@tern-secure/auth 1.0.0

package/dist/cjs/utils/querystring.js

@@ -0,0 +1,70 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var querystring_exports = {};
+__export(querystring_exports, {
+  getQueryParams: () => getQueryParams,
+  stringifyQueryParams: () => stringifyQueryParams
+});
+module.exports = __toCommonJS(querystring_exports);
+const getQueryParams = (queryString) => {
+  const queryParamsObject = {};
+  const queryParams = new URLSearchParams(queryString);
+  queryParams.forEach((value, key) => {
+    if (key in queryParamsObject) {
+      const existingValue = queryParamsObject[key];
+      if (Array.isArray(existingValue)) {
+        existingValue.push(value);
+      } else {
+        queryParamsObject[key] = [existingValue, value];
+      }
+    } else {
+      queryParamsObject[key] = value;
+    }
+  });
+  return queryParamsObject;
+};
+const stringifyQueryParams = (params, opts = {}) => {
+  if (params === null || params === void 0) {
+    return "";
+  }
+  if (!params || typeof params !== "object") {
+    return "";
+  }
+  const queryParams = new URLSearchParams();
+  Object.keys(params).forEach((key) => {
+    const encodedKey = opts.keyEncoder ? opts.keyEncoder(key) : key;
+    const value = params[key];
+    if (Array.isArray(value)) {
+      value.forEach((v) => v !== void 0 && queryParams.append(encodedKey, v || ""));
+    } else if (value === void 0) {
+      return;
+    } else if (typeof value === "object" && value !== null) {
+      queryParams.append(encodedKey, JSON.stringify(value));
+    } else {
+      queryParams.append(encodedKey, String(value ?? ""));
+    }
+  });
+  return queryParams.toString();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getQueryParams,
+  stringifyQueryParams
+});
+//# sourceMappingURL=querystring.js.map

package/dist/cjs/utils/querystring.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/querystring.ts"],"sourcesContent":["export const getQueryParams = (queryString: string) => {\n  const queryParamsObject: { [key: string]: string | string[] } = {};\n  const queryParams = new URLSearchParams(queryString);\n  queryParams.forEach((value, key) => {\n    if (key in queryParamsObject) {\n      // If the key already exists, we need to handle it as an array\n      const existingValue = queryParamsObject[key];\n      if (Array.isArray(existingValue)) {\n        existingValue.push(value);\n      } else {\n        queryParamsObject[key] = [existingValue, value];\n      }\n    } else {\n      queryParamsObject[key] = value;\n    }\n  });\n  return queryParamsObject as Record<string, string>;\n};\n\ntype StringifyQueryParamsOptions = {\n  keyEncoder?: (key: string) => string;\n};\n\nexport const stringifyQueryParams = (\n  params:\n    | Record<string, string | undefined | null | object | boolean | Array<string | undefined | null>>\n    | null\n    | undefined\n    | string,\n  opts: StringifyQueryParamsOptions = {},\n) => {\n  if (params === null || params === undefined) {\n    return '';\n  }\n  if (!params || typeof params !== 'object') {\n    return '';\n  }\n\n  const queryParams = new URLSearchParams();\n\n  Object.keys(params).forEach(key => {\n    const encodedKey = opts.keyEncoder ? opts.keyEncoder(key) : key;\n    const value = params[key];\n    if (Array.isArray(value)) {\n      value.forEach(v => v !== undefined && queryParams.append(encodedKey, v || ''));\n    } else if (value === undefined) {\n      return;\n    } else if (typeof value === 'object' && value !== null) {\n      queryParams.append(encodedKey, JSON.stringify(value));\n    } else {\n      queryParams.append(encodedKey, String(value ?? ''));\n    }\n  });\n\n  return queryParams.toString();\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAO,MAAM,iBAAiB,CAAC,gBAAwB;AACrD,QAAM,oBAA0D,CAAC;AACjE,QAAM,cAAc,IAAI,gBAAgB,WAAW;AACnD,cAAY,QAAQ,CAAC,OAAO,QAAQ;AAClC,QAAI,OAAO,mBAAmB;AAE5B,YAAM,gBAAgB,kBAAkB,GAAG;AAC3C,UAAI,MAAM,QAAQ,aAAa,GAAG;AAChC,sBAAc,KAAK,KAAK;AAAA,MAC1B,OAAO;AACL,0BAAkB,GAAG,IAAI,CAAC,eAAe,KAAK;AAAA,MAChD;AAAA,IACF,OAAO;AACL,wBAAkB,GAAG,IAAI;AAAA,IAC3B;AAAA,EACF,CAAC;AACD,SAAO;AACT;AAMO,MAAM,uBAAuB,CAClC,QAKA,OAAoC,CAAC,MAClC;AACH,MAAI,WAAW,QAAQ,WAAW,QAAW;AAC3C,WAAO;AAAA,EACT;AACA,MAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc,IAAI,gBAAgB;AAExC,SAAO,KAAK,MAAM,EAAE,QAAQ,SAAO;AACjC,UAAM,aAAa,KAAK,aAAa,KAAK,WAAW,GAAG,IAAI;AAC5D,UAAM,QAAQ,OAAO,GAAG;AACxB,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAM,QAAQ,OAAK,MAAM,UAAa,YAAY,OAAO,YAAY,KAAK,EAAE,CAAC;AAAA,IAC/E,WAAW,UAAU,QAAW;AAC9B;AAAA,IACF,WAAW,OAAO,UAAU,YAAY,UAAU,MAAM;AACtD,kBAAY,OAAO,YAAY,KAAK,UAAU,KAAK,CAAC;AAAA,IACtD,OAAO;AACL,kBAAY,OAAO,YAAY,OAAO,SAAS,EAAE,CAAC;AAAA,IACpD;AAAA,EACF,CAAC;AAED,SAAO,YAAY,SAAS;AAC9B;","names":[]}

package/dist/esm/global.d.js

@@ -0,0 +1 @@
+//# sourceMappingURL=global.d.js.map

package/dist/esm/global.d.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/esm/index.js

@@ -0,0 +1,13 @@
+import { TernSecureAuth } from "./instance/TernAuth";
+import { TernServerAuth } from "./instance/TernAuthServer";
+import { CoreApiClient, coreApiClient } from "./instance/coreApiClient";
+import { SignIn, TernSecureBase } from "./resources/internal";
+export {
+  CoreApiClient,
+  SignIn,
+  TernSecureAuth,
+  TernSecureBase,
+  TernServerAuth,
+  coreApiClient
+};
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/index.ts"],"sourcesContent":["export { TernSecureAuth } from './instance/TernAuth';\nexport type { TernAuth } from './instance/TernAuth';\nexport { TernServerAuth } from './instance/TernAuthServer';\nexport type { TernServerAuthOptions, AuthenticatedApp } from './instance/TernAuthServer';\n\nexport { CoreApiClient, coreApiClient } from './instance/coreApiClient';\nexport type { \n    ApiResponse, \n    ApiResponseJSON, \n    RequestOptions,\n    BeforeRequestHook,\n    AfterResponseHook\n} from './instance/coreApiClient';\n\nexport { SignIn, TernSecureBase } from './resources/internal';\n\nexport type {\n    TernSecureConfig,\n    SignInFormValuesTree,\n    SignInResponseTree,\n    ResendEmailVerification,\n    TernSecureUser,\n    TernSecureState\n} from '@tern-secure/types';"],"mappings":"AAAA,SAAS,sBAAsB;AAE/B,SAAS,sBAAsB;AAG/B,SAAS,eAAe,qBAAqB;AAS7C,SAAS,QAAQ,sBAAsB;","names":[]}

package/dist/esm/instance/TernAuth.js

@@ -0,0 +1,455 @@
+import { handleFirebaseAuthError } from "@tern-secure/shared/errors";
+import { createTernAuthEventBus, ternEvents } from "@tern-secure/shared/ternStatusEvent";
+import { stripScheme } from "@tern-secure/shared/url";
+import { handleValueOrFn } from "@tern-secure/shared/utils";
+import { getApps, initializeApp } from "firebase/app";
+import {
+  browserLocalPersistence,
+  browserSessionPersistence,
+  connectAuthEmulator,
+  getRedirectResult,
+  initializeAuth,
+  inMemoryPersistence,
+  onAuthStateChanged,
+  onIdTokenChanged
+} from "firebase/auth";
+import { browserCookiePersistence } from "firebase/auth/web-extension";
+import { getInstallations } from "firebase/installations";
+import { AuthCookieManager, SignIn, SignUp, TernSecureBase } from "../resources/internal";
+import { buildURL } from "../utils/construct";
+import { eventBus, events } from "./events";
+function inBrowser() {
+  return typeof window !== "undefined";
+}
+class TernSecureAuth {
+  static version = "1.0.0";
+  static sdkMetadata = {
+    name: "@tern-secure/auth",
+    version: "1.0.0",
+    environment: process.env.NODE_ENV || "production"
+  };
+  static instance = null;
+  _currentUser = null;
+  signedInSession = null;
+  firebaseClientApp;
+  authStateUnsubscribe = null;
+  auth;
+  csrfToken;
+  isLoading = false;
+  error = null;
+  user = null;
+  __internal_country;
+  #domain;
+  #apiUrl;
+  #instanceType;
+  #status = "loading";
+  #listeners = [];
+  #options = {};
+  #authCookieManager;
+  #publicEventBus = createTernAuthEventBus();
+  signIn;
+  signUp;
+  get isReady() {
+    return this.status === "ready";
+  }
+  get status() {
+    return this.#status;
+  }
+  get version() {
+    return TernSecureAuth.version;
+  }
+  set sdkMetadata(metadata) {
+    TernSecureAuth.sdkMetadata = metadata;
+  }
+  get sdkMetadata() {
+    return TernSecureAuth.sdkMetadata;
+  }
+  get requiresVerification() {
+    return this.#options.requiresVerification ?? true;
+  }
+  get apiUrl() {
+    return this.#apiUrl;
+  }
+  getApiUrl = () => this.#apiUrl;
+  get domain() {
+    if (inBrowser()) {
+      const strippedDomainString = stripScheme(
+        handleValueOrFn(this.#domain, new URL(window.location.href))
+      );
+      if (this.#instanceType === "production") {
+        return strippedDomainString;
+      }
+      return strippedDomainString;
+    }
+    return "";
+  }
+  get instanceType() {
+    return this.#instanceType;
+  }
+  constructor(options) {
+    var _a;
+    this.#domain = (_a = options == null ? void 0 : options.ternSecureConfig) == null ? void 0 : _a.authDomain;
+    this.#apiUrl = (options == null ? void 0 : options.apiUrl) || "";
+    this.#instanceType = process.env.NODE_ENV || "production";
+    this.#publicEventBus.emit(ternEvents.Status, "loading");
+    TernSecureBase.ternsecure = this;
+  }
+  setLoading(isLoading) {
+    this.isLoading = isLoading;
+  }
+  authCookieManager() {
+    return this.#authCookieManager;
+  }
+  static getorCreateInstance(options) {
+    if (!this.instance) {
+      this.instance = new TernSecureAuth(options);
+    }
+    console.log("[TernSecureAuth] TernSecureAuth instance:", this.instance);
+    return this.instance;
+  }
+  static clearInstance() {
+    if (TernSecureAuth.instance) {
+      if (TernSecureAuth.instance.authStateUnsubscribe) {
+        TernSecureAuth.instance.authStateUnsubscribe();
+        TernSecureAuth.instance.authStateUnsubscribe = null;
+      }
+      TernSecureAuth.instance = null;
+    }
+  }
+  static initialize(options) {
+    const instance = this.getorCreateInstance(options);
+    instance.#initialize(options);
+    return instance;
+  }
+  #initialize = (options) => {
+    this.#options = this.#initOptions(options);
+    try {
+      if (!this.#options.ternSecureConfig) {
+        throw new Error("TernSecureConfig is required to initialize TernSecureAuth");
+      }
+      if (!this.#options.apiUrl) {
+        throw new Error("apiUrl is required to initialize TernSecureAuth");
+      }
+      this.initializeFirebaseApp(this.#options.ternSecureConfig);
+      this.authStateUnsubscribe = this.initAuthStateListener();
+      this._onIdTokenChanged();
+      this.#authCookieManager = new AuthCookieManager();
+      this.csrfToken = this.#authCookieManager.getCSRFToken();
+      this.signIn = new SignIn(this.auth, this.csrfToken);
+      this.signUp = new SignUp(this.auth);
+      this.#setStatus("ready");
+      this.#publicEventBus.emit(ternEvents.Status, "ready");
+      return this;
+    } catch (error) {
+      this.error = error;
+      this.#setStatus("error");
+      this.#publicEventBus.emit(ternEvents.Status, "error");
+      throw error;
+    }
+  };
+  initializeFirebaseApp(config) {
+    const appName = config.appName || "[DEFAULT]";
+    this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];
+    const persistence = this.#setPersistence();
+    const auth = initializeAuth(this.firebaseClientApp, {
+      persistence
+    });
+    this.auth = auth;
+    if (config.tenantId) {
+      this.auth.tenantId = config.tenantId;
+    }
+    this.#configureEmulator();
+    getInstallations(this.firebaseClientApp);
+  }
+  signOut = async (options) => {
+    const redirectUrl = (options == null ? void 0 : options.redirectUrl) || this.#constructAfterSignOutUrl();
+    if (options == null ? void 0 : options.onBeforeSignOut) {
+      await options.onBeforeSignOut();
+    }
+    await this.auth.signOut();
+    if (options == null ? void 0 : options.onAfterSignOut) {
+      await options.onAfterSignOut();
+    }
+    if (inBrowser()) {
+      window.location.href = redirectUrl;
+    }
+    eventBus.emit(events.UserSignOut, null);
+    eventBus.emit(events.TokenRefreshed, { token: null });
+    this.#emit();
+  };
+  get currentSession() {
+    return this.signedInSession;
+  }
+  initAuthStateListener() {
+    return onAuthStateChanged(this.auth, async (user) => {
+      await this.auth.authStateReady();
+      this._currentUser = user;
+      await this.updateCurrentSession();
+      eventBus.emit(events.UserChanged, this._currentUser);
+      this.#emit();
+    });
+  }
+  _onIdTokenChanged() {
+    return onIdTokenChanged(this.auth, async (user) => {
+      await this.auth.authStateReady();
+      this._currentUser = user;
+      await this.updateCurrentSession();
+      eventBus.emit(events.TokenRefreshed, { token: user ? await user.getIdTokenResult() : null });
+      this.#emit();
+    });
+  }
+  onAuthStateChanged(callback) {
+    return onAuthStateChanged(this.auth, callback);
+  }
+  onIdTokenChanged(callback) {
+    return onIdTokenChanged(this.auth, callback);
+  }
+  async updateCurrentSession() {
+    if (!this._currentUser) {
+      this.signedInSession = null;
+      return;
+    }
+    try {
+      const res = await this._currentUser.getIdTokenResult();
+      this.signedInSession = {
+        status: "active",
+        token: res.token,
+        claims: res.claims,
+        issuedAtTime: res.issuedAtTime,
+        expirationTime: res.expirationTime,
+        authTime: res.authTime,
+        signInProvider: res.signInProvider || "unknown"
+      };
+    } catch (error) {
+      console.error("[TernSecureAuth] Error updating session:", error);
+      this.signedInSession = null;
+    }
+  }
+  async checkRedirectResult() {
+    try {
+      const result = await getRedirectResult(this.auth);
+      if (result) {
+        return {
+          success: true,
+          user: result.user
+        };
+      }
+      return null;
+    } catch (error) {
+      const authError = handleFirebaseAuthError(error);
+      return {
+        success: false,
+        message: authError.message,
+        error: authError.code,
+        user: null
+      };
+    }
+  }
+  addListener = (listener) => {
+    this.#listeners.push(listener);
+    if (this._currentUser) {
+      listener({
+        user: this._currentUser,
+        session: this.signedInSession
+      });
+    }
+    const unsubscribe = () => {
+      this.#listeners = this.#listeners.filter((l) => l !== listener);
+    };
+    return unsubscribe;
+  };
+  on = (...args) => {
+    this.#publicEventBus.on(...args);
+  };
+  off = (...args) => {
+    this.#publicEventBus.off(...args);
+  };
+  initialize(options) {
+    this._initialize(options);
+    return Promise.resolve();
+  }
+  static create(options) {
+    const instance = this.getorCreateInstance();
+    instance.initialize(options);
+    return instance;
+  }
+  _initialize = (options) => {
+    this.#options = this.#initOptions(options);
+    try {
+      if (!this.#options.ternSecureConfig) {
+        throw new Error("TernSecureConfig is required to initialize TernSecureAuth");
+      }
+      if (!this.#options.apiUrl) {
+        throw new Error("apiUrl is required to initialize TernSecureAuth");
+      }
+      this.#apiUrl = this.#options.apiUrl;
+      this.initializeFirebaseApp(this.#options.ternSecureConfig);
+      this.signIn = new SignIn(this.auth, this.csrfToken);
+      this.signUp = new SignUp(this.auth);
+      this.#setStatus("ready");
+    } catch (error) {
+      this.error = error;
+      this.#setStatus("error");
+      throw error;
+    }
+  };
+  constructUrlWithAuthRedirect = (to) => {
+    const baseUrl = window.location.origin;
+    const url = new URL(to, baseUrl);
+    if (url.origin === window.location.origin) {
+      return url.href;
+    }
+    return url.toString();
+  };
+  #buildUrl = (key, options) => {
+    var _a, _b;
+    if (!key || !this.isReady) {
+      return "";
+    }
+    const baseUrlConfig = key === "signInUrl" ? this.#options.signInUrl : this.#options.signUpUrl;
+    const defaultPagePath = key === "signInUrl" ? "/sign-in" : "/sign-up";
+    const base = baseUrlConfig || defaultPagePath;
+    let effectiveRedirectUrl;
+    if (key === "signInUrl" && "signInForceRedirectUrl" in options) {
+      effectiveRedirectUrl = options.signInForceRedirectUrl;
+    } else if (key === "signUpUrl" && "signUpForceRedirectUrl" in options) {
+      effectiveRedirectUrl = options.signUpForceRedirectUrl;
+    }
+    if (!effectiveRedirectUrl && inBrowser()) {
+      const currentUrlParams = new URLSearchParams(window.location.search);
+      const existingRedirectParam = currentUrlParams.get("redirect_url");
+      if (existingRedirectParam) {
+        effectiveRedirectUrl = existingRedirectParam;
+      }
+    }
+    if (!effectiveRedirectUrl && inBrowser()) {
+      effectiveRedirectUrl = window.location.pathname + window.location.search + window.location.hash;
+    }
+    if (effectiveRedirectUrl && inBrowser()) {
+      let signInPagePath;
+      try {
+        signInPagePath = this.#options.signInUrl ? new URL(this.#options.signInUrl, window.location.origin).pathname : defaultPagePath;
+      } catch {
+        signInPagePath = defaultPagePath;
+      }
+      let signUpPagePath;
+      try {
+        signUpPagePath = this.#options.signUpUrl ? new URL(this.#options.signUpUrl, window.location.origin).pathname : key === "signUpUrl" ? defaultPagePath : "/sign-in";
+      } catch {
+        signUpPagePath = key === "signUpUrl" ? defaultPagePath : "/sign-in";
+      }
+      const redirectTargetObj = new URL(effectiveRedirectUrl, window.location.origin);
+      if (redirectTargetObj.pathname === signInPagePath || redirectTargetObj.pathname === signUpPagePath) {
+        effectiveRedirectUrl = "/";
+      }
+    }
+    const paramsForBuildUrl = {
+      base,
+      searchParams: new URLSearchParams()
+    };
+    if (effectiveRedirectUrl) {
+      if (inBrowser()) {
+        const absoluteRedirectUrl = new URL(effectiveRedirectUrl, window.location.origin).href;
+        (_a = paramsForBuildUrl.searchParams) == null ? void 0 : _a.set("redirect", absoluteRedirectUrl);
+      } else {
+        (_b = paramsForBuildUrl.searchParams) == null ? void 0 : _b.set("redirect", effectiveRedirectUrl);
+      }
+    }
+    const constructedUrl = buildURL(paramsForBuildUrl, {
+      stringify: true,
+      skipOrigin: false
+    });
+    if (typeof constructedUrl !== "string") {
+      console.error(
+        "[TernSecure] Error: buildURL did not return a string as expected. Falling back to base URL."
+      );
+      if (inBrowser()) {
+        try {
+          return new URL(base, window.location.origin).href;
+        } catch {
+          return base;
+        }
+      }
+      return base;
+    }
+    return this.constructUrlWithAuthRedirect(constructedUrl);
+  };
+  #constructAfterSignOutUrl = () => {
+    if (!this.#options.afterSignOutUrl) {
+      return "/";
+    }
+    return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);
+  };
+  constructSignInUrl = (options) => {
+    return this.#buildUrl("signInUrl", { ...options });
+  };
+  constructSignUpUrl = (options) => {
+    return this.#buildUrl("signUpUrl", { ...options });
+  };
+  __internal_setCountry = (country) => {
+    if (!this.__internal_country) {
+      this.__internal_country = country;
+    }
+  };
+  #initOptions = (options) => {
+    return {
+      ...options
+    };
+  };
+  #emit = () => {
+    if (this._currentUser) {
+      for (const listener of this.#listeners) {
+        listener({
+          user: this._currentUser
+        });
+      }
+    }
+  };
+  #setStatus(newStatus) {
+    if (this.#status !== newStatus) {
+      this.#status = newStatus;
+      this.#publicEventBus.emit(ternEvents.Status, this.#status);
+      if (newStatus === "ready") {
+        this.#publicEventBus.emit(ternEvents.Status, "ready");
+      }
+    }
+  }
+  #setPersistence = () => {
+    const persistenceType = this.#options.persistence || "none";
+    switch (persistenceType) {
+      case "browserCookie":
+        return browserCookiePersistence;
+      case "session":
+        return browserSessionPersistence;
+      case "local":
+        return browserLocalPersistence;
+      case "none":
+      default:
+        return inMemoryPersistence;
+    }
+  };
+  #emulatorHost = () => {
+    if (typeof process === "undefined") return void 0;
+    return process.env.FIREBASE_AUTH_EMULATOR_HOST;
+  };
+  #configureEmulator = () => {
+    const host = this.#emulatorHost();
+    const isDev = this.#instanceType === "development";
+    const shouldUseEmulator = isDev && !!host;
+    if (!shouldUseEmulator || !host) {
+      return;
+    }
+    const emulatorUrl = host.startsWith("http") ? host : `http://${host}`;
+    try {
+      connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: true });
+      console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);
+    } catch (error) {
+      console.error("[TernSecure] Error connecting to Firebase Auth Emulator:", error);
+    }
+  };
+}
+export {
+  TernSecureAuth,
+  inBrowser
+};
+//# sourceMappingURL=TernAuth.js.map

package/dist/esm/instance/TernAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/instance/TernAuth.ts"],"sourcesContent":["import { handleFirebaseAuthError } from '@tern-secure/shared/errors';\nimport { createTernAuthEventBus, ternEvents } from '@tern-secure/shared/ternStatusEvent';\nimport { stripScheme } from '@tern-secure/shared/url';\nimport { handleValueOrFn } from '@tern-secure/shared/utils';\nimport type {\n  DomainOrProxyUrl,\n  InstanceType,\n  ListenerCallback,\n  RedirectOptions,\n  SignedInSession,\n  SignInRedirectOptions,\n  SignInResource,\n  SignInResponseTree,\n  SignOut,\n  SignOutOptions,\n  SignUpRedirectOptions,\n  SignUpResource,\n  TernSecureAuth as TernSecureAuthInterface,\n  TernSecureAuthOptions,\n  TernSecureAuthStatus,\n  TernSecureConfig,\n  TernSecureResources,\n  TernSecureSDK,\n  TernSecureUser,\n  UnsubscribeCallback,\n} from '@tern-secure/types';\nimport type { FirebaseApp } from 'firebase/app';\nimport { getApps, initializeApp } from 'firebase/app';\nimport type { Auth, Auth as TernAuth } from 'firebase/auth';\nimport {\n  browserLocalPersistence,\n  browserSessionPersistence,\n  connectAuthEmulator,\n  getRedirectResult,\n  initializeAuth,\n  inMemoryPersistence,\n  onAuthStateChanged,\n  onIdTokenChanged,\n} from 'firebase/auth';\nimport { browserCookiePersistence } from 'firebase/auth/web-extension';\nimport { getInstallations } from 'firebase/installations';\n\nimport { AuthCookieManager, SignIn, SignUp, TernSecureBase } from '../resources/internal';\nimport { buildURL } from '../utils/construct';\nimport { eventBus, events } from './events';\n\nexport function inBrowser(): boolean {\n  return typeof window !== 'undefined';\n}\n\nexport { TernAuth };\n\n/**\n * Firebase implementation of the TernSecureAuth interface\n */\nexport class TernSecureAuth implements TernSecureAuthInterface {\n  public static version: string = PACKAGE_VERSION;\n  public static sdkMetadata: TernSecureSDK = {\n    name: PACKAGE_NAME,\n    version: PACKAGE_VERSION,\n    environment: process.env.NODE_ENV || 'production',\n  };\n  private static instance: TernSecureAuth | null = null;\n  private _currentUser: TernSecureUser | null = null;\n  private signedInSession: SignedInSession | null = null;\n  private firebaseClientApp: FirebaseApp | undefined;\n  private authStateUnsubscribe: (() => void) | null = null;\n  private auth!: Auth;\n  private csrfToken: string | undefined;\n  public isLoading = false;\n  public error: Error | null = null;\n  public user: TernSecureUser | null | undefined = null;\n  public __internal_country?: string | null;\n  #domain: DomainOrProxyUrl['domain'];\n  #apiUrl!: string;\n  #instanceType?: InstanceType;\n  #status: TernSecureAuthInterface['status'] = 'loading';\n  #listeners: Array<(emission: TernSecureResources) => void> = [];\n  #options: TernSecureAuthOptions = {} as TernSecureAuthOptions;\n  #authCookieManager?: AuthCookieManager;\n  #publicEventBus = createTernAuthEventBus();\n\n  signIn!: SignInResource;\n  signUp!: SignUpResource;\n\n  get isReady(): boolean {\n    return this.status === 'ready';\n  }\n\n  get status(): TernSecureAuthInterface['status'] {\n    return this.#status;\n  }\n\n  get version(): string {\n    return TernSecureAuth.version;\n  }\n\n  set sdkMetadata(metadata: TernSecureSDK) {\n    TernSecureAuth.sdkMetadata = metadata;\n  }\n\n  get sdkMetadata(): TernSecureSDK {\n    return TernSecureAuth.sdkMetadata;\n  }\n\n  get requiresVerification(): boolean {\n    return this.#options.requiresVerification ?? true;\n  }\n\n  get apiUrl(): string {\n    return this.#apiUrl;\n  }\n\n  public getApiUrl = (): string => this.#apiUrl;\n\n  get domain(): string {\n    if (inBrowser()) {\n      const strippedDomainString = stripScheme(\n        handleValueOrFn(this.#domain, new URL(window.location.href)),\n      );\n      if (this.#instanceType === 'production') {\n        return strippedDomainString;\n      }\n      return strippedDomainString;\n    }\n    return '';\n  }\n\n  get instanceType() {\n    return this.#instanceType;\n  }\n\n  public constructor(options?: TernSecureAuthOptions) {\n    this.#domain = options?.ternSecureConfig?.authDomain;\n    this.#apiUrl = options?.apiUrl || '';\n    this.#instanceType = (process.env.NODE_ENV as InstanceType) || 'production';\n    this.#publicEventBus.emit(ternEvents.Status, 'loading');\n    TernSecureBase.ternsecure = this;\n  }\n\n  public setLoading(isLoading: boolean): void {\n    this.isLoading = isLoading;\n  }\n\n  public authCookieManager(): AuthCookieManager | undefined {\n    return this.#authCookieManager;\n  }\n\n  static getorCreateInstance(options?: TernSecureAuthOptions): TernSecureAuth {\n    if (!this.instance) {\n      this.instance = new TernSecureAuth(options);\n    }\n    console.log('[TernSecureAuth] TernSecureAuth instance:', this.instance);\n    return this.instance;\n  }\n\n  static clearInstance() {\n    if (TernSecureAuth.instance) {\n      if (TernSecureAuth.instance.authStateUnsubscribe) {\n        TernSecureAuth.instance.authStateUnsubscribe();\n        TernSecureAuth.instance.authStateUnsubscribe = null;\n      }\n      TernSecureAuth.instance = null;\n    }\n  }\n\n  public static initialize(options: TernSecureAuthOptions): TernSecureAuth {\n    const instance = this.getorCreateInstance(options);\n    instance.#initialize(options);\n    return instance;\n  }\n\n  #initialize = (options: TernSecureAuthOptions): TernSecureAuth => {\n    this.#options = this.#initOptions(options);\n\n    try {\n      if (!this.#options.ternSecureConfig) {\n        throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n      }\n\n      if (!this.#options.apiUrl) {\n        throw new Error('apiUrl is required to initialize TernSecureAuth');\n      }\n\n      this.initializeFirebaseApp(this.#options.ternSecureConfig);\n      this.authStateUnsubscribe = this.initAuthStateListener();\n      this._onIdTokenChanged();\n\n      this.#authCookieManager = new AuthCookieManager();\n      this.csrfToken = this.#authCookieManager.getCSRFToken();\n\n      this.signIn = new SignIn(this.auth, this.csrfToken);\n      this.signUp = new SignUp(this.auth);\n\n      this.#setStatus('ready');\n      this.#publicEventBus.emit(ternEvents.Status, 'ready');\n\n      return this;\n    } catch (error) {\n      this.error = error as Error;\n      this.#setStatus('error');\n      this.#publicEventBus.emit(ternEvents.Status, 'error');\n      throw error;\n    }\n  };\n\n  private initializeFirebaseApp(config: TernSecureConfig) {\n    const appName = config.appName || '[DEFAULT]';\n    this.firebaseClientApp = getApps().length === 0 ? initializeApp(config, appName) : getApps()[0];\n\n    const persistence = this.#setPersistence();\n    const auth = initializeAuth(this.firebaseClientApp, {\n      persistence,\n    });\n\n    this.auth = auth;\n\n    if (config.tenantId) {\n      this.auth.tenantId = config.tenantId;\n    }\n\n    this.#configureEmulator();\n\n    getInstallations(this.firebaseClientApp);\n  }\n\n  public signOut: SignOut = async (options?: SignOutOptions) => {\n    const redirectUrl = options?.redirectUrl || this.#constructAfterSignOutUrl();\n    if (options?.onBeforeSignOut) {\n      await options.onBeforeSignOut();\n    }\n\n    await this.auth.signOut();\n\n    if (options?.onAfterSignOut) {\n      await options.onAfterSignOut();\n    }\n    if (inBrowser()) {\n      window.location.href = redirectUrl;\n    }\n    eventBus.emit(events.UserSignOut, null);\n    eventBus.emit(events.TokenRefreshed, { token: null });\n    this.#emit();\n  };\n\n  get currentSession(): SignedInSession | null {\n    return this.signedInSession;\n  };\n\n  private initAuthStateListener(): () => void {\n    return onAuthStateChanged(this.auth, async (user: TernSecureUser | null) => {\n      await this.auth.authStateReady();\n      this._currentUser = user;\n      await this.updateCurrentSession();\n\n      eventBus.emit(events.UserChanged, this._currentUser);\n      this.#emit();\n    });\n  }\n\n  private _onIdTokenChanged(): () => void {\n    return onIdTokenChanged(this.auth, async (user: TernSecureUser | null) => {\n      await this.auth.authStateReady();\n      this._currentUser = user;\n      await this.updateCurrentSession();\n\n      eventBus.emit(events.TokenRefreshed, { token: user ? await user.getIdTokenResult() : null });\n      this.#emit();\n    });\n  }\n\n  public onAuthStateChanged(callback: (cb: any) => void): () => void {\n    return onAuthStateChanged(this.auth, callback);\n  }\n\n  public onIdTokenChanged(callback: (cb: any) => void): () => void {\n    return onIdTokenChanged(this.auth, callback);\n  }\n\n  private async updateCurrentSession(): Promise<void> {\n    if (!this._currentUser) {\n      this.signedInSession = null;\n      return;\n    }\n\n    try {\n      const res = await this._currentUser.getIdTokenResult();\n      this.signedInSession = {\n        status: 'active',\n        token: res.token,\n        claims: res.claims,\n        issuedAtTime: res.issuedAtTime,\n        expirationTime: res.expirationTime,\n        authTime: res.authTime,\n        signInProvider: res.signInProvider || 'unknown',\n      };\n    } catch (error) {\n      console.error('[TernSecureAuth] Error updating session:', error);\n      this.signedInSession = null;\n    }\n  }\n\n  public async checkRedirectResult(): Promise<SignInResponseTree | null> {\n    try {\n      const result = await getRedirectResult(this.auth);\n      if (result) {\n        return {\n          success: true,\n          user: result.user as TernSecureUser,\n        };\n      }\n      return null;\n    } catch (error) {\n      const authError = handleFirebaseAuthError(error);\n      return {\n        success: false,\n        message: authError.message,\n        error: authError.code,\n        user: null,\n      };\n    }\n  }\n\n  public addListener = (listener: ListenerCallback): UnsubscribeCallback => {\n    this.#listeners.push(listener);\n    if (this._currentUser) {\n      listener({\n        user: this._currentUser,\n        session: this.signedInSession,\n      });\n    }\n\n    const unsubscribe = () => {\n      this.#listeners = this.#listeners.filter(l => l !== listener);\n    };\n    return unsubscribe;\n  };\n\n  public on: TernSecureAuthInterface['on'] = (...args) => {\n    this.#publicEventBus.on(...args);\n  };\n\n  public off: TernSecureAuthInterface['off'] = (...args) => {\n    this.#publicEventBus.off(...args);\n  };\n\n  public initialize(options: TernSecureAuthOptions): Promise<void> {\n    this._initialize(options);\n    return Promise.resolve();\n  }\n\n  public static create(options: TernSecureAuthOptions): TernSecureAuth {\n    const instance = this.getorCreateInstance();\n    instance.initialize(options);\n    return instance;\n  }\n\n  _initialize = (options: TernSecureAuthOptions): void => {\n    this.#options = this.#initOptions(options);\n    try {\n      if (!this.#options.ternSecureConfig) {\n        throw new Error('TernSecureConfig is required to initialize TernSecureAuth');\n      }\n\n      if (!this.#options.apiUrl) {\n        throw new Error('apiUrl is required to initialize TernSecureAuth');\n      }\n\n      this.#apiUrl = this.#options.apiUrl;\n\n      this.initializeFirebaseApp(this.#options.ternSecureConfig);\n\n      this.signIn = new SignIn(this.auth, this.csrfToken);\n      this.signUp = new SignUp(this.auth);\n\n      this.#setStatus('ready');\n    } catch (error) {\n      this.error = error as Error;\n      this.#setStatus('error');\n      throw error;\n    }\n  };\n\n  public constructUrlWithAuthRedirect = (to: string): string => {\n    const baseUrl = window.location.origin;\n    const url = new URL(to, baseUrl);\n\n    if (url.origin === window.location.origin) {\n      return url.href;\n    }\n\n    return url.toString();\n  };\n\n  #buildUrl = (key: 'signInUrl' | 'signUpUrl', options: RedirectOptions): string => {\n    if (!key || !this.isReady) {\n      return '';\n    }\n\n    const baseUrlConfig = key === 'signInUrl' ? this.#options.signInUrl : this.#options.signUpUrl;\n    const defaultPagePath = key === 'signInUrl' ? '/sign-in' : '/sign-up';\n    const base = baseUrlConfig || defaultPagePath;\n\n    let effectiveRedirectUrl: string | null | undefined;\n\n    // Priority 1: Get redirect URL from options (signInForceRedirectUrl or signUpForceRedirectUrl)\n    if (key === 'signInUrl' && 'signInForceRedirectUrl' in options) {\n      effectiveRedirectUrl = options.signInForceRedirectUrl;\n    } else if (key === 'signUpUrl' && 'signUpForceRedirectUrl' in options) {\n      effectiveRedirectUrl = options.signUpForceRedirectUrl;\n    }\n\n    // Priority 2: If no force redirect from options, check 'redirect' param in current URL (only in browser)\n    if (!effectiveRedirectUrl && inBrowser()) {\n      const currentUrlParams = new URLSearchParams(window.location.search);\n      const existingRedirectParam = currentUrlParams.get('redirect_url');\n      if (existingRedirectParam) {\n        effectiveRedirectUrl = existingRedirectParam;\n      }\n    }\n\n    // Priority 3: If still no redirect URL, fallback to current page's full path (only in browser)\n    // This ensures that if the call originates from a page, it attempts to redirect back there by default.\n    if (!effectiveRedirectUrl && inBrowser()) {\n      effectiveRedirectUrl =\n        window.location.pathname + window.location.search + window.location.hash;\n    }\n\n    if (effectiveRedirectUrl && inBrowser()) {\n      let signInPagePath: string | undefined;\n      try {\n        signInPagePath = this.#options.signInUrl\n          ? new URL(this.#options.signInUrl, window.location.origin).pathname\n          : defaultPagePath;\n      } catch {\n        signInPagePath = defaultPagePath;\n      }\n\n      let signUpPagePath: string | undefined;\n      try {\n        signUpPagePath = this.#options.signUpUrl\n          ? new URL(this.#options.signUpUrl, window.location.origin).pathname\n          : key === 'signUpUrl'\n            ? defaultPagePath\n            : '/sign-in';\n      } catch {\n        signUpPagePath = key === 'signUpUrl' ? defaultPagePath : '/sign-in';\n      }\n\n      const redirectTargetObj = new URL(effectiveRedirectUrl, window.location.origin);\n\n      if (\n        redirectTargetObj.pathname === signInPagePath ||\n        redirectTargetObj.pathname === signUpPagePath\n      ) {\n        // If the intended redirect path is the sign-in or sign-up page itself,\n        // change the redirect target to the application root ('/').\n        effectiveRedirectUrl = '/';\n      }\n    }\n\n    const paramsForBuildUrl: Parameters<typeof buildURL>[0] = {\n      base,\n      searchParams: new URLSearchParams(),\n    };\n\n    if (effectiveRedirectUrl) {\n      // Check if a redirect URL was determined\n      if (inBrowser()) {\n        const absoluteRedirectUrl = new URL(effectiveRedirectUrl, window.location.origin).href;\n        paramsForBuildUrl.searchParams?.set('redirect', absoluteRedirectUrl);\n      } else {\n        // If not in browser, use the effectiveRedirectUrl as is.\n        // This assumes it's either absolute or a path the server can interpret.\n        paramsForBuildUrl.searchParams?.set('redirect', effectiveRedirectUrl);\n      }\n    }\n\n    const constructedUrl = buildURL(paramsForBuildUrl, {\n      stringify: true,\n      skipOrigin: false,\n    });\n\n    if (typeof constructedUrl !== 'string') {\n      console.error(\n        '[TernSecure] Error: buildURL did not return a string as expected. Falling back to base URL.',\n      );\n      if (inBrowser()) {\n        try {\n          return new URL(base, window.location.origin).href;\n        } catch {\n          return base;\n        }\n      }\n      return base;\n    }\n\n    return this.constructUrlWithAuthRedirect(constructedUrl);\n  };\n\n  #constructAfterSignOutUrl = (): string => {\n    if (!this.#options.afterSignOutUrl) {\n      return '/';\n    }\n    return this.constructUrlWithAuthRedirect(this.#options.afterSignOutUrl);\n  };\n\n  public constructSignInUrl = (options?: SignInRedirectOptions): string => {\n    return this.#buildUrl('signInUrl', { ...options });\n  };\n\n  public constructSignUpUrl = (options?: SignUpRedirectOptions): string => {\n    return this.#buildUrl('signUpUrl', { ...options });\n  };\n\n  __internal_setCountry = (country: string | null) => {\n    if (!this.__internal_country) {\n      this.__internal_country = country;\n    }\n  };\n\n  #initOptions = (options: TernSecureAuthOptions): TernSecureAuthOptions => {\n    return {\n      ...options,\n    };\n  };\n\n  #emit = (): void => {\n    if (this._currentUser) {\n      for (const listener of this.#listeners) {\n        listener({\n          user: this._currentUser,\n        });\n      }\n    }\n  };\n\n  #setStatus(newStatus: TernSecureAuthStatus): void {\n    if (this.#status !== newStatus) {\n      this.#status = newStatus;\n      this.#publicEventBus.emit(ternEvents.Status, this.#status);\n\n      if (newStatus === 'ready') {\n        this.#publicEventBus.emit(ternEvents.Status, 'ready');\n      }\n    }\n  }\n\n  #setPersistence = () => {\n    const persistenceType = this.#options.persistence || 'none';\n\n    switch (persistenceType) {\n      case 'browserCookie':\n        return browserCookiePersistence;\n      case 'session':\n        return browserSessionPersistence;\n      case 'local':\n        return browserLocalPersistence;\n      case 'none':\n      default:\n        return inMemoryPersistence;\n    }\n  };\n\n  #emulatorHost = (): string | undefined => {\n    if (typeof process === 'undefined') return undefined;\n    return process.env.FIREBASE_AUTH_EMULATOR_HOST;\n  };\n\n  #configureEmulator = (): void => {\n    const host = this.#emulatorHost();\n    const isDev = this.#instanceType === 'development';\n    const shouldUseEmulator = isDev && !!host;\n    if (!shouldUseEmulator || !host) {\n      return;\n    }\n\n    const emulatorUrl = host.startsWith('http') ? host : `http://${host}`;\n\n    try {\n      //(this.auth as unknown as any)._canInitEmulator = true;\n      connectAuthEmulator(this.auth, emulatorUrl, { disableWarnings: true });\n      console.warn(`[TernSecure] Firebase Auth Emulator connected at ${emulatorUrl}`);\n    } catch (error) {\n      console.error('[TernSecure] Error connecting to Firebase Auth Emulator:', error);\n    }\n  };\n}\n"],"mappings":"AAAA,SAAS,+BAA+B;AACxC,SAAS,wBAAwB,kBAAkB;AACnD,SAAS,mBAAmB;AAC5B,SAAS,uBAAuB;AAwBhC,SAAS,SAAS,qBAAqB;AAEvC;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,gCAAgC;AACzC,SAAS,wBAAwB;AAEjC,SAAS,mBAAmB,QAAQ,QAAQ,sBAAsB;AAClE,SAAS,gBAAgB;AACzB,SAAS,UAAU,cAAc;AAE1B,SAAS,YAAqB;AACnC,SAAO,OAAO,WAAW;AAC3B;AAOO,MAAM,eAAkD;AAAA,EAC7D,OAAc,UAAkB;AAAA,EAChC,OAAc,cAA6B;AAAA,IACzC,MAAM;AAAA,IACN,SAAS;AAAA,IACT,aAAa,QAAQ,IAAI,YAAY;AAAA,EACvC;AAAA,EACA,OAAe,WAAkC;AAAA,EACzC,eAAsC;AAAA,EACtC,kBAA0C;AAAA,EAC1C;AAAA,EACA,uBAA4C;AAAA,EAC5C;AAAA,EACA;AAAA,EACD,YAAY;AAAA,EACZ,QAAsB;AAAA,EACtB,OAA0C;AAAA,EAC1C;AAAA,EACP;AAAA,EACA;AAAA,EACA;AAAA,EACA,UAA6C;AAAA,EAC7C,aAA6D,CAAC;AAAA,EAC9D,WAAkC,CAAC;AAAA,EACnC;AAAA,EACA,kBAAkB,uBAAuB;AAAA,EAEzC;AAAA,EACA;AAAA,EAEA,IAAI,UAAmB;AACrB,WAAO,KAAK,WAAW;AAAA,EACzB;AAAA,EAEA,IAAI,SAA4C;AAC9C,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,UAAkB;AACpB,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,YAAY,UAAyB;AACvC,mBAAe,cAAc;AAAA,EAC/B;AAAA,EAEA,IAAI,cAA6B;AAC/B,WAAO,eAAe;AAAA,EACxB;AAAA,EAEA,IAAI,uBAAgC;AAClC,WAAO,KAAK,SAAS,wBAAwB;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAiB;AACnB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,MAAc,KAAK;AAAA,EAEtC,IAAI,SAAiB;AACnB,QAAI,UAAU,GAAG;AACf,YAAM,uBAAuB;AAAA,QAC3B,gBAAgB,KAAK,SAAS,IAAI,IAAI,OAAO,SAAS,IAAI,CAAC;AAAA,MAC7D;AACA,UAAI,KAAK,kBAAkB,cAAc;AACvC,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,eAAe;AACjB,WAAO,KAAK;AAAA,EACd;AAAA,EAEO,YAAY,SAAiC;AApItD;AAqII,SAAK,WAAU,wCAAS,qBAAT,mBAA2B;AAC1C,SAAK,WAAU,mCAAS,WAAU;AAClC,SAAK,gBAAiB,QAAQ,IAAI,YAA6B;AAC/D,SAAK,gBAAgB,KAAK,WAAW,QAAQ,SAAS;AACtD,mBAAe,aAAa;AAAA,EAC9B;AAAA,EAEO,WAAW,WAA0B;AAC1C,SAAK,YAAY;AAAA,EACnB;AAAA,EAEO,oBAAmD;AACxD,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,oBAAoB,SAAiD;AAC1E,QAAI,CAAC,KAAK,UAAU;AAClB,WAAK,WAAW,IAAI,eAAe,OAAO;AAAA,IAC5C;AACA,YAAQ,IAAI,6CAA6C,KAAK,QAAQ;AACtE,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,gBAAgB;AACrB,QAAI,eAAe,UAAU;AAC3B,UAAI,eAAe,SAAS,sBAAsB;AAChD,uBAAe,SAAS,qBAAqB;AAC7C,uBAAe,SAAS,uBAAuB;AAAA,MACjD;AACA,qBAAe,WAAW;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,OAAc,WAAW,SAAgD;AACvE,UAAM,WAAW,KAAK,oBAAoB,OAAO;AACjD,aAAS,YAAY,OAAO;AAC5B,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAmD;AAChE,SAAK,WAAW,KAAK,aAAa,OAAO;AAEzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,sBAAsB,KAAK,SAAS,gBAAgB;AACzD,WAAK,uBAAuB,KAAK,sBAAsB;AACvD,WAAK,kBAAkB;AAEvB,WAAK,qBAAqB,IAAI,kBAAkB;AAChD,WAAK,YAAY,KAAK,mBAAmB,aAAa;AAEtD,WAAK,SAAS,IAAI,OAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,OAAO,KAAK,IAAI;AAElC,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAEpD,aAAO;AAAA,IACT,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,WAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AACpD,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEQ,sBAAsB,QAA0B;AACtD,UAAM,UAAU,OAAO,WAAW;AAClC,SAAK,oBAAoB,QAAQ,EAAE,WAAW,IAAI,cAAc,QAAQ,OAAO,IAAI,QAAQ,EAAE,CAAC;AAE9F,UAAM,cAAc,KAAK,gBAAgB;AACzC,UAAM,OAAO,eAAe,KAAK,mBAAmB;AAAA,MAClD;AAAA,IACF,CAAC;AAED,SAAK,OAAO;AAEZ,QAAI,OAAO,UAAU;AACnB,WAAK,KAAK,WAAW,OAAO;AAAA,IAC9B;AAEA,SAAK,mBAAmB;AAExB,qBAAiB,KAAK,iBAAiB;AAAA,EACzC;AAAA,EAEO,UAAmB,OAAO,YAA6B;AAC5D,UAAM,eAAc,mCAAS,gBAAe,KAAK,0BAA0B;AAC3E,QAAI,mCAAS,iBAAiB;AAC5B,YAAM,QAAQ,gBAAgB;AAAA,IAChC;AAEA,UAAM,KAAK,KAAK,QAAQ;AAExB,QAAI,mCAAS,gBAAgB;AAC3B,YAAM,QAAQ,eAAe;AAAA,IAC/B;AACA,QAAI,UAAU,GAAG;AACf,aAAO,SAAS,OAAO;AAAA,IACzB;AACA,aAAS,KAAK,OAAO,aAAa,IAAI;AACtC,aAAS,KAAK,OAAO,gBAAgB,EAAE,OAAO,KAAK,CAAC;AACpD,SAAK,MAAM;AAAA,EACb;AAAA,EAEA,IAAI,iBAAyC;AAC3C,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,wBAAoC;AAC1C,WAAO,mBAAmB,KAAK,MAAM,OAAO,SAAgC;AAC1E,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,YAAM,KAAK,qBAAqB;AAEhC,eAAS,KAAK,OAAO,aAAa,KAAK,YAAY;AACnD,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEQ,oBAAgC;AACtC,WAAO,iBAAiB,KAAK,MAAM,OAAO,SAAgC;AACxE,YAAM,KAAK,KAAK,eAAe;AAC/B,WAAK,eAAe;AACpB,YAAM,KAAK,qBAAqB;AAEhC,eAAS,KAAK,OAAO,gBAAgB,EAAE,OAAO,OAAO,MAAM,KAAK,iBAAiB,IAAI,KAAK,CAAC;AAC3F,WAAK,MAAM;AAAA,IACb,CAAC;AAAA,EACH;AAAA,EAEO,mBAAmB,UAAyC;AACjE,WAAO,mBAAmB,KAAK,MAAM,QAAQ;AAAA,EAC/C;AAAA,EAEO,iBAAiB,UAAyC;AAC/D,WAAO,iBAAiB,KAAK,MAAM,QAAQ;AAAA,EAC7C;AAAA,EAEA,MAAc,uBAAsC;AAClD,QAAI,CAAC,KAAK,cAAc;AACtB,WAAK,kBAAkB;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,MAAM,MAAM,KAAK,aAAa,iBAAiB;AACrD,WAAK,kBAAkB;AAAA,QACrB,QAAQ;AAAA,QACR,OAAO,IAAI;AAAA,QACX,QAAQ,IAAI;AAAA,QACZ,cAAc,IAAI;AAAA,QAClB,gBAAgB,IAAI;AAAA,QACpB,UAAU,IAAI;AAAA,QACd,gBAAgB,IAAI,kBAAkB;AAAA,MACxC;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,4CAA4C,KAAK;AAC/D,WAAK,kBAAkB;AAAA,IACzB;AAAA,EACF;AAAA,EAEA,MAAa,sBAA0D;AACrE,QAAI;AACF,YAAM,SAAS,MAAM,kBAAkB,KAAK,IAAI;AAChD,UAAI,QAAQ;AACV,eAAO;AAAA,UACL,SAAS;AAAA,UACT,MAAM,OAAO;AAAA,QACf;AAAA,MACF;AACA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM,YAAY,wBAAwB,KAAK;AAC/C,aAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,UAAU;AAAA,QACnB,OAAO,UAAU;AAAA,QACjB,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAAA,EAEO,cAAc,CAAC,aAAoD;AACxE,SAAK,WAAW,KAAK,QAAQ;AAC7B,QAAI,KAAK,cAAc;AACrB,eAAS;AAAA,QACP,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,MAChB,CAAC;AAAA,IACH;AAEA,UAAM,cAAc,MAAM;AACxB,WAAK,aAAa,KAAK,WAAW,OAAO,OAAK,MAAM,QAAQ;AAAA,IAC9D;AACA,WAAO;AAAA,EACT;AAAA,EAEO,KAAoC,IAAI,SAAS;AACtD,SAAK,gBAAgB,GAAG,GAAG,IAAI;AAAA,EACjC;AAAA,EAEO,MAAsC,IAAI,SAAS;AACxD,SAAK,gBAAgB,IAAI,GAAG,IAAI;AAAA,EAClC;AAAA,EAEO,WAAW,SAA+C;AAC/D,SAAK,YAAY,OAAO;AACxB,WAAO,QAAQ,QAAQ;AAAA,EACzB;AAAA,EAEA,OAAc,OAAO,SAAgD;AACnE,UAAM,WAAW,KAAK,oBAAoB;AAC1C,aAAS,WAAW,OAAO;AAC3B,WAAO;AAAA,EACT;AAAA,EAEA,cAAc,CAAC,YAAyC;AACtD,SAAK,WAAW,KAAK,aAAa,OAAO;AACzC,QAAI;AACF,UAAI,CAAC,KAAK,SAAS,kBAAkB;AACnC,cAAM,IAAI,MAAM,2DAA2D;AAAA,MAC7E;AAEA,UAAI,CAAC,KAAK,SAAS,QAAQ;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AAEA,WAAK,UAAU,KAAK,SAAS;AAE7B,WAAK,sBAAsB,KAAK,SAAS,gBAAgB;AAEzD,WAAK,SAAS,IAAI,OAAO,KAAK,MAAM,KAAK,SAAS;AAClD,WAAK,SAAS,IAAI,OAAO,KAAK,IAAI;AAElC,WAAK,WAAW,OAAO;AAAA,IACzB,SAAS,OAAO;AACd,WAAK,QAAQ;AACb,WAAK,WAAW,OAAO;AACvB,YAAM;AAAA,IACR;AAAA,EACF;AAAA,EAEO,+BAA+B,CAAC,OAAuB;AAC5D,UAAM,UAAU,OAAO,SAAS;AAChC,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO;AAE/B,QAAI,IAAI,WAAW,OAAO,SAAS,QAAQ;AACzC,aAAO,IAAI;AAAA,IACb;AAEA,WAAO,IAAI,SAAS;AAAA,EACtB;AAAA,EAEA,YAAY,CAAC,KAAgC,YAAqC;AA1YpF;AA2YI,QAAI,CAAC,OAAO,CAAC,KAAK,SAAS;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,QAAQ,cAAc,KAAK,SAAS,YAAY,KAAK,SAAS;AACpF,UAAM,kBAAkB,QAAQ,cAAc,aAAa;AAC3D,UAAM,OAAO,iBAAiB;AAE9B,QAAI;AAGJ,QAAI,QAAQ,eAAe,4BAA4B,SAAS;AAC9D,6BAAuB,QAAQ;AAAA,IACjC,WAAW,QAAQ,eAAe,4BAA4B,SAAS;AACrE,6BAAuB,QAAQ;AAAA,IACjC;AAGA,QAAI,CAAC,wBAAwB,UAAU,GAAG;AACxC,YAAM,mBAAmB,IAAI,gBAAgB,OAAO,SAAS,MAAM;AACnE,YAAM,wBAAwB,iBAAiB,IAAI,cAAc;AACjE,UAAI,uBAAuB;AACzB,+BAAuB;AAAA,MACzB;AAAA,IACF;AAIA,QAAI,CAAC,wBAAwB,UAAU,GAAG;AACxC,6BACE,OAAO,SAAS,WAAW,OAAO,SAAS,SAAS,OAAO,SAAS;AAAA,IACxE;AAEA,QAAI,wBAAwB,UAAU,GAAG;AACvC,UAAI;AACJ,UAAI;AACF,yBAAiB,KAAK,SAAS,YAC3B,IAAI,IAAI,KAAK,SAAS,WAAW,OAAO,SAAS,MAAM,EAAE,WACzD;AAAA,MACN,QAAQ;AACN,yBAAiB;AAAA,MACnB;AAEA,UAAI;AACJ,UAAI;AACF,yBAAiB,KAAK,SAAS,YAC3B,IAAI,IAAI,KAAK,SAAS,WAAW,OAAO,SAAS,MAAM,EAAE,WACzD,QAAQ,cACN,kBACA;AAAA,MACR,QAAQ;AACN,yBAAiB,QAAQ,cAAc,kBAAkB;AAAA,MAC3D;AAEA,YAAM,oBAAoB,IAAI,IAAI,sBAAsB,OAAO,SAAS,MAAM;AAE9E,UACE,kBAAkB,aAAa,kBAC/B,kBAAkB,aAAa,gBAC/B;AAGA,+BAAuB;AAAA,MACzB;AAAA,IACF;AAEA,UAAM,oBAAoD;AAAA,MACxD;AAAA,MACA,cAAc,IAAI,gBAAgB;AAAA,IACpC;AAEA,QAAI,sBAAsB;AAExB,UAAI,UAAU,GAAG;AACf,cAAM,sBAAsB,IAAI,IAAI,sBAAsB,OAAO,SAAS,MAAM,EAAE;AAClF,gCAAkB,iBAAlB,mBAAgC,IAAI,YAAY;AAAA,MAClD,OAAO;AAGL,gCAAkB,iBAAlB,mBAAgC,IAAI,YAAY;AAAA,MAClD;AAAA,IACF;AAEA,UAAM,iBAAiB,SAAS,mBAAmB;AAAA,MACjD,WAAW;AAAA,MACX,YAAY;AAAA,IACd,CAAC;AAED,QAAI,OAAO,mBAAmB,UAAU;AACtC,cAAQ;AAAA,QACN;AAAA,MACF;AACA,UAAI,UAAU,GAAG;AACf,YAAI;AACF,iBAAO,IAAI,IAAI,MAAM,OAAO,SAAS,MAAM,EAAE;AAAA,QAC/C,QAAQ;AACN,iBAAO;AAAA,QACT;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,6BAA6B,cAAc;AAAA,EACzD;AAAA,EAEA,4BAA4B,MAAc;AACxC,QAAI,CAAC,KAAK,SAAS,iBAAiB;AAClC,aAAO;AAAA,IACT;AACA,WAAO,KAAK,6BAA6B,KAAK,SAAS,eAAe;AAAA,EACxE;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa,EAAE,GAAG,QAAQ,CAAC;AAAA,EACnD;AAAA,EAEO,qBAAqB,CAAC,YAA4C;AACvE,WAAO,KAAK,UAAU,aAAa,EAAE,GAAG,QAAQ,CAAC;AAAA,EACnD;AAAA,EAEA,wBAAwB,CAAC,YAA2B;AAClD,QAAI,CAAC,KAAK,oBAAoB;AAC5B,WAAK,qBAAqB;AAAA,IAC5B;AAAA,EACF;AAAA,EAEA,eAAe,CAAC,YAA0D;AACxE,WAAO;AAAA,MACL,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,QAAQ,MAAY;AAClB,QAAI,KAAK,cAAc;AACrB,iBAAW,YAAY,KAAK,YAAY;AACtC,iBAAS;AAAA,UACP,MAAM,KAAK;AAAA,QACb,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,WAAW,WAAuC;AAChD,QAAI,KAAK,YAAY,WAAW;AAC9B,WAAK,UAAU;AACf,WAAK,gBAAgB,KAAK,WAAW,QAAQ,KAAK,OAAO;AAEzD,UAAI,cAAc,SAAS;AACzB,aAAK,gBAAgB,KAAK,WAAW,QAAQ,OAAO;AAAA,MACtD;AAAA,IACF;AAAA,EACF;AAAA,EAEA,kBAAkB,MAAM;AACtB,UAAM,kBAAkB,KAAK,SAAS,eAAe;AAErD,YAAQ,iBAAiB;AAAA,MACvB,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AACH,eAAO;AAAA,MACT,KAAK;AAAA,MACL;AACE,eAAO;AAAA,IACX;AAAA,EACF;AAAA,EAEA,gBAAgB,MAA0B;AACxC,QAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,WAAO,QAAQ,IAAI;AAAA,EACrB;AAAA,EAEA,qBAAqB,MAAY;AAC/B,UAAM,OAAO,KAAK,cAAc;AAChC,UAAM,QAAQ,KAAK,kBAAkB;AACrC,UAAM,oBAAoB,SAAS,CAAC,CAAC;AACrC,QAAI,CAAC,qBAAqB,CAAC,MAAM;AAC/B;AAAA,IACF;AAEA,UAAM,cAAc,KAAK,WAAW,MAAM,IAAI,OAAO,UAAU,IAAI;AAEnE,QAAI;AAEF,0BAAoB,KAAK,MAAM,aAAa,EAAE,iBAAiB,KAAK,CAAC;AACrE,cAAQ,KAAK,oDAAoD,WAAW,EAAE;AAAA,IAChF,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAAA,IACjF;AAAA,EACF;AACF;","names":[]}