@sqrzro/server 2.0.0-bz.50 → 2.0.0-bz.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/auth/index.cjs +1 -1
  2. package/dist/auth/index.cjs.map +1 -1
  3. package/dist/auth/index.js +1 -1
  4. package/dist/auth/index.js.map +1 -1
  5. package/dist/database/schema.d.cts +0 -80
  6. package/dist/database/schema.d.ts +0 -80
  7. package/package.json +2 -2
package/dist/auth/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/auth/AuthService.ts","../../src/database/DatabaseService.ts","../../src/database/schema.ts","../../src/forms/FormService.ts","../../src/forms/ValidationError.ts","../../src/forms/ValidationService.ts","../../src/forms/lang.ts","../../src/auth/MFAService.ts","../../src/auth/MFARequest.ts","../../src/auth/SessionService.ts","../../src/cache/CacheService.ts","../../src/url/URLService.ts","../../src/auth/PasswordService.ts","../../src/auth/LoginRequest.ts","../../src/auth/PasswordRequest.ts","../../src/auth/PasswordResetWithTokenRequest.ts","../../src/auth/ClientService.ts"],"names":["and","eq","inArray","lte","drizzle","postgres","createSingleton","db","integer","pgEnum","pgSchema","text","timestamp","uniqueIndex","DEFAULT_ROLE","mfaType","scope","authSchema","authUserTable","table","authSessionTable","authResetTable","authMFATable","authClientTable","NextResponse","ValidationError","messages","ValidationError_default","Joi","lang_default","getErrorMessages","acc","key","value","transformErrors","error","cur","validateSchema","formData","validation","err","createSchema","schema","serializeError","hasFn","args","submitForm","data","validated","validationError","model","isNotNull","isNull","authenticator","qrcode","MFARequest","MFARequest_default","DrizzlePostgreSQLAdapter","pick","Lucia","TimeSpan","generateId","cookies","match","createClient","client","isLocalhost","url","getClient","getFromCache","setToCache","headers","getOrigin","envOrigin","origin","proto","host","DEFAULT_REDIRECT","ID_LENGTH","DEFAULT_SCOPES","timespanMap","getSessionExpiry","unit","adapter","lucia","attributes","generateID","prefix","length","invalidateSession","id","cookie","invalidateUserSessions","createUserSession","session","sessionCookie","getSessionID","checkSessionExists","checkUserRole","userRole","targetRoles","targetRolesArray","getAllowedRoles","getSessionUser","roles","sessionID","user","checkRouteAllowed","pathname","route","getScopes","scopes","getScopeByID","setScopes","customScopes","validateSessionFromID","handleSession","request","checkMFAEnabled","generateMFA","name","email","secret","otpauth","resolve","reject","checkUserHasMFA","mfa","markAsVerified","userID","validateUserToken","token","handleMFA","handleMFAForm","bcrypt","PW_SALT_ROUNDS","PASSWORD_RULES","checkPasswordMin","password","checkPasswordUpper","checkPasswordLower","checkPasswordNumber","checkPasswordSymbol","PASSWORD_FUNCTIONS","hashPassword","verifyPassword","encrypted","getPasswordComplexity","rules","validity","rule","checkPasswordComplexity","LoginRequest","LoginRequest_default","PasswordRequest","PasswordRequest_default","passwordComplexity","passwordIsComplex","helpers","PasswordResetWithTokenRequest","PasswordResetWithTokenRequest_default","RESET_TOKEN_LENGTH","RESET_TOKEN_EXPIRY","handleLogout","role","getMaximumRole","handleUserSession","getUserByEmail","conditions","loginUser","handleLoginForm","onSuccess","registerUser","hash","createPasswordResetToken","handlePasswordForm","mailFn","mutateFn","validatePasswordResetToken","result","handlePasswordResetWithTokenForm","SECRET_LENGTH","getClientByID","registerClient","alias","handleClientAuth","header","auth"],"mappings":"AACA,OAAS,OAAAA,GAAK,MAAAC,EAAI,WAAAC,GAAS,OAAAC,OAAW,cCDtC,OAAS,WAAAC,OAAe,0BAExB,OAAOC,OAAc,WAMrB,SAASC,IAAsC,CAC3C,GAAI,CAAC,QAAQ,IAAI,aACb,MAAM,IAAI,MAAM,6BAA6B,EAEjD,OAAOF,GAAQC,GAAS,QAAQ,IAAI,aAAc,CAAE,QAAS,EAAM,CAAC,CAAC,CACzE,CAEO,IAAME,EAAK,WAAW,MAAQD,GAAgB,EAEhD,QAAQ,IAAI,aACb,WAAW,KAAOC,GChBtB,OAAS,WAAAC,GAAS,UAAAC,EAAQ,YAAAC,GAAU,QAAAC,EAAM,aAAAC,EAAW,eAAAC,OAAmB,sBAExE,IAAMC,GAAe,GAERC,GAAUN,EAAO,UAAW,CAAC,OAAQ,UAAU,CAAC,EAChDO,GAAQP,EAAO,QAAS,CAAC,OAAQ,MAAO,QAAQ,CAAC,EAIjDQ,EAAaP,GAAS,MAAM,EAE5BQ,EAAgBD,EAAW,MACpC,mBACA,CACI,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,MAAOA,EAAK,OAAO,EAAE,QAAQ,EAC7B,SAAUA,EAAK,UAAU,EACzB,KAAMH,GAAQ,MAAM,EAAE,QAAQ,EAAE,QAAQM,EAAY,CACxD,EACCK,IAAW,CACR,OAAQN,GAAY,EAAE,GAAGM,EAAM,MAAOA,EAAM,IAAI,CACpD,EACJ,EAIaC,EAAmBH,EAAW,MAAM,WAAY,CACzD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,MAAOF,GAAM,OAAO,EAAE,QAAQ,EAAE,QAAQ,MAAM,EAC9C,UAAWJ,EAAU,WAAW,EAAE,QAAQ,CAC9C,CAAC,EAIYS,EAAiBJ,EAAW,MAAM,SAAU,CACrD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,UAAWN,EAAU,WAAW,EAAE,QAAQ,CAC9C,CAAC,EAIYU,EAAeL,EAAW,MAAM,OAAQ,CACjD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,KAAMA,EAAK,MAAM,EAAE,QAAQ,EAC3B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,KAAMH,GAAQ,MAAM,EAAE,QAAQ,EAAE,QAAQ,MAAM,EAC9C,OAAQJ,EAAK,QAAQ,EAAE,QAAQ,EAC/B,WAAYC,EAAU,YAAY,CACtC,CAAC,EAIYW,EAAkBN,EAAW,MAAM,qBAAsB,CAClE,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,MAAOA,EAAK,OAAO,EAAE,QAAQ,EAAE,OAAO,EACtC,OAAQA,EAAK,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAC5C,CAAC,EC9DD,OAAS,gBAAAa,OAAoB,cCJ7B,IAAMC,EAAN,cAA8B,KAAM,CACzB,SAEA,YAAYC,EAAkC,CACjD,MAAM,KAAK,UAAUA,CAAQ,CAAC,EAE9B,KAAK,SAAWA,EAChB,KAAK,KAAO,iBAChB,CACJ,EAEOC,EAAQF,ECVf,OAAOG,MAAS,MCDhB,IAAMF,GAAmC,CACrC,mBAAoB,GACpB,mBAAoB,GACpB,qBAAsB,GACtB,mBAAoB,GACpB,qBAAsB,GACtB,aAAc,GACd,cAAe,GACf,eAAgB,GAChB,cAAe,GACf,WAAY,GACZ,UAAW,GACX,eAAgB,yBAChB,cAAe,GACf,aAAc,GACd,iBAAkB,GAClB,6BAA8B,GAC9B,+BAAgC,GAChC,iCAAkC,GAClC,iBAAkB,GAClB,eAAgB,GAChB,YAAa,GACb,YAAa,GACb,sBAAuB,GACvB,aAAc,GACd,yBAA0B,GAC1B,yBAA0B,GAC1B,eAAgB,GAChB,eAAgB,GAChB,iBAAkB,GAClB,mBAAoB,GACpB,cAAe,GACf,gBAAiB,GACjB,aAAc,GACd,aAAc,GACd,eAAgB,GAChB,YAAa,GACb,cAAe,GACf,eAAgB,GAChB,YAAa,GACb,WAAY,GACZ,WAAY,GACZ,cAAe,GACf,iBAAkB,GAClB,iBAAkB,GAClB,oBAAqB,GACrB,oBAAqB,GACrB,cAAe,gCACf,iBAAkB,GAClB,kBAAmB,GACnB,iBAAkB,GAClB,cAAe,GACf,aAAc,GACd,aAAc,2DACd,kBAAmB,GACnB,kBAAmB,GACnB,cAAe,GACf,kBAAmB,GACnB,mBAAoB,GACpB,gBAAiB,GACjB,iBAAkB,GAClB,aAAc,GACd,gBAAiB,GACjB,cAAe,GACf,gBAAiB,GACjB,aAAc,GACd,aAAc,GACd,iBAAkB,GAClB,cAAe,GACf,uBAAwB,GACxB,iBAAkB,GAClB,eAAgB,GAChB,yBAA0B,GAC1B,yBAA0B,GAC1B,gBAAiB,GACjB,kBAAmB,GACnB,cAAe,GACf,iBAAkB,GAClB,aAAc,GACd,cAAe,GACf,kBAAmB,GACnB,gBAAiB,GACjB,cAAe,GACf,oBAAqB,GACrB,iBAAkB,GAClB,gBAAiB,GACjB,eAAgB,GAChB,eAAgB,yBAChB,cAAe,GACf,kBAAmB,GACnB,aAAc,GACd,kBAAmB,GACnB,mBAAoB,GACpB,YAAa,GACb,iBAAkB,GAClB,qBAAsB,GACtB,gBAAiB,GACjB,mBAAoB,GACpB,aAAc,GACd,aAAc,GACd,mBAAoB,GACpB,sBAAuB,0CACvB,sBAAuB,GACvB,6BAA8B,GAC9B,6BAA8B,GAC9B,eAAgB,GAChB,cAAe,GACf,mBAAoB,GACpB,aAAc,GACd,yBAA0B,GAC1B,yBAA0B,GAC1B,cAAe,GACf,aAAc,EAClB,EAEOG,EAAQH,GDjGf,SAASI,IAA2C,CAChD,OAAO,OAAO,QAAQD,CAAI,EAAE,OAAO,CAACE,EAAK,CAACC,EAAKC,CAAK,IAC3CA,EAGE,CACH,GAAGF,EACH,CAACC,CAAG,EAAGC,CACX,EALWF,EAMZ,CAAC,CAAC,CACT,CAEA,SAASG,GAAgBC,EAA6C,CAClE,IAAMT,EAAWS,EAAM,QAAQ,OAC3B,CAACJ,EAAKK,KAAS,CACX,GAAGL,EACH,CAACK,EAAI,KAAK,KAAK,GAAG,CAAC,EAAGA,EAAI,QAAQ,QAAQ,MAAO,EAAE,CACvD,GACA,CAAC,CACL,EACA,OAAO,IAAIT,EAAgBD,CAAQ,CACvC,CAaA,eAAsBW,EAClBC,EACAC,EACAb,EACqB,CACrB,GAAI,CAOA,MAAO,CANW,MAAMa,EAAW,cAAcD,EAAU,CACvD,WAAY,GACZ,SAAUZ,GAAYI,GAAiB,EACvC,aAAc,EAClB,CAAC,EAEkB,IAAI,CAC3B,OAASU,EAAK,CACV,OAAIA,aAAeZ,EAAI,gBACZ,CAAC,KAAMM,GAAgBM,CAAG,CAAC,EAGlCA,aAAe,MACR,CAAC,KAAMA,CAAG,EAGd,CAAC,KAAM,IAAI,MAAM,kCAAkC,CAAC,CAC/D,CACJ,CAEO,SAASC,EAAgBC,EAAqD,CACjF,OAAOd,EAAI,OAAUc,CAAM,CAC/B,CFvEA,SAASC,EAAeH,EAA6B,CACjD,MAAO,CACH,MAAOA,EAAI,MACX,QAASA,EAAI,QACb,KAAMA,EAAI,KACV,MAAOA,EAAI,KACf,CACJ,CAcA,SAASI,GACLC,EACkC,CAClC,MAAO,EAAQ,OAAO,UAAU,eAAe,KAAKA,EAAM,IAAI,CAClE,CASA,eAAsBC,EAClBD,EACwD,CACxD,IAAIE,EAAO,CAAE,GAAGF,EAAK,QAAS,EAE9B,GAAIA,EAAK,QAAS,CACd,GAAM,CAACG,EAAWC,CAAe,EAAI,MAAMZ,EAAkBQ,EAAK,SAAUA,EAAK,OAAO,EAExF,GAAII,IAAoB,KACpB,OAAIA,aAA2BtB,GAC3BkB,EAAK,oBAAoBI,CAAe,EAGrC,CAAC,KAAMN,EAAeM,CAAe,CAAC,EAGjDF,EAAOC,CACX,CAEA,GAAI,CAACJ,GAAMC,CAAI,EACX,aAAMA,EAAK,YAAYE,CAAI,EACpB,CAACA,EAAM,IAAI,EAGtB,IAAIG,EAA2B,KAE/B,GAAI,CACAA,EAAQ,MAAML,EAAK,GAAGE,CAAI,CAC9B,OAASP,EAAc,CACnB,GAAIA,aAAeb,EACf,OAAAkB,EAAK,oBAAoBL,CAAG,EACrB,CAAC,KAAMG,EAAeH,CAAG,CAAC,EAErC,MAAIA,aAAe,MACTA,EAEJ,IAAI,MAAM,kEAAkE,CACtF,CAEA,GAAI,CAACU,EACD,MAAM,IAAI,MAAM,UAAU,EAG9B,aAAML,EAAK,YAAYK,CAAK,EACrB,CAACA,EAAO,IAAI,CACvB,CIvFA,OAAS,OAAAlD,EAAK,MAAAC,EAAI,aAAAkD,GAAW,UAAAC,OAAc,cAC3C,OAAS,iBAAAC,MAAqB,SAC9B,OAAOC,OAAY,SCDnB,OAAO1B,OAAS,MAKhB,IAAM2B,GAAad,EAA4B,CAC3C,MAAOb,GAAI,OAAO,EACb,QAAQ,aAAa,EACrB,SAAS,CAClB,CAAC,EAEM4B,EAAQD,GCbf,OAAS,4BAAAE,OAAgC,8BACzC,OAAS,QAAAC,OAAY,kBACrB,OAAS,SAAAC,GAAO,YAAAC,EAAU,cAAAC,OAAkB,QAC5C,OAAS,WAAAC,MAAe,eACxB,OAAS,gBAAAtC,OAAoB,cAE7B,OAAS,SAAAuC,OAAa,iBCNtB,OAAS,gBAAAC,OAAoB,QAE7B,IAAIC,EAAiD,KAErD,SAASC,GAAYC,EAAsB,CACvC,OAAOA,EAAI,SAAS,WAAW,GAAKA,EAAI,SAAS,WAAW,CAChE,CAEA,eAAeC,GAAsD,CACjE,GAAI,CAAC,QAAQ,IAAI,UACb,MAAM,IAAI,MAAM,gEAAgE,EAGpF,OAAIH,IAIJA,EAASD,GAAa,CAClB,OAAQ,CACJ,IAAK,CAACE,GAAY,QAAQ,IAAI,SAAS,CAC3C,EACA,IAAK,QAAQ,IAAI,SACrB,CAAC,EAED,MAAMD,EAAO,QAAQ,EACdA,EACX,CAEA,eAAsBI,EAAarC,EAAqC,CACpE,OAAQ,MAAMoC,EAAU,GAAG,IAAIpC,CAAG,CACtC,CAEA,eAAsBsC,EAAWtC,EAAaC,EAA8B,CACxE,MAAO,MAAMmC,EAAU,GAAG,IAAIpC,EAAKC,CAAK,CAC5C,CClCA,OAAS,WAAAsC,MAAe,eAkBxB,eAAsBC,GAA6B,CAC/C,IAAMC,EAAY,QAAQ,IAAI,UAE9B,GAAIA,EACA,OAAOA,EAGX,IAAMC,GAAU,MAAMH,EAAQ,GAAG,IAAI,UAAU,EAE/C,GAAIG,EACA,OAAOA,EAGX,IAAMC,GAAS,MAAMJ,EAAQ,GAAG,IAAI,mBAAmB,EACjDK,GAAQ,MAAML,EAAQ,GAAG,IAAI,kBAAkB,EAErD,GAAII,GAASC,EACT,MAAO,GAAGD,CAAK,MAAMC,CAAI,GAG7B,MAAM,IAAI,MAAM,+BAA+B,CACnD,CFtBA,IAAMC,EAAmB,cACnBC,GAAY,GA6BZC,EAA8B,CAChC,KAAM,CACF,aAAc,yBACd,iBAAkBF,CACtB,EACA,IAAK,CACD,aAAc,YACd,iBAAkB,WACtB,EACA,OAAQ,CACJ,aAAc,IACd,eAAgB,GACpB,CACJ,EAGMG,GAA4C,CAC9C,EAAG,IACH,EAAG,IACH,EAAG,IACH,GAAI,KACJ,EAAG,IACH,EAAG,GACP,EAGA,SAASC,IAA6B,CAClC,GAAI,CAAC,QAAQ,IAAI,oBACb,OAAO,IAAIrB,EAAS,EAAG,GAAG,EAG9B,GAAM,CAAC3B,EAAOiD,CAAI,EAAI,QAAQ,IAAI,oBAAoB,MAAM,IAAI,EAChE,OAAO,IAAItB,EAAS,OAAO3B,CAAK,EAAG+C,GAAYE,CAAI,CAAC,CACxD,CAEA,IAAMC,GAAU,IAAI1B,GAAyBlD,EAAIa,EAAkBF,CAAa,EAEnEkE,EAAQ,IAAIzB,GAAMwB,GAAS,CACpC,qBAAuBE,IAAsE,CACzF,MAAOA,EAAW,KACtB,GACA,kBAAoBA,IAAgE,CAChF,MAAOA,EAAW,MAClB,KAAMA,EAAW,IACrB,GACA,cAAe,CACX,WAAY,CACR,OAAQ,QAAQ,IAAI,WAAa,YACrC,EACA,KAAM,QAAQ,IAAI,kBAAoB,cAC1C,EACA,iBAAkBJ,GAAiB,CACvC,CAAC,EAEM,SAASK,EAAsCC,EAAS,GAAIC,EAASV,GAAc,CACtF,MAAO,GAAGS,EAAS,GAAGA,CAAM,IAAM,EAAE,GAAG1B,GAAW2B,CAAM,CAAC,EAC7D,CAEA,eAAsBC,EAAkBC,EAA2B,CAC/D,IAAMC,EAASP,EAAM,yBAAyB,EAC9C,OAAC,MAAMtB,EAAQ,GAAG,IAAI6B,EAAO,KAAMA,EAAO,MAAOA,EAAO,UAAU,EAE3DP,EAAM,kBAAkBM,CAAE,CACrC,CAEA,eAAsBE,EAAuBF,EAA2B,CACpE,OAAON,EAAM,uBAAuBM,CAAE,CAC1C,CAEA,eAAsBG,EAAkBH,EAAY1E,EAAe,OAA0B,CACzF,IAAM8E,EAAU,MAAMV,EAAM,cAAcM,EAAI,CAAE,MAAA1E,CAAM,CAAC,EACjD+E,EAAgBX,EAAM,oBAAoBU,EAAQ,EAAE,EAC1D,OAAC,MAAMhC,EAAQ,GAAG,IAAIiC,EAAc,KAAMA,EAAc,MAAOA,EAAc,UAAU,EAEhF,EACX,CAEA,eAAsBC,GAAuC,CACzD,OAAQ,MAAMlC,EAAQ,GAAG,IAAIsB,EAAM,iBAAiB,GAAG,OAAS,IACpE,CAEA,eAAsBa,IAAuC,CACzD,MAAO,EAAQ,MAAMD,EAAa,CACtC,CAEA,SAASE,GAAcC,EAAkBC,EAA0C,CAC/E,IAAMC,EAAmB,MAAM,QAAQD,CAAW,EAAIA,EAAc,CAACA,CAAW,EAEhF,OAAIC,EAAiB,CAAC,EACXA,EAAiB,SAASF,CAAQ,EAGtCG,EAAgB,EAAE,SAASH,CAAQ,CAC9C,CAEA,eAAsBI,EAAeC,EAI3B,CACN,IAAMC,EAAY,MAAMT,EAAa,EAErC,GAAI,CAACS,EACD,OAAO,KAGX,GAAM,CAAE,KAAAC,CAAK,EAAI,MAAMtB,EAAM,gBAAgBqB,CAAS,EAEtD,MAAI,CAACC,GAAQ,CAACR,GAAcQ,EAAK,KAAMF,CAAK,EACjC,KAGJ9C,GAAKgD,EAAM,CAAC,KAAM,QAAS,MAAM,CAAC,CAC7C,CAEO,SAASC,GAAkBC,EAAkBC,EAAyB,CACzE,OAAKA,EAIDA,IAAU,IACH,GAGJ9C,GAAM8C,CAAK,EAAED,CAAQ,IAAM,GAPvB,EAQf,CAEA,eAAsBE,GAAkC,CACpD,IAAMC,EAAS,MAAM1C,EAAa,GAAGG,EAAU,CAAC,SAAS,EACzD,OAAOuC,EAAU,KAAK,MAAMA,CAAM,EAAoBhC,CAC1D,CAEA,eAAsBiC,EAAatB,EAA+B,CAE9D,OADe,MAAMoB,EAAU,GACjBpB,CAAE,CACpB,CAEA,eAAsBuB,GAAUC,EAAoD,CAChF,IAAMH,EAAS,CACX,KAAM,CACF,GAAGhC,EAAe,KAClB,GAAGmC,GAAc,IACrB,EACA,IAAK,CACD,GAAGnC,EAAe,IAClB,GAAGmC,GAAc,GACrB,EACA,OAAQ,CACJ,GAAGnC,EAAe,OAClB,GAAGmC,GAAc,MACrB,CACJ,EACA,OAAO5C,EAAW,GAAGE,EAAU,CAAC,UAAW,KAAK,UAAUuC,CAAM,CAAC,CACrE,CAEA,eAAeI,GACXV,EACAG,EAC0D,CAC1D,IAAMG,EAAS,MAAMD,EAAU,EACzB,CAAE,QAAAhB,EAAS,KAAAY,CAAK,EAAI,MAAMtB,EAAM,gBAAgBqB,CAAS,EAEzDzF,EACF+F,EAAOjB,GAAWQ,EAAgB,EAAE,SAASI,GAAM,IAAI,EAAIZ,EAAQ,MAAQ,MAAM,EAErF,MAAO,CACH,MAAOY,GAAM,OAAS,KACtB,SAAUC,GAAkBC,EAAU5F,EAAM,YAAY,EAClD,KACAA,EAAM,kBAAoB6D,CACpC,CACJ,CAEA,eAAsBuC,GAClBC,EACAH,EACqB,CACrB,IAAMT,EAAYY,EAAQ,QAAQ,aAAa,IAAI,IAAI,GAAK,GACtDT,EAAWS,EAAQ,QAAQ,aAAa,IAAI,UAAU,GAAK,IAEjE,aAAMJ,GAAUC,CAAY,EAErB1F,GAAa,KAAK,MAAM2F,GAAsBV,EAAWG,CAAQ,CAAC,CAC7E,CFxNO,SAASU,GAA2B,CACvC,OAAO,QAAQ,IAAI,mBAAqB,OAC5C,CAEA,eAAsBC,GAAYC,EAAcC,EAAwC,CACpF,GAAI,CAACH,EAAgB,EACjB,MAAM,IAAI,MAAM,iDAAiD,EAGrE,GAAI,CAACG,EACD,OAAO,KAGX,GAAM,CAACf,CAAI,EAAI,MAAMnG,EAChB,OAAO,EACP,KAAKW,CAAa,EAClB,MAAMjB,EAAGiB,EAAc,MAAOuG,CAAK,CAAC,EACpC,MAAM,CAAC,EAEZ,GAAI,CAACf,EACD,OAAO,KAGX,IAAMgB,EAASrE,EAAc,eAAe,EACtCsE,EAAUtE,EAAc,OAAOoE,EAAOD,EAAME,CAAM,EAIxD,aAAMnH,EACD,OAAOe,CAAY,EACnB,MAAMtB,EAAIC,EAAGqB,EAAa,OAAQoF,EAAK,EAAE,EAAGtD,GAAO9B,EAAa,UAAU,CAAC,CAAC,EAIjF,MAAMf,EAAG,OAAOe,CAAY,EAAE,OAAO,CACjC,GAAIgE,EAAW,EACf,KAAM,UACN,OAAAoC,EACA,OAAQhB,EAAK,EACjB,CAAC,EAEM,IAAI,QAAQ,CAACkB,EAASC,IAAW,CACpCvE,GAAO,UACHqE,EACA,CAAE,aAAc,CAAE,QAAS,CAAE,EAAG,OAAQ,EAAG,MAAO,CAAE,EACpD,CAACnF,EAAKO,KAAS,CACPP,GACAqF,EAAOrF,CAAG,EAEdoF,EAAQ7E,EAAI,CAChB,CACJ,CACJ,CAAC,CACL,CAEA,eAAsB+E,GAAgBpB,EAAoC,CACtE,GAAI,CAACY,EAAgB,EACjB,MAAO,GAGX,GAAM,CAACS,CAAG,EAAI,MAAMxH,EACf,OAAO,EACP,KAAKe,CAAY,EACjB,MAAMtB,EAAIC,EAAGqB,EAAa,OAAQoF,EAAK,EAAE,EAAGvD,GAAU7B,EAAa,UAAU,CAAC,CAAC,EAC/E,MAAM,CAAC,EAEZ,MAAO,EAAQyG,CACnB,CAEA,eAAeC,GAAeC,EAA+B,CACpDX,EAAgB,GAIrB,MAAM/G,EACD,OAAOe,CAAY,EACnB,IAAI,CAAE,WAAY,IAAI,IAAO,CAAC,EAC9B,MAAMrB,EAAGqB,EAAa,OAAQ2G,CAAM,CAAC,CAC9C,CAEA,eAAeC,GAAkBD,EAAgBE,EAAiC,CAC9E,GAAI,CAACb,EAAgB,EACjB,MAAO,GAGX,GAAM,CAACS,CAAG,EAAI,MAAMxH,EACf,OAAO,EACP,KAAKe,CAAY,EACjB,MAAMrB,EAAGqB,EAAa,OAAQ2G,CAAM,CAAC,EACrC,MAAM,CAAC,EAEZ,OAAKF,EAIE1E,EAAc,MAAM8E,EAAOJ,EAAI,MAAM,EAHjC,EAIf,CAEA,eAAsBK,GAAUrF,EAAuC,CACnE,GAAI,CAACuE,EAAgB,EACjB,MAAO,GAGX,IAAMZ,EAAO,MAAMH,EAAe,EAQlC,MANI,CAACG,GAMD,CAFY,MAAMwB,GAAkBxB,EAAK,GAAI3D,EAAK,KAAK,EAGhD,IAGX,MAAMiF,GAAetB,EAAK,EAAE,EACrBb,EAAkBa,EAAK,GAAI,QAAQ,EAC9C,CAEA,eAAsB2B,GAAc/F,EAAsD,CACtF,OAAKgF,EAAgB,EAIJ,MAAMxE,EAAmC,CACtD,GAAIsF,GACJ,SAAA9F,EACA,QAASkB,CACb,CAAC,EAPU,CAAC,KAAM,IAAI,MAAM,oBAAoB,CAAC,CAUrD,CKjJA,OAAO8E,OAAY,WAEnB,IAAMC,GAAiB,GAOjBC,GAAqC,CACvC,IAAK,EACL,MAAO,EACP,MAAO,EACP,OAAQ,EACR,OAAQ,CACZ,EAEA,SAASC,GAAiBC,EAAkBzG,EAAwB,CAChE,OAAOyG,EAAS,QAAUzG,CAC9B,CAEA,SAAS0G,GAAmBD,EAAkBzG,EAAwB,CAClE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS2G,GAAmBF,EAAkBzG,EAAwB,CAClE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS4G,GAAoBH,EAAkBzG,EAAwB,CACnE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS6G,GAAoBJ,EAAkBzG,EAAwB,CACnE,OAAOyG,EAAS,QAAQ,SAAU,EAAE,EAAE,QAAUzG,CACpD,CAEA,IAAM8G,GAAyF,CAC3F,IAAKN,GACL,MAAOE,GACP,MAAOC,GACP,OAAQC,GACR,OAAQC,EACZ,EAEA,eAAsBE,EAAaN,EAAmC,CAElE,OADa,MAAMJ,GAAO,KAAKI,EAAUH,EAAc,CAE3D,CAEA,eAAsBU,EAAelG,EAAemG,EAAsC,CACtF,MAAI,CAACnG,GAAQ,CAACmG,EACH,GAGM,MAAMZ,GAAO,QAAQvF,EAAMmG,CAAS,CAEzD,CAEA,eAAsBC,GAClBT,EACAU,EAAqCZ,GACG,CAGxC,IAAMa,EAFU,OAAO,QAAQD,CAAK,EAEX,OAAwC,CAACrH,EAAK,CAACuH,EAAMrH,CAAK,KAC/EF,EAAIuH,CAAI,EAAIP,GAAmBO,CAAI,EAAEZ,EAAUzG,CAAK,EAC7CF,GACR,CAAC,CAAC,EAEL,OAAO,QAAQ,QAAQsH,CAAQ,CACnC,CAEA,eAAsBE,GAClBb,EACAU,EAAqCZ,GACZ,CACzB,IAAMa,EAAW,MAAMF,GAAsBT,EAAUU,CAAK,EAC5D,OAAO,QAAQ,QAAQ,OAAO,OAAOC,CAAQ,EAAE,MAAM,OAAO,CAAC,CACjE,CC7EA,OAAOzH,OAAS,MAKhB,IAAM4H,GAAe/G,EAA8B,CAC/C,MAAOb,GAAI,OAAO,EAAE,MAAM,CAAE,kBAAmB,EAAG,KAAM,EAAM,CAAC,EAAE,SAAS,EAC1E,SAAUA,GAAI,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CAC3C,CAAC,EAEM6H,GAAQD,GCVf,OAAO5H,OAAS,MAKhB,IAAM8H,GAAkBjH,EAAiC,CACrD,MAAOb,GAAI,OAAO,EAAE,IAAI,EAAE,EAAE,MAAM,CAAE,kBAAmB,EAAG,KAAM,EAAM,CAAC,EAAE,SAAS,EAAE,SAAS,CACzF,eAAgB,qEAChB,eAAgB,qEAChB,eAAgB,+CAChB,aAAc,8CAClB,CAAC,CACL,CAAC,EAEM+H,GAAQD,GChBf,OAAO9H,OAAS,MAShB,IAAMgI,GAAyC,CAC3C,MAAO,EACP,IAAK,EACL,OAAQ,EACR,MAAO,CACX,EAEA,eAAeC,GACX5H,EACA6H,EACuB,CACvB,OAAM,MAAMP,GAAwBtH,EAAO2H,EAAkB,EAMtD3H,EALI6H,EAAQ,QAAQ,CACnB,SACI,+EACR,CAAC,CAGT,CAEA,IAAMC,GAAgCtH,EAA+C,CACjF,SAAUb,GAAI,OAAO,EAAE,SAASiI,EAAiB,EAAE,SAAS,EAAE,SAAS,CACnE,eAAgB,mCAChB,eAAgB,kCACpB,CAAC,EACD,MAAOjI,GAAI,OAAO,EAAE,QAAQ,eAAe,CAC/C,CAAC,EAEMoI,GAAQD,GfNf,IAAME,GAAqB,GAGrBC,GAAqB,KAE3B,eAAsBC,IAA8B,CAChD,IAAMzE,EAAK,MAAMM,EAAa,EAE1BN,GACA,MAAMD,EAAkBC,CAAE,CAElC,CASO,SAASY,GAA4B,CACxC,IAAM8D,EAAO,QAAQ,IAAI,UAEzB,GAAI,CAACA,EACD,MAAM,IAAI,MAAM,gEAAgE,EAGpF,MAAO,CAAC,OAAOA,CAAI,CAAC,CACxB,CAEO,SAASC,IAAyB,CACrC,IAAM7D,EAAQF,EAAgB,EAC9B,OAAO,KAAK,IAAI,GAAGE,CAAK,CAC5B,CAEA,eAAe8D,GAAkBrC,EAAwC,CACrE,aAAMpC,EAAkBoC,EAAQX,EAAgB,EAAI,MAAQ,QAAQ,GAEtD,MAAMN,EAAa,QAAQ,IAC3B,gBAAkB,IACpC,CAEA,eAAsBuD,GAAe9C,EAAe2C,EAA2C,CAC3F,IAAMI,EAAa,CAACvK,EAAGiB,EAAc,MAAOuG,CAAK,CAAC,EAE9C2C,EACAI,EAAW,KAAKvK,EAAGiB,EAAc,KAAMkJ,CAAI,CAAC,EAE5CI,EAAW,KAAKrK,GAAIe,EAAc,KAAMmJ,GAAe,CAAC,CAAC,EAG7D,GAAM,CAAC3D,CAAI,EAAI,MAAMnG,EAChB,OAAO,EACP,KAAKW,CAAa,EAClB,MAAMlB,GAAI,GAAGwK,CAAU,CAAC,EACxB,MAAM,CAAC,EAEZ,OAAO9D,CACX,CAEA,eAAe+D,GAAU,CAAE,MAAAhD,EAAO,SAAAiB,CAAS,EAAmC,CAC1E,GAAI,CAAC,QAAQ,IAAI,UACb,MAAM,IAAI,MAAM,gEAAgE,EAGpF,IAAMhC,EAAO,MAAM6D,GAAe9C,EAAO,OAAO,QAAQ,IAAI,SAAS,CAAC,EAEtE,GAAI,CAACf,GAAM,UAAY,CAAE,MAAMuC,EAAeP,EAAUhC,EAAK,QAAQ,EACjE,MAAM,IAAI/E,EAAgB,CAAE,MAAO,GAAI,SAAU,EAAG,CAAC,EAGzD,IAAMmE,EAAU,MAAMwE,GAAkB5D,EAAK,EAAE,EAE/C,GAAI,CAACZ,EACD,MAAM,IAAInE,EAAgB,CAAE,MAAO,GAAI,SAAU,EAAG,CAAC,EAGzD,OAAOmE,CACX,CAEA,eAAsB4E,GAClBpI,EACAqI,EAC0B,CAU1B,OATiB,MAAM7H,EAAoC,CACvD,GAAI2H,GACJ,SAAAnI,EACA,UAAW,SAAY,CACnB,MAAMqI,IAAY,CACtB,EACA,QAASlB,EACb,CAAC,CAGL,CAQA,eAAsBmB,GAAa,CAC/B,MAAAnD,EACA,SAAAiB,EACA,KAAA0B,CACJ,EAAiD,CAC7C,IAAMS,EAAOnC,EAAW,MAAMM,EAAaN,CAAQ,EAAI,KAEjD,CAAChC,CAAI,EAAI,MAAMnG,EAChB,OAAOW,CAAa,EACpB,OAAO,CAAE,GAAIoE,EAAW,EAAG,MAAAmC,EAAO,SAAUoD,EAAM,KAAAT,CAAK,CAAC,EACxD,UAAU,EAEf,OAAO1D,CACX,CAEA,eAAeoE,GAAyBrD,EAAuC,CAC3E,IAAMf,EAAO,MAAM6D,GAAe9C,CAAK,EAEvC,GAAI,CAACf,EACD,OAAO,KAGX,MAAMnG,EAAG,OAAOc,CAAc,EAAE,MAAMpB,EAAGoB,EAAe,OAAQqF,EAAK,EAAE,CAAC,EAExE,IAAMhB,EAAKJ,EAAW,GAAI2E,EAAkB,EAE5C,aAAM1J,EAAG,OAAOc,CAAc,EAAE,OAAO,CACnC,GAAAqE,EACA,OAAQgB,EAAK,GACb,UAAW,IAAI,KAAK,IAAI,KAAK,EAAE,QAAQ,EAAIwD,EAAkB,CACjE,CAAC,EAEMxE,CACX,CAEA,eAAsBqF,GAClBzI,EACA0I,EAC2B,CAC3B,eAAeC,EAASlI,EAA4C,CAChE,IAAMoF,EAAQ,MAAM2C,GAAyB/H,EAAK,KAAK,EAEvD,OAAKoF,EAKE6C,EAAOjI,EAAK,MAAOoF,CAAK,EAHpB,EAIf,CAQA,OANiB,MAAMrF,EAAwC,CAC3D,GAAImI,EACJ,SAAA3I,EACA,QAASqH,EACb,CAAC,CAGL,CAEA,eAAeuB,GAA2B/C,EAAeO,EAAmC,CACxF,GAAM,CAACyC,CAAM,EAAI,MAAM5K,EAClB,OAAO,EACP,KAAKc,CAAc,EACnB,MAAMpB,EAAGoB,EAAe,GAAI8G,CAAK,CAAC,EAClC,MAAM,CAAC,EAEZ,GAAI,CAACgD,EACD,MAAM,IAAI,MAAM,gCAAgC,EAKpD,GAFA,MAAM5K,EAAG,OAAOc,CAAc,EAAE,MAAMpB,EAAGoB,EAAe,GAAI8G,CAAK,CAAC,EAE9DgD,EAAO,UAAY,IAAI,KACvB,MAAM,IAAI,MAAM,8BAA8B,EAGlD,aAAMvF,EAAuBuF,EAAO,MAAM,EAE1C,MAAM5K,EACD,OAAOW,CAAa,EACpB,IAAI,CAAE,SAAU,MAAM8H,EAAaN,CAAQ,CAAE,CAAC,EAC9C,MACG1I,GAAIC,EAAGiB,EAAc,GAAIiK,EAAO,MAAM,EAAGjL,GAAQgB,EAAc,KAAMoF,EAAgB,CAAC,CAAC,CAC3F,EAEG6E,EAAO,MAClB,CAEA,eAAsBC,GAClB9I,EACAqI,EAC0B,CAC1B,eAAeM,EAASlI,EAAyD,CAC7E,IAAMkF,EAAS,MAAMiD,GAA2BnI,EAAK,MAAOA,EAAK,QAAQ,EACnE+C,EAAU,MAAMwE,GAAkBrC,CAAM,EAE9C,GAAI,CAACnC,EACD,MAAM,IAAI,MAAM,0BAA0B,EAG9C,OAAOA,CACX,CASA,OAPiB,MAAMhD,EAAW,CAC9B,GAAImI,EACJ,SAAA3I,EACA,UAAAqI,EACA,QAASX,EACb,CAAC,CAGL,CgBnPA,OAAS,MAAA/J,OAAU,cASnB,IAAM6E,GAAY,GACZuG,GAAgB,GAEtB,eAAsBC,GAAc5F,EAAwC,CACxE,GAAM,CAACzB,CAAM,EAAI,MAAM1D,EAClB,OAAO,EACP,KAAKgB,CAAe,EACpB,MAAMtB,GAAGsB,EAAgB,GAAImE,CAAE,CAAC,EAChC,MAAM,CAAC,EAEZ,OAAOzB,CACX,CAQA,eAAsBsH,GAAe,CACjC,MAAAC,EACA,GAAA9F,EACA,OAAAgC,CACJ,EAAmD,CAC/C,GAAM,CAACzD,CAAM,EAAI,MAAM1D,EAClB,OAAOgB,CAAe,EACtB,OAAO,CACJ,MAAAiK,EACA,GAAI9F,GAAMJ,EAAW,GAAIR,EAAS,EAClC,OAAQ,MAAMkE,EAAatB,GAAUpC,EAAW,GAAI+F,EAAa,CAAC,CACtE,CAAC,EACA,UAAU,EAEf,OAAOpH,CACX,CAEA,eAAsBwH,GAAiBpE,EAAkD,CACrF,GAAM,CAAE,QAAA9C,CAAQ,EAAI8C,EACdqE,EAASnH,EAAQ,IAAI,eAAe,EAE1C,GAAI,CAACmH,EACD,OAAO,KAGX,IAAMC,EAAO,OAAO,KAAKD,EAAO,QAAQ,SAAU,EAAE,EAAG,QAAQ,EAC1D,SAAS,OAAO,EAChB,QAAQ,MAAO,EAAE,EAEhB,CAAChG,EAAI,GAAGgC,CAAM,EAAIiE,EAAK,MAAM,GAAG,EAEhC,CAAC1H,CAAM,EAAI,MAAM1D,EAClB,OAAO,EACP,KAAKgB,CAAe,EACpB,MAAMtB,GAAGsB,EAAgB,GAAImE,CAAE,CAAC,EAChC,MAAM,CAAC,EAEZ,OAAKzB,GAIc,MAAMgF,EAAevB,EAAO,KAAK,EAAE,EAAGzD,EAAO,MAAM,EAClDA,EAJT,IAKf","sourcesContent":["import type { Errorable } from '@sqrzro/interfaces';\nimport { and, eq, inArray, lte } from 'drizzle-orm';\n\nimport { db } from '../database/DatabaseService';\nimport { authResetTable, authUserTable } from '../database/schema';\n\nimport { submitForm } from '../forms/FormService';\nimport ValidationError from '../forms/ValidationError';\n\nimport { checkMFAEnabled } from './MFAService';\nimport { hashPassword, verifyPassword } from './PasswordService';\nimport {\n createUserSession,\n generateID,\n getScopeByID,\n getSessionID,\n invalidateSession,\n invalidateUserSessions,\n} from './SessionService';\n\nimport LoginRequest from './LoginRequest';\nimport PasswordRequest from './PasswordRequest';\nimport PasswordResetWithTokenRequest from './PasswordResetWithTokenRequest';\n\nimport type {\n LoginFormFields,\n PasswordFormFields,\n PasswordResetWithTokenFormFields,\n UserObject,\n} from './interfaces';\n\nconst RESET_TOKEN_LENGTH = 40;\n\n// Set expiry to 1 hour (in ms)\nconst RESET_TOKEN_EXPIRY = 3600000;\n\nexport async function handleLogout(): Promise<void> {\n const id = await getSessionID();\n\n if (id) {\n await invalidateSession(id);\n }\n}\n\ninterface LoginUserArgs {\n email: string;\n password: string;\n role?: number;\n token?: string;\n}\n\nexport function getAllowedRoles(): number[] {\n const role = process.env.AUTH_ROLE;\n\n if (!role) {\n throw new Error('AUTH_ROLE is not defined. Authentication will not be possible.');\n }\n\n return [Number(role)];\n}\n\nexport function getMaximumRole(): number {\n const roles = getAllowedRoles();\n return Math.max(...roles);\n}\n\nasync function handleUserSession(userID: string): Promise<string | null> {\n await createUserSession(userID, checkMFAEnabled() ? 'MFA' : 'AUTHED');\n\n const scope = await getScopeByID('AUTHED');\n return scope?.redirectOnAuth || null;\n}\n\nexport async function getUserByEmail(email: string, role?: number): Promise<UserObject | null> {\n const conditions = [eq(authUserTable.email, email)];\n\n if (role) {\n conditions.push(eq(authUserTable.role, role));\n } else {\n conditions.push(lte(authUserTable.role, getMaximumRole()));\n }\n\n const [user] = await db\n .select()\n .from(authUserTable)\n .where(and(...conditions))\n .limit(1);\n\n return user;\n}\n\nasync function loginUser({ email, password }: LoginUserArgs): Promise<string> {\n if (!process.env.AUTH_ROLE) {\n throw new Error('AUTH_ROLE is not defined. Authentication will not be possible.');\n }\n\n const user = await getUserByEmail(email, Number(process.env.AUTH_ROLE));\n\n if (!user?.password || !(await verifyPassword(password, user.password))) {\n throw new ValidationError({ email: '', password: '' });\n }\n\n const session = await handleUserSession(user.id);\n\n if (!session) {\n throw new ValidationError({ email: '', password: '' });\n }\n\n return session;\n}\n\nexport async function handleLoginForm(\n formData: LoginFormFields,\n onSuccess?: () => Promise<void>\n): Promise<Errorable<string>> {\n const response = await submitForm<LoginFormFields, string>({\n fn: loginUser,\n formData,\n onSuccess: async () => {\n await onSuccess?.();\n },\n request: LoginRequest,\n });\n\n return response;\n}\n\ninterface RegisterUserArgs {\n email: string;\n password?: string;\n role?: number;\n}\n\nexport async function registerUser({\n email,\n password,\n role,\n}: RegisterUserArgs): Promise<UserObject | null> {\n const hash = password ? await hashPassword(password) : null;\n\n const [user] = await db\n .insert(authUserTable)\n .values({ id: generateID(), email, password: hash, role })\n .returning();\n\n return user;\n}\n\nasync function createPasswordResetToken(email: string): Promise<string | null> {\n const user = await getUserByEmail(email);\n\n if (!user) {\n return null;\n }\n\n await db.delete(authResetTable).where(eq(authResetTable.userId, user.id));\n\n const id = generateID('', RESET_TOKEN_LENGTH);\n\n await db.insert(authResetTable).values({\n id,\n userId: user.id,\n expiresAt: new Date(new Date().getTime() + RESET_TOKEN_EXPIRY),\n });\n\n return id;\n}\n\nexport async function handlePasswordForm(\n formData: PasswordFormFields,\n mailFn: (email: string, token: string) => Promise<boolean>\n): Promise<Errorable<boolean>> {\n async function mutateFn(data: PasswordFormFields): Promise<boolean> {\n const token = await createPasswordResetToken(data.email);\n\n if (!token) {\n // Return true, even though the email doesn't exist (to prevent user enumeration)\n return true;\n }\n\n return mailFn(data.email, token);\n }\n\n const response = await submitForm<PasswordFormFields, boolean>({\n fn: mutateFn,\n formData,\n request: PasswordRequest,\n });\n\n return response;\n}\n\nasync function validatePasswordResetToken(token: string, password: string): Promise<string> {\n const [result] = await db\n .select()\n .from(authResetTable)\n .where(eq(authResetTable.id, token))\n .limit(1);\n\n if (!result) {\n throw new Error('PASSWORD_RESET_TOKEN_NOT_FOUND');\n }\n\n await db.delete(authResetTable).where(eq(authResetTable.id, token));\n\n if (result.expiresAt < new Date()) {\n throw new Error('PASSWORD_RESET_TOKEN_EXPIRED');\n }\n\n await invalidateUserSessions(result.userId);\n\n await db\n .update(authUserTable)\n .set({ password: await hashPassword(password) })\n .where(\n and(eq(authUserTable.id, result.userId), inArray(authUserTable.role, getAllowedRoles()))\n );\n\n return result.userId;\n}\n\nexport async function handlePasswordResetWithTokenForm(\n formData: PasswordResetWithTokenFormFields,\n onSuccess?: (model: string) => Promise<void>\n): Promise<Errorable<string>> {\n async function mutateFn(data: PasswordResetWithTokenFormFields): Promise<string> {\n const userID = await validatePasswordResetToken(data.token, data.password);\n const session = await handleUserSession(userID);\n\n if (!session) {\n throw new Error('COULD_NOT_CREATE_SESSION');\n }\n\n return session;\n }\n\n const response = await submitForm({\n fn: mutateFn,\n formData,\n onSuccess,\n request: PasswordResetWithTokenRequest,\n });\n\n return response;\n}\n","import { drizzle } from 'drizzle-orm/postgres-js';\nimport type { PostgresJsDatabase } from 'drizzle-orm/postgres-js';\nimport postgres from 'postgres';\n\ndeclare global {\n var szdb: ReturnType<typeof createSingleton> | undefined; // eslint-disable-line no-var, vars-on-top\n}\n\nfunction createSingleton(): PostgresJsDatabase {\n if (!process.env.DATABASE_URL) {\n throw new Error('DATABASE_URL is not defined');\n }\n return drizzle(postgres(process.env.DATABASE_URL, { prepare: false }));\n}\n\nexport const db = globalThis.szdb ?? createSingleton();\n\nif (!process.env.VERCEL_ENV) {\n globalThis.szdb = db;\n}\n","/* istanbul ignore file */\n\nimport { integer, pgEnum, pgSchema, text, timestamp, uniqueIndex } from 'drizzle-orm/pg-core';\n\nconst DEFAULT_ROLE = 10;\n\nexport const mfaType = pgEnum('mfaType', ['TOTP', 'HARDWARE']);\nexport const scope = pgEnum('scope', ['ANON', 'MFA', 'AUTHED']);\n\nexport type Scope = (typeof scope.enumValues)[number];\n\nexport const authSchema = pgSchema('auth');\n\nexport const authUserTable = authSchema.table(\n 'user_credentials',\n {\n id: text('id').primaryKey(),\n email: text('email').notNull(),\n password: text('password'),\n role: integer('role').notNull().default(DEFAULT_ROLE),\n },\n (table) => ({\n unique: uniqueIndex().on(table.email, table.role),\n })\n);\n\nexport type AuthUser = typeof authUserTable.$inferSelect;\n\nexport const authSessionTable = authSchema.table('sessions', {\n id: text('id').primaryKey(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n scope: scope('scope').notNull().default('ANON'),\n expiresAt: timestamp('expiresAt').notNull(),\n});\n\nexport type AuthSession = typeof authSessionTable.$inferSelect;\n\nexport const authResetTable = authSchema.table('resets', {\n id: text('id').primaryKey(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n expiresAt: timestamp('expiresAt').notNull(),\n});\n\nexport type AuthReset = typeof authResetTable.$inferSelect;\n\nexport const authMFATable = authSchema.table('mfas', {\n id: text('id').primaryKey(),\n name: text('name').notNull(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n type: mfaType('type').notNull().default('TOTP'),\n secret: text('secret').notNull(),\n verifiedAt: timestamp('verifiedAt'),\n});\n\nexport type AuthMFA = typeof authMFATable.$inferSelect;\n\nexport const authClientTable = authSchema.table('client_credentials', {\n id: text('id').primaryKey(),\n alias: text('alias').notNull().unique(),\n secret: text('secret').notNull().unique(),\n});\n\nexport type AuthClient = typeof authClientTable.$inferSelect;\n","/* eslint-disable max-statements */\n\nimport type { SerializedError, SerializedErrorable } from '@sqrzro/interfaces';\nimport type Joi from 'joi';\nimport { NextResponse } from 'next/server';\n\nimport ValidationError from './ValidationError';\nimport { validateSchema } from './ValidationService';\n\nfunction serializeError(err: Error): SerializedError {\n return {\n cause: err.cause,\n message: err.message,\n name: err.name,\n stack: err.stack,\n };\n}\n\ninterface SubmitFormArgs<F extends object> {\n formData: F;\n onSuccess?: (model: F) => Promise<void> | void;\n onValidationError?: (error: ValidationError) => void;\n request?: Joi.ObjectSchema<F>;\n}\n\ninterface SubmitFormArgsWithFn<F extends object, M> extends Omit<SubmitFormArgs<F>, 'onSuccess'> {\n fn: (data: F) => Promise<M | null>;\n onSuccess?: (model: M) => Promise<void> | void;\n}\n\nfunction hasFn<F extends object, M>(\n args: SubmitFormArgs<F> | SubmitFormArgsWithFn<F, M>\n): args is SubmitFormArgsWithFn<F, M> {\n return Boolean(Object.prototype.hasOwnProperty.call(args, 'fn'));\n}\n\nexport async function submitForm<F extends object>(\n args: SubmitFormArgs<F>\n): Promise<SerializedErrorable<F>>;\nexport async function submitForm<F extends object, M>(\n args: SubmitFormArgsWithFn<F, M>\n): Promise<SerializedErrorable<M>>;\n\nexport async function submitForm<F extends object, M>(\n args: SubmitFormArgs<F> | SubmitFormArgsWithFn<F, M>\n): Promise<[F, null] | [M, null] | [null, SerializedError]> {\n let data = { ...args.formData };\n\n if (args.request) {\n const [validated, validationError] = await validateSchema<F>(args.formData, args.request);\n\n if (validationError !== null) {\n if (validationError instanceof ValidationError) {\n args.onValidationError?.(validationError);\n }\n\n return [null, serializeError(validationError)];\n }\n\n data = validated;\n }\n\n if (!hasFn(args)) {\n await args.onSuccess?.(data);\n return [data, null];\n }\n\n let model: Awaited<M> | null = null;\n\n try {\n model = await args.fn(data);\n } catch (err: unknown) {\n if (err instanceof ValidationError) {\n args.onValidationError?.(err);\n return [null, serializeError(err)];\n }\n if (err instanceof Error) {\n throw err;\n }\n throw new Error('The function supplied to submitForm encountered an unknown error');\n }\n\n if (!model) {\n throw new Error('NO_MODEL');\n }\n\n await args.onSuccess?.(model);\n return [model, null];\n}\n\nexport async function submitAPIRequest<F extends object, M>(\n args: SubmitFormArgsWithFn<F, M>\n): Promise<[M, null] | [null, NextResponse]> {\n const [response, error] = await submitForm<F, M>(args);\n\n if (error !== null) {\n if (error.name === 'ValidationError') {\n try {\n const errors = JSON.parse(error.message) as Record<string, string>;\n return [null, NextResponse.json(errors, { status: 422 })];\n } catch (err) {\n return [\n null,\n NextResponse.json({ message: 'An unknown error occured' }, { status: 500 }),\n ];\n }\n }\n return [null, NextResponse.json({ message: error.message }, { status: 500 })];\n }\n\n return [response, null];\n}\n","class ValidationError extends Error {\n public messages: Record<string, string>;\n\n public constructor(messages: Record<string, string>) {\n super(JSON.stringify(messages));\n\n this.messages = messages;\n this.name = 'ValidationError';\n }\n}\n\nexport default ValidationError;\n","import type { Errorable } from '@sqrzro/interfaces';\nimport Joi from 'joi';\n\nimport lang from './lang';\nimport ValidationError from './ValidationError';\n\nexport function validate(): typeof Joi {\n return Joi;\n}\n\nexport type ValidationCustomHelpers<V = any> = Joi.CustomHelpers<V>; // eslint-disable-line @typescript-eslint/no-explicit-any\nexport type ValidationExternalHelpers<V = any> = Joi.ExternalHelpers<V>; // eslint-disable-line @typescript-eslint/no-explicit-any\nexport type ValidationErrorReport = Joi.ErrorReport;\n\nexport function getDefaultErrorMessages(): Record<string, string> {\n return lang;\n}\n\nfunction getErrorMessages(): Record<string, string> {\n return Object.entries(lang).reduce((acc, [key, value]) => {\n if (!value) {\n return acc;\n }\n return {\n ...acc,\n [key]: value,\n };\n }, {});\n}\n\nfunction transformErrors(error: Joi.ValidationError): ValidationError {\n const messages = error.details.reduce(\n (acc, cur) => ({\n ...acc,\n [cur.path.join('.')]: cur.message.replace(/\"/gu, ''),\n }),\n {}\n );\n return new ValidationError(messages);\n}\n\n/**\n * This function takes FormData and a schema. It then attempts to transform the FormData into an\n * object that matches `T`. This is because the FormData object is not typed and we want to be able\n * to validate it properly typed.\n *\n * Once transformed, the object is validated against the schema. This will result in either a\n * properly typed `T` object or an array of validation errors.\n * @param formData\n * @param validation\n * @returns\n */\nexport async function validateSchema<T>(\n formData: Partial<T>,\n validation: Joi.ObjectSchema<T>,\n messages?: Record<string, string>\n): Promise<Errorable<T>> {\n try {\n const validated = await validation.validateAsync(formData, {\n abortEarly: false,\n messages: messages || getErrorMessages(),\n stripUnknown: true,\n });\n\n return [validated, null];\n } catch (err) {\n if (err instanceof Joi.ValidationError) {\n return [null, transformErrors(err)];\n }\n\n if (err instanceof Error) {\n return [null, err];\n }\n\n return [null, new Error('Unknown validation error occured')];\n }\n}\n\nexport function createSchema<T>(schema: Joi.SchemaMap<T, true>): Joi.ObjectSchema<T> {\n return Joi.object<T>(schema);\n}\n\nexport function extendSchema<T, U extends T>(\n schema: Joi.ObjectSchema<T>,\n appends: Joi.PartialSchemaMap<U>\n): Joi.ObjectSchema<U> {\n return schema.append<U>(appends);\n}\n","const messages: Record<string, string> = {\n 'alternatives.all': '',\n 'alternatives.any': '',\n 'alternatives.match': '',\n 'alternatives.one': '',\n 'alternatives.types': '',\n 'any.custom': '',\n 'any.default': '',\n 'any.failover': '',\n 'any.invalid': '',\n 'any.only': '',\n 'any.ref': '',\n 'any.required': '{{#label}} is required',\n 'any.unknown': '',\n 'array.base': '',\n 'array.excludes': '',\n 'array.includesRequiredBoth': '',\n 'array.includesRequiredKnowns': '',\n 'array.includesRequiredUnknowns': '',\n 'array.includes': '',\n 'array.length': '',\n 'array.max': '',\n 'array.min': '',\n 'array.orderedLength': '',\n 'array.sort': '',\n 'array.sort.mismatching': '',\n 'array.sort.unsupported': '',\n 'array.sparse': '',\n 'array.unique': '',\n 'array.hasKnown': '',\n 'array.hasUnknown': '',\n 'binary.base': '',\n 'binary.length': '',\n 'binary.max': '',\n 'binary.min': '',\n 'boolean.base': '',\n 'date.base': '',\n 'date.format': '',\n 'date.greater': '',\n 'date.less': '',\n 'date.max': '',\n 'date.min': '',\n 'date.strict': '',\n 'function.arity': '',\n 'function.class': '',\n 'function.maxArity': '',\n 'function.minArity': '',\n 'number.base': '{{#label}} should be a number',\n 'number.greater': '',\n 'number.infinity': '',\n 'number.integer': '',\n 'number.less': '',\n 'number.max': '',\n 'number.min': '{{#label}} should be greater than or equal to {{#limit}}',\n 'number.multiple': '',\n 'number.negative': '',\n 'number.port': '',\n 'number.positive': '',\n 'number.precision': '',\n 'number.unsafe': '',\n 'object.unknown': '',\n 'object.and': '',\n 'object.assert': '',\n 'object.base': '',\n 'object.length': '',\n 'object.max': '',\n 'object.min': '',\n 'object.missing': '',\n 'object.nand': '',\n 'object.pattern.match': '',\n 'object.refType': '',\n 'object.regex': '',\n 'object.rename.multiple': '',\n 'object.rename.override': '',\n 'object.schema': '',\n 'object.instance': '',\n 'object.with': '',\n 'object.without': '',\n 'object.xor': '',\n 'object.oxor': '',\n 'string.alphanum': '',\n 'string.base64': '',\n 'string.base': '',\n 'string.creditCard': '',\n 'string.dataUri': '',\n 'string.domain': '',\n 'string.email': '',\n 'string.empty': '{{#label}} is required',\n 'string.guid': '',\n 'string.hexAlign': '',\n 'string.hex': '',\n 'string.hostname': '',\n 'string.ipVersion': '',\n 'string.ip': '',\n 'string.isoDate': '',\n 'string.isoDuration': '',\n 'string.length': '',\n 'string.lowercase': '',\n 'string.max': '',\n 'string.min': '',\n 'string.normalize': '',\n 'string.pattern.base': '{{#label}} is not in the correct format',\n 'string.pattern.name': '',\n 'string.pattern.invert.base': '',\n 'string.pattern.invert.name': '',\n 'string.token': '',\n 'string.trim': '',\n 'string.uppercase': '',\n 'string.uri': '',\n 'string.uriCustomScheme': '',\n 'string.uriRelativeOnly': '',\n 'symbol.base': '',\n 'symbol.map': '',\n};\n\nexport default messages;\n","import type { Errorable } from '@sqrzro/interfaces';\nimport { and, eq, isNotNull, isNull } from 'drizzle-orm';\nimport { authenticator } from 'otplib';\nimport qrcode from 'qrcode';\n\nimport { db } from '../database/DatabaseService';\nimport { authMFATable, authUserTable } from '../database/schema';\n\nimport { submitForm } from '../forms/FormService';\n\nimport MFARequest from './MFARequest';\nimport type { MFAFormFields, UserObject } from './interfaces';\nimport { createUserSession, generateID, getSessionUser } from './SessionService';\n\nexport function checkMFAEnabled(): boolean {\n return process.env.AUTH_MFA_ENABLED !== 'false';\n}\n\nexport async function generateMFA(name: string, email?: string): Promise<string | null> {\n if (!checkMFAEnabled()) {\n throw new Error('MFA is not enabled. Cannot generate MFA secret.');\n }\n\n if (!email) {\n return null;\n }\n\n const [user] = await db\n .select()\n .from(authUserTable)\n .where(eq(authUserTable.email, email))\n .limit(1);\n\n if (!user) {\n return null;\n }\n\n const secret = authenticator.generateSecret();\n const otpauth = authenticator.keyuri(email, name, secret);\n\n // Delete all the unverified MFA entries for this user\n\n await db\n .delete(authMFATable)\n .where(and(eq(authMFATable.userId, user.id), isNull(authMFATable.verifiedAt)));\n\n // Add the new MFA entry\n\n await db.insert(authMFATable).values({\n id: generateID(),\n name: 'Default',\n secret,\n userId: user.id,\n });\n\n return new Promise((resolve, reject) => {\n qrcode.toDataURL(\n otpauth,\n { rendererOpts: { quality: 1 }, margin: 0, scale: 2 },\n (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n }\n );\n });\n}\n\nexport async function checkUserHasMFA(user: UserObject): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const [mfa] = await db\n .select()\n .from(authMFATable)\n .where(and(eq(authMFATable.userId, user.id), isNotNull(authMFATable.verifiedAt)))\n .limit(1);\n\n return Boolean(mfa);\n}\n\nasync function markAsVerified(userID: string): Promise<void> {\n if (!checkMFAEnabled()) {\n return;\n }\n\n await db\n .update(authMFATable)\n .set({ verifiedAt: new Date() })\n .where(eq(authMFATable.userId, userID));\n}\n\nasync function validateUserToken(userID: string, token: string): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const [mfa] = await db\n .select()\n .from(authMFATable)\n .where(eq(authMFATable.userId, userID))\n .limit(1);\n\n if (!mfa) {\n return false;\n }\n\n return authenticator.check(token, mfa.secret);\n}\n\nexport async function handleMFA(data: MFAFormFields): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const user = await getSessionUser();\n\n if (!user) {\n return false;\n }\n\n const isValid = await validateUserToken(user.id, data.token);\n\n if (!isValid) {\n return false;\n }\n\n await markAsVerified(user.id);\n return createUserSession(user.id, 'AUTHED');\n}\n\nexport async function handleMFAForm(formData: MFAFormFields): Promise<Errorable<boolean>> {\n if (!checkMFAEnabled()) {\n return [null, new Error('MFA is not enabled')];\n }\n\n const response = await submitForm<MFAFormFields, boolean>({\n fn: handleMFA,\n formData,\n request: MFARequest,\n });\n\n return response;\n}\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { MFAFormFields } from './interfaces';\n\nconst MFARequest = createSchema<MFAFormFields>({\n token: Joi.string()\n .pattern(/^[0-9]{6}$/u)\n .required(),\n});\n\nexport default MFARequest;\n","import { DrizzlePostgreSQLAdapter } from '@lucia-auth/adapter-drizzle';\nimport { pick } from '@sqrzro/utility';\nimport { Lucia, TimeSpan, generateId } from 'lucia';\nimport { cookies } from 'next/headers';\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { match } from 'path-to-regexp';\n\nimport { getAllowedRoles } from './AuthService';\n\nimport { db } from '../database/DatabaseService';\nimport { authSessionTable, authUserTable } from '../database/schema';\nimport type { Scope } from '../database/schema';\n\nimport { getFromCache, setToCache } from '../cache/CacheService';\nimport { getOrigin } from '../url/URLService';\n\nconst DEFAULT_REDIRECT = '/auth/login';\nconst ID_LENGTH = 16;\n\ntype TimeSpanUnit = 'd' | 'h' | 'm' | 'ms' | 's' | 'w';\n\ninterface ScopeData {\n allowedRoute?: string;\n redirectOnAuth?: string;\n redirectOnUnauth?: string;\n}\n\nexport type ScopeObject = Record<Scope, ScopeData>;\n\ninterface DatabaseSessionAttributes {\n scope: Scope;\n}\n\ninterface DatabaseUserAttributes {\n email: string;\n role: number;\n}\n\ndeclare module 'lucia' {\n interface Register {\n Lucia: typeof lucia;\n DatabaseSessionAttributes: DatabaseSessionAttributes;\n DatabaseUserAttributes: DatabaseUserAttributes;\n }\n}\n\nconst DEFAULT_SCOPES: ScopeObject = {\n ANON: {\n allowedRoute: '/auth/(login|password)',\n redirectOnUnauth: DEFAULT_REDIRECT,\n },\n MFA: {\n allowedRoute: '/auth/mfa',\n redirectOnUnauth: '/auth/mfa',\n },\n AUTHED: {\n allowedRoute: '*',\n redirectOnAuth: '/',\n },\n};\n\n/* eslint-disable id-length */\nconst timespanMap: Record<string, TimeSpanUnit> = {\n D: 'd',\n H: 'h',\n M: 'm',\n MS: 'ms',\n S: 's',\n W: 'w',\n};\n/* eslint-enable id-length */\n\nfunction getSessionExpiry(): TimeSpan {\n if (!process.env.AUTH_SESSION_EXPIRY) {\n return new TimeSpan(2, 'w');\n }\n\n const [value, unit] = process.env.AUTH_SESSION_EXPIRY.split(/_/u);\n return new TimeSpan(Number(value), timespanMap[unit]);\n}\n\nconst adapter = new DrizzlePostgreSQLAdapter(db, authSessionTable, authUserTable);\n\nexport const lucia = new Lucia(adapter, {\n getSessionAttributes: (attributes: DatabaseSessionAttributes): DatabaseSessionAttributes => ({\n scope: attributes.scope,\n }),\n getUserAttributes: (attributes: DatabaseUserAttributes): DatabaseUserAttributes => ({\n email: attributes.email,\n role: attributes.role,\n }),\n sessionCookie: {\n attributes: {\n secure: process.env.NODE_ENV === 'production',\n },\n name: process.env.AUTH_COOKIE_NAME || 'auth_session',\n },\n sessionExpiresIn: getSessionExpiry(),\n});\n\nexport function generateID<T extends string = string>(prefix = '', length = ID_LENGTH): T {\n return `${prefix ? `${prefix}_` : ''}${generateId(length)}` as T;\n}\n\nexport async function invalidateSession(id: string): Promise<void> {\n const cookie = lucia.createBlankSessionCookie();\n (await cookies()).set(cookie.name, cookie.value, cookie.attributes);\n\n return lucia.invalidateSession(id);\n}\n\nexport async function invalidateUserSessions(id: string): Promise<void> {\n return lucia.invalidateUserSessions(id);\n}\n\nexport async function createUserSession(id: string, scope: Scope = 'ANON'): Promise<boolean> {\n const session = await lucia.createSession(id, { scope });\n const sessionCookie = lucia.createSessionCookie(session.id);\n (await cookies()).set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);\n\n return true;\n}\n\nexport async function getSessionID(): Promise<string | null> {\n return (await cookies()).get(lucia.sessionCookieName)?.value ?? null;\n}\n\nexport async function checkSessionExists(): Promise<boolean> {\n return Boolean(await getSessionID());\n}\n\nfunction checkUserRole(userRole: number, targetRoles?: number[] | number): boolean {\n const targetRolesArray = Array.isArray(targetRoles) ? targetRoles : [targetRoles];\n\n if (targetRolesArray[0]) {\n return targetRolesArray.includes(userRole);\n }\n\n return getAllowedRoles().includes(userRole);\n}\n\nexport async function getSessionUser(roles?: number[] | number): Promise<{\n id: string;\n email: string;\n role: number;\n} | null> {\n const sessionID = await getSessionID();\n\n if (!sessionID) {\n return null;\n }\n\n const { user } = await lucia.validateSession(sessionID);\n\n if (!user || !checkUserRole(user.role, roles)) {\n return null;\n }\n\n return pick(user, ['id', 'email', 'role']);\n}\n\nexport function checkRouteAllowed(pathname: string, route?: string): boolean {\n if (!route) {\n return false;\n }\n\n if (route === '*') {\n return true;\n }\n\n return match(route)(pathname) !== false;\n}\n\nexport async function getScopes(): Promise<ScopeObject> {\n const scopes = await getFromCache(`${getOrigin()}:scopes`);\n return scopes ? (JSON.parse(scopes) as ScopeObject) : DEFAULT_SCOPES;\n}\n\nexport async function getScopeByID(id: Scope): Promise<ScopeData> {\n const scopes = await getScopes();\n return scopes[id];\n}\n\nexport async function setScopes(customScopes?: Partial<ScopeObject>): Promise<void> {\n const scopes = {\n ANON: {\n ...DEFAULT_SCOPES.ANON,\n ...customScopes?.ANON,\n },\n MFA: {\n ...DEFAULT_SCOPES.MFA,\n ...customScopes?.MFA,\n },\n AUTHED: {\n ...DEFAULT_SCOPES.AUTHED,\n ...customScopes?.AUTHED,\n },\n };\n return setToCache(`${getOrigin()}:scopes`, JSON.stringify(scopes));\n}\n\nasync function validateSessionFromID(\n sessionID: string,\n pathname: string\n): Promise<{ redirect: string | null; email: string | null }> {\n const scopes = await getScopes();\n const { session, user } = await lucia.validateSession(sessionID);\n\n const scope =\n scopes[session && getAllowedRoles().includes(user?.role) ? session.scope : 'ANON'];\n\n return {\n email: user?.email || null,\n redirect: checkRouteAllowed(pathname, scope.allowedRoute)\n ? null\n : scope.redirectOnUnauth || DEFAULT_REDIRECT,\n };\n}\n\nexport async function handleSession(\n request: NextRequest,\n customScopes?: Partial<ScopeObject>\n): Promise<NextResponse> {\n const sessionID = request.nextUrl.searchParams.get('id') || '';\n const pathname = request.nextUrl.searchParams.get('pathname') || '/';\n\n await setScopes(customScopes);\n\n return NextResponse.json(await validateSessionFromID(sessionID, pathname));\n}\n","import { createClient } from 'redis';\n\nlet client: ReturnType<typeof createClient> | null = null;\n\nfunction isLocalhost(url: string): boolean {\n return url.includes('localhost') || url.includes('127.0.0.1');\n}\n\nasync function getClient(): Promise<ReturnType<typeof createClient>> {\n if (!process.env.REDIS_URL) {\n throw new Error('REDIS_URL is not defined. Access to the cache is not possible.');\n }\n\n if (client) {\n return client;\n }\n\n client = createClient({\n socket: {\n tls: !isLocalhost(process.env.REDIS_URL),\n },\n url: process.env.REDIS_URL,\n });\n\n await client.connect();\n return client;\n}\n\nexport async function getFromCache(key: string): Promise<string | null> {\n return (await getClient()).get(key);\n}\n\nexport async function setToCache(key: string, value: string): Promise<void> {\n await (await getClient()).set(key, value);\n}\n","import { headers } from 'next/headers';\n\n/**\n * Uses a number of methods to determine the current origin.\n *\n * First, it checks if an `x-origin` header. This will have been set by the `handleMiddleware`\n * function, further up the chain. For more information on how it is being set, see the\n * `middleware` documentation.\n *\n * There are some situations where middleware is not being applied, such as API routes (because the\n * redirection is not necessary, and API routes handle their own authentication). In these cases,\n * this function tries to piece together the origin from the `x-forwarded-proto` and\n * `x-forwarded-host` headers.\n *\n * Finally, if the origin cannot be determined, an error is thrown.\n *\n * @returns The origin of the current request.\n */\nexport async function getOrigin(): Promise<string> {\n const envOrigin = process.env.SZ_ORIGIN;\n\n if (envOrigin) {\n return envOrigin;\n }\n\n const origin = (await headers()).get('x-origin');\n\n if (origin) {\n return origin;\n }\n\n const proto = (await headers()).get('x-forwarded-proto');\n const host = (await headers()).get('x-forwarded-host');\n\n if (proto && host) {\n return `${proto}://${host}`;\n }\n\n throw new Error('No origin could be determined');\n}\n\nexport async function getPathname(): Promise<string> {\n const pathname = (await headers()).get('x-pathname');\n\n if (pathname) {\n return pathname;\n }\n\n throw new Error(\n 'No pathname could be determined. Please make sure middleware is being applied to the current request.'\n );\n}\n\n/**\n * Builds a URL from the current origin and a given pathname. For more information on how the origin\n * is determined, see the `getOrigin` function. This function then just concatenates the origin and\n * the pathname, and performs some cleanup to ensure the URL is valid.\n *\n * @param pathname\n * @returns The URL, with the origin and pathname combined.\n */\nexport async function makeURL(pathname?: string): Promise<string> {\n const origin = await getOrigin();\n\n if (!pathname) {\n return origin;\n }\n\n const isSecure = origin.startsWith('https://');\n\n const protocol = isSecure ? 'https://' : 'http://';\n const originWithoutProtocol = origin.replace(/^https?:\\/\\//u, '');\n\n const cleanURL = `${originWithoutProtocol}/${pathname}`.replace(/\\/+/gu, '/');\n return `${protocol}${cleanURL}`;\n}\n\n/**\n * @deprecated Use `makeURL` instead.\n */\nexport async function getURL(pathname?: string): Promise<string> {\n return makeURL(pathname);\n}\n","import bcrypt from 'bcryptjs';\n\nconst PW_SALT_ROUNDS = 12;\n\ntype PasswordRule = 'lower' | 'min' | 'number' | 'symbol' | 'upper';\n\nexport type PasswordRuleObject = Partial<Record<PasswordRule, number>>;\ntype PasswordValidityObject = Record<PasswordRule, boolean>;\n\nconst PASSWORD_RULES: PasswordRuleObject = {\n min: 8,\n upper: 1,\n lower: 1,\n number: 1,\n symbol: 1,\n};\n\nfunction checkPasswordMin(password: string, value: number): boolean {\n return password.length >= value;\n}\n\nfunction checkPasswordUpper(password: string, value: number): boolean {\n return password.replace(/[^A-Z]/gu, '').length >= value;\n}\n\nfunction checkPasswordLower(password: string, value: number): boolean {\n return password.replace(/[^a-z]/gu, '').length >= value;\n}\n\nfunction checkPasswordNumber(password: string, value: number): boolean {\n return password.replace(/[^0-9]/gu, '').length >= value;\n}\n\nfunction checkPasswordSymbol(password: string, value: number): boolean {\n return password.replace(/[^$]/gu, '').length >= value;\n}\n\nconst PASSWORD_FUNCTIONS: Record<PasswordRule, (password: string, value: number) => boolean> = {\n min: checkPasswordMin,\n upper: checkPasswordUpper,\n lower: checkPasswordLower,\n number: checkPasswordNumber,\n symbol: checkPasswordSymbol,\n};\n\nexport async function hashPassword(password: string): Promise<string> {\n const hash = await bcrypt.hash(password, PW_SALT_ROUNDS);\n return hash;\n}\n\nexport async function verifyPassword(data?: string, encrypted?: string): Promise<boolean> {\n if (!data || !encrypted) {\n return false;\n }\n\n const verified = await bcrypt.compare(data, encrypted);\n return verified;\n}\n\nexport async function getPasswordComplexity(\n password: string,\n rules: Partial<PasswordRuleObject> = PASSWORD_RULES\n): Promise<Partial<PasswordValidityObject>> {\n const entries = Object.entries(rules) as [PasswordRule, number][];\n\n const validity = entries.reduce<Partial<PasswordValidityObject>>((acc, [rule, value]) => {\n acc[rule] = PASSWORD_FUNCTIONS[rule](password, value);\n return acc;\n }, {});\n\n return Promise.resolve(validity);\n}\n\nexport async function checkPasswordComplexity(\n password: string,\n rules: Partial<PasswordRuleObject> = PASSWORD_RULES\n): Promise<Partial<boolean>> {\n const validity = await getPasswordComplexity(password, rules);\n return Promise.resolve(Object.values(validity).every(Boolean));\n}\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { LoginFormFields } from './interfaces';\n\nconst LoginRequest = createSchema<LoginFormFields>({\n email: Joi.string().email({ minDomainSegments: 2, tlds: false }).required(),\n password: Joi.string().min(8).required(),\n});\n\nexport default LoginRequest;\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { PasswordFormFields } from './interfaces';\n\nconst PasswordRequest = createSchema<PasswordFormFields>({\n email: Joi.string().max(60).email({ minDomainSegments: 2, tlds: false }).required().messages({\n 'any.required': 'Please provide your email address, so we can send you a reset link',\n 'string.empty': 'Please provide your email address, so we can send you a reset link',\n 'string.email': 'Please make sure your email address is valid',\n 'string.max': 'Please make sure your email address is valid',\n }),\n});\n\nexport default PasswordRequest;\n","import Joi from 'joi';\n\nimport { checkPasswordComplexity } from './PasswordService';\nimport type { PasswordRuleObject } from './PasswordService';\nimport type { ValidationCustomHelpers } from '../forms/ValidationService';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { PasswordResetWithTokenFormFields } from './interfaces';\n\nconst passwordComplexity: PasswordRuleObject = {\n lower: 1,\n min: 8,\n number: 1,\n upper: 1,\n};\n\nasync function passwordIsComplex(\n value: string,\n helpers: ValidationCustomHelpers\n): Promise<Error | string> {\n if (!(await checkPasswordComplexity(value, passwordComplexity))) {\n return helpers.message({\n external:\n 'Please make sure your password is complex enough, to keep your account secure',\n });\n }\n return value;\n}\n\nconst PasswordResetWithTokenRequest = createSchema<PasswordResetWithTokenFormFields>({\n password: Joi.string().external(passwordIsComplex).required().messages({\n 'any.required': 'Please provide your new password',\n 'string.empty': 'Please provide your new password',\n }),\n token: Joi.string().pattern(/[a-z0-9]{40}/u),\n});\n\nexport default PasswordResetWithTokenRequest;\n","import type { NextRequest } from 'next/server';\nimport { eq } from 'drizzle-orm';\n\nimport { db } from '../database/DatabaseService';\nimport { authClientTable } from '../database/schema';\nimport type { AuthClient } from '../database/schema';\n\nimport { hashPassword, verifyPassword } from './PasswordService';\nimport { generateID } from './SessionService';\n\nconst ID_LENGTH = 16;\nconst SECRET_LENGTH = 64;\n\nexport async function getClientByID(id: string): Promise<AuthClient | null> {\n const [client] = await db\n .select()\n .from(authClientTable)\n .where(eq(authClientTable.id, id))\n .limit(1);\n\n return client;\n}\n\ninterface RegisterClientArgs {\n alias: string;\n id?: string;\n secret?: string;\n}\n\nexport async function registerClient({\n alias,\n id,\n secret,\n}: RegisterClientArgs): Promise<AuthClient | null> {\n const [client] = await db\n .insert(authClientTable)\n .values({\n alias,\n id: id || generateID('', ID_LENGTH),\n secret: await hashPassword(secret || generateID('', SECRET_LENGTH)),\n })\n .returning();\n\n return client;\n}\n\nexport async function handleClientAuth(request: NextRequest): Promise<AuthClient | null> {\n const { headers } = request;\n const header = headers.get('authorization');\n\n if (!header) {\n return null;\n }\n\n const auth = Buffer.from(header.replace('Basic ', ''), 'base64')\n .toString('utf-8')\n .replace(/:$/u, '');\n\n const [id, ...secret] = auth.split('-');\n\n const [client] = await db\n .select()\n .from(authClientTable)\n .where(eq(authClientTable.id, id))\n .limit(1);\n\n if (!client) {\n return null;\n }\n\n const isVerified = await verifyPassword(secret.join(''), client.secret);\n return isVerified ? client : null;\n}\n"]}
1
+ {"version":3,"sources":["../../src/auth/AuthService.ts","../../src/database/DatabaseService.ts","../../src/database/schema.ts","../../src/forms/FormService.ts","../../src/forms/ValidationError.ts","../../src/forms/ValidationService.ts","../../src/forms/lang.ts","../../src/auth/MFAService.ts","../../src/auth/MFARequest.ts","../../src/auth/SessionService.ts","../../src/cache/CacheService.ts","../../src/url/URLService.ts","../../src/auth/PasswordService.ts","../../src/auth/LoginRequest.ts","../../src/auth/PasswordRequest.ts","../../src/auth/PasswordResetWithTokenRequest.ts","../../src/auth/ClientService.ts"],"names":["and","eq","inArray","lte","drizzle","postgres","createSingleton","db","integer","pgEnum","pgSchema","text","timestamp","uniqueIndex","DEFAULT_ROLE","mfaType","scope","authSchema","authUserTable","table","authSessionTable","authResetTable","authMFATable","authClientTable","NextResponse","ValidationError","messages","ValidationError_default","Joi","lang_default","getErrorMessages","acc","key","value","transformErrors","error","cur","validateSchema","formData","validation","err","createSchema","schema","serializeError","hasFn","args","submitForm","data","validated","validationError","model","isNotNull","isNull","authenticator","qrcode","MFARequest","MFARequest_default","DrizzlePostgreSQLAdapter","pick","Lucia","TimeSpan","generateId","cookies","match","createClient","client","isLocalhost","url","getClient","getFromCache","setToCache","headers","getOrigin","envOrigin","origin","proto","host","DEFAULT_REDIRECT","ID_LENGTH","DEFAULT_SCOPES","timespanMap","getSessionExpiry","unit","adapter","lucia","attributes","generateID","prefix","length","invalidateSession","id","cookie","invalidateUserSessions","createUserSession","session","sessionCookie","getSessionID","checkSessionExists","checkUserRole","userRole","targetRoles","targetRolesArray","getAllowedRoles","getSessionUser","roles","sessionID","user","checkRouteAllowed","pathname","route","getScopes","scopes","getScopeByID","setScopes","customScopes","validateSessionFromID","handleSession","request","checkMFAEnabled","generateMFA","name","email","secret","otpauth","resolve","reject","checkUserHasMFA","mfa","markAsVerified","userID","validateUserToken","token","handleMFA","handleMFAForm","bcrypt","PW_SALT_ROUNDS","PASSWORD_RULES","checkPasswordMin","password","checkPasswordUpper","checkPasswordLower","checkPasswordNumber","checkPasswordSymbol","PASSWORD_FUNCTIONS","hashPassword","verifyPassword","encrypted","getPasswordComplexity","rules","validity","rule","checkPasswordComplexity","LoginRequest","LoginRequest_default","PasswordRequest","PasswordRequest_default","passwordComplexity","passwordIsComplex","helpers","PasswordResetWithTokenRequest","PasswordResetWithTokenRequest_default","RESET_TOKEN_LENGTH","RESET_TOKEN_EXPIRY","handleLogout","role","getMaximumRole","handleUserSession","getUserByEmail","conditions","loginUser","handleLoginForm","onSuccess","registerUser","hash","createPasswordResetToken","handlePasswordForm","mailFn","mutateFn","validatePasswordResetToken","result","handlePasswordResetWithTokenForm","SECRET_LENGTH","getClientByID","registerClient","alias","handleClientAuth","header","auth"],"mappings":"AACA,OAAS,OAAAA,GAAK,MAAAC,EAAI,WAAAC,GAAS,OAAAC,OAAW,cCDtC,OAAS,WAAAC,OAAe,0BAExB,OAAOC,OAAc,WAMrB,SAASC,IAAsC,CAC3C,GAAI,CAAC,QAAQ,IAAI,aACb,MAAM,IAAI,MAAM,6BAA6B,EAEjD,OAAOF,GAAQC,GAAS,QAAQ,IAAI,aAAc,CAAE,QAAS,EAAM,CAAC,CAAC,CACzE,CAEO,IAAME,EAAK,WAAW,MAAQD,GAAgB,EAEhD,QAAQ,IAAI,aACb,WAAW,KAAOC,GChBtB,OAAS,WAAAC,GAAS,UAAAC,EAAQ,YAAAC,GAAU,QAAAC,EAAM,aAAAC,EAAW,eAAAC,OAAmB,sBAExE,IAAMC,GAAe,GAERC,GAAUN,EAAO,UAAW,CAAC,OAAQ,UAAU,CAAC,EAChDO,GAAQP,EAAO,QAAS,CAAC,OAAQ,MAAO,QAAQ,CAAC,EAIjDQ,EAAaP,GAAS,MAAM,EAE5BQ,EAAgBD,EAAW,MACpC,mBACA,CACI,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,MAAOA,EAAK,OAAO,EAAE,QAAQ,EAC7B,SAAUA,EAAK,UAAU,EACzB,KAAMH,GAAQ,MAAM,EAAE,QAAQ,EAAE,QAAQM,EAAY,CACxD,EACCK,IAAW,CACR,OAAQN,GAAY,EAAE,GAAGM,EAAM,MAAOA,EAAM,IAAI,CACpD,EACJ,EAIaC,EAAmBH,EAAW,MAAM,WAAY,CACzD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,MAAOF,GAAM,OAAO,EAAE,QAAQ,EAAE,QAAQ,MAAM,EAC9C,UAAWJ,EAAU,WAAW,EAAE,QAAQ,CAC9C,CAAC,EAIYS,EAAiBJ,EAAW,MAAM,SAAU,CACrD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,UAAWN,EAAU,WAAW,EAAE,QAAQ,CAC9C,CAAC,EAIYU,EAAeL,EAAW,MAAM,OAAQ,CACjD,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,KAAMA,EAAK,MAAM,EAAE,QAAQ,EAC3B,OAAQA,EAAK,QAAQ,EAChB,QAAQ,EACR,WAAW,IAAMO,EAAc,GAAI,CAAE,SAAU,SAAU,CAAC,EAC/D,KAAMH,GAAQ,MAAM,EAAE,QAAQ,EAAE,QAAQ,MAAM,EAC9C,OAAQJ,EAAK,QAAQ,EAAE,QAAQ,EAC/B,WAAYC,EAAU,YAAY,CACtC,CAAC,EAIYW,EAAkBN,EAAW,MAAM,qBAAsB,CAClE,GAAIN,EAAK,IAAI,EAAE,WAAW,EAC1B,MAAOA,EAAK,OAAO,EAAE,QAAQ,EAAE,OAAO,EACtC,OAAQA,EAAK,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAC5C,CAAC,EC9DD,OAAS,gBAAAa,OAAoB,cCJ7B,IAAMC,EAAN,cAA8B,KAAM,CACzB,SAEA,YAAYC,EAAkC,CACjD,MAAM,KAAK,UAAUA,CAAQ,CAAC,EAE9B,KAAK,SAAWA,EAChB,KAAK,KAAO,iBAChB,CACJ,EAEOC,EAAQF,ECVf,OAAOG,MAAS,MCDhB,IAAMF,GAAmC,CACrC,mBAAoB,GACpB,mBAAoB,GACpB,qBAAsB,GACtB,mBAAoB,GACpB,qBAAsB,GACtB,aAAc,GACd,cAAe,GACf,eAAgB,GAChB,cAAe,GACf,WAAY,GACZ,UAAW,GACX,eAAgB,yBAChB,cAAe,GACf,aAAc,GACd,iBAAkB,GAClB,6BAA8B,GAC9B,+BAAgC,GAChC,iCAAkC,GAClC,iBAAkB,GAClB,eAAgB,GAChB,YAAa,GACb,YAAa,GACb,sBAAuB,GACvB,aAAc,GACd,yBAA0B,GAC1B,yBAA0B,GAC1B,eAAgB,GAChB,eAAgB,GAChB,iBAAkB,GAClB,mBAAoB,GACpB,cAAe,GACf,gBAAiB,GACjB,aAAc,GACd,aAAc,GACd,eAAgB,GAChB,YAAa,GACb,cAAe,GACf,eAAgB,GAChB,YAAa,GACb,WAAY,GACZ,WAAY,GACZ,cAAe,GACf,iBAAkB,GAClB,iBAAkB,GAClB,oBAAqB,GACrB,oBAAqB,GACrB,cAAe,gCACf,iBAAkB,GAClB,kBAAmB,GACnB,iBAAkB,GAClB,cAAe,GACf,aAAc,GACd,aAAc,2DACd,kBAAmB,GACnB,kBAAmB,GACnB,cAAe,GACf,kBAAmB,GACnB,mBAAoB,GACpB,gBAAiB,GACjB,iBAAkB,GAClB,aAAc,GACd,gBAAiB,GACjB,cAAe,GACf,gBAAiB,GACjB,aAAc,GACd,aAAc,GACd,iBAAkB,GAClB,cAAe,GACf,uBAAwB,GACxB,iBAAkB,GAClB,eAAgB,GAChB,yBAA0B,GAC1B,yBAA0B,GAC1B,gBAAiB,GACjB,kBAAmB,GACnB,cAAe,GACf,iBAAkB,GAClB,aAAc,GACd,cAAe,GACf,kBAAmB,GACnB,gBAAiB,GACjB,cAAe,GACf,oBAAqB,GACrB,iBAAkB,GAClB,gBAAiB,GACjB,eAAgB,GAChB,eAAgB,yBAChB,cAAe,GACf,kBAAmB,GACnB,aAAc,GACd,kBAAmB,GACnB,mBAAoB,GACpB,YAAa,GACb,iBAAkB,GAClB,qBAAsB,GACtB,gBAAiB,GACjB,mBAAoB,GACpB,aAAc,GACd,aAAc,GACd,mBAAoB,GACpB,sBAAuB,0CACvB,sBAAuB,GACvB,6BAA8B,GAC9B,6BAA8B,GAC9B,eAAgB,GAChB,cAAe,GACf,mBAAoB,GACpB,aAAc,GACd,yBAA0B,GAC1B,yBAA0B,GAC1B,cAAe,GACf,aAAc,EAClB,EAEOG,EAAQH,GDjGf,SAASI,IAA2C,CAChD,OAAO,OAAO,QAAQD,CAAI,EAAE,OAAO,CAACE,EAAK,CAACC,EAAKC,CAAK,IAC3CA,EAGE,CACH,GAAGF,EACH,CAACC,CAAG,EAAGC,CACX,EALWF,EAMZ,CAAC,CAAC,CACT,CAEA,SAASG,GAAgBC,EAA6C,CAClE,IAAMT,EAAWS,EAAM,QAAQ,OAC3B,CAACJ,EAAKK,KAAS,CACX,GAAGL,EACH,CAACK,EAAI,KAAK,KAAK,GAAG,CAAC,EAAGA,EAAI,QAAQ,QAAQ,MAAO,EAAE,CACvD,GACA,CAAC,CACL,EACA,OAAO,IAAIT,EAAgBD,CAAQ,CACvC,CAaA,eAAsBW,EAClBC,EACAC,EACAb,EACqB,CACrB,GAAI,CAOA,MAAO,CANW,MAAMa,EAAW,cAAcD,EAAU,CACvD,WAAY,GACZ,SAAUZ,GAAYI,GAAiB,EACvC,aAAc,EAClB,CAAC,EAEkB,IAAI,CAC3B,OAASU,EAAK,CACV,OAAIA,aAAeZ,EAAI,gBACZ,CAAC,KAAMM,GAAgBM,CAAG,CAAC,EAGlCA,aAAe,MACR,CAAC,KAAMA,CAAG,EAGd,CAAC,KAAM,IAAI,MAAM,kCAAkC,CAAC,CAC/D,CACJ,CAEO,SAASC,EAAgBC,EAAqD,CACjF,OAAOd,EAAI,OAAUc,CAAM,CAC/B,CFvEA,SAASC,EAAeH,EAA6B,CACjD,MAAO,CACH,MAAOA,EAAI,MACX,QAASA,EAAI,QACb,KAAMA,EAAI,KACV,MAAOA,EAAI,KACf,CACJ,CAcA,SAASI,GACLC,EACkC,CAClC,MAAO,EAAQ,OAAO,UAAU,eAAe,KAAKA,EAAM,IAAI,CAClE,CASA,eAAsBC,EAClBD,EACwD,CACxD,IAAIE,EAAO,CAAE,GAAGF,EAAK,QAAS,EAE9B,GAAIA,EAAK,QAAS,CACd,GAAM,CAACG,EAAWC,CAAe,EAAI,MAAMZ,EAAkBQ,EAAK,SAAUA,EAAK,OAAO,EAExF,GAAII,IAAoB,KACpB,OAAIA,aAA2BtB,GAC3BkB,EAAK,oBAAoBI,CAAe,EAGrC,CAAC,KAAMN,EAAeM,CAAe,CAAC,EAGjDF,EAAOC,CACX,CAEA,GAAI,CAACJ,GAAMC,CAAI,EACX,aAAMA,EAAK,YAAYE,CAAI,EACpB,CAACA,EAAM,IAAI,EAGtB,IAAIG,EAA2B,KAE/B,GAAI,CACAA,EAAQ,MAAML,EAAK,GAAGE,CAAI,CAC9B,OAASP,EAAc,CACnB,GAAIA,aAAeb,EACf,OAAAkB,EAAK,oBAAoBL,CAAG,EACrB,CAAC,KAAMG,EAAeH,CAAG,CAAC,EAErC,MAAIA,aAAe,MACTA,EAEJ,IAAI,MAAM,kEAAkE,CACtF,CAEA,GAAI,CAACU,EACD,MAAM,IAAI,MAAM,UAAU,EAG9B,aAAML,EAAK,YAAYK,CAAK,EACrB,CAACA,EAAO,IAAI,CACvB,CIvFA,OAAS,OAAAlD,EAAK,MAAAC,EAAI,aAAAkD,GAAW,UAAAC,OAAc,cAC3C,OAAS,iBAAAC,MAAqB,SAC9B,OAAOC,OAAY,SCDnB,OAAO1B,OAAS,MAKhB,IAAM2B,GAAad,EAA4B,CAC3C,MAAOb,GAAI,OAAO,EACb,QAAQ,aAAa,EACrB,SAAS,CAClB,CAAC,EAEM4B,EAAQD,GCbf,OAAS,4BAAAE,OAAgC,8BACzC,OAAS,QAAAC,OAAY,kBACrB,OAAS,SAAAC,GAAO,YAAAC,EAAU,cAAAC,OAAkB,QAC5C,OAAS,WAAAC,MAAe,eACxB,OAAS,gBAAAtC,OAAoB,cAE7B,OAAS,SAAAuC,OAAa,iBCNtB,OAAS,gBAAAC,OAAoB,QAE7B,IAAIC,EAAiD,KAErD,SAASC,GAAYC,EAAsB,CACvC,OAAOA,EAAI,SAAS,WAAW,GAAKA,EAAI,SAAS,WAAW,CAChE,CAEA,eAAeC,GAAsD,CACjE,GAAI,CAAC,QAAQ,IAAI,UACb,MAAM,IAAI,MAAM,gEAAgE,EAGpF,OAAIH,IAIJA,EAASD,GAAa,CAClB,OAAQ,CACJ,IAAK,CAACE,GAAY,QAAQ,IAAI,SAAS,CAC3C,EACA,IAAK,QAAQ,IAAI,SACrB,CAAC,EAED,MAAMD,EAAO,QAAQ,EACdA,EACX,CAEA,eAAsBI,EAAarC,EAAqC,CACpE,OAAQ,MAAMoC,EAAU,GAAG,IAAIpC,CAAG,CACtC,CAEA,eAAsBsC,EAAWtC,EAAaC,EAA8B,CACxE,MAAO,MAAMmC,EAAU,GAAG,IAAIpC,EAAKC,CAAK,CAC5C,CClCA,OAAS,WAAAsC,MAAe,eAkBxB,eAAsBC,GAA6B,CAC/C,IAAMC,EAAY,QAAQ,IAAI,UAE9B,GAAIA,EACA,OAAOA,EAGX,IAAMC,GAAU,MAAMH,EAAQ,GAAG,IAAI,UAAU,EAE/C,GAAIG,EACA,OAAOA,EAGX,IAAMC,GAAS,MAAMJ,EAAQ,GAAG,IAAI,mBAAmB,EACjDK,GAAQ,MAAML,EAAQ,GAAG,IAAI,kBAAkB,EAErD,GAAII,GAASC,EACT,MAAO,GAAGD,CAAK,MAAMC,CAAI,GAG7B,MAAM,IAAI,MAAM,+BAA+B,CACnD,CFtBA,IAAMC,EAAmB,cACnBC,GAAY,GA6BZC,EAA8B,CAChC,KAAM,CACF,aAAc,yBACd,iBAAkBF,CACtB,EACA,IAAK,CACD,aAAc,YACd,iBAAkB,WACtB,EACA,OAAQ,CACJ,aAAc,IACd,eAAgB,GACpB,CACJ,EAGMG,GAA4C,CAC9C,EAAG,IACH,EAAG,IACH,EAAG,IACH,GAAI,KACJ,EAAG,IACH,EAAG,GACP,EAGA,SAASC,IAA6B,CAClC,GAAI,CAAC,QAAQ,IAAI,oBACb,OAAO,IAAIrB,EAAS,EAAG,GAAG,EAG9B,GAAM,CAAC3B,EAAOiD,CAAI,EAAI,QAAQ,IAAI,oBAAoB,MAAM,IAAI,EAChE,OAAO,IAAItB,EAAS,OAAO3B,CAAK,EAAG+C,GAAYE,CAAI,CAAC,CACxD,CAEA,IAAMC,GAAU,IAAI1B,GAAyBlD,EAAIa,EAAkBF,CAAa,EAEnEkE,EAAQ,IAAIzB,GAAMwB,GAAS,CACpC,qBAAuBE,IAAsE,CACzF,MAAOA,EAAW,KACtB,GACA,kBAAoBA,IAAgE,CAChF,MAAOA,EAAW,MAClB,KAAMA,EAAW,IACrB,GACA,cAAe,CACX,WAAY,CACR,OAAQ,QAAQ,IAAI,WAAa,YACrC,EACA,KAAM,QAAQ,IAAI,kBAAoB,cAC1C,EACA,iBAAkBJ,GAAiB,CACvC,CAAC,EAEM,SAASK,EAAsCC,EAAS,GAAIC,EAASV,GAAc,CACtF,MAAO,GAAGS,EAAS,GAAGA,CAAM,IAAM,EAAE,GAAG1B,GAAW2B,CAAM,CAAC,EAC7D,CAEA,eAAsBC,EAAkBC,EAA2B,CAC/D,IAAMC,EAASP,EAAM,yBAAyB,EAC9C,OAAC,MAAMtB,EAAQ,GAAG,IAAI6B,EAAO,KAAMA,EAAO,MAAOA,EAAO,UAAU,EAE3DP,EAAM,kBAAkBM,CAAE,CACrC,CAEA,eAAsBE,EAAuBF,EAA2B,CACpE,OAAON,EAAM,uBAAuBM,CAAE,CAC1C,CAEA,eAAsBG,EAAkBH,EAAY1E,EAAe,OAA0B,CACzF,IAAM8E,EAAU,MAAMV,EAAM,cAAcM,EAAI,CAAE,MAAA1E,CAAM,CAAC,EACjD+E,EAAgBX,EAAM,oBAAoBU,EAAQ,EAAE,EAC1D,OAAC,MAAMhC,EAAQ,GAAG,IAAIiC,EAAc,KAAMA,EAAc,MAAOA,EAAc,UAAU,EAEhF,EACX,CAEA,eAAsBC,GAAuC,CACzD,OAAQ,MAAMlC,EAAQ,GAAG,IAAIsB,EAAM,iBAAiB,GAAG,OAAS,IACpE,CAEA,eAAsBa,IAAuC,CACzD,MAAO,EAAQ,MAAMD,EAAa,CACtC,CAEA,SAASE,GAAcC,EAAkBC,EAA0C,CAC/E,IAAMC,EAAmB,MAAM,QAAQD,CAAW,EAAIA,EAAc,CAACA,CAAW,EAEhF,OAAIC,EAAiB,CAAC,EACXA,EAAiB,SAASF,CAAQ,EAGtCG,EAAgB,EAAE,SAASH,CAAQ,CAC9C,CAEA,eAAsBI,EAAeC,EAI3B,CACN,IAAMC,EAAY,MAAMT,EAAa,EAErC,GAAI,CAACS,EACD,OAAO,KAGX,GAAM,CAAE,KAAAC,CAAK,EAAI,MAAMtB,EAAM,gBAAgBqB,CAAS,EAEtD,MAAI,CAACC,GAAQ,CAACR,GAAcQ,EAAK,KAAMF,CAAK,EACjC,KAGJ9C,GAAKgD,EAAM,CAAC,KAAM,QAAS,MAAM,CAAC,CAC7C,CAEO,SAASC,GAAkBC,EAAkBC,EAAyB,CACzE,OAAKA,EAIDA,IAAU,IACH,GAGJ9C,GAAM8C,CAAK,EAAED,CAAQ,IAAM,GAPvB,EAQf,CAEA,eAAsBE,GAAkC,CACpD,IAAMC,EAAS,MAAM1C,EAAa,GAAG,MAAMG,EAAU,CAAC,SAAS,EAC/D,OAAOuC,EAAU,KAAK,MAAMA,CAAM,EAAoBhC,CAC1D,CAEA,eAAsBiC,EAAatB,EAA+B,CAE9D,OADe,MAAMoB,EAAU,GACjBpB,CAAE,CACpB,CAEA,eAAsBuB,GAAUC,EAAoD,CAChF,IAAMH,EAAS,CACX,KAAM,CACF,GAAGhC,EAAe,KAClB,GAAGmC,GAAc,IACrB,EACA,IAAK,CACD,GAAGnC,EAAe,IAClB,GAAGmC,GAAc,GACrB,EACA,OAAQ,CACJ,GAAGnC,EAAe,OAClB,GAAGmC,GAAc,MACrB,CACJ,EACA,OAAO5C,EAAW,GAAG,MAAME,EAAU,CAAC,UAAW,KAAK,UAAUuC,CAAM,CAAC,CAC3E,CAEA,eAAeI,GACXV,EACAG,EAC0D,CAC1D,IAAMG,EAAS,MAAMD,EAAU,EACzB,CAAE,QAAAhB,EAAS,KAAAY,CAAK,EAAI,MAAMtB,EAAM,gBAAgBqB,CAAS,EAEzDzF,EACF+F,EAAOjB,GAAWQ,EAAgB,EAAE,SAASI,GAAM,IAAI,EAAIZ,EAAQ,MAAQ,MAAM,EAErF,MAAO,CACH,MAAOY,GAAM,OAAS,KACtB,SAAUC,GAAkBC,EAAU5F,EAAM,YAAY,EAClD,KACAA,EAAM,kBAAoB6D,CACpC,CACJ,CAEA,eAAsBuC,GAClBC,EACAH,EACqB,CACrB,IAAMT,EAAYY,EAAQ,QAAQ,aAAa,IAAI,IAAI,GAAK,GACtDT,EAAWS,EAAQ,QAAQ,aAAa,IAAI,UAAU,GAAK,IAEjE,aAAMJ,GAAUC,CAAY,EAErB1F,GAAa,KAAK,MAAM2F,GAAsBV,EAAWG,CAAQ,CAAC,CAC7E,CFxNO,SAASU,GAA2B,CACvC,OAAO,QAAQ,IAAI,mBAAqB,OAC5C,CAEA,eAAsBC,GAAYC,EAAcC,EAAwC,CACpF,GAAI,CAACH,EAAgB,EACjB,MAAM,IAAI,MAAM,iDAAiD,EAGrE,GAAI,CAACG,EACD,OAAO,KAGX,GAAM,CAACf,CAAI,EAAI,MAAMnG,EAChB,OAAO,EACP,KAAKW,CAAa,EAClB,MAAMjB,EAAGiB,EAAc,MAAOuG,CAAK,CAAC,EACpC,MAAM,CAAC,EAEZ,GAAI,CAACf,EACD,OAAO,KAGX,IAAMgB,EAASrE,EAAc,eAAe,EACtCsE,EAAUtE,EAAc,OAAOoE,EAAOD,EAAME,CAAM,EAIxD,aAAMnH,EACD,OAAOe,CAAY,EACnB,MAAMtB,EAAIC,EAAGqB,EAAa,OAAQoF,EAAK,EAAE,EAAGtD,GAAO9B,EAAa,UAAU,CAAC,CAAC,EAIjF,MAAMf,EAAG,OAAOe,CAAY,EAAE,OAAO,CACjC,GAAIgE,EAAW,EACf,KAAM,UACN,OAAAoC,EACA,OAAQhB,EAAK,EACjB,CAAC,EAEM,IAAI,QAAQ,CAACkB,EAASC,IAAW,CACpCvE,GAAO,UACHqE,EACA,CAAE,aAAc,CAAE,QAAS,CAAE,EAAG,OAAQ,EAAG,MAAO,CAAE,EACpD,CAACnF,EAAKO,KAAS,CACPP,GACAqF,EAAOrF,CAAG,EAEdoF,EAAQ7E,EAAI,CAChB,CACJ,CACJ,CAAC,CACL,CAEA,eAAsB+E,GAAgBpB,EAAoC,CACtE,GAAI,CAACY,EAAgB,EACjB,MAAO,GAGX,GAAM,CAACS,CAAG,EAAI,MAAMxH,EACf,OAAO,EACP,KAAKe,CAAY,EACjB,MAAMtB,EAAIC,EAAGqB,EAAa,OAAQoF,EAAK,EAAE,EAAGvD,GAAU7B,EAAa,UAAU,CAAC,CAAC,EAC/E,MAAM,CAAC,EAEZ,MAAO,EAAQyG,CACnB,CAEA,eAAeC,GAAeC,EAA+B,CACpDX,EAAgB,GAIrB,MAAM/G,EACD,OAAOe,CAAY,EACnB,IAAI,CAAE,WAAY,IAAI,IAAO,CAAC,EAC9B,MAAMrB,EAAGqB,EAAa,OAAQ2G,CAAM,CAAC,CAC9C,CAEA,eAAeC,GAAkBD,EAAgBE,EAAiC,CAC9E,GAAI,CAACb,EAAgB,EACjB,MAAO,GAGX,GAAM,CAACS,CAAG,EAAI,MAAMxH,EACf,OAAO,EACP,KAAKe,CAAY,EACjB,MAAMrB,EAAGqB,EAAa,OAAQ2G,CAAM,CAAC,EACrC,MAAM,CAAC,EAEZ,OAAKF,EAIE1E,EAAc,MAAM8E,EAAOJ,EAAI,MAAM,EAHjC,EAIf,CAEA,eAAsBK,GAAUrF,EAAuC,CACnE,GAAI,CAACuE,EAAgB,EACjB,MAAO,GAGX,IAAMZ,EAAO,MAAMH,EAAe,EAQlC,MANI,CAACG,GAMD,CAFY,MAAMwB,GAAkBxB,EAAK,GAAI3D,EAAK,KAAK,EAGhD,IAGX,MAAMiF,GAAetB,EAAK,EAAE,EACrBb,EAAkBa,EAAK,GAAI,QAAQ,EAC9C,CAEA,eAAsB2B,GAAc/F,EAAsD,CACtF,OAAKgF,EAAgB,EAIJ,MAAMxE,EAAmC,CACtD,GAAIsF,GACJ,SAAA9F,EACA,QAASkB,CACb,CAAC,EAPU,CAAC,KAAM,IAAI,MAAM,oBAAoB,CAAC,CAUrD,CKjJA,OAAO8E,OAAY,WAEnB,IAAMC,GAAiB,GAOjBC,GAAqC,CACvC,IAAK,EACL,MAAO,EACP,MAAO,EACP,OAAQ,EACR,OAAQ,CACZ,EAEA,SAASC,GAAiBC,EAAkBzG,EAAwB,CAChE,OAAOyG,EAAS,QAAUzG,CAC9B,CAEA,SAAS0G,GAAmBD,EAAkBzG,EAAwB,CAClE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS2G,GAAmBF,EAAkBzG,EAAwB,CAClE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS4G,GAAoBH,EAAkBzG,EAAwB,CACnE,OAAOyG,EAAS,QAAQ,WAAY,EAAE,EAAE,QAAUzG,CACtD,CAEA,SAAS6G,GAAoBJ,EAAkBzG,EAAwB,CACnE,OAAOyG,EAAS,QAAQ,SAAU,EAAE,EAAE,QAAUzG,CACpD,CAEA,IAAM8G,GAAyF,CAC3F,IAAKN,GACL,MAAOE,GACP,MAAOC,GACP,OAAQC,GACR,OAAQC,EACZ,EAEA,eAAsBE,EAAaN,EAAmC,CAElE,OADa,MAAMJ,GAAO,KAAKI,EAAUH,EAAc,CAE3D,CAEA,eAAsBU,EAAelG,EAAemG,EAAsC,CACtF,MAAI,CAACnG,GAAQ,CAACmG,EACH,GAGM,MAAMZ,GAAO,QAAQvF,EAAMmG,CAAS,CAEzD,CAEA,eAAsBC,GAClBT,EACAU,EAAqCZ,GACG,CAGxC,IAAMa,EAFU,OAAO,QAAQD,CAAK,EAEX,OAAwC,CAACrH,EAAK,CAACuH,EAAMrH,CAAK,KAC/EF,EAAIuH,CAAI,EAAIP,GAAmBO,CAAI,EAAEZ,EAAUzG,CAAK,EAC7CF,GACR,CAAC,CAAC,EAEL,OAAO,QAAQ,QAAQsH,CAAQ,CACnC,CAEA,eAAsBE,GAClBb,EACAU,EAAqCZ,GACZ,CACzB,IAAMa,EAAW,MAAMF,GAAsBT,EAAUU,CAAK,EAC5D,OAAO,QAAQ,QAAQ,OAAO,OAAOC,CAAQ,EAAE,MAAM,OAAO,CAAC,CACjE,CC7EA,OAAOzH,OAAS,MAKhB,IAAM4H,GAAe/G,EAA8B,CAC/C,MAAOb,GAAI,OAAO,EAAE,MAAM,CAAE,kBAAmB,EAAG,KAAM,EAAM,CAAC,EAAE,SAAS,EAC1E,SAAUA,GAAI,OAAO,EAAE,IAAI,CAAC,EAAE,SAAS,CAC3C,CAAC,EAEM6H,GAAQD,GCVf,OAAO5H,OAAS,MAKhB,IAAM8H,GAAkBjH,EAAiC,CACrD,MAAOb,GAAI,OAAO,EAAE,IAAI,EAAE,EAAE,MAAM,CAAE,kBAAmB,EAAG,KAAM,EAAM,CAAC,EAAE,SAAS,EAAE,SAAS,CACzF,eAAgB,qEAChB,eAAgB,qEAChB,eAAgB,+CAChB,aAAc,8CAClB,CAAC,CACL,CAAC,EAEM+H,GAAQD,GChBf,OAAO9H,OAAS,MAShB,IAAMgI,GAAyC,CAC3C,MAAO,EACP,IAAK,EACL,OAAQ,EACR,MAAO,CACX,EAEA,eAAeC,GACX5H,EACA6H,EACuB,CACvB,OAAM,MAAMP,GAAwBtH,EAAO2H,EAAkB,EAMtD3H,EALI6H,EAAQ,QAAQ,CACnB,SACI,+EACR,CAAC,CAGT,CAEA,IAAMC,GAAgCtH,EAA+C,CACjF,SAAUb,GAAI,OAAO,EAAE,SAASiI,EAAiB,EAAE,SAAS,EAAE,SAAS,CACnE,eAAgB,mCAChB,eAAgB,kCACpB,CAAC,EACD,MAAOjI,GAAI,OAAO,EAAE,QAAQ,eAAe,CAC/C,CAAC,EAEMoI,GAAQD,GfNf,IAAME,GAAqB,GAGrBC,GAAqB,KAE3B,eAAsBC,IAA8B,CAChD,IAAMzE,EAAK,MAAMM,EAAa,EAE1BN,GACA,MAAMD,EAAkBC,CAAE,CAElC,CASO,SAASY,GAA4B,CACxC,IAAM8D,EAAO,QAAQ,IAAI,UAEzB,GAAI,CAACA,EACD,MAAM,IAAI,MAAM,gEAAgE,EAGpF,MAAO,CAAC,OAAOA,CAAI,CAAC,CACxB,CAEO,SAASC,IAAyB,CACrC,IAAM7D,EAAQF,EAAgB,EAC9B,OAAO,KAAK,IAAI,GAAGE,CAAK,CAC5B,CAEA,eAAe8D,GAAkBrC,EAAwC,CACrE,aAAMpC,EAAkBoC,EAAQX,EAAgB,EAAI,MAAQ,QAAQ,GAEtD,MAAMN,EAAa,QAAQ,IAC3B,gBAAkB,IACpC,CAEA,eAAsBuD,GAAe9C,EAAe2C,EAA2C,CAC3F,IAAMI,EAAa,CAACvK,EAAGiB,EAAc,MAAOuG,CAAK,CAAC,EAE9C2C,EACAI,EAAW,KAAKvK,EAAGiB,EAAc,KAAMkJ,CAAI,CAAC,EAE5CI,EAAW,KAAKrK,GAAIe,EAAc,KAAMmJ,GAAe,CAAC,CAAC,EAG7D,GAAM,CAAC3D,CAAI,EAAI,MAAMnG,EAChB,OAAO,EACP,KAAKW,CAAa,EAClB,MAAMlB,GAAI,GAAGwK,CAAU,CAAC,EACxB,MAAM,CAAC,EAEZ,OAAO9D,CACX,CAEA,eAAe+D,GAAU,CAAE,MAAAhD,EAAO,SAAAiB,CAAS,EAAmC,CAC1E,GAAI,CAAC,QAAQ,IAAI,UACb,MAAM,IAAI,MAAM,gEAAgE,EAGpF,IAAMhC,EAAO,MAAM6D,GAAe9C,EAAO,OAAO,QAAQ,IAAI,SAAS,CAAC,EAEtE,GAAI,CAACf,GAAM,UAAY,CAAE,MAAMuC,EAAeP,EAAUhC,EAAK,QAAQ,EACjE,MAAM,IAAI/E,EAAgB,CAAE,MAAO,GAAI,SAAU,EAAG,CAAC,EAGzD,IAAMmE,EAAU,MAAMwE,GAAkB5D,EAAK,EAAE,EAE/C,GAAI,CAACZ,EACD,MAAM,IAAInE,EAAgB,CAAE,MAAO,GAAI,SAAU,EAAG,CAAC,EAGzD,OAAOmE,CACX,CAEA,eAAsB4E,GAClBpI,EACAqI,EAC0B,CAU1B,OATiB,MAAM7H,EAAoC,CACvD,GAAI2H,GACJ,SAAAnI,EACA,UAAW,SAAY,CACnB,MAAMqI,IAAY,CACtB,EACA,QAASlB,EACb,CAAC,CAGL,CAQA,eAAsBmB,GAAa,CAC/B,MAAAnD,EACA,SAAAiB,EACA,KAAA0B,CACJ,EAAiD,CAC7C,IAAMS,EAAOnC,EAAW,MAAMM,EAAaN,CAAQ,EAAI,KAEjD,CAAChC,CAAI,EAAI,MAAMnG,EAChB,OAAOW,CAAa,EACpB,OAAO,CAAE,GAAIoE,EAAW,EAAG,MAAAmC,EAAO,SAAUoD,EAAM,KAAAT,CAAK,CAAC,EACxD,UAAU,EAEf,OAAO1D,CACX,CAEA,eAAeoE,GAAyBrD,EAAuC,CAC3E,IAAMf,EAAO,MAAM6D,GAAe9C,CAAK,EAEvC,GAAI,CAACf,EACD,OAAO,KAGX,MAAMnG,EAAG,OAAOc,CAAc,EAAE,MAAMpB,EAAGoB,EAAe,OAAQqF,EAAK,EAAE,CAAC,EAExE,IAAMhB,EAAKJ,EAAW,GAAI2E,EAAkB,EAE5C,aAAM1J,EAAG,OAAOc,CAAc,EAAE,OAAO,CACnC,GAAAqE,EACA,OAAQgB,EAAK,GACb,UAAW,IAAI,KAAK,IAAI,KAAK,EAAE,QAAQ,EAAIwD,EAAkB,CACjE,CAAC,EAEMxE,CACX,CAEA,eAAsBqF,GAClBzI,EACA0I,EAC2B,CAC3B,eAAeC,EAASlI,EAA4C,CAChE,IAAMoF,EAAQ,MAAM2C,GAAyB/H,EAAK,KAAK,EAEvD,OAAKoF,EAKE6C,EAAOjI,EAAK,MAAOoF,CAAK,EAHpB,EAIf,CAQA,OANiB,MAAMrF,EAAwC,CAC3D,GAAImI,EACJ,SAAA3I,EACA,QAASqH,EACb,CAAC,CAGL,CAEA,eAAeuB,GAA2B/C,EAAeO,EAAmC,CACxF,GAAM,CAACyC,CAAM,EAAI,MAAM5K,EAClB,OAAO,EACP,KAAKc,CAAc,EACnB,MAAMpB,EAAGoB,EAAe,GAAI8G,CAAK,CAAC,EAClC,MAAM,CAAC,EAEZ,GAAI,CAACgD,EACD,MAAM,IAAI,MAAM,gCAAgC,EAKpD,GAFA,MAAM5K,EAAG,OAAOc,CAAc,EAAE,MAAMpB,EAAGoB,EAAe,GAAI8G,CAAK,CAAC,EAE9DgD,EAAO,UAAY,IAAI,KACvB,MAAM,IAAI,MAAM,8BAA8B,EAGlD,aAAMvF,EAAuBuF,EAAO,MAAM,EAE1C,MAAM5K,EACD,OAAOW,CAAa,EACpB,IAAI,CAAE,SAAU,MAAM8H,EAAaN,CAAQ,CAAE,CAAC,EAC9C,MACG1I,GAAIC,EAAGiB,EAAc,GAAIiK,EAAO,MAAM,EAAGjL,GAAQgB,EAAc,KAAMoF,EAAgB,CAAC,CAAC,CAC3F,EAEG6E,EAAO,MAClB,CAEA,eAAsBC,GAClB9I,EACAqI,EAC0B,CAC1B,eAAeM,EAASlI,EAAyD,CAC7E,IAAMkF,EAAS,MAAMiD,GAA2BnI,EAAK,MAAOA,EAAK,QAAQ,EACnE+C,EAAU,MAAMwE,GAAkBrC,CAAM,EAE9C,GAAI,CAACnC,EACD,MAAM,IAAI,MAAM,0BAA0B,EAG9C,OAAOA,CACX,CASA,OAPiB,MAAMhD,EAAW,CAC9B,GAAImI,EACJ,SAAA3I,EACA,UAAAqI,EACA,QAASX,EACb,CAAC,CAGL,CgBnPA,OAAS,MAAA/J,OAAU,cASnB,IAAM6E,GAAY,GACZuG,GAAgB,GAEtB,eAAsBC,GAAc5F,EAAwC,CACxE,GAAM,CAACzB,CAAM,EAAI,MAAM1D,EAClB,OAAO,EACP,KAAKgB,CAAe,EACpB,MAAMtB,GAAGsB,EAAgB,GAAImE,CAAE,CAAC,EAChC,MAAM,CAAC,EAEZ,OAAOzB,CACX,CAQA,eAAsBsH,GAAe,CACjC,MAAAC,EACA,GAAA9F,EACA,OAAAgC,CACJ,EAAmD,CAC/C,GAAM,CAACzD,CAAM,EAAI,MAAM1D,EAClB,OAAOgB,CAAe,EACtB,OAAO,CACJ,MAAAiK,EACA,GAAI9F,GAAMJ,EAAW,GAAIR,EAAS,EAClC,OAAQ,MAAMkE,EAAatB,GAAUpC,EAAW,GAAI+F,EAAa,CAAC,CACtE,CAAC,EACA,UAAU,EAEf,OAAOpH,CACX,CAEA,eAAsBwH,GAAiBpE,EAAkD,CACrF,GAAM,CAAE,QAAA9C,CAAQ,EAAI8C,EACdqE,EAASnH,EAAQ,IAAI,eAAe,EAE1C,GAAI,CAACmH,EACD,OAAO,KAGX,IAAMC,EAAO,OAAO,KAAKD,EAAO,QAAQ,SAAU,EAAE,EAAG,QAAQ,EAC1D,SAAS,OAAO,EAChB,QAAQ,MAAO,EAAE,EAEhB,CAAChG,EAAI,GAAGgC,CAAM,EAAIiE,EAAK,MAAM,GAAG,EAEhC,CAAC1H,CAAM,EAAI,MAAM1D,EAClB,OAAO,EACP,KAAKgB,CAAe,EACpB,MAAMtB,GAAGsB,EAAgB,GAAImE,CAAE,CAAC,EAChC,MAAM,CAAC,EAEZ,OAAKzB,GAIc,MAAMgF,EAAevB,EAAO,KAAK,EAAE,EAAGzD,EAAO,MAAM,EAClDA,EAJT,IAKf","sourcesContent":["import type { Errorable } from '@sqrzro/interfaces';\nimport { and, eq, inArray, lte } from 'drizzle-orm';\n\nimport { db } from '../database/DatabaseService';\nimport { authResetTable, authUserTable } from '../database/schema';\n\nimport { submitForm } from '../forms/FormService';\nimport ValidationError from '../forms/ValidationError';\n\nimport { checkMFAEnabled } from './MFAService';\nimport { hashPassword, verifyPassword } from './PasswordService';\nimport {\n createUserSession,\n generateID,\n getScopeByID,\n getSessionID,\n invalidateSession,\n invalidateUserSessions,\n} from './SessionService';\n\nimport LoginRequest from './LoginRequest';\nimport PasswordRequest from './PasswordRequest';\nimport PasswordResetWithTokenRequest from './PasswordResetWithTokenRequest';\n\nimport type {\n LoginFormFields,\n PasswordFormFields,\n PasswordResetWithTokenFormFields,\n UserObject,\n} from './interfaces';\n\nconst RESET_TOKEN_LENGTH = 40;\n\n// Set expiry to 1 hour (in ms)\nconst RESET_TOKEN_EXPIRY = 3600000;\n\nexport async function handleLogout(): Promise<void> {\n const id = await getSessionID();\n\n if (id) {\n await invalidateSession(id);\n }\n}\n\ninterface LoginUserArgs {\n email: string;\n password: string;\n role?: number;\n token?: string;\n}\n\nexport function getAllowedRoles(): number[] {\n const role = process.env.AUTH_ROLE;\n\n if (!role) {\n throw new Error('AUTH_ROLE is not defined. Authentication will not be possible.');\n }\n\n return [Number(role)];\n}\n\nexport function getMaximumRole(): number {\n const roles = getAllowedRoles();\n return Math.max(...roles);\n}\n\nasync function handleUserSession(userID: string): Promise<string | null> {\n await createUserSession(userID, checkMFAEnabled() ? 'MFA' : 'AUTHED');\n\n const scope = await getScopeByID('AUTHED');\n return scope?.redirectOnAuth || null;\n}\n\nexport async function getUserByEmail(email: string, role?: number): Promise<UserObject | null> {\n const conditions = [eq(authUserTable.email, email)];\n\n if (role) {\n conditions.push(eq(authUserTable.role, role));\n } else {\n conditions.push(lte(authUserTable.role, getMaximumRole()));\n }\n\n const [user] = await db\n .select()\n .from(authUserTable)\n .where(and(...conditions))\n .limit(1);\n\n return user;\n}\n\nasync function loginUser({ email, password }: LoginUserArgs): Promise<string> {\n if (!process.env.AUTH_ROLE) {\n throw new Error('AUTH_ROLE is not defined. Authentication will not be possible.');\n }\n\n const user = await getUserByEmail(email, Number(process.env.AUTH_ROLE));\n\n if (!user?.password || !(await verifyPassword(password, user.password))) {\n throw new ValidationError({ email: '', password: '' });\n }\n\n const session = await handleUserSession(user.id);\n\n if (!session) {\n throw new ValidationError({ email: '', password: '' });\n }\n\n return session;\n}\n\nexport async function handleLoginForm(\n formData: LoginFormFields,\n onSuccess?: () => Promise<void>\n): Promise<Errorable<string>> {\n const response = await submitForm<LoginFormFields, string>({\n fn: loginUser,\n formData,\n onSuccess: async () => {\n await onSuccess?.();\n },\n request: LoginRequest,\n });\n\n return response;\n}\n\ninterface RegisterUserArgs {\n email: string;\n password?: string;\n role?: number;\n}\n\nexport async function registerUser({\n email,\n password,\n role,\n}: RegisterUserArgs): Promise<UserObject | null> {\n const hash = password ? await hashPassword(password) : null;\n\n const [user] = await db\n .insert(authUserTable)\n .values({ id: generateID(), email, password: hash, role })\n .returning();\n\n return user;\n}\n\nasync function createPasswordResetToken(email: string): Promise<string | null> {\n const user = await getUserByEmail(email);\n\n if (!user) {\n return null;\n }\n\n await db.delete(authResetTable).where(eq(authResetTable.userId, user.id));\n\n const id = generateID('', RESET_TOKEN_LENGTH);\n\n await db.insert(authResetTable).values({\n id,\n userId: user.id,\n expiresAt: new Date(new Date().getTime() + RESET_TOKEN_EXPIRY),\n });\n\n return id;\n}\n\nexport async function handlePasswordForm(\n formData: PasswordFormFields,\n mailFn: (email: string, token: string) => Promise<boolean>\n): Promise<Errorable<boolean>> {\n async function mutateFn(data: PasswordFormFields): Promise<boolean> {\n const token = await createPasswordResetToken(data.email);\n\n if (!token) {\n // Return true, even though the email doesn't exist (to prevent user enumeration)\n return true;\n }\n\n return mailFn(data.email, token);\n }\n\n const response = await submitForm<PasswordFormFields, boolean>({\n fn: mutateFn,\n formData,\n request: PasswordRequest,\n });\n\n return response;\n}\n\nasync function validatePasswordResetToken(token: string, password: string): Promise<string> {\n const [result] = await db\n .select()\n .from(authResetTable)\n .where(eq(authResetTable.id, token))\n .limit(1);\n\n if (!result) {\n throw new Error('PASSWORD_RESET_TOKEN_NOT_FOUND');\n }\n\n await db.delete(authResetTable).where(eq(authResetTable.id, token));\n\n if (result.expiresAt < new Date()) {\n throw new Error('PASSWORD_RESET_TOKEN_EXPIRED');\n }\n\n await invalidateUserSessions(result.userId);\n\n await db\n .update(authUserTable)\n .set({ password: await hashPassword(password) })\n .where(\n and(eq(authUserTable.id, result.userId), inArray(authUserTable.role, getAllowedRoles()))\n );\n\n return result.userId;\n}\n\nexport async function handlePasswordResetWithTokenForm(\n formData: PasswordResetWithTokenFormFields,\n onSuccess?: (model: string) => Promise<void>\n): Promise<Errorable<string>> {\n async function mutateFn(data: PasswordResetWithTokenFormFields): Promise<string> {\n const userID = await validatePasswordResetToken(data.token, data.password);\n const session = await handleUserSession(userID);\n\n if (!session) {\n throw new Error('COULD_NOT_CREATE_SESSION');\n }\n\n return session;\n }\n\n const response = await submitForm({\n fn: mutateFn,\n formData,\n onSuccess,\n request: PasswordResetWithTokenRequest,\n });\n\n return response;\n}\n","import { drizzle } from 'drizzle-orm/postgres-js';\nimport type { PostgresJsDatabase } from 'drizzle-orm/postgres-js';\nimport postgres from 'postgres';\n\ndeclare global {\n var szdb: ReturnType<typeof createSingleton> | undefined; // eslint-disable-line no-var, vars-on-top\n}\n\nfunction createSingleton(): PostgresJsDatabase {\n if (!process.env.DATABASE_URL) {\n throw new Error('DATABASE_URL is not defined');\n }\n return drizzle(postgres(process.env.DATABASE_URL, { prepare: false }));\n}\n\nexport const db = globalThis.szdb ?? createSingleton();\n\nif (!process.env.VERCEL_ENV) {\n globalThis.szdb = db;\n}\n","/* istanbul ignore file */\n\nimport { integer, pgEnum, pgSchema, text, timestamp, uniqueIndex } from 'drizzle-orm/pg-core';\n\nconst DEFAULT_ROLE = 10;\n\nexport const mfaType = pgEnum('mfaType', ['TOTP', 'HARDWARE']);\nexport const scope = pgEnum('scope', ['ANON', 'MFA', 'AUTHED']);\n\nexport type Scope = (typeof scope.enumValues)[number];\n\nexport const authSchema = pgSchema('auth');\n\nexport const authUserTable = authSchema.table(\n 'user_credentials',\n {\n id: text('id').primaryKey(),\n email: text('email').notNull(),\n password: text('password'),\n role: integer('role').notNull().default(DEFAULT_ROLE),\n },\n (table) => ({\n unique: uniqueIndex().on(table.email, table.role),\n })\n);\n\nexport type AuthUser = typeof authUserTable.$inferSelect;\n\nexport const authSessionTable = authSchema.table('sessions', {\n id: text('id').primaryKey(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n scope: scope('scope').notNull().default('ANON'),\n expiresAt: timestamp('expiresAt').notNull(),\n});\n\nexport type AuthSession = typeof authSessionTable.$inferSelect;\n\nexport const authResetTable = authSchema.table('resets', {\n id: text('id').primaryKey(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n expiresAt: timestamp('expiresAt').notNull(),\n});\n\nexport type AuthReset = typeof authResetTable.$inferSelect;\n\nexport const authMFATable = authSchema.table('mfas', {\n id: text('id').primaryKey(),\n name: text('name').notNull(),\n userId: text('userId')\n .notNull()\n .references(() => authUserTable.id, { onDelete: 'cascade' }),\n type: mfaType('type').notNull().default('TOTP'),\n secret: text('secret').notNull(),\n verifiedAt: timestamp('verifiedAt'),\n});\n\nexport type AuthMFA = typeof authMFATable.$inferSelect;\n\nexport const authClientTable = authSchema.table('client_credentials', {\n id: text('id').primaryKey(),\n alias: text('alias').notNull().unique(),\n secret: text('secret').notNull().unique(),\n});\n\nexport type AuthClient = typeof authClientTable.$inferSelect;\n","/* eslint-disable max-statements */\n\nimport type { SerializedError, SerializedErrorable } from '@sqrzro/interfaces';\nimport type Joi from 'joi';\nimport { NextResponse } from 'next/server';\n\nimport ValidationError from './ValidationError';\nimport { validateSchema } from './ValidationService';\n\nfunction serializeError(err: Error): SerializedError {\n return {\n cause: err.cause,\n message: err.message,\n name: err.name,\n stack: err.stack,\n };\n}\n\ninterface SubmitFormArgs<F extends object> {\n formData: F;\n onSuccess?: (model: F) => Promise<void> | void;\n onValidationError?: (error: ValidationError) => void;\n request?: Joi.ObjectSchema<F>;\n}\n\ninterface SubmitFormArgsWithFn<F extends object, M> extends Omit<SubmitFormArgs<F>, 'onSuccess'> {\n fn: (data: F) => Promise<M | null>;\n onSuccess?: (model: M) => Promise<void> | void;\n}\n\nfunction hasFn<F extends object, M>(\n args: SubmitFormArgs<F> | SubmitFormArgsWithFn<F, M>\n): args is SubmitFormArgsWithFn<F, M> {\n return Boolean(Object.prototype.hasOwnProperty.call(args, 'fn'));\n}\n\nexport async function submitForm<F extends object>(\n args: SubmitFormArgs<F>\n): Promise<SerializedErrorable<F>>;\nexport async function submitForm<F extends object, M>(\n args: SubmitFormArgsWithFn<F, M>\n): Promise<SerializedErrorable<M>>;\n\nexport async function submitForm<F extends object, M>(\n args: SubmitFormArgs<F> | SubmitFormArgsWithFn<F, M>\n): Promise<[F, null] | [M, null] | [null, SerializedError]> {\n let data = { ...args.formData };\n\n if (args.request) {\n const [validated, validationError] = await validateSchema<F>(args.formData, args.request);\n\n if (validationError !== null) {\n if (validationError instanceof ValidationError) {\n args.onValidationError?.(validationError);\n }\n\n return [null, serializeError(validationError)];\n }\n\n data = validated;\n }\n\n if (!hasFn(args)) {\n await args.onSuccess?.(data);\n return [data, null];\n }\n\n let model: Awaited<M> | null = null;\n\n try {\n model = await args.fn(data);\n } catch (err: unknown) {\n if (err instanceof ValidationError) {\n args.onValidationError?.(err);\n return [null, serializeError(err)];\n }\n if (err instanceof Error) {\n throw err;\n }\n throw new Error('The function supplied to submitForm encountered an unknown error');\n }\n\n if (!model) {\n throw new Error('NO_MODEL');\n }\n\n await args.onSuccess?.(model);\n return [model, null];\n}\n\nexport async function submitAPIRequest<F extends object, M>(\n args: SubmitFormArgsWithFn<F, M>\n): Promise<[M, null] | [null, NextResponse]> {\n const [response, error] = await submitForm<F, M>(args);\n\n if (error !== null) {\n if (error.name === 'ValidationError') {\n try {\n const errors = JSON.parse(error.message) as Record<string, string>;\n return [null, NextResponse.json(errors, { status: 422 })];\n } catch (err) {\n return [\n null,\n NextResponse.json({ message: 'An unknown error occured' }, { status: 500 }),\n ];\n }\n }\n return [null, NextResponse.json({ message: error.message }, { status: 500 })];\n }\n\n return [response, null];\n}\n","class ValidationError extends Error {\n public messages: Record<string, string>;\n\n public constructor(messages: Record<string, string>) {\n super(JSON.stringify(messages));\n\n this.messages = messages;\n this.name = 'ValidationError';\n }\n}\n\nexport default ValidationError;\n","import type { Errorable } from '@sqrzro/interfaces';\nimport Joi from 'joi';\n\nimport lang from './lang';\nimport ValidationError from './ValidationError';\n\nexport function validate(): typeof Joi {\n return Joi;\n}\n\nexport type ValidationCustomHelpers<V = any> = Joi.CustomHelpers<V>; // eslint-disable-line @typescript-eslint/no-explicit-any\nexport type ValidationExternalHelpers<V = any> = Joi.ExternalHelpers<V>; // eslint-disable-line @typescript-eslint/no-explicit-any\nexport type ValidationErrorReport = Joi.ErrorReport;\n\nexport function getDefaultErrorMessages(): Record<string, string> {\n return lang;\n}\n\nfunction getErrorMessages(): Record<string, string> {\n return Object.entries(lang).reduce((acc, [key, value]) => {\n if (!value) {\n return acc;\n }\n return {\n ...acc,\n [key]: value,\n };\n }, {});\n}\n\nfunction transformErrors(error: Joi.ValidationError): ValidationError {\n const messages = error.details.reduce(\n (acc, cur) => ({\n ...acc,\n [cur.path.join('.')]: cur.message.replace(/\"/gu, ''),\n }),\n {}\n );\n return new ValidationError(messages);\n}\n\n/**\n * This function takes FormData and a schema. It then attempts to transform the FormData into an\n * object that matches `T`. This is because the FormData object is not typed and we want to be able\n * to validate it properly typed.\n *\n * Once transformed, the object is validated against the schema. This will result in either a\n * properly typed `T` object or an array of validation errors.\n * @param formData\n * @param validation\n * @returns\n */\nexport async function validateSchema<T>(\n formData: Partial<T>,\n validation: Joi.ObjectSchema<T>,\n messages?: Record<string, string>\n): Promise<Errorable<T>> {\n try {\n const validated = await validation.validateAsync(formData, {\n abortEarly: false,\n messages: messages || getErrorMessages(),\n stripUnknown: true,\n });\n\n return [validated, null];\n } catch (err) {\n if (err instanceof Joi.ValidationError) {\n return [null, transformErrors(err)];\n }\n\n if (err instanceof Error) {\n return [null, err];\n }\n\n return [null, new Error('Unknown validation error occured')];\n }\n}\n\nexport function createSchema<T>(schema: Joi.SchemaMap<T, true>): Joi.ObjectSchema<T> {\n return Joi.object<T>(schema);\n}\n\nexport function extendSchema<T, U extends T>(\n schema: Joi.ObjectSchema<T>,\n appends: Joi.PartialSchemaMap<U>\n): Joi.ObjectSchema<U> {\n return schema.append<U>(appends);\n}\n","const messages: Record<string, string> = {\n 'alternatives.all': '',\n 'alternatives.any': '',\n 'alternatives.match': '',\n 'alternatives.one': '',\n 'alternatives.types': '',\n 'any.custom': '',\n 'any.default': '',\n 'any.failover': '',\n 'any.invalid': '',\n 'any.only': '',\n 'any.ref': '',\n 'any.required': '{{#label}} is required',\n 'any.unknown': '',\n 'array.base': '',\n 'array.excludes': '',\n 'array.includesRequiredBoth': '',\n 'array.includesRequiredKnowns': '',\n 'array.includesRequiredUnknowns': '',\n 'array.includes': '',\n 'array.length': '',\n 'array.max': '',\n 'array.min': '',\n 'array.orderedLength': '',\n 'array.sort': '',\n 'array.sort.mismatching': '',\n 'array.sort.unsupported': '',\n 'array.sparse': '',\n 'array.unique': '',\n 'array.hasKnown': '',\n 'array.hasUnknown': '',\n 'binary.base': '',\n 'binary.length': '',\n 'binary.max': '',\n 'binary.min': '',\n 'boolean.base': '',\n 'date.base': '',\n 'date.format': '',\n 'date.greater': '',\n 'date.less': '',\n 'date.max': '',\n 'date.min': '',\n 'date.strict': '',\n 'function.arity': '',\n 'function.class': '',\n 'function.maxArity': '',\n 'function.minArity': '',\n 'number.base': '{{#label}} should be a number',\n 'number.greater': '',\n 'number.infinity': '',\n 'number.integer': '',\n 'number.less': '',\n 'number.max': '',\n 'number.min': '{{#label}} should be greater than or equal to {{#limit}}',\n 'number.multiple': '',\n 'number.negative': '',\n 'number.port': '',\n 'number.positive': '',\n 'number.precision': '',\n 'number.unsafe': '',\n 'object.unknown': '',\n 'object.and': '',\n 'object.assert': '',\n 'object.base': '',\n 'object.length': '',\n 'object.max': '',\n 'object.min': '',\n 'object.missing': '',\n 'object.nand': '',\n 'object.pattern.match': '',\n 'object.refType': '',\n 'object.regex': '',\n 'object.rename.multiple': '',\n 'object.rename.override': '',\n 'object.schema': '',\n 'object.instance': '',\n 'object.with': '',\n 'object.without': '',\n 'object.xor': '',\n 'object.oxor': '',\n 'string.alphanum': '',\n 'string.base64': '',\n 'string.base': '',\n 'string.creditCard': '',\n 'string.dataUri': '',\n 'string.domain': '',\n 'string.email': '',\n 'string.empty': '{{#label}} is required',\n 'string.guid': '',\n 'string.hexAlign': '',\n 'string.hex': '',\n 'string.hostname': '',\n 'string.ipVersion': '',\n 'string.ip': '',\n 'string.isoDate': '',\n 'string.isoDuration': '',\n 'string.length': '',\n 'string.lowercase': '',\n 'string.max': '',\n 'string.min': '',\n 'string.normalize': '',\n 'string.pattern.base': '{{#label}} is not in the correct format',\n 'string.pattern.name': '',\n 'string.pattern.invert.base': '',\n 'string.pattern.invert.name': '',\n 'string.token': '',\n 'string.trim': '',\n 'string.uppercase': '',\n 'string.uri': '',\n 'string.uriCustomScheme': '',\n 'string.uriRelativeOnly': '',\n 'symbol.base': '',\n 'symbol.map': '',\n};\n\nexport default messages;\n","import type { Errorable } from '@sqrzro/interfaces';\nimport { and, eq, isNotNull, isNull } from 'drizzle-orm';\nimport { authenticator } from 'otplib';\nimport qrcode from 'qrcode';\n\nimport { db } from '../database/DatabaseService';\nimport { authMFATable, authUserTable } from '../database/schema';\n\nimport { submitForm } from '../forms/FormService';\n\nimport MFARequest from './MFARequest';\nimport type { MFAFormFields, UserObject } from './interfaces';\nimport { createUserSession, generateID, getSessionUser } from './SessionService';\n\nexport function checkMFAEnabled(): boolean {\n return process.env.AUTH_MFA_ENABLED !== 'false';\n}\n\nexport async function generateMFA(name: string, email?: string): Promise<string | null> {\n if (!checkMFAEnabled()) {\n throw new Error('MFA is not enabled. Cannot generate MFA secret.');\n }\n\n if (!email) {\n return null;\n }\n\n const [user] = await db\n .select()\n .from(authUserTable)\n .where(eq(authUserTable.email, email))\n .limit(1);\n\n if (!user) {\n return null;\n }\n\n const secret = authenticator.generateSecret();\n const otpauth = authenticator.keyuri(email, name, secret);\n\n // Delete all the unverified MFA entries for this user\n\n await db\n .delete(authMFATable)\n .where(and(eq(authMFATable.userId, user.id), isNull(authMFATable.verifiedAt)));\n\n // Add the new MFA entry\n\n await db.insert(authMFATable).values({\n id: generateID(),\n name: 'Default',\n secret,\n userId: user.id,\n });\n\n return new Promise((resolve, reject) => {\n qrcode.toDataURL(\n otpauth,\n { rendererOpts: { quality: 1 }, margin: 0, scale: 2 },\n (err, data) => {\n if (err) {\n reject(err);\n }\n resolve(data);\n }\n );\n });\n}\n\nexport async function checkUserHasMFA(user: UserObject): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const [mfa] = await db\n .select()\n .from(authMFATable)\n .where(and(eq(authMFATable.userId, user.id), isNotNull(authMFATable.verifiedAt)))\n .limit(1);\n\n return Boolean(mfa);\n}\n\nasync function markAsVerified(userID: string): Promise<void> {\n if (!checkMFAEnabled()) {\n return;\n }\n\n await db\n .update(authMFATable)\n .set({ verifiedAt: new Date() })\n .where(eq(authMFATable.userId, userID));\n}\n\nasync function validateUserToken(userID: string, token: string): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const [mfa] = await db\n .select()\n .from(authMFATable)\n .where(eq(authMFATable.userId, userID))\n .limit(1);\n\n if (!mfa) {\n return false;\n }\n\n return authenticator.check(token, mfa.secret);\n}\n\nexport async function handleMFA(data: MFAFormFields): Promise<boolean> {\n if (!checkMFAEnabled()) {\n return false;\n }\n\n const user = await getSessionUser();\n\n if (!user) {\n return false;\n }\n\n const isValid = await validateUserToken(user.id, data.token);\n\n if (!isValid) {\n return false;\n }\n\n await markAsVerified(user.id);\n return createUserSession(user.id, 'AUTHED');\n}\n\nexport async function handleMFAForm(formData: MFAFormFields): Promise<Errorable<boolean>> {\n if (!checkMFAEnabled()) {\n return [null, new Error('MFA is not enabled')];\n }\n\n const response = await submitForm<MFAFormFields, boolean>({\n fn: handleMFA,\n formData,\n request: MFARequest,\n });\n\n return response;\n}\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { MFAFormFields } from './interfaces';\n\nconst MFARequest = createSchema<MFAFormFields>({\n token: Joi.string()\n .pattern(/^[0-9]{6}$/u)\n .required(),\n});\n\nexport default MFARequest;\n","import { DrizzlePostgreSQLAdapter } from '@lucia-auth/adapter-drizzle';\nimport { pick } from '@sqrzro/utility';\nimport { Lucia, TimeSpan, generateId } from 'lucia';\nimport { cookies } from 'next/headers';\nimport { NextResponse } from 'next/server';\nimport type { NextRequest } from 'next/server';\nimport { match } from 'path-to-regexp';\n\nimport { getAllowedRoles } from './AuthService';\n\nimport { db } from '../database/DatabaseService';\nimport { authSessionTable, authUserTable } from '../database/schema';\nimport type { Scope } from '../database/schema';\n\nimport { getFromCache, setToCache } from '../cache/CacheService';\nimport { getOrigin } from '../url/URLService';\n\nconst DEFAULT_REDIRECT = '/auth/login';\nconst ID_LENGTH = 16;\n\ntype TimeSpanUnit = 'd' | 'h' | 'm' | 'ms' | 's' | 'w';\n\ninterface ScopeData {\n allowedRoute?: string;\n redirectOnAuth?: string;\n redirectOnUnauth?: string;\n}\n\nexport type ScopeObject = Record<Scope, ScopeData>;\n\ninterface DatabaseSessionAttributes {\n scope: Scope;\n}\n\ninterface DatabaseUserAttributes {\n email: string;\n role: number;\n}\n\ndeclare module 'lucia' {\n interface Register {\n Lucia: typeof lucia;\n DatabaseSessionAttributes: DatabaseSessionAttributes;\n DatabaseUserAttributes: DatabaseUserAttributes;\n }\n}\n\nconst DEFAULT_SCOPES: ScopeObject = {\n ANON: {\n allowedRoute: '/auth/(login|password)',\n redirectOnUnauth: DEFAULT_REDIRECT,\n },\n MFA: {\n allowedRoute: '/auth/mfa',\n redirectOnUnauth: '/auth/mfa',\n },\n AUTHED: {\n allowedRoute: '*',\n redirectOnAuth: '/',\n },\n};\n\n/* eslint-disable id-length */\nconst timespanMap: Record<string, TimeSpanUnit> = {\n D: 'd',\n H: 'h',\n M: 'm',\n MS: 'ms',\n S: 's',\n W: 'w',\n};\n/* eslint-enable id-length */\n\nfunction getSessionExpiry(): TimeSpan {\n if (!process.env.AUTH_SESSION_EXPIRY) {\n return new TimeSpan(2, 'w');\n }\n\n const [value, unit] = process.env.AUTH_SESSION_EXPIRY.split(/_/u);\n return new TimeSpan(Number(value), timespanMap[unit]);\n}\n\nconst adapter = new DrizzlePostgreSQLAdapter(db, authSessionTable, authUserTable);\n\nexport const lucia = new Lucia(adapter, {\n getSessionAttributes: (attributes: DatabaseSessionAttributes): DatabaseSessionAttributes => ({\n scope: attributes.scope,\n }),\n getUserAttributes: (attributes: DatabaseUserAttributes): DatabaseUserAttributes => ({\n email: attributes.email,\n role: attributes.role,\n }),\n sessionCookie: {\n attributes: {\n secure: process.env.NODE_ENV === 'production',\n },\n name: process.env.AUTH_COOKIE_NAME || 'auth_session',\n },\n sessionExpiresIn: getSessionExpiry(),\n});\n\nexport function generateID<T extends string = string>(prefix = '', length = ID_LENGTH): T {\n return `${prefix ? `${prefix}_` : ''}${generateId(length)}` as T;\n}\n\nexport async function invalidateSession(id: string): Promise<void> {\n const cookie = lucia.createBlankSessionCookie();\n (await cookies()).set(cookie.name, cookie.value, cookie.attributes);\n\n return lucia.invalidateSession(id);\n}\n\nexport async function invalidateUserSessions(id: string): Promise<void> {\n return lucia.invalidateUserSessions(id);\n}\n\nexport async function createUserSession(id: string, scope: Scope = 'ANON'): Promise<boolean> {\n const session = await lucia.createSession(id, { scope });\n const sessionCookie = lucia.createSessionCookie(session.id);\n (await cookies()).set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);\n\n return true;\n}\n\nexport async function getSessionID(): Promise<string | null> {\n return (await cookies()).get(lucia.sessionCookieName)?.value ?? null;\n}\n\nexport async function checkSessionExists(): Promise<boolean> {\n return Boolean(await getSessionID());\n}\n\nfunction checkUserRole(userRole: number, targetRoles?: number[] | number): boolean {\n const targetRolesArray = Array.isArray(targetRoles) ? targetRoles : [targetRoles];\n\n if (targetRolesArray[0]) {\n return targetRolesArray.includes(userRole);\n }\n\n return getAllowedRoles().includes(userRole);\n}\n\nexport async function getSessionUser(roles?: number[] | number): Promise<{\n id: string;\n email: string;\n role: number;\n} | null> {\n const sessionID = await getSessionID();\n\n if (!sessionID) {\n return null;\n }\n\n const { user } = await lucia.validateSession(sessionID);\n\n if (!user || !checkUserRole(user.role, roles)) {\n return null;\n }\n\n return pick(user, ['id', 'email', 'role']);\n}\n\nexport function checkRouteAllowed(pathname: string, route?: string): boolean {\n if (!route) {\n return false;\n }\n\n if (route === '*') {\n return true;\n }\n\n return match(route)(pathname) !== false;\n}\n\nexport async function getScopes(): Promise<ScopeObject> {\n const scopes = await getFromCache(`${await getOrigin()}:scopes`);\n return scopes ? (JSON.parse(scopes) as ScopeObject) : DEFAULT_SCOPES;\n}\n\nexport async function getScopeByID(id: Scope): Promise<ScopeData> {\n const scopes = await getScopes();\n return scopes[id];\n}\n\nexport async function setScopes(customScopes?: Partial<ScopeObject>): Promise<void> {\n const scopes = {\n ANON: {\n ...DEFAULT_SCOPES.ANON,\n ...customScopes?.ANON,\n },\n MFA: {\n ...DEFAULT_SCOPES.MFA,\n ...customScopes?.MFA,\n },\n AUTHED: {\n ...DEFAULT_SCOPES.AUTHED,\n ...customScopes?.AUTHED,\n },\n };\n return setToCache(`${await getOrigin()}:scopes`, JSON.stringify(scopes));\n}\n\nasync function validateSessionFromID(\n sessionID: string,\n pathname: string\n): Promise<{ redirect: string | null; email: string | null }> {\n const scopes = await getScopes();\n const { session, user } = await lucia.validateSession(sessionID);\n\n const scope =\n scopes[session && getAllowedRoles().includes(user?.role) ? session.scope : 'ANON'];\n\n return {\n email: user?.email || null,\n redirect: checkRouteAllowed(pathname, scope.allowedRoute)\n ? null\n : scope.redirectOnUnauth || DEFAULT_REDIRECT,\n };\n}\n\nexport async function handleSession(\n request: NextRequest,\n customScopes?: Partial<ScopeObject>\n): Promise<NextResponse> {\n const sessionID = request.nextUrl.searchParams.get('id') || '';\n const pathname = request.nextUrl.searchParams.get('pathname') || '/';\n\n await setScopes(customScopes);\n\n return NextResponse.json(await validateSessionFromID(sessionID, pathname));\n}\n","import { createClient } from 'redis';\n\nlet client: ReturnType<typeof createClient> | null = null;\n\nfunction isLocalhost(url: string): boolean {\n return url.includes('localhost') || url.includes('127.0.0.1');\n}\n\nasync function getClient(): Promise<ReturnType<typeof createClient>> {\n if (!process.env.REDIS_URL) {\n throw new Error('REDIS_URL is not defined. Access to the cache is not possible.');\n }\n\n if (client) {\n return client;\n }\n\n client = createClient({\n socket: {\n tls: !isLocalhost(process.env.REDIS_URL),\n },\n url: process.env.REDIS_URL,\n });\n\n await client.connect();\n return client;\n}\n\nexport async function getFromCache(key: string): Promise<string | null> {\n return (await getClient()).get(key);\n}\n\nexport async function setToCache(key: string, value: string): Promise<void> {\n await (await getClient()).set(key, value);\n}\n","import { headers } from 'next/headers';\n\n/**\n * Uses a number of methods to determine the current origin.\n *\n * First, it checks if an `x-origin` header. This will have been set by the `handleMiddleware`\n * function, further up the chain. For more information on how it is being set, see the\n * `middleware` documentation.\n *\n * There are some situations where middleware is not being applied, such as API routes (because the\n * redirection is not necessary, and API routes handle their own authentication). In these cases,\n * this function tries to piece together the origin from the `x-forwarded-proto` and\n * `x-forwarded-host` headers.\n *\n * Finally, if the origin cannot be determined, an error is thrown.\n *\n * @returns The origin of the current request.\n */\nexport async function getOrigin(): Promise<string> {\n const envOrigin = process.env.SZ_ORIGIN;\n\n if (envOrigin) {\n return envOrigin;\n }\n\n const origin = (await headers()).get('x-origin');\n\n if (origin) {\n return origin;\n }\n\n const proto = (await headers()).get('x-forwarded-proto');\n const host = (await headers()).get('x-forwarded-host');\n\n if (proto && host) {\n return `${proto}://${host}`;\n }\n\n throw new Error('No origin could be determined');\n}\n\nexport async function getPathname(): Promise<string> {\n const pathname = (await headers()).get('x-pathname');\n\n if (pathname) {\n return pathname;\n }\n\n throw new Error(\n 'No pathname could be determined. Please make sure middleware is being applied to the current request.'\n );\n}\n\n/**\n * Builds a URL from the current origin and a given pathname. For more information on how the origin\n * is determined, see the `getOrigin` function. This function then just concatenates the origin and\n * the pathname, and performs some cleanup to ensure the URL is valid.\n *\n * @param pathname\n * @returns The URL, with the origin and pathname combined.\n */\nexport async function makeURL(pathname?: string): Promise<string> {\n const origin = await getOrigin();\n\n if (!pathname) {\n return origin;\n }\n\n const isSecure = origin.startsWith('https://');\n\n const protocol = isSecure ? 'https://' : 'http://';\n const originWithoutProtocol = origin.replace(/^https?:\\/\\//u, '');\n\n const cleanURL = `${originWithoutProtocol}/${pathname}`.replace(/\\/+/gu, '/');\n return `${protocol}${cleanURL}`;\n}\n\n/**\n * @deprecated Use `makeURL` instead.\n */\nexport async function getURL(pathname?: string): Promise<string> {\n return makeURL(pathname);\n}\n","import bcrypt from 'bcryptjs';\n\nconst PW_SALT_ROUNDS = 12;\n\ntype PasswordRule = 'lower' | 'min' | 'number' | 'symbol' | 'upper';\n\nexport type PasswordRuleObject = Partial<Record<PasswordRule, number>>;\ntype PasswordValidityObject = Record<PasswordRule, boolean>;\n\nconst PASSWORD_RULES: PasswordRuleObject = {\n min: 8,\n upper: 1,\n lower: 1,\n number: 1,\n symbol: 1,\n};\n\nfunction checkPasswordMin(password: string, value: number): boolean {\n return password.length >= value;\n}\n\nfunction checkPasswordUpper(password: string, value: number): boolean {\n return password.replace(/[^A-Z]/gu, '').length >= value;\n}\n\nfunction checkPasswordLower(password: string, value: number): boolean {\n return password.replace(/[^a-z]/gu, '').length >= value;\n}\n\nfunction checkPasswordNumber(password: string, value: number): boolean {\n return password.replace(/[^0-9]/gu, '').length >= value;\n}\n\nfunction checkPasswordSymbol(password: string, value: number): boolean {\n return password.replace(/[^$]/gu, '').length >= value;\n}\n\nconst PASSWORD_FUNCTIONS: Record<PasswordRule, (password: string, value: number) => boolean> = {\n min: checkPasswordMin,\n upper: checkPasswordUpper,\n lower: checkPasswordLower,\n number: checkPasswordNumber,\n symbol: checkPasswordSymbol,\n};\n\nexport async function hashPassword(password: string): Promise<string> {\n const hash = await bcrypt.hash(password, PW_SALT_ROUNDS);\n return hash;\n}\n\nexport async function verifyPassword(data?: string, encrypted?: string): Promise<boolean> {\n if (!data || !encrypted) {\n return false;\n }\n\n const verified = await bcrypt.compare(data, encrypted);\n return verified;\n}\n\nexport async function getPasswordComplexity(\n password: string,\n rules: Partial<PasswordRuleObject> = PASSWORD_RULES\n): Promise<Partial<PasswordValidityObject>> {\n const entries = Object.entries(rules) as [PasswordRule, number][];\n\n const validity = entries.reduce<Partial<PasswordValidityObject>>((acc, [rule, value]) => {\n acc[rule] = PASSWORD_FUNCTIONS[rule](password, value);\n return acc;\n }, {});\n\n return Promise.resolve(validity);\n}\n\nexport async function checkPasswordComplexity(\n password: string,\n rules: Partial<PasswordRuleObject> = PASSWORD_RULES\n): Promise<Partial<boolean>> {\n const validity = await getPasswordComplexity(password, rules);\n return Promise.resolve(Object.values(validity).every(Boolean));\n}\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { LoginFormFields } from './interfaces';\n\nconst LoginRequest = createSchema<LoginFormFields>({\n email: Joi.string().email({ minDomainSegments: 2, tlds: false }).required(),\n password: Joi.string().min(8).required(),\n});\n\nexport default LoginRequest;\n","/* eslint-disable @typescript-eslint/no-magic-numbers */\n\nimport Joi from 'joi';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { PasswordFormFields } from './interfaces';\n\nconst PasswordRequest = createSchema<PasswordFormFields>({\n email: Joi.string().max(60).email({ minDomainSegments: 2, tlds: false }).required().messages({\n 'any.required': 'Please provide your email address, so we can send you a reset link',\n 'string.empty': 'Please provide your email address, so we can send you a reset link',\n 'string.email': 'Please make sure your email address is valid',\n 'string.max': 'Please make sure your email address is valid',\n }),\n});\n\nexport default PasswordRequest;\n","import Joi from 'joi';\n\nimport { checkPasswordComplexity } from './PasswordService';\nimport type { PasswordRuleObject } from './PasswordService';\nimport type { ValidationCustomHelpers } from '../forms/ValidationService';\n\nimport { createSchema } from '../forms/ValidationService';\nimport type { PasswordResetWithTokenFormFields } from './interfaces';\n\nconst passwordComplexity: PasswordRuleObject = {\n lower: 1,\n min: 8,\n number: 1,\n upper: 1,\n};\n\nasync function passwordIsComplex(\n value: string,\n helpers: ValidationCustomHelpers\n): Promise<Error | string> {\n if (!(await checkPasswordComplexity(value, passwordComplexity))) {\n return helpers.message({\n external:\n 'Please make sure your password is complex enough, to keep your account secure',\n });\n }\n return value;\n}\n\nconst PasswordResetWithTokenRequest = createSchema<PasswordResetWithTokenFormFields>({\n password: Joi.string().external(passwordIsComplex).required().messages({\n 'any.required': 'Please provide your new password',\n 'string.empty': 'Please provide your new password',\n }),\n token: Joi.string().pattern(/[a-z0-9]{40}/u),\n});\n\nexport default PasswordResetWithTokenRequest;\n","import type { NextRequest } from 'next/server';\nimport { eq } from 'drizzle-orm';\n\nimport { db } from '../database/DatabaseService';\nimport { authClientTable } from '../database/schema';\nimport type { AuthClient } from '../database/schema';\n\nimport { hashPassword, verifyPassword } from './PasswordService';\nimport { generateID } from './SessionService';\n\nconst ID_LENGTH = 16;\nconst SECRET_LENGTH = 64;\n\nexport async function getClientByID(id: string): Promise<AuthClient | null> {\n const [client] = await db\n .select()\n .from(authClientTable)\n .where(eq(authClientTable.id, id))\n .limit(1);\n\n return client;\n}\n\ninterface RegisterClientArgs {\n alias: string;\n id?: string;\n secret?: string;\n}\n\nexport async function registerClient({\n alias,\n id,\n secret,\n}: RegisterClientArgs): Promise<AuthClient | null> {\n const [client] = await db\n .insert(authClientTable)\n .values({\n alias,\n id: id || generateID('', ID_LENGTH),\n secret: await hashPassword(secret || generateID('', SECRET_LENGTH)),\n })\n .returning();\n\n return client;\n}\n\nexport async function handleClientAuth(request: NextRequest): Promise<AuthClient | null> {\n const { headers } = request;\n const header = headers.get('authorization');\n\n if (!header) {\n return null;\n }\n\n const auth = Buffer.from(header.replace('Basic ', ''), 'base64')\n .toString('utf-8')\n .replace(/:$/u, '');\n\n const [id, ...secret] = auth.split('-');\n\n const [client] = await db\n .select()\n .from(authClientTable)\n .where(eq(authClientTable.id, id))\n .limit(1);\n\n if (!client) {\n return null;\n }\n\n const isVerified = await verifyPassword(secret.join(''), client.secret);\n return isVerified ? client : null;\n}\n"]}
package/dist/database/schema.d.cts CHANGED
@@ -17,12 +17,8 @@ declare const authUserTable: drizzle_orm_pg_core.PgTableWithColumns<{
17
17
  driverParam: string;
18
18
  notNull: true;
19
19
  hasDefault: false;
20
- isPrimaryKey: true;
21
- isAutoincrement: false;
22
- hasRuntimeDefault: false;
23
20
  enumValues: [string, ...string[]];
24
21
  baseColumn: never;
25
- generated: undefined;
26
22
  }, {}, {}>;
27
23
  email: drizzle_orm_pg_core.PgColumn<{
28
24
  name: "email";
@@ -33,12 +29,8 @@ declare const authUserTable: drizzle_orm_pg_core.PgTableWithColumns<{
33
29
  driverParam: string;
34
30
  notNull: true;
35
31
  hasDefault: false;
36
- isPrimaryKey: false;
37
- isAutoincrement: false;
38
- hasRuntimeDefault: false;
39
32
  enumValues: [string, ...string[]];
40
33
  baseColumn: never;
41
- generated: undefined;
42
34
  }, {}, {}>;
43
35
  password: drizzle_orm_pg_core.PgColumn<{
44
36
  name: "password";
@@ -49,12 +41,8 @@ declare const authUserTable: drizzle_orm_pg_core.PgTableWithColumns<{
49
41
  driverParam: string;
50
42
  notNull: false;
51
43
  hasDefault: false;
52
- isPrimaryKey: false;
53
- isAutoincrement: false;
54
- hasRuntimeDefault: false;
55
44
  enumValues: [string, ...string[]];
56
45
  baseColumn: never;
57
- generated: undefined;
58
46
  }, {}, {}>;
59
47
  role: drizzle_orm_pg_core.PgColumn<{
60
48
  name: "role";
@@ -65,12 +53,8 @@ declare const authUserTable: drizzle_orm_pg_core.PgTableWithColumns<{
65
53
  driverParam: string | number;
66
54
  notNull: true;
67
55
  hasDefault: true;
68
- isPrimaryKey: false;
69
- isAutoincrement: false;
70
- hasRuntimeDefault: false;
71
56
  enumValues: undefined;
72
57
  baseColumn: never;
73
- generated: undefined;
74
58
  }, {}, {}>;
75
59
  };
76
60
  dialect: "pg";
@@ -89,12 +73,8 @@ declare const authSessionTable: drizzle_orm_pg_core.PgTableWithColumns<{
89
73
  driverParam: string;
90
74
  notNull: true;
91
75
  hasDefault: false;
92
- isPrimaryKey: true;
93
- isAutoincrement: false;
94
- hasRuntimeDefault: false;
95
76
  enumValues: [string, ...string[]];
96
77
  baseColumn: never;
97
- generated: undefined;
98
78
  }, {}, {}>;
99
79
  userId: drizzle_orm_pg_core.PgColumn<{
100
80
  name: "userId";
@@ -105,12 +85,8 @@ declare const authSessionTable: drizzle_orm_pg_core.PgTableWithColumns<{
105
85
  driverParam: string;
106
86
  notNull: true;
107
87
  hasDefault: false;
108
- isPrimaryKey: false;
109
- isAutoincrement: false;
110
- hasRuntimeDefault: false;
111
88
  enumValues: [string, ...string[]];
112
89
  baseColumn: never;
113
- generated: undefined;
114
90
  }, {}, {}>;
115
91
  scope: drizzle_orm_pg_core.PgColumn<{
116
92
  name: "scope";
@@ -121,12 +97,8 @@ declare const authSessionTable: drizzle_orm_pg_core.PgTableWithColumns<{
121
97
  driverParam: string;
122
98
  notNull: true;
123
99
  hasDefault: true;
124
- isPrimaryKey: false;
125
- isAutoincrement: false;
126
- hasRuntimeDefault: false;
127
100
  enumValues: ["ANON", "MFA", "AUTHED"];
128
101
  baseColumn: never;
129
- generated: undefined;
130
102
  }, {}, {}>;
131
103
  expiresAt: drizzle_orm_pg_core.PgColumn<{
132
104
  name: "expiresAt";
@@ -137,12 +109,8 @@ declare const authSessionTable: drizzle_orm_pg_core.PgTableWithColumns<{
137
109
  driverParam: string;
138
110
  notNull: true;
139
111
  hasDefault: false;
140
- isPrimaryKey: false;
141
- isAutoincrement: false;
142
- hasRuntimeDefault: false;
143
112
  enumValues: undefined;
144
113
  baseColumn: never;
145
- generated: undefined;
146
114
  }, {}, {}>;
147
115
  };
148
116
  dialect: "pg";
@@ -161,12 +129,8 @@ declare const authResetTable: drizzle_orm_pg_core.PgTableWithColumns<{
161
129
  driverParam: string;
162
130
  notNull: true;
163
131
  hasDefault: false;
164
- isPrimaryKey: true;
165
- isAutoincrement: false;
166
- hasRuntimeDefault: false;
167
132
  enumValues: [string, ...string[]];
168
133
  baseColumn: never;
169
- generated: undefined;
170
134
  }, {}, {}>;
171
135
  userId: drizzle_orm_pg_core.PgColumn<{
172
136
  name: "userId";
@@ -177,12 +141,8 @@ declare const authResetTable: drizzle_orm_pg_core.PgTableWithColumns<{
177
141
  driverParam: string;
178
142
  notNull: true;
179
143
  hasDefault: false;
180
- isPrimaryKey: false;
181
- isAutoincrement: false;
182
- hasRuntimeDefault: false;
183
144
  enumValues: [string, ...string[]];
184
145
  baseColumn: never;
185
- generated: undefined;
186
146
  }, {}, {}>;
187
147
  expiresAt: drizzle_orm_pg_core.PgColumn<{
188
148
  name: "expiresAt";
@@ -193,12 +153,8 @@ declare const authResetTable: drizzle_orm_pg_core.PgTableWithColumns<{
193
153
  driverParam: string;
194
154
  notNull: true;
195
155
  hasDefault: false;
196
- isPrimaryKey: false;
197
- isAutoincrement: false;
198
- hasRuntimeDefault: false;
199
156
  enumValues: undefined;
200
157
  baseColumn: never;
201
- generated: undefined;
202
158
  }, {}, {}>;
203
159
  };
204
160
  dialect: "pg";
@@ -217,12 +173,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
217
173
  driverParam: string;
218
174
  notNull: true;
219
175
  hasDefault: false;
220
- isPrimaryKey: true;
221
- isAutoincrement: false;
222
- hasRuntimeDefault: false;
223
176
  enumValues: [string, ...string[]];
224
177
  baseColumn: never;
225
- generated: undefined;
226
178
  }, {}, {}>;
227
179
  name: drizzle_orm_pg_core.PgColumn<{
228
180
  name: "name";
@@ -233,12 +185,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
233
185
  driverParam: string;
234
186
  notNull: true;
235
187
  hasDefault: false;
236
- isPrimaryKey: false;
237
- isAutoincrement: false;
238
- hasRuntimeDefault: false;
239
188
  enumValues: [string, ...string[]];
240
189
  baseColumn: never;
241
- generated: undefined;
242
190
  }, {}, {}>;
243
191
  userId: drizzle_orm_pg_core.PgColumn<{
244
192
  name: "userId";
@@ -249,12 +197,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
249
197
  driverParam: string;
250
198
  notNull: true;
251
199
  hasDefault: false;
252
- isPrimaryKey: false;
253
- isAutoincrement: false;
254
- hasRuntimeDefault: false;
255
200
  enumValues: [string, ...string[]];
256
201
  baseColumn: never;
257
- generated: undefined;
258
202
  }, {}, {}>;
259
203
  type: drizzle_orm_pg_core.PgColumn<{
260
204
  name: "type";
@@ -265,12 +209,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
265
209
  driverParam: string;
266
210
  notNull: true;
267
211
  hasDefault: true;
268
- isPrimaryKey: false;
269
- isAutoincrement: false;
270
- hasRuntimeDefault: false;
271
212
  enumValues: ["TOTP", "HARDWARE"];
272
213
  baseColumn: never;
273
- generated: undefined;
274
214
  }, {}, {}>;
275
215
  secret: drizzle_orm_pg_core.PgColumn<{
276
216
  name: "secret";
@@ -281,12 +221,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
281
221
  driverParam: string;
282
222
  notNull: true;
283
223
  hasDefault: false;
284
- isPrimaryKey: false;
285
- isAutoincrement: false;
286
- hasRuntimeDefault: false;
287
224
  enumValues: [string, ...string[]];
288
225
  baseColumn: never;
289
- generated: undefined;
290
226
  }, {}, {}>;
291
227
  verifiedAt: drizzle_orm_pg_core.PgColumn<{
292
228
  name: "verifiedAt";
@@ -297,12 +233,8 @@ declare const authMFATable: drizzle_orm_pg_core.PgTableWithColumns<{
297
233
  driverParam: string;
298
234
  notNull: false;
299
235
  hasDefault: false;
300
- isPrimaryKey: false;
301
- isAutoincrement: false;
302
- hasRuntimeDefault: false;
303
236
  enumValues: undefined;
304
237
  baseColumn: never;
305
- generated: undefined;
306
238
  }, {}, {}>;
307
239
  };
308
240
  dialect: "pg";
@@ -321,12 +253,8 @@ declare const authClientTable: drizzle_orm_pg_core.PgTableWithColumns<{
321
253
  driverParam: string;
322
254
  notNull: true;
323
255
  hasDefault: false;
324
- isPrimaryKey: true;
325
- isAutoincrement: false;
326
- hasRuntimeDefault: false;
327
256
  enumValues: [string, ...string[]];
328
257
  baseColumn: never;
329
- generated: undefined;
330
258
  }, {}, {}>;
331
259
  alias: drizzle_orm_pg_core.PgColumn<{
332
260
  name: "alias";
@@ -337,12 +265,8 @@ declare const authClientTable: drizzle_orm_pg_core.PgTableWithColumns<{
337
265
  driverParam: string;
338
266
  notNull: true;
339
267
  hasDefault: false;
340
- isPrimaryKey: false;
341
- isAutoincrement: false;
342
- hasRuntimeDefault: false;
343
268
  enumValues: [string, ...string[]];
344
269
  baseColumn: never;
345
- generated: undefined;
346
270
  }, {}, {}>;
347
271
  secret: drizzle_orm_pg_core.PgColumn<{
348
272
  name: "secret";
@@ -353,12 +277,8 @@ declare const authClientTable: drizzle_orm_pg_core.PgTableWithColumns<{
353
277
  driverParam: string;
354
278
  notNull: true;
355
279
  hasDefault: false;
356
- isPrimaryKey: false;
357
- isAutoincrement: false;
358
- hasRuntimeDefault: false;
359
280
  enumValues: [string, ...string[]];
360
281
  baseColumn: never;
361
- generated: undefined;
362
282
  }, {}, {}>;
363
283
  };
364
284
  dialect: "pg";