@stackframe/stack-shared 2.8.8 → 2.8.11

package/dist/esm/schema-fields.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/schema-fields.ts"],"sourcesContent":["import * as yup from \"yup\";\nimport { KnownErrors } from \".\";\nimport { isBase64 } from \"./utils/bytes\";\nimport { StackAssertionError, throwErr } from \"./utils/errors\";\nimport { decodeBasicAuthorizationHeader } from \"./utils/http\";\nimport { allProviders } from \"./utils/oauth\";\nimport { deepPlainClone, omit } from \"./utils/objects\";\nimport { isValidUrl } from \"./utils/urls\";\nimport { isUuid } from \"./utils/uuids\";\n\ndeclare module \"yup\" {\n  // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n  interface StringSchema<TType, TContext, TDefault, TFlags> {\n    nonEmpty(message?: string): StringSchema<TType, TContext, TDefault, TFlags>,\n    empty(): StringSchema<TType, TContext, TDefault, TFlags>,\n  }\n\n  // eslint-disable-next-line @typescript-eslint/consistent-type-definitions\n  interface Schema<TType, TContext, TDefault, TFlags> {\n    getNested<K extends keyof NonNullable<TType>>(path: K): yup.Schema<NonNullable<TType>[K], TContext, TDefault, TFlags>,\n\n    // the default types for concat kinda suck, so let's fix that\n    concat<U extends yup.AnySchema>(schema: U): yup.Schema<Omit<NonNullable<TType>, keyof yup.InferType<U>> & yup.InferType<U> | (TType & (null | undefined)), TContext, TDefault, TFlags>,\n  }\n}\n\n// eslint-disable-next-line no-restricted-syntax\nyup.addMethod(yup.string, \"nonEmpty\", function (message?: string) {\n  return this.test(\n    \"non-empty\",\n    message ?? (({ path }) => `${path} must not be empty`),\n    (value) => {\n      return value !== \"\";\n    }\n  );\n});\n\nyup.addMethod(yup.Schema, \"getNested\", function (path: any) {\n  if (!path.match(/^[a-zA-Z_][a-zA-Z0-9_]*$/)) throw new StackAssertionError(`yupSchema.getNested can currently only be used with alphanumeric keys. Fix this in the future. Provided key: ${path}`);\n  return yup.reach(this, path) as any;\n});\n\nexport async function yupValidate<S extends yup.ISchema<any>>(\n  schema: S,\n  obj: unknown,\n  options?: yup.ValidateOptions & { currentUserId?: string | null }\n): Promise<yup.InferType<S>> {\n  try {\n    return await schema.validate(obj, {\n      ...omit(options ?? {}, ['currentUserId']),\n      context: {\n        ...options?.context,\n        stackAllowUserIdMe: options?.currentUserId !== undefined,\n      },\n    });\n  } catch (error) {\n    if (error instanceof ReplaceFieldWithOwnUserId) {\n      const currentUserId = options?.currentUserId;\n      if (!currentUserId) throw new KnownErrors.CannotGetOwnUserWithoutUser();\n\n      // parse yup path\n      let pathRemaining = error.path;\n      const fieldPath = [];\n      while (pathRemaining.length > 0) {\n        if (pathRemaining.startsWith(\"[\")) {\n          const index = pathRemaining.indexOf(\"]\");\n          if (index < 0) throw new StackAssertionError(\"Invalid path\");\n          fieldPath.push(JSON.parse(pathRemaining.slice(1, index)));\n          pathRemaining = pathRemaining.slice(index + 1);\n        } else {\n          let dotIndex = pathRemaining.indexOf(\".\");\n          if (dotIndex === -1) dotIndex = pathRemaining.length;\n          fieldPath.push(pathRemaining.slice(0, dotIndex));\n          pathRemaining = pathRemaining.slice(dotIndex + 1);\n        }\n      }\n\n      const newObj = deepPlainClone(obj);\n      let it = newObj;\n      for (const field of fieldPath.slice(0, -1)) {\n        if (!Object.prototype.hasOwnProperty.call(it, field)) {\n          throw new StackAssertionError(`Segment ${field} of path ${error.path} not found in object`);\n        }\n        it = (it as any)[field];\n      }\n      (it as any)[fieldPath[fieldPath.length - 1]] = currentUserId;\n\n      return await yupValidate(schema, newObj, options);\n    }\n    throw error;\n  }\n}\n\nconst _idDescription = (identify: string) => `The unique identifier of the ${identify}`;\nconst _displayNameDescription = (identify: string) => `Human-readable ${identify} display name. This is not a unique identifier.`;\nconst _clientMetaDataDescription = (identify: string) => `Client metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client.`;\nconst _clientReadOnlyMetaDataDescription = (identify: string) => `Client read-only, server-writable metadata. Used as a data store, accessible from the client side. Do not store information that should not be exposed to the client. The client can read this data, but cannot modify it. This is useful for things like subscription status.`;\nconst _profileImageUrlDescription = (identify: string) => `URL of the profile image for ${identify}. Can be a Base64 encoded image. Must be smaller than 100KB. Please compress and crop to a square before passing in.`;\nconst _serverMetaDataDescription = (identify: string) => `Server metadata. Used as a data store, only accessible from the server side. You can store secret information related to the ${identify} here.`;\nconst _atMillisDescription = (identify: string) => `(the number of milliseconds since epoch, January 1, 1970, UTC)`;\nconst _createdAtMillisDescription = (identify: string) => `The time the ${identify} was created ${_atMillisDescription(identify)}`;\nconst _signedUpAtMillisDescription = `The time the user signed up ${_atMillisDescription}`;\nconst _lastActiveAtMillisDescription = `The time the user was last active ${_atMillisDescription}`;\n\n\ndeclare const StackAdaptSentinel: unique symbol;\nexport type StackAdaptSentinel = typeof StackAdaptSentinel;\n\n// Built-in replacements\nexport function yupString<A extends string, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.string<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.string(...args);\n}\nexport function yupNumber<A extends number, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.number<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.number(...args);\n}\nexport function yupBoolean<A extends boolean, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.boolean<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.boolean(...args);\n}\n/**\n * @deprecated, use number of milliseconds since epoch instead\n */\nexport function yupDate<A extends Date, B extends yup.Maybe<yup.AnyObject> = yup.AnyObject>(...args: Parameters<typeof yup.date<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.date(...args);\n}\nexport function yupMixed<A extends {}>(...args: Parameters<typeof yup.mixed<A>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.mixed(...args);\n}\nexport function yupArray<A extends yup.Maybe<yup.AnyObject> = yup.AnyObject, B = any>(...args: Parameters<typeof yup.array<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.array(...args);\n}\nexport function yupTuple<T extends [unknown, ...unknown[]]>(...args: Parameters<typeof yup.tuple<T>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  return yup.tuple<T>(...args);\n}\nexport function yupObject<A extends yup.Maybe<yup.AnyObject>, B extends yup.ObjectShape>(...args: Parameters<typeof yup.object<A, B>>) {\n  // eslint-disable-next-line no-restricted-syntax\n  const object = yup.object(...args).test(\n    'no-unknown-object-properties',\n    ({ path }) => `${path} contains unknown properties`,\n    (value: any, context) => {\n      if (context.options.context?.noUnknownPathPrefixes?.some((prefix: string) => context.path.startsWith(prefix))) {\n        if (context.schema.spec.noUnknown !== false) {\n          const availableKeys = new Set(Object.keys(context.schema.fields));\n          const unknownKeys = Object.keys(value ?? {}).filter(key => !availableKeys.has(key));\n          if (unknownKeys.length > 0) {\n            // TODO \"did you mean XYZ\"\n            return context.createError({\n              message: `${context.path || \"Object\"} contains unknown properties: ${unknownKeys.join(', ')}`,\n              path: context.path,\n              params: { unknownKeys, availableKeys },\n            });\n          }\n        }\n      }\n      return true;\n    },\n  );\n\n  // we don't want to update the type of `object` to have a default flag\n  return object.default(undefined) as any as typeof object;\n}\n\nexport function yupNever(): yup.MixedSchema<never> {\n  return yupMixed().test('never', 'This value should never be reached', () => false) as any;\n}\n\nexport function yupUnion<T extends yup.ISchema<any>[]>(...args: T): yup.MixedSchema<yup.InferType<T[number]>> {\n  if (args.length === 0) throw new Error('yupUnion must have at least one schema');\n\n  const [first] = args;\n  const firstDesc = first.describe();\n  for (const schema of args) {\n    const desc = schema.describe();\n    if (desc.type !== firstDesc.type) throw new StackAssertionError(`yupUnion must have schemas of the same type (got: ${firstDesc.type} and ${desc.type})`, { first, schema, firstDesc, desc });\n  }\n\n  return yupMixed().test('is-one-of', 'Invalid value', async (value, context) => {\n    const errors = [];\n    for (const schema of args) {\n      try {\n        await yupValidate(schema, value, context.options);\n        return true;\n      } catch (e) {\n        errors.push(e);\n      }\n    }\n    return context.createError({\n      message: `${context.path} is not matched by any of the provided schemas:\\n${errors.map((e: any, i) => '\\tSchema ' + i + \": \\n\\t\\t\" + e.errors.join('\\n\\t\\t')).join('\\n')}`,\n      path: context.path,\n    });\n  });\n}\n\nexport function yupRecord<K extends yup.StringSchema, T extends yup.AnySchema>(\n  keySchema: K,\n  valueSchema: T,\n): yup.MixedSchema<Record<string, yup.InferType<T>>> {\n  return yupObject().unknown(true).test(\n    'record',\n    '${path} must be a record of valid values',\n    async function (value: unknown, context: yup.TestContext) {\n      if (value == null) return true;\n      const { path, createError } = this as any;\n      if (typeof value !== 'object') {\n        return createError({ message: `${path} must be an object` });\n      }\n\n      // Validate each property using the provided valueSchema\n      for (const key of Object.keys(value)) {\n        // Validate the key\n        await yupValidate(keySchema, key, context.options);\n\n        // Validate the value\n        try {\n          await yupValidate(valueSchema, (value as Record<string, unknown>)[key], {\n            ...context.options,\n            context: {\n              ...context.options.context,\n              path: path ? `${path}.${key}` : key,\n            },\n          });\n        } catch (e: any) {\n          return createError({\n            path: path ? `${path}.${key}` : key,\n            message: e.message,\n          });\n        }\n      }\n\n      return true;\n    },\n  ) as any;\n}\n\nexport function ensureObjectSchema<T extends yup.AnyObject>(schema: yup.Schema<T>): yup.ObjectSchema<T> & typeof schema {\n  if (!(schema instanceof yup.ObjectSchema)) throw new StackAssertionError(`assertObjectSchema: schema is not an ObjectSchema: ${schema.describe().type}`);\n  return schema as any;\n}\n\n// Common\nexport const adaptSchema = yupMixed<StackAdaptSentinel>();\n/**\n * Yup's URL schema does not recognize some URLs (including `http://localhost`) as a valid URL. This schema is a workaround for that.\n */\nexport const urlSchema = yupString().test({\n  name: 'no-spaces',\n  message: (params) => `${params.path} contains spaces`,\n  test: (value) => value == null || !value.includes(' ')\n}).test({\n  name: 'url',\n  message: (params) => `${params.path} is not a valid URL`,\n  test: (value) => value == null || isValidUrl(value)\n});\nexport const jsonSchema = yupMixed().nullable().defined().transform((value) => JSON.parse(JSON.stringify(value)));\nexport const jsonStringSchema = yupString().test(\"json\", (params) => `${params.path} is not valid JSON`, (value) => {\n  if (value == null) return true;\n  try {\n    JSON.parse(value);\n    return true;\n  } catch (error) {\n    return false;\n  }\n});\nexport const jsonStringOrEmptySchema = yupString().test(\"json\", (params) => `${params.path} is not valid JSON`, (value) => {\n  if (!value) return true;\n  try {\n    JSON.parse(value);\n    return true;\n  } catch (error) {\n    return false;\n  }\n});\nexport const base64Schema = yupString().test(\"is-base64\", (params) => `${params.path} is not valid base64`, (value) => {\n  if (value == null) return true;\n  return isBase64(value);\n});\nexport const passwordSchema = yupString().max(70);\n\n/**\n * A stricter email schema that does some additional checks for UX input. (Some emails are allowed by the spec, for\n * example `test@localhost` or `abc@gmail`, but almost certainly a user input error.)\n *\n * Note that some users in the DB have an email that doesn't match this regex, so most of the time you should use\n * `emailSchema` instead until we do the DB migration.\n */\n// eslint-disable-next-line no-restricted-syntax\nexport const strictEmailSchema = (message: string | undefined) => yupString().email(message).matches(/^[^.]+(\\.[^.]+)*@.*\\.[^.][^.]+$/, message);\n// eslint-disable-next-line no-restricted-syntax\nexport const emailSchema = yupString().email();\n\nundefined?.test('strictEmailSchema', ({ expect }) => {\n  const validEmails = [\n    \"a@example.com\",\n    \"abc@example.com\",\n    \"a.b@example.com\",\n    \"throwaway.mail+token@example.com\",\n    \"email-alt-dash@demo-mail.com\",\n    \"test-account@weird-domain.net\",\n    \"%!~&+{}=|`#@domain.test\",\n    \"admin@a.longtldexample\",\n  ];\n  for (const email of validEmails) {\n    expect(strictEmailSchema(undefined).validateSync(email)).toBe(email);\n  }\n  const invalidEmails = [\n    \"test@localhost\",\n    \"test@gmail\",\n    \"test@gmail.com.a\",\n    \"test@gmail.a\",\n    \"test.@example.com\",\n    \"test..test@example.com\",\n    \".test@example.com\",\n  ];\n  for (const email of invalidEmails) {\n    expect(() => strictEmailSchema(undefined).validateSync(email)).toThrow();\n  }\n});\n\n// Request auth\nexport const clientOrHigherAuthTypeSchema = yupString().oneOf(['client', 'server', 'admin']).defined();\nexport const serverOrHigherAuthTypeSchema = yupString().oneOf(['server', 'admin']).defined();\nexport const adminAuthTypeSchema = yupString().oneOf(['admin']).defined();\n\n// Projects\nexport const projectIdSchema = yupString().test((v) => v === undefined || v === \"internal\" || isUuid(v)).meta({ openapiField: { description: _idDescription('project'), exampleValue: 'e0b52f4d-dece-408c-af49-d23061bb0f8d' } });\nexport const projectDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('project'), exampleValue: 'MyMusic' } });\nexport const projectDescriptionSchema = yupString().nullable().meta({ openapiField: { description: 'A human readable description of the project', exampleValue: 'A music streaming service' } });\nexport const projectCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('project'), exampleValue: 1630000000000 } });\nexport const projectUserCountSchema = yupNumber().meta({ openapiField: { description: 'The number of users in this project', exampleValue: 10 } });\nexport const projectIsProductionModeSchema = yupBoolean().meta({ openapiField: { description: 'Whether the project is in production mode', exampleValue: true } });\n// Project config\nexport const projectConfigIdSchema = yupString().meta({ openapiField: { description: _idDescription('project config'), exampleValue: 'd09201f0-54f5-40bd-89ff-6d1815ddad24' } });\nexport const projectAllowLocalhostSchema = yupBoolean().meta({ openapiField: { description: 'Whether localhost is allowed as a domain for this project. Should only be allowed in development mode', exampleValue: true } });\nexport const projectCreateTeamOnSignUpSchema = yupBoolean().meta({ openapiField: { description: 'Whether a team should be created for each user that signs up', exampleValue: true } });\nexport const projectMagicLinkEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether magic link authentication is enabled for this project', exampleValue: true } });\nexport const projectPasskeyEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether passkey authentication is enabled for this project', exampleValue: true } });\nexport const projectClientTeamCreationEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can create teams', exampleValue: true } });\nexport const projectClientUserDeletionEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether client users can delete their own account from the client', exampleValue: true } });\nexport const projectSignUpEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether users can sign up new accounts, or whether they are only allowed to sign in to existing accounts. Regardless of this option, the server API can always create new users with the `POST /users` endpoint.', exampleValue: true } });\nexport const projectCredentialEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether email password authentication is enabled for this project', exampleValue: true } });\n// Project OAuth config\nexport const oauthIdSchema = yupString().oneOf(allProviders).meta({ openapiField: { description: `OAuth provider ID, one of ${allProviders.map(x => `\\`${x}\\``).join(', ')}`, exampleValue: 'google' } });\nexport const oauthEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether the OAuth provider is enabled. If an provider is first enabled, then disabled, it will be shown in the list but with enabled=false', exampleValue: true } });\nexport const oauthTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'OAuth provider type, one of shared, standard. \"shared\" uses Stack shared OAuth keys and it is only meant for development. \"standard\" uses your own OAuth keys and will show your logo and company name when signing in with the provider.', exampleValue: 'standard' } });\nexport const oauthClientIdSchema = yupString().meta({ openapiField: { description: 'OAuth client ID. Needs to be specified when using type=\"standard\"', exampleValue: 'google-oauth-client-id' } });\nexport const oauthClientSecretSchema = yupString().meta({ openapiField: { description: 'OAuth client secret. Needs to be specified when using type=\"standard\"', exampleValue: 'google-oauth-client-secret' } });\nexport const oauthFacebookConfigIdSchema = yupString().meta({ openapiField: { description: 'The configuration id for Facebook business login (for things like ads and marketing). This is only required if you are using the standard OAuth with Facebook and you are using Facebook business login.' } });\nexport const oauthMicrosoftTenantIdSchema = yupString().meta({ openapiField: { description: 'The Microsoft tenant id for Microsoft directory. This is only required if you are using the standard OAuth with Microsoft and you have an Azure AD tenant.' } });\nexport const oauthAccountMergeStrategySchema = yupString().oneOf(['link_method', 'raise_error', 'allow_duplicates']).meta({ openapiField: { description: 'Determines how to handle OAuth logins that match an existing user by email. `link_method` adds the OAuth method to the existing user. `raise_error` rejects the login with an error. `allow_duplicates` creates a new user.', exampleValue: 'link_method' } });\n// Project email config\nexport const emailTypeSchema = yupString().oneOf(['shared', 'standard']).meta({ openapiField: { description: 'Email provider type, one of shared, standard. \"shared\" uses Stack shared email provider and it is only meant for development. \"standard\" uses your own email server and will have your email address as the sender.', exampleValue: 'standard' } });\nexport const emailSenderNameSchema = yupString().meta({ openapiField: { description: 'Email sender name. Needs to be specified when using type=\"standard\"', exampleValue: 'Stack' } });\nexport const emailHostSchema = yupString().meta({ openapiField: { description: 'Email host. Needs to be specified when using type=\"standard\"', exampleValue: 'smtp.your-domain.com' } });\nexport const emailPortSchema = yupNumber().min(0).max(65535).meta({ openapiField: { description: 'Email port. Needs to be specified when using type=\"standard\"', exampleValue: 587 } });\nexport const emailUsernameSchema = yupString().meta({ openapiField: { description: 'Email username. Needs to be specified when using type=\"standard\"', exampleValue: 'smtp-email' } });\nexport const emailSenderEmailSchema = emailSchema.meta({ openapiField: { description: 'Email sender email. Needs to be specified when using type=\"standard\"', exampleValue: 'example@your-domain.com' } });\nexport const emailPasswordSchema = passwordSchema.meta({ openapiField: { description: 'Email password. Needs to be specified when using type=\"standard\"', exampleValue: 'your-email-password' } });\n// Project domain config\nexport const handlerPathSchema = yupString().test('is-handler-path', 'Handler path must start with /', (value) => value?.startsWith('/')).meta({ openapiField: { description: 'Handler path. If you did not setup a custom handler path, it should be \"/handler\" by default. It needs to start with /', exampleValue: '/handler' } });\n\n// Users\nexport class ReplaceFieldWithOwnUserId extends Error {\n  constructor(public readonly path: string) {\n    super(`This error should be caught by whoever validated the schema, and the field in the path '${path}' should be replaced with the current user's id. This is a workaround to yup not providing access to the context inside the transform function.`);\n  }\n}\nconst userIdMeSentinelUuid = \"cad564fd-f81b-43f4-b390-98abf3fcc17e\";\nexport const userIdOrMeSchema = yupString().uuid().transform(v => {\n  if (v === \"me\") return userIdMeSentinelUuid;\n  else return v;\n}).test((v, context) => {\n  if (!(\"stackAllowUserIdMe\" in (context.options.context ?? {}))) throw new StackAssertionError('userIdOrMeSchema is not allowed in this context. Make sure you\\'re using yupValidate from schema-fields.ts to validate, instead of schema.validate(...).');\n  if (!context.options.context?.stackAllowUserIdMe) throw new StackAssertionError('userIdOrMeSchema is not allowed in this context. Make sure you\\'re passing in the currentUserId option in yupValidate.');\n  if (v === userIdMeSentinelUuid) throw new ReplaceFieldWithOwnUserId(context.path);\n  return true;\n}).meta({ openapiField: { description: 'The ID of the user, or the special value `me` for the currently authenticated user', exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });\nexport const userIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('user'), exampleValue: '3241a285-8329-4d69-8f3d-316e08cf140c' } });\nexport const primaryEmailSchema = emailSchema.meta({ openapiField: { description: 'Primary email', exampleValue: 'johndoe@example.com' } });\nexport const primaryEmailAuthEnabledSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email is used for authentication. If this is set to `false`, the user will not be able to sign in with the primary email with password or OTP', exampleValue: true } });\nexport const primaryEmailVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the primary email has been verified to belong to this user', exampleValue: true } });\nexport const userDisplayNameSchema = yupString().nullable().meta({ openapiField: { description: _displayNameDescription('user'), exampleValue: 'John Doe' } });\nexport const selectedTeamIdSchema = yupString().uuid().meta({ openapiField: { description: 'ID of the team currently selected by the user', exampleValue: 'team-id' } });\nexport const profileImageUrlSchema = urlSchema.max(1000000).meta({ openapiField: { description: _profileImageUrlDescription('user'), exampleValue: 'https://example.com/image.jpg' } });\nexport const signedUpAtMillisSchema = yupNumber().meta({ openapiField: { description: _signedUpAtMillisDescription, exampleValue: 1630000000000 } });\nexport const userClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('user'), exampleValue: { key: 'value' } } });\nexport const userClientReadOnlyMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientReadOnlyMetaDataDescription('user'), exampleValue: { key: 'value' } } });\nexport const userServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('user'), exampleValue: { key: 'value' } } });\nexport const userOAuthProviderSchema = yupObject({\n  id: yupString().defined(),\n  type: yupString().oneOf(allProviders).defined(),\n  provider_user_id: yupString().defined(),\n});\nexport const userLastActiveAtMillisSchema = yupNumber().nullable().meta({ openapiField: { description: _lastActiveAtMillisDescription, exampleValue: 1630000000000 } });\nexport const userPasskeyAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has passkeys enabled', exampleValue: false } });\nexport const userOtpAuthEnabledSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. ', exampleValue: true } });\nexport const userOtpAuthEnabledMutationSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has OTP/magic link enabled. Note that only accounts with verified emails can sign-in with OTP.', exampleValue: true } });\nexport const userHasPasswordSchema = yupBoolean().meta({ openapiField: { hidden: true, description: 'Whether the user has a password set. If the user does not have a password set, they will not be able to sign in with email/password.', exampleValue: true } });\nexport const userPasswordMutationSchema = passwordSchema.nullable().meta({ openapiField: { description: 'Sets the user\\'s password. Doing so revokes all current sessions.', exampleValue: 'my-new-password' } }).max(70);\nexport const userPasswordHashMutationSchema = yupString()\n  .nonEmpty()\n  .meta({ openapiField: { description: 'If `password` is not given, sets the user\\'s password hash to the given string in Modular Crypt Format (ex.: `$2a$10$VIhIOofSMqGdGlL4wzE//e.77dAQGqNtF/1dT7bqCrVtQuInWy2qi`). Doing so revokes all current sessions.' } });  // we don't set an exampleValue here because it's exclusive with the password field and having both would break the generated example\nexport const userTotpSecretMutationSchema = base64Schema.nullable().meta({ openapiField: { description: 'Enables 2FA and sets a TOTP secret for the user. Set to null to disable 2FA.', exampleValue: 'dG90cC1zZWNyZXQ=' } });\n\n// Auth\nexport const signInEmailSchema = strictEmailSchema(undefined).meta({ openapiField: { description: 'The email to sign in with.', exampleValue: 'johndoe@example.com' } });\nexport const emailOtpSignInCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct the magic link from. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/auth/otp/sign-in` endpoint.', exampleValue: 'https://example.com/handler/magic-link-callback' } });\nexport const emailVerificationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct a verification link for the verification e-mail. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/contact-channels/verify` endpoint.', exampleValue: 'https://example.com/handler/email-verification' } });\nexport const accessTokenResponseSchema = yupString().meta({ openapiField: { description: 'Short-lived access token that can be used to authenticate the user', exampleValue: 'eyJhmMiJB2TO...diI4QT' } });\nexport const refreshTokenResponseSchema = yupString().meta({ openapiField: { description: 'Long-lived refresh token that can be used to obtain a new access token', exampleValue: 'i8ns3aq2...14y' } });\nexport const signInResponseSchema = yupObject({\n  refresh_token: refreshTokenResponseSchema.defined(),\n  access_token: accessTokenResponseSchema.defined(),\n  is_new_user: yupBoolean().meta({ openapiField: { description: 'Whether the user is a new user', exampleValue: true } }).defined(),\n  user_id: userIdSchema.defined(),\n});\n\n// Permissions\nexport const teamSystemPermissions = [\n  '$update_team',\n  '$delete_team',\n  '$read_members',\n  '$remove_members',\n  '$invite_members',\n  '$manage_api_keys',\n] as const;\nexport const permissionDefinitionIdSchema = yupString()\n  .matches(/^\\$?[a-z0-9_:]+$/, 'Only lowercase letters, numbers, \":\", \"_\" and optional \"$\" at the beginning are allowed')\n  .test('is-system-permission', 'System permissions must start with a dollar sign', (value, ctx) => {\n    if (!value) return true;\n    if (value.startsWith('$') && !teamSystemPermissions.includes(value as any)) {\n      return ctx.createError({ message: 'Invalid system permission' });\n    }\n    return true;\n  })\n  .meta({ openapiField: { description: `The permission ID used to uniquely identify a permission. Can either be a custom permission with lowercase letters, numbers, \\`:\\`, and \\`_\\` characters, or one of the system permissions: ${teamSystemPermissions.map(x => `\\`${x}\\``).join(', ')}`, exampleValue: 'read_secret_info' } });\nexport const customPermissionDefinitionIdSchema = yupString()\n  .matches(/^[a-z0-9_:]+$/, 'Only lowercase letters, numbers, \":\", \"_\" are allowed')\n  .meta({ openapiField: { description: 'The permission ID used to uniquely identify a permission. Can only contain lowercase letters, numbers, \":\", and \"_\" characters', exampleValue: 'read_secret_info' } });\nexport const teamPermissionDescriptionSchema = yupString().meta({ openapiField: { description: 'A human-readable description of the permission', exampleValue: 'Read secret information' } });\nexport const containedPermissionIdsSchema = yupArray(permissionDefinitionIdSchema.defined()).meta({ openapiField: { description: 'The IDs of the permissions that are contained in this permission', exampleValue: ['read_public_info'] } });\n\n// Teams\nexport const teamIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('team'), exampleValue: 'ad962777-8244-496a-b6a2-e0c6a449c79e' } });\nexport const teamDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team'), exampleValue: 'My Team' } });\nexport const teamProfileImageUrlSchema = urlSchema.max(1000000).meta({ openapiField: { description: _profileImageUrlDescription('team'), exampleValue: 'https://example.com/image.jpg' } });\nexport const teamClientMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientMetaDataDescription('team'), exampleValue: { key: 'value' } } });\nexport const teamClientReadOnlyMetadataSchema = jsonSchema.meta({ openapiField: { description: _clientReadOnlyMetaDataDescription('team'), exampleValue: { key: 'value' } } });\nexport const teamServerMetadataSchema = jsonSchema.meta({ openapiField: { description: _serverMetaDataDescription('team'), exampleValue: { key: 'value' } } });\nexport const teamCreatedAtMillisSchema = yupNumber().meta({ openapiField: { description: _createdAtMillisDescription('team'), exampleValue: 1630000000000 } });\nexport const teamInvitationEmailSchema = emailSchema.meta({ openapiField: { description: 'The email of the user to invite.', exampleValue: 'johndoe@example.com' } });\nexport const teamInvitationCallbackUrlSchema = urlSchema.meta({ openapiField: { description: 'The base callback URL to construct an invite link with. A query parameter `code` with the verification code will be appended to it. The page should then make a request to the `/team-invitations/accept` endpoint.', exampleValue: 'https://example.com/handler/team-invitation' } });\nexport const teamCreatorUserIdSchema = userIdOrMeSchema.meta({ openapiField: { description: 'The ID of the creator of the team. If not specified, the user will not be added to the team. Can be either \"me\" or the ID of the user. Only used on the client side.', exampleValue: 'me' } });\n\n// Team member profiles\nexport const teamMemberDisplayNameSchema = yupString().meta({ openapiField: { description: _displayNameDescription('team member') + ' Note that this is separate from the display_name of the user.', exampleValue: 'John Doe' } });\nexport const teamMemberProfileImageUrlSchema = urlSchema.max(1000000).meta({ openapiField: { description: _profileImageUrlDescription('team member'), exampleValue: 'https://example.com/image.jpg' } });\n\n// Contact channels\nexport const contactChannelIdSchema = yupString().uuid().meta({ openapiField: { description: _idDescription('contact channel'), exampleValue: 'b3d396b8-c574-4c80-97b3-50031675ceb2' } });\nexport const contactChannelTypeSchema = yupString().oneOf(['email']).meta({ openapiField: { description: `The type of the contact channel. Currently only \"email\" is supported.`, exampleValue: 'email' } });\nexport const contactChannelValueSchema = yupString().when('type', {\n  is: 'email',\n  then: (schema) => schema.email(),\n}).meta({ openapiField: { description: 'The value of the contact channel. For email, this should be a valid email address.', exampleValue: 'johndoe@example.com' } });\nexport const contactChannelUsedForAuthSchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel is used for authentication. If this is set to `true`, the user will be able to sign in with the contact channel with password or OTP.', exampleValue: true } });\nexport const contactChannelIsVerifiedSchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel has been verified. If this is set to `true`, the contact channel has been verified to belong to the user.', exampleValue: true } });\nexport const contactChannelIsPrimarySchema = yupBoolean().meta({ openapiField: { description: 'Whether the contact channel is the primary contact channel. If this is set to `true`, it will be used for authentication and notifications by default.', exampleValue: true } });\n\n// Headers\nexport const basicAuthorizationHeaderSchema = yupString().test('is-basic-authorization-header', 'Authorization header must be in the format \"Basic <base64>\"', (value) => {\n  if (!value) return true;\n  return decodeBasicAuthorizationHeader(value) !== null;\n});\n\n// Neon integration\nexport const neonAuthorizationHeaderSchema = basicAuthorizationHeaderSchema.test('is-neon-authorization-header', 'Invalid client_id:client_secret values; did you use the correct values for the Neon integration?', (value) => {\n  if (!value) return true;\n  const [clientId, clientSecret] = decodeBasicAuthorizationHeader(value) ?? throwErr(`Neon authz header invalid? This should've been validated by basicAuthorizationHeaderSchema: ${value}`);\n  for (const neonClientConfig of JSON.parse(process.env.STACK_NEON_INTEGRATION_CLIENTS_CONFIG || '[]')) {\n    if (clientId === neonClientConfig.client_id && clientSecret === neonClientConfig.client_secret) return true;\n  }\n  return false;\n});\n\n// Utils\nexport function yupDefinedWhen<S extends yup.AnyObject>(\n  schema: S,\n  triggers: Record<string, any>,\n): S {\n  const entries = Object.entries(triggers);\n  return schema.when(entries.map(([key]) => key), {\n    is: (...values: any[]) => entries.every(([key, value], index) => value === values[index]),\n    then: (schema: S) => schema.defined(),\n    otherwise: (schema: S) => schema.optional()\n  });\n}\n\nexport function yupDefinedAndNonEmptyWhen<S extends yup.StringSchema>(\n  schema: S,\n  triggers: Record<string, any>,\n): S {\n  const entries = Object.entries(triggers);\n  return schema.when(entries.map(([key]) => key), {\n    is: (...values: any[]) => entries.every(([key, value], index) => value === values[index]),\n    then: (schema: S) => schema.defined().nonEmpty(),\n    otherwise: (schema: S) => schema.optional()\n  });\n}\n"],"mappings":";AAAA,YAAY,SAAS;AACrB,SAAS,mBAAmB;AAC5B,SAAS,gBAAgB;AACzB,SAAS,qBAAqB,gBAAgB;AAC9C,SAAS,sCAAsC;AAC/C,SAAS,oBAAoB;AAC7B,SAAS,gBAAgB,YAAY;AACrC,SAAS,kBAAkB;AAC3B,SAAS,cAAc;AAmBnB,cAAc,YAAQ,YAAY,SAAU,SAAkB;AAChE,SAAO,KAAK;AAAA,IACV;AAAA,IACA,YAAY,CAAC,EAAE,KAAK,MAAM,GAAG,IAAI;AAAA,IACjC,CAAC,UAAU;AACT,aAAO,UAAU;AAAA,IACnB;AAAA,EACF;AACF,CAAC;AAEG,cAAc,YAAQ,aAAa,SAAU,MAAW;AAC1D,MAAI,CAAC,KAAK,MAAM,0BAA0B,EAAG,OAAM,IAAI,oBAAoB,gHAAgH,IAAI,EAAE;AACjM,SAAW,UAAM,MAAM,IAAI;AAC7B,CAAC;AAED,eAAsB,YACpB,QACA,KACA,SAC2B;AAC3B,MAAI;AACF,WAAO,MAAM,OAAO,SAAS,KAAK;AAAA,MAChC,GAAG,KAAK,WAAW,CAAC,GAAG,CAAC,eAAe,CAAC;AAAA,MACxC,SAAS;AAAA,QACP,GAAG,SAAS;AAAA,QACZ,oBAAoB,SAAS,kBAAkB;AAAA,MACjD;AAAA,IACF,CAAC;AAAA,EACH,SAAS,OAAO;AACd,QAAI,iBAAiB,2BAA2B;AAC9C,YAAM,gBAAgB,SAAS;AAC/B,UAAI,CAAC,cAAe,OAAM,IAAI,YAAY,4BAA4B;AAGtE,UAAI,gBAAgB,MAAM;AAC1B,YAAM,YAAY,CAAC;AACnB,aAAO,cAAc,SAAS,GAAG;AAC/B,YAAI,cAAc,WAAW,GAAG,GAAG;AACjC,gBAAM,QAAQ,cAAc,QAAQ,GAAG;AACvC,cAAI,QAAQ,EAAG,OAAM,IAAI,oBAAoB,cAAc;AAC3D,oBAAU,KAAK,KAAK,MAAM,cAAc,MAAM,GAAG,KAAK,CAAC,CAAC;AACxD,0BAAgB,cAAc,MAAM,QAAQ,CAAC;AAAA,QAC/C,OAAO;AACL,cAAI,WAAW,cAAc,QAAQ,GAAG;AACxC,cAAI,aAAa,GAAI,YAAW,cAAc;AAC9C,oBAAU,KAAK,cAAc,MAAM,GAAG,QAAQ,CAAC;AAC/C,0BAAgB,cAAc,MAAM,WAAW,CAAC;AAAA,QAClD;AAAA,MACF;AAEA,YAAM,SAAS,eAAe,GAAG;AACjC,UAAI,KAAK;AACT,iBAAW,SAAS,UAAU,MAAM,GAAG,EAAE,GAAG;AAC1C,YAAI,CAAC,OAAO,UAAU,eAAe,KAAK,IAAI,KAAK,GAAG;AACpD,gBAAM,IAAI,oBAAoB,WAAW,KAAK,YAAY,MAAM,IAAI,sBAAsB;AAAA,QAC5F;AACA,aAAM,GAAW,KAAK;AAAA,MACxB;AACA,MAAC,GAAW,UAAU,UAAU,SAAS,CAAC,CAAC,IAAI;AAE/C,aAAO,MAAM,YAAY,QAAQ,QAAQ,OAAO;AAAA,IAClD;AACA,UAAM;AAAA,EACR;AACF;AAEA,IAAM,iBAAiB,CAAC,aAAqB,gCAAgC,QAAQ;AACrF,IAAM,0BAA0B,CAAC,aAAqB,kBAAkB,QAAQ;AAChF,IAAM,6BAA6B,CAAC,aAAqB;AACzD,IAAM,qCAAqC,CAAC,aAAqB;AACjE,IAAM,8BAA8B,CAAC,aAAqB,gCAAgC,QAAQ;AAClG,IAAM,6BAA6B,CAAC,aAAqB,gIAAgI,QAAQ;AACjM,IAAM,uBAAuB,CAAC,aAAqB;AACnD,IAAM,8BAA8B,CAAC,aAAqB,gBAAgB,QAAQ,gBAAgB,qBAAqB,QAAQ,CAAC;AAChI,IAAM,+BAA+B,+BAA+B,oBAAoB;AACxF,IAAM,iCAAiC,qCAAqC,oBAAoB;AAOzF,SAAS,aAAmF,MAA2C;AAE5I,SAAW,WAAO,GAAG,IAAI;AAC3B;AACO,SAAS,aAAmF,MAA2C;AAE5I,SAAW,WAAO,GAAG,IAAI;AAC3B;AACO,SAAS,cAAqF,MAA4C;AAE/I,SAAW,YAAQ,GAAG,IAAI;AAC5B;AAIO,SAAS,WAA+E,MAAyC;AAEtI,SAAW,SAAK,GAAG,IAAI;AACzB;AACO,SAAS,YAA0B,MAAuC;AAE/E,SAAW,UAAM,GAAG,IAAI;AAC1B;AACO,SAAS,YAAyE,MAA0C;AAEjI,SAAW,UAAM,GAAG,IAAI;AAC1B;AACO,SAAS,YAA+C,MAAuC;AAEpG,SAAW,UAAS,GAAG,IAAI;AAC7B;AACO,SAAS,aAA4E,MAA2C;AAErI,QAAMA,UAAa,WAAO,GAAG,IAAI,EAAE;AAAA,IACjC;AAAA,IACA,CAAC,EAAE,KAAK,MAAM,GAAG,IAAI;AAAA,IACrB,CAAC,OAAY,YAAY;AACvB,UAAI,QAAQ,QAAQ,SAAS,uBAAuB,KAAK,CAAC,WAAmB,QAAQ,KAAK,WAAW,MAAM,CAAC,GAAG;AAC7G,YAAI,QAAQ,OAAO,KAAK,cAAc,OAAO;AAC3C,gBAAM,gBAAgB,IAAI,IAAI,OAAO,KAAK,QAAQ,OAAO,MAAM,CAAC;AAChE,gBAAM,cAAc,OAAO,KAAK,SAAS,CAAC,CAAC,EAAE,OAAO,SAAO,CAAC,cAAc,IAAI,GAAG,CAAC;AAClF,cAAI,YAAY,SAAS,GAAG;AAE1B,mBAAO,QAAQ,YAAY;AAAA,cACzB,SAAS,GAAG,QAAQ,QAAQ,QAAQ,iCAAiC,YAAY,KAAK,IAAI,CAAC;AAAA,cAC3F,MAAM,QAAQ;AAAA,cACd,QAAQ,EAAE,aAAa,cAAc;AAAA,YACvC,CAAC;AAAA,UACH;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAGA,SAAOA,QAAO,QAAQ,MAAS;AACjC;AAEO,SAAS,WAAmC;AACjD,SAAO,SAAS,EAAE,KAAK,SAAS,sCAAsC,MAAM,KAAK;AACnF;AAEO,SAAS,YAA0C,MAAoD;AAC5G,MAAI,KAAK,WAAW,EAAG,OAAM,IAAI,MAAM,wCAAwC;AAE/E,QAAM,CAAC,KAAK,IAAI;AAChB,QAAM,YAAY,MAAM,SAAS;AACjC,aAAW,UAAU,MAAM;AACzB,UAAM,OAAO,OAAO,SAAS;AAC7B,QAAI,KAAK,SAAS,UAAU,KAAM,OAAM,IAAI,oBAAoB,qDAAqD,UAAU,IAAI,QAAQ,KAAK,IAAI,KAAK,EAAE,OAAO,QAAQ,WAAW,KAAK,CAAC;AAAA,EAC7L;AAEA,SAAO,SAAS,EAAE,KAAK,aAAa,iBAAiB,OAAO,OAAO,YAAY;AAC7E,UAAM,SAAS,CAAC;AAChB,eAAW,UAAU,MAAM;AACzB,UAAI;AACF,cAAM,YAAY,QAAQ,OAAO,QAAQ,OAAO;AAChD,eAAO;AAAA,MACT,SAAS,GAAG;AACV,eAAO,KAAK,CAAC;AAAA,MACf;AAAA,IACF;AACA,WAAO,QAAQ,YAAY;AAAA,MACzB,SAAS,GAAG,QAAQ,IAAI;AAAA,EAAoD,OAAO,IAAI,CAAC,GAAQ,MAAM,aAAc,IAAI,WAAa,EAAE,OAAO,KAAK,MAAQ,CAAC,EAAE,KAAK,IAAI,CAAC;AAAA,MACxK,MAAM,QAAQ;AAAA,IAChB,CAAC;AAAA,EACH,CAAC;AACH;AAEO,SAAS,UACd,WACA,aACmD;AACnD,SAAO,UAAU,EAAE,QAAQ,IAAI,EAAE;AAAA,IAC/B;AAAA,IACA;AAAA,IACA,eAAgB,OAAgB,SAA0B;AACxD,UAAI,SAAS,KAAM,QAAO;AAC1B,YAAM,EAAE,MAAM,YAAY,IAAI;AAC9B,UAAI,OAAO,UAAU,UAAU;AAC7B,eAAO,YAAY,EAAE,SAAS,GAAG,IAAI,qBAAqB,CAAC;AAAA,MAC7D;AAGA,iBAAW,OAAO,OAAO,KAAK,KAAK,GAAG;AAEpC,cAAM,YAAY,WAAW,KAAK,QAAQ,OAAO;AAGjD,YAAI;AACF,gBAAM,YAAY,aAAc,MAAkC,GAAG,GAAG;AAAA,YACtE,GAAG,QAAQ;AAAA,YACX,SAAS;AAAA,cACP,GAAG,QAAQ,QAAQ;AAAA,cACnB,MAAM,OAAO,GAAG,IAAI,IAAI,GAAG,KAAK;AAAA,YAClC;AAAA,UACF,CAAC;AAAA,QACH,SAAS,GAAQ;AACf,iBAAO,YAAY;AAAA,YACjB,MAAM,OAAO,GAAG,IAAI,IAAI,GAAG,KAAK;AAAA,YAChC,SAAS,EAAE;AAAA,UACb,CAAC;AAAA,QACH;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA,EACF;AACF;AAEO,SAAS,mBAA4C,QAA4D;AACtH,MAAI,EAAE,kBAAsB,kBAAe,OAAM,IAAI,oBAAoB,sDAAsD,OAAO,SAAS,EAAE,IAAI,EAAE;AACvJ,SAAO;AACT;AAGO,IAAM,cAAc,SAA6B;AAIjD,IAAM,YAAY,UAAU,EAAE,KAAK;AAAA,EACxC,MAAM;AAAA,EACN,SAAS,CAAC,WAAW,GAAG,OAAO,IAAI;AAAA,EACnC,MAAM,CAAC,UAAU,SAAS,QAAQ,CAAC,MAAM,SAAS,GAAG;AACvD,CAAC,EAAE,KAAK;AAAA,EACN,MAAM;AAAA,EACN,SAAS,CAAC,WAAW,GAAG,OAAO,IAAI;AAAA,EACnC,MAAM,CAAC,UAAU,SAAS,QAAQ,WAAW,KAAK;AACpD,CAAC;AACM,IAAM,aAAa,SAAS,EAAE,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAC,UAAU,KAAK,MAAM,KAAK,UAAU,KAAK,CAAC,CAAC;AACzG,IAAM,mBAAmB,UAAU,EAAE,KAAK,QAAQ,CAAC,WAAW,GAAG,OAAO,IAAI,sBAAsB,CAAC,UAAU;AAClH,MAAI,SAAS,KAAM,QAAO;AAC1B,MAAI;AACF,SAAK,MAAM,KAAK;AAChB,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF,CAAC;AACM,IAAM,0BAA0B,UAAU,EAAE,KAAK,QAAQ,CAAC,WAAW,GAAG,OAAO,IAAI,sBAAsB,CAAC,UAAU;AACzH,MAAI,CAAC,MAAO,QAAO;AACnB,MAAI;AACF,SAAK,MAAM,KAAK;AAChB,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF,CAAC;AACM,IAAM,eAAe,UAAU,EAAE,KAAK,aAAa,CAAC,WAAW,GAAG,OAAO,IAAI,wBAAwB,CAAC,UAAU;AACrH,MAAI,SAAS,KAAM,QAAO;AAC1B,SAAO,SAAS,KAAK;AACvB,CAAC;AACM,IAAM,iBAAiB,UAAU,EAAE,IAAI,EAAE;AAUzC,IAAM,oBAAoB,CAAC,YAAgC,UAAU,EAAE,MAAM,OAAO,EAAE,QAAQ,mCAAmC,OAAO;AAExI,IAAM,cAAc,UAAU,EAAE,MAAM;AA+BtC,IAAM,+BAA+B,UAAU,EAAE,MAAM,CAAC,UAAU,UAAU,OAAO,CAAC,EAAE,QAAQ;AAC9F,IAAM,+BAA+B,UAAU,EAAE,MAAM,CAAC,UAAU,OAAO,CAAC,EAAE,QAAQ;AACpF,IAAM,sBAAsB,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,QAAQ;AAGjE,IAAM,kBAAkB,UAAU,EAAE,KAAK,CAAC,MAAM,MAAM,UAAa,MAAM,cAAc,OAAO,CAAC,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,eAAe,SAAS,GAAG,cAAc,uCAAuC,EAAE,CAAC;AACzN,IAAM,2BAA2B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,wBAAwB,SAAS,GAAG,cAAc,UAAU,EAAE,CAAC;AAChJ,IAAM,2BAA2B,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,+CAA+C,cAAc,4BAA4B,EAAE,CAAC;AACxL,IAAM,+BAA+B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,4BAA4B,SAAS,GAAG,cAAc,OAAc,EAAE,CAAC;AAC5J,IAAM,yBAAyB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,uCAAuC,cAAc,GAAG,EAAE,CAAC;AAC1I,IAAM,gCAAgC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,6CAA6C,cAAc,KAAK,EAAE,CAAC;AAE1J,IAAM,wBAAwB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,eAAe,gBAAgB,GAAG,cAAc,uCAAuC,EAAE,CAAC;AACxK,IAAM,8BAA8B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,yGAAyG,cAAc,KAAK,EAAE,CAAC;AACpN,IAAM,kCAAkC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,gEAAgE,cAAc,KAAK,EAAE,CAAC;AAC/K,IAAM,gCAAgC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,iEAAiE,cAAc,KAAK,EAAE,CAAC;AAC9K,IAAM,8BAA8B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,8DAA8D,cAAc,KAAK,EAAE,CAAC;AACzK,IAAM,yCAAyC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,yCAAyC,cAAc,KAAK,EAAE,CAAC;AAC/J,IAAM,yCAAyC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qEAAqE,cAAc,KAAK,EAAE,CAAC;AAC3L,IAAM,6BAA6B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,oNAAoN,cAAc,KAAK,EAAE,CAAC;AAC9T,IAAM,iCAAiC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qEAAqE,cAAc,KAAK,EAAE,CAAC;AAEnL,IAAM,gBAAgB,UAAU,EAAE,MAAM,YAAY,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,6BAA6B,aAAa,IAAI,OAAK,KAAK,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,IAAI,cAAc,SAAS,EAAE,CAAC;AACjM,IAAM,qBAAqB,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,8IAA8I,cAAc,KAAK,EAAE,CAAC;AAChP,IAAM,kBAAkB,UAAU,EAAE,MAAM,CAAC,UAAU,UAAU,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,6OAA6O,cAAc,WAAW,EAAE,CAAC;AAC/W,IAAM,sBAAsB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qEAAqE,cAAc,yBAAyB,EAAE,CAAC;AAC3L,IAAM,0BAA0B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,yEAAyE,cAAc,6BAA6B,EAAE,CAAC;AACvM,IAAM,8BAA8B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,2MAA2M,EAAE,CAAC;AAClS,IAAM,+BAA+B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,6JAA6J,EAAE,CAAC;AACrP,IAAM,kCAAkC,UAAU,EAAE,MAAM,CAAC,eAAe,eAAe,kBAAkB,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,+NAA+N,cAAc,cAAc,EAAE,CAAC;AAEhZ,IAAM,kBAAkB,UAAU,EAAE,MAAM,CAAC,UAAU,UAAU,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,uNAAuN,cAAc,WAAW,EAAE,CAAC;AACzV,IAAM,wBAAwB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,uEAAuE,cAAc,QAAQ,EAAE,CAAC;AAC9K,IAAM,kBAAkB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,gEAAgE,cAAc,uBAAuB,EAAE,CAAC;AAChL,IAAM,kBAAkB,UAAU,EAAE,IAAI,CAAC,EAAE,IAAI,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,gEAAgE,cAAc,IAAI,EAAE,CAAC;AAC/K,IAAM,sBAAsB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,oEAAoE,cAAc,aAAa,EAAE,CAAC;AAC9K,IAAM,yBAAyB,YAAY,KAAK,EAAE,cAAc,EAAE,aAAa,wEAAwE,cAAc,0BAA0B,EAAE,CAAC;AAClM,IAAM,sBAAsB,eAAe,KAAK,EAAE,cAAc,EAAE,aAAa,oEAAoE,cAAc,sBAAsB,EAAE,CAAC;AAE1L,IAAM,oBAAoB,UAAU,EAAE,KAAK,mBAAmB,kCAAkC,CAAC,UAAU,OAAO,WAAW,GAAG,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,0HAA0H,cAAc,WAAW,EAAE,CAAC;AAG7T,IAAM,4BAAN,cAAwC,MAAM;AAAA,EACnD,YAA4B,MAAc;AACxC,UAAM,2FAA2F,IAAI,iJAAiJ;AAD5N;AAAA,EAE5B;AACF;AACA,IAAM,uBAAuB;AACtB,IAAM,mBAAmB,UAAU,EAAE,KAAK,EAAE,UAAU,OAAK;AAChE,MAAI,MAAM,KAAM,QAAO;AAAA,MAClB,QAAO;AACd,CAAC,EAAE,KAAK,CAAC,GAAG,YAAY;AACtB,MAAI,EAAE,yBAAyB,QAAQ,QAAQ,WAAW,CAAC,IAAK,OAAM,IAAI,oBAAoB,yJAA0J;AACxP,MAAI,CAAC,QAAQ,QAAQ,SAAS,mBAAoB,OAAM,IAAI,oBAAoB,uHAAwH;AACxM,MAAI,MAAM,qBAAsB,OAAM,IAAI,0BAA0B,QAAQ,IAAI;AAChF,SAAO;AACT,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,sFAAsF,cAAc,uCAAuC,EAAE,CAAC;AAC9K,IAAM,eAAe,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,eAAe,MAAM,GAAG,cAAc,uCAAuC,EAAE,CAAC;AAC5J,IAAM,qBAAqB,YAAY,KAAK,EAAE,cAAc,EAAE,aAAa,iBAAiB,cAAc,sBAAsB,EAAE,CAAC;AACnI,IAAM,gCAAgC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qKAAqK,cAAc,KAAK,EAAE,CAAC;AAClR,IAAM,6BAA6B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,sEAAsE,cAAc,KAAK,EAAE,CAAC;AAChL,IAAM,wBAAwB,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,wBAAwB,MAAM,GAAG,cAAc,WAAW,EAAE,CAAC;AACtJ,IAAM,uBAAuB,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,iDAAiD,cAAc,UAAU,EAAE,CAAC;AAChK,IAAM,wBAAwB,UAAU,IAAI,GAAO,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,4BAA4B,MAAM,GAAG,cAAc,gCAAgC,EAAE,CAAC;AAC/K,IAAM,yBAAyB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,8BAA8B,cAAc,OAAc,EAAE,CAAC;AAC5I,IAAM,2BAA2B,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,2BAA2B,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtJ,IAAM,mCAAmC,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,mCAAmC,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtK,IAAM,2BAA2B,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,2BAA2B,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtJ,IAAM,0BAA0B,UAAU;AAAA,EAC/C,IAAI,UAAU,EAAE,QAAQ;AAAA,EACxB,MAAM,UAAU,EAAE,MAAM,YAAY,EAAE,QAAQ;AAAA,EAC9C,kBAAkB,UAAU,EAAE,QAAQ;AACxC,CAAC;AACM,IAAM,+BAA+B,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,gCAAgC,cAAc,OAAc,EAAE,CAAC;AAC/J,IAAM,+BAA+B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,MAAM,aAAa,yCAAyC,cAAc,MAAM,EAAE,CAAC;AACpK,IAAM,2BAA2B,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,MAAM,aAAa,iDAAiD,cAAc,KAAK,EAAE,CAAC;AACvK,IAAM,mCAAmC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,MAAM,aAAa,mHAAmH,cAAc,KAAK,EAAE,CAAC;AACjP,IAAM,wBAAwB,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,QAAQ,MAAM,aAAa,wIAAwI,cAAc,KAAK,EAAE,CAAC;AAC3P,IAAM,6BAA6B,eAAe,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,oEAAqE,cAAc,kBAAkB,EAAE,CAAC,EAAE,IAAI,EAAE;AACjN,IAAM,iCAAiC,UAAU,EACrD,SAAS,EACT,KAAK,EAAE,cAAc,EAAE,aAAa,sNAAuN,EAAE,CAAC;AAC1P,IAAM,+BAA+B,aAAa,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,gFAAgF,cAAc,mBAAmB,EAAE,CAAC;AAGrN,IAAM,oBAAoB,kBAAkB,MAAS,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,8BAA8B,cAAc,sBAAsB,EAAE,CAAC;AAChK,IAAM,kCAAkC,UAAU,KAAK,EAAE,cAAc,EAAE,aAAa,gNAAgN,cAAc,kDAAkD,EAAE,CAAC;AACzW,IAAM,qCAAqC,UAAU,KAAK,EAAE,cAAc,EAAE,aAAa,mPAAmP,cAAc,iDAAiD,EAAE,CAAC;AAC9Y,IAAM,4BAA4B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,sEAAsE,cAAc,wBAAwB,EAAE,CAAC;AACjM,IAAM,6BAA6B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,0EAA0E,cAAc,iBAAiB,EAAE,CAAC;AAC/L,IAAM,uBAAuB,UAAU;AAAA,EAC5C,eAAe,2BAA2B,QAAQ;AAAA,EAClD,cAAc,0BAA0B,QAAQ;AAAA,EAChD,aAAa,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,kCAAkC,cAAc,KAAK,EAAE,CAAC,EAAE,QAAQ;AAAA,EAChI,SAAS,aAAa,QAAQ;AAChC,CAAC;AAGM,IAAM,wBAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AACO,IAAM,+BAA+B,UAAU,EACnD,QAAQ,oBAAoB,yFAAyF,EACrH,KAAK,wBAAwB,oDAAoD,CAAC,OAAO,QAAQ;AAChG,MAAI,CAAC,MAAO,QAAO;AACnB,MAAI,MAAM,WAAW,GAAG,KAAK,CAAC,sBAAsB,SAAS,KAAY,GAAG;AAC1E,WAAO,IAAI,YAAY,EAAE,SAAS,4BAA4B,CAAC;AAAA,EACjE;AACA,SAAO;AACT,CAAC,EACA,KAAK,EAAE,cAAc,EAAE,aAAa,+LAA+L,sBAAsB,IAAI,OAAK,KAAK,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,IAAI,cAAc,mBAAmB,EAAE,CAAC;AAC5T,IAAM,qCAAqC,UAAU,EACzD,QAAQ,iBAAiB,uDAAuD,EAChF,KAAK,EAAE,cAAc,EAAE,aAAa,kIAAkI,cAAc,mBAAmB,EAAE,CAAC;AACtM,IAAM,kCAAkC,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,kDAAkD,cAAc,0BAA0B,EAAE,CAAC;AACrL,IAAM,+BAA+B,SAAS,6BAA6B,QAAQ,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,oEAAoE,cAAc,CAAC,kBAAkB,EAAE,EAAE,CAAC;AAGpO,IAAM,eAAe,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,eAAe,MAAM,GAAG,cAAc,uCAAuC,EAAE,CAAC;AAC5J,IAAM,wBAAwB,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,wBAAwB,MAAM,GAAG,cAAc,UAAU,EAAE,CAAC;AAC1I,IAAM,4BAA4B,UAAU,IAAI,GAAO,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,4BAA4B,MAAM,GAAG,cAAc,gCAAgC,EAAE,CAAC;AACnL,IAAM,2BAA2B,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,2BAA2B,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtJ,IAAM,mCAAmC,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,mCAAmC,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtK,IAAM,2BAA2B,WAAW,KAAK,EAAE,cAAc,EAAE,aAAa,2BAA2B,MAAM,GAAG,cAAc,EAAE,KAAK,QAAQ,EAAE,EAAE,CAAC;AACtJ,IAAM,4BAA4B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,4BAA4B,MAAM,GAAG,cAAc,OAAc,EAAE,CAAC;AACtJ,IAAM,4BAA4B,YAAY,KAAK,EAAE,cAAc,EAAE,aAAa,oCAAoC,cAAc,sBAAsB,EAAE,CAAC;AAC7J,IAAM,kCAAkC,UAAU,KAAK,EAAE,cAAc,EAAE,aAAa,uNAAuN,cAAc,8CAA8C,EAAE,CAAC;AAC5W,IAAM,0BAA0B,iBAAiB,KAAK,EAAE,cAAc,EAAE,aAAa,wKAAwK,cAAc,KAAK,EAAE,CAAC;AAGnR,IAAM,8BAA8B,UAAU,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,wBAAwB,aAAa,IAAI,kEAAkE,cAAc,WAAW,EAAE,CAAC;AAC3N,IAAM,kCAAkC,UAAU,IAAI,GAAO,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,4BAA4B,aAAa,GAAG,cAAc,gCAAgC,EAAE,CAAC;AAGhM,IAAM,yBAAyB,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,eAAe,iBAAiB,GAAG,cAAc,uCAAuC,EAAE,CAAC;AACjL,IAAM,2BAA2B,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,yEAAyE,cAAc,QAAQ,EAAE,CAAC;AACpM,IAAM,4BAA4B,UAAU,EAAE,KAAK,QAAQ;AAAA,EAChE,IAAI;AAAA,EACJ,MAAM,CAAC,WAAW,OAAO,MAAM;AACjC,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,sFAAsF,cAAc,sBAAsB,EAAE,CAAC;AAC7J,IAAM,kCAAkC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,qKAAqK,cAAc,KAAK,EAAE,CAAC;AACpR,IAAM,iCAAiC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,yIAAyI,cAAc,KAAK,EAAE,CAAC;AACvP,IAAM,gCAAgC,WAAW,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,0JAA0J,cAAc,KAAK,EAAE,CAAC;AAGvQ,IAAM,iCAAiC,UAAU,EAAE,KAAK,iCAAiC,+DAA+D,CAAC,UAAU;AACxK,MAAI,CAAC,MAAO,QAAO;AACnB,SAAO,+BAA+B,KAAK,MAAM;AACnD,CAAC;AAGM,IAAM,gCAAgC,+BAA+B,KAAK,gCAAgC,oGAAoG,CAAC,UAAU;AAC9N,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,CAAC,UAAU,YAAY,IAAI,+BAA+B,KAAK,KAAK,SAAS,+FAA+F,KAAK,EAAE;AACzL,aAAW,oBAAoB,KAAK,MAAM,QAAQ,IAAI,yCAAyC,IAAI,GAAG;AACpG,QAAI,aAAa,iBAAiB,aAAa,iBAAiB,iBAAiB,cAAe,QAAO;AAAA,EACzG;AACA,SAAO;AACT,CAAC;AAGM,SAAS,eACd,QACA,UACG;AACH,QAAM,UAAU,OAAO,QAAQ,QAAQ;AACvC,SAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,MAAM,GAAG,GAAG;AAAA,IAC9C,IAAI,IAAI,WAAkB,QAAQ,MAAM,CAAC,CAAC,KAAK,KAAK,GAAG,UAAU,UAAU,OAAO,KAAK,CAAC;AAAA,IACxF,MAAM,CAACC,YAAcA,QAAO,QAAQ;AAAA,IACpC,WAAW,CAACA,YAAcA,QAAO,SAAS;AAAA,EAC5C,CAAC;AACH;AAEO,SAAS,0BACd,QACA,UACG;AACH,QAAM,UAAU,OAAO,QAAQ,QAAQ;AACvC,SAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,GAAG,MAAM,GAAG,GAAG;AAAA,IAC9C,IAAI,IAAI,WAAkB,QAAQ,MAAM,CAAC,CAAC,KAAK,KAAK,GAAG,UAAU,UAAU,OAAO,KAAK,CAAC;AAAA,IACxF,MAAM,CAACA,YAAcA,QAAO,QAAQ,EAAE,SAAS;AAAA,IAC/C,WAAW,CAACA,YAAcA,QAAO,SAAS;AAAA,EAC5C,CAAC;AACH;","names":["object","schema"]}

package/dist/esm/sessions.js

@@ -0,0 +1,168 @@
+// src/sessions.ts
+import * as jose from "jose";
+import { StackAssertionError } from "./utils/errors";
+import { Store } from "./utils/stores";
+var AccessToken = class {
+  constructor(token) {
+    this.token = token;
+    if (token === "undefined") {
+      throw new StackAssertionError("Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!");
+    }
+  }
+  get decoded() {
+    return jose.decodeJwt(this.token);
+  }
+  get expiresAt() {
+    const { exp } = this.decoded;
+    if (exp === void 0) return /* @__PURE__ */ new Date(864e13);
+    return new Date(exp * 1e3);
+  }
+  /**
+   * @returns The number of milliseconds until the access token expires, or 0 if it has already expired.
+   */
+  get expiresInMillis() {
+    return Math.max(0, this.expiresAt.getTime() - Date.now());
+  }
+  isExpired() {
+    return this.expiresInMillis <= 0;
+  }
+};
+var RefreshToken = class {
+  constructor(token) {
+    this.token = token;
+    if (token === "undefined") {
+      throw new StackAssertionError("Refresh token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!");
+    }
+  }
+};
+var InternalSession = class _InternalSession {
+  constructor(_options) {
+    this._options = _options;
+    /**
+     * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).
+     *
+     * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is
+     * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to
+     * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed
+     * in an access token, eg. in a server-side request handler).
+     */
+    this._knownToBeInvalid = new Store(false);
+    this._refreshPromise = null;
+    this._accessToken = new Store(_options.accessToken ? new AccessToken(_options.accessToken) : null);
+    this._refreshToken = _options.refreshToken ? new RefreshToken(_options.refreshToken) : null;
+    if (_options.accessToken === null && _options.refreshToken === null) {
+      this._knownToBeInvalid.set(true);
+    }
+    this.sessionKey = _InternalSession.calculateSessionKey({ accessToken: _options.accessToken ?? null, refreshToken: _options.refreshToken });
+  }
+  static calculateSessionKey(ofTokens) {
+    if (ofTokens.refreshToken) {
+      return `refresh-${ofTokens.refreshToken}`;
+    } else if (ofTokens.accessToken) {
+      return `access-${ofTokens.accessToken}`;
+    } else {
+      return "not-logged-in";
+    }
+  }
+  isKnownToBeInvalid() {
+    return this._knownToBeInvalid.get();
+  }
+  /**
+   * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.
+   */
+  markInvalid() {
+    this._accessToken.set(null);
+    this._knownToBeInvalid.set(true);
+  }
+  onInvalidate(callback) {
+    return this._knownToBeInvalid.onChange(() => callback());
+  }
+  /**
+   * Returns the access token if it is found in the cache, fetching it otherwise.
+   *
+   * This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).
+   *
+   * @returns null if the session is known to be invalid, cached tokens if they exist in the cache (which may or may not be valid still), or new tokens otherwise.
+   */
+  async getOrFetchLikelyValidTokens(minMillisUntilExpiration) {
+    if (minMillisUntilExpiration >= 6e4) {
+      throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);
+    }
+    const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();
+    if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) {
+      const newTokens = await this.fetchNewTokens();
+      const expiresInMillis = newTokens?.accessToken.expiresInMillis;
+      if (expiresInMillis && expiresInMillis < minMillisUntilExpiration) {
+        throw new StackAssertionError(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short when they're generated (${expiresInMillis}ms)`);
+      }
+      return newTokens;
+    }
+    return { accessToken, refreshToken: this._refreshToken };
+  }
+  /**
+   * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.
+   *
+   * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.
+   *
+   * In most cases, you should prefer `getOrFetchLikelyValidTokens`.
+   *
+   * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).
+   */
+  async fetchNewTokens() {
+    const accessToken = await this._getNewlyFetchedAccessToken();
+    return accessToken ? { accessToken, refreshToken: this._refreshToken } : null;
+  }
+  markAccessTokenExpired(accessToken) {
+    if (this._accessToken.get() === accessToken) {
+      this._accessToken.set(null);
+    }
+  }
+  /**
+   * Note that a callback invocation with `null` does not mean the session has been invalidated; the access token may just have expired. Use `onInvalidate` to detect invalidation.
+   */
+  onAccessTokenChange(callback) {
+    return this._accessToken.onChange(callback);
+  }
+  /**
+   * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.
+   */
+  _getPotentiallyInvalidAccessTokenIfAvailable() {
+    if (!this._refreshToken) return null;
+    if (this.isKnownToBeInvalid()) return null;
+    const accessToken = this._accessToken.get();
+    if (accessToken && !accessToken.isExpired()) return accessToken;
+    return null;
+  }
+  /**
+   * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.
+   *
+   * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.
+   */
+  async _getNewlyFetchedAccessToken() {
+    if (!this._refreshToken) return null;
+    if (this._knownToBeInvalid.get()) return null;
+    if (!this._refreshPromise) {
+      this._refreshAndSetRefreshPromise(this._refreshToken);
+    }
+    return await this._refreshPromise;
+  }
+  _refreshAndSetRefreshPromise(refreshToken) {
+    let refreshPromise = this._options.refreshAccessTokenCallback(refreshToken).then((accessToken) => {
+      if (refreshPromise === this._refreshPromise) {
+        this._refreshPromise = null;
+        this._accessToken.set(accessToken);
+        if (!accessToken) {
+          this.markInvalid();
+        }
+      }
+      return accessToken;
+    });
+    this._refreshPromise = refreshPromise;
+  }
+};
+export {
+  AccessToken,
+  InternalSession,
+  RefreshToken
+};
+//# sourceMappingURL=sessions.js.map

package/dist/esm/sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/sessions.ts"],"sourcesContent":["import * as jose from 'jose';\nimport { StackAssertionError } from \"./utils/errors\";\nimport { Store } from \"./utils/stores\";\n\nexport class AccessToken {\n  constructor(\n    public readonly token: string,\n  ) {\n    if (token === \"undefined\") {\n      throw new StackAssertionError(\"Access token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n    }\n  }\n\n  get decoded() {\n    return jose.decodeJwt(this.token);\n  }\n\n  get expiresAt(): Date {\n    const { exp } = this.decoded;\n    if (exp === undefined) return new Date(8640000000000000);  // max date value\n    return new Date(exp * 1000);\n  }\n\n  /**\n   * @returns The number of milliseconds until the access token expires, or 0 if it has already expired.\n   */\n  get expiresInMillis(): number {\n    return Math.max(0, this.expiresAt.getTime() - Date.now());\n  }\n\n  isExpired(): boolean {\n    return this.expiresInMillis <= 0;\n  }\n}\n\nexport class RefreshToken {\n  constructor(\n    public readonly token: string,\n  ) {\n    if (token === \"undefined\") {\n      throw new StackAssertionError(\"Refresh token is the string 'undefined'; it's unlikely this is the correct value. They're supposed to be unguessable!\");\n    }\n  }\n}\n\n/**\n * An InternalSession represents a user's session, which may or may not be valid. It may contain an access token, a refresh token, or both.\n *\n * A session never changes which user or session it belongs to, but the tokens in it may change over time.\n */\nexport class InternalSession {\n  /**\n  * Each session has a session key that depends on the tokens inside. If the session has a refresh token, the session key depends only on the refresh token. If the session does not have a refresh token, the session key depends only on the access token.\n  *\n  * Multiple Session objects may have the same session key, which implies that they represent the same session by the same user. Furthermore, a session's key never changes over the lifetime of a session object.\n  *\n  * This is useful for caching and indexing sessions.\n  */\n  public readonly sessionKey: string;\n\n  /**\n   * An access token that is not known to be invalid (ie. may be valid, but may have expired).\n   */\n  private _accessToken: Store<AccessToken | null>;\n  private readonly _refreshToken: RefreshToken | null;\n\n  /**\n   * Whether the session as a whole is known to be invalid (ie. both access and refresh tokens are invalid). Used as a cache to avoid making multiple requests to the server (sessions never go back to being valid after being invalidated).\n   *\n   * It is possible for the access token to be invalid but the refresh token to be valid, in which case the session is\n   * still valid (just needs a refresh). It is also possible for the access token to be valid but the refresh token to\n   * be invalid, in which case the session is also valid (eg. if the refresh token is null because the user only passed\n   * in an access token, eg. in a server-side request handler).\n   */\n  private _knownToBeInvalid = new Store<boolean>(false);\n\n  private _refreshPromise: Promise<AccessToken | null> | null = null;\n\n  constructor(private readonly _options: {\n    refreshAccessTokenCallback(refreshToken: RefreshToken): Promise<AccessToken | null>,\n    refreshToken: string | null,\n    accessToken?: string | null,\n  }) {\n    this._accessToken = new Store(_options.accessToken ? new AccessToken(_options.accessToken) : null);\n    this._refreshToken = _options.refreshToken ? new RefreshToken(_options.refreshToken) : null;\n    if (_options.accessToken === null && _options.refreshToken === null) {\n      // this session is already invalid\n      this._knownToBeInvalid.set(true);\n    }\n    this.sessionKey = InternalSession.calculateSessionKey({ accessToken: _options.accessToken ?? null, refreshToken: _options.refreshToken });\n  }\n\n  static calculateSessionKey(ofTokens: { refreshToken: string | null, accessToken?: string | null }): string {\n    if (ofTokens.refreshToken) {\n      return `refresh-${ofTokens.refreshToken}`;\n    } else if (ofTokens.accessToken) {\n      return `access-${ofTokens.accessToken}`;\n    } else {\n      return \"not-logged-in\";\n    }\n  }\n\n  isKnownToBeInvalid() {\n    return this._knownToBeInvalid.get();\n  }\n\n  /**\n   * Marks the session object as invalid, meaning that the refresh and access tokens can no longer be used.\n   */\n  markInvalid() {\n    this._accessToken.set(null);\n    this._knownToBeInvalid.set(true);\n  }\n\n  onInvalidate(callback: () => void): { unsubscribe: () => void } {\n    return this._knownToBeInvalid.onChange(() => callback());\n  }\n\n  /**\n   * Returns the access token if it is found in the cache, fetching it otherwise.\n   *\n   * This is usually the function you want to call to get an access token. Either set `minMillisUntilExpiration` to a reasonable value, or catch errors that occur if it expires, and call `markAccessTokenExpired` to mark the token as expired if so (after which a call to this function will always refetch the token).\n   *\n   * @returns null if the session is known to be invalid, cached tokens if they exist in the cache (which may or may not be valid still), or new tokens otherwise.\n   */\n  async getOrFetchLikelyValidTokens(minMillisUntilExpiration: number): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n    if (minMillisUntilExpiration >= 60_000) {\n      throw new Error(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short to be used for more than 60s`);\n    }\n\n    const accessToken = this._getPotentiallyInvalidAccessTokenIfAvailable();\n    if (!accessToken || accessToken.expiresInMillis < minMillisUntilExpiration) {\n      const newTokens = await this.fetchNewTokens();\n      const expiresInMillis = newTokens?.accessToken.expiresInMillis;\n      if (expiresInMillis && expiresInMillis < minMillisUntilExpiration) {\n        throw new StackAssertionError(`Required access token expiry ${minMillisUntilExpiration}ms is too long; access tokens are too short when they're generated (${expiresInMillis}ms)`);\n      }\n      return newTokens;\n    }\n    return { accessToken, refreshToken: this._refreshToken };\n  }\n\n  /**\n   * Fetches new tokens that are, at the time of fetching, guaranteed to be valid.\n   *\n   * The newly generated tokens are short-lived, so it's good practice not to rely on their validity (if possible). However, this function is useful in some cases where you only want to pass access tokens to a service, and you want to make sure said access token has the longest possible lifetime.\n   *\n   * In most cases, you should prefer `getOrFetchLikelyValidTokens`.\n   *\n   * @returns null if the session is known to be invalid, or new tokens otherwise (which, at the time of fetching, are guaranteed to be valid).\n   */\n  async fetchNewTokens(): Promise<{ accessToken: AccessToken, refreshToken: RefreshToken | null } | null> {\n    const accessToken = await this._getNewlyFetchedAccessToken();\n    return accessToken ? { accessToken, refreshToken: this._refreshToken } : null;\n  }\n\n  markAccessTokenExpired(accessToken: AccessToken) {\n    // TODO we don't need this anymore, since we now check the expiry by ourselves\n    if (this._accessToken.get() === accessToken) {\n      this._accessToken.set(null);\n    }\n  }\n\n  /**\n   * Note that a callback invocation with `null` does not mean the session has been invalidated; the access token may just have expired. Use `onInvalidate` to detect invalidation.\n   */\n  onAccessTokenChange(callback: (newAccessToken: AccessToken | null) => void): { unsubscribe: () => void } {\n    return this._accessToken.onChange(callback);\n  }\n\n  /**\n   * @returns An access token, which may be expired or expire soon, or null if it is known to be invalid.\n   */\n  private _getPotentiallyInvalidAccessTokenIfAvailable(): AccessToken | null {\n    if (!this._refreshToken) return null;\n    if (this.isKnownToBeInvalid()) return null;\n\n    const accessToken = this._accessToken.get();\n    if (accessToken && !accessToken.isExpired()) return accessToken;\n\n    return null;\n  }\n\n  /**\n   * You should prefer `_getOrFetchPotentiallyInvalidAccessToken` in almost all cases.\n   *\n   * @returns A newly fetched access token (never read from cache), or null if the session either does not represent a user or the session is invalid.\n   */\n  private async _getNewlyFetchedAccessToken(): Promise<AccessToken | null> {\n    if (!this._refreshToken) return null;\n    if (this._knownToBeInvalid.get()) return null;\n\n    if (!this._refreshPromise) {\n      this._refreshAndSetRefreshPromise(this._refreshToken);\n    }\n    return await this._refreshPromise;\n  }\n\n  private _refreshAndSetRefreshPromise(refreshToken: RefreshToken) {\n    let refreshPromise: Promise<AccessToken | null> = this._options.refreshAccessTokenCallback(refreshToken).then((accessToken) => {\n      if (refreshPromise === this._refreshPromise) {\n        this._refreshPromise = null;\n        this._accessToken.set(accessToken);\n        if (!accessToken) {\n          this.markInvalid();\n        }\n      }\n      return accessToken;\n    });\n    this._refreshPromise = refreshPromise;\n  }\n}\n"],"mappings":";AAAA,YAAY,UAAU;AACtB,SAAS,2BAA2B;AACpC,SAAS,aAAa;AAEf,IAAM,cAAN,MAAkB;AAAA,EACvB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,oBAAoB,sHAAsH;AAAA,IACtJ;AAAA,EACF;AAAA,EAEA,IAAI,UAAU;AACZ,WAAY,eAAU,KAAK,KAAK;AAAA,EAClC;AAAA,EAEA,IAAI,YAAkB;AACpB,UAAM,EAAE,IAAI,IAAI,KAAK;AACrB,QAAI,QAAQ,OAAW,QAAO,oBAAI,KAAK,MAAgB;AACvD,WAAO,IAAI,KAAK,MAAM,GAAI;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,kBAA0B;AAC5B,WAAO,KAAK,IAAI,GAAG,KAAK,UAAU,QAAQ,IAAI,KAAK,IAAI,CAAC;AAAA,EAC1D;AAAA,EAEA,YAAqB;AACnB,WAAO,KAAK,mBAAmB;AAAA,EACjC;AACF;AAEO,IAAM,eAAN,MAAmB;AAAA,EACxB,YACkB,OAChB;AADgB;AAEhB,QAAI,UAAU,aAAa;AACzB,YAAM,IAAI,oBAAoB,uHAAuH;AAAA,IACvJ;AAAA,EACF;AACF;AAOO,IAAM,kBAAN,MAAM,iBAAgB;AAAA,EA4B3B,YAA6B,UAI1B;AAJ0B;AAJ7B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,SAAQ,oBAAoB,IAAI,MAAe,KAAK;AAEpD,SAAQ,kBAAsD;AAO5D,SAAK,eAAe,IAAI,MAAM,SAAS,cAAc,IAAI,YAAY,SAAS,WAAW,IAAI,IAAI;AACjG,SAAK,gBAAgB,SAAS,eAAe,IAAI,aAAa,SAAS,YAAY,IAAI;AACvF,QAAI,SAAS,gBAAgB,QAAQ,SAAS,iBAAiB,MAAM;AAEnE,WAAK,kBAAkB,IAAI,IAAI;AAAA,IACjC;AACA,SAAK,aAAa,iBAAgB,oBAAoB,EAAE,aAAa,SAAS,eAAe,MAAM,cAAc,SAAS,aAAa,CAAC;AAAA,EAC1I;AAAA,EAEA,OAAO,oBAAoB,UAAgF;AACzG,QAAI,SAAS,cAAc;AACzB,aAAO,WAAW,SAAS,YAAY;AAAA,IACzC,WAAW,SAAS,aAAa;AAC/B,aAAO,UAAU,SAAS,WAAW;AAAA,IACvC,OAAO;AACL,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,qBAAqB;AACnB,WAAO,KAAK,kBAAkB,IAAI;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc;AACZ,SAAK,aAAa,IAAI,IAAI;AAC1B,SAAK,kBAAkB,IAAI,IAAI;AAAA,EACjC;AAAA,EAEA,aAAa,UAAmD;AAC9D,WAAO,KAAK,kBAAkB,SAAS,MAAM,SAAS,CAAC;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,4BAA4B,0BAAmH;AACnJ,QAAI,4BAA4B,KAAQ;AACtC,YAAM,IAAI,MAAM,gCAAgC,wBAAwB,0EAA0E;AAAA,IACpJ;AAEA,UAAM,cAAc,KAAK,6CAA6C;AACtE,QAAI,CAAC,eAAe,YAAY,kBAAkB,0BAA0B;AAC1E,YAAM,YAAY,MAAM,KAAK,eAAe;AAC5C,YAAM,kBAAkB,WAAW,YAAY;AAC/C,UAAI,mBAAmB,kBAAkB,0BAA0B;AACjE,cAAM,IAAI,oBAAoB,gCAAgC,wBAAwB,uEAAuE,eAAe,KAAK;AAAA,MACnL;AACA,aAAO;AAAA,IACT;AACA,WAAO,EAAE,aAAa,cAAc,KAAK,cAAc;AAAA,EACzD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,iBAAkG;AACtG,UAAM,cAAc,MAAM,KAAK,4BAA4B;AAC3D,WAAO,cAAc,EAAE,aAAa,cAAc,KAAK,cAAc,IAAI;AAAA,EAC3E;AAAA,EAEA,uBAAuB,aAA0B;AAE/C,QAAI,KAAK,aAAa,IAAI,MAAM,aAAa;AAC3C,WAAK,aAAa,IAAI,IAAI;AAAA,IAC5B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,oBAAoB,UAAqF;AACvG,WAAO,KAAK,aAAa,SAAS,QAAQ;AAAA,EAC5C;AAAA;AAAA;AAAA;AAAA,EAKQ,+CAAmE;AACzE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,mBAAmB,EAAG,QAAO;AAEtC,UAAM,cAAc,KAAK,aAAa,IAAI;AAC1C,QAAI,eAAe,CAAC,YAAY,UAAU,EAAG,QAAO;AAEpD,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,8BAA2D;AACvE,QAAI,CAAC,KAAK,cAAe,QAAO;AAChC,QAAI,KAAK,kBAAkB,IAAI,EAAG,QAAO;AAEzC,QAAI,CAAC,KAAK,iBAAiB;AACzB,WAAK,6BAA6B,KAAK,aAAa;AAAA,IACtD;AACA,WAAO,MAAM,KAAK;AAAA,EACpB;AAAA,EAEQ,6BAA6B,cAA4B;AAC/D,QAAI,iBAA8C,KAAK,SAAS,2BAA2B,YAAY,EAAE,KAAK,CAAC,gBAAgB;AAC7H,UAAI,mBAAmB,KAAK,iBAAiB;AAC3C,aAAK,kBAAkB;AACvB,aAAK,aAAa,IAAI,WAAW;AACjC,YAAI,CAAC,aAAa;AAChB,eAAK,YAAY;AAAA,QACnB;AAAA,MACF;AACA,aAAO;AAAA,IACT,CAAC;AACD,SAAK,kBAAkB;AAAA,EACzB;AACF;","names":[]}

package/dist/esm/utils/api-keys.js

@@ -0,0 +1,79 @@
+// src/utils/api-keys.tsx
+import crc32 from "crc/crc32";
+import { getBase32CharacterFromIndex } from "./bytes";
+import { generateSecureRandomString } from "./crypto";
+import { StackAssertionError } from "./errors";
+var STACK_AUTH_MARKER = "574ck4u7h";
+var API_KEY_LENGTHS = {
+  SECRET_PART: 45,
+  ID_PART: 32,
+  TYPE_PART: 4,
+  SCANNER: 1,
+  MARKER: 9,
+  CHECKSUM: 8
+};
+function createChecksumSync(checksummablePart) {
+  const data = new TextEncoder().encode(checksummablePart);
+  const calculated_checksum = crc32(data);
+  return calculated_checksum.toString(16).padStart(8, "0");
+}
+function createApiKeyParts(options) {
+  const { id, isPublic, isCloudVersion, type } = options;
+  const prefix = isPublic ? "pk" : "sk";
+  const scannerFlag = (isCloudVersion ? 0 : 1) + (isPublic ? 2 : 0) + /* version */
+  0;
+  const secretPart = generateSecureRandomString();
+  const idPart = id.replace(/-/g, "");
+  const scannerAndMarker = getBase32CharacterFromIndex(scannerFlag).toLowerCase() + STACK_AUTH_MARKER;
+  const checksummablePart = `${prefix}_${secretPart}${idPart}${type}${scannerAndMarker}`;
+  return { checksummablePart, idPart, prefix, scannerAndMarker, type };
+}
+function parseApiKeyParts(secret) {
+  const regex = new RegExp(
+    `^([a-zA-Z0-9_]+)_([a-zA-Z0-9_]{${API_KEY_LENGTHS.SECRET_PART}})([a-zA-Z0-9_]{${API_KEY_LENGTHS.ID_PART}})([a-zA-Z0-9_]{${API_KEY_LENGTHS.TYPE_PART}})([a-zA-Z0-9_]{${API_KEY_LENGTHS.SCANNER}})(${STACK_AUTH_MARKER})([a-zA-Z0-9_]{${API_KEY_LENGTHS.CHECKSUM}})$`
+    // checksum
+  );
+  const match = secret.match(regex);
+  if (!match) {
+    throw new StackAssertionError("Invalid API key format");
+  }
+  const [, prefix, secretPart, idPart, type, scannerFlag, marker, checksum] = match;
+  const isCloudVersion = parseInt(scannerFlag, 32) % 2 === 0;
+  const isPublic = (parseInt(scannerFlag, 32) & 2) !== 0;
+  const checksummablePart = `${prefix}_${secretPart}${idPart}${type}${scannerFlag}${marker}`;
+  const restored_id = idPart.replace(/(.{8})(.{4})(.{4})(.{4})(.{12})/, "$1-$2-$3-$4-$5");
+  if (!["user", "team"].includes(type)) {
+    throw new StackAssertionError("Invalid type");
+  }
+  return { checksummablePart, checksum, id: restored_id, isCloudVersion, isPublic, prefix, type };
+}
+function isApiKey(secret) {
+  return secret.includes("_") && secret.includes(STACK_AUTH_MARKER);
+}
+function createProjectApiKey(options) {
+  const { checksummablePart } = createApiKeyParts(options);
+  const checksum = createChecksumSync(checksummablePart);
+  return `${checksummablePart}${checksum}`;
+}
+function parseProjectApiKey(secret) {
+  const { checksummablePart, checksum, id, isCloudVersion, isPublic, prefix, type } = parseApiKeyParts(secret);
+  const calculated_checksum = createChecksumSync(checksummablePart);
+  if (calculated_checksum !== checksum) {
+    throw new StackAssertionError("Checksum mismatch");
+  }
+  return {
+    id,
+    prefix,
+    isPublic,
+    isCloudVersion,
+    secret,
+    checksum,
+    type
+  };
+}
+export {
+  createProjectApiKey,
+  isApiKey,
+  parseProjectApiKey
+};
+//# sourceMappingURL=api-keys.js.map

package/dist/esm/utils/api-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/api-keys.tsx"],"sourcesContent":["import crc32 from 'crc/crc32';\nimport { getBase32CharacterFromIndex } from \"./bytes\";\nimport { generateSecureRandomString } from \"./crypto\";\nimport { StackAssertionError } from \"./errors\";\n\n\nconst STACK_AUTH_MARKER = \"574ck4u7h\";\n\n// API key part lengths\nconst API_KEY_LENGTHS = {\n  SECRET_PART: 45,\n  ID_PART: 32,\n  TYPE_PART: 4,\n  SCANNER: 1,\n  MARKER: 9,\n  CHECKSUM: 8,\n} as const;\n\n/**\n * An api key has the following format:\n * <prefix_without_underscores>_<secret_part_45_chars><id_part_32_chars><type_user_or_team_4_chars><scanner_and_marker_10_chars><checksum_8_chars>\n *\n * The scanner and marker is a base32 character that is used to determine if the api key is a public or private key\n * and if it is a cloud or self-hosted key.\n *\n * The checksum is a crc32 checksum of the api key encoded in hex.\n *\n */\n\ntype ProjectApiKey = {\n  id: string,\n  prefix: string,\n  isPublic: boolean,\n  isCloudVersion: boolean,\n  secret: string,\n  checksum: string,\n  type: \"user\" | \"team\",\n}\n\n\nfunction createChecksumSync(checksummablePart: string): string {\n  const data = new TextEncoder().encode(checksummablePart);\n  const calculated_checksum = crc32(data);\n  return calculated_checksum.toString(16).padStart(8, \"0\");\n}\n\nfunction createApiKeyParts(options: Pick<ProjectApiKey, \"id\" | \"isPublic\" | \"isCloudVersion\" | \"type\">) {\n  const { id, isPublic, isCloudVersion, type } = options;\n  const prefix = isPublic ? \"pk\" : \"sk\";\n  const scannerFlag = (isCloudVersion ? 0 : 1) + (isPublic ? 2 : 0) + (/* version */ 0);\n\n  const secretPart = generateSecureRandomString();\n  const idPart = id.replace(/-/g, \"\");\n  const scannerAndMarker = getBase32CharacterFromIndex(scannerFlag).toLowerCase() + STACK_AUTH_MARKER;\n  const checksummablePart = `${prefix}_${secretPart}${idPart}${type}${scannerAndMarker}`;\n\n  return { checksummablePart, idPart, prefix, scannerAndMarker, type };\n}\n\n\nfunction parseApiKeyParts(secret: string) {\n  const regex = new RegExp(\n    `^([a-zA-Z0-9_]+)_` + // prefix\n    `([a-zA-Z0-9_]{${API_KEY_LENGTHS.SECRET_PART}})` + // secretPart\n    `([a-zA-Z0-9_]{${API_KEY_LENGTHS.ID_PART}})` + // idPart\n    `([a-zA-Z0-9_]{${API_KEY_LENGTHS.TYPE_PART}})` + // type\n    `([a-zA-Z0-9_]{${API_KEY_LENGTHS.SCANNER}})` + // scanner\n    `(${STACK_AUTH_MARKER})` + // marker\n    `([a-zA-Z0-9_]{${API_KEY_LENGTHS.CHECKSUM}})$` // checksum\n  );\n\n  const match = secret.match(regex);\n  if (!match) {\n    throw new StackAssertionError(\"Invalid API key format\");\n  }\n\n  const [, prefix, secretPart, idPart, type, scannerFlag, marker, checksum] = match;\n\n  const isCloudVersion = parseInt(scannerFlag, 32) % 2 === 0;\n  const isPublic = (parseInt(scannerFlag, 32) & 2) !== 0;\n\n  const checksummablePart = `${prefix}_${secretPart}${idPart}${type}${scannerFlag}${marker}`;\n  const restored_id = idPart.replace(/(.{8})(.{4})(.{4})(.{4})(.{12})/, \"$1-$2-$3-$4-$5\");\n\n  if (![\"user\", \"team\"].includes(type)) {\n    throw new StackAssertionError(\"Invalid type\");\n  }\n\n  return { checksummablePart, checksum, id: restored_id, isCloudVersion, isPublic, prefix, type: type as \"user\" | \"team\" };\n}\n\n\nexport function isApiKey(secret: string): boolean {\n  return secret.includes(\"_\") && secret.includes(STACK_AUTH_MARKER);\n}\n\nexport function createProjectApiKey(options: Pick<ProjectApiKey, \"id\" | \"isPublic\" | \"isCloudVersion\" | \"type\">): string {\n  const { checksummablePart } = createApiKeyParts(options);\n  const checksum = createChecksumSync(checksummablePart);\n  return `${checksummablePart}${checksum}`;\n}\n\n\nexport function parseProjectApiKey(secret: string): ProjectApiKey {\n  const { checksummablePart, checksum, id, isCloudVersion, isPublic, prefix, type } = parseApiKeyParts(secret);\n  const calculated_checksum = createChecksumSync(checksummablePart);\n\n  if (calculated_checksum !== checksum) {\n    throw new StackAssertionError(\"Checksum mismatch\");\n  }\n\n  return {\n    id,\n    prefix,\n    isPublic,\n    isCloudVersion,\n    secret,\n    checksum,\n    type,\n  };\n}\n\n"],"mappings":";AAAA,OAAO,WAAW;AAClB,SAAS,mCAAmC;AAC5C,SAAS,kCAAkC;AAC3C,SAAS,2BAA2B;AAGpC,IAAM,oBAAoB;AAG1B,IAAM,kBAAkB;AAAA,EACtB,aAAa;AAAA,EACb,SAAS;AAAA,EACT,WAAW;AAAA,EACX,SAAS;AAAA,EACT,QAAQ;AAAA,EACR,UAAU;AACZ;AAwBA,SAAS,mBAAmB,mBAAmC;AAC7D,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,iBAAiB;AACvD,QAAM,sBAAsB,MAAM,IAAI;AACtC,SAAO,oBAAoB,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG;AACzD;AAEA,SAAS,kBAAkB,SAA6E;AACtG,QAAM,EAAE,IAAI,UAAU,gBAAgB,KAAK,IAAI;AAC/C,QAAM,SAAS,WAAW,OAAO;AACjC,QAAM,eAAe,iBAAiB,IAAI,MAAM,WAAW,IAAI;AAAA,EAAoB;AAEnF,QAAM,aAAa,2BAA2B;AAC9C,QAAM,SAAS,GAAG,QAAQ,MAAM,EAAE;AAClC,QAAM,mBAAmB,4BAA4B,WAAW,EAAE,YAAY,IAAI;AAClF,QAAM,oBAAoB,GAAG,MAAM,IAAI,UAAU,GAAG,MAAM,GAAG,IAAI,GAAG,gBAAgB;AAEpF,SAAO,EAAE,mBAAmB,QAAQ,QAAQ,kBAAkB,KAAK;AACrE;AAGA,SAAS,iBAAiB,QAAgB;AACxC,QAAM,QAAQ,IAAI;AAAA,IAChB,kCACiB,gBAAgB,WAAW,mBAC3B,gBAAgB,OAAO,mBACvB,gBAAgB,SAAS,mBACzB,gBAAgB,OAAO,MACpC,iBAAiB,kBACJ,gBAAgB,QAAQ;AAAA;AAAA,EAC3C;AAEA,QAAM,QAAQ,OAAO,MAAM,KAAK;AAChC,MAAI,CAAC,OAAO;AACV,UAAM,IAAI,oBAAoB,wBAAwB;AAAA,EACxD;AAEA,QAAM,CAAC,EAAE,QAAQ,YAAY,QAAQ,MAAM,aAAa,QAAQ,QAAQ,IAAI;AAE5E,QAAM,iBAAiB,SAAS,aAAa,EAAE,IAAI,MAAM;AACzD,QAAM,YAAY,SAAS,aAAa,EAAE,IAAI,OAAO;AAErD,QAAM,oBAAoB,GAAG,MAAM,IAAI,UAAU,GAAG,MAAM,GAAG,IAAI,GAAG,WAAW,GAAG,MAAM;AACxF,QAAM,cAAc,OAAO,QAAQ,mCAAmC,gBAAgB;AAEtF,MAAI,CAAC,CAAC,QAAQ,MAAM,EAAE,SAAS,IAAI,GAAG;AACpC,UAAM,IAAI,oBAAoB,cAAc;AAAA,EAC9C;AAEA,SAAO,EAAE,mBAAmB,UAAU,IAAI,aAAa,gBAAgB,UAAU,QAAQ,KAA8B;AACzH;AAGO,SAAS,SAAS,QAAyB;AAChD,SAAO,OAAO,SAAS,GAAG,KAAK,OAAO,SAAS,iBAAiB;AAClE;AAEO,SAAS,oBAAoB,SAAqF;AACvH,QAAM,EAAE,kBAAkB,IAAI,kBAAkB,OAAO;AACvD,QAAM,WAAW,mBAAmB,iBAAiB;AACrD,SAAO,GAAG,iBAAiB,GAAG,QAAQ;AACxC;AAGO,SAAS,mBAAmB,QAA+B;AAChE,QAAM,EAAE,mBAAmB,UAAU,IAAI,gBAAgB,UAAU,QAAQ,KAAK,IAAI,iBAAiB,MAAM;AAC3G,QAAM,sBAAsB,mBAAmB,iBAAiB;AAEhE,MAAI,wBAAwB,UAAU;AACpC,UAAM,IAAI,oBAAoB,mBAAmB;AAAA,EACnD;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/esm/utils/arrays.js

@@ -0,0 +1,78 @@
+// src/utils/arrays.tsx
+import { remainder } from "./math";
+function typedIncludes(arr, item) {
+  return arr.includes(item);
+}
+function enumerate(arr) {
+  return arr.map((item, index) => [index, item]);
+}
+function isShallowEqual(a, b) {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+function findLastIndex(arr, predicate) {
+  for (let i = arr.length - 1; i >= 0; i--) {
+    if (predicate(arr[i])) return i;
+  }
+  return -1;
+}
+function groupBy(arr, key) {
+  const result = /* @__PURE__ */ new Map();
+  for (const item of arr) {
+    const k = key(item);
+    if (result.get(k) === void 0) result.set(k, []);
+    result.get(k).push(item);
+  }
+  return result;
+}
+function range(startInclusive, endExclusive, step) {
+  if (endExclusive === void 0) {
+    endExclusive = startInclusive;
+    startInclusive = 0;
+  }
+  if (step === void 0) step = 1;
+  const result = [];
+  for (let i = startInclusive; step > 0 ? i < endExclusive : i > endExclusive; i += step) {
+    result.push(i);
+  }
+  return result;
+}
+function rotateLeft(arr, n) {
+  if (arr.length === 0) return [];
+  const index = remainder(n, arr.length);
+  return [...arr.slice(index), ...arr.slice(0, index)];
+}
+function rotateRight(arr, n) {
+  return rotateLeft(arr, -n);
+}
+function shuffle(arr) {
+  const result = [...arr];
+  for (let i = result.length - 1; i > 0; i--) {
+    const j = Math.floor(Math.random() * (i + 1));
+    [result[i], result[j]] = [result[j], result[i]];
+  }
+  return result;
+}
+function outerProduct(arr1, arr2) {
+  return arr1.flatMap((item1) => arr2.map((item2) => [item1, item2]));
+}
+function unique(arr) {
+  return [...new Set(arr)];
+}
+export {
+  enumerate,
+  findLastIndex,
+  groupBy,
+  isShallowEqual,
+  outerProduct,
+  range,
+  rotateLeft,
+  rotateRight,
+  shuffle,
+  typedIncludes,
+  unique
+};
+//# sourceMappingURL=arrays.js.map

package/dist/esm/utils/arrays.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/arrays.tsx"],"sourcesContent":["import { remainder } from \"./math\";\n\nexport function typedIncludes<T extends readonly any[]>(arr: T, item: unknown): item is T[number] {\n  return arr.includes(item);\n}\nundefined?.test(\"typedIncludes\", ({ expect }) => {\n  const arr = [1, 2, 3] as const;\n  expect(typedIncludes(arr, 1)).toBe(true);\n  expect(typedIncludes(arr, 4)).toBe(false);\n  expect(typedIncludes(arr, \"1\")).toBe(false);\n\n  const strArr = [\"a\", \"b\", \"c\"] as const;\n  expect(typedIncludes(strArr, \"a\")).toBe(true);\n  expect(typedIncludes(strArr, \"d\")).toBe(false);\n});\n\nexport function enumerate<T extends readonly any[]>(arr: T): [number, T[number]][] {\n  return arr.map((item, index) => [index, item]);\n}\nundefined?.test(\"enumerate\", ({ expect }) => {\n  expect(enumerate([])).toEqual([]);\n  expect(enumerate([1, 2, 3])).toEqual([[0, 1], [1, 2], [2, 3]]);\n  expect(enumerate([\"a\", \"b\", \"c\"])).toEqual([[0, \"a\"], [1, \"b\"], [2, \"c\"]]);\n});\n\nexport function isShallowEqual(a: readonly any[], b: readonly any[]): boolean {\n  if (a.length !== b.length) return false;\n  for (let i = 0; i < a.length; i++) {\n    if (a[i] !== b[i]) return false;\n  }\n  return true;\n}\nundefined?.test(\"isShallowEqual\", ({ expect }) => {\n  expect(isShallowEqual([], [])).toBe(true);\n  expect(isShallowEqual([1, 2, 3], [1, 2, 3])).toBe(true);\n  expect(isShallowEqual([1, 2, 3], [1, 2, 4])).toBe(false);\n  expect(isShallowEqual([1, 2, 3], [1, 2])).toBe(false);\n  expect(isShallowEqual([1, 2], [1, 2, 3])).toBe(false);\n  // Test with objects (reference equality)\n  const obj1 = { a: 1 };\n  const obj2 = { a: 1 };\n  expect(isShallowEqual([obj1], [obj1])).toBe(true);\n  expect(isShallowEqual([obj1], [obj2])).toBe(false);\n});\n\n/**\n * Ponyfill for ES2023's findLastIndex.\n */\nexport function findLastIndex<T>(arr: readonly T[], predicate: (item: T) => boolean): number {\n  for (let i = arr.length - 1; i >= 0; i--) {\n    if (predicate(arr[i])) return i;\n  }\n  return -1;\n}\nundefined?.test(\"findLastIndex\", ({ expect }) => {\n  expect(findLastIndex([], () => true)).toBe(-1);\n  expect(findLastIndex([1, 2, 3, 4, 5], x => x % 2 === 0)).toBe(3); // 4 is at index 3\n  expect(findLastIndex([1, 2, 3, 4, 5], x => x > 10)).toBe(-1);\n  expect(findLastIndex([1, 2, 3, 2, 1], x => x === 2)).toBe(3);\n  expect(findLastIndex([1, 2, 3], x => x === 1)).toBe(0);\n});\n\nexport function groupBy<T extends any, K>(\n  arr: Iterable<T>,\n  key: (item: T) => K,\n): Map<K, T[]> {\n  const result = new Map<K, T[]>;\n  for (const item of arr) {\n    const k = key(item);\n    if (result.get(k) === undefined) result.set(k, []);\n    result.get(k)!.push(item);\n  }\n  return result;\n}\nundefined?.test(\"groupBy\", ({ expect }) => {\n  expect(groupBy([], (x) => x)).toEqual(new Map());\n\n  const numbers = [1, 2, 3, 4, 5, 6];\n  const grouped = groupBy(numbers, (n) => n % 2 === 0 ? \"even\" : \"odd\");\n  expect(grouped.get(\"even\")).toEqual([2, 4, 6]);\n  expect(grouped.get(\"odd\")).toEqual([1, 3, 5]);\n\n  // Check the actual lengths of the words to ensure our test is correct\n  const words = [\"apple\", \"banana\", \"cherry\", \"date\", \"elderberry\"];\n\n  const byLength = groupBy(words, (w) => w.length);\n  // Adjust expectations based on actual word lengths\n  expect(byLength.get(5)).toEqual([\"apple\"]);\n  expect(byLength.get(6)).toEqual([\"banana\", \"cherry\"]);\n  expect(byLength.get(4)).toEqual([\"date\"]);\n  expect(byLength.get(10)).toEqual([\"elderberry\"]);\n});\n\nexport function range(endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number): number[];\nexport function range(startInclusive: number, endExclusive: number, step: number): number[];\nexport function range(startInclusive: number, endExclusive?: number, step?: number): number[] {\n  if (endExclusive === undefined) {\n    endExclusive = startInclusive;\n    startInclusive = 0;\n  }\n  if (step === undefined) step = 1;\n\n  const result = [];\n  for (let i = startInclusive; step > 0 ? (i < endExclusive) : (i > endExclusive); i += step) {\n    result.push(i);\n  }\n  return result;\n}\nundefined?.test(\"range\", ({ expect }) => {\n  expect(range(5)).toEqual([0, 1, 2, 3, 4]);\n  expect(range(2, 5)).toEqual([2, 3, 4]);\n  expect(range(1, 10, 2)).toEqual([1, 3, 5, 7, 9]);\n  expect(range(5, 0, -1)).toEqual([5, 4, 3, 2, 1]);\n  expect(range(0, 0)).toEqual([]);\n  expect(range(0, 10, 3)).toEqual([0, 3, 6, 9]);\n});\n\n\nexport function rotateLeft(arr: readonly any[], n: number): any[] {\n  if (arr.length === 0) return [];\n  const index = remainder(n, arr.length);\n  return [...arr.slice(index), ...arr.slice(0, index)];\n}\nundefined?.test(\"rotateLeft\", ({ expect }) => {\n  expect(rotateLeft([], 1)).toEqual([]);\n  expect(rotateLeft([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n  expect(rotateLeft([1, 2, 3, 4, 5], 1)).toEqual([2, 3, 4, 5, 1]);\n  expect(rotateLeft([1, 2, 3, 4, 5], 3)).toEqual([4, 5, 1, 2, 3]);\n  expect(rotateLeft([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n  expect(rotateLeft([1, 2, 3, 4, 5], 6)).toEqual([2, 3, 4, 5, 1]);\n});\n\nexport function rotateRight(arr: readonly any[], n: number): any[] {\n  return rotateLeft(arr, -n);\n}\nundefined?.test(\"rotateRight\", ({ expect }) => {\n  expect(rotateRight([], 1)).toEqual([]);\n  expect(rotateRight([1, 2, 3, 4, 5], 0)).toEqual([1, 2, 3, 4, 5]);\n  expect(rotateRight([1, 2, 3, 4, 5], 1)).toEqual([5, 1, 2, 3, 4]);\n  expect(rotateRight([1, 2, 3, 4, 5], 3)).toEqual([3, 4, 5, 1, 2]);\n  expect(rotateRight([1, 2, 3, 4, 5], 5)).toEqual([1, 2, 3, 4, 5]);\n  expect(rotateRight([1, 2, 3, 4, 5], 6)).toEqual([5, 1, 2, 3, 4]);\n});\n\n\nexport function shuffle<T>(arr: readonly T[]): T[] {\n  const result = [...arr];\n  for (let i = result.length - 1; i > 0; i--) {\n    const j = Math.floor(Math.random() * (i + 1));\n    [result[i], result[j]] = [result[j], result[i]];\n  }\n  return result;\n}\nundefined?.test(\"shuffle\", ({ expect }) => {\n  // Test empty array\n  expect(shuffle([])).toEqual([]);\n\n  // Test single element array\n  expect(shuffle([1])).toEqual([1]);\n\n  // Test that shuffle returns a new array\n  const original = [1, 2, 3, 4, 5];\n  const shuffled = shuffle(original);\n  expect(shuffled).not.toBe(original);\n\n  // Test that all elements are preserved\n  expect(shuffled.sort((a, b) => a - b)).toEqual(original);\n\n  // Test with a larger array to ensure randomness\n  // This is a probabilistic test, but it's very unlikely to fail\n  const large = Array.from({ length: 100 }, (_, i) => i);\n  const shuffledLarge = shuffle(large);\n  expect(shuffledLarge).not.toEqual(large);\n  expect(shuffledLarge.sort((a, b) => a - b)).toEqual(large);\n});\n\n\nexport function outerProduct<T, U>(arr1: readonly T[], arr2: readonly U[]): [T, U][] {\n  return arr1.flatMap((item1) => arr2.map((item2) => [item1, item2] as [T, U]));\n}\nundefined?.test(\"outerProduct\", ({ expect }) => {\n  expect(outerProduct([], [])).toEqual([]);\n  expect(outerProduct([1], [])).toEqual([]);\n  expect(outerProduct([], [1])).toEqual([]);\n  expect(outerProduct([1], [2])).toEqual([[1, 2]]);\n  expect(outerProduct([1, 2], [3, 4])).toEqual([[1, 3], [1, 4], [2, 3], [2, 4]]);\n  expect(outerProduct([\"a\", \"b\"], [1, 2])).toEqual([[\"a\", 1], [\"a\", 2], [\"b\", 1], [\"b\", 2]]);\n});\n\nexport function unique<T>(arr: readonly T[]): T[] {\n  return [...new Set(arr)];\n}\nundefined?.test(\"unique\", ({ expect }) => {\n  expect(unique([])).toEqual([]);\n  expect(unique([1, 2, 3])).toEqual([1, 2, 3]);\n  expect(unique([1, 2, 2, 3, 1, 3])).toEqual([1, 2, 3]);\n  // Test with objects (reference equality)\n  const obj = { a: 1 };\n  expect(unique([obj, obj])).toEqual([obj]);\n  // Test with different types\n  expect(unique([1, \"1\", true, 1, \"1\", true])).toEqual([1, \"1\", true]);\n});\n"],"mappings":";AAAA,SAAS,iBAAiB;AAEnB,SAAS,cAAwC,KAAQ,MAAkC;AAChG,SAAO,IAAI,SAAS,IAAI;AAC1B;AAYO,SAAS,UAAoC,KAA+B;AACjF,SAAO,IAAI,IAAI,CAAC,MAAM,UAAU,CAAC,OAAO,IAAI,CAAC;AAC/C;AAOO,SAAS,eAAe,GAAmB,GAA4B;AAC5E,MAAI,EAAE,WAAW,EAAE,OAAQ,QAAO;AAClC,WAAS,IAAI,GAAG,IAAI,EAAE,QAAQ,KAAK;AACjC,QAAI,EAAE,CAAC,MAAM,EAAE,CAAC,EAAG,QAAO;AAAA,EAC5B;AACA,SAAO;AACT;AAiBO,SAAS,cAAiB,KAAmB,WAAyC;AAC3F,WAAS,IAAI,IAAI,SAAS,GAAG,KAAK,GAAG,KAAK;AACxC,QAAI,UAAU,IAAI,CAAC,CAAC,EAAG,QAAO;AAAA,EAChC;AACA,SAAO;AACT;AASO,SAAS,QACd,KACA,KACa;AACb,QAAM,SAAS,oBAAI;AACnB,aAAW,QAAQ,KAAK;AACtB,UAAM,IAAI,IAAI,IAAI;AAClB,QAAI,OAAO,IAAI,CAAC,MAAM,OAAW,QAAO,IAAI,GAAG,CAAC,CAAC;AACjD,WAAO,IAAI,CAAC,EAAG,KAAK,IAAI;AAAA,EAC1B;AACA,SAAO;AACT;AAuBO,SAAS,MAAM,gBAAwB,cAAuB,MAAyB;AAC5F,MAAI,iBAAiB,QAAW;AAC9B,mBAAe;AACf,qBAAiB;AAAA,EACnB;AACA,MAAI,SAAS,OAAW,QAAO;AAE/B,QAAM,SAAS,CAAC;AAChB,WAAS,IAAI,gBAAgB,OAAO,IAAK,IAAI,eAAiB,IAAI,cAAe,KAAK,MAAM;AAC1F,WAAO,KAAK,CAAC;AAAA,EACf;AACA,SAAO;AACT;AAWO,SAAS,WAAW,KAAqB,GAAkB;AAChE,MAAI,IAAI,WAAW,EAAG,QAAO,CAAC;AAC9B,QAAM,QAAQ,UAAU,GAAG,IAAI,MAAM;AACrC,SAAO,CAAC,GAAG,IAAI,MAAM,KAAK,GAAG,GAAG,IAAI,MAAM,GAAG,KAAK,CAAC;AACrD;AAUO,SAAS,YAAY,KAAqB,GAAkB;AACjE,SAAO,WAAW,KAAK,CAAC,CAAC;AAC3B;AAWO,SAAS,QAAW,KAAwB;AACjD,QAAM,SAAS,CAAC,GAAG,GAAG;AACtB,WAAS,IAAI,OAAO,SAAS,GAAG,IAAI,GAAG,KAAK;AAC1C,UAAM,IAAI,KAAK,MAAM,KAAK,OAAO,KAAK,IAAI,EAAE;AAC5C,KAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AAAA,EAChD;AACA,SAAO;AACT;AAyBO,SAAS,aAAmB,MAAoB,MAA8B;AACnF,SAAO,KAAK,QAAQ,CAAC,UAAU,KAAK,IAAI,CAAC,UAAU,CAAC,OAAO,KAAK,CAAW,CAAC;AAC9E;AAUO,SAAS,OAAU,KAAwB;AAChD,SAAO,CAAC,GAAG,IAAI,IAAI,GAAG,CAAC;AACzB;","names":[]}

package/dist/esm/utils/base64.js

@@ -0,0 +1,18 @@
+// src/utils/base64.tsx
+function fileToBase64(file) {
+  return new Promise((resolve, reject) => {
+    const reader = new FileReader();
+    reader.readAsDataURL(file);
+    reader.onload = () => resolve(reader.result);
+    reader.onerror = (error) => reject(error);
+  });
+}
+function validateBase64Image(base64) {
+  const base64ImageRegex = /^data:image\/(png|jpg|jpeg|gif|bmp|webp);base64,[A-Za-z0-9+/]+={0,2}$|^[A-Za-z0-9+/]+={0,2}$/;
+  return base64ImageRegex.test(base64);
+}
+export {
+  fileToBase64,
+  validateBase64Image
+};
+//# sourceMappingURL=base64.js.map

package/dist/esm/utils/base64.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/base64.tsx"],"sourcesContent":["export function fileToBase64(file: File): Promise<string> {\n  return new Promise((resolve, reject) => {\n    const reader = new FileReader();\n    reader.readAsDataURL(file);\n    reader.onload = () => resolve(reader.result as string);\n    reader.onerror = error => reject(error);\n  });\n}\n\nexport function validateBase64Image(base64: string): boolean {\n  const base64ImageRegex = /^data:image\\/(png|jpg|jpeg|gif|bmp|webp);base64,[A-Za-z0-9+/]+={0,2}$|^[A-Za-z0-9+/]+={0,2}$/;\n  return base64ImageRegex.test(base64);\n}\nundefined?.test(\"validateBase64Image\", ({ expect }) => {\n  // Valid base64 image strings\n  expect(validateBase64Image(\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mP8z8BQDwAEhQGAhKmMIQAAAABJRU5ErkJggg==\")).toBe(true);\n  expect(validateBase64Image(\"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBA\")).toBe(true);\n  expect(validateBase64Image(\"ABC123\")).toBe(true);\n  // Invalid base64 image strings\n  expect(validateBase64Image(\"data:text/plain;base64,SGVsbG8gV29ybGQ=\")).toBe(false);\n  expect(validateBase64Image(\"data:image/png;base64,invalid!base64\")).toBe(false);\n  expect(validateBase64Image(\"not a base64 string\")).toBe(false);\n  expect(validateBase64Image(\"\")).toBe(false);\n});\n"],"mappings":";AAAO,SAAS,aAAa,MAA6B;AACxD,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAM,SAAS,IAAI,WAAW;AAC9B,WAAO,cAAc,IAAI;AACzB,WAAO,SAAS,MAAM,QAAQ,OAAO,MAAgB;AACrD,WAAO,UAAU,WAAS,OAAO,KAAK;AAAA,EACxC,CAAC;AACH;AAEO,SAAS,oBAAoB,QAAyB;AAC3D,QAAM,mBAAmB;AACzB,SAAO,iBAAiB,KAAK,MAAM;AACrC;","names":[]}

package/dist/esm/utils/booleans.js

@@ -0,0 +1,12 @@
+// src/utils/booleans.tsx
+function isTruthy(value) {
+  return !!value;
+}
+function isFalsy(value) {
+  return !value;
+}
+export {
+  isFalsy,
+  isTruthy
+};
+//# sourceMappingURL=booleans.js.map

package/dist/esm/utils/booleans.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/booleans.tsx"],"sourcesContent":["export type Truthy<T> = T extends null | undefined | 0 | \"\" | false ? false : true;\nexport type Falsy<T> = T extends null | undefined | 0 | \"\" | false ? true : false;\n\nexport function isTruthy<T>(value: T): value is T & Truthy<T> {\n  return !!value;\n}\nundefined?.test(\"isTruthy\", ({ expect }) => {\n  expect(isTruthy(true)).toBe(true);\n  expect(isTruthy(1)).toBe(true);\n  expect(isTruthy(\"hello\")).toBe(true);\n  expect(isTruthy({})).toBe(true);\n  expect(isTruthy([])).toBe(true);\n  expect(isTruthy(false)).toBe(false);\n  expect(isTruthy(0)).toBe(false);\n  expect(isTruthy(\"\")).toBe(false);\n  expect(isTruthy(null)).toBe(false);\n  expect(isTruthy(undefined)).toBe(false);\n});\n\nexport function isFalsy<T>(value: T): value is T & Falsy<T> {\n  return !value;\n}\nundefined?.test(\"isFalsy\", ({ expect }) => {\n  expect(isFalsy(false)).toBe(true);\n  expect(isFalsy(0)).toBe(true);\n  expect(isFalsy(\"\")).toBe(true);\n  expect(isFalsy(null)).toBe(true);\n  expect(isFalsy(undefined)).toBe(true);\n  expect(isFalsy(true)).toBe(false);\n  expect(isFalsy(1)).toBe(false);\n  expect(isFalsy(\"hello\")).toBe(false);\n  expect(isFalsy({})).toBe(false);\n  expect(isFalsy([])).toBe(false);\n});\n"],"mappings":";AAGO,SAAS,SAAY,OAAkC;AAC5D,SAAO,CAAC,CAAC;AACX;AAcO,SAAS,QAAW,OAAiC;AAC1D,SAAO,CAAC;AACV;","names":[]}

package/dist/esm/utils/browser-compat.js

@@ -0,0 +1,21 @@
+// src/utils/browser-compat.tsx
+function getBrowserCompatibilityReport() {
+  const test = (snippet) => {
+    try {
+      (0, eval)(snippet);
+      return true;
+    } catch (e) {
+      return `FAILED: ${e}`;
+    }
+  };
+  return {
+    optionalChaining: test("({})?.b?.c"),
+    nullishCoalescing: test("0 ?? 1"),
+    weakRef: test("new WeakRef({})"),
+    cryptoUuid: test("crypto.randomUUID()")
+  };
+}
+export {
+  getBrowserCompatibilityReport
+};
+//# sourceMappingURL=browser-compat.js.map

package/dist/esm/utils/browser-compat.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/browser-compat.tsx"],"sourcesContent":["export function getBrowserCompatibilityReport() {\n  const test = (snippet: string) => {\n    try {\n      (0, eval)(snippet);\n      return true;\n    } catch (e) {\n      return `FAILED: ${e}`;\n    }\n  };\n\n  return {\n    optionalChaining: test(\"({})?.b?.c\"),\n    nullishCoalescing: test(\"0 ?? 1\"),\n    weakRef: test(\"new WeakRef({})\"),\n    cryptoUuid: test(\"crypto.randomUUID()\"),\n  };\n}\n"],"mappings":";AAAO,SAAS,gCAAgC;AAC9C,QAAM,OAAO,CAAC,YAAoB;AAChC,QAAI;AACF,OAAC,GAAG,MAAM,OAAO;AACjB,aAAO;AAAA,IACT,SAAS,GAAG;AACV,aAAO,WAAW,CAAC;AAAA,IACrB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,kBAAkB,KAAK,YAAY;AAAA,IACnC,mBAAmB,KAAK,QAAQ;AAAA,IAChC,SAAS,KAAK,iBAAiB;AAAA,IAC/B,YAAY,KAAK,qBAAqB;AAAA,EACxC;AACF;","names":[]}