clearRefreshToken();
|
|
589
|
+
notifySessionInvalid("session_deleted");
|
|
590
|
+
return;
|
|
591
|
+
}
|
|
592
|
+
}
|
|
593
|
+
console.log("\uFFFD\u{1F50D} Validating session...");
|
|
578
594
|
const isValid = await validateCurrentSession();
|
|
579
595
|
if (!isValid) {
|
|
580
596
|
console.log("\u274C Session no longer valid on server");
|
|
@@ -592,23 +608,64 @@ function startSessionMonitor(onInvalid) {
|
|
|
592
608
|
}, sessionValidationInterval);
|
|
593
609
|
if (validateOnVisibility && typeof document !== "undefined") {
|
|
594
610
|
visibilityHandler = async () => {
|
|
611
|
+
if (document.visibilityState === "hidden") {
|
|
612
|
+
hiddenAt = Date.now();
|
|
613
|
+
return;
|
|
614
|
+
}
|
|
595
615
|
if (document.visibilityState === "visible") {
|
|
596
616
|
const currentToken = getToken();
|
|
597
617
|
if (!currentToken) return;
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
|
|
618
|
+
const ttl = getTimeUntilExpiry(currentToken);
|
|
619
|
+
const hiddenDuration = hiddenAt ? Date.now() - hiddenAt : 0;
|
|
620
|
+
hiddenAt = null;
|
|
621
|
+
if (ttl > 0 && hiddenDuration < sessionValidationInterval) {
|
|
622
|
+
console.log(`\u{1F441}\uFE0F Tab visible \u2014 token valid (${Math.round(ttl)}s left), hidden for ${Math.round(hiddenDuration / 1e3)}s \u2014 skipping validation`);
|
|
623
|
+
return;
|
|
624
|
+
}
|
|
625
|
+
if (ttl > 0 && hiddenDuration >= sessionValidationInterval) {
|
|
626
|
+
console.log(`\u{1F441}\uFE0F Tab visible \u2014 token valid but hidden for ${Math.round(hiddenDuration / 1e3)}s \u2014 server-validating`);
|
|
627
|
+
try {
|
|
628
|
+
const isValid = await validateCurrentSession();
|
|
629
|
+
if (isValid) {
|
|
630
|
+
console.log("\u2705 Session confirmed valid on server");
|
|
631
|
+
return;
|
|
632
|
+
}
|
|
633
|
+
console.log("\u274C Session deleted by admin while tab was hidden");
|
|
603
634
|
stopSessionMonitor();
|
|
604
635
|
stopProactiveRefresh();
|
|
605
636
|
clearToken();
|
|
606
637
|
clearRefreshToken();
|
|
607
638
|
notifySessionInvalid("session_deleted_while_hidden");
|
|
639
|
+
return;
|
|
640
|
+
} catch (error) {
|
|
641
|
+
console.warn("\u26A0\uFE0F Server validation failed (network), token still valid \u2014 continuing");
|
|
642
|
+
return;
|
|
608
643
|
}
|
|
609
|
-
} catch (error) {
|
|
610
|
-
console.warn("\u26A0\uFE0F Visibility check failed:", error.message);
|
|
611
644
|
}
|
|
645
|
+
console.log("\u26A0\uFE0F Token expired while tab was hidden \u2014 attempting silent refresh");
|
|
646
|
+
try {
|
|
647
|
+
await refreshToken();
|
|
648
|
+
console.log("\u2705 Token silently refreshed \u2014 session restored");
|
|
649
|
+
if (hiddenDuration >= sessionValidationInterval) {
|
|
650
|
+
const isValid = await validateCurrentSession();
|
|
651
|
+
if (!isValid) {
|
|
652
|
+
console.log("\u274C Token refreshed but session deleted on server");
|
|
653
|
+
stopSessionMonitor();
|
|
654
|
+
stopProactiveRefresh();
|
|
655
|
+
clearToken();
|
|
656
|
+
clearRefreshToken();
|
|
657
|
+
notifySessionInvalid("session_deleted_while_hidden");
|
|
658
|
+
}
|
|
659
|
+
}
|
|
660
|
+
return;
|
|
661
|
+
} catch (refreshErr) {
|
|
662
|
+
console.log("\u274C Silent refresh failed \u2014 session genuinely expired:", refreshErr.message);
|
|
663
|
+
}
|
|
664
|
+
stopSessionMonitor();
|
|
665
|
+
stopProactiveRefresh();
|
|
666
|
+
clearToken();
|
|
667
|
+
clearRefreshToken();
|
|
668
|
+
notifySessionInvalid("session_deleted_while_hidden");
|
|
612
669
|
}
|
|
613
670
|
};
|
|
614
671
|
document.addEventListener("visibilitychange", visibilityHandler);
|