@stackframe/stack-shared 2.8.8 → 2.8.11

package/dist/esm/known-errors.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/known-errors.tsx"],"sourcesContent":["import { StackAssertionError, StatusError, throwErr } from \"./utils/errors\";\nimport { identityArgs } from \"./utils/functions\";\nimport { Json } from \"./utils/json\";\nimport { deindent } from \"./utils/strings\";\n\nexport type KnownErrorJson = {\n  code: string,\n  message: string,\n  details?: Json,\n};\n\nexport type AbstractKnownErrorConstructor<Args extends any[]> =\n  & (abstract new (...args: Args) => KnownError)\n  & {\n    constructorArgsFromJson: (json: KnownErrorJson) => Args,\n  };\n\nexport type KnownErrorConstructor<SuperInstance extends KnownError, Args extends any[]> = {\n  new (...args: Args): SuperInstance & { constructorArgs: Args },\n  errorCode: string,\n  constructorArgsFromJson: (json: KnownErrorJson) => Args,\n};\n\nexport abstract class KnownError extends StatusError {\n  public name = \"KnownError\";\n\n  constructor(\n    public readonly statusCode: number,\n    public readonly humanReadableMessage: string,\n    public readonly details?: Json,\n  ) {\n    super(\n      statusCode,\n      humanReadableMessage\n    );\n  }\n\n  public override getBody(): Uint8Array {\n    return new TextEncoder().encode(JSON.stringify(this.toDescriptiveJson(), undefined, 2));\n  }\n\n  public override getHeaders(): Record<string, string[]> {\n    return {\n      \"Content-Type\": [\"application/json; charset=utf-8\"],\n      \"X-Stack-Known-Error\": [this.errorCode],\n    };\n  }\n\n  public override toDescriptiveJson(): Json {\n    return {\n      code: this.errorCode,\n      ...this.details ? { details: this.details } : {},\n      error: this.humanReadableMessage,\n    };\n  }\n\n  get errorCode(): string {\n    return (this.constructor as any).errorCode ?? throwErr(`Can't find error code for this KnownError. Is its constructor a KnownErrorConstructor? ${this}`);\n  }\n\n  public static constructorArgsFromJson(json: KnownErrorJson): ConstructorParameters<typeof KnownError> {\n    return [\n      400,\n      json.message,\n      json,\n    ];\n  }\n\n  public static fromJson(json: KnownErrorJson): KnownError {\n    for (const [_, KnownErrorType] of Object.entries(KnownErrors)) {\n      if (json.code === KnownErrorType.prototype.errorCode) {\n        const constructorArgs = KnownErrorType.constructorArgsFromJson(json);\n        return new KnownErrorType(\n          // @ts-expect-error\n          ...constructorArgs,\n        );\n      }\n    }\n\n    throw new Error(`Unknown KnownError code. You may need to update your version of Stack to see more detailed information. ${json.code}: ${json.message}`);\n  }\n}\n\nconst knownErrorConstructorErrorCodeSentinel = Symbol(\"knownErrorConstructorErrorCodeSentinel\");\n/**\n * Exists solely so that known errors are nominative types (ie. two KnownErrors with the same interface are not the same type)\n */\ntype KnownErrorBrand<ErrorCode extends string> = {\n  /**\n   * Does not exist at runtime\n   *\n   * Must be an object because it may be true for multiple error codes (it's true for all parents)\n   */\n  [knownErrorConstructorErrorCodeSentinel]: {\n    [K in ErrorCode]: true\n  },\n};\n\nfunction createKnownErrorConstructor<ErrorCode extends string, Super extends AbstractKnownErrorConstructor<any>, Args extends any[]>(\n  SuperClass: Super,\n  errorCode: ErrorCode,\n  create: ((...args: Args) => Readonly<ConstructorParameters<Super>>),\n  constructorArgsFromJson: ((jsonDetails: any) => Args),\n): KnownErrorConstructor<InstanceType<Super> & KnownErrorBrand<ErrorCode>, Args> & { errorCode: ErrorCode };\nfunction createKnownErrorConstructor<ErrorCode extends string, Super extends AbstractKnownErrorConstructor<any>>(\n  SuperClass: Super,\n  errorCode: ErrorCode,\n  create: \"inherit\",\n  constructorArgsFromJson: \"inherit\",\n): KnownErrorConstructor<InstanceType<Super> & KnownErrorBrand<ErrorCode>, ConstructorParameters<Super>> & { errorCode: ErrorCode };\nfunction createKnownErrorConstructor<ErrorCode extends string, Super extends AbstractKnownErrorConstructor<any>, Args extends any[]>(\n  SuperClass: Super,\n  errorCode: ErrorCode,\n  create: \"inherit\" | ((...args: Args) => Readonly<ConstructorParameters<Super>>),\n  constructorArgsFromJson: \"inherit\" | ((jsonDetails: any) => Args),\n): KnownErrorConstructor<InstanceType<Super> & KnownErrorBrand<ErrorCode>, Args> & { errorCode: ErrorCode } {\n  const createFn = create === \"inherit\" ? identityArgs<Args> as never : create;\n  const constructorArgsFromJsonFn = constructorArgsFromJson === \"inherit\" ? SuperClass.constructorArgsFromJson as never : constructorArgsFromJson;\n\n  // @ts-expect-error this is not a mixin, but TS detects it as one\n  class KnownErrorImpl extends SuperClass {\n    public static readonly errorCode = errorCode;\n    public name = `KnownError<${errorCode}>`;\n    public readonly constructorArgs: Args;\n\n    constructor(...args: Args) {\n      // @ts-expect-error DEVIN, STOP REMOVING THIS LINE YOU DUMBASS, YES TYPESCRIPT DOES THROW AN ERROR IF YOU DON'T HAVE IT, NO THIS IS NOT \"UNUSED\", AND YES YOU ARE BREAKING OUR CI PIPELINE EVERY TIME YOU DO IT\n      super(...createFn(...args));\n      this.constructorArgs = args;\n    }\n\n    static constructorArgsFromJson(json: KnownErrorJson): Args {\n      return constructorArgsFromJsonFn(json.details);\n    }\n  };\n\n  // @ts-expect-error\n  return KnownErrorImpl;\n}\n\nconst UnsupportedError = createKnownErrorConstructor(\n  KnownError,\n  \"UNSUPPORTED_ERROR\",\n  (originalErrorCode: string) => [\n    500,\n    `An error occurred that is not currently supported (possibly because it was added in a version of Stack that is newer than this client). The original unsupported error code was: ${originalErrorCode}`,\n    {\n      originalErrorCode,\n    },\n  ] as const,\n  (json) => [\n    (json as any)?.originalErrorCode ?? throwErr(\"originalErrorCode not found in UnsupportedError details\"),\n  ] as const,\n);\n\nconst BodyParsingError = createKnownErrorConstructor(\n  KnownError,\n  \"BODY_PARSING_ERROR\",\n  (message: string) => [\n    400,\n    message,\n  ] as const,\n  (json) => [json.message] as const,\n);\n\nconst SchemaError = createKnownErrorConstructor(\n  KnownError,\n  \"SCHEMA_ERROR\",\n  (message: string) => [\n    400,\n    message || throwErr(\"SchemaError requires a message\"),\n    {\n      message,\n    },\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\nconst AllOverloadsFailed = createKnownErrorConstructor(\n  KnownError,\n  \"ALL_OVERLOADS_FAILED\",\n  (overloadErrors: Json[]) => [\n    400,\n    deindent`\n      This endpoint has multiple overloads, but they all failed to process the request.\n\n        ${overloadErrors.map((e, i) => deindent`\n          Overload ${i + 1}: ${JSON.stringify(e, undefined, 2)}\n        `).join(\"\\n\\n\")}\n    `,\n    {\n      overload_errors: overloadErrors,\n    },\n  ] as const,\n  (json) => [\n    (json as any)?.overload_errors ?? throwErr(\"overload_errors not found in AllOverloadsFailed details\"),\n  ] as const,\n);\n\nconst ProjectAuthenticationError = createKnownErrorConstructor(\n  KnownError,\n  \"PROJECT_AUTHENTICATION_ERROR\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst InvalidProjectAuthentication = createKnownErrorConstructor(\n  ProjectAuthenticationError,\n  \"INVALID_PROJECT_AUTHENTICATION\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst ProjectKeyWithoutAccessType = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"PROJECT_KEY_WITHOUT_ACCESS_TYPE\",\n  () => [\n    400,\n    \"Either an API key or an admin access token was provided, but the x-stack-access-type header is missing. Set it to 'client', 'server', or 'admin' as appropriate.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst InvalidAccessType = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INVALID_ACCESS_TYPE\",\n  (accessType: string) => [\n    400,\n    `The x-stack-access-type header must be 'client', 'server', or 'admin', but was '${accessType}'.`,\n  ] as const,\n  (json) => [\n    (json as any)?.accessType ?? throwErr(\"accessType not found in InvalidAccessType details\"),\n  ] as const,\n);\n\nconst AccessTypeWithoutProjectId = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"ACCESS_TYPE_WITHOUT_PROJECT_ID\",\n  (accessType: \"client\" | \"server\" | \"admin\") => [\n    400,\n    deindent`\n      The x-stack-access-type header was '${accessType}', but the x-stack-project-id header was not provided.\n      \n      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/overview#authentication\n    `,\n    {\n      request_type: accessType,\n    },\n  ] as const,\n  (json: any) => [json.request_type] as const,\n);\n\nconst AccessTypeRequired = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"ACCESS_TYPE_REQUIRED\",\n  () => [\n    400,\n    deindent`\n      You must specify an access level for this Stack project. Make sure project API keys are provided (eg. x-stack-publishable-client-key) and you set the x-stack-access-type header to 'client', 'server', or 'admin'.\n      \n      For more information, see the docs on REST API authentication: https://docs.stack-auth.com/rest-api/overview#authentication\n    `,\n  ] as const,\n  () => [] as const,\n);\n\nconst InsufficientAccessType = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INSUFFICIENT_ACCESS_TYPE\",\n  (actualAccessType: \"client\" | \"server\" | \"admin\", allowedAccessTypes: (\"client\" | \"server\" | \"admin\")[]) => [\n    401,\n    `The x-stack-access-type header must be ${allowedAccessTypes.map(s => `'${s}'`).join(\" or \")}, but was '${actualAccessType}'.`,\n    {\n      actual_access_type: actualAccessType,\n      allowed_access_types: allowedAccessTypes,\n    },\n  ] as const,\n  (json: any) => [\n    json.actual_access_type,\n    json.allowed_access_types,\n  ] as const,\n);\n\nconst InvalidPublishableClientKey = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INVALID_PUBLISHABLE_CLIENT_KEY\",\n  (projectId: string) => [\n    401,\n    `The publishable key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,\n    {\n      project_id: projectId,\n    },\n  ] as const,\n  (json: any) => [json.project_id] as const,\n);\n\nconst InvalidSecretServerKey = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INVALID_SECRET_SERVER_KEY\",\n  (projectId: string) => [\n    401,\n    `The secret server key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,\n    {\n      project_id: projectId,\n    },\n  ] as const,\n  (json: any) => [json.project_id] as const,\n);\n\nconst InvalidSuperSecretAdminKey = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INVALID_SUPER_SECRET_ADMIN_KEY\",\n  (projectId: string) => [\n    401,\n    `The super secret admin key is not valid for the project ${JSON.stringify(projectId)}. Does the project and/or the key exist?`,\n    {\n      project_id: projectId,\n    },\n  ] as const,\n  (json: any) => [json.project_id] as const,\n);\n\nconst InvalidAdminAccessToken = createKnownErrorConstructor(\n  InvalidProjectAuthentication,\n  \"INVALID_ADMIN_ACCESS_TOKEN\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst UnparsableAdminAccessToken = createKnownErrorConstructor(\n  InvalidAdminAccessToken,\n  \"UNPARSABLE_ADMIN_ACCESS_TOKEN\",\n  () => [\n    401,\n    \"Admin access token is not parsable.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst AdminAccessTokenExpired = createKnownErrorConstructor(\n  InvalidAdminAccessToken,\n  \"ADMIN_ACCESS_TOKEN_EXPIRED\",\n  (expiredAt: Date | undefined) => [\n    401,\n    `Admin access token has expired. Please refresh it and try again.${expiredAt ? ` (The access token expired at ${expiredAt.toISOString()}.)`: \"\"}`,\n    { expired_at_millis: expiredAt?.getTime() ?? null },\n  ] as const,\n  (json: any) => [json.expired_at_millis ?? undefined] as const,\n);\n\nconst InvalidProjectForAdminAccessToken = createKnownErrorConstructor(\n  InvalidAdminAccessToken,\n  \"INVALID_PROJECT_FOR_ADMIN_ACCESS_TOKEN\",\n  () => [\n    401,\n    \"Admin access tokens must be created on the internal project.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst AdminAccessTokenIsNotAdmin = createKnownErrorConstructor(\n  InvalidAdminAccessToken,\n  \"ADMIN_ACCESS_TOKEN_IS_NOT_ADMIN\",\n  () => [\n    401,\n    \"Admin access token does not have the required permissions to access this project.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ProjectAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationError,\n  \"PROJECT_AUTHENTICATION_REQUIRED\",\n  \"inherit\",\n  \"inherit\",\n);\n\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ClientAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"CLIENT_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"The publishable client key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ServerAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"SERVER_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"The secret server key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ClientOrServerAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"CLIENT_OR_SERVER_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"Either the publishable client key or the secret server key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ClientOrAdminAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"CLIENT_OR_ADMIN_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"Either the publishable client key or the super secret admin key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst ClientOrServerOrAdminAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"CLIENT_OR_SERVER_OR_ADMIN_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"Either the publishable client key, the secret server key, or the super secret admin key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\n/**\n * @deprecated Use InsufficientAccessType instead\n */\nconst AdminAuthenticationRequired = createKnownErrorConstructor(\n  ProjectAuthenticationRequired,\n  \"ADMIN_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"The super secret admin key must be provided.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst ExpectedInternalProject = createKnownErrorConstructor(\n  ProjectAuthenticationError,\n  \"EXPECTED_INTERNAL_PROJECT\",\n  () => [\n    401,\n    \"The project ID is expected to be internal.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst SessionAuthenticationError = createKnownErrorConstructor(\n  KnownError,\n  \"SESSION_AUTHENTICATION_ERROR\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst InvalidSessionAuthentication = createKnownErrorConstructor(\n  SessionAuthenticationError,\n  \"INVALID_SESSION_AUTHENTICATION\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst InvalidAccessToken = createKnownErrorConstructor(\n  InvalidSessionAuthentication,\n  \"INVALID_ACCESS_TOKEN\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst UnparsableAccessToken = createKnownErrorConstructor(\n  InvalidAccessToken,\n  \"UNPARSABLE_ACCESS_TOKEN\",\n  () => [\n    401,\n    \"Access token is not parsable.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst AccessTokenExpired = createKnownErrorConstructor(\n  InvalidAccessToken,\n  \"ACCESS_TOKEN_EXPIRED\",\n  (expiredAt: Date | undefined) => [\n    401,\n    `Access token has expired. Please refresh it and try again.${expiredAt ? ` (The access token expired at ${expiredAt.toISOString()}.)`: \"\"}`,\n    { expired_at_millis: expiredAt?.getTime() ?? null },\n  ] as const,\n  (json: any) => [json.expired_at_millis ? new Date(json.expired_at_millis) : undefined] as const,\n);\n\nconst InvalidProjectForAccessToken = createKnownErrorConstructor(\n  InvalidAccessToken,\n  \"INVALID_PROJECT_FOR_ACCESS_TOKEN\",\n  (expectedProjectId: string, actualProjectId: string) => [\n    401,\n    `Access token not valid for this project. Expected project ID ${JSON.stringify(expectedProjectId)}, but the token is for project ID ${JSON.stringify(actualProjectId)}.`,\n    {\n      expected_project_id: expectedProjectId,\n      actual_project_id: actualProjectId,\n    },\n  ] as const,\n  (json: any) => [json.expected_project_id, json.actual_project_id] as const,\n);\n\n\nconst RefreshTokenError = createKnownErrorConstructor(\n  KnownError,\n  \"REFRESH_TOKEN_ERROR\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst RefreshTokenNotFoundOrExpired = createKnownErrorConstructor(\n  RefreshTokenError,\n  \"REFRESH_TOKEN_NOT_FOUND_OR_EXPIRED\",\n  () => [\n    401,\n    \"Refresh token not found for this project, or the session has expired/been revoked.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst CannotDeleteCurrentSession = createKnownErrorConstructor(\n  RefreshTokenError,\n  \"CANNOT_DELETE_CURRENT_SESSION\",\n  () => [\n    400,\n    \"Cannot delete the current session.\",\n  ] as const,\n  () => [] as const,\n);\n\n\nconst ProviderRejected = createKnownErrorConstructor(\n  RefreshTokenError,\n  \"PROVIDER_REJECTED\",\n  () => [\n    401,\n    \"The provider refused to refresh their token. This usually means that the provider used to authenticate the user no longer regards this session as valid, and the user must re-authenticate.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst UserWithEmailAlreadyExists = createKnownErrorConstructor(\n  KnownError,\n  \"USER_EMAIL_ALREADY_EXISTS\",\n  (email: string) => [\n    409,\n    `A user with email ${JSON.stringify(email)} already exists.`,\n    {\n      email,\n    },\n  ] as const,\n  (json: any) => [json.email] as const,\n);\n\nconst EmailNotVerified = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_NOT_VERIFIED\",\n  () => [\n    400,\n    \"The email is not verified.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst CannotGetOwnUserWithoutUser = createKnownErrorConstructor(\n  KnownError,\n  \"CANNOT_GET_OWN_USER_WITHOUT_USER\",\n  () => [\n    400,\n    \"You have specified 'me' as a userId, but did not provide authentication for a user.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst UserIdDoesNotExist = createKnownErrorConstructor(\n  KnownError,\n  \"USER_ID_DOES_NOT_EXIST\",\n  (userId: string) => [\n    400,\n    `The given user with the ID ${userId} does not exist.`,\n    {\n      user_id: userId,\n    },\n  ] as const,\n  (json: any) => [json.user_id] as const,\n);\n\nconst UserNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"USER_NOT_FOUND\",\n  () => [\n    404,\n    \"User not found.\",\n  ] as const,\n  () => [] as const,\n);\n\n\nconst ProjectNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"PROJECT_NOT_FOUND\",\n  (projectId: string) => {\n    if (typeof projectId !== \"string\") throw new StackAssertionError(\"projectId of KnownErrors.ProjectNotFound must be a string\");\n    return [\n      404,\n      `Project ${projectId} not found or is not accessible with the current user.`,\n      {\n        project_id: projectId,\n      },\n    ] as const;\n  },\n  (json: any) => [json.project_id] as const,\n);\n\nconst SignUpNotEnabled = createKnownErrorConstructor(\n  KnownError,\n  \"SIGN_UP_NOT_ENABLED\",\n  () => [\n    400,\n    \"Creation of new accounts is not enabled for this project. Please ask the project owner to enable it.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst PasswordAuthenticationNotEnabled = createKnownErrorConstructor(\n  KnownError,\n  \"PASSWORD_AUTHENTICATION_NOT_ENABLED\",\n  () => [\n    400,\n    \"Password authentication is not enabled for this project.\",\n  ] as const,\n  () => [] as const,\n);\n\n\nconst PasskeyAuthenticationNotEnabled = createKnownErrorConstructor(\n  KnownError,\n  \"PASSKEY_AUTHENTICATION_NOT_ENABLED\",\n  () => [\n    400,\n    \"Passkey authentication is not enabled for this project.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst AnonymousAccountsNotEnabled = createKnownErrorConstructor(\n  KnownError,\n  \"ANONYMOUS_ACCOUNTS_NOT_ENABLED\",\n  () => [\n    400,\n    \"Anonymous accounts are not enabled for this project.\",\n  ] as const,\n  () => [] as const,\n);\n\n\nconst EmailPasswordMismatch = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_PASSWORD_MISMATCH\",\n  () => [\n    400,\n    \"Wrong e-mail or password.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst RedirectUrlNotWhitelisted = createKnownErrorConstructor(\n  KnownError,\n  \"REDIRECT_URL_NOT_WHITELISTED\",\n  () => [\n    400,\n    \"Redirect URL not whitelisted. Did you forget to add this domain to the trusted domains list on the Stack Auth dashboard?\",\n  ] as const,\n  () => [] as const,\n);\n\nconst PasswordRequirementsNotMet = createKnownErrorConstructor(\n  KnownError,\n  \"PASSWORD_REQUIREMENTS_NOT_MET\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst PasswordTooShort = createKnownErrorConstructor(\n  PasswordRequirementsNotMet,\n  \"PASSWORD_TOO_SHORT\",\n  (minLength: number) => [\n    400,\n    `Password too short. Minimum length is ${minLength}.`,\n    {\n      min_length: minLength,\n    },\n  ] as const,\n  (json) => [\n    (json as any)?.min_length ?? throwErr(\"min_length not found in PasswordTooShort details\"),\n  ] as const,\n);\n\nconst PasswordTooLong = createKnownErrorConstructor(\n  PasswordRequirementsNotMet,\n  \"PASSWORD_TOO_LONG\",\n  (maxLength: number) => [\n    400,\n    `Password too long. Maximum length is ${maxLength}.`,\n    {\n      maxLength,\n    },\n  ] as const,\n  (json) => [\n    (json as any)?.maxLength ?? throwErr(\"maxLength not found in PasswordTooLong details\"),\n  ] as const,\n);\n\nconst UserDoesNotHavePassword = createKnownErrorConstructor(\n  KnownError,\n  \"USER_DOES_NOT_HAVE_PASSWORD\",\n  () => [\n    400,\n    \"This user does not have password authentication enabled.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst VerificationCodeError = createKnownErrorConstructor(\n  KnownError,\n  \"VERIFICATION_ERROR\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst VerificationCodeNotFound = createKnownErrorConstructor(\n  VerificationCodeError,\n  \"VERIFICATION_CODE_NOT_FOUND\",\n  () => [\n    404,\n    \"The verification code does not exist for this project.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst VerificationCodeExpired = createKnownErrorConstructor(\n  VerificationCodeError,\n  \"VERIFICATION_CODE_EXPIRED\",\n  () => [\n    400,\n    \"The verification code has expired.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst VerificationCodeAlreadyUsed = createKnownErrorConstructor(\n  VerificationCodeError,\n  \"VERIFICATION_CODE_ALREADY_USED\",\n  () => [\n    409,\n    \"The verification link has already been used.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst VerificationCodeMaxAttemptsReached = createKnownErrorConstructor(\n  VerificationCodeError,\n  \"VERIFICATION_CODE_MAX_ATTEMPTS_REACHED\",\n  () => [\n    400,\n    \"The verification code nonce has reached the maximum number of attempts. This code is not valid anymore.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst PasswordConfirmationMismatch = createKnownErrorConstructor(\n  KnownError,\n  \"PASSWORD_CONFIRMATION_MISMATCH\",\n  () => [\n    400,\n    \"Passwords do not match.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst EmailAlreadyVerified = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_ALREADY_VERIFIED\",\n  () => [\n    409,\n    \"The e-mail is already verified.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst EmailNotAssociatedWithUser = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_NOT_ASSOCIATED_WITH_USER\",\n  () => [\n    400,\n    \"The e-mail is not associated with a user that could log in with that e-mail.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst EmailIsNotPrimaryEmail = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_IS_NOT_PRIMARY_EMAIL\",\n  (email: string, primaryEmail: string | null) => [\n    400,\n    `The given e-mail (${email}) must equal the user's primary e-mail (${primaryEmail}).`,\n    {\n      email,\n      primary_email: primaryEmail,\n    },\n  ] as const,\n  (json: any) => [json.email, json.primary_email] as const,\n);\n\n\nconst PasskeyRegistrationFailed = createKnownErrorConstructor(\n  KnownError,\n  \"PASSKEY_REGISTRATION_FAILED\",\n  (message: string) => [\n    400,\n    message,\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\n\nconst PasskeyWebAuthnError = createKnownErrorConstructor(\n  KnownError,\n  \"PASSKEY_WEBAUTHN_ERROR\",\n  (message: string, code: string) => [\n    400,\n    message,\n    {\n      message,\n      code,\n    },\n  ] as const,\n  (json: any) => [json.message, json.code] as const,\n);\n\nconst PasskeyAuthenticationFailed = createKnownErrorConstructor(\n  KnownError,\n  \"PASSKEY_AUTHENTICATION_FAILED\",\n  (message: string) => [\n    400,\n    message,\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\n\nconst PermissionNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"PERMISSION_NOT_FOUND\",\n  (permissionId: string) => [\n    404,\n    `Permission \"${permissionId}\" not found. Make sure you created it on the dashboard.`,\n    {\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json: any) => [json.permission_id] as const,\n);\n\nconst PermissionScopeMismatch = createKnownErrorConstructor(\n  KnownError,\n  \"WRONG_PERMISSION_SCOPE\",\n  (permissionId: string, expectedScope: \"team\" | \"project\", actualScope: \"team\" | \"project\" | null) => [\n    404,\n    `Permission ${JSON.stringify(permissionId)} not found. (It was found for a different scope ${JSON.stringify(actualScope)}, but scope ${JSON.stringify(expectedScope)} was expected.)`,\n    {\n      permission_id: permissionId,\n      expected_scope: expectedScope,\n      actual_scope: actualScope,\n    },\n  ] as const,\n  (json: any) => [json.permission_id, json.expected_scope, json.actual_scope] as const,\n);\n\nconst ContainedPermissionNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"CONTAINED_PERMISSION_NOT_FOUND\",\n  (permissionId: string) => [\n    400,\n    `Contained permission with ID \"${permissionId}\" not found. Make sure you created it on the dashboard.`,\n    {\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json: any) => [json.permission_id] as const,\n);\n\nconst TeamNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_NOT_FOUND\",\n  (teamId: string) => [\n    404,\n    `Team ${teamId} not found.`,\n    {\n      team_id: teamId,\n    },\n  ] as const,\n  (json: any) => [json.team_id] as const,\n);\n\nconst TeamAlreadyExists = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_ALREADY_EXISTS\",\n  (teamId: string) => [\n    409,\n    `Team ${teamId} already exists.`,\n    {\n      team_id: teamId,\n    },\n  ] as const,\n  (json: any) => [json.team_id] as const,\n);\n\nconst TeamMembershipNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_MEMBERSHIP_NOT_FOUND\",\n  (teamId: string, userId: string) => [\n    404,\n    `User ${userId} is not found in team ${teamId}.`,\n    {\n      team_id: teamId,\n      user_id: userId,\n    },\n  ] as const,\n  (json: any) => [json.team_id, json.user_id] as const,\n);\n\n\nconst EmailTemplateAlreadyExists = createKnownErrorConstructor(\n  KnownError,\n  \"EMAIL_TEMPLATE_ALREADY_EXISTS\",\n  () => [\n    409,\n    \"Email template already exists.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthConnectionNotConnectedToUser = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_CONNECTION_NOT_CONNECTED_TO_USER\",\n  () => [\n    400,\n    \"The OAuth connection is not connected to any user.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthConnectionAlreadyConnectedToAnotherUser = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_CONNECTION_ALREADY_CONNECTED_TO_ANOTHER_USER\",\n  () => [\n    409,\n    \"The OAuth connection is already connected to another user.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthConnectionDoesNotHaveRequiredScope = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_CONNECTION_DOES_NOT_HAVE_REQUIRED_SCOPE\",\n  () => [\n    400,\n    \"The OAuth connection does not have the required scope.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthExtraScopeNotAvailableWithSharedOAuthKeys = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_EXTRA_SCOPE_NOT_AVAILABLE_WITH_SHARED_OAUTH_KEYS\",\n  () => [\n    400,\n    \"Extra scopes are not available with shared OAuth keys. Please add your own OAuth keys on the Stack dashboard to use extra scopes.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthAccessTokenNotAvailableWithSharedOAuthKeys = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_ACCESS_TOKEN_NOT_AVAILABLE_WITH_SHARED_OAUTH_KEYS\",\n  () => [\n    400,\n    \"Access tokens are not available with shared OAuth keys. Please add your own OAuth keys on the Stack dashboard to use access tokens.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst InvalidOAuthClientIdOrSecret = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_OAUTH_CLIENT_ID_OR_SECRET\",\n  (clientId?: string) => [\n    400,\n    \"The OAuth client ID or secret is invalid. The client ID must be equal to the project ID, and the client secret must be a publishable client key.\",\n    {\n      client_id: clientId ?? null,\n    },\n  ] as const,\n  (json: any) => [json.client_id ?? undefined] as const,\n);\n\nconst InvalidScope = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_SCOPE\",\n  (scope: string) => [\n    400,\n    `The scope \"${scope}\" is not a valid OAuth scope for Stack.`,\n  ] as const,\n  (json: any) => [json.scope] as const,\n);\n\nconst UserAlreadyConnectedToAnotherOAuthConnection = createKnownErrorConstructor(\n  KnownError,\n  \"USER_ALREADY_CONNECTED_TO_ANOTHER_OAUTH_CONNECTION\",\n  () => [\n    409,\n    \"The user is already connected to another OAuth account. Did you maybe selected the wrong account?\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OuterOAuthTimeout = createKnownErrorConstructor(\n  KnownError,\n  \"OUTER_OAUTH_TIMEOUT\",\n  () => [\n    408,\n    \"The OAuth flow has timed out. Please sign in again.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthProviderNotFoundOrNotEnabled = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_PROVIDER_NOT_FOUND_OR_NOT_ENABLED\",\n  () => [\n    400,\n    \"The OAuth provider is not found or not enabled.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst MultiFactorAuthenticationRequired = createKnownErrorConstructor(\n  KnownError,\n  \"MULTI_FACTOR_AUTHENTICATION_REQUIRED\",\n  (attemptCode: string) => [\n    400,\n    `Multi-factor authentication is required for this user.`,\n    {\n      attempt_code: attemptCode,\n    },\n  ] as const,\n  (json) => [json.attempt_code] as const,\n);\n\nconst InvalidTotpCode = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_TOTP_CODE\",\n  () => [\n    400,\n    \"The TOTP code is invalid. Please try again.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst UserAuthenticationRequired = createKnownErrorConstructor(\n  KnownError,\n  \"USER_AUTHENTICATION_REQUIRED\",\n  () => [\n    401,\n    \"User authentication required for this endpoint.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst TeamMembershipAlreadyExists = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_MEMBERSHIP_ALREADY_EXISTS\",\n  () => [\n    409,\n    \"Team membership already exists.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst ProjectPermissionRequired = createKnownErrorConstructor(\n  KnownError,\n  \"PROJECT_PERMISSION_REQUIRED\",\n  (userId, permissionId) => [\n    401,\n    `User ${userId} does not have permission ${permissionId}.`,\n    {\n      user_id: userId,\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json) => [json.user_id, json.permission_id] as const,\n);\n\nconst TeamPermissionRequired = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_PERMISSION_REQUIRED\",\n  (teamId, userId, permissionId) => [\n    401,\n    `User ${userId} does not have permission ${permissionId} in team ${teamId}.`,\n    {\n      team_id: teamId,\n      user_id: userId,\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json) => [json.team_id, json.user_id, json.permission_id] as const,\n);\n\nconst TeamPermissionNotFound = createKnownErrorConstructor(\n  KnownError,\n  \"TEAM_PERMISSION_NOT_FOUND\",\n  (teamId, userId, permissionId) => [\n    401,\n    `User ${userId} does not have permission ${permissionId} in team ${teamId}.`,\n    {\n      team_id: teamId,\n      user_id: userId,\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json) => [json.team_id, json.user_id, json.permission_id] as const,\n);\n\nconst InvalidSharedOAuthProviderId = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_SHARED_OAUTH_PROVIDER_ID\",\n  (providerId) => [\n    400,\n    `The shared OAuth provider with ID ${providerId} is not valid.`,\n    {\n      provider_id: providerId,\n    },\n  ] as const,\n  (json) => [json.provider_id] as const,\n);\n\nconst InvalidStandardOAuthProviderId = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_STANDARD_OAUTH_PROVIDER_ID\",\n  (providerId) => [\n    400,\n    `The standard OAuth provider with ID ${providerId} is not valid.`,\n    {\n      provider_id: providerId,\n    },\n  ] as const,\n  (json) => [json.provider_id] as const,\n);\n\nconst InvalidAuthorizationCode = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_AUTHORIZATION_CODE\",\n  () => [\n    400,\n    \"The given authorization code is invalid.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst OAuthProviderAccessDenied = createKnownErrorConstructor(\n  KnownError,\n  \"OAUTH_PROVIDER_ACCESS_DENIED\",\n  () => [\n    400,\n    \"The OAuth provider denied access to the user.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst ContactChannelAlreadyUsedForAuthBySomeoneElse = createKnownErrorConstructor(\n  KnownError,\n  \"CONTACT_CHANNEL_ALREADY_USED_FOR_AUTH_BY_SOMEONE_ELSE\",\n  (type: \"email\", contactChannelValue?: string) => [\n    409,\n    contactChannelValue ?\n    `The ${type} (${contactChannelValue}) is already used for authentication by another account.` :\n    `This ${type} is already used for authentication by another account.`,\n    { type, contact_channel_value: contactChannelValue ?? null },\n  ] as const,\n  (json) => [json.type, json.contact_channel_value] as const,\n);\n\nconst InvalidPollingCodeError = createKnownErrorConstructor(\n  KnownError,\n  \"INVALID_POLLING_CODE\",\n  (details?: Json) => [\n    400,\n    \"The polling code is invalid or does not exist.\",\n    details,\n  ] as const,\n  (json: any) => [json] as const,\n);\n\nconst CliAuthError = createKnownErrorConstructor(\n  KnownError,\n  \"CLI_AUTH_ERROR\",\n  (message: string) => [\n    400,\n    message,\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\nconst CliAuthExpiredError = createKnownErrorConstructor(\n  KnownError,\n  \"CLI_AUTH_EXPIRED_ERROR\",\n  (message: string = \"CLI authentication request expired. Please try again.\") => [\n    400,\n    message,\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\nconst CliAuthUsedError = createKnownErrorConstructor(\n  KnownError,\n  \"CLI_AUTH_USED_ERROR\",\n  (message: string = \"This authentication token has already been used.\") => [\n    400,\n    message,\n  ] as const,\n  (json: any) => [json.message] as const,\n);\n\n\nconst ApiKeyNotValid = createKnownErrorConstructor(\n  KnownError,\n  \"API_KEY_NOT_VALID\",\n  \"inherit\",\n  \"inherit\",\n);\n\nconst ApiKeyExpired = createKnownErrorConstructor(\n  ApiKeyNotValid,\n  \"API_KEY_EXPIRED\",\n  () => [\n    401,\n    \"API key has expired.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst ApiKeyRevoked = createKnownErrorConstructor(\n  ApiKeyNotValid,\n  \"API_KEY_REVOKED\",\n  () => [\n    401,\n    \"API key has been revoked.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst WrongApiKeyType = createKnownErrorConstructor(\n  ApiKeyNotValid,\n  \"WRONG_API_KEY_TYPE\",\n  (expectedType: string, actualType: string) => [\n    400,\n    `This endpoint is for ${expectedType} API keys, but a ${actualType} API key was provided.`,\n    { expected_type: expectedType, actual_type: actualType },\n  ] as const,\n  (json) => [json.expected_type, json.actual_type] as const,\n);\n\nconst ApiKeyNotFound = createKnownErrorConstructor(\n  ApiKeyNotValid,\n  \"API_KEY_NOT_FOUND\",\n  () => [\n    404,\n    \"API key not found.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst PublicApiKeyCannotBeRevoked = createKnownErrorConstructor(\n  ApiKeyNotValid,\n  \"PUBLIC_API_KEY_CANNOT_BE_REVOKED\",\n  () => [\n    400,\n    \"Public API keys cannot be revoked by the secretscanner endpoint.\",\n  ] as const,\n  () => [] as const,\n);\n\nconst PermissionIdAlreadyExists = createKnownErrorConstructor(\n  KnownError,\n  \"PERMISSION_ID_ALREADY_EXISTS\",\n  (permissionId: string) => [\n    400,\n    `Permission with ID \"${permissionId}\" already exists. Choose a different ID.`,\n    {\n      permission_id: permissionId,\n    },\n  ] as const,\n  (json: any) => [json.permission_id] as const,\n);\n\nexport type KnownErrors = {\n  [K in keyof typeof KnownErrors]: InstanceType<typeof KnownErrors[K]>;\n};\n\nexport const KnownErrors = {\n  CannotDeleteCurrentSession,\n  UnsupportedError,\n  BodyParsingError,\n  SchemaError,\n  AllOverloadsFailed,\n  ProjectAuthenticationError,\n  PermissionIdAlreadyExists,\n  CliAuthError,\n  CliAuthExpiredError,\n  CliAuthUsedError,\n  InvalidProjectAuthentication,\n  ProjectKeyWithoutAccessType,\n  InvalidAccessType,\n  AccessTypeWithoutProjectId,\n  AccessTypeRequired,\n  CannotGetOwnUserWithoutUser,\n  InsufficientAccessType,\n  InvalidPublishableClientKey,\n  InvalidSecretServerKey,\n  InvalidSuperSecretAdminKey,\n  InvalidAdminAccessToken,\n  UnparsableAdminAccessToken,\n  AdminAccessTokenExpired,\n  InvalidProjectForAdminAccessToken,\n  AdminAccessTokenIsNotAdmin,\n  ProjectAuthenticationRequired,\n  ClientAuthenticationRequired,\n  ServerAuthenticationRequired,\n  ClientOrServerAuthenticationRequired,\n  ClientOrAdminAuthenticationRequired,\n  ClientOrServerOrAdminAuthenticationRequired,\n  AdminAuthenticationRequired,\n  ExpectedInternalProject,\n  SessionAuthenticationError,\n  InvalidSessionAuthentication,\n  InvalidAccessToken,\n  UnparsableAccessToken,\n  AccessTokenExpired,\n  InvalidProjectForAccessToken,\n  RefreshTokenError,\n  ProviderRejected,\n  RefreshTokenNotFoundOrExpired,\n  UserWithEmailAlreadyExists,\n  EmailNotVerified,\n  UserIdDoesNotExist,\n  UserNotFound,\n  ApiKeyNotFound,\n  PublicApiKeyCannotBeRevoked,\n  ProjectNotFound,\n  SignUpNotEnabled,\n  PasswordAuthenticationNotEnabled,\n  PasskeyAuthenticationNotEnabled,\n  AnonymousAccountsNotEnabled,\n  EmailPasswordMismatch,\n  RedirectUrlNotWhitelisted,\n  PasswordRequirementsNotMet,\n  PasswordTooShort,\n  PasswordTooLong,\n  UserDoesNotHavePassword,\n  VerificationCodeError,\n  VerificationCodeNotFound,\n  VerificationCodeExpired,\n  VerificationCodeAlreadyUsed,\n  VerificationCodeMaxAttemptsReached,\n  PasswordConfirmationMismatch,\n  EmailAlreadyVerified,\n  EmailNotAssociatedWithUser,\n  EmailIsNotPrimaryEmail,\n  PasskeyRegistrationFailed,\n  PasskeyWebAuthnError,\n  PasskeyAuthenticationFailed,\n  PermissionNotFound,\n  PermissionScopeMismatch,\n  ContainedPermissionNotFound,\n  TeamNotFound,\n  TeamMembershipNotFound,\n  EmailTemplateAlreadyExists,\n  OAuthConnectionNotConnectedToUser,\n  OAuthConnectionAlreadyConnectedToAnotherUser,\n  OAuthConnectionDoesNotHaveRequiredScope,\n  OAuthExtraScopeNotAvailableWithSharedOAuthKeys,\n  OAuthAccessTokenNotAvailableWithSharedOAuthKeys,\n  InvalidOAuthClientIdOrSecret,\n  InvalidScope,\n  UserAlreadyConnectedToAnotherOAuthConnection,\n  OuterOAuthTimeout,\n  OAuthProviderNotFoundOrNotEnabled,\n  MultiFactorAuthenticationRequired,\n  InvalidTotpCode,\n  UserAuthenticationRequired,\n  TeamMembershipAlreadyExists,\n  ProjectPermissionRequired,\n  TeamPermissionRequired,\n  InvalidSharedOAuthProviderId,\n  InvalidStandardOAuthProviderId,\n  InvalidAuthorizationCode,\n  TeamPermissionNotFound,\n  OAuthProviderAccessDenied,\n  ContactChannelAlreadyUsedForAuthBySomeoneElse,\n  InvalidPollingCodeError,\n  ApiKeyNotValid,\n  ApiKeyExpired,\n  ApiKeyRevoked,\n  WrongApiKeyType,\n} satisfies Record<string, KnownErrorConstructor<any, any>>;\n\n\n// ensure that all known error codes are unique\nconst knownErrorCodes = new Set<string>();\nfor (const [_, KnownError] of Object.entries(KnownErrors)) {\n  if (knownErrorCodes.has(KnownError.errorCode)) {\n    throw new Error(`Duplicate known error code: ${KnownError.errorCode}`);\n  }\n  knownErrorCodes.add(KnownError.errorCode);\n}\n"],"mappings":";AAAA,SAAS,qBAAqB,aAAa,gBAAgB;AAC3D,SAAS,oBAAoB;AAE7B,SAAS,gBAAgB;AAoBlB,IAAe,aAAf,cAAkC,YAAY;AAAA,EAGnD,YACkB,YACA,sBACA,SAChB;AACA;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAPgB;AACA;AACA;AALlB,SAAO,OAAO;AAAA,EAWd;AAAA,EAEgB,UAAsB;AACpC,WAAO,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,KAAK,kBAAkB,GAAG,QAAW,CAAC,CAAC;AAAA,EACxF;AAAA,EAEgB,aAAuC;AACrD,WAAO;AAAA,MACL,gBAAgB,CAAC,iCAAiC;AAAA,MAClD,uBAAuB,CAAC,KAAK,SAAS;AAAA,IACxC;AAAA,EACF;AAAA,EAEgB,oBAA0B;AACxC,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,GAAG,KAAK,UAAU,EAAE,SAAS,KAAK,QAAQ,IAAI,CAAC;AAAA,MAC/C,OAAO,KAAK;AAAA,IACd;AAAA,EACF;AAAA,EAEA,IAAI,YAAoB;AACtB,WAAQ,KAAK,YAAoB,aAAa,SAAS,0FAA0F,IAAI,EAAE;AAAA,EACzJ;AAAA,EAEA,OAAc,wBAAwB,MAAgE;AACpG,WAAO;AAAA,MACL;AAAA,MACA,KAAK;AAAA,MACL;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAc,SAAS,MAAkC;AACvD,eAAW,CAAC,GAAG,cAAc,KAAK,OAAO,QAAQ,WAAW,GAAG;AAC7D,UAAI,KAAK,SAAS,eAAe,UAAU,WAAW;AACpD,cAAM,kBAAkB,eAAe,wBAAwB,IAAI;AACnE,eAAO,IAAI;AAAA,UAET,GAAG;AAAA,QACL;AAAA,MACF;AAAA,IACF;AAEA,UAAM,IAAI,MAAM,2GAA2G,KAAK,IAAI,KAAK,KAAK,OAAO,EAAE;AAAA,EACzJ;AACF;AAEA,IAAM,yCAAyC,OAAO,wCAAwC;AA2B9F,SAAS,4BACP,YACA,WACA,QACA,yBAC0G;AAC1G,QAAM,WAAW,WAAW,YAAY,eAA8B;AACtE,QAAM,4BAA4B,4BAA4B,YAAY,WAAW,0BAAmC;AAAA,EAGxH,MAAM,uBAAuB,WAAW;AAAA,IAKtC,eAAe,MAAY;AAEzB,YAAM,GAAG,SAAS,GAAG,IAAI,CAAC;AAL5B,WAAO,OAAO,cAAc,SAAS;AAMnC,WAAK,kBAAkB;AAAA,IACzB;AAAA,IAEA,OAAO,wBAAwB,MAA4B;AACzD,aAAO,0BAA0B,KAAK,OAAO;AAAA,IAC/C;AAAA,EACF;AAbE,EADI,eACmB,YAAY;AAapC;AAGD,SAAO;AACT;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,CAAC,sBAA8B;AAAA,IAC7B;AAAA,IACA,oLAAoL,iBAAiB;AAAA,IACrM;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAS;AAAA,IACP,MAAc,qBAAqB,SAAS,yDAAyD;AAAA,EACxG;AACF;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,CAAC,YAAoB;AAAA,IACnB;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,OAAO;AACzB;AAEA,IAAM,cAAc;AAAA,EAClB;AAAA,EACA;AAAA,EACA,CAAC,YAAoB;AAAA,IACnB;AAAA,IACA,WAAW,SAAS,gCAAgC;AAAA,IACpD;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA,CAAC,mBAA2B;AAAA,IAC1B;AAAA,IACA;AAAA;AAAA;AAAA,UAGM,eAAe,IAAI,CAAC,GAAG,MAAM;AAAA,qBAClB,IAAI,CAAC,KAAK,KAAK,UAAU,GAAG,QAAW,CAAC,CAAC;AAAA,SACrD,EAAE,KAAK,MAAM,CAAC;AAAA;AAAA,IAEnB;AAAA,MACE,iBAAiB;AAAA,IACnB;AAAA,EACF;AAAA,EACA,CAAC,SAAS;AAAA,IACP,MAAc,mBAAmB,SAAS,yDAAyD;AAAA,EACtG;AACF;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,oBAAoB;AAAA,EACxB;AAAA,EACA;AAAA,EACA,CAAC,eAAuB;AAAA,IACtB;AAAA,IACA,mFAAmF,UAAU;AAAA,EAC/F;AAAA,EACA,CAAC,SAAS;AAAA,IACP,MAAc,cAAc,SAAS,mDAAmD;AAAA,EAC3F;AACF;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,CAAC,eAA8C;AAAA,IAC7C;AAAA,IACA;AAAA,4CACwC,UAAU;AAAA;AAAA;AAAA;AAAA,IAIlD;AAAA,MACE,cAAc;AAAA,IAChB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,YAAY;AACnC;AAEA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA;AAAA;AAAA;AAAA;AAAA,EAKF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,kBAAiD,uBAA0D;AAAA,IAC1G;AAAA,IACA,0CAA0C,mBAAmB,IAAI,OAAK,IAAI,CAAC,GAAG,EAAE,KAAK,MAAM,CAAC,cAAc,gBAAgB;AAAA,IAC1H;AAAA,MACE,oBAAoB;AAAA,MACpB,sBAAsB;AAAA,IACxB;AAAA,EACF;AAAA,EACA,CAAC,SAAc;AAAA,IACb,KAAK;AAAA,IACL,KAAK;AAAA,EACP;AACF;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AAAA,IACrB;AAAA,IACA,oDAAoD,KAAK,UAAU,SAAS,CAAC;AAAA,IAC7E;AAAA,MACE,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,UAAU;AACjC;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AAAA,IACrB;AAAA,IACA,sDAAsD,KAAK,UAAU,SAAS,CAAC;AAAA,IAC/E;AAAA,MACE,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,UAAU;AACjC;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AAAA,IACrB;AAAA,IACA,2DAA2D,KAAK,UAAU,SAAS,CAAC;AAAA,IACpF;AAAA,MACE,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,UAAU;AACjC;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,CAAC,cAAgC;AAAA,IAC/B;AAAA,IACA,mEAAmE,YAAY,iCAAiC,UAAU,YAAY,CAAC,OAAM,EAAE;AAAA,IAC/I,EAAE,mBAAmB,WAAW,QAAQ,KAAK,KAAK;AAAA,EACpD;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,qBAAqB,MAAS;AACrD;AAEA,IAAM,oCAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,gCAAgC;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAMA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,uCAAuC;AAAA,EAC3C;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,sCAAsC;AAAA,EAC1C;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,8CAA8C;AAAA,EAClD;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAKA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA,CAAC,cAAgC;AAAA,IAC/B;AAAA,IACA,6DAA6D,YAAY,iCAAiC,UAAU,YAAY,CAAC,OAAM,EAAE;AAAA,IACzI,EAAE,mBAAmB,WAAW,QAAQ,KAAK,KAAK;AAAA,EACpD;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,oBAAoB,IAAI,KAAK,KAAK,iBAAiB,IAAI,MAAS;AACvF;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,CAAC,mBAA2B,oBAA4B;AAAA,IACtD;AAAA,IACA,gEAAgE,KAAK,UAAU,iBAAiB,CAAC,qCAAqC,KAAK,UAAU,eAAe,CAAC;AAAA,IACrK;AAAA,MACE,qBAAqB;AAAA,MACrB,mBAAmB;AAAA,IACrB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,qBAAqB,KAAK,iBAAiB;AAClE;AAGA,IAAM,oBAAoB;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gCAAgC;AAAA,EACpC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAGA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,CAAC,UAAkB;AAAA,IACjB;AAAA,IACA,qBAAqB,KAAK,UAAU,KAAK,CAAC;AAAA,IAC1C;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,KAAK;AAC5B;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA,CAAC,WAAmB;AAAA,IAClB;AAAA,IACA,8BAA8B,MAAM;AAAA,IACpC;AAAA,MACE,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAGA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AACrB,QAAI,OAAO,cAAc,SAAU,OAAM,IAAI,oBAAoB,2DAA2D;AAC5H,WAAO;AAAA,MACL;AAAA,MACA,WAAW,SAAS;AAAA,MACpB;AAAA,QACE,YAAY;AAAA,MACd;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,UAAU;AACjC;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,mCAAmC;AAAA,EACvC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAGA,IAAM,kCAAkC;AAAA,EACtC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAGA,IAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,4BAA4B;AAAA,EAChC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AAAA,IACrB;AAAA,IACA,yCAAyC,SAAS;AAAA,IAClD;AAAA,MACE,YAAY;AAAA,IACd;AAAA,EACF;AAAA,EACA,CAAC,SAAS;AAAA,IACP,MAAc,cAAc,SAAS,kDAAkD;AAAA,EAC1F;AACF;AAEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA,CAAC,cAAsB;AAAA,IACrB;AAAA,IACA,wCAAwC,SAAS;AAAA,IACjD;AAAA,MACE;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAS;AAAA,IACP,MAAc,aAAa,SAAS,gDAAgD;AAAA,EACvF;AACF;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,wBAAwB;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,2BAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,qCAAqC;AAAA,EACzC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,uBAAuB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,OAAe,iBAAgC;AAAA,IAC9C;AAAA,IACA,qBAAqB,KAAK,2CAA2C,YAAY;AAAA,IACjF;AAAA,MACE;AAAA,MACA,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO,KAAK,aAAa;AAChD;AAGA,IAAM,4BAA4B;AAAA,EAChC;AAAA,EACA;AAAA,EACA,CAAC,YAAoB;AAAA,IACnB;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAGA,IAAM,uBAAuB;AAAA,EAC3B;AAAA,EACA;AAAA,EACA,CAAC,SAAiB,SAAiB;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,MACE;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,SAAS,KAAK,IAAI;AACzC;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,CAAC,YAAoB;AAAA,IACnB;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAGA,IAAM,qBAAqB;AAAA,EACzB;AAAA,EACA;AAAA,EACA,CAAC,iBAAyB;AAAA,IACxB;AAAA,IACA,eAAe,YAAY;AAAA,IAC3B;AAAA,MACE,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,aAAa;AACpC;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,CAAC,cAAsB,eAAmC,gBAA2C;AAAA,IACnG;AAAA,IACA,cAAc,KAAK,UAAU,YAAY,CAAC,mDAAmD,KAAK,UAAU,WAAW,CAAC,eAAe,KAAK,UAAU,aAAa,CAAC;AAAA,IACpK;AAAA,MACE,eAAe;AAAA,MACf,gBAAgB;AAAA,MAChB,cAAc;AAAA,IAChB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,eAAe,KAAK,gBAAgB,KAAK,YAAY;AAC5E;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,CAAC,iBAAyB;AAAA,IACxB;AAAA,IACA,iCAAiC,YAAY;AAAA,IAC7C;AAAA,MACE,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,aAAa;AACpC;AAEA,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA,CAAC,WAAmB;AAAA,IAClB;AAAA,IACA,QAAQ,MAAM;AAAA,IACd;AAAA,MACE,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,oBAAoB;AAAA,EACxB;AAAA,EACA;AAAA,EACA,CAAC,WAAmB;AAAA,IAClB;AAAA,IACA,QAAQ,MAAM;AAAA,IACd;AAAA,MACE,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,QAAgB,WAAmB;AAAA,IAClC;AAAA,IACA,QAAQ,MAAM,yBAAyB,MAAM;AAAA,IAC7C;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,SAAS,KAAK,OAAO;AAC5C;AAGA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,oCAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,+CAA+C;AAAA,EACnD;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,0CAA0C;AAAA,EAC9C;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,iDAAiD;AAAA,EACrD;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,kDAAkD;AAAA,EACtD;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,CAAC,aAAsB;AAAA,IACrB;AAAA,IACA;AAAA,IACA;AAAA,MACE,WAAW,YAAY;AAAA,IACzB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,aAAa,MAAS;AAC7C;AAEA,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA,CAAC,UAAkB;AAAA,IACjB;AAAA,IACA,cAAc,KAAK;AAAA,EACrB;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,KAAK;AAC5B;AAEA,IAAM,+CAA+C;AAAA,EACnD;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,oBAAoB;AAAA,EACxB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,oCAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,oCAAoC;AAAA,EACxC;AAAA,EACA;AAAA,EACA,CAAC,gBAAwB;AAAA,IACvB;AAAA,IACA;AAAA,IACA;AAAA,MACE,cAAc;AAAA,IAChB;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,YAAY;AAC9B;AAEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,6BAA6B;AAAA,EACjC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,4BAA4B;AAAA,EAChC;AAAA,EACA;AAAA,EACA,CAAC,QAAQ,iBAAiB;AAAA,IACxB;AAAA,IACA,QAAQ,MAAM,6BAA6B,YAAY;AAAA,IACvD;AAAA,MACE,SAAS;AAAA,MACT,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,SAAS,KAAK,aAAa;AAC7C;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,QAAQ,QAAQ,iBAAiB;AAAA,IAChC;AAAA,IACA,QAAQ,MAAM,6BAA6B,YAAY,YAAY,MAAM;AAAA,IACzE;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA,MACT,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,SAAS,KAAK,SAAS,KAAK,aAAa;AAC3D;AAEA,IAAM,yBAAyB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA,CAAC,QAAQ,QAAQ,iBAAiB;AAAA,IAChC;AAAA,IACA,QAAQ,MAAM,6BAA6B,YAAY,YAAY,MAAM;AAAA,IACzE;AAAA,MACE,SAAS;AAAA,MACT,SAAS;AAAA,MACT,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,SAAS,KAAK,SAAS,KAAK,aAAa;AAC3D;AAEA,IAAM,+BAA+B;AAAA,EACnC;AAAA,EACA;AAAA,EACA,CAAC,eAAe;AAAA,IACd;AAAA,IACA,qCAAqC,UAAU;AAAA,IAC/C;AAAA,MACE,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7B;AAEA,IAAM,iCAAiC;AAAA,EACrC;AAAA,EACA;AAAA,EACA,CAAC,eAAe;AAAA,IACd;AAAA,IACA,uCAAuC,UAAU;AAAA,IACjD;AAAA,MACE,aAAa;AAAA,IACf;AAAA,EACF;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,WAAW;AAC7B;AAEA,IAAM,2BAA2B;AAAA,EAC/B;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,4BAA4B;AAAA,EAChC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,gDAAgD;AAAA,EACpD;AAAA,EACA;AAAA,EACA,CAAC,MAAe,wBAAiC;AAAA,IAC/C;AAAA,IACA,sBACA,OAAO,IAAI,KAAK,mBAAmB,6DACnC,QAAQ,IAAI;AAAA,IACZ,EAAE,MAAM,uBAAuB,uBAAuB,KAAK;AAAA,EAC7D;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,MAAM,KAAK,qBAAqB;AAClD;AAEA,IAAM,0BAA0B;AAAA,EAC9B;AAAA,EACA;AAAA,EACA,CAAC,YAAmB;AAAA,IAClB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,IAAI;AACtB;AAEA,IAAM,eAAe;AAAA,EACnB;AAAA,EACA;AAAA,EACA,CAAC,YAAoB;AAAA,IACnB;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,sBAAsB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA,CAAC,UAAkB,4DAA4D;AAAA,IAC7E;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAEA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA;AAAA,EACA,CAAC,UAAkB,uDAAuD;AAAA,IACxE;AAAA,IACA;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,OAAO;AAC9B;AAGA,IAAM,iBAAiB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,IAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,gBAAgB;AAAA,EACpB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA,CAAC,cAAsB,eAAuB;AAAA,IAC5C;AAAA,IACA,wBAAwB,YAAY,oBAAoB,UAAU;AAAA,IAClE,EAAE,eAAe,cAAc,aAAa,WAAW;AAAA,EACzD;AAAA,EACA,CAAC,SAAS,CAAC,KAAK,eAAe,KAAK,WAAW;AACjD;AAEA,IAAM,iBAAiB;AAAA,EACrB;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,8BAA8B;AAAA,EAClC;AAAA,EACA;AAAA,EACA,MAAM;AAAA,IACJ;AAAA,IACA;AAAA,EACF;AAAA,EACA,MAAM,CAAC;AACT;AAEA,IAAM,4BAA4B;AAAA,EAChC;AAAA,EACA;AAAA,EACA,CAAC,iBAAyB;AAAA,IACxB;AAAA,IACA,uBAAuB,YAAY;AAAA,IACnC;AAAA,MACE,eAAe;AAAA,IACjB;AAAA,EACF;AAAA,EACA,CAAC,SAAc,CAAC,KAAK,aAAa;AACpC;AAMO,IAAM,cAAc;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAIA,IAAM,kBAAkB,oBAAI,IAAY;AACxC,WAAW,CAAC,GAAGA,WAAU,KAAK,OAAO,QAAQ,WAAW,GAAG;AACzD,MAAI,gBAAgB,IAAIA,YAAW,SAAS,GAAG;AAC7C,UAAM,IAAI,MAAM,+BAA+BA,YAAW,SAAS,EAAE;AAAA,EACvE;AACA,kBAAgB,IAAIA,YAAW,SAAS;AAC1C;","names":["KnownError"]}

package/dist/esm/schema-fields.js

@@ -0,0 +1,484 @@
+// src/schema-fields.ts
+import * as yup from "yup";
+import { KnownErrors } from ".";
+import { isBase64 } from "./utils/bytes";
+import { StackAssertionError, throwErr } from "./utils/errors";
+import { decodeBasicAuthorizationHeader } from "./utils/http";
+import { allProviders } from "./utils/oauth";
+import { deepPlainClone, omit } from "./utils/objects";
+import { isValidUrl } from "./utils/urls";
+import { isUuid } from "./utils/uuids";
+yup.addMethod(yup.string, "nonEmpty", function(message) {
+  return this.test(
+    "non-empty",
+    message ?? (({ path }) => `${path} must not be empty`),
+    (value) => {
+      return value !== "";
+    }
+  );
+});
+yup.addMethod(yup.Schema, "getNested", function(path) {
+  if (!path.match(/^[a-zA-Z_][a-zA-Z0-9_]*$/)) throw new StackAssertionError(`yupSchema.getNested can currently only be used with alphanumeric keys. Fix this in the future. Provided key: ${path}`);
+  return yup.reach(this, path);
+});
+async function yupValidate(schema, obj, options) {
+  try {
+    return await schema.validate(obj, {
+      ...omit(options ?? {}, ["currentUserId"]),
+      context: {
+        ...options?.context,
+        stackAllowUserIdMe: options?.currentUserId !== void 0
+      }
+    });
+  } catch (error) {
+    if (error instanceof ReplaceFieldWithOwnUserId) {
+      const currentUserId = options?.currentUserId;
+      if (!currentUserId) throw new KnownErrors.CannotGetOwnUserWithoutUser();
+      let pathRemaining = error.path;
+      const fieldPath = [];
+      while (pathRemaining.length > 0) {
+        if (pathRemaining.startsWith("[")) {
+          const index = pathRemaining.indexOf("]");
+          if (index < 0) throw new StackAssertionError("Invalid path");
+          fieldPath.push(JSON.parse(pathRemaining.slice(1, index)));
+          pathRemaining = pathRemaining.slice(index + 1);
+        } else {
+          let dotIndex = pathRemaining.indexOf(".");
+          if (dotIndex === -1) dotIndex = pathRemaining.length;
+          fieldPath.push(pathRemaining.slice(0, dotIndex));
+          pathRemaining = pathRemaining.slice(dotIndex + 1);
+        }
+      }
+      const newObj = deepPlainClone(obj);
+      let it = newObj;
+      for (const field of fieldPath.slice(0, -1)) {
+        if (!Object.prototype.hasOwnProperty.call(it, field)) {
+          throw new StackAssertionError(`Segment ${field} of path ${error.path} not found in object`);
+        }
+        it = it[field];
+      }
+      it[fieldPath[fieldPath.length - 1]] = currentUserId;
+      return await yupValidate(schema, newObj, options);
+    }
+    throw error;
+  }
+}
+var _idDescription = (identify) => `The unique identifier of the ${identify}`;
+var _displayNameDescription = (identify) => `Human-readable ${identify} display name. This is not a unique identifier.`;
+var _clientMetaDataDescription = (identify) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;
+var _clientReadOnlyMetaDataDescription = (identify) => `Client read-only, server-writable metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client. The client can read this data, but cannot modify it. This is useful for things like subscription status.`;
+var _profileImageUrlDescription = (identify) => `URL of the profile image for ${identify}. Can be a Base64 encoded image. Must be smaller than 100KB. Please compress and crop to a square before passing in.`;
+var _serverMetaDataDescription = (identify) => `Server metadata. Used as a data store, only accessible from the server side. You can store secret information related to the ${identify} here.`;
+var _atMillisDescription = (identify) => `(the number of milliseconds since epoch, January 1, 1970, UTC)`;
+var _createdAtMillisDescription = (identify) => `The time the ${identify} was created ${_atMillisDescription(identify)}`;
+var _signedUpAtMillisDescription = `The time the user signed up ${_atMillisDescription}`;
+var _lastActiveAtMillisDescription = `The time the user was last active ${_atMillisDescription}`;
+function yupString(...args) {
+  return yup.string(...args);
+}
+function yupNumber(...args) {
+  return yup.number(...args);
+}
+function yupBoolean(...args) {
+  return yup.boolean(...args);
+}
+function yupDate(...args) {
+  return yup.date(...args);
+}
+function yupMixed(...args) {
+  return yup.mixed(...args);
+}
+function yupArray(...args) {
+  return yup.array(...args);
+}
+function yupTuple(...args) {
+  return yup.tuple(...args);
+}
+function yupObject(...args) {
+  const object2 = yup.object(...args).test(
+    "no-unknown-object-properties",
+    ({ path }) => `${path} contains unknown properties`,
+    (value, context) => {
+      if (context.options.context?.noUnknownPathPrefixes?.some((prefix) => context.path.startsWith(prefix))) {
+        if (context.schema.spec.noUnknown !== false) {
+          const availableKeys = new Set(Object.keys(context.schema.fields));
+          const unknownKeys = Object.keys(value ?? {}).filter((key) => !availableKeys.has(key));
+          if (unknownKeys.length > 0) {
+            return context.createError({
+              message: `${context.path || "Object"} contains unknown properties: ${unknownKeys.join(", ")}`,
+              path: context.path,
+              params: { unknownKeys, availableKeys }
+            });
+          }
+        }
+      }
+      return true;
+    }
+  );
+  return object2.default(void 0);
+}
+function yupNever() {
+  return yupMixed().test("never", "This value should never be reached", () => false);
+}
+function yupUnion(...args) {
+  if (args.length === 0) throw new Error("yupUnion must have at least one schema");
+  const [first] = args;
+  const firstDesc = first.describe();
+  for (const schema of args) {
+    const desc = schema.describe();
+    if (desc.type !== firstDesc.type) throw new StackAssertionError(`yupUnion must have schemas of the same type (got: ${firstDesc.type} and ${desc.type})`, { first, schema, firstDesc, desc });
+  }
+  return yupMixed().test("is-one-of", "Invalid value", async (value, context) => {
+    const errors = [];
+    for (const schema of args) {
+      try {
+        await yupValidate(schema, value, context.options);
+        return true;
+      } catch (e) {
+        errors.push(e);
+      }
+    }
+    return context.createError({
+      message: `${context.path} is not matched by any of the provided schemas:
+${errors.map((e, i) => "	Schema " + i + ": \n		" + e.errors.join("\n		")).join("\n")}`,
+      path: context.path
+    });
+  });
+}
+function yupRecord(keySchema, valueSchema) {
+  return yupObject().unknown(true).test(
+    "record",
+    "${path} must be a record of valid values",
+    async function(value, context) {
+      if (value == null) return true;
+      const { path, createError } = this;
+      if (typeof value !== "object") {
+        return createError({ message: `${path} must be an object` });
+      }
+      for (const key of Object.keys(value)) {
+        await yupValidate(keySchema, key, context.options);
+        try {
+          await yupValidate(valueSchema, value[key], {
+            ...context.options,
+            context: {
+              ...context.options.context,
+              path: path ? `${path}.${key}` : key
+            }
+          });
+        } catch (e) {
+          return createError({
+            path: path ? `${path}.${key}` : key,
+            message: e.message
+          });
+        }
+      }
+      return true;
+    }
+  );
+}
+function ensureObjectSchema(schema) {
+  if (!(schema instanceof yup.ObjectSchema)) throw new StackAssertionError(`assertObjectSchema: schema is not an ObjectSchema: ${schema.describe().type}`);
+  return schema;
+}
+var adaptSchema = yupMixed();
+var urlSchema = yupString().test({
+  name: "no-spaces",
+  message: (params) => `${params.path} contains spaces`,
+  test: (value) => value == null || !value.includes(" ")
+}).test({
+  name: "url",
+  message: (params) => `${params.path} is not a valid URL`,
+  test: (value) => value == null || isValidUrl(value)
+});
+var jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));
+var jsonStringSchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
+  if (value == null) return true;
+  try {
+    JSON.parse(value);
+    return true;
+  } catch (error) {
+    return false;
+  }
+});
+var jsonStringOrEmptySchema = yupString().test("json", (params) => `${params.path} is not valid JSON`, (value) => {
+  if (!value) return true;
+  try {
+    JSON.parse(value);
+    return true;
+  } catch (error) {
+    return false;
+  }
+});
+var base64Schema = yupString().test("is-base64", (params) => `${params.path} is not valid base64`, (value) => {
+  if (value == null) return true;
+  return isBase64(value);
+});
+var passwordSchema = yupString().max(70);
+var strictEmailSchema = (message) => yupString().email(message).matches(/^[^.]+(\.[^.]+)*@.*\.[^.][^.]+$/, message);
+var emailSchema = yupString().email();
+var clientOrHigherAuthTypeSchema = yupString().oneOf(["client", "server", "admin"]).defined();
+var serverOrHigherAuthTypeSchema = yupString().oneOf(["server", "admin"]).defined();
+var adminAuthTypeSchema = yupString().oneOf(["admin"]).defined();
+var projectIdSchema = yupString().test((v) => v === void 0 || v === "internal" || isUuid(v)).meta({ openapiField: { description: _idDescription("project"), exampleValue: "e0b52f4d-dece-408c-af49-d23061bb0f8d" } });
+var projectDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription("project"), exampleValue: "MyMusic" } });
+var projectDescriptionSchema = yupString().nullable().meta({ openapiField: { description: "A human readable description of the project", exampleValue: "A music streaming service" } });
+var projectCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription("project"), exampleValue: 163e10 } });
+var projectUserCountSchema = yupNumber().meta({ openapiField: { description: "The number of users in this project", exampleValue: 10 } });
+var projectIsProductionModeSchema = yupBoolean().meta({ openapiField: { description: "Whether the project is in production mode", exampleValue: true } });
+var projectConfigIdSchema = yupString().meta({ openapiField: { description: _idDescription("project config"), exampleValue: "d09201f0-54f5-40bd-89ff-6d1815ddad24" } });
+var projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { description: "Whether localhost is allowed as a domain for this project. Should only be allowed in development mode", exampleValue: true } });
+var projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: "Whether a team should be created for each user that signs up", exampleValue: true } });
+var projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether magic link authentication is enabled for this project", exampleValue: true } });
+var projectPasskeyEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether passkey authentication is enabled for this project", exampleValue: true } });
+var projectClientTeamCreationEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether client users can create teams", exampleValue: true } });
+var projectClientUserDeletionEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether client users can delete their own account from the client", exampleValue: true } });
+var projectSignUpEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether users can sign up new accounts, or whether they are only allowed to sign in to existing accounts. Regardless of this option, the server API can always create new users with the `POST /users` endpoint.", exampleValue: true } });
+var projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether email password authentication is enabled for this project", exampleValue: true } });
+var oauthIdSchema = yupString().oneOf(allProviders).meta({ openapiField: { description: `OAuth provider ID, one of ${allProviders.map((x) => `\`${x}\``).join(", ")}`, exampleValue: "google" } });
+var oauthEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether the OAuth provider is enabled. If an provider is first enabled, then disabled, it will be shown in the list but with enabled=false", exampleValue: true } });
+var oauthTypeSchema = yupString().oneOf(["shared", "standard"]).meta({ openapiField: { description: 'OAuth provider type, one of shared, standard. "shared" uses Stack shared OAuth keys and it is only meant for development. "standard" uses your own OAuth keys and will show your logo and company name when signing in with the provider.', exampleValue: "standard" } });
+var oauthClientIdSchema = yupString().meta({ openapiField: { description: 'OAuth client ID. Needs to be specified when using type="standard"', exampleValue: "google-oauth-client-id" } });
+var oauthClientSecretSchema = yupString().meta({ openapiField: { description: 'OAuth client secret. Needs to be specified when using type="standard"', exampleValue: "google-oauth-client-secret" } });
+var oauthFacebookConfigIdSchema = yupString().meta({ openapiField: { description: "The configuration id for Facebook business login (for things like ads and marketing). This is only required if you are using the standard OAuth with Facebook and you are using Facebook business login." } });
+var oauthMicrosoftTenantIdSchema = yupString().meta({ openapiField: { description: "The Microsoft tenant id for Microsoft directory. This is only required if you are using the standard OAuth with Microsoft and you have an Azure AD tenant." } });
+var oauthAccountMergeStrategySchema = yupString().oneOf(["link_method", "raise_error", "allow_duplicates"]).meta({ openapiField: { description: "Determines how to handle OAuth logins that match an existing user by email. `link_method` adds the OAuth method to the existing user. `raise_error` rejects the login with an error. `allow_duplicates` creates a new user.", exampleValue: "link_method" } });
+var emailTypeSchema = yupString().oneOf(["shared", "standard"]).meta({ openapiField: { description: 'Email provider type, one of shared, standard. "shared" uses Stack shared email provider and it is only meant for development. "standard" uses your own email server and will have your email address as the sender.', exampleValue: "standard" } });
+var emailSenderNameSchema = yupString().meta({ openapiField: { description: 'Email sender name. Needs to be specified when using type="standard"', exampleValue: "Stack" } });
+var emailHostSchema = yupString().meta({ openapiField: { description: 'Email host. Needs to be specified when using type="standard"', exampleValue: "smtp.your-domain.com" } });
+var emailPortSchema = yupNumber().min(0).max(65535).meta({ openapiField: { description: 'Email port. Needs to be specified when using type="standard"', exampleValue: 587 } });
+var emailUsernameSchema = yupString().meta({ openapiField: { description: 'Email username. Needs to be specified when using type="standard"', exampleValue: "smtp-email" } });
+var emailSenderEmailSchema = emailSchema.meta({ openapiField: { description: 'Email sender email. Needs to be specified when using type="standard"', exampleValue: "example@your-domain.com" } });
+var emailPasswordSchema = passwordSchema.meta({ openapiField: { description: 'Email password. Needs to be specified when using type="standard"', exampleValue: "your-email-password" } });
+var handlerPathSchema = yupString().test("is-handler-path", "Handler path must start with /", (value) => value?.startsWith("/")).meta({ openapiField: { description: 'Handler path. If you did not setup a custom handler path, it should be "/handler" by default. It needs to start with /', exampleValue: "/handler" } });
+var ReplaceFieldWithOwnUserId = class extends Error {
+  constructor(path) {
+    super(`This error should be caught by whoever validated the schema, and the field in the path '${path}' should be replaced with the current user's id. This is a workaround to yup not providing access to the context inside the transform function.`);
+    this.path = path;
+  }
+};
+var userIdMeSentinelUuid = "cad564fd-f81b-43f4-b390-98abf3fcc17e";
+var userIdOrMeSchema = yupString().uuid().transform((v) => {
+  if (v === "me") return userIdMeSentinelUuid;
+  else return v;
+}).test((v, context) => {
+  if (!("stackAllowUserIdMe" in (context.options.context ?? {}))) throw new StackAssertionError("userIdOrMeSchema is not allowed in this context. Make sure you're using yupValidate from schema-fields.ts to validate, instead of schema.validate(...).");
+  if (!context.options.context?.stackAllowUserIdMe) throw new StackAssertionError("userIdOrMeSchema is not allowed in this context. Make sure you're passing in the currentUserId option in yupValidate.");
+  if (v === userIdMeSentinelUuid) throw new ReplaceFieldWithOwnUserId(context.path);
+  return true;
+}).meta({ openapiField: { description: "The ID of the user, or the special value `me` for the currently authenticated user", exampleValue: "3241a285-8329-4d69-8f3d-316e08cf140c" } });
+var userIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription("user"), exampleValue: "3241a285-8329-4d69-8f3d-316e08cf140c" } });
+var primaryEmailSchema = emailSchema.meta({ openapiField: { description: "Primary email", exampleValue: "johndoe@example.com" } });
+var primaryEmailAuthEnabledSchema = yupBoolean().meta({ openapiField: { description: "Whether the primary email is used for authentication. If this is set to `false`, the user will not be able to sign in with the primary email with password or OTP", exampleValue: true } });
+var primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: "Whether the primary email has been verified to belong to this user", exampleValue: true } });
+var userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription("user"), exampleValue: "John Doe" } });
+var selectedTeamIdSchema = yupString().uuid().meta({ openapiField: { description: "ID of the team currently selected by the user", exampleValue: "team-id" } });
+var profileImageUrlSchema = urlSchema.max(1e6).meta({ openapiField: { description: _profileImageUrlDescription("user"), exampleValue: "https://example.com/image.jpg" } });
+var signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: _signedUpAtMillisDescription, exampleValue: 163e10 } });
+var userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription("user"), exampleValue: { key: "value" } } });
+var userClientReadOnlyMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientReadOnlyMetaDataDescription("user"), exampleValue: { key: "value" } } });
+var userServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription("user"), exampleValue: { key: "value" } } });
+var userOAuthProviderSchema = yupObject({
+  id: yupString().defined(),
+  type: yupString().oneOf(allProviders).defined(),
+  provider_user_id: yupString().defined()
+});
+var userLastActiveAtMillisSchema = yupNumber().nullable().meta({ openapiField: { description: _lastActiveAtMillisDescription, exampleValue: 163e10 } });
+var userPasskeyAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: "Whether the user has passkeys enabled", exampleValue: false } });
+var userOtpAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: "Whether the user has OTP/magic link enabled. ", exampleValue: true } });
+var userOtpAuthEnabledMutationSchema = yupBoolean().meta({ openapiField: { hidden: true, description: "Whether the user has OTP/magic link enabled. Note that only accounts with verified emails can sign-in with OTP.", exampleValue: true } });
+var userHasPasswordSchema = yupBoolean().meta({ openapiField: { hidden: true, description: "Whether the user has a password set. If the user does not have a password set, they will not be able to sign in with email/password.", exampleValue: true } });
+var userPasswordMutationSchema = passwordSchema.nullable().meta({ openapiField: { description: "Sets the user's password. Doing so revokes all current sessions.", exampleValue: "my-new-password" } }).max(70);
+var userPasswordHashMutationSchema = yupString().nonEmpty().meta({ openapiField: { description: "If `password` is not given, sets the user's password hash to the given string in Modular Crypt Format (ex.: `$2a$10$VIhIOofSMqGdGlL4wzE//e.77dAQGqNtF/1dT7bqCrVtQuInWy2qi`). Doing so revokes all current sessions." } });
+var userTotpSecretMutationSchema = base64Schema.nullable().meta({ openapiField: { description: "Enables 2FA and sets a TOTP secret for the user. Set to null to disable 2FA.", exampleValue: "dG90cC1zZWNyZXQ=" } });
+var signInEmailSchema = strictEmailSchema(void 0).meta({ openapiField: { description: "The email to sign in with.", exampleValue: "johndoe@example.com" } });
+var emailOtpSignInCallbackUrlSchema = urlSchema.meta({ openapiField: { description: "The base callback URL to construct the magic link from. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/auth/otp/sign-in` endpoint.", exampleValue: "https://example.com/handler/magic-link-callback" } });
+var emailVerificationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: "The base callback URL to construct a verification link for the verification e-mail. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.", exampleValue: "https://example.com/handler/email-verification" } });
+var accessTokenResponseSchema = yupString().meta({ openapiField: { description: "Short-lived access token that can be used to authenticate the user", exampleValue: "eyJhmMiJB2TO...diI4QT" } });
+var refreshTokenResponseSchema = yupString().meta({ openapiField: { description: "Long-lived refresh token that can be used to obtain a new access token", exampleValue: "i8ns3aq2...14y" } });
+var signInResponseSchema = yupObject({
+  refresh_token: refreshTokenResponseSchema.defined(),
+  access_token: accessTokenResponseSchema.defined(),
+  is_new_user: yupBoolean().meta({ openapiField: { description: "Whether the user is a new user", exampleValue: true } }).defined(),
+  user_id: userIdSchema.defined()
+});
+var teamSystemPermissions = [
+  "$update_team",
+  "$delete_team",
+  "$read_members",
+  "$remove_members",
+  "$invite_members",
+  "$manage_api_keys"
+];
+var permissionDefinitionIdSchema = yupString().matches(/^\$?[a-z0-9_:]+$/, 'Only lowercase letters, numbers, ":", "_" and optional "$" at the beginning are allowed').test("is-system-permission", "System permissions must start with a dollar sign", (value, ctx) => {
+  if (!value) return true;
+  if (value.startsWith("$") && !teamSystemPermissions.includes(value)) {
+    return ctx.createError({ message: "Invalid system permission" });
+  }
+  return true;
+}).meta({ openapiField: { description: `The permission ID used to uniquely identify a permission. Can either be a custom permission with lowercase letters, numbers, \`:\`, and \`_\` characters, or one of the system permissions: ${teamSystemPermissions.map((x) => `\`${x}\``).join(", ")}`, exampleValue: "read_secret_info" } });
+var customPermissionDefinitionIdSchema = yupString().matches(/^[a-z0-9_:]+$/, 'Only lowercase letters, numbers, ":", "_" are allowed').meta({ openapiField: { description: 'The permission ID used to uniquely identify a permission. Can only contain lowercase letters, numbers, ":", and "_" characters', exampleValue: "read_secret_info" } });
+var teamPermissionDescriptionSchema = yupString().meta({ openapiField: { description: "A human-readable description of the permission", exampleValue: "Read secret information" } });
+var containedPermissionIdsSchema = yupArray(permissionDefinitionIdSchema.defined()).meta({ openapiField: { description: "The IDs of the permissions that are contained in this permission", exampleValue: ["read_public_info"] } });
+var teamIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription("team"), exampleValue: "ad962777-8244-496a-b6a2-e0c6a449c79e" } });
+var teamDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription("team"), exampleValue: "My Team" } });
+var teamProfileImageUrlSchema = urlSchema.max(1e6).meta({ openapiField: { description: _profileImageUrlDescription("team"), exampleValue: "https://example.com/image.jpg" } });
+var teamClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription("team"), exampleValue: { key: "value" } } });
+var teamClientReadOnlyMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientReadOnlyMetaDataDescription("team"), exampleValue: { key: "value" } } });
+var teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription("team"), exampleValue: { key: "value" } } });
+var teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription("team"), exampleValue: 163e10 } });
+var teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: "The email of the user to invite.", exampleValue: "johndoe@example.com" } });
+var teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: "The base callback URL to construct an invite link with. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/team-invitations/accept` endpoint.", exampleValue: "https://example.com/handler/team-invitation" } });
+var teamCreatorUserIdSchema = userIdOrMeSchema.meta({ openapiField: { description: 'The ID of the creator of the team. If not specified, the user will not be added to the team. Can be either "me" or the ID of the user. Only used on the client side.', exampleValue: "me" } });
+var teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription("team member") + " Note that this is separate from the display_name of the user.", exampleValue: "John Doe" } });
+var teamMemberProfileImageUrlSchema = urlSchema.max(1e6).meta({ openapiField: { description: _profileImageUrlDescription("team member"), exampleValue: "https://example.com/image.jpg" } });
+var contactChannelIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription("contact channel"), exampleValue: "b3d396b8-c574-4c80-97b3-50031675ceb2" } });
+var contactChannelTypeSchema = yupString().oneOf(["email"]).meta({ openapiField: { description: `The type of the contact channel. Currently only "email" is supported.`, exampleValue: "email" } });
+var contactChannelValueSchema = yupString().when("type", {
+  is: "email",
+  then: (schema) => schema.email()
+}).meta({ openapiField: { description: "The value of the contact channel. For email, this should be a valid email address.", exampleValue: "johndoe@example.com" } });
+var contactChannelUsedForAuthSchema = yupBoolean().meta({ openapiField: { description: "Whether the contact channel is used for authentication. If this is set to `true`, the user will be able to sign in with the contact channel with password or OTP.", exampleValue: true } });
+var contactChannelIsVerifiedSchema = yupBoolean().meta({ openapiField: { description: "Whether the contact channel has been verified. If this is set to `true`, the contact channel has been verified to belong to the user.", exampleValue: true } });
+var contactChannelIsPrimarySchema = yupBoolean().meta({ openapiField: { description: "Whether the contact channel is the primary contact channel. If this is set to `true`, it will be used for authentication and notifications by default.", exampleValue: true } });
+var basicAuthorizationHeaderSchema = yupString().test("is-basic-authorization-header", 'Authorization header must be in the format "Basic <base64>"', (value) => {
+  if (!value) return true;
+  return decodeBasicAuthorizationHeader(value) !== null;
+});
+var neonAuthorizationHeaderSchema = basicAuthorizationHeaderSchema.test("is-neon-authorization-header", "Invalid client_id:client_secret values; did you use the correct values for the Neon integration?", (value) => {
+  if (!value) return true;
+  const [clientId, clientSecret] = decodeBasicAuthorizationHeader(value) ?? throwErr(`Neon authz header invalid? This should've been validated by basicAuthorizationHeaderSchema: ${value}`);
+  for (const neonClientConfig of JSON.parse(process.env.STACK_NEON_INTEGRATION_CLIENTS_CONFIG || "[]")) {
+    if (clientId === neonClientConfig.client_id && clientSecret === neonClientConfig.client_secret) return true;
+  }
+  return false;
+});
+function yupDefinedWhen(schema, triggers) {
+  const entries = Object.entries(triggers);
+  return schema.when(entries.map(([key]) => key), {
+    is: (...values) => entries.every(([key, value], index) => value === values[index]),
+    then: (schema2) => schema2.defined(),
+    otherwise: (schema2) => schema2.optional()
+  });
+}
+function yupDefinedAndNonEmptyWhen(schema, triggers) {
+  const entries = Object.entries(triggers);
+  return schema.when(entries.map(([key]) => key), {
+    is: (...values) => entries.every(([key, value], index) => value === values[index]),
+    then: (schema2) => schema2.defined().nonEmpty(),
+    otherwise: (schema2) => schema2.optional()
+  });
+}
+export {
+  ReplaceFieldWithOwnUserId,
+  accessTokenResponseSchema,
+  adaptSchema,
+  adminAuthTypeSchema,
+  base64Schema,
+  basicAuthorizationHeaderSchema,
+  clientOrHigherAuthTypeSchema,
+  contactChannelIdSchema,
+  contactChannelIsPrimarySchema,
+  contactChannelIsVerifiedSchema,
+  contactChannelTypeSchema,
+  contactChannelUsedForAuthSchema,
+  contactChannelValueSchema,
+  containedPermissionIdsSchema,
+  customPermissionDefinitionIdSchema,
+  emailHostSchema,
+  emailOtpSignInCallbackUrlSchema,
+  emailPasswordSchema,
+  emailPortSchema,
+  emailSchema,
+  emailSenderEmailSchema,
+  emailSenderNameSchema,
+  emailTypeSchema,
+  emailUsernameSchema,
+  emailVerificationCallbackUrlSchema,
+  ensureObjectSchema,
+  handlerPathSchema,
+  jsonSchema,
+  jsonStringOrEmptySchema,
+  jsonStringSchema,
+  neonAuthorizationHeaderSchema,
+  oauthAccountMergeStrategySchema,
+  oauthClientIdSchema,
+  oauthClientSecretSchema,
+  oauthEnabledSchema,
+  oauthFacebookConfigIdSchema,
+  oauthIdSchema,
+  oauthMicrosoftTenantIdSchema,
+  oauthTypeSchema,
+  passwordSchema,
+  permissionDefinitionIdSchema,
+  primaryEmailAuthEnabledSchema,
+  primaryEmailSchema,
+  primaryEmailVerifiedSchema,
+  profileImageUrlSchema,
+  projectAllowLocalhostSchema,
+  projectClientTeamCreationEnabledSchema,
+  projectClientUserDeletionEnabledSchema,
+  projectConfigIdSchema,
+  projectCreateTeamOnSignUpSchema,
+  projectCreatedAtMillisSchema,
+  projectCredentialEnabledSchema,
+  projectDescriptionSchema,
+  projectDisplayNameSchema,
+  projectIdSchema,
+  projectIsProductionModeSchema,
+  projectMagicLinkEnabledSchema,
+  projectPasskeyEnabledSchema,
+  projectSignUpEnabledSchema,
+  projectUserCountSchema,
+  refreshTokenResponseSchema,
+  selectedTeamIdSchema,
+  serverOrHigherAuthTypeSchema,
+  signInEmailSchema,
+  signInResponseSchema,
+  signedUpAtMillisSchema,
+  strictEmailSchema,
+  teamClientMetadataSchema,
+  teamClientReadOnlyMetadataSchema,
+  teamCreatedAtMillisSchema,
+  teamCreatorUserIdSchema,
+  teamDisplayNameSchema,
+  teamIdSchema,
+  teamInvitationCallbackUrlSchema,
+  teamInvitationEmailSchema,
+  teamMemberDisplayNameSchema,
+  teamMemberProfileImageUrlSchema,
+  teamPermissionDescriptionSchema,
+  teamProfileImageUrlSchema,
+  teamServerMetadataSchema,
+  teamSystemPermissions,
+  urlSchema,
+  userClientMetadataSchema,
+  userClientReadOnlyMetadataSchema,
+  userDisplayNameSchema,
+  userHasPasswordSchema,
+  userIdOrMeSchema,
+  userIdSchema,
+  userLastActiveAtMillisSchema,
+  userOAuthProviderSchema,
+  userOtpAuthEnabledMutationSchema,
+  userOtpAuthEnabledSchema,
+  userPasskeyAuthEnabledSchema,
+  userPasswordHashMutationSchema,
+  userPasswordMutationSchema,
+  userServerMetadataSchema,
+  userTotpSecretMutationSchema,
+  yupArray,
+  yupBoolean,
+  yupDate,
+  yupDefinedAndNonEmptyWhen,
+  yupDefinedWhen,
+  yupMixed,
+  yupNever,
+  yupNumber,
+  yupObject,
+  yupRecord,
+  yupString,
+  yupTuple,
+  yupUnion,
+  yupValidate
+};
+//# sourceMappingURL=schema-fields.js.map