@stackframe/js 2.7.30 → 2.8.2

package/dist/index.d.mts

@@ -130,13 +130,30 @@ type AdminTeamPermissionDefinition = {
     id: string;
     description?: string;
     containedPermissionIds: string[];
+    isDefaultUserPermission?: boolean;
 };
 type AdminTeamPermissionDefinitionCreateOptions = {
     id: string;
     description?: string;
     containedPermissionIds: string[];
+    isDefaultUserPermission?: boolean;
 };
 type AdminTeamPermissionDefinitionUpdateOptions = Partial<AdminTeamPermissionDefinitionCreateOptions>;
+type ProjectPermission = {
+    id: string;
+};
+type AdminProjectPermission = ProjectPermission;
+type AdminProjectPermissionDefinition = {
+    id: string;
+    description?: string;
+    containedPermissionIds: string[];
+};
+type AdminProjectPermissionDefinitionCreateOptions = {
+    id: string;
+    description?: string;
+    containedPermissionIds: string[];
+};
+type AdminProjectPermissionDefinitionUpdateOptions = Partial<AdminProjectPermissionDefinitionCreateOptions>;
 
 type Connection = {
     id: string;
@@ -312,6 +329,7 @@ type BaseUser = {
     readonly otpAuthEnabled: boolean;
     readonly passkeyAuthEnabled: boolean;
     readonly isMultiFactorRequired: boolean;
+    readonly isAnonymous: boolean;
     toClientJson(): CurrentUserCrud["Client"]["Read"];
     /**
      * @deprecated, use contact channel's usedForAuth instead
@@ -352,6 +370,15 @@ type UserExtra = {
         scopes?: string[];
     }): Promise<OAuthConnection | null>;
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    hasPermission(permissionId: string): Promise<boolean>;
+    getPermission(scope: Team, permissionId: string): Promise<TeamPermission | null>;
+    getPermission(permissionId: string): Promise<TeamPermission | null>;
+    listPermissions(scope: Team, options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
+    listPermissions(options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
     readonly selectedTeam: Team | null;
     setSelectedTeam(team: Team | null): Promise<void>;
     createTeam(data: TeamCreateOptions): Promise<Team>;
@@ -405,6 +432,16 @@ type ServerBaseUser = {
     update(user: ServerUserUpdateOptions): Promise<void>;
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
+    getPermission(scope: Team, permissionId: string): Promise<TeamPermission | null>;
+    getPermission(permissionId: string): Promise<TeamPermission | null>;
+    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    hasPermission(permissionId: string): Promise<boolean>;
+    listPermissions(scope: Team, options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
+    listPermissions(options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
     /**
      * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
      */
@@ -562,7 +599,7 @@ type StackAdminAppConstructor = {
     new <HasTokenStore extends boolean, ProjectId extends string>(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>): StackAdminApp<HasTokenStore, ProjectId>;
     new (options: StackAdminAppConstructorOptions<boolean, string>): StackAdminApp<boolean, string>;
 };
-type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (AsyncStoreProperty<"project", [], AdminProject, false> & AsyncStoreProperty<"apiKeys", [], ApiKey[], true> & AsyncStoreProperty<"teamPermissionDefinitions", [], AdminTeamPermissionDefinition[], true> & {
+type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (AsyncStoreProperty<"project", [], AdminProject, false> & AsyncStoreProperty<"apiKeys", [], ApiKey[], true> & AsyncStoreProperty<"teamPermissionDefinitions", [], AdminTeamPermissionDefinition[], true> & AsyncStoreProperty<"projectPermissionDefinitions", [], AdminProjectPermissionDefinition[], true> & {
     listEmailTemplates(): Promise<AdminEmailTemplate[]>;
     updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void>;
     resetEmailTemplate(type: EmailTemplateType): Promise<void>;
@@ -570,6 +607,9 @@ type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends st
     createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>;
     updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions): Promise<void>;
     deleteTeamPermissionDefinition(permissionId: string): Promise<void>;
+    createProjectPermissionDefinition(data: AdminProjectPermissionDefinitionCreateOptions): Promise<AdminProjectPermission>;
+    updateProjectPermissionDefinition(permissionId: string, data: AdminProjectPermissionDefinitionUpdateOptions): Promise<void>;
+    deleteProjectPermissionDefinition(permissionId: string): Promise<void>;
     sendTestEmail(options: {
         recipientEmail: string;
         emailConfig: EmailConfig;
@@ -607,6 +647,7 @@ type AdminProjectConfig = {
     readonly createTeamOnSignUp: boolean;
     readonly teamCreatorDefaultPermissions: AdminTeamPermission[];
     readonly teamMemberDefaultPermissions: AdminTeamPermission[];
+    readonly userDefaultPermissions: AdminTeamPermission[];
     readonly oauthAccountMergeStrategy: 'link_method' | 'raise_error' | 'allow_duplicates';
 };
 type AdminEmailConfig = ({
@@ -657,6 +698,9 @@ type AdminProjectConfigUpdateOptions = {
     teamMemberDefaultPermissions?: {
         id: string;
     }[];
+    userDefaultPermissions?: {
+        id: string;
+    }[];
     oauthAccountMergeStrategy?: 'link_method' | 'raise_error' | 'allow_duplicates';
 };
 
@@ -779,4 +823,4 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
 });
 declare const StackClientApp: StackClientAppConstructor;
 
-export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Auth, type Connection, type ContactChannel, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerContactChannel, type ServerListUsersOptions, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, type Session, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamInvitation, type TeamMemberProfile, type TeamPermission, type TeamUpdateOptions, type TeamUser, type User, stackAppInternalsSymbol };
+export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectPermission, type AdminProjectPermissionDefinition, type AdminProjectPermissionDefinitionCreateOptions, type AdminProjectPermissionDefinitionUpdateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Auth, type Connection, type ContactChannel, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerContactChannel, type ServerListUsersOptions, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, type Session, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamInvitation, type TeamMemberProfile, type TeamUpdateOptions, type TeamUser, type User, stackAppInternalsSymbol };

package/dist/index.d.ts

@@ -130,13 +130,30 @@ type AdminTeamPermissionDefinition = {
     id: string;
     description?: string;
     containedPermissionIds: string[];
+    isDefaultUserPermission?: boolean;
 };
 type AdminTeamPermissionDefinitionCreateOptions = {
     id: string;
     description?: string;
     containedPermissionIds: string[];
+    isDefaultUserPermission?: boolean;
 };
 type AdminTeamPermissionDefinitionUpdateOptions = Partial<AdminTeamPermissionDefinitionCreateOptions>;
+type ProjectPermission = {
+    id: string;
+};
+type AdminProjectPermission = ProjectPermission;
+type AdminProjectPermissionDefinition = {
+    id: string;
+    description?: string;
+    containedPermissionIds: string[];
+};
+type AdminProjectPermissionDefinitionCreateOptions = {
+    id: string;
+    description?: string;
+    containedPermissionIds: string[];
+};
+type AdminProjectPermissionDefinitionUpdateOptions = Partial<AdminProjectPermissionDefinitionCreateOptions>;
 
 type Connection = {
     id: string;
@@ -312,6 +329,7 @@ type BaseUser = {
     readonly otpAuthEnabled: boolean;
     readonly passkeyAuthEnabled: boolean;
     readonly isMultiFactorRequired: boolean;
+    readonly isAnonymous: boolean;
     toClientJson(): CurrentUserCrud["Client"]["Read"];
     /**
      * @deprecated, use contact channel's usedForAuth instead
@@ -352,6 +370,15 @@ type UserExtra = {
         scopes?: string[];
     }): Promise<OAuthConnection | null>;
     hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    hasPermission(permissionId: string): Promise<boolean>;
+    getPermission(scope: Team, permissionId: string): Promise<TeamPermission | null>;
+    getPermission(permissionId: string): Promise<TeamPermission | null>;
+    listPermissions(scope: Team, options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
+    listPermissions(options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
     readonly selectedTeam: Team | null;
     setSelectedTeam(team: Team | null): Promise<void>;
     createTeam(data: TeamCreateOptions): Promise<Team>;
@@ -405,6 +432,16 @@ type ServerBaseUser = {
     update(user: ServerUserUpdateOptions): Promise<void>;
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
+    getPermission(scope: Team, permissionId: string): Promise<TeamPermission | null>;
+    getPermission(permissionId: string): Promise<TeamPermission | null>;
+    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
+    hasPermission(permissionId: string): Promise<boolean>;
+    listPermissions(scope: Team, options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
+    listPermissions(options?: {
+        recursive?: boolean;
+    }): Promise<TeamPermission[]>;
     /**
      * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
      */
@@ -562,7 +599,7 @@ type StackAdminAppConstructor = {
     new <HasTokenStore extends boolean, ProjectId extends string>(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>): StackAdminApp<HasTokenStore, ProjectId>;
     new (options: StackAdminAppConstructorOptions<boolean, string>): StackAdminApp<boolean, string>;
 };
-type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (AsyncStoreProperty<"project", [], AdminProject, false> & AsyncStoreProperty<"apiKeys", [], ApiKey[], true> & AsyncStoreProperty<"teamPermissionDefinitions", [], AdminTeamPermissionDefinition[], true> & {
+type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (AsyncStoreProperty<"project", [], AdminProject, false> & AsyncStoreProperty<"apiKeys", [], ApiKey[], true> & AsyncStoreProperty<"teamPermissionDefinitions", [], AdminTeamPermissionDefinition[], true> & AsyncStoreProperty<"projectPermissionDefinitions", [], AdminProjectPermissionDefinition[], true> & {
     listEmailTemplates(): Promise<AdminEmailTemplate[]>;
     updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void>;
     resetEmailTemplate(type: EmailTemplateType): Promise<void>;
@@ -570,6 +607,9 @@ type StackAdminApp<HasTokenStore extends boolean = boolean, ProjectId extends st
     createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>;
     updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions): Promise<void>;
     deleteTeamPermissionDefinition(permissionId: string): Promise<void>;
+    createProjectPermissionDefinition(data: AdminProjectPermissionDefinitionCreateOptions): Promise<AdminProjectPermission>;
+    updateProjectPermissionDefinition(permissionId: string, data: AdminProjectPermissionDefinitionUpdateOptions): Promise<void>;
+    deleteProjectPermissionDefinition(permissionId: string): Promise<void>;
     sendTestEmail(options: {
         recipientEmail: string;
         emailConfig: EmailConfig;
@@ -607,6 +647,7 @@ type AdminProjectConfig = {
     readonly createTeamOnSignUp: boolean;
     readonly teamCreatorDefaultPermissions: AdminTeamPermission[];
     readonly teamMemberDefaultPermissions: AdminTeamPermission[];
+    readonly userDefaultPermissions: AdminTeamPermission[];
     readonly oauthAccountMergeStrategy: 'link_method' | 'raise_error' | 'allow_duplicates';
 };
 type AdminEmailConfig = ({
@@ -657,6 +698,9 @@ type AdminProjectConfigUpdateOptions = {
     teamMemberDefaultPermissions?: {
         id: string;
     }[];
+    userDefaultPermissions?: {
+        id: string;
+    }[];
     oauthAccountMergeStrategy?: 'link_method' | 'raise_error' | 'allow_duplicates';
 };
 
@@ -779,4 +823,4 @@ type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends s
 });
 declare const StackClientApp: StackClientAppConstructor;
 
-export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Auth, type Connection, type ContactChannel, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerContactChannel, type ServerListUsersOptions, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, type Session, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamInvitation, type TeamMemberProfile, type TeamPermission, type TeamUpdateOptions, type TeamUser, type User, stackAppInternalsSymbol };
+export { type AdminDomainConfig, type AdminEmailConfig, type AdminOAuthProviderConfig, type AdminOwnedProject, type AdminProject, type AdminProjectConfig, type AdminProjectConfigUpdateOptions, type AdminProjectCreateOptions, type AdminProjectPermission, type AdminProjectPermissionDefinition, type AdminProjectPermissionDefinitionCreateOptions, type AdminProjectPermissionDefinitionUpdateOptions, type AdminProjectUpdateOptions, type AdminSentEmail, type AdminTeamPermission, type AdminTeamPermissionDefinition, type AdminTeamPermissionDefinitionCreateOptions, type AdminTeamPermissionDefinitionUpdateOptions, type ApiKey, type ApiKeyBase, type ApiKeyBaseCrudRead, type ApiKeyCreateOptions, type ApiKeyFirstView, type Auth, type Connection, type ContactChannel, type CurrentInternalServerUser, type CurrentInternalUser, type CurrentServerUser, type CurrentUser, type EditableTeamMemberProfile, type GetUserOptions, type HandlerUrls, type OAuthConnection, type OAuthProviderConfig, type OAuthScopesOnSignIn, type Project, type ProjectConfig, type ServerContactChannel, type ServerListUsersOptions, type ServerTeam, type ServerTeamCreateOptions, type ServerTeamMemberProfile, type ServerTeamUpdateOptions, type ServerTeamUser, type ServerUser, type Session, StackAdminApp, type StackAdminAppConstructor, type StackAdminAppConstructorOptions, StackClientApp, type StackClientAppConstructor, type StackClientAppConstructorOptions, type StackClientAppJson, StackServerApp, type StackServerAppConstructor, type StackServerAppConstructorOptions, type Team, type TeamCreateOptions, type TeamInvitation, type TeamMemberProfile, type TeamUpdateOptions, type TeamUser, type User, stackAppInternalsSymbol };

package/dist/lib/auth.js

@@ -36,8 +36,8 @@ async function signInWithOAuth(iface, options) {
   const { codeChallenge, state } = await (0, import_cookie.saveVerifierAndState)();
   const location = await iface.getOAuthUrl({
     provider: options.provider,
-    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl),
-    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl),
+    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl, "redirectUrl"),
+    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl, "errorRedirectUrl"),
     codeChallenge,
     state,
     type: "authenticate",
@@ -50,9 +50,9 @@ async function addNewOAuthProviderOrScope(iface, options, session) {
   const { codeChallenge, state } = await (0, import_cookie.saveVerifierAndState)();
   const location = await iface.getOAuthUrl({
     provider: options.provider,
-    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl),
-    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl),
-    afterCallbackRedirectUrl: (0, import_url.constructRedirectUrl)(window.location.href),
+    redirectUrl: (0, import_url.constructRedirectUrl)(options.redirectUrl, "redirectUrl"),
+    errorRedirectUrl: (0, import_url.constructRedirectUrl)(options.errorRedirectUrl, "errorRedirectUrl"),
+    afterCallbackRedirectUrl: (0, import_url.constructRedirectUrl)(window.location.href, "afterCallbackRedirectUrl"),
     codeChallenge,
     state,
     type: "link",
@@ -105,7 +105,7 @@ async function callOAuthCallback(iface, redirectUrl) {
   try {
     return import_results.Result.ok(await iface.callOAuthCallback({
       oauthParams: consumed.originalUrl.searchParams,
-      redirectUri: (0, import_url.constructRedirectUrl)(redirectUrl),
+      redirectUri: (0, import_url.constructRedirectUrl)(redirectUrl, "redirectUri"),
       codeVerifier: consumed.codeVerifier,
       state: consumed.state
     }));

package/dist/lib/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { KnownError, StackClientInterface } from \"@stackframe/stack-shared\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { neverResolve } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { deindent } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  }\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    codeChallenge,\n    state,\n    type: \"authenticate\",\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\nexport async function addNewOAuthProviderOrScope(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams() {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n      \n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams();\n  if (!consumed) return Result.ok(undefined);\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (e instanceof KnownError) {\n      throw e;\n    }\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAiD;AAEjD,oBAA8C;AAC9C,sBAA6B;AAC7B,qBAAuB;AACvB,qBAAyB;AACzB,iBAAqC;AACrC,oBAAoE;AAEpE,eAAsB,gBACpB,OACA,SAMA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAEA,eAAsB,2BACpB,OACA,SAMA,SACA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,WAAW;AAAA,IACrD,sBAAkB,iCAAqB,QAAQ,gBAAgB;AAAA,IAC/D,8BAA0B,iCAAqB,OAAO,SAAS,IAAI;AAAA,IACnE;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,kCAAkC;AACzC,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,cAAQ,KAAK,IAAI,MAAM,uDAAuD,KAAK,2EAA2E,CAAC;AAC/J,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,gBAAgB,YAAY,aAAa,IAAI,OAAO,SAAK,wBAAS,uDAAuD;AAC/H,QAAM,mBAAe,6CAA8B,aAAa;AAEhE,MAAI,CAAC,cAAc;AAGjB,YAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KAWZ;AACD,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,aAAa;AAAA,IAC3B,OAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,WAAW,gCAAgC;AACjD,MAAI,CAAC,SAAU,QAAO,sBAAO,GAAG,MAAS;AAKzC,MAAI;AACF,WAAO,sBAAO,GAAG,MAAM,MAAM,kBAAkB;AAAA,MAC7C,aAAa,SAAS,YAAY;AAAA,MAClC,iBAAa,iCAAqB,WAAW;AAAA,MAC7C,cAAc,SAAS;AAAA,MACvB,OAAO,SAAS;AAAA,IAClB,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,gCAAY;AAC3B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}
+{"version":3,"sources":["../../src/lib/auth.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { KnownError, StackClientInterface } from \"@stackframe/stack-shared\";\nimport { InternalSession } from \"@stackframe/stack-shared/dist/sessions\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { neverResolve } from \"@stackframe/stack-shared/dist/utils/promises\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { deindent } from \"@stackframe/stack-shared/dist/utils/strings\";\nimport { constructRedirectUrl } from \"../utils/url\";\nimport { consumeVerifierAndStateCookie, saveVerifierAndState } from \"./cookie\";\n\nexport async function signInWithOAuth(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  }\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"authenticate\",\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\nexport async function addNewOAuthProviderOrScope(\n  iface: StackClientInterface,\n  options: {\n    provider: string,\n    redirectUrl: string,\n    errorRedirectUrl: string,\n    providerScope?: string,\n  },\n  session: InternalSession,\n) {\n  const { codeChallenge, state } = await saveVerifierAndState();\n  const location = await iface.getOAuthUrl({\n    provider: options.provider,\n    redirectUrl: constructRedirectUrl(options.redirectUrl, \"redirectUrl\"),\n    errorRedirectUrl: constructRedirectUrl(options.errorRedirectUrl, \"errorRedirectUrl\"),\n    afterCallbackRedirectUrl: constructRedirectUrl(window.location.href, \"afterCallbackRedirectUrl\"),\n    codeChallenge,\n    state,\n    type: \"link\",\n    session,\n    providerScope: options.providerScope,\n  });\n  window.location.assign(location);\n  await neverResolve();\n}\n\n/**\n * Checks if the current URL has the query parameters for an OAuth callback, and if so, removes them.\n *\n * Must be synchronous for the logic in callOAuthCallback to work without race conditions.\n */\nfunction consumeOAuthCallbackQueryParams() {\n  const requiredParams = [\"code\", \"state\"];\n  const originalUrl = new URL(window.location.href);\n  for (const param of requiredParams) {\n    if (!originalUrl.searchParams.has(param)) {\n      console.warn(new Error(`Missing required query parameter on OAuth callback: ${param}. Maybe you opened or reloaded the oauth-callback page from your history?`));\n      return null;\n    }\n  }\n\n  const expectedState = originalUrl.searchParams.get(\"state\") ?? throwErr(\"This should never happen; isn't state required above?\");\n  const cookieResult = consumeVerifierAndStateCookie(expectedState);\n\n  if (!cookieResult) {\n    // If the state can't be found in the cookies, then the callback wasn't meant for us.\n    // Maybe the website uses another OAuth library?\n    console.warn(deindent`\n      Stack found an outer OAuth callback state in the query parameters, but not in cookies.\n      \n      This could have multiple reasons:\n        - The cookie expired, because the OAuth flow took too long.\n        - The user's browser deleted the cookie, either manually or because of a very strict cookie policy.\n        - The cookie was already consumed by this page, and the user already logged in.\n        - You are using another OAuth client library with the same callback URL as Stack.\n        - The user opened the OAuth callback page from their history.\n\n      Either way, it is probably safe to ignore this warning unless you are debugging an OAuth issue.\n    `);\n    return null;\n  }\n\n\n  const newUrl = new URL(originalUrl);\n  for (const param of requiredParams) {\n    newUrl.searchParams.delete(param);\n  }\n\n  // let's get rid of the authorization code in the history as we\n  // don't redirect to `redirectUrl` if there's a validation error\n  // (as the redirectUrl might be malicious!).\n  //\n  // We use history.replaceState instead of location.assign(...) to\n  // prevent an unnecessary reload\n  window.history.replaceState({}, \"\", newUrl.toString());\n\n  return {\n    originalUrl,\n    codeVerifier: cookieResult.codeVerifier,\n    state: expectedState,\n  };\n}\n\nexport async function callOAuthCallback(\n  iface: StackClientInterface,\n  redirectUrl: string,\n) {\n  // note: this part of the function (until the return) needs\n  // to be synchronous, to prevent race conditions when\n  // callOAuthCallback is called multiple times in parallel\n  const consumed = consumeOAuthCallbackQueryParams();\n  if (!consumed) return Result.ok(undefined);\n\n  // the rest can be asynchronous (we now know that we are the\n  // intended recipient of the callback, and the only instance\n  // of callOAuthCallback that's running)\n  try {\n    return Result.ok(await iface.callOAuthCallback({\n      oauthParams: consumed.originalUrl.searchParams,\n      redirectUri: constructRedirectUrl(redirectUrl, \"redirectUri\"),\n      codeVerifier: consumed.codeVerifier,\n      state: consumed.state,\n    }));\n  } catch (e) {\n    if (e instanceof KnownError) {\n      throw e;\n    }\n    throw new StackAssertionError(\"Error signing in during OAuth callback. Please try again.\", { cause: e });\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAiD;AAEjD,oBAA8C;AAC9C,sBAA6B;AAC7B,qBAAuB;AACvB,qBAAyB;AACzB,iBAAqC;AACrC,oBAAoE;AAEpE,eAAsB,gBACpB,OACA,SAMA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,aAAa,aAAa;AAAA,IACpE,sBAAkB,iCAAqB,QAAQ,kBAAkB,kBAAkB;AAAA,IACnF;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAEA,eAAsB,2BACpB,OACA,SAMA,SACA;AACA,QAAM,EAAE,eAAe,MAAM,IAAI,UAAM,oCAAqB;AAC5D,QAAM,WAAW,MAAM,MAAM,YAAY;AAAA,IACvC,UAAU,QAAQ;AAAA,IAClB,iBAAa,iCAAqB,QAAQ,aAAa,aAAa;AAAA,IACpE,sBAAkB,iCAAqB,QAAQ,kBAAkB,kBAAkB;AAAA,IACnF,8BAA0B,iCAAqB,OAAO,SAAS,MAAM,0BAA0B;AAAA,IAC/F;AAAA,IACA;AAAA,IACA,MAAM;AAAA,IACN;AAAA,IACA,eAAe,QAAQ;AAAA,EACzB,CAAC;AACD,SAAO,SAAS,OAAO,QAAQ;AAC/B,YAAM,8BAAa;AACrB;AAOA,SAAS,kCAAkC;AACzC,QAAM,iBAAiB,CAAC,QAAQ,OAAO;AACvC,QAAM,cAAc,IAAI,IAAI,OAAO,SAAS,IAAI;AAChD,aAAW,SAAS,gBAAgB;AAClC,QAAI,CAAC,YAAY,aAAa,IAAI,KAAK,GAAG;AACxC,cAAQ,KAAK,IAAI,MAAM,uDAAuD,KAAK,2EAA2E,CAAC;AAC/J,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,gBAAgB,YAAY,aAAa,IAAI,OAAO,SAAK,wBAAS,uDAAuD;AAC/H,QAAM,mBAAe,6CAA8B,aAAa;AAEhE,MAAI,CAAC,cAAc;AAGjB,YAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,KAWZ;AACD,WAAO;AAAA,EACT;AAGA,QAAM,SAAS,IAAI,IAAI,WAAW;AAClC,aAAW,SAAS,gBAAgB;AAClC,WAAO,aAAa,OAAO,KAAK;AAAA,EAClC;AAQA,SAAO,QAAQ,aAAa,CAAC,GAAG,IAAI,OAAO,SAAS,CAAC;AAErD,SAAO;AAAA,IACL;AAAA,IACA,cAAc,aAAa;AAAA,IAC3B,OAAO;AAAA,EACT;AACF;AAEA,eAAsB,kBACpB,OACA,aACA;AAIA,QAAM,WAAW,gCAAgC;AACjD,MAAI,CAAC,SAAU,QAAO,sBAAO,GAAG,MAAS;AAKzC,MAAI;AACF,WAAO,sBAAO,GAAG,MAAM,MAAM,kBAAkB;AAAA,MAC7C,aAAa,SAAS,YAAY;AAAA,MAClC,iBAAa,iCAAqB,aAAa,aAAa;AAAA,MAC5D,cAAc,SAAS;AAAA,MACvB,OAAO,SAAS;AAAA,IAClB,CAAC,CAAC;AAAA,EACJ,SAAS,GAAG;AACV,QAAI,aAAa,gCAAY;AAC3B,YAAM;AAAA,IACR;AACA,UAAM,IAAI,kCAAoB,6DAA6D,EAAE,OAAO,EAAE,CAAC;AAAA,EACzG;AACF;","names":[]}

package/dist/lib/stack-app/apps/implementations/admin-app-impl.js

@@ -69,7 +69,10 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
       return await this._interface.listEmailTemplates();
     });
     this._adminTeamPermissionDefinitionsCache = (0, import_common2.createCache)(async () => {
-      return await this._interface.listPermissionDefinitions();
+      return await this._interface.listTeamPermissionDefinitions();
+    });
+    this._adminProjectPermissionDefinitionsCache = (0, import_common2.createCache)(async () => {
+      return await this._interface.listProjectPermissionDefinitions();
     });
     this._svixTokenCache = (0, import_common2.createCache)(async () => {
       return await this._interface.getSvixToken();
@@ -140,7 +143,8 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
         })),
         createTeamOnSignUp: data.config.create_team_on_sign_up,
         teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,
-        teamMemberDefaultPermissions: data.config.team_member_default_permissions
+        teamMemberDefaultPermissions: data.config.team_member_default_permissions,
+        userDefaultPermissions: data.config.user_default_permissions
       },
       async update(update) {
         await app._interface.updateProject((0, import_projects.adminProjectUpdateOptionsToCrud)(update));
@@ -232,22 +236,39 @@ var _StackAdminAppImplIncomplete = class extends import_server_app_impl._StackSe
     await this._adminEmailTemplatesCache.refresh([]);
   }
   async createTeamPermissionDefinition(data) {
-    const crud = await this._interface.createPermissionDefinition((0, import_permissions.adminTeamPermissionDefinitionCreateOptionsToCrud)(data));
+    const crud = await this._interface.createTeamPermissionDefinition((0, import_permissions.adminTeamPermissionDefinitionCreateOptionsToCrud)(data));
     await this._adminTeamPermissionDefinitionsCache.refresh([]);
     return this._serverTeamPermissionDefinitionFromCrud(crud);
   }
   async updateTeamPermissionDefinition(permissionId, data) {
-    await this._interface.updatePermissionDefinition(permissionId, (0, import_permissions.adminTeamPermissionDefinitionUpdateOptionsToCrud)(data));
+    await this._interface.updateTeamPermissionDefinition(permissionId, (0, import_permissions.adminTeamPermissionDefinitionUpdateOptionsToCrud)(data));
     await this._adminTeamPermissionDefinitionsCache.refresh([]);
   }
   async deleteTeamPermissionDefinition(permissionId) {
-    await this._interface.deletePermissionDefinition(permissionId);
+    await this._interface.deleteTeamPermissionDefinition(permissionId);
     await this._adminTeamPermissionDefinitionsCache.refresh([]);
   }
   async listTeamPermissionDefinitions() {
     const crud = import_results.Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], "write-only"));
     return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));
   }
+  async createProjectPermissionDefinition(data) {
+    const crud = await this._interface.createProjectPermissionDefinition((0, import_permissions.adminProjectPermissionDefinitionCreateOptionsToCrud)(data));
+    await this._adminProjectPermissionDefinitionsCache.refresh([]);
+    return this._serverProjectPermissionDefinitionFromCrud(crud);
+  }
+  async updateProjectPermissionDefinition(permissionId, data) {
+    await this._interface.updateProjectPermissionDefinition(permissionId, (0, import_permissions.adminProjectPermissionDefinitionUpdateOptionsToCrud)(data));
+    await this._adminProjectPermissionDefinitionsCache.refresh([]);
+  }
+  async deleteProjectPermissionDefinition(permissionId) {
+    await this._interface.deleteProjectPermissionDefinition(permissionId);
+    await this._adminProjectPermissionDefinitionsCache.refresh([]);
+  }
+  async listProjectPermissionDefinitions() {
+    const crud = import_results.Result.orThrow(await this._adminProjectPermissionDefinitionsCache.getOrWait([], "write-only"));
+    return crud.map((p) => this._serverProjectPermissionDefinitionFromCrud(p));
+  }
   async _refreshProject() {
     await Promise.all([
       super._refreshProject(),

package/dist/lib/stack-app/apps/implementations/admin-app-impl.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../../src/lib/stack-app/apps/implementations/admin-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { StackAdminInterface } from \"@stackframe/stack-shared\";\nimport { getProductionModeErrors } from \"@stackframe/stack-shared/dist/helpers/production-mode\";\nimport { ApiKeyCreateCrudResponse } from \"@stackframe/stack-shared/dist/interface/adminInterface\";\nimport { ApiKeysCrud } from \"@stackframe/stack-shared/dist/interface/crud/api-keys\";\nimport { EmailTemplateCrud, EmailTemplateType } from \"@stackframe/stack-shared/dist/interface/crud/email-templates\";\nimport { InternalProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { pick } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { AdminSentEmail } from \"../..\";\nimport { ApiKey, ApiKeyBase, ApiKeyBaseCrudRead, ApiKeyCreateOptions, ApiKeyFirstView, apiKeyCreateOptionsToCrud } from \"../../api-keys\";\nimport { EmailConfig, stackAppInternalsSymbol } from \"../../common\";\nimport { AdminEmailTemplate, AdminEmailTemplateUpdateOptions, adminEmailTemplateUpdateOptionsToCrud } from \"../../email-templates\";\nimport { AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions, adminTeamPermissionDefinitionCreateOptionsToCrud, adminTeamPermissionDefinitionUpdateOptionsToCrud } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProject, AdminProjectUpdateOptions, adminProjectUpdateOptionsToCrud } from \"../../projects\";\nimport { StackAdminApp, StackAdminAppConstructorOptions } from \"../interfaces/admin-app\";\nimport { clientVersion, createCache, getBaseUrl, getDefaultProjectId, getDefaultPublishableClientKey, getDefaultSecretServerKey, getDefaultSuperSecretAdminKey } from \"./common\";\nimport { _StackServerAppImplIncomplete } from \"./server-app-impl\";\n\n\nexport class _StackAdminAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string> extends _StackServerAppImplIncomplete<HasTokenStore, ProjectId> implements StackAdminApp<HasTokenStore, ProjectId>\n{\n  declare protected _interface: StackAdminInterface;\n\n  private readonly _adminProjectCache = createCache(async () => {\n    return await this._interface.getProject();\n  });\n  private readonly _apiKeysCache = createCache(async () => {\n    return await this._interface.listApiKeys();\n  });\n  private readonly _adminEmailTemplatesCache = createCache(async () => {\n    return await this._interface.listEmailTemplates();\n  });\n  private readonly _adminTeamPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listPermissionDefinitions();\n  });\n  private readonly _svixTokenCache = createCache(async () => {\n    return await this._interface.getSvixToken();\n  });\n  private readonly _metricsCache = createCache(async () => {\n    return await this._interface.getMetrics();\n  });\n\n  constructor(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>) {\n    super({\n      interface: new StackAdminInterface({\n        getBaseUrl: () => getBaseUrl(options.baseUrl),\n        projectId: options.projectId ?? getDefaultProjectId(),\n        extraRequestHeaders: options.extraRequestHeaders ?? {},\n        clientVersion,\n        ...\"projectOwnerSession\" in options ? {\n          projectOwnerSession: options.projectOwnerSession,\n        } : {\n          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),\n          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),\n          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey(),\n        },\n      }),\n      baseUrl: options.baseUrl,\n      extraRequestHeaders: options.extraRequestHeaders,\n      projectId: options.projectId,\n      tokenStore: options.tokenStore,\n      urls: options.urls,\n      oauthScopesOnSignIn: options.oauthScopesOnSignIn,\n      redirectMethod: options.redirectMethod,\n    });\n  }\n\n  _adminOwnedProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminOwnedProject {\n    if (this._tokenStoreInit !== null) {\n      throw new StackAssertionError(\"Owned apps must always have tokenStore === null — did you not create this project with app._createOwnedApp()?\");;\n    }\n    return {\n      ...this._adminProjectFromCrud(data, onRefresh),\n      app: this as StackAdminApp<false>,\n    };\n  }\n\n  _adminProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminProject {\n    if (data.id !== this.projectId) {\n      throw new StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);\n    }\n\n    const app = this;\n    return {\n      id: data.id,\n      displayName: data.display_name,\n      description: data.description,\n      createdAt: new Date(data.created_at_millis),\n      userCount: data.user_count,\n      isProductionMode: data.is_production_mode,\n      config: {\n        id: data.config.id,\n        signUpEnabled: data.config.sign_up_enabled,\n        credentialEnabled: data.config.credential_enabled,\n        magicLinkEnabled: data.config.magic_link_enabled,\n        passkeyEnabled: data.config.passkey_enabled,\n        clientTeamCreationEnabled: data.config.client_team_creation_enabled,\n        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,\n        allowLocalhost: data.config.allow_localhost,\n        oauthAccountMergeStrategy: data.config.oauth_account_merge_strategy,\n        oauthProviders: data.config.oauth_providers.map((p) => ((p.type === 'shared' ? {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'shared',\n        } as const : {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'standard',\n          clientId: p.client_id ?? throwErr(\"Client ID is missing\"),\n          clientSecret: p.client_secret ?? throwErr(\"Client secret is missing\"),\n          facebookConfigId: p.facebook_config_id,\n          microsoftTenantId: p.microsoft_tenant_id,\n        } as const))),\n        emailConfig: data.config.email_config.type === 'shared' ? {\n          type: 'shared'\n        } : {\n          type: 'standard',\n          host: data.config.email_config.host ?? throwErr(\"Email host is missing\"),\n          port: data.config.email_config.port ?? throwErr(\"Email port is missing\"),\n          username: data.config.email_config.username ?? throwErr(\"Email username is missing\"),\n          password: data.config.email_config.password ?? throwErr(\"Email password is missing\"),\n          senderName: data.config.email_config.sender_name ?? throwErr(\"Email sender name is missing\"),\n          senderEmail: data.config.email_config.sender_email ?? throwErr(\"Email sender email is missing\"),\n        },\n        domains: data.config.domains.map((d) => ({\n          domain: d.domain,\n          handlerPath: d.handler_path,\n        })),\n        createTeamOnSignUp: data.config.create_team_on_sign_up,\n        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,\n        teamMemberDefaultPermissions: data.config.team_member_default_permissions,\n      },\n\n      async update(update: AdminProjectUpdateOptions) {\n        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));\n        await onRefresh();\n      },\n      async delete() {\n        await app._interface.deleteProject();\n      },\n      async getProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n      useProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n    };\n  }\n\n  _adminEmailTemplateFromCrud(data: EmailTemplateCrud['Admin']['Read']): AdminEmailTemplate {\n    return {\n      type: data.type,\n      subject: data.subject,\n      content: data.content,\n      isDefault: data.is_default,\n    };\n  }\n\n  override async getProject(): Promise<AdminProject> {\n    return this._adminProjectFromCrud(\n      Result.orThrow(await this._adminProjectCache.getOrWait([], \"write-only\")),\n      () => this._refreshProject()\n    );\n  }\n\n\n  protected _createApiKeyBaseFromCrud(data: ApiKeyBaseCrudRead): ApiKeyBase {\n    const app = this;\n    return {\n      id: data.id,\n      description: data.description,\n      expiresAt: new Date(data.expires_at_millis),\n      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,\n      createdAt: new Date(data.created_at_millis),\n      isValid() {\n        return this.whyInvalid() === null;\n      },\n      whyInvalid() {\n        if (this.expiresAt.getTime() < Date.now()) return \"expired\";\n        if (this.manuallyRevokedAt) return \"manually-revoked\";\n        return null;\n      },\n      async revoke() {\n        const res = await app._interface.revokeApiKeyById(data.id);\n        await app._refreshApiKeys();\n        return res;\n      }\n    };\n  }\n\n  protected _createApiKeyFromCrud(data: ApiKeysCrud[\"Admin\"][\"Read\"]): ApiKey {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,\n      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,\n      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null,\n    };\n  }\n\n  protected _createApiKeyFirstViewFromCrud(data: ApiKeyCreateCrudResponse): ApiKeyFirstView {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key,\n      secretServerKey: data.secret_server_key,\n      superSecretAdminKey: data.super_secret_admin_key,\n    };\n  }\n\n  async listApiKeys(): Promise<ApiKey[]> {\n    const crud = Result.orThrow(await this._apiKeysCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._createApiKeyFromCrud(j));\n  }\n\n\n  async createApiKey(options: ApiKeyCreateOptions): Promise<ApiKeyFirstView> {\n    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));\n    await this._refreshApiKeys();\n    return this._createApiKeyFirstViewFromCrud(crud);\n  }\n\n  async listEmailTemplates(): Promise<AdminEmailTemplate[]> {\n    const crud = Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._adminEmailTemplateFromCrud(j));\n  }\n\n  async updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void> {\n    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async resetEmailTemplate(type: EmailTemplateType) {\n    await this._interface.resetEmailTemplate(type);\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>{\n    const crud = await this._interface.createPermissionDefinition(adminTeamPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n    return this._serverTeamPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions) {\n    await this._interface.updatePermissionDefinition(permissionId, adminTeamPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteTeamPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deletePermissionDefinition(permissionId);\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listTeamPermissionDefinitions(): Promise<AdminTeamPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));\n  }\n\n\n  protected override async _refreshProject() {\n    await Promise.all([\n      super._refreshProject(),\n      this._adminProjectCache.refresh([]),\n    ]);\n  }\n\n  protected async _refreshApiKeys() {\n    await this._apiKeysCache.refresh([]);\n  }\n\n  get [stackAppInternalsSymbol]() {\n    return {\n      ...super[stackAppInternalsSymbol],\n    };\n  }\n\n  async sendTestEmail(options: {\n    recipientEmail: string,\n    emailConfig: EmailConfig,\n  }): Promise<Result<undefined, { errorMessage: string }>> {\n    const response = await this._interface.sendTestEmail({\n      recipient_email: options.recipientEmail,\n      email_config: {\n        ...(pick(options.emailConfig, ['host', 'port', 'username', 'password'])),\n        sender_email: options.emailConfig.senderEmail,\n        sender_name: options.emailConfig.senderName,\n      },\n    });\n\n    if (response.success) {\n      return Result.ok(undefined);\n    } else {\n      return Result.error({ errorMessage: response.error_message ?? throwErr(\"Email test error not specified\") });\n    }\n  }\n\n  async listSentEmails(): Promise<AdminSentEmail[]> {\n    const response = await this._interface.listSentEmails();\n    return response.items.map((email) => ({\n      id: email.id,\n      to: email.to ?? [],\n      subject: email.subject,\n      recipient: email.to?.[0] ?? \"\",\n      sentAt: new Date(email.sent_at_millis),\n      error: email.error,\n    }));\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAoC;AACpC,6BAAwC;AAKxC,oBAA8C;AAC9C,qBAAqB;AACrB,qBAAuB;AAEvB,sBAAwH;AACxH,oBAAqD;AACrD,6BAA2G;AAC3G,yBAA+P;AAC/P,sBAA4G;AAE5G,IAAAA,iBAAsK;AACtK,6BAA8C;AAGvC,IAAM,+BAAN,cAAoG,qDAC3G;AAAA,EAsBE,YAAY,SAAoE;AAC9E,UAAM;AAAA,MACJ,WAAW,IAAI,wCAAoB;AAAA,QACjC,YAAY,UAAM,2BAAW,QAAQ,OAAO;AAAA,QAC5C,WAAW,QAAQ,iBAAa,oCAAoB;AAAA,QACpD,qBAAqB,QAAQ,uBAAuB,CAAC;AAAA,QACrD;AAAA,QACA,GAAG,yBAAyB,UAAU;AAAA,UACpC,qBAAqB,QAAQ;AAAA,QAC/B,IAAI;AAAA,UACF,sBAAsB,QAAQ,4BAAwB,+CAA+B;AAAA,UACrF,iBAAiB,QAAQ,uBAAmB,0CAA0B;AAAA,UACtE,qBAAqB,QAAQ,2BAAuB,8CAA8B;AAAA,QACpF;AAAA,MACF,CAAC;AAAA,MACD,SAAS,QAAQ;AAAA,MACjB,qBAAqB,QAAQ;AAAA,MAC7B,WAAW,QAAQ;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,MAAM,QAAQ;AAAA,MACd,qBAAqB,QAAQ;AAAA,MAC7B,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AAzCH,SAAiB,yBAAqB,4BAAY,YAAY;AAC5D,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,YAAY;AAAA,IAC3C,CAAC;AACD,SAAiB,gCAA4B,4BAAY,YAAY;AACnE,aAAO,MAAM,KAAK,WAAW,mBAAmB;AAAA,IAClD,CAAC;AACD,SAAiB,2CAAuC,4BAAY,YAAY;AAC9E,aAAO,MAAM,KAAK,WAAW,0BAA0B;AAAA,IACzD,CAAC;AACD,SAAiB,sBAAkB,4BAAY,YAAY;AACzD,aAAO,MAAM,KAAK,WAAW,aAAa;AAAA,IAC5C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AAAA,EAyBD;AAAA,EAEA,2BAA2B,MAA6C,WAAmD;AACzH,QAAI,KAAK,oBAAoB,MAAM;AACjC,YAAM,IAAI,kCAAoB,oHAA+G;AAAE;AAAA,IACjJ;AACA,WAAO;AAAA,MACL,GAAG,KAAK,sBAAsB,MAAM,SAAS;AAAA,MAC7C,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,sBAAsB,MAA6C,WAA8C;AAC/G,QAAI,KAAK,OAAO,KAAK,WAAW;AAC9B,YAAM,IAAI,kCAAoB,gDAAgD,KAAK,EAAE,+CAA+C,KAAK,SAAS,IAAI;AAAA,IACxJ;AAEA,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,WAAW,KAAK;AAAA,MAChB,kBAAkB,KAAK;AAAA,MACvB,QAAQ;AAAA,QACN,IAAI,KAAK,OAAO;AAAA,QAChB,eAAe,KAAK,OAAO;AAAA,QAC3B,mBAAmB,KAAK,OAAO;AAAA,QAC/B,kBAAkB,KAAK,OAAO;AAAA,QAC9B,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO,gBAAgB,IAAI,CAAC,MAAQ,EAAE,SAAS,WAAW;AAAA,UAC7E,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,QACR,IAAa;AAAA,UACX,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,UACN,UAAU,EAAE,iBAAa,wBAAS,sBAAsB;AAAA,UACxD,cAAc,EAAE,qBAAiB,wBAAS,0BAA0B;AAAA,UACpE,kBAAkB,EAAE;AAAA,UACpB,mBAAmB,EAAE;AAAA,QACvB,CAAY;AAAA,QACZ,aAAa,KAAK,OAAO,aAAa,SAAS,WAAW;AAAA,UACxD,MAAM;AAAA,QACR,IAAI;AAAA,UACF,MAAM;AAAA,UACN,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,YAAY,KAAK,OAAO,aAAa,mBAAe,wBAAS,8BAA8B;AAAA,UAC3F,aAAa,KAAK,OAAO,aAAa,oBAAgB,wBAAS,+BAA+B;AAAA,QAChG;AAAA,QACA,SAAS,KAAK,OAAO,QAAQ,IAAI,CAAC,OAAO;AAAA,UACvC,QAAQ,EAAE;AAAA,UACV,aAAa,EAAE;AAAA,QACjB,EAAE;AAAA,QACF,oBAAoB,KAAK,OAAO;AAAA,QAChC,+BAA+B,KAAK,OAAO;AAAA,QAC3C,8BAA8B,KAAK,OAAO;AAAA,MAC5C;AAAA,MAEA,MAAM,OAAO,QAAmC;AAC9C,cAAM,IAAI,WAAW,kBAAc,iDAAgC,MAAM,CAAC;AAC1E,cAAM,UAAU;AAAA,MAClB;AAAA,MACA,MAAM,SAAS;AACb,cAAM,IAAI,WAAW,cAAc;AAAA,MACrC;AAAA,MACA,MAAM,0BAA0B;AAC9B,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,MACA,0BAA0B;AACxB,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,4BAA4B,MAA8D;AACxF,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AAAA,EAEA,MAAe,aAAoC;AACjD,WAAO,KAAK;AAAA,MACV,sBAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU,CAAC,GAAG,YAAY,CAAC;AAAA,MACxE,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAAA,EACF;AAAA,EAGU,0BAA0B,MAAsC;AACxE,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,0BAA0B,IAAI;AAAA,MACjG,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,UAAU;AACR,eAAO,KAAK,WAAW,MAAM;AAAA,MAC/B;AAAA,MACA,aAAa;AACX,YAAI,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AAClD,YAAI,KAAK,kBAAmB,QAAO;AACnC,eAAO;AAAA,MACT;AAAA,MACA,MAAM,SAAS;AACb,cAAM,MAAM,MAAM,IAAI,WAAW,iBAAiB,KAAK,EAAE;AACzD,cAAM,IAAI,gBAAgB;AAC1B,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEU,sBAAsB,MAA4C;AAC1E,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,MAC1G,iBAAiB,KAAK,oBAAoB,EAAE,UAAU,KAAK,kBAAkB,UAAU,IAAI;AAAA,MAC3F,qBAAqB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,IAC3G;AAAA,EACF;AAAA,EAEU,+BAA+B,MAAiD;AACxF,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK;AAAA,MAC3B,iBAAiB,KAAK;AAAA,MACtB,qBAAqB,KAAK;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAM,cAAiC;AACrC,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,cAAc,UAAU,CAAC,GAAG,YAAY,CAAC;AAChF,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,sBAAsB,CAAC,CAAC;AAAA,EACtD;AAAA,EAGA,MAAM,aAAa,SAAwD;AACzE,UAAM,OAAO,MAAM,KAAK,WAAW,iBAAa,2CAA0B,OAAO,CAAC;AAClF,UAAM,KAAK,gBAAgB;AAC3B,WAAO,KAAK,+BAA+B,IAAI;AAAA,EACjD;AAAA,EAEA,MAAM,qBAAoD;AACxD,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,0BAA0B,UAAU,CAAC,GAAG,YAAY,CAAC;AAC5F,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,4BAA4B,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,oBAAoB,MAAyB,MAAsD;AACvG,UAAM,KAAK,WAAW,oBAAoB,UAAM,8DAAsC,IAAI,CAAC;AAC3F,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,mBAAmB,MAAyB;AAChD,UAAM,KAAK,WAAW,mBAAmB,IAAI;AAC7C,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,+BAA+B,MAA+E;AAClH,UAAM,OAAO,MAAM,KAAK,WAAW,+BAA2B,qEAAiD,IAAI,CAAC;AACpH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAC1D,WAAO,KAAK,wCAAwC,IAAI;AAAA,EAC1D;AAAA,EAEA,MAAM,+BAA+B,cAAsB,MAAkD;AAC3G,UAAM,KAAK,WAAW,2BAA2B,kBAAc,qEAAiD,IAAI,CAAC;AACrH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,+BAA+B,cAAqC;AACxE,UAAM,KAAK,WAAW,2BAA2B,YAAY;AAC7D,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,gCAA0E;AAC9E,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,qCAAqC,UAAU,CAAC,GAAG,YAAY,CAAC;AACvG,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,wCAAwC,CAAC,CAAC;AAAA,EACxE;AAAA,EAGA,MAAyB,kBAAkB;AACzC,UAAM,QAAQ,IAAI;AAAA,MAChB,MAAM,gBAAgB;AAAA,MACtB,KAAK,mBAAmB,QAAQ,CAAC,CAAC;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,KAAK,cAAc,QAAQ,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,KAAK,qCAAuB,IAAI;AAC9B,WAAO;AAAA,MACL,GAAG,MAAM,qCAAuB;AAAA,IAClC;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,SAGqC;AACvD,UAAM,WAAW,MAAM,KAAK,WAAW,cAAc;AAAA,MACnD,iBAAiB,QAAQ;AAAA,MACzB,cAAc;AAAA,QACZ,OAAI,qBAAK,QAAQ,aAAa,CAAC,QAAQ,QAAQ,YAAY,UAAU,CAAC;AAAA,QACtE,cAAc,QAAQ,YAAY;AAAA,QAClC,aAAa,QAAQ,YAAY;AAAA,MACnC;AAAA,IACF,CAAC;AAED,QAAI,SAAS,SAAS;AACpB,aAAO,sBAAO,GAAG,MAAS;AAAA,IAC5B,OAAO;AACL,aAAO,sBAAO,MAAM,EAAE,cAAc,SAAS,qBAAiB,wBAAS,gCAAgC,EAAE,CAAC;AAAA,IAC5G;AAAA,EACF;AAAA,EAEA,MAAM,iBAA4C;AAChD,UAAM,WAAW,MAAM,KAAK,WAAW,eAAe;AACtD,WAAO,SAAS,MAAM,IAAI,CAAC,WAAW;AAAA,MACpC,IAAI,MAAM;AAAA,MACV,IAAI,MAAM,MAAM,CAAC;AAAA,MACjB,SAAS,MAAM;AAAA,MACf,WAAW,MAAM,KAAK,CAAC,KAAK;AAAA,MAC5B,QAAQ,IAAI,KAAK,MAAM,cAAc;AAAA,MACrC,OAAO,MAAM;AAAA,IACf,EAAE;AAAA,EACJ;AACF;","names":["import_common"]}
+{"version":3,"sources":["../../../../../src/lib/stack-app/apps/implementations/admin-app-impl.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY\n//===========================================\nimport { StackAdminInterface } from \"@stackframe/stack-shared\";\nimport { getProductionModeErrors } from \"@stackframe/stack-shared/dist/helpers/production-mode\";\nimport { ApiKeyCreateCrudResponse } from \"@stackframe/stack-shared/dist/interface/adminInterface\";\nimport { ApiKeysCrud } from \"@stackframe/stack-shared/dist/interface/crud/api-keys\";\nimport { EmailTemplateCrud, EmailTemplateType } from \"@stackframe/stack-shared/dist/interface/crud/email-templates\";\nimport { InternalProjectsCrud } from \"@stackframe/stack-shared/dist/interface/crud/projects\";\nimport { StackAssertionError, throwErr } from \"@stackframe/stack-shared/dist/utils/errors\";\nimport { pick } from \"@stackframe/stack-shared/dist/utils/objects\";\nimport { Result } from \"@stackframe/stack-shared/dist/utils/results\";\nimport { AdminSentEmail } from \"../..\";\nimport { ApiKey, ApiKeyBase, ApiKeyBaseCrudRead, ApiKeyCreateOptions, ApiKeyFirstView, apiKeyCreateOptionsToCrud } from \"../../api-keys\";\nimport { EmailConfig, stackAppInternalsSymbol } from \"../../common\";\nimport { AdminEmailTemplate, AdminEmailTemplateUpdateOptions, adminEmailTemplateUpdateOptionsToCrud } from \"../../email-templates\";\nimport { AdminTeamPermission, AdminTeamPermissionDefinition, AdminTeamPermissionDefinitionCreateOptions, AdminTeamPermissionDefinitionUpdateOptions, AdminProjectPermission, AdminProjectPermissionDefinition, AdminProjectPermissionDefinitionCreateOptions, AdminProjectPermissionDefinitionUpdateOptions, adminTeamPermissionDefinitionCreateOptionsToCrud, adminTeamPermissionDefinitionUpdateOptionsToCrud, adminProjectPermissionDefinitionCreateOptionsToCrud, adminProjectPermissionDefinitionUpdateOptionsToCrud } from \"../../permissions\";\nimport { AdminOwnedProject, AdminProject, AdminProjectUpdateOptions, adminProjectUpdateOptionsToCrud } from \"../../projects\";\nimport { StackAdminApp, StackAdminAppConstructorOptions } from \"../interfaces/admin-app\";\nimport { clientVersion, createCache, getBaseUrl, getDefaultProjectId, getDefaultPublishableClientKey, getDefaultSecretServerKey, getDefaultSuperSecretAdminKey } from \"./common\";\nimport { _StackServerAppImplIncomplete } from \"./server-app-impl\";\n\n\nexport class _StackAdminAppImplIncomplete<HasTokenStore extends boolean, ProjectId extends string> extends _StackServerAppImplIncomplete<HasTokenStore, ProjectId> implements StackAdminApp<HasTokenStore, ProjectId>\n{\n  declare protected _interface: StackAdminInterface;\n\n  private readonly _adminProjectCache = createCache(async () => {\n    return await this._interface.getProject();\n  });\n  private readonly _apiKeysCache = createCache(async () => {\n    return await this._interface.listApiKeys();\n  });\n  private readonly _adminEmailTemplatesCache = createCache(async () => {\n    return await this._interface.listEmailTemplates();\n  });\n  private readonly _adminTeamPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listTeamPermissionDefinitions();\n  });\n  private readonly _adminProjectPermissionDefinitionsCache = createCache(async () => {\n    return await this._interface.listProjectPermissionDefinitions();\n  });\n  private readonly _svixTokenCache = createCache(async () => {\n    return await this._interface.getSvixToken();\n  });\n  private readonly _metricsCache = createCache(async () => {\n    return await this._interface.getMetrics();\n  });\n\n  constructor(options: StackAdminAppConstructorOptions<HasTokenStore, ProjectId>) {\n    super({\n      interface: new StackAdminInterface({\n        getBaseUrl: () => getBaseUrl(options.baseUrl),\n        projectId: options.projectId ?? getDefaultProjectId(),\n        extraRequestHeaders: options.extraRequestHeaders ?? {},\n        clientVersion,\n        ...\"projectOwnerSession\" in options ? {\n          projectOwnerSession: options.projectOwnerSession,\n        } : {\n          publishableClientKey: options.publishableClientKey ?? getDefaultPublishableClientKey(),\n          secretServerKey: options.secretServerKey ?? getDefaultSecretServerKey(),\n          superSecretAdminKey: options.superSecretAdminKey ?? getDefaultSuperSecretAdminKey(),\n        },\n      }),\n      baseUrl: options.baseUrl,\n      extraRequestHeaders: options.extraRequestHeaders,\n      projectId: options.projectId,\n      tokenStore: options.tokenStore,\n      urls: options.urls,\n      oauthScopesOnSignIn: options.oauthScopesOnSignIn,\n      redirectMethod: options.redirectMethod,\n    });\n  }\n\n  _adminOwnedProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminOwnedProject {\n    if (this._tokenStoreInit !== null) {\n      throw new StackAssertionError(\"Owned apps must always have tokenStore === null — did you not create this project with app._createOwnedApp()?\");;\n    }\n    return {\n      ...this._adminProjectFromCrud(data, onRefresh),\n      app: this as StackAdminApp<false>,\n    };\n  }\n\n  _adminProjectFromCrud(data: InternalProjectsCrud['Admin']['Read'], onRefresh: () => Promise<void>): AdminProject {\n    if (data.id !== this.projectId) {\n      throw new StackAssertionError(`The project ID of the provided project JSON (${data.id}) does not match the project ID of the app (${this.projectId})!`);\n    }\n\n    const app = this;\n    return {\n      id: data.id,\n      displayName: data.display_name,\n      description: data.description,\n      createdAt: new Date(data.created_at_millis),\n      userCount: data.user_count,\n      isProductionMode: data.is_production_mode,\n      config: {\n        id: data.config.id,\n        signUpEnabled: data.config.sign_up_enabled,\n        credentialEnabled: data.config.credential_enabled,\n        magicLinkEnabled: data.config.magic_link_enabled,\n        passkeyEnabled: data.config.passkey_enabled,\n        clientTeamCreationEnabled: data.config.client_team_creation_enabled,\n        clientUserDeletionEnabled: data.config.client_user_deletion_enabled,\n        allowLocalhost: data.config.allow_localhost,\n        oauthAccountMergeStrategy: data.config.oauth_account_merge_strategy,\n        oauthProviders: data.config.oauth_providers.map((p) => ((p.type === 'shared' ? {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'shared',\n        } as const : {\n          id: p.id,\n          enabled: p.enabled,\n          type: 'standard',\n          clientId: p.client_id ?? throwErr(\"Client ID is missing\"),\n          clientSecret: p.client_secret ?? throwErr(\"Client secret is missing\"),\n          facebookConfigId: p.facebook_config_id,\n          microsoftTenantId: p.microsoft_tenant_id,\n        } as const))),\n        emailConfig: data.config.email_config.type === 'shared' ? {\n          type: 'shared'\n        } : {\n          type: 'standard',\n          host: data.config.email_config.host ?? throwErr(\"Email host is missing\"),\n          port: data.config.email_config.port ?? throwErr(\"Email port is missing\"),\n          username: data.config.email_config.username ?? throwErr(\"Email username is missing\"),\n          password: data.config.email_config.password ?? throwErr(\"Email password is missing\"),\n          senderName: data.config.email_config.sender_name ?? throwErr(\"Email sender name is missing\"),\n          senderEmail: data.config.email_config.sender_email ?? throwErr(\"Email sender email is missing\"),\n        },\n        domains: data.config.domains.map((d) => ({\n          domain: d.domain,\n          handlerPath: d.handler_path,\n        })),\n        createTeamOnSignUp: data.config.create_team_on_sign_up,\n        teamCreatorDefaultPermissions: data.config.team_creator_default_permissions,\n        teamMemberDefaultPermissions: data.config.team_member_default_permissions,\n        userDefaultPermissions: data.config.user_default_permissions,\n      },\n\n      async update(update: AdminProjectUpdateOptions) {\n        await app._interface.updateProject(adminProjectUpdateOptionsToCrud(update));\n        await onRefresh();\n      },\n      async delete() {\n        await app._interface.deleteProject();\n      },\n      async getProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n      useProductionModeErrors() {\n        return getProductionModeErrors(data);\n      },\n    };\n  }\n\n  _adminEmailTemplateFromCrud(data: EmailTemplateCrud['Admin']['Read']): AdminEmailTemplate {\n    return {\n      type: data.type,\n      subject: data.subject,\n      content: data.content,\n      isDefault: data.is_default,\n    };\n  }\n\n  override async getProject(): Promise<AdminProject> {\n    return this._adminProjectFromCrud(\n      Result.orThrow(await this._adminProjectCache.getOrWait([], \"write-only\")),\n      () => this._refreshProject()\n    );\n  }\n\n\n  protected _createApiKeyBaseFromCrud(data: ApiKeyBaseCrudRead): ApiKeyBase {\n    const app = this;\n    return {\n      id: data.id,\n      description: data.description,\n      expiresAt: new Date(data.expires_at_millis),\n      manuallyRevokedAt: data.manually_revoked_at_millis ? new Date(data.manually_revoked_at_millis) : null,\n      createdAt: new Date(data.created_at_millis),\n      isValid() {\n        return this.whyInvalid() === null;\n      },\n      whyInvalid() {\n        if (this.expiresAt.getTime() < Date.now()) return \"expired\";\n        if (this.manuallyRevokedAt) return \"manually-revoked\";\n        return null;\n      },\n      async revoke() {\n        const res = await app._interface.revokeApiKeyById(data.id);\n        await app._refreshApiKeys();\n        return res;\n      }\n    };\n  }\n\n  protected _createApiKeyFromCrud(data: ApiKeysCrud[\"Admin\"][\"Read\"]): ApiKey {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key ? { lastFour: data.publishable_client_key.last_four } : null,\n      secretServerKey: data.secret_server_key ? { lastFour: data.secret_server_key.last_four } : null,\n      superSecretAdminKey: data.super_secret_admin_key ? { lastFour: data.super_secret_admin_key.last_four } : null,\n    };\n  }\n\n  protected _createApiKeyFirstViewFromCrud(data: ApiKeyCreateCrudResponse): ApiKeyFirstView {\n    return {\n      ...this._createApiKeyBaseFromCrud(data),\n      publishableClientKey: data.publishable_client_key,\n      secretServerKey: data.secret_server_key,\n      superSecretAdminKey: data.super_secret_admin_key,\n    };\n  }\n\n  async listApiKeys(): Promise<ApiKey[]> {\n    const crud = Result.orThrow(await this._apiKeysCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._createApiKeyFromCrud(j));\n  }\n\n\n  async createApiKey(options: ApiKeyCreateOptions): Promise<ApiKeyFirstView> {\n    const crud = await this._interface.createApiKey(apiKeyCreateOptionsToCrud(options));\n    await this._refreshApiKeys();\n    return this._createApiKeyFirstViewFromCrud(crud);\n  }\n\n  async listEmailTemplates(): Promise<AdminEmailTemplate[]> {\n    const crud = Result.orThrow(await this._adminEmailTemplatesCache.getOrWait([], \"write-only\"));\n    return crud.map((j) => this._adminEmailTemplateFromCrud(j));\n  }\n\n  async updateEmailTemplate(type: EmailTemplateType, data: AdminEmailTemplateUpdateOptions): Promise<void> {\n    await this._interface.updateEmailTemplate(type, adminEmailTemplateUpdateOptionsToCrud(data));\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async resetEmailTemplate(type: EmailTemplateType) {\n    await this._interface.resetEmailTemplate(type);\n    await this._adminEmailTemplatesCache.refresh([]);\n  }\n\n  async createTeamPermissionDefinition(data: AdminTeamPermissionDefinitionCreateOptions): Promise<AdminTeamPermission>{\n    const crud = await this._interface.createTeamPermissionDefinition(adminTeamPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n    return this._serverTeamPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateTeamPermissionDefinition(permissionId: string, data: AdminTeamPermissionDefinitionUpdateOptions) {\n    await this._interface.updateTeamPermissionDefinition(permissionId, adminTeamPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteTeamPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteTeamPermissionDefinition(permissionId);\n    await this._adminTeamPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listTeamPermissionDefinitions(): Promise<AdminTeamPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminTeamPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverTeamPermissionDefinitionFromCrud(p));\n  }\n\n\n  async createProjectPermissionDefinition(data: AdminProjectPermissionDefinitionCreateOptions): Promise<AdminProjectPermission> {\n    const crud = await this._interface.createProjectPermissionDefinition(adminProjectPermissionDefinitionCreateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n    return this._serverProjectPermissionDefinitionFromCrud(crud);\n  }\n\n  async updateProjectPermissionDefinition(permissionId: string, data: AdminProjectPermissionDefinitionUpdateOptions) {\n    await this._interface.updateProjectPermissionDefinition(permissionId, adminProjectPermissionDefinitionUpdateOptionsToCrud(data));\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async deleteProjectPermissionDefinition(permissionId: string): Promise<void> {\n    await this._interface.deleteProjectPermissionDefinition(permissionId);\n    await this._adminProjectPermissionDefinitionsCache.refresh([]);\n  }\n\n  async listProjectPermissionDefinitions(): Promise<AdminProjectPermissionDefinition[]> {\n    const crud = Result.orThrow(await this._adminProjectPermissionDefinitionsCache.getOrWait([], \"write-only\"));\n    return crud.map((p) => this._serverProjectPermissionDefinitionFromCrud(p));\n  }\n\n\n  protected override async _refreshProject() {\n    await Promise.all([\n      super._refreshProject(),\n      this._adminProjectCache.refresh([]),\n    ]);\n  }\n\n  protected async _refreshApiKeys() {\n    await this._apiKeysCache.refresh([]);\n  }\n\n  get [stackAppInternalsSymbol]() {\n    return {\n      ...super[stackAppInternalsSymbol],\n    };\n  }\n\n  async sendTestEmail(options: {\n    recipientEmail: string,\n    emailConfig: EmailConfig,\n  }): Promise<Result<undefined, { errorMessage: string }>> {\n    const response = await this._interface.sendTestEmail({\n      recipient_email: options.recipientEmail,\n      email_config: {\n        ...(pick(options.emailConfig, ['host', 'port', 'username', 'password'])),\n        sender_email: options.emailConfig.senderEmail,\n        sender_name: options.emailConfig.senderName,\n      },\n    });\n\n    if (response.success) {\n      return Result.ok(undefined);\n    } else {\n      return Result.error({ errorMessage: response.error_message ?? throwErr(\"Email test error not specified\") });\n    }\n  }\n\n  async listSentEmails(): Promise<AdminSentEmail[]> {\n    const response = await this._interface.listSentEmails();\n    return response.items.map((email) => ({\n      id: email.id,\n      to: email.to ?? [],\n      subject: email.subject,\n      recipient: email.to?.[0] ?? \"\",\n      sentAt: new Date(email.sent_at_millis),\n      error: email.error,\n    }));\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAoC;AACpC,6BAAwC;AAKxC,oBAA8C;AAC9C,qBAAqB;AACrB,qBAAuB;AAEvB,sBAAwH;AACxH,oBAAqD;AACrD,6BAA2G;AAC3G,yBAAigB;AACjgB,sBAA4G;AAE5G,IAAAA,iBAAsK;AACtK,6BAA8C;AAGvC,IAAM,+BAAN,cAAoG,qDAC3G;AAAA,EAyBE,YAAY,SAAoE;AAC9E,UAAM;AAAA,MACJ,WAAW,IAAI,wCAAoB;AAAA,QACjC,YAAY,UAAM,2BAAW,QAAQ,OAAO;AAAA,QAC5C,WAAW,QAAQ,iBAAa,oCAAoB;AAAA,QACpD,qBAAqB,QAAQ,uBAAuB,CAAC;AAAA,QACrD;AAAA,QACA,GAAG,yBAAyB,UAAU;AAAA,UACpC,qBAAqB,QAAQ;AAAA,QAC/B,IAAI;AAAA,UACF,sBAAsB,QAAQ,4BAAwB,+CAA+B;AAAA,UACrF,iBAAiB,QAAQ,uBAAmB,0CAA0B;AAAA,UACtE,qBAAqB,QAAQ,2BAAuB,8CAA8B;AAAA,QACpF;AAAA,MACF,CAAC;AAAA,MACD,SAAS,QAAQ;AAAA,MACjB,qBAAqB,QAAQ;AAAA,MAC7B,WAAW,QAAQ;AAAA,MACnB,YAAY,QAAQ;AAAA,MACpB,MAAM,QAAQ;AAAA,MACd,qBAAqB,QAAQ;AAAA,MAC7B,gBAAgB,QAAQ;AAAA,IAC1B,CAAC;AA5CH,SAAiB,yBAAqB,4BAAY,YAAY;AAC5D,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,YAAY;AAAA,IAC3C,CAAC;AACD,SAAiB,gCAA4B,4BAAY,YAAY;AACnE,aAAO,MAAM,KAAK,WAAW,mBAAmB;AAAA,IAClD,CAAC;AACD,SAAiB,2CAAuC,4BAAY,YAAY;AAC9E,aAAO,MAAM,KAAK,WAAW,8BAA8B;AAAA,IAC7D,CAAC;AACD,SAAiB,8CAA0C,4BAAY,YAAY;AACjF,aAAO,MAAM,KAAK,WAAW,iCAAiC;AAAA,IAChE,CAAC;AACD,SAAiB,sBAAkB,4BAAY,YAAY;AACzD,aAAO,MAAM,KAAK,WAAW,aAAa;AAAA,IAC5C,CAAC;AACD,SAAiB,oBAAgB,4BAAY,YAAY;AACvD,aAAO,MAAM,KAAK,WAAW,WAAW;AAAA,IAC1C,CAAC;AAAA,EAyBD;AAAA,EAEA,2BAA2B,MAA6C,WAAmD;AACzH,QAAI,KAAK,oBAAoB,MAAM;AACjC,YAAM,IAAI,kCAAoB,oHAA+G;AAAE;AAAA,IACjJ;AACA,WAAO;AAAA,MACL,GAAG,KAAK,sBAAsB,MAAM,SAAS;AAAA,MAC7C,KAAK;AAAA,IACP;AAAA,EACF;AAAA,EAEA,sBAAsB,MAA6C,WAA8C;AAC/G,QAAI,KAAK,OAAO,KAAK,WAAW;AAC9B,YAAM,IAAI,kCAAoB,gDAAgD,KAAK,EAAE,+CAA+C,KAAK,SAAS,IAAI;AAAA,IACxJ;AAEA,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,WAAW,KAAK;AAAA,MAChB,kBAAkB,KAAK;AAAA,MACvB,QAAQ;AAAA,QACN,IAAI,KAAK,OAAO;AAAA,QAChB,eAAe,KAAK,OAAO;AAAA,QAC3B,mBAAmB,KAAK,OAAO;AAAA,QAC/B,kBAAkB,KAAK,OAAO;AAAA,QAC9B,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO;AAAA,QAC5B,2BAA2B,KAAK,OAAO;AAAA,QACvC,gBAAgB,KAAK,OAAO,gBAAgB,IAAI,CAAC,MAAQ,EAAE,SAAS,WAAW;AAAA,UAC7E,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,QACR,IAAa;AAAA,UACX,IAAI,EAAE;AAAA,UACN,SAAS,EAAE;AAAA,UACX,MAAM;AAAA,UACN,UAAU,EAAE,iBAAa,wBAAS,sBAAsB;AAAA,UACxD,cAAc,EAAE,qBAAiB,wBAAS,0BAA0B;AAAA,UACpE,kBAAkB,EAAE;AAAA,UACpB,mBAAmB,EAAE;AAAA,QACvB,CAAY;AAAA,QACZ,aAAa,KAAK,OAAO,aAAa,SAAS,WAAW;AAAA,UACxD,MAAM;AAAA,QACR,IAAI;AAAA,UACF,MAAM;AAAA,UACN,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,MAAM,KAAK,OAAO,aAAa,YAAQ,wBAAS,uBAAuB;AAAA,UACvE,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,UAAU,KAAK,OAAO,aAAa,gBAAY,wBAAS,2BAA2B;AAAA,UACnF,YAAY,KAAK,OAAO,aAAa,mBAAe,wBAAS,8BAA8B;AAAA,UAC3F,aAAa,KAAK,OAAO,aAAa,oBAAgB,wBAAS,+BAA+B;AAAA,QAChG;AAAA,QACA,SAAS,KAAK,OAAO,QAAQ,IAAI,CAAC,OAAO;AAAA,UACvC,QAAQ,EAAE;AAAA,UACV,aAAa,EAAE;AAAA,QACjB,EAAE;AAAA,QACF,oBAAoB,KAAK,OAAO;AAAA,QAChC,+BAA+B,KAAK,OAAO;AAAA,QAC3C,8BAA8B,KAAK,OAAO;AAAA,QAC1C,wBAAwB,KAAK,OAAO;AAAA,MACtC;AAAA,MAEA,MAAM,OAAO,QAAmC;AAC9C,cAAM,IAAI,WAAW,kBAAc,iDAAgC,MAAM,CAAC;AAC1E,cAAM,UAAU;AAAA,MAClB;AAAA,MACA,MAAM,SAAS;AACb,cAAM,IAAI,WAAW,cAAc;AAAA,MACrC;AAAA,MACA,MAAM,0BAA0B;AAC9B,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,MACA,0BAA0B;AACxB,mBAAO,gDAAwB,IAAI;AAAA,MACrC;AAAA,IACF;AAAA,EACF;AAAA,EAEA,4BAA4B,MAA8D;AACxF,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,SAAS,KAAK;AAAA,MACd,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AAAA,EAEA,MAAe,aAAoC;AACjD,WAAO,KAAK;AAAA,MACV,sBAAO,QAAQ,MAAM,KAAK,mBAAmB,UAAU,CAAC,GAAG,YAAY,CAAC;AAAA,MACxE,MAAM,KAAK,gBAAgB;AAAA,IAC7B;AAAA,EACF;AAAA,EAGU,0BAA0B,MAAsC;AACxE,UAAM,MAAM;AACZ,WAAO;AAAA,MACL,IAAI,KAAK;AAAA,MACT,aAAa,KAAK;AAAA,MAClB,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,mBAAmB,KAAK,6BAA6B,IAAI,KAAK,KAAK,0BAA0B,IAAI;AAAA,MACjG,WAAW,IAAI,KAAK,KAAK,iBAAiB;AAAA,MAC1C,UAAU;AACR,eAAO,KAAK,WAAW,MAAM;AAAA,MAC/B;AAAA,MACA,aAAa;AACX,YAAI,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AAClD,YAAI,KAAK,kBAAmB,QAAO;AACnC,eAAO;AAAA,MACT;AAAA,MACA,MAAM,SAAS;AACb,cAAM,MAAM,MAAM,IAAI,WAAW,iBAAiB,KAAK,EAAE;AACzD,cAAM,IAAI,gBAAgB;AAC1B,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA,EAEU,sBAAsB,MAA4C;AAC1E,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,MAC1G,iBAAiB,KAAK,oBAAoB,EAAE,UAAU,KAAK,kBAAkB,UAAU,IAAI;AAAA,MAC3F,qBAAqB,KAAK,yBAAyB,EAAE,UAAU,KAAK,uBAAuB,UAAU,IAAI;AAAA,IAC3G;AAAA,EACF;AAAA,EAEU,+BAA+B,MAAiD;AACxF,WAAO;AAAA,MACL,GAAG,KAAK,0BAA0B,IAAI;AAAA,MACtC,sBAAsB,KAAK;AAAA,MAC3B,iBAAiB,KAAK;AAAA,MACtB,qBAAqB,KAAK;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,MAAM,cAAiC;AACrC,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,cAAc,UAAU,CAAC,GAAG,YAAY,CAAC;AAChF,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,sBAAsB,CAAC,CAAC;AAAA,EACtD;AAAA,EAGA,MAAM,aAAa,SAAwD;AACzE,UAAM,OAAO,MAAM,KAAK,WAAW,iBAAa,2CAA0B,OAAO,CAAC;AAClF,UAAM,KAAK,gBAAgB;AAC3B,WAAO,KAAK,+BAA+B,IAAI;AAAA,EACjD;AAAA,EAEA,MAAM,qBAAoD;AACxD,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,0BAA0B,UAAU,CAAC,GAAG,YAAY,CAAC;AAC5F,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,4BAA4B,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,oBAAoB,MAAyB,MAAsD;AACvG,UAAM,KAAK,WAAW,oBAAoB,UAAM,8DAAsC,IAAI,CAAC;AAC3F,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,mBAAmB,MAAyB;AAChD,UAAM,KAAK,WAAW,mBAAmB,IAAI;AAC7C,UAAM,KAAK,0BAA0B,QAAQ,CAAC,CAAC;AAAA,EACjD;AAAA,EAEA,MAAM,+BAA+B,MAA+E;AAClH,UAAM,OAAO,MAAM,KAAK,WAAW,mCAA+B,qEAAiD,IAAI,CAAC;AACxH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAC1D,WAAO,KAAK,wCAAwC,IAAI;AAAA,EAC1D;AAAA,EAEA,MAAM,+BAA+B,cAAsB,MAAkD;AAC3G,UAAM,KAAK,WAAW,+BAA+B,kBAAc,qEAAiD,IAAI,CAAC;AACzH,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,+BAA+B,cAAqC;AACxE,UAAM,KAAK,WAAW,+BAA+B,YAAY;AACjE,UAAM,KAAK,qCAAqC,QAAQ,CAAC,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,gCAA0E;AAC9E,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,qCAAqC,UAAU,CAAC,GAAG,YAAY,CAAC;AACvG,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,wCAAwC,CAAC,CAAC;AAAA,EACxE;AAAA,EAGA,MAAM,kCAAkC,MAAsF;AAC5H,UAAM,OAAO,MAAM,KAAK,WAAW,sCAAkC,wEAAoD,IAAI,CAAC;AAC9H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAC7D,WAAO,KAAK,2CAA2C,IAAI;AAAA,EAC7D;AAAA,EAEA,MAAM,kCAAkC,cAAsB,MAAqD;AACjH,UAAM,KAAK,WAAW,kCAAkC,kBAAc,wEAAoD,IAAI,CAAC;AAC/H,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,kCAAkC,cAAqC;AAC3E,UAAM,KAAK,WAAW,kCAAkC,YAAY;AACpE,UAAM,KAAK,wCAAwC,QAAQ,CAAC,CAAC;AAAA,EAC/D;AAAA,EAEA,MAAM,mCAAgF;AACpF,UAAM,OAAO,sBAAO,QAAQ,MAAM,KAAK,wCAAwC,UAAU,CAAC,GAAG,YAAY,CAAC;AAC1G,WAAO,KAAK,IAAI,CAAC,MAAM,KAAK,2CAA2C,CAAC,CAAC;AAAA,EAC3E;AAAA,EAGA,MAAyB,kBAAkB;AACzC,UAAM,QAAQ,IAAI;AAAA,MAChB,MAAM,gBAAgB;AAAA,MACtB,KAAK,mBAAmB,QAAQ,CAAC,CAAC;AAAA,IACpC,CAAC;AAAA,EACH;AAAA,EAEA,MAAgB,kBAAkB;AAChC,UAAM,KAAK,cAAc,QAAQ,CAAC,CAAC;AAAA,EACrC;AAAA,EAEA,KAAK,qCAAuB,IAAI;AAC9B,WAAO;AAAA,MACL,GAAG,MAAM,qCAAuB;AAAA,IAClC;AAAA,EACF;AAAA,EAEA,MAAM,cAAc,SAGqC;AACvD,UAAM,WAAW,MAAM,KAAK,WAAW,cAAc;AAAA,MACnD,iBAAiB,QAAQ;AAAA,MACzB,cAAc;AAAA,QACZ,OAAI,qBAAK,QAAQ,aAAa,CAAC,QAAQ,QAAQ,YAAY,UAAU,CAAC;AAAA,QACtE,cAAc,QAAQ,YAAY;AAAA,QAClC,aAAa,QAAQ,YAAY;AAAA,MACnC;AAAA,IACF,CAAC;AAED,QAAI,SAAS,SAAS;AACpB,aAAO,sBAAO,GAAG,MAAS;AAAA,IAC5B,OAAO;AACL,aAAO,sBAAO,MAAM,EAAE,cAAc,SAAS,qBAAiB,wBAAS,gCAAgC,EAAE,CAAC;AAAA,IAC5G;AAAA,EACF;AAAA,EAEA,MAAM,iBAA4C;AAChD,UAAM,WAAW,MAAM,KAAK,WAAW,eAAe;AACtD,WAAO,SAAS,MAAM,IAAI,CAAC,WAAW;AAAA,MACpC,IAAI,MAAM;AAAA,MACV,IAAI,MAAM,MAAM,CAAC;AAAA,MACjB,SAAS,MAAM;AAAA,MACf,WAAW,MAAM,KAAK,CAAC,KAAK;AAAA,MAC5B,QAAQ,IAAI,KAAK,MAAM,cAAc;AAAA,MACrC,OAAO,MAAM;AAAA,IACf,EAAE;AAAA,EACJ;AACF;","names":["import_common"]}