@tern-secure/backend 1.2.0-canary.v20251008165428 → 1.2.0-canary.v20251020032343

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/admin/index.js +8 -8
  2. package/dist/admin/index.js.map +1 -1
  3. package/dist/admin/index.mjs +8 -8
  4. package/dist/admin/index.mjs.map +1 -1
  5. package/dist/admin/nextSessionTernSecure.d.ts.map +1 -1
  6. package/dist/auth/getauth.d.ts +2 -1
  7. package/dist/auth/getauth.d.ts.map +1 -1
  8. package/dist/auth/index.js +15 -0
  9. package/dist/auth/index.js.map +1 -1
  10. package/dist/auth/index.mjs +2 -2
  11. package/dist/{chunk-SVZUAXAW.mjs → chunk-5AP2WM3W.mjs} +1 -1
  12. package/dist/chunk-5AP2WM3W.mjs.map +1 -0
  13. package/dist/{chunk-YGNTGJTP.mjs → chunk-ZLFJV4IK.mjs} +17 -2
  14. package/dist/chunk-ZLFJV4IK.mjs.map +1 -0
  15. package/dist/fireRestApi/createFireApi.d.ts +2 -1
  16. package/dist/fireRestApi/createFireApi.d.ts.map +1 -1
  17. package/dist/fireRestApi/endpointUrl.d.ts +2 -0
  18. package/dist/fireRestApi/endpointUrl.d.ts.map +1 -1
  19. package/dist/fireRestApi/endpoints/UserData.d.ts +14 -0
  20. package/dist/fireRestApi/endpoints/UserData.d.ts.map +1 -0
  21. package/dist/fireRestApi/endpoints/index.d.ts +1 -0
  22. package/dist/fireRestApi/endpoints/index.d.ts.map +1 -1
  23. package/dist/fireRestApi/request.d.ts +1 -1
  24. package/dist/fireRestApi/request.d.ts.map +1 -1
  25. package/dist/fireRestApi/resources/JSON.d.ts +19 -0
  26. package/dist/fireRestApi/resources/JSON.d.ts.map +1 -1
  27. package/dist/fireRestApi/resources/User.d.ts +8 -0
  28. package/dist/fireRestApi/resources/User.d.ts.map +1 -0
  29. package/dist/index.js +42 -2
  30. package/dist/index.js.map +1 -1
  31. package/dist/index.mjs +29 -4
  32. package/dist/index.mjs.map +1 -1
  33. package/dist/jwt/index.js.map +1 -1
  34. package/dist/jwt/index.mjs +1 -1
  35. package/dist/jwt/verifyJwt.d.ts.map +1 -1
  36. package/dist/tokens/authstate.d.ts +1 -0
  37. package/dist/tokens/authstate.d.ts.map +1 -1
  38. package/dist/tokens/types.d.ts +2 -1
  39. package/dist/tokens/types.d.ts.map +1 -1
  40. package/dist/tokens/verify.d.ts +2 -2
  41. package/dist/tokens/verify.d.ts.map +1 -1
  42. package/package.json +3 -3
  43. package/dist/chunk-SVZUAXAW.mjs.map +0 -1
  44. package/dist/chunk-YGNTGJTP.mjs.map +0 -1
package/dist/index.mjs CHANGED
@@ -4,7 +4,7 @@ import {
4
4
  import {
5
5
  getAuth,
6
6
  verifyToken
7
- } from "./chunk-YGNTGJTP.mjs";
7
+ } from "./chunk-ZLFJV4IK.mjs";
8
8
  import {
9
9
  constants
10
10
  } from "./chunk-VSYYHCUV.mjs";
@@ -13,7 +13,7 @@ import {
13
13
  TokenVerificationError,
14
14
  TokenVerificationErrorReason,
15
15
  mapJwtPayloadToDecodedIdToken
16
- } from "./chunk-SVZUAXAW.mjs";
16
+ } from "./chunk-5AP2WM3W.mjs";
17
17
 
18
18
  // src/tokens/authstate.ts
19
19
  var AuthStatus = {
@@ -70,6 +70,7 @@ function signedOutAuthObject() {
70
70
  return {
71
71
  sessionClaims: null,
72
72
  userId: null,
73
+ token: null,
73
74
  require: () => false,
74
75
  error: "No active session"
75
76
  };
@@ -253,6 +254,25 @@ var TokenApi = class extends AbstractAPI {
253
254
  }
254
255
  };
255
256
 
257
+ // src/fireRestApi/endpoints/UserData.ts
258
+ var UserData = class extends AbstractAPI {
259
+ async getUserData(apiKey, params, options) {
260
+ this.requireApiKey(apiKey);
261
+ const { ...restParams } = params;
262
+ const headers = {};
263
+ if (options?.referer) {
264
+ headers["Referer"] = options.referer;
265
+ }
266
+ return this.request({
267
+ endpoint: "lookup",
268
+ method: "POST",
269
+ apiKey,
270
+ bodyParams: restParams,
271
+ headerParams: headers
272
+ });
273
+ }
274
+ };
275
+
256
276
  // src/runtime.ts
257
277
  import { webcrypto as crypto } from "#crypto";
258
278
  var globalFetch = fetch.bind(globalThis);
@@ -280,6 +300,9 @@ function useEmulator() {
280
300
  }
281
301
 
282
302
  // src/fireRestApi/endpointUrl.ts
303
+ var lookupEndpoint = (apiKey) => {
304
+ return `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${apiKey}`;
305
+ };
283
306
  var getRefreshTokenEndpoint = (apiKey) => {
284
307
  return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;
285
308
  };
@@ -310,7 +333,8 @@ var FIREBASE_ENDPOINT_MAP = {
310
333
  signUp: signUpEndpoint,
311
334
  signInWithCustomToken: getCustomTokenEndpoint,
312
335
  passwordReset: passwordResetEndpoint,
313
- sendOobCode: signInWithPassword
336
+ sendOobCode: signInWithPassword,
337
+ lookup: lookupEndpoint
314
338
  };
315
339
  function createRequest(options) {
316
340
  const requestFn = async (requestOptions) => {
@@ -444,7 +468,8 @@ function createFireApi(options) {
444
468
  password: new PasswordApi(request),
445
469
  signIn: new SignInTokenApi(request),
446
470
  signUp: new SignUpApi(request),
447
- tokens: new TokenApi(request)
471
+ tokens: new TokenApi(request),
472
+ userData: new UserData(request)
448
473
  };
449
474
  }
450
475
 
package/dist/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/tokens/authstate.ts","../src/fireRestApi/endpoints/AbstractApi.ts","../src/fireRestApi/endpoints/EmailApi.ts","../src/fireRestApi/endpoints/PasswordApi.ts","../src/fireRestApi/endpoints/SignInTokenApi.ts","../src/fireRestApi/endpoints/SignUpApi.ts","../src/fireRestApi/endpoints/TokenApi.ts","../src/runtime.ts","../src/fireRestApi/emulator.ts","../src/fireRestApi/endpointUrl.ts","../src/fireRestApi/request.ts","../src/fireRestApi/createFireApi.ts","../src/utils/options.ts","../src/tokens/c-authenticateRequestProcessor.ts","../src/tokens/cookie.ts","../src/tokens/request.ts","../src/instance/backendInstanceEdge.ts","../src/tokens/requestFire.ts","../src/instance/backendFireInstance.ts","../src/utils/logger.ts","../src/utils/enableDebugLogging.ts","../src/adapters/PostgresAdapter.ts","../src/adapters/RedisAdapter.ts","../src/adapters/index.ts"],"sourcesContent":["import type { CheckAuthorizationFromSessionClaims, DecodedIdToken } from '@tern-secure/types';\nimport type { JWTPayload } from 'jose';\n\nimport { constants } from '../constants';\nimport type { TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport type { TernSecureRequest } from './ternSecureRequest';\n\nexport const AuthStatus = {\n SignedIn: 'signed-in',\n SignedOut: 'signed-out',\n} as const;\n\nexport type AuthStatus = (typeof AuthStatus)[keyof typeof AuthStatus];\n\nexport const AuthErrorReason = {\n SessionTokenAndUATMissing: 'session-token-and-uat-missing',\n SessionTokenMissing: 'session-token-missing',\n SessionTokenExpired: 'session-token-expired',\n SessionTokenIATBeforeClientUAT: 'session-token-iat-before-client-uat',\n SessionTokenNBF: 'session-token-nbf',\n SessionTokenIatInTheFuture: 'session-token-iat-in-the-future',\n ActiveOrganizationMismatch: 'active-organization-mismatch',\n UnexpectedError: 'unexpected-error',\n} as const;\n\nexport type AuthErrorReason = (typeof AuthErrorReason)[keyof typeof AuthErrorReason];\n\nexport type AuthReason = AuthErrorReason | TokenVerificationErrorReason;\n\nexport type SignedInAuthObject = {\n sessionClaims: DecodedIdToken;\n userId: string;\n token: string;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedOutAuthObject = {\n sessionClaims: null;\n userId: null;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedInState = {\n status: typeof AuthStatus.SignedIn;\n reason: null;\n isSignedIn: true;\n auth: () => SignedInAuthObject;\n token: string;\n headers: Headers;\n};\n\nexport type SignedOutState = {\n status: typeof AuthStatus.SignedOut;\n reason: string;\n isSignedIn: false;\n auth: () => SignedOutAuthObject;\n token: null;\n headers: Headers;\n};\n\nexport type RequestState = SignedInState | SignedOutState;\n\nexport interface BackendInstance {\n ternSecureRequest: TernSecureRequest;\n requestState: RequestState;\n}\n\nexport type AuthObject = SignedInAuthObject | SignedOutAuthObject;\n\nfunction createHasAuthorization(\n decodedIdToken: DecodedIdToken,\n): CheckAuthorizationFromSessionClaims {\n return (authorizationParams: any) => {\n if (\n !authorizationParams ||\n typeof authorizationParams !== 'object' ||\n Array.isArray(authorizationParams)\n ) {\n return false;\n }\n const claims = decodedIdToken as Record<string, any>;\n\n return Object.entries(authorizationParams).every(([key, value]) => {\n const claimValue = claims[key];\n if (typeof claimValue === 'undefined') {\n return false;\n }\n if (Array.isArray(value)) {\n if (Array.isArray(claimValue)) {\n return value.some(v => claimValue.includes(v));\n }\n return value.includes(claimValue);\n }\n\n if (Array.isArray(claimValue)) {\n return claimValue.includes(value);\n }\n return claimValue === value;\n });\n };\n}\n\nexport function signedInAuthObject(\n sessionToken: string,\n sessionClaims: JWTPayload,\n): SignedInAuthObject {\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(sessionClaims);\n return {\n sessionClaims: {\n ...decodedIdToken,\n },\n userId: decodedIdToken.uid,\n token: sessionToken,\n require: createHasAuthorization(decodedIdToken),\n error: null,\n };\n}\n\nexport function signedOutAuthObject(): SignedOutAuthObject {\n return {\n sessionClaims: null,\n userId: null,\n require: () => false,\n error: 'No active session',\n };\n}\n\nexport function signedIn(\n sessionClaims: JWTPayload,\n headers: Headers = new Headers(),\n token: string,\n): SignedInState {\n const authObject = signedInAuthObject(token, sessionClaims);\n return {\n status: AuthStatus.SignedIn,\n reason: null,\n isSignedIn: true,\n auth: () => authObject,\n token,\n headers,\n };\n}\n\nexport function signedOut(\n reason: AuthReason,\n message = '',\n headers: Headers = new Headers(),\n): SignedOutState {\n return decorateHeaders({\n status: AuthStatus.SignedOut,\n reason,\n message,\n isSignedIn: false,\n auth: () => signedOutAuthObject(),\n token: null,\n headers,\n });\n}\n\nconst decorateHeaders = <T extends RequestState>(requestState: T): T => {\n const headers = new Headers(requestState.headers || {});\n if (requestState.reason) {\n try {\n headers.set(constants.Headers.AuthReason, requestState.reason);\n } catch {\n // Ignore errors\n }\n }\n\n if (requestState.status) {\n try {\n headers.set(constants.Headers.AuthStatus, requestState.status);\n } catch {\n // Ignore errors\n }\n }\n requestState.headers = headers;\n return requestState;\n};\n","import type { RequestFunction } from '../request';\n\nexport abstract class AbstractAPI {\n constructor(protected request: RequestFunction) {}\n\n protected requireApiKey(apiKey: string) {\n if (!apiKey) {\n throw new Error('A valid API key is required.');\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype sendEmailVerificationParams = {\n idToken: string;\n requestType: 'VERIFY_EMAIL';\n};\n\ntype ConfirmEmailVerificationParams = {\n oobCode: string;\n};\n\n\nexport class EmailApi extends AbstractAPI {\n public async verifyEmailVerification(apiKey: string, params: sendEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmEmailVerification(apiKey: string, params: ConfirmEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype ConfirmPasswordResetParams = {\n oobCode: string;\n newPassword: string;\n};\n\ntype VerifyPasswordResetCodeParams = {\n oobCode: string;\n};\n\ntype ChangePasswordParams = {\n idToken: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\nexport class PasswordApi extends AbstractAPI {\n public async verifyPasswordResetCode(apiKey: string, params: VerifyPasswordResetCodeParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmPasswordReset(apiKey: string, params: ConfirmPasswordResetParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async changePassword(apiKey: string, params: ChangePasswordParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\n\ntype CreateSignInTokenParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\nexport class SignInTokenApi extends AbstractAPI {\n public async createCustomToken(\n apiKey: string,\n params: CreateSignInTokenParams,\n ): Promise<IdAndRefreshTokens> {\n try {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const response = await this.request<IdAndRefreshTokens>({\n endpoint: \"signInWithCustomToken\",\n method: 'POST',\n bodyParams: restParams,\n });\n\n if (response.errors) {\n const errorMessage = response.errors[0]?.message || 'Failed to create custom token';\n throw new Error(errorMessage);\n }\n\n return response.data;\n } catch (error) {\n const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : 'Unknown error'}`;\n throw new Error(contextualMessage);\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype CreateSignUpTokenParams = {\n email: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\n\nexport class SignUpApi extends AbstractAPI {\n public async createCustomToken(apiKey: string, params: CreateSignUpTokenParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"signUp\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n}\n","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\ntype RefreshTokenParams = {\n expired_token?: string;\n refresh_token: string;\n request_origin?: string;\n request_originating_ip?: string;\n request_headers?: Record<string, string[]>;\n suffixed_cookies?: boolean;\n format?: 'token' | 'cookie';\n};\n\ntype IdAndRefreshTokensParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\ntype IdAndRefreshTokensOptions = {\n referer?: string;\n};\n\nexport class TokenApi extends AbstractAPI {\n public async refreshToken(apiKey: string, params: RefreshTokenParams) {\n this.requireApiKey(apiKey);\n const { refresh_token, request_origin, ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (request_origin) {\n headers['Referer'] = request_origin;\n }\n\n const bodyParams = {\n grant_type: 'refresh_token',\n refresh_token,\n ...restParams,\n };\n\n return this.request({\n endpoint: 'refreshToken',\n method: 'POST',\n apiKey,\n bodyParams,\n headerParams: headers,\n });\n }\n\n public async exchangeCustomForIdAndRefreshTokens(\n apiKey: string,\n params: IdAndRefreshTokensParams,\n options?: IdAndRefreshTokensOptions,\n ) {\n this.requireApiKey(apiKey);\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n\n return this.request<IdAndRefreshTokens>({\n endpoint: 'signInWithCustomToken',\n method: 'POST',\n apiKey,\n bodyParams: params,\n headerParams: headers,\n });\n }\n}\n","/**\n * This file exports APIs that vary across runtimes (i.e. Node & Browser - V8 isolates)\n * as a singleton object.\n *\n * Runtime polyfills are written in VanillaJS for now to avoid TS complication. Moreover,\n * due to this issue https://github.com/microsoft/TypeScript/issues/44848, there is not a good way\n * to tell Typescript which conditional import to use during build type.\n *\n * The Runtime type definition ensures type safety for now.\n * Runtime js modules are copied into dist folder with bash script.\n *\n * TODO: Support TS runtime modules\n */\n\n// @ts-ignore - These are package subpaths\nimport { webcrypto as crypto } from '#crypto';\n\ntype Runtime = {\n crypto: Crypto;\n fetch: typeof globalThis.fetch;\n AbortController: typeof globalThis.AbortController;\n Blob: typeof globalThis.Blob;\n FormData: typeof globalThis.FormData;\n Headers: typeof globalThis.Headers;\n Request: typeof globalThis.Request;\n Response: typeof globalThis.Response;\n};\n\n// Invoking the global.fetch without binding it first to the globalObject fails in\n// Cloudflare Workers with an \"Illegal Invocation\" error.\n//\n// The globalThis object is supported for Node >= 12.0.\n//\n// https://github.com/supabase/supabase/issues/4417\nconst globalFetch = fetch.bind(globalThis);\n\nexport const runtime: Runtime = {\n crypto,\n get fetch() {\n // We need to use the globalFetch for Cloudflare Workers but the fetch for testing\n return process.env.NODE_ENV === 'test' ? fetch : globalFetch;\n },\n AbortController: globalThis.AbortController,\n Blob: globalThis.Blob,\n FormData: globalThis.FormData,\n Headers: globalThis.Headers,\n Request: globalThis.Request,\n Response: globalThis.Response,\n};\n","export const FIREBASE_AUTH_EMULATOR_HOST = process.env.FIREBASE_AUTH_EMULATOR_HOST;\n\nexport function emulatorHost(): string | undefined {\n if (typeof process === 'undefined') return undefined;\n return FIREBASE_AUTH_EMULATOR_HOST;\n}\n\nexport function useEmulator(): boolean {\n return !!emulatorHost();\n}\n","import { FIREBASE_AUTH_EMULATOR_HOST, useEmulator } from './emulator';\n\nexport const getRefreshTokenEndpoint = (apiKey: string) => {\n return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;\n};\n\nexport const signInWithPassword = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${apiKey}`;\n};\n\nexport const signUpEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;\n};\n\nexport const getCustomTokenEndpoint = (apiKey: string) => {\n if (useEmulator() && FIREBASE_AUTH_EMULATOR_HOST) {\n let protocol = 'http://';\n if (FIREBASE_AUTH_EMULATOR_HOST.startsWith('http://')) {\n protocol = '';\n }\n\n return `${protocol}${FIREBASE_AUTH_EMULATOR_HOST}/identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n }\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n};\n\nexport const passwordResetEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:resetPassword?key=${apiKey}`;\n};\n","import type {\n TernSecureFireRestError,\n TernSecureFireRestErrorJSON,\n} from \"@tern-secure/types\";\n\nimport { constants } from \"../constants\";\nimport { runtime } from \"../runtime\";\nimport {\n getCustomTokenEndpoint,\n getRefreshTokenEndpoint,\n passwordResetEndpoint,\n signInWithPassword,\n signUpEndpoint,\n} from \"./endpointUrl\";\n\nexport type HTTPMethod = \"DELETE\" | \"GET\" | \"PATCH\" | \"POST\" | \"PUT\";\nexport type FirebaseEndpoint =\n | \"refreshToken\"\n | \"signInWithPassword\"\n | \"signUp\"\n | \"signInWithCustomToken\"\n | \"passwordReset\"\n | \"sendOobCode\"\n\nexport type BackendApiRequestOptions = {\n endpoint: FirebaseEndpoint;\n method?: HTTPMethod;\n apiKey?: string;\n queryParams?: Record<string, unknown>;\n headerParams?: Record<string, string>;\n bodyParams?: Record<string, unknown>;\n formData?: FormData;\n}\n\nexport type BackendApiResponse<T> =\n | {\n data: T;\n errors: null;\n totalCount?: number;\n }\n | {\n data: null;\n errors: TernSecureFireRestError[];\n totalCount?: never;\n status?: number;\n statusText?: string;\n retryAfter?: number;\n };\n\nexport type RequestFunction = ReturnType<typeof createRequest>;\n\ntype CreateRequestOptions = {\n apiKey?: string;\n apiUrl?: string;\n apiVersion?: string;\n};\n\nconst FIREBASE_ENDPOINT_MAP: Record<FirebaseEndpoint, (apiKey: string) => string> = {\n refreshToken: getRefreshTokenEndpoint,\n signInWithPassword: signInWithPassword,\n signUp: signUpEndpoint,\n signInWithCustomToken: getCustomTokenEndpoint,\n passwordReset: passwordResetEndpoint,\n sendOobCode: signInWithPassword,\n};\n\n\nexport function createRequest(options: CreateRequestOptions) {\n const requestFn = async <T>(\n requestOptions: BackendApiRequestOptions\n ): Promise<BackendApiResponse<T>> => {\n const { endpoint, method, apiKey, queryParams, headerParams, bodyParams, formData } =\n requestOptions;\n\n\n if (!apiKey) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"invalid_parameter\",\n message: \"Firebase API key is required\",\n code: \"400\",\n },\n ],\n };\n }\n\n const endpointUrl = FIREBASE_ENDPOINT_MAP[endpoint](apiKey);\n const finalUrl = new URL(endpointUrl);\n\n if (queryParams) {\n Object.entries(queryParams).forEach(([key, value]) => {\n if (value) {\n [value].flat().forEach(v => finalUrl.searchParams.append(key, v as string));\n }\n });\n }\n\n const headers: Record<string, any> = {\n ...headerParams,\n };\n let res: Response | undefined;\n\n try {\n if (formData) {\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n body: formData,\n });\n } else {\n headers[\"Content-Type\"] = \"application/json\";\n const hasBody =\n method !== \"GET\" && bodyParams && Object.keys(bodyParams).length > 0;\n const body = hasBody ? { body: JSON.stringify(bodyParams) } : null;\n\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n ...body,\n });\n }\n\n const isJSONResponse =\n res?.headers &&\n res.headers?.get(constants.Headers.ContentType) ===\n constants.ContentTypes.Json;\n const responseBody = await (isJSONResponse ? res.json() : res.text());\n\n\n if (!res.ok) {\n return {\n data: null,\n errors: parseErrors(responseBody),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n\n return {\n data: responseBody,\n errors: null,\n };\n } catch (error) {\n if (error instanceof Error) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"request_failed\",\n message: error.message || \"An unexpected error occurred\",\n code: \"500\",\n },\n ],\n };\n }\n\n return {\n data: null,\n errors: parseErrors(error),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n };\n return requestFn;\n}\n\nfunction parseErrors(data: unknown): TernSecureFireRestError[] {\n let parsedData = data;\n if (typeof data === \"string\") {\n try {\n parsedData = JSON.parse(data);\n } catch (error) {\n return [];\n }\n }\n\n if (!parsedData || typeof parsedData !== \"object\") {\n return [];\n }\n\n if (\"error\" in parsedData && typeof parsedData.error === \"object\" && parsedData.error !== null) {\n const errorObj = parsedData.error as any;\n\n if (\"errors\" in errorObj && Array.isArray(errorObj.errors) && errorObj.errors.length > 0) {\n return errorObj.errors.map((err: any) => parseError({\n code: errorObj.code || \"unknown_error\", \n message: err.message || \"Unknown error\",\n domain: err.domain,\n reason: err.reason\n }));\n }\n\n // Fallback: create single error from main error object\n return [parseError({\n code: errorObj.code?.toString() || \"unknown_error\",\n message: errorObj.message || \"Unknown error\",\n domain: errorObj.domain || \"unknown\",\n reason: errorObj.reason || errorObj.code?.toString() || \"unknown_error\"\n })];\n }\n\n return [];\n}\n\nexport function parseError(error: TernSecureFireRestErrorJSON): TernSecureFireRestError {\n return {\n domain: error.domain,\n reason: error.reason,\n message: error.message,\n code: error.code\n };\n}\n","import { EmailApi, PasswordApi, SignInTokenApi, SignUpApi, TokenApi } from './endpoints';\nimport { createRequest } from './request';\n\nexport type CreateFireApiOptions = Parameters<typeof createRequest>[0];\nexport type ApiClient = ReturnType<typeof createFireApi>;\n\nexport function createFireApi(options: CreateFireApiOptions) {\n const request = createRequest(options);\n return {\n email: new EmailApi(request),\n password: new PasswordApi(request),\n signIn: new SignInTokenApi(request),\n signUp: new SignUpApi(request),\n tokens: new TokenApi(request),\n };\n}\n","import type { AuthenticateRequestOptions} from \"../tokens/types\";\n\nexport type RuntimeOptions = Omit<AuthenticateRequestOptions, \"apiUrl\">;\n\nexport type buildTimeOptions = Partial<Pick<AuthenticateRequestOptions, \"apiKey\" | \"apiUrl\" | \"apiVersion\">>;\n\nconst defaultOptions: buildTimeOptions = {\n apiKey: undefined,\n apiUrl: undefined,\n apiVersion: undefined,\n};\n\nexport function mergePreDefinedOptions(\n userOptions: buildTimeOptions = {}\n): buildTimeOptions {\n return {\n ...defaultOptions,\n ...userOptions,\n };\n}","import type { AuthEndpoint, SessionSubEndpoint } from '@tern-secure/types';\n\nimport { constants } from '../constants';\nimport type { TernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types'; \n\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends AuthenticateRequestOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n idTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n sessionTokenInCookie?: string | undefined;\n customTokenInCookie?: string | undefined;\n\n method: string;\n pathSegments: string[];\n endpoint?: AuthEndpoint;\n subEndpoint?: SessionSubEndpoint;\n\n ternUrl: URL;\n instanceType: string;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: AuthenticateRequestOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.initUrlValues();\n Object.assign(this, options);\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n public get request(): TernSecureRequest {\n return this.ternSecureRequest;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n const isProduction = process.env.NODE_ENV === 'production';\n const defaultPrefix = isProduction ? '__HOST-' : '__dev_';\n this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);\n\n // System-fixed cookies using backend constants\n this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);\n this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);\n }\n\n private initUrlValues() {\n this.method = this.ternSecureRequest.method;\n this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split('/').filter(Boolean);\n this.endpoint = this.pathSegments[2] as AuthEndpoint;\n this.subEndpoint = this.pathSegments[3] as SessionSubEndpoint;\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = (\n ternSecureRequest: TernSecureRequest,\n options: AuthenticateRequestOptions,\n): RequestProcessorContext => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n","import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nexport const getCookieName = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[0];\n};\n\nexport const getCookieValue = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[1];\n};\n\nexport { getCookieNameEnvironment, getCookiePrefix };","import type { DecodedIdToken } from '@tern-secure/types';\n\nimport { getAuth } from '../auth';\nimport { constants } from '../constants';\nimport type { ApiClient } from '../fireRestApi';\nimport type { TokenCarrier } from '../utils/errors';\nimport {\n RefreshTokenErrorReason,\n TokenVerificationError,\n TokenVerificationErrorReason,\n} from '../utils/errors';\nimport {\n type buildTimeOptions,\n mergePreDefinedOptions,\n type RuntimeOptions,\n} from '../utils/options';\nimport type { RequestState, SignedInState, SignedOutState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport { createRequestProcessor } from './c-authenticateRequestProcessor';\nimport { getCookieNameEnvironment, getCookiePrefix } from './cookie';\nimport { createTernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types';\nimport { verifyToken } from './verify';\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nfunction isRequestForRefresh(\n error: TokenVerificationError,\n context: { refreshTokenInCookie?: string },\n request: Request,\n) {\n return (\n error.reason === TokenVerificationErrorReason.TokenExpired &&\n !!context.refreshTokenInCookie &&\n request.method === 'GET'\n );\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateRequestOptions,\n): Promise<RequestState> {\n const context = createRequestProcessor(createTernSecureRequest(request), options);\n const { refreshTokenInCookie } = context;\n\n const { refreshExpiredIdToken } = getAuth(options);\n\n async function refreshToken() {\n if (!refreshTokenInCookie) {\n return {\n data: null,\n error: {\n message: 'No refresh token available',\n reason: AuthErrorReason.SessionTokenMissing,\n },\n };\n }\n return await refreshExpiredIdToken(refreshTokenInCookie, {\n referer: context.ternUrl.origin,\n });\n }\n\n async function handleRefresh(): Promise<\n | { data: { decoded: DecodedIdToken; token: string; headers: Headers }; error: null }\n | { data: null; error: any }\n > {\n const { data: refreshedData, error } = await refreshToken();\n if (!refreshedData) {\n return { data: null, error };\n }\n\n const headers = new Headers();\n const { idToken } = refreshedData;\n\n const maxAge = 3600;\n const cookiePrefix = getCookiePrefix();\n const idTokenCookieName = getCookieNameEnvironment(constants.Cookies.IdToken, cookiePrefix);\n const baseCookieAttributes = 'HttpOnly; Secure; SameSite=Strict; Path=/';\n\n const idTokenCookie = `${idTokenCookieName}=${idToken}; ${baseCookieAttributes};`;\n headers.append('Set-Cookie', idTokenCookie);\n\n const { data: decoded, errors } = await verifyToken(idToken, options);\n if (errors) {\n return {\n data: null,\n error: errors ? errors[0] : new Error('Failed to verify refreshed token'),\n };\n }\n return { data: { decoded, token: idToken, headers }, error: null };\n }\n\n async function authenticateRequestWithTokenInCookie() {\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(context.idTokenInCookie!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(data, undefined, context.idTokenInCookie!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'cookie');\n }\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const { sessionTokenInHeader } = context;\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(sessionTokenInHeader!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(data, undefined, sessionTokenInHeader!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'header');\n }\n }\n\n async function handleError(\n err: unknown,\n tokenCarrier: TokenCarrier,\n ): Promise<SignedInState | SignedOutState> {\n if (!(err instanceof TokenVerificationError)) {\n return signedOut(AuthErrorReason.UnexpectedError);\n }\n\n let refreshError: string | null;\n if (isRequestForRefresh(err, context, request)) {\n const { data, error } = await handleRefresh();\n if (data) {\n return signedIn(data.decoded, data.headers, data.token);\n }\n\n if (error?.cause?.reason) {\n refreshError = error.cause.reason;\n }\n } else {\n if (request.method !== 'GET') {\n refreshError = RefreshTokenErrorReason.NonEligibleNonGet;\n } else if (!context.refreshTokenInCookie) {\n refreshError = RefreshTokenErrorReason.NonEligibleNoCookie;\n } else {\n refreshError = null;\n }\n }\n\n err.tokenCarrier = tokenCarrier;\n\n return signedOut(err.reason, err.getFullMessage());\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n\n/**\n * @internal\n */\nexport type CreateAuthenticateRequestOptions = {\n options: buildTimeOptions;\n apiClient: ApiClient;\n};\n\nexport function createAuthenticateRequest(params: CreateAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(params.options);\n const apiClient = params.apiClient;\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const { apiUrl } = buildTimeOptions;\n return authenticateRequest(request, { ...options, apiUrl, apiClient });\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}\n","import type { ApiClient,CreateFireApiOptions} from \"../fireRestApi\";\r\nimport { createFireApi } from \"../fireRestApi\";\r\nimport type { RequestState } from \"../tokens/authstate\";\r\nimport type { CreateAuthenticateRequestOptions } from \"../tokens/request\";\r\nimport { createAuthenticateRequest } from \"../tokens/request\";\r\nimport type {\r\n TernSecureRequest,\r\n} from \"../tokens/ternSecureRequest\";\r\n\r\nexport type TernSecureBackendOptions = CreateFireApiOptions & CreateAuthenticateRequestOptions['options'];\r\n\r\nexport type TernSecureBackendClient = ApiClient & ReturnType<typeof createAuthenticateRequest>;\r\n\r\nexport interface BackendInstance {\r\n ternSecureRequest: TernSecureRequest;\r\n requestState: RequestState;\r\n}\r\n\r\nexport function createBackendInstanceClient(options: TernSecureBackendOptions): TernSecureBackendClient {\r\n const opts = { ...options };\r\n const apiClient = createFireApi(opts);\r\n const requestState = createAuthenticateRequest({options: opts, apiClient});\r\n\r\n return {\r\n ...apiClient,\r\n ...requestState,\r\n };\r\n}\r\n","import type { RequestState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport type { AuthenticateFireRequestOptions, } from './types';\nimport { verifyToken } from './verify';\n\ntype RuntimeOptions = Omit<AuthenticateFireRequestOptions, 'firebaseConfig'>;\n\ntype FirebaseOptions = Partial<Pick<AuthenticateFireRequestOptions, 'firebaseConfig'>>;\n\nconst defaultFirebaseOptions = {\n apiKey: '',\n authDomain: '',\n projectId: '',\n tenantId: undefined,\n} as FirebaseOptions;\n\nexport function mergePreDefinedOptions<T extends Record<string, any>>(\n preDefinedOptions: T,\n options: Partial<T>,\n): T {\n return Object.keys(preDefinedOptions).reduce(\n (obj: T, key: string) => {\n return { ...obj, [key]: options[key] || obj[key] };\n },\n { ...preDefinedOptions },\n );\n}\n\nconst BEARER_PREFIX = 'Bearer ';\nconst AUTH_COOKIE_NAME = '_session_cookie';\n\nfunction extractTokenFromHeader(request: Request): string | null {\n const authHeader = request.headers.get('Authorization');\n\n if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {\n return null;\n }\n\n return authHeader.slice(BEARER_PREFIX.length);\n}\n\nfunction extractTokenFromCookie(request: Request): string | null {\n const cookieHeader = request.headers.get('Cookie') || undefined;\n\n if (!cookieHeader) {\n return null;\n }\n\n const cookies = cookieHeader.split(';').reduce(\n (acc, cookie) => {\n const [name, value] = cookie.trim().split('=');\n acc[name] = value;\n return acc;\n },\n {} as Record<string, string>,\n );\n\n return cookies[AUTH_COOKIE_NAME] || null;\n}\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateFireRequestOptions,\n): Promise<RequestState> {\n async function authenticateRequestWithTokenInCookie() {\n const token = extractTokenFromCookie(request);\n if (!token) {\n return signedOut(AuthErrorReason.SessionTokenMissing);\n }\n const { data, errors } = await verifyToken(token, options);\n\n if (errors) {\n throw errors[0];\n }\n\n const signedInRequestState = signedIn(data, undefined, token);\n return signedInRequestState;\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const token = extractTokenFromHeader(request);\n if (!token) {\n return signedOut(AuthErrorReason.SessionTokenMissing);\n }\n\n const { data, errors } = await verifyToken(token, options);\n\n if (errors) {\n throw errors[0];\n }\n\n const signedInRequestState = signedIn(data, undefined, token);\n return signedInRequestState;\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n\n/**\n * @internal\n */\nexport type CreateFireAuthenticateRequestOptions = {\n options: FirebaseOptions;\n};\n\nexport function createFireAuthenticateRequest(params: CreateFireAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(defaultFirebaseOptions, params.options);\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const runtimeOptions = { ...buildTimeOptions, ...options };\n return authenticateRequest(request, runtimeOptions);\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}\n","import type { ApiClient, CreateFireApiOptions } from '../fireRestApi';\nimport { createFireApi } from '../fireRestApi';\nimport type { CreateFireAuthenticateRequestOptions } from '../tokens/requestFire';\nimport { createFireAuthenticateRequest } from '../tokens/requestFire';\n\nexport type TernSecureFireOptions = CreateFireApiOptions &\n CreateFireAuthenticateRequestOptions['options'];\n\nexport type TernSecureFireClient = ApiClient & ReturnType<typeof createFireAuthenticateRequest>;\n\nexport function createFireClient(options: TernSecureFireOptions): TernSecureFireClient {\n const opts = { ...options };\n const apiClient = createFireApi(opts);\n const requestState = createFireAuthenticateRequest({ options: opts });\n\n return {\n ...apiClient,\n ...requestState,\n };\n}\n","export enum LogLevel {\n ERROR = 0,\n WARN = 1,\n INFO = 2,\n DEBUG = 3,\n}\n\nexport interface LoggerOptions {\n enabled: boolean\n level: LogLevel\n prefix: string\n}\n\nexport class Logger {\n private options: LoggerOptions\n\n constructor(options: Partial<LoggerOptions> = {}) {\n this.options = {\n enabled: false,\n level: LogLevel.INFO,\n prefix: '[TernSecure-Backend]',\n ...options,\n }\n }\n\n enable(): void {\n this.options.enabled = true\n }\n\n disable(): void {\n this.options.enabled = false\n }\n\n setLevel(level: LogLevel): void {\n this.options.level = level\n }\n\n setPrefix(prefix: string): void {\n this.options.prefix = prefix\n }\n\n private log(level: LogLevel, levelName: string, message: string, ...args: any[]): void {\n if (!this.options.enabled || level > this.options.level) {\n return\n }\n\n const timestamp = new Date().toISOString()\n const formattedMessage = `${timestamp} ${this.options.prefix} [${levelName}] ${message}`\n \n switch (level) {\n case LogLevel.ERROR:\n console.error(formattedMessage, ...args)\n break\n case LogLevel.WARN:\n console.warn(formattedMessage, ...args)\n break\n case LogLevel.INFO:\n console.info(formattedMessage, ...args)\n break\n case LogLevel.DEBUG:\n console.debug(formattedMessage, ...args)\n break\n }\n }\n\n error(message: string, ...args: any[]): void {\n this.log(LogLevel.ERROR, 'ERROR', message, ...args)\n }\n\n warn(message: string, ...args: any[]): void {\n this.log(LogLevel.WARN, 'WARN', message, ...args)\n }\n\n info(message: string, ...args: any[]): void {\n this.log(LogLevel.INFO, 'INFO', message, ...args)\n }\n\n debug(message: string, ...args: any[]): void {\n this.log(LogLevel.DEBUG, 'DEBUG', message, ...args)\n }\n}\n\nexport const createLogger = (options?: Partial<LoggerOptions>): Logger => {\n return new Logger(options)\n}\n\nexport const redisLogger = createLogger({ prefix: '[TernSecure-Redis]' })\nexport const authLogger = createLogger({ prefix: '[TernSecure-Auth]' })","import { authLogger, LogLevel,redisLogger } from \"./logger\"\n\nexport function enableDebugLogging(): void {\n authLogger.enable()\n authLogger.setLevel(LogLevel.DEBUG)\n \n redisLogger.enable()\n redisLogger.setLevel(LogLevel.DEBUG)\n}\n\nexport function disableDebugLogging(): void {\n authLogger.disable()\n redisLogger.disable()\n}\n\nexport function setLogLevel(level: LogLevel): void {\n authLogger.setLevel(level)\n redisLogger.setLevel(level)\n}","import { authLogger } from \"../utils/logger\";\nimport type { DisabledUserAdapter, DisabledUserRecord, PostgresConfig } from \"./types\";\n\nexport class PostgresAdapter implements DisabledUserAdapter {\n private config: PostgresConfig;\n private tableName: string;\n\n constructor(config: PostgresConfig) {\n this.config = config;\n this.tableName = config.table || 'disabled_users';\n }\n\n getDisabledUser = async(uid: string): Promise<DisabledUserRecord | null> => {\n try {\n // For edge runtime, we'll use fetch to call a REST API endpoint\n // This avoids the need for full postgres client libraries in edge\n const response = await fetch(this.config.url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${this.config.token}`,\n },\n body: JSON.stringify({\n query: `SELECT uid, email, disabled_time as \"disabledTime\" FROM ${this.tableName} WHERE uid = $1`,\n params: [uid],\n }),\n });\n\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n\n const result = await response.json();\n \n if (result.rows && result.rows.length > 0) {\n const row = result.rows[0];\n const disabledUser: DisabledUserRecord = {\n uid: row.uid,\n email: row.email,\n disabledTime: row.disabledTime,\n };\n \n authLogger.debug(`Found disabled user: ${uid}`);\n return disabledUser;\n }\n\n authLogger.debug(`No disabled user found: ${uid}`);\n return null;\n } catch (error) {\n authLogger.error('Failed to fetch disabled user from Postgres:', error);\n return null;\n }\n }\n}","import { Redis } from \"@upstash/redis\";\n\nimport { authLogger } from \"../utils/logger\";\nimport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n RedisConfig,\n} from \"./types\";\n\ninterface CacheEntry<T> {\n value: T;\n expiresAt: number;\n}\n\nclass TTLCache<T> {\n private cache = new Map<string, CacheEntry<T>>();\n private readonly defaultTTL: number;\n\n constructor(defaultTTLMs: number = 60000) {\n this.defaultTTL = defaultTTLMs;\n }\n\n set(key: string, value: T, ttlMs?: number): void {\n const expiresAt = Date.now() + (ttlMs ?? this.defaultTTL);\n this.cache.set(key, { value, expiresAt });\n console.log(`TTLCache.set: key=${key}, value=${JSON.stringify(value)}, expiresAt=${expiresAt}, cacheSize=${this.cache.size}`);\n }\n\n private getEntry(key: string): CacheEntry<T> | undefined {\n const entry = this.cache.get(key);\n if (!entry) return undefined;\n\n const now = Date.now();\n if (now > entry.expiresAt) {\n console.log(`TTLCache: key=${key} expired (now=${now}, expiresAt=${entry.expiresAt})`);\n this.cache.delete(key);\n return undefined;\n }\n\n return entry;\n }\n\n get(key: string): T | undefined {\n const entry = this.getEntry(key);\n const hasEntry = entry !== undefined;\n const cacheHasKey = this.cache.has(key);\n const rawEntry = this.cache.get(key);\n \n console.log(`TTLCache.get: key=${key}, hasEntry=${hasEntry}, cacheHasKey=${cacheHasKey}`);\n console.log(`TTLCache.get: rawEntry=${JSON.stringify(rawEntry)}, entry=${JSON.stringify(entry)}`);\n \n if (!entry) {\n console.log(`TTLCache.get: no entry found for key=${key}, returning undefined`);\n return undefined;\n }\n\n console.log(`TTLCache.get: returning value=${JSON.stringify(entry.value)} for key=${key}`);\n return entry.value;\n }\n\n\n delete(key: string): boolean {\n return this.cache.delete(key);\n }\n\n clear(): void {\n this.cache.clear();\n }\n\n cleanup(): void {\n const now = Date.now();\n for (const [key, entry] of this.cache.entries()) {\n if (now > entry.expiresAt) {\n this.cache.delete(key);\n }\n }\n }\n}\n\nexport class RedisAdapter implements DisabledUserAdapter {\n private redis: Redis;\n private cache: TTLCache<DisabledUserRecord | null>;\n private keyPrefix: string;\n\n constructor(config: RedisConfig) {\n this.redis = new Redis({\n url: config.url,\n token: config.token,\n });\n\n this.keyPrefix = config.keyPrefix || \"disabled_user:\";\n const cacheTTL = config.ttl || 30000; // Default 30 seconds\n this.cache = new TTLCache<DisabledUserRecord | null>(cacheTTL);\n\n setInterval(() => this.cache.cleanup(), 5 * 60 * 1000);\n }\n\n getDisabledUser = async (uid: string): Promise<DisabledUserRecord | null> => {\n const cacheKey = `${this.keyPrefix}${uid}`;\n \n authLogger.debug(`RedisAdapter: Checking cache for key: ${cacheKey}`);\n \n // Try to get from cache first\n const cachedResult = this.cache.get(cacheKey);\n authLogger.debug(`RedisAdapter: Cache get result for ${cacheKey}:`, {\n cachedResult: JSON.stringify(cachedResult),\n isUndefined: cachedResult === undefined,\n type: typeof cachedResult\n });\n \n if (cachedResult !== undefined) {\n authLogger.debug(`Cache hit for disabled user: ${uid}`, { \n cacheKey,\n cachedResult: JSON.stringify(cachedResult)\n });\n return cachedResult;\n }\n\n authLogger.debug(\n `Cache miss for disabled user: ${uid}, fetching from Redis with key: ${cacheKey}`\n );\n\n try {\n const disabledUser: DisabledUserRecord | null =\n await this.redis.get(cacheKey);\n\n authLogger.debug(`Redis returned for key ${cacheKey}:`, { \n disabledUser: JSON.stringify(disabledUser),\n type: typeof disabledUser\n });\n\n // Cache the result (including null values to prevent repeated Redis calls)\n this.cache.set(cacheKey, disabledUser);\n \n authLogger.debug(`Cached disabled user result for: ${uid}`, {\n cacheKey,\n isDisabled: !!disabledUser,\n cachedValue: JSON.stringify(disabledUser)\n });\n\n return disabledUser;\n } catch (error) {\n authLogger.error(\"Failed to fetch disabled user from Redis:\", error);\n return null;\n }\n };\n\n invalidateCache(uid: string): void {\n const cacheKey = `${this.keyPrefix}${uid}`;\n this.cache.delete(cacheKey);\n }\n}\n","import { PostgresAdapter } from \"./PostgresAdapter\";\nimport { RedisAdapter } from \"./RedisAdapter\";\nimport type { AdapterConfiguration,DisabledUserAdapter } from \"./types\";\n\nexport function createAdapter(\n config: AdapterConfiguration\n): DisabledUserAdapter {\n switch (config.type) {\n case \"redis\":\n return new RedisAdapter(config.config as any);\n case \"postgres\":\n return new PostgresAdapter(config.config as any);\n default:\n throw new Error(`Unsupported adapter type: ${(config as any).type}`);\n }\n}\n\nexport function validateCheckRevokedOptions(options?: {\n enabled: boolean;\n adapter?: AdapterConfiguration;\n}): { isValid: boolean; error?: string } {\n if (options?.enabled && !options.adapter) {\n return {\n isValid: false,\n error: \"When checkRevoked.enabled is true, an adapter must be provided\",\n };\n }\n return { isValid: true };\n}\n\n\nexport { RedisAdapter } from './RedisAdapter';\nexport { PostgresAdapter } from './PostgresAdapter';\nexport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n AdapterConfig,\n RedisConfig,\n PostgresConfig,\n AdapterType,\n AdapterConfiguration,\n CheckRevokedOptions,\n} from './types';\n"],"mappings":";;;;;;;;;;;;;;;;;;AAQO,IAAM,aAAa;AAAA,EACxB,UAAU;AAAA,EACV,WAAW;AACb;AAIO,IAAM,kBAAkB;AAAA,EAC7B,2BAA2B;AAAA,EAC3B,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,gCAAgC;AAAA,EAChC,iBAAiB;AAAA,EACjB,4BAA4B;AAAA,EAC5B,4BAA4B;AAAA,EAC5B,iBAAiB;AACnB;AAgDA,SAAS,uBACP,gBACqC;AACrC,SAAO,CAAC,wBAA6B;AACnC,QACE,CAAC,uBACD,OAAO,wBAAwB,YAC/B,MAAM,QAAQ,mBAAmB,GACjC;AACA,aAAO;AAAA,IACT;AACA,UAAM,SAAS;AAEf,WAAO,OAAO,QAAQ,mBAAmB,EAAE,MAAM,CAAC,CAAC,KAAK,KAAK,MAAM;AACjE,YAAM,aAAa,OAAO,GAAG;AAC7B,UAAI,OAAO,eAAe,aAAa;AACrC,eAAO;AAAA,MACT;AACA,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,iBAAO,MAAM,KAAK,OAAK,WAAW,SAAS,CAAC,CAAC;AAAA,QAC/C;AACA,eAAO,MAAM,SAAS,UAAU;AAAA,MAClC;AAEA,UAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,eAAO,WAAW,SAAS,KAAK;AAAA,MAClC;AACA,aAAO,eAAe;AAAA,IACxB,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBACd,cACA,eACoB;AACpB,QAAM,iBAAiB,8BAA8B,aAAa;AAClE,SAAO;AAAA,IACL,eAAe;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA,QAAQ,eAAe;AAAA,IACvB,OAAO;AAAA,IACP,SAAS,uBAAuB,cAAc;AAAA,IAC9C,OAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAA2C;AACzD,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ;AAAA,IACR,SAAS,MAAM;AAAA,IACf,OAAO;AAAA,EACT;AACF;AAEO,SAAS,SACd,eACA,UAAmB,IAAI,QAAQ,GAC/B,OACe;AACf,QAAM,aAAa,mBAAmB,OAAO,aAAa;AAC1D,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,UACd,QACA,UAAU,IACV,UAAmB,IAAI,QAAQ,GACf;AAChB,SAAO,gBAAgB;AAAA,IACrB,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ,MAAM,MAAM,oBAAoB;AAAA,IAChC,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACH;AAEA,IAAM,kBAAkB,CAAyB,iBAAuB;AACtE,QAAM,UAAU,IAAI,QAAQ,aAAa,WAAW,CAAC,CAAC;AACtD,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AACA,eAAa,UAAU;AACvB,SAAO;AACT;;;ACnLO,IAAe,cAAf,MAA2B;AAAA,EAChC,YAAsB,SAA0B;AAA1B;AAAA,EAA2B;AAAA,EAEvC,cAAc,QAAgB;AACtC,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AACF;;;ACGO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,wBAAwB,QAAgB,QAAqC;AACxF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,yBAAyB,QAAgB,QAAwC;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACfO,IAAM,cAAN,cAA0B,YAAY;AAAA,EAC3C,MAAa,wBAAwB,QAAgB,QAAuC;AAC1F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,qBAAqB,QAAgB,QAAoC;AACpF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEE,MAAa,eAAe,QAAgB,QAA8B;AAC1E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACvCO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,MAAa,kBACX,QACA,QAC6B;AAC7B,QAAI;AACF,WAAK,cAAc,MAAM;AACzB,YAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,YAAM,WAAW,MAAM,KAAK,QAA4B;AAAA,QACtD,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,YAAY;AAAA,MACd,CAAC;AAED,UAAI,SAAS,QAAQ;AACnB,cAAM,eAAe,SAAS,OAAO,CAAC,GAAG,WAAW;AACpD,cAAM,IAAI,MAAM,YAAY;AAAA,MAC9B;AAEA,aAAO,SAAS;AAAA,IAClB,SAAS,OAAO;AACd,YAAM,oBAAoB,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AACpH,YAAM,IAAI,MAAM,iBAAiB;AAAA,IACnC;AAAA,EACF;AACF;;;ACzBO,IAAM,YAAN,cAAwB,YAAY;AAAA,EACzC,MAAa,kBAAkB,QAAgB,QAAiC;AAC9E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAEF;;;ACCO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,aAAa,QAAgB,QAA4B;AACpE,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,eAAe,gBAAgB,GAAG,WAAW,IAAI;AAEzD,UAAM,UAAkC,CAAC;AACzC,QAAI,gBAAgB;AAClB,cAAQ,SAAS,IAAI;AAAA,IACvB;AAEA,UAAM,aAAa;AAAA,MACjB,YAAY;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAEA,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,oCACX,QACA,QACA,SACA;AACA,SAAK,cAAc,MAAM;AAEzB,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AAEA,WAAO,KAAK,QAA4B;AAAA,MACtC,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACpDA,SAAS,aAAa,cAAc;AAmBpC,IAAM,cAAc,MAAM,KAAK,UAAU;AAElC,IAAM,UAAmB;AAAA,EAC9B;AAAA,EACA,IAAI,QAAQ;AAEV,WAAO,QAAQ,IAAI,aAAa,SAAS,QAAQ;AAAA,EACnD;AAAA,EACA,iBAAiB,WAAW;AAAA,EAC5B,MAAM,WAAW;AAAA,EACjB,UAAU,WAAW;AAAA,EACrB,SAAS,WAAW;AAAA,EACpB,SAAS,WAAW;AAAA,EACpB,UAAU,WAAW;AACvB;;;AChDO,IAAM,8BAA8B,QAAQ,IAAI;AAEhD,SAAS,eAAmC;AACjD,MAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,SAAO;AACT;AAEO,SAAS,cAAuB;AACrC,SAAO,CAAC,CAAC,aAAa;AACxB;;;ACPO,IAAM,0BAA0B,CAAC,WAAmB;AACzD,SAAO,mDAAmD,MAAM;AAClE;AAEO,IAAM,qBAAqB,CAAC,WAAmB;AACpD,SAAO,6EAA6E,MAAM;AAC5F;AAEO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,yBAAyB,CAAC,WAAmB;AACxD,MAAI,YAAY,KAAK,6BAA6B;AAChD,QAAI,WAAW;AACf,QAAI,4BAA4B,WAAW,SAAS,GAAG;AACrD,iBAAW;AAAA,IACb;AAEA,WAAO,GAAG,QAAQ,GAAG,2BAA2B,yEAAyE,MAAM;AAAA,EACjI;AACA,SAAO,gFAAgF,MAAM;AAC/F;AAEO,IAAM,wBAAwB,CAAC,WAAmB;AACvD,SAAO,wEAAwE,MAAM;AACvF;;;AC6BA,IAAM,wBAA8E;AAAA,EAClF,cAAc;AAAA,EACd;AAAA,EACA,QAAQ;AAAA,EACR,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,aAAa;AACf;AAGO,SAAS,cAAc,SAA+B;AAC3D,QAAM,YAAY,OAChB,mBACmC;AACnC,UAAM,EAAE,UAAU,QAAQ,QAAQ,aAAa,cAAc,YAAY,SAAS,IAChF;AAGF,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,UACN;AAAA,YACE,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,sBAAsB,QAAQ,EAAE,MAAM;AAC1D,UAAM,WAAW,IAAI,IAAI,WAAW;AAEpC,QAAI,aAAa;AACf,aAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,OAAO;AACT,WAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,OAAK,SAAS,aAAa,OAAO,KAAK,CAAW,CAAC;AAAA,QAC5E;AAAA,MACF,CAAC;AAAA,IACH;AAEA,UAAM,UAA+B;AAAA,MACnC,GAAG;AAAA,IACL;AACA,QAAI;AAEJ,QAAI;AACF,UAAI,UAAU;AACZ,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH,OAAO;AACL,gBAAQ,cAAc,IAAI;AAC1B,cAAM,UACJ,WAAW,SAAS,cAAc,OAAO,KAAK,UAAU,EAAE,SAAS;AACrE,cAAM,OAAO,UAAU,EAAE,MAAM,KAAK,UAAU,UAAU,EAAE,IAAI;AAE9D,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAEA,YAAM,iBACJ,KAAK,WACL,IAAI,SAAS,IAAI,UAAU,QAAQ,WAAW,MAC5C,UAAU,aAAa;AAC3B,YAAM,eAAe,OAAO,iBAAiB,IAAI,KAAK,IAAI,IAAI,KAAK;AAGnE,UAAI,CAAC,IAAI,IAAI;AACX,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ,YAAY,YAAY;AAAA,UAChC,QAAQ,KAAK;AAAA,UACb,YAAY,KAAK;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,OAAO;AAC1B,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ;AAAA,YACN;AAAA,cACE,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,SAAS,MAAM,WAAW;AAAA,cAC1B,MAAM;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ,YAAY,KAAK;AAAA,QACzB,QAAQ,KAAK;AAAA,QACb,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,MAA0C;AAC7D,MAAI,aAAa;AACjB,MAAI,OAAO,SAAS,UAAU;AAC5B,QAAI;AACF,mBAAa,KAAK,MAAM,IAAI;AAAA,IAC9B,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,WAAW,cAAc,OAAO,WAAW,UAAU,YAAY,WAAW,UAAU,MAAM;AAC9F,UAAM,WAAW,WAAW;AAE5B,QAAI,YAAY,YAAY,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,SAAS,GAAG;AACxF,aAAO,SAAS,OAAO,IAAI,CAAC,QAAa,WAAW;AAAA,QAClD,MAAM,SAAS,QAAQ;AAAA,QACvB,SAAS,IAAI,WAAW;AAAA,QACxB,QAAQ,IAAI;AAAA,QACZ,QAAQ,IAAI;AAAA,MACd,CAAC,CAAC;AAAA,IACJ;AAGA,WAAO,CAAC,WAAW;AAAA,MACjB,MAAM,SAAS,MAAM,SAAS,KAAK;AAAA,MACnC,SAAS,SAAS,WAAW;AAAA,MAC7B,QAAQ,SAAS,UAAU;AAAA,MAC3B,QAAQ,SAAS,UAAU,SAAS,MAAM,SAAS,KAAK;AAAA,IAC1D,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,CAAC;AACV;AAEO,SAAS,WAAW,OAA6D;AACtF,SAAO;AAAA,IACL,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,MAAM,MAAM;AAAA,EACd;AACF;;;AClNO,SAAS,cAAc,SAA+B;AAC3D,QAAM,UAAU,cAAc,OAAO;AACrC,SAAO;AAAA,IACL,OAAO,IAAI,SAAS,OAAO;AAAA,IAC3B,UAAU,IAAI,YAAY,OAAO;AAAA,IACjC,QAAQ,IAAI,eAAe,OAAO;AAAA,IAClC,QAAQ,IAAI,UAAU,OAAO;AAAA,IAC7B,QAAQ,IAAI,SAAS,OAAO;AAAA,EAC9B;AACF;;;ACTA,IAAM,iBAAmC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEO,SAAS,uBACd,cAAgC,CAAC,GACf;AAClB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACsBA,IAAM,0BAAN,MAAiE;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,WAAO,OAAO,MAAM,OAAO;AAC3B,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEA,IAAW,UAA6B;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,UAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,UAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,UAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,UAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,UAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,UAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,UAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AACzB,UAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,UAAM,gBAAgB,eAAe,YAAY;AACjD,SAAK,uBAAuB,KAAK,UAAU,UAAU,QAAQ,OAAO;AAGpE,SAAK,kBAAkB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACpF,SAAK,uBAAuB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACzF,SAAK,oBAAoB,KAAK,UAAU,UAAU,QAAQ,SAAS;AACnE,SAAK,sBAAsB,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACpE;AAAA,EAEQ,gBAAgB;AACtB,SAAK,SAAS,KAAK,kBAAkB;AACrC,SAAK,eAAe,KAAK,kBAAkB,QAAQ,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AACrF,SAAK,WAAW,KAAK,aAAa,CAAC;AACnC,SAAK,cAAc,KAAK,aAAa,CAAC;AAAA,EACxC;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,IAAM,yBAAyB,CACpC,mBACA,YAC4B;AAC5B,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;;;AClIA,SAAS,iBAAiB,0BAA0B,uBAAuB;;;ACwB3E,SAAS,uBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,SAAS,oBACP,OACA,SACA,SACA;AACA,SACE,MAAM,WAAW,6BAA6B,gBAC9C,CAAC,CAAC,QAAQ,wBACV,QAAQ,WAAW;AAEvB;AAEA,eAAsB,oBACpB,SACA,SACuB;AACvB,QAAM,UAAU,uBAAuB,wBAAwB,OAAO,GAAG,OAAO;AAChF,QAAM,EAAE,qBAAqB,IAAI;AAEjC,QAAM,EAAE,sBAAsB,IAAI,QAAQ,OAAO;AAEjD,iBAAe,eAAe;AAC5B,QAAI,CAAC,sBAAsB;AACzB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ,gBAAgB;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,sBAAsB,sBAAsB;AAAA,MACvD,SAAS,QAAQ,QAAQ;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,iBAAe,gBAGb;AACA,UAAM,EAAE,MAAM,eAAe,MAAM,IAAI,MAAM,aAAa;AAC1D,QAAI,CAAC,eAAe;AAClB,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAEA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,EAAE,QAAQ,IAAI;AAEpB,UAAM,SAAS;AACf,UAAM,eAAe,gBAAgB;AACrC,UAAM,oBAAoB,yBAAyB,UAAU,QAAQ,SAAS,YAAY;AAC1F,UAAM,uBAAuB;AAE7B,UAAM,gBAAgB,GAAG,iBAAiB,IAAI,OAAO,KAAK,oBAAoB;AAC9E,YAAQ,OAAO,cAAc,aAAa;AAE1C,UAAM,EAAE,MAAM,SAAS,OAAO,IAAI,MAAM,YAAY,SAAS,OAAO;AACpE,QAAI,QAAQ;AACV,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO,SAAS,OAAO,CAAC,IAAI,IAAI,MAAM,kCAAkC;AAAA,MAC1E;AAAA,IACF;AACA,WAAO,EAAE,MAAM,EAAE,SAAS,OAAO,SAAS,QAAQ,GAAG,OAAO,KAAK;AAAA,EACnE;AAEA,iBAAe,uCAAuC;AACpD,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,QAAQ,iBAAkB,OAAO;AAE5E,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,MAAM,QAAW,QAAQ,eAAgB;AAC/E,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,uCAAuC;AACpD,UAAM,EAAE,qBAAqB,IAAI;AACjC,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,sBAAuB,OAAO;AAEzE,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,MAAM,QAAW,oBAAqB;AAC5E,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,YACb,KACA,cACyC;AACzC,QAAI,EAAE,eAAe,yBAAyB;AAC5C,aAAO,UAAU,gBAAgB,eAAe;AAAA,IAClD;AAEA,QAAI;AACJ,QAAI,oBAAoB,KAAK,SAAS,OAAO,GAAG;AAC9C,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,cAAc;AAC5C,UAAI,MAAM;AACR,eAAO,SAAS,KAAK,SAAS,KAAK,SAAS,KAAK,KAAK;AAAA,MACxD;AAEA,UAAI,OAAO,OAAO,QAAQ;AACxB,uBAAe,MAAM,MAAM;AAAA,MAC7B;AAAA,IACF,OAAO;AACL,UAAI,QAAQ,WAAW,OAAO;AAC5B,uBAAe,wBAAwB;AAAA,MACzC,WAAW,CAAC,QAAQ,sBAAsB;AACxC,uBAAe,wBAAwB;AAAA,MACzC,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAEA,QAAI,eAAe;AAEnB,WAAO,UAAU,IAAI,QAAQ,IAAI,eAAe,CAAC;AAAA,EACnD;AAEA,MAAI,uBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;AAUO,SAAS,0BAA0B,QAA0C;AAClF,QAAM,mBAAmB,uBAAuB,OAAO,OAAO;AAC9D,QAAM,YAAY,OAAO;AAEzB,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,EAAE,OAAO,IAAI;AACnB,WAAO,oBAAoB,SAAS,EAAE,GAAG,SAAS,QAAQ,UAAU,CAAC;AAAA,EACvE;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;AC3KO,SAAS,4BAA4B,SAA4D;AACtG,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,0BAA0B,EAAC,SAAS,MAAM,UAAS,CAAC;AAEzE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;AClBA,IAAM,yBAAyB;AAAA,EAC7B,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AACZ;AAEO,SAASA,wBACd,mBACA,SACG;AACH,SAAO,OAAO,KAAK,iBAAiB,EAAE;AAAA,IACpC,CAAC,KAAQ,QAAgB;AACvB,aAAO,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,QAAQ,GAAG,KAAK,IAAI,GAAG,EAAE;AAAA,IACnD;AAAA,IACA,EAAE,GAAG,kBAAkB;AAAA,EACzB;AACF;AAEA,IAAM,gBAAgB;AACtB,IAAM,mBAAmB;AAEzB,SAAS,uBAAuB,SAAiC;AAC/D,QAAM,aAAa,QAAQ,QAAQ,IAAI,eAAe;AAEtD,MAAI,CAAC,cAAc,CAAC,WAAW,WAAW,aAAa,GAAG;AACxD,WAAO;AAAA,EACT;AAEA,SAAO,WAAW,MAAM,cAAc,MAAM;AAC9C;AAEA,SAAS,uBAAuB,SAAiC;AAC/D,QAAM,eAAe,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAEtD,MAAI,CAAC,cAAc;AACjB,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa,MAAM,GAAG,EAAE;AAAA,IACtC,CAAC,KAAK,WAAW;AACf,YAAM,CAAC,MAAM,KAAK,IAAI,OAAO,KAAK,EAAE,MAAM,GAAG;AAC7C,UAAI,IAAI,IAAI;AACZ,aAAO;AAAA,IACT;AAAA,IACA,CAAC;AAAA,EACH;AAEA,SAAO,QAAQ,gBAAgB,KAAK;AACtC;AAEA,SAASC,wBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,eAAsBC,qBACpB,SACA,SACuB;AACvB,iBAAe,uCAAuC;AACpD,UAAM,QAAQ,uBAAuB,OAAO;AAC5C,QAAI,CAAC,OAAO;AACV,aAAO,UAAU,gBAAgB,mBAAmB;AAAA,IACtD;AACA,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,OAAO,OAAO;AAEzD,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,UAAM,uBAAuB,SAAS,MAAM,QAAW,KAAK;AAC5D,WAAO;AAAA,EACT;AAEA,iBAAe,uCAAuC;AACpD,UAAM,QAAQ,uBAAuB,OAAO;AAC5C,QAAI,CAAC,OAAO;AACV,aAAO,UAAU,gBAAgB,mBAAmB;AAAA,IACtD;AAEA,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,OAAO,OAAO;AAEzD,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,UAAM,uBAAuB,SAAS,MAAM,QAAW,KAAK;AAC5D,WAAO;AAAA,EACT;AAEA,MAAID,wBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;AASO,SAAS,8BAA8B,QAA8C;AAC1F,QAAM,mBAAmBD,wBAAuB,wBAAwB,OAAO,OAAO;AAEtF,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,iBAAiB,EAAE,GAAG,kBAAkB,GAAG,QAAQ;AACzD,WAAOE,qBAAoB,SAAS,cAAc;AAAA,EACpD;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;AClHO,SAAS,iBAAiB,SAAsD;AACrF,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,8BAA8B,EAAE,SAAS,KAAK,CAAC;AAEpE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACnBO,IAAK,WAAL,kBAAKC,cAAL;AACL,EAAAA,oBAAA,WAAQ,KAAR;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,WAAQ,KAAR;AAJU,SAAAA;AAAA,GAAA;AAaL,IAAM,SAAN,MAAa;AAAA,EACV;AAAA,EAER,YAAY,UAAkC,CAAC,GAAG;AAChD,SAAK,UAAU;AAAA,MACb,SAAS;AAAA,MACT,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,SAAe;AACb,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,UAAgB;AACd,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,SAAS,OAAuB;AAC9B,SAAK,QAAQ,QAAQ;AAAA,EACvB;AAAA,EAEA,UAAU,QAAsB;AAC9B,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA,EAEQ,IAAI,OAAiB,WAAmB,YAAoB,MAAmB;AACrF,QAAI,CAAC,KAAK,QAAQ,WAAW,QAAQ,KAAK,QAAQ,OAAO;AACvD;AAAA,IACF;AAEA,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,mBAAmB,GAAG,SAAS,IAAI,KAAK,QAAQ,MAAM,KAAK,SAAS,KAAK,OAAO;AAEtF,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,IACJ;AAAA,EACF;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AACF;AAEO,IAAM,eAAe,CAAC,YAA6C;AACxE,SAAO,IAAI,OAAO,OAAO;AAC3B;AAEO,IAAM,cAAc,aAAa,EAAE,QAAQ,qBAAqB,CAAC;AACjE,IAAM,aAAa,aAAa,EAAE,QAAQ,oBAAoB,CAAC;;;ACrF/D,SAAS,qBAA2B;AACzC,aAAW,OAAO;AAClB,aAAW,sBAAuB;AAElC,cAAY,OAAO;AACnB,cAAY,sBAAuB;AACrC;AAEO,SAAS,sBAA4B;AAC1C,aAAW,QAAQ;AACnB,cAAY,QAAQ;AACtB;AAEO,SAAS,YAAY,OAAuB;AACjD,aAAW,SAAS,KAAK;AACzB,cAAY,SAAS,KAAK;AAC5B;;;ACfO,IAAM,kBAAN,MAAqD;AAAA,EAClD;AAAA,EACA;AAAA,EAER,YAAY,QAAwB;AAClC,SAAK,SAAS;AACd,SAAK,YAAY,OAAO,SAAS;AAAA,EACnC;AAAA,EAEA,kBAAkB,OAAM,QAAoD;AAC1E,QAAI;AAGF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,KAAK;AAAA,QAC5C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,OAAO,KAAK;AAAA,QAC9C;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,2DAA2D,KAAK,SAAS;AAAA,UAChF,QAAQ,CAAC,GAAG;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,EAAE;AAAA,MAC1D;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,cAAM,MAAM,OAAO,KAAK,CAAC;AACzB,cAAM,eAAmC;AAAA,UACvC,KAAK,IAAI;AAAA,UACT,OAAO,IAAI;AAAA,UACX,cAAc,IAAI;AAAA,QACpB;AAEA,mBAAW,MAAM,wBAAwB,GAAG,EAAE;AAC9C,eAAO;AAAA,MACT;AAEA,iBAAW,MAAM,2BAA2B,GAAG,EAAE;AACjD,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,gDAAgD,KAAK;AACtE,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrDA,SAAS,aAAa;AActB,IAAM,WAAN,MAAkB;AAAA,EACR,QAAQ,oBAAI,IAA2B;AAAA,EAC9B;AAAA,EAEjB,YAAY,eAAuB,KAAO;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,IAAI,KAAa,OAAU,OAAsB;AAC/C,UAAM,YAAY,KAAK,IAAI,KAAK,SAAS,KAAK;AAC9C,SAAK,MAAM,IAAI,KAAK,EAAE,OAAO,UAAU,CAAC;AACxC,YAAQ,IAAI,qBAAqB,GAAG,WAAW,KAAK,UAAU,KAAK,CAAC,eAAe,SAAS,eAAe,KAAK,MAAM,IAAI,EAAE;AAAA,EAC9H;AAAA,EAEQ,SAAS,KAAwC;AACvD,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAEnB,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,MAAM,MAAM,WAAW;AACzB,cAAQ,IAAI,iBAAiB,GAAG,iBAAiB,GAAG,eAAe,MAAM,SAAS,GAAG;AACrF,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,KAA4B;AAC9B,UAAM,QAAQ,KAAK,SAAS,GAAG;AAC/B,UAAM,WAAW,UAAU;AAC3B,UAAM,cAAc,KAAK,MAAM,IAAI,GAAG;AACtC,UAAM,WAAW,KAAK,MAAM,IAAI,GAAG;AAEnC,YAAQ,IAAI,qBAAqB,GAAG,cAAc,QAAQ,iBAAiB,WAAW,EAAE;AACxF,YAAQ,IAAI,0BAA0B,KAAK,UAAU,QAAQ,CAAC,WAAW,KAAK,UAAU,KAAK,CAAC,EAAE;AAEhG,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,wCAAwC,GAAG,uBAAuB;AAC9E,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,iCAAiC,KAAK,UAAU,MAAM,KAAK,CAAC,YAAY,GAAG,EAAE;AACzF,WAAO,MAAM;AAAA,EACf;AAAA,EAGA,OAAO,KAAsB;AAC3B,WAAO,KAAK,MAAM,OAAO,GAAG;AAAA,EAC9B;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAM;AAAA,EACnB;AAAA,EAEA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ,GAAG;AAC/C,UAAI,MAAM,MAAM,WAAW;AACzB,aAAK,MAAM,OAAO,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,eAAN,MAAkD;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,QAAqB;AAC/B,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,KAAK,OAAO;AAAA,MACZ,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,YAAY,OAAO,aAAa;AACrC,UAAM,WAAW,OAAO,OAAO;AAC/B,SAAK,QAAQ,IAAI,SAAoC,QAAQ;AAE7D,gBAAY,MAAM,KAAK,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAI;AAAA,EACvD;AAAA,EAEA,kBAAkB,OAAO,QAAoD;AAC3E,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AAExC,eAAW,MAAM,yCAAyC,QAAQ,EAAE;AAGpE,UAAM,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC5C,eAAW,MAAM,sCAAsC,QAAQ,KAAK;AAAA,MAClE,cAAc,KAAK,UAAU,YAAY;AAAA,MACzC,aAAa,iBAAiB;AAAA,MAC9B,MAAM,OAAO;AAAA,IACf,CAAC;AAED,QAAI,iBAAiB,QAAW;AAC9B,iBAAW,MAAM,gCAAgC,GAAG,IAAI;AAAA,QACtD;AAAA,QACA,cAAc,KAAK,UAAU,YAAY;AAAA,MAC3C,CAAC;AACD,aAAO;AAAA,IACT;AAEA,eAAW;AAAA,MACT,iCAAiC,GAAG,mCAAmC,QAAQ;AAAA,IACjF;AAEA,QAAI;AACF,YAAM,eACJ,MAAM,KAAK,MAAM,IAAI,QAAQ;AAE/B,iBAAW,MAAM,0BAA0B,QAAQ,KAAK;AAAA,QACtD,cAAc,KAAK,UAAU,YAAY;AAAA,QACzC,MAAM,OAAO;AAAA,MACf,CAAC;AAGD,WAAK,MAAM,IAAI,UAAU,YAAY;AAErC,iBAAW,MAAM,oCAAoC,GAAG,IAAI;AAAA,QAC1D;AAAA,QACA,YAAY,CAAC,CAAC;AAAA,QACd,aAAa,KAAK,UAAU,YAAY;AAAA,MAC1C,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,6CAA6C,KAAK;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,gBAAgB,KAAmB;AACjC,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AACxC,SAAK,MAAM,OAAO,QAAQ;AAAA,EAC5B;AACF;;;ACnJO,SAAS,cACd,QACqB;AACrB,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH,aAAO,IAAI,aAAa,OAAO,MAAa;AAAA,IAC9C,KAAK;AACH,aAAO,IAAI,gBAAgB,OAAO,MAAa;AAAA,IACjD;AACE,YAAM,IAAI,MAAM,6BAA8B,OAAe,IAAI,EAAE;AAAA,EACvE;AACF;AAEO,SAAS,4BAA4B,SAGH;AACvC,MAAI,SAAS,WAAW,CAAC,QAAQ,SAAS;AACxC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["mergePreDefinedOptions","hasAuthorizationHeader","authenticateRequest","LogLevel"]}
1
+ {"version":3,"sources":["../src/tokens/authstate.ts","../src/fireRestApi/endpoints/AbstractApi.ts","../src/fireRestApi/endpoints/EmailApi.ts","../src/fireRestApi/endpoints/PasswordApi.ts","../src/fireRestApi/endpoints/SignInTokenApi.ts","../src/fireRestApi/endpoints/SignUpApi.ts","../src/fireRestApi/endpoints/TokenApi.ts","../src/fireRestApi/endpoints/UserData.ts","../src/runtime.ts","../src/fireRestApi/emulator.ts","../src/fireRestApi/endpointUrl.ts","../src/fireRestApi/request.ts","../src/fireRestApi/createFireApi.ts","../src/utils/options.ts","../src/tokens/c-authenticateRequestProcessor.ts","../src/tokens/cookie.ts","../src/tokens/request.ts","../src/instance/backendInstanceEdge.ts","../src/tokens/requestFire.ts","../src/instance/backendFireInstance.ts","../src/utils/logger.ts","../src/utils/enableDebugLogging.ts","../src/adapters/PostgresAdapter.ts","../src/adapters/RedisAdapter.ts","../src/adapters/index.ts"],"sourcesContent":["import type { CheckAuthorizationFromSessionClaims, DecodedIdToken } from '@tern-secure/types';\nimport type { JWTPayload } from 'jose';\n\nimport { constants } from '../constants';\nimport type { TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport type { TernSecureRequest } from './ternSecureRequest';\n\nexport const AuthStatus = {\n SignedIn: 'signed-in',\n SignedOut: 'signed-out',\n} as const;\n\nexport type AuthStatus = (typeof AuthStatus)[keyof typeof AuthStatus];\n\nexport const AuthErrorReason = {\n SessionTokenAndUATMissing: 'session-token-and-uat-missing',\n SessionTokenMissing: 'session-token-missing',\n SessionTokenExpired: 'session-token-expired',\n SessionTokenIATBeforeClientUAT: 'session-token-iat-before-client-uat',\n SessionTokenNBF: 'session-token-nbf',\n SessionTokenIatInTheFuture: 'session-token-iat-in-the-future',\n ActiveOrganizationMismatch: 'active-organization-mismatch',\n UnexpectedError: 'unexpected-error',\n} as const;\n\nexport type AuthErrorReason = (typeof AuthErrorReason)[keyof typeof AuthErrorReason];\n\nexport type AuthReason = AuthErrorReason | TokenVerificationErrorReason;\n\nexport type SignedInAuthObject = {\n sessionClaims: DecodedIdToken;\n userId: string;\n token: string;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedOutAuthObject = {\n sessionClaims: null;\n userId: null;\n token: null;\n require: CheckAuthorizationFromSessionClaims;\n error: string | null;\n};\n\nexport type SignedInState = {\n status: typeof AuthStatus.SignedIn;\n reason: null;\n isSignedIn: true;\n auth: () => SignedInAuthObject;\n token: string;\n headers: Headers;\n};\n\nexport type SignedOutState = {\n status: typeof AuthStatus.SignedOut;\n reason: string;\n isSignedIn: false;\n auth: () => SignedOutAuthObject;\n token: null;\n headers: Headers;\n};\n\nexport type RequestState = SignedInState | SignedOutState;\n\nexport interface BackendInstance {\n ternSecureRequest: TernSecureRequest;\n requestState: RequestState;\n}\n\nexport type AuthObject = SignedInAuthObject | SignedOutAuthObject;\n\nfunction createHasAuthorization(\n decodedIdToken: DecodedIdToken,\n): CheckAuthorizationFromSessionClaims {\n return (authorizationParams: any) => {\n if (\n !authorizationParams ||\n typeof authorizationParams !== 'object' ||\n Array.isArray(authorizationParams)\n ) {\n return false;\n }\n const claims = decodedIdToken as Record<string, any>;\n\n return Object.entries(authorizationParams).every(([key, value]) => {\n const claimValue = claims[key];\n if (typeof claimValue === 'undefined') {\n return false;\n }\n if (Array.isArray(value)) {\n if (Array.isArray(claimValue)) {\n return value.some(v => claimValue.includes(v));\n }\n return value.includes(claimValue);\n }\n\n if (Array.isArray(claimValue)) {\n return claimValue.includes(value);\n }\n return claimValue === value;\n });\n };\n}\n\nexport function signedInAuthObject(\n sessionToken: string,\n sessionClaims: JWTPayload,\n): SignedInAuthObject {\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(sessionClaims);\n return {\n sessionClaims: {\n ...decodedIdToken,\n },\n userId: decodedIdToken.uid,\n token: sessionToken,\n require: createHasAuthorization(decodedIdToken),\n error: null,\n };\n}\n\nexport function signedOutAuthObject(): SignedOutAuthObject {\n return {\n sessionClaims: null,\n userId: null,\n token: null,\n require: () => false,\n error: 'No active session',\n };\n}\n\nexport function signedIn(\n sessionClaims: JWTPayload,\n headers: Headers = new Headers(),\n token: string,\n): SignedInState {\n const authObject = signedInAuthObject(token, sessionClaims);\n return {\n status: AuthStatus.SignedIn,\n reason: null,\n isSignedIn: true,\n auth: () => authObject,\n token,\n headers,\n };\n}\n\nexport function signedOut(\n reason: AuthReason,\n message = '',\n headers: Headers = new Headers(),\n): SignedOutState {\n return decorateHeaders({\n status: AuthStatus.SignedOut,\n reason,\n message,\n isSignedIn: false,\n auth: () => signedOutAuthObject(),\n token: null,\n headers,\n });\n}\n\nconst decorateHeaders = <T extends RequestState>(requestState: T): T => {\n const headers = new Headers(requestState.headers || {});\n if (requestState.reason) {\n try {\n headers.set(constants.Headers.AuthReason, requestState.reason);\n } catch {\n // Ignore errors\n }\n }\n\n if (requestState.status) {\n try {\n headers.set(constants.Headers.AuthStatus, requestState.status);\n } catch {\n // Ignore errors\n }\n }\n requestState.headers = headers;\n return requestState;\n};\n","import type { RequestFunction } from '../request';\n\nexport abstract class AbstractAPI {\n constructor(protected request: RequestFunction) {}\n\n protected requireApiKey(apiKey: string) {\n if (!apiKey) {\n throw new Error('A valid API key is required.');\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype sendEmailVerificationParams = {\n idToken: string;\n requestType: 'VERIFY_EMAIL';\n};\n\ntype ConfirmEmailVerificationParams = {\n oobCode: string;\n};\n\n\nexport class EmailApi extends AbstractAPI {\n public async verifyEmailVerification(apiKey: string, params: sendEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmEmailVerification(apiKey: string, params: ConfirmEmailVerificationParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"sendOobCode\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype ConfirmPasswordResetParams = {\n oobCode: string;\n newPassword: string;\n};\n\ntype VerifyPasswordResetCodeParams = {\n oobCode: string;\n};\n\ntype ChangePasswordParams = {\n idToken: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\nexport class PasswordApi extends AbstractAPI {\n public async verifyPasswordResetCode(apiKey: string, params: VerifyPasswordResetCodeParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async confirmPasswordReset(apiKey: string, params: ConfirmPasswordResetParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n public async changePassword(apiKey: string, params: ChangePasswordParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"passwordReset\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n}","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\n\ntype CreateSignInTokenParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\nexport class SignInTokenApi extends AbstractAPI {\n public async createCustomToken(\n apiKey: string,\n params: CreateSignInTokenParams,\n ): Promise<IdAndRefreshTokens> {\n try {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const response = await this.request<IdAndRefreshTokens>({\n endpoint: \"signInWithCustomToken\",\n method: 'POST',\n bodyParams: restParams,\n });\n\n if (response.errors) {\n const errorMessage = response.errors[0]?.message || 'Failed to create custom token';\n throw new Error(errorMessage);\n }\n\n return response.data;\n } catch (error) {\n const contextualMessage = `Failed to create custom token: ${error instanceof Error ? error.message : 'Unknown error'}`;\n throw new Error(contextualMessage);\n }\n }\n}\n","import { AbstractAPI } from \"./AbstractApi\";\n\n\ntype CreateSignUpTokenParams = {\n email: string;\n password: string;\n returnSecureToken?: boolean;\n};\n\n\nexport class SignUpApi extends AbstractAPI {\n public async createCustomToken(apiKey: string, params: CreateSignUpTokenParams) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n return this.request({\n endpoint: \"signUp\",\n method: \"POST\",\n bodyParams: restParams,\n });\n }\n\n}\n","import type { IdAndRefreshTokens } from '../resources/Token';\nimport { AbstractAPI } from './AbstractApi';\n\ntype RefreshTokenParams = {\n expired_token?: string;\n refresh_token: string;\n request_origin?: string;\n request_originating_ip?: string;\n request_headers?: Record<string, string[]>;\n suffixed_cookies?: boolean;\n format?: 'token' | 'cookie';\n};\n\ntype IdAndRefreshTokensParams = {\n token: string;\n returnSecureToken?: boolean;\n};\n\ntype IdAndRefreshTokensOptions = {\n referer?: string;\n};\n\nexport class TokenApi extends AbstractAPI {\n public async refreshToken(apiKey: string, params: RefreshTokenParams) {\n this.requireApiKey(apiKey);\n const { refresh_token, request_origin, ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (request_origin) {\n headers['Referer'] = request_origin;\n }\n\n const bodyParams = {\n grant_type: 'refresh_token',\n refresh_token,\n ...restParams,\n };\n\n return this.request({\n endpoint: 'refreshToken',\n method: 'POST',\n apiKey,\n bodyParams,\n headerParams: headers,\n });\n }\n\n public async exchangeCustomForIdAndRefreshTokens(\n apiKey: string,\n params: IdAndRefreshTokensParams,\n options?: IdAndRefreshTokensOptions,\n ) {\n this.requireApiKey(apiKey);\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n\n return this.request<IdAndRefreshTokens>({\n endpoint: 'signInWithCustomToken',\n method: 'POST',\n apiKey,\n bodyParams: params,\n headerParams: headers,\n });\n }\n}\n","import type { User } from '../resources/User';\nimport { AbstractAPI } from './AbstractApi';\n\ntype UserDataParams = {\n localId?: string;\n idToken?: string;\n};\n\ntype UserDataOptions = {\n referer?: string;\n};\n\nexport class UserData extends AbstractAPI {\n public async getUserData(apiKey: string, params: UserDataParams, options?: UserDataOptions) {\n this.requireApiKey(apiKey);\n const { ...restParams } = params;\n\n const headers: Record<string, string> = {};\n if (options?.referer) {\n headers['Referer'] = options.referer;\n }\n return this.request<User>({\n endpoint: 'lookup',\n method: 'POST',\n apiKey,\n bodyParams: restParams,\n headerParams: headers,\n });\n }\n}","/**\n * This file exports APIs that vary across runtimes (i.e. Node & Browser - V8 isolates)\n * as a singleton object.\n *\n * Runtime polyfills are written in VanillaJS for now to avoid TS complication. Moreover,\n * due to this issue https://github.com/microsoft/TypeScript/issues/44848, there is not a good way\n * to tell Typescript which conditional import to use during build type.\n *\n * The Runtime type definition ensures type safety for now.\n * Runtime js modules are copied into dist folder with bash script.\n *\n * TODO: Support TS runtime modules\n */\n\n// @ts-ignore - These are package subpaths\nimport { webcrypto as crypto } from '#crypto';\n\ntype Runtime = {\n crypto: Crypto;\n fetch: typeof globalThis.fetch;\n AbortController: typeof globalThis.AbortController;\n Blob: typeof globalThis.Blob;\n FormData: typeof globalThis.FormData;\n Headers: typeof globalThis.Headers;\n Request: typeof globalThis.Request;\n Response: typeof globalThis.Response;\n};\n\n// Invoking the global.fetch without binding it first to the globalObject fails in\n// Cloudflare Workers with an \"Illegal Invocation\" error.\n//\n// The globalThis object is supported for Node >= 12.0.\n//\n// https://github.com/supabase/supabase/issues/4417\nconst globalFetch = fetch.bind(globalThis);\n\nexport const runtime: Runtime = {\n crypto,\n get fetch() {\n // We need to use the globalFetch for Cloudflare Workers but the fetch for testing\n return process.env.NODE_ENV === 'test' ? fetch : globalFetch;\n },\n AbortController: globalThis.AbortController,\n Blob: globalThis.Blob,\n FormData: globalThis.FormData,\n Headers: globalThis.Headers,\n Request: globalThis.Request,\n Response: globalThis.Response,\n};\n","export const FIREBASE_AUTH_EMULATOR_HOST = process.env.FIREBASE_AUTH_EMULATOR_HOST;\n\nexport function emulatorHost(): string | undefined {\n if (typeof process === 'undefined') return undefined;\n return FIREBASE_AUTH_EMULATOR_HOST;\n}\n\nexport function useEmulator(): boolean {\n return !!emulatorHost();\n}\n","import { FIREBASE_AUTH_EMULATOR_HOST, useEmulator } from './emulator';\n\nexport const topLevelEndpoint = (apiKey: string, projectId: string, version: string) => {\n return `https://identitytoolkit.googleapis.com/${version}/projects/${projectId}${apiKey}`;\n};\n\nexport const lookupEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:lookup?key=${apiKey}`;\n};\n\nexport const getRefreshTokenEndpoint = (apiKey: string) => {\n return `https://securetoken.googleapis.com/v1/token?key=${apiKey}`;\n};\n\nexport const signInWithPassword = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${apiKey}`;\n};\n\nexport const signUpEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:signUp?key=${apiKey}`;\n};\n\nexport const getCustomTokenEndpoint = (apiKey: string) => {\n if (useEmulator() && FIREBASE_AUTH_EMULATOR_HOST) {\n let protocol = 'http://';\n if (FIREBASE_AUTH_EMULATOR_HOST.startsWith('http://')) {\n protocol = '';\n }\n\n return `${protocol}${FIREBASE_AUTH_EMULATOR_HOST}/identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n }\n return `https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`;\n};\n\nexport const passwordResetEndpoint = (apiKey: string) => {\n return `https://identitytoolkit.googleapis.com/v1/accounts:resetPassword?key=${apiKey}`;\n};\n","import type {\n TernSecureFireRestError,\n TernSecureFireRestErrorJSON,\n} from \"@tern-secure/types\";\n\nimport { constants } from \"../constants\";\nimport { runtime } from \"../runtime\";\nimport {\n getCustomTokenEndpoint,\n getRefreshTokenEndpoint,\n lookupEndpoint,\n passwordResetEndpoint,\n signInWithPassword,\n signUpEndpoint,\n} from \"./endpointUrl\";\n\nexport type HTTPMethod = \"DELETE\" | \"GET\" | \"PATCH\" | \"POST\" | \"PUT\";\nexport type FirebaseEndpoint =\n | \"lookup\"\n | \"refreshToken\"\n | \"signInWithPassword\"\n | \"signUp\"\n | \"signInWithCustomToken\"\n | \"passwordReset\"\n | \"sendOobCode\"\n\nexport type BackendApiRequestOptions = {\n endpoint: FirebaseEndpoint;\n method?: HTTPMethod;\n apiKey?: string;\n queryParams?: Record<string, unknown>;\n headerParams?: Record<string, string>;\n bodyParams?: Record<string, unknown>;\n formData?: FormData;\n}\n\nexport type BackendApiResponse<T> =\n | {\n data: T;\n errors: null;\n totalCount?: number;\n }\n | {\n data: null;\n errors: TernSecureFireRestError[];\n totalCount?: never;\n status?: number;\n statusText?: string;\n retryAfter?: number;\n };\n\nexport type RequestFunction = ReturnType<typeof createRequest>;\n\ntype CreateRequestOptions = {\n apiKey?: string;\n apiUrl?: string;\n apiVersion?: string;\n};\n\nconst FIREBASE_ENDPOINT_MAP: Record<FirebaseEndpoint, (apiKey: string) => string> = {\n refreshToken: getRefreshTokenEndpoint,\n signInWithPassword: signInWithPassword,\n signUp: signUpEndpoint,\n signInWithCustomToken: getCustomTokenEndpoint,\n passwordReset: passwordResetEndpoint,\n sendOobCode: signInWithPassword,\n lookup: lookupEndpoint\n};\n\n\nexport function createRequest(options: CreateRequestOptions) {\n const requestFn = async <T>(\n requestOptions: BackendApiRequestOptions\n ): Promise<BackendApiResponse<T>> => {\n const { endpoint, method, apiKey, queryParams, headerParams, bodyParams, formData } =\n requestOptions;\n\n\n if (!apiKey) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"invalid_parameter\",\n message: \"Firebase API key is required\",\n code: \"400\",\n },\n ],\n };\n }\n\n const endpointUrl = FIREBASE_ENDPOINT_MAP[endpoint](apiKey);\n const finalUrl = new URL(endpointUrl);\n\n if (queryParams) {\n Object.entries(queryParams).forEach(([key, value]) => {\n if (value) {\n [value].flat().forEach(v => finalUrl.searchParams.append(key, v as string));\n }\n });\n }\n\n const headers: Record<string, any> = {\n ...headerParams,\n };\n let res: Response | undefined;\n\n try {\n if (formData) {\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n body: formData,\n });\n } else {\n headers[\"Content-Type\"] = \"application/json\";\n const hasBody =\n method !== \"GET\" && bodyParams && Object.keys(bodyParams).length > 0;\n const body = hasBody ? { body: JSON.stringify(bodyParams) } : null;\n\n res = await runtime.fetch(finalUrl.href, {\n method,\n headers,\n ...body,\n });\n }\n\n const isJSONResponse =\n res?.headers &&\n res.headers?.get(constants.Headers.ContentType) ===\n constants.ContentTypes.Json;\n const responseBody = await (isJSONResponse ? res.json() : res.text());\n\n\n if (!res.ok) {\n return {\n data: null,\n errors: parseErrors(responseBody),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n\n return {\n data: responseBody,\n errors: null,\n };\n } catch (error) {\n if (error instanceof Error) {\n return {\n data: null,\n errors: [\n {\n domain: \"none\",\n reason: \"request_failed\",\n message: error.message || \"An unexpected error occurred\",\n code: \"500\",\n },\n ],\n };\n }\n\n return {\n data: null,\n errors: parseErrors(error),\n status: res?.status,\n statusText: res?.statusText,\n };\n }\n };\n return requestFn;\n}\n\nfunction parseErrors(data: unknown): TernSecureFireRestError[] {\n let parsedData = data;\n if (typeof data === \"string\") {\n try {\n parsedData = JSON.parse(data);\n } catch (error) {\n return [];\n }\n }\n\n if (!parsedData || typeof parsedData !== \"object\") {\n return [];\n }\n\n if (\"error\" in parsedData && typeof parsedData.error === \"object\" && parsedData.error !== null) {\n const errorObj = parsedData.error as any;\n\n if (\"errors\" in errorObj && Array.isArray(errorObj.errors) && errorObj.errors.length > 0) {\n return errorObj.errors.map((err: any) => parseError({\n code: errorObj.code || \"unknown_error\", \n message: err.message || \"Unknown error\",\n domain: err.domain,\n reason: err.reason\n }));\n }\n\n // Fallback: create single error from main error object\n return [parseError({\n code: errorObj.code?.toString() || \"unknown_error\",\n message: errorObj.message || \"Unknown error\",\n domain: errorObj.domain || \"unknown\",\n reason: errorObj.reason || errorObj.code?.toString() || \"unknown_error\"\n })];\n }\n\n return [];\n}\n\nexport function parseError(error: TernSecureFireRestErrorJSON): TernSecureFireRestError {\n return {\n domain: error.domain,\n reason: error.reason,\n message: error.message,\n code: error.code\n };\n}\n","import { EmailApi, PasswordApi, SignInTokenApi, SignUpApi, TokenApi, UserData } from './endpoints';\nimport { createRequest } from './request';\n\nexport type CreateFireApiOptions = Parameters<typeof createRequest>[0];\nexport type ApiClient = ReturnType<typeof createFireApi>;\n\nexport function createFireApi(options: CreateFireApiOptions) {\n const request = createRequest(options);\n return {\n email: new EmailApi(request),\n password: new PasswordApi(request),\n signIn: new SignInTokenApi(request),\n signUp: new SignUpApi(request),\n tokens: new TokenApi(request),\n userData: new UserData(request),\n };\n}\n","import type { AuthenticateRequestOptions} from \"../tokens/types\";\n\nexport type RuntimeOptions = Omit<AuthenticateRequestOptions, \"apiUrl\">;\n\nexport type buildTimeOptions = Partial<Pick<AuthenticateRequestOptions, \"apiKey\" | \"apiUrl\" | \"apiVersion\">>;\n\nconst defaultOptions: buildTimeOptions = {\n apiKey: undefined,\n apiUrl: undefined,\n apiVersion: undefined,\n};\n\nexport function mergePreDefinedOptions(\n userOptions: buildTimeOptions = {}\n): buildTimeOptions {\n return {\n ...defaultOptions,\n ...userOptions,\n };\n}","import type { AuthEndpoint, SessionSubEndpoint } from '@tern-secure/types';\n\nimport { constants } from '../constants';\nimport type { TernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types'; \n\n\n/**\n * Request context for better type safety and clarity\n */\ninterface RequestProcessorContext extends AuthenticateRequestOptions {\n // header-based values\n sessionTokenInHeader: string | undefined;\n origin: string | undefined;\n host: string | undefined;\n forwardedHost: string | undefined;\n forwardedProto: string | undefined;\n referrer: string | undefined;\n userAgent: string | undefined;\n secFetchDest: string | undefined;\n accept: string | undefined;\n\n // cookie-based values\n idTokenInCookie: string | undefined;\n refreshTokenInCookie: string | undefined;\n csrfTokenInCookie: string | undefined;\n sessionTokenInCookie?: string | undefined;\n customTokenInCookie?: string | undefined;\n\n method: string;\n pathSegments: string[];\n endpoint?: AuthEndpoint;\n subEndpoint?: SessionSubEndpoint;\n\n ternUrl: URL;\n instanceType: string;\n}\n\n/**\n * Request processor utility class for common operations\n */\nclass RequestProcessorContext implements RequestProcessorContext {\n public constructor(\n private ternSecureRequest: TernSecureRequest,\n private options: AuthenticateRequestOptions,\n ) {\n this.initHeaderValues();\n this.initCookieValues();\n this.initUrlValues();\n Object.assign(this, options);\n this.ternUrl = this.ternSecureRequest.ternUrl;\n }\n\n public get request(): TernSecureRequest {\n return this.ternSecureRequest;\n }\n\n private initHeaderValues() {\n this.sessionTokenInHeader = this.parseAuthorizationHeader(\n this.getHeader(constants.Headers.Authorization),\n );\n this.origin = this.getHeader(constants.Headers.Origin);\n this.host = this.getHeader(constants.Headers.Host);\n this.forwardedHost = this.getHeader(constants.Headers.ForwardedHost);\n this.forwardedProto =\n this.getHeader(constants.Headers.CloudFrontForwardedProto) ||\n this.getHeader(constants.Headers.ForwardedProto);\n this.referrer = this.getHeader(constants.Headers.Referrer);\n this.userAgent = this.getHeader(constants.Headers.UserAgent);\n this.secFetchDest = this.getHeader(constants.Headers.SecFetchDest);\n this.accept = this.getHeader(constants.Headers.Accept);\n }\n\n private initCookieValues() {\n const isProduction = process.env.NODE_ENV === 'production';\n const defaultPrefix = isProduction ? '__HOST-' : '__dev_';\n this.sessionTokenInCookie = this.getCookie(constants.Cookies.Session);\n\n // System-fixed cookies using backend constants\n this.idTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.IdToken}`);\n this.refreshTokenInCookie = this.getCookie(`${defaultPrefix}${constants.Cookies.Refresh}`);\n this.csrfTokenInCookie = this.getCookie(constants.Cookies.CsrfToken);\n this.customTokenInCookie = this.getCookie(constants.Cookies.Custom);\n }\n\n private initUrlValues() {\n this.method = this.ternSecureRequest.method;\n this.pathSegments = this.ternSecureRequest.ternUrl.pathname.split('/').filter(Boolean);\n this.endpoint = this.pathSegments[2] as AuthEndpoint;\n this.subEndpoint = this.pathSegments[3] as SessionSubEndpoint;\n }\n\n private getHeader(name: string) {\n return this.ternSecureRequest.headers.get(name) || undefined;\n }\n\n private getCookie(name: string) {\n return this.ternSecureRequest.cookies.get(name) || undefined;\n }\n\n private parseAuthorizationHeader(\n authorizationHeader: string | undefined | null,\n ): string | undefined {\n if (!authorizationHeader) {\n return undefined;\n }\n\n const [scheme, token] = authorizationHeader.split(' ', 2);\n\n if (!token) {\n // No scheme specified, treat the entire value as the token\n return scheme;\n }\n\n if (scheme === 'Bearer') {\n return token;\n }\n\n // Skip all other schemes\n return undefined;\n }\n}\n\nexport type { RequestProcessorContext };\n\nexport const createRequestProcessor = (\n ternSecureRequest: TernSecureRequest,\n options: AuthenticateRequestOptions,\n): RequestProcessorContext => {\n return new RequestProcessorContext(ternSecureRequest, options);\n};\n","import { getCookieName as getCookieNameEnvironment, getCookiePrefix } from '@tern-secure/shared/cookie';\n\nexport const getCookieName = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[0];\n};\n\nexport const getCookieValue = (cookieDirective: string): string => {\n return cookieDirective.split(';')[0]?.split('=')[1];\n};\n\nexport { getCookieNameEnvironment, getCookiePrefix };","import type { DecodedIdToken } from '@tern-secure/types';\n\nimport { getAuth } from '../auth';\nimport { constants } from '../constants';\nimport type { ApiClient } from '../fireRestApi';\nimport type { TokenCarrier } from '../utils/errors';\nimport {\n RefreshTokenErrorReason,\n TokenVerificationError,\n TokenVerificationErrorReason,\n} from '../utils/errors';\nimport {\n type buildTimeOptions,\n mergePreDefinedOptions,\n type RuntimeOptions,\n} from '../utils/options';\nimport type { RequestState, SignedInState, SignedOutState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport { createRequestProcessor } from './c-authenticateRequestProcessor';\nimport { getCookieNameEnvironment, getCookiePrefix } from './cookie';\nimport { createTernSecureRequest } from './ternSecureRequest';\nimport type { AuthenticateRequestOptions } from './types';\nimport { verifyToken } from './verify';\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nfunction isRequestForRefresh(\n error: TokenVerificationError,\n context: { refreshTokenInCookie?: string },\n request: Request,\n) {\n return (\n error.reason === TokenVerificationErrorReason.TokenExpired &&\n !!context.refreshTokenInCookie &&\n request.method === 'GET'\n );\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateRequestOptions,\n): Promise<RequestState> {\n const context = createRequestProcessor(createTernSecureRequest(request), options);\n const { refreshTokenInCookie } = context;\n\n const { refreshExpiredIdToken } = getAuth(options);\n\n async function refreshToken() {\n if (!refreshTokenInCookie) {\n return {\n data: null,\n error: {\n message: 'No refresh token available',\n reason: AuthErrorReason.SessionTokenMissing,\n },\n };\n }\n return await refreshExpiredIdToken(refreshTokenInCookie, {\n referer: context.ternUrl.origin,\n });\n }\n\n async function handleRefresh(): Promise<\n | { data: { decoded: DecodedIdToken; token: string; headers: Headers }; error: null }\n | { data: null; error: any }\n > {\n const { data: refreshedData, error } = await refreshToken();\n if (!refreshedData) {\n return { data: null, error };\n }\n\n const headers = new Headers();\n const { idToken } = refreshedData;\n\n const maxAge = 3600;\n const cookiePrefix = getCookiePrefix();\n const idTokenCookieName = getCookieNameEnvironment(constants.Cookies.IdToken, cookiePrefix);\n const baseCookieAttributes = 'HttpOnly; Secure; SameSite=Strict; Path=/';\n\n const idTokenCookie = `${idTokenCookieName}=${idToken}; ${baseCookieAttributes};`;\n headers.append('Set-Cookie', idTokenCookie);\n\n const { data: decoded, errors } = await verifyToken(idToken, options);\n if (errors) {\n return {\n data: null,\n error: errors ? errors[0] : new Error('Failed to verify refreshed token'),\n };\n }\n return { data: { decoded, token: idToken, headers }, error: null };\n }\n\n async function authenticateRequestWithTokenInCookie() {\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(context.idTokenInCookie!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(data, undefined, context.idTokenInCookie!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'cookie');\n }\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const { sessionTokenInHeader } = context;\n try {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const { data, errors } = await verifyToken(sessionTokenInHeader!, options);\n\n if (errors) {\n throw errors[0];\n }\n\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion\n const signedInRequestState = signedIn(data, undefined, sessionTokenInHeader!);\n return signedInRequestState;\n } catch (err) {\n return handleError(err, 'header');\n }\n }\n\n async function handleError(\n err: unknown,\n tokenCarrier: TokenCarrier,\n ): Promise<SignedInState | SignedOutState> {\n if (!(err instanceof TokenVerificationError)) {\n return signedOut(AuthErrorReason.UnexpectedError);\n }\n\n let refreshError: string | null;\n if (isRequestForRefresh(err, context, request)) {\n const { data, error } = await handleRefresh();\n if (data) {\n return signedIn(data.decoded, data.headers, data.token);\n }\n\n if (error?.cause?.reason) {\n refreshError = error.cause.reason;\n }\n } else {\n if (request.method !== 'GET') {\n refreshError = RefreshTokenErrorReason.NonEligibleNonGet;\n } else if (!context.refreshTokenInCookie) {\n refreshError = RefreshTokenErrorReason.NonEligibleNoCookie;\n } else {\n refreshError = null;\n }\n }\n\n err.tokenCarrier = tokenCarrier;\n\n return signedOut(err.reason, err.getFullMessage());\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n\n/**\n * @internal\n */\nexport type CreateAuthenticateRequestOptions = {\n options: buildTimeOptions;\n apiClient: ApiClient;\n};\n\nexport function createAuthenticateRequest(params: CreateAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(params.options);\n const apiClient = params.apiClient;\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const { apiUrl } = buildTimeOptions;\n return authenticateRequest(request, { ...options, apiUrl, apiClient });\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}\n","import type { ApiClient,CreateFireApiOptions} from \"../fireRestApi\";\r\nimport { createFireApi } from \"../fireRestApi\";\r\nimport type { RequestState } from \"../tokens/authstate\";\r\nimport type { CreateAuthenticateRequestOptions } from \"../tokens/request\";\r\nimport { createAuthenticateRequest } from \"../tokens/request\";\r\nimport type {\r\n TernSecureRequest,\r\n} from \"../tokens/ternSecureRequest\";\r\n\r\nexport type TernSecureBackendOptions = CreateFireApiOptions & CreateAuthenticateRequestOptions['options'];\r\n\r\nexport type TernSecureBackendClient = ApiClient & ReturnType<typeof createAuthenticateRequest>;\r\n\r\nexport interface BackendInstance {\r\n ternSecureRequest: TernSecureRequest;\r\n requestState: RequestState;\r\n}\r\n\r\nexport function createBackendInstanceClient(options: TernSecureBackendOptions): TernSecureBackendClient {\r\n const opts = { ...options };\r\n const apiClient = createFireApi(opts);\r\n const requestState = createAuthenticateRequest({options: opts, apiClient});\r\n\r\n return {\r\n ...apiClient,\r\n ...requestState,\r\n };\r\n}\r\n","import type { RequestState } from './authstate';\nimport { AuthErrorReason, signedIn, signedOut } from './authstate';\nimport type { AuthenticateFireRequestOptions, } from './types';\nimport { verifyToken } from './verify';\n\ntype RuntimeOptions = Omit<AuthenticateFireRequestOptions, 'firebaseConfig'>;\n\ntype FirebaseOptions = Partial<Pick<AuthenticateFireRequestOptions, 'firebaseConfig'>>;\n\nconst defaultFirebaseOptions = {\n apiKey: '',\n authDomain: '',\n projectId: '',\n tenantId: undefined,\n} as FirebaseOptions;\n\nexport function mergePreDefinedOptions<T extends Record<string, any>>(\n preDefinedOptions: T,\n options: Partial<T>,\n): T {\n return Object.keys(preDefinedOptions).reduce(\n (obj: T, key: string) => {\n return { ...obj, [key]: options[key] || obj[key] };\n },\n { ...preDefinedOptions },\n );\n}\n\nconst BEARER_PREFIX = 'Bearer ';\nconst AUTH_COOKIE_NAME = '_session_cookie';\n\nfunction extractTokenFromHeader(request: Request): string | null {\n const authHeader = request.headers.get('Authorization');\n\n if (!authHeader || !authHeader.startsWith(BEARER_PREFIX)) {\n return null;\n }\n\n return authHeader.slice(BEARER_PREFIX.length);\n}\n\nfunction extractTokenFromCookie(request: Request): string | null {\n const cookieHeader = request.headers.get('Cookie') || undefined;\n\n if (!cookieHeader) {\n return null;\n }\n\n const cookies = cookieHeader.split(';').reduce(\n (acc, cookie) => {\n const [name, value] = cookie.trim().split('=');\n acc[name] = value;\n return acc;\n },\n {} as Record<string, string>,\n );\n\n return cookies[AUTH_COOKIE_NAME] || null;\n}\n\nfunction hasAuthorizationHeader(request: Request): boolean {\n return request.headers.has('Authorization');\n}\n\nexport async function authenticateRequest(\n request: Request,\n options: AuthenticateFireRequestOptions,\n): Promise<RequestState> {\n async function authenticateRequestWithTokenInCookie() {\n const token = extractTokenFromCookie(request);\n if (!token) {\n return signedOut(AuthErrorReason.SessionTokenMissing);\n }\n const { data, errors } = await verifyToken(token, options);\n\n if (errors) {\n throw errors[0];\n }\n\n const signedInRequestState = signedIn(data, undefined, token);\n return signedInRequestState;\n }\n\n async function authenticateRequestWithTokenInHeader() {\n const token = extractTokenFromHeader(request);\n if (!token) {\n return signedOut(AuthErrorReason.SessionTokenMissing);\n }\n\n const { data, errors } = await verifyToken(token, options);\n\n if (errors) {\n throw errors[0];\n }\n\n const signedInRequestState = signedIn(data, undefined, token);\n return signedInRequestState;\n }\n\n if (hasAuthorizationHeader(request)) {\n return authenticateRequestWithTokenInHeader();\n }\n\n return authenticateRequestWithTokenInCookie();\n}\n\n/**\n * @internal\n */\nexport type CreateFireAuthenticateRequestOptions = {\n options: FirebaseOptions;\n};\n\nexport function createFireAuthenticateRequest(params: CreateFireAuthenticateRequestOptions) {\n const buildTimeOptions = mergePreDefinedOptions(defaultFirebaseOptions, params.options);\n\n const handleAuthenticateRequest = (request: Request, options: RuntimeOptions = {}) => {\n const runtimeOptions = { ...buildTimeOptions, ...options };\n return authenticateRequest(request, runtimeOptions);\n };\n\n return {\n authenticateRequest: handleAuthenticateRequest,\n };\n}\n","import type { ApiClient, CreateFireApiOptions } from '../fireRestApi';\nimport { createFireApi } from '../fireRestApi';\nimport type { CreateFireAuthenticateRequestOptions } from '../tokens/requestFire';\nimport { createFireAuthenticateRequest } from '../tokens/requestFire';\n\nexport type TernSecureFireOptions = CreateFireApiOptions &\n CreateFireAuthenticateRequestOptions['options'];\n\nexport type TernSecureFireClient = ApiClient & ReturnType<typeof createFireAuthenticateRequest>;\n\nexport function createFireClient(options: TernSecureFireOptions): TernSecureFireClient {\n const opts = { ...options };\n const apiClient = createFireApi(opts);\n const requestState = createFireAuthenticateRequest({ options: opts });\n\n return {\n ...apiClient,\n ...requestState,\n };\n}\n","export enum LogLevel {\n ERROR = 0,\n WARN = 1,\n INFO = 2,\n DEBUG = 3,\n}\n\nexport interface LoggerOptions {\n enabled: boolean\n level: LogLevel\n prefix: string\n}\n\nexport class Logger {\n private options: LoggerOptions\n\n constructor(options: Partial<LoggerOptions> = {}) {\n this.options = {\n enabled: false,\n level: LogLevel.INFO,\n prefix: '[TernSecure-Backend]',\n ...options,\n }\n }\n\n enable(): void {\n this.options.enabled = true\n }\n\n disable(): void {\n this.options.enabled = false\n }\n\n setLevel(level: LogLevel): void {\n this.options.level = level\n }\n\n setPrefix(prefix: string): void {\n this.options.prefix = prefix\n }\n\n private log(level: LogLevel, levelName: string, message: string, ...args: any[]): void {\n if (!this.options.enabled || level > this.options.level) {\n return\n }\n\n const timestamp = new Date().toISOString()\n const formattedMessage = `${timestamp} ${this.options.prefix} [${levelName}] ${message}`\n \n switch (level) {\n case LogLevel.ERROR:\n console.error(formattedMessage, ...args)\n break\n case LogLevel.WARN:\n console.warn(formattedMessage, ...args)\n break\n case LogLevel.INFO:\n console.info(formattedMessage, ...args)\n break\n case LogLevel.DEBUG:\n console.debug(formattedMessage, ...args)\n break\n }\n }\n\n error(message: string, ...args: any[]): void {\n this.log(LogLevel.ERROR, 'ERROR', message, ...args)\n }\n\n warn(message: string, ...args: any[]): void {\n this.log(LogLevel.WARN, 'WARN', message, ...args)\n }\n\n info(message: string, ...args: any[]): void {\n this.log(LogLevel.INFO, 'INFO', message, ...args)\n }\n\n debug(message: string, ...args: any[]): void {\n this.log(LogLevel.DEBUG, 'DEBUG', message, ...args)\n }\n}\n\nexport const createLogger = (options?: Partial<LoggerOptions>): Logger => {\n return new Logger(options)\n}\n\nexport const redisLogger = createLogger({ prefix: '[TernSecure-Redis]' })\nexport const authLogger = createLogger({ prefix: '[TernSecure-Auth]' })","import { authLogger, LogLevel,redisLogger } from \"./logger\"\n\nexport function enableDebugLogging(): void {\n authLogger.enable()\n authLogger.setLevel(LogLevel.DEBUG)\n \n redisLogger.enable()\n redisLogger.setLevel(LogLevel.DEBUG)\n}\n\nexport function disableDebugLogging(): void {\n authLogger.disable()\n redisLogger.disable()\n}\n\nexport function setLogLevel(level: LogLevel): void {\n authLogger.setLevel(level)\n redisLogger.setLevel(level)\n}","import { authLogger } from \"../utils/logger\";\nimport type { DisabledUserAdapter, DisabledUserRecord, PostgresConfig } from \"./types\";\n\nexport class PostgresAdapter implements DisabledUserAdapter {\n private config: PostgresConfig;\n private tableName: string;\n\n constructor(config: PostgresConfig) {\n this.config = config;\n this.tableName = config.table || 'disabled_users';\n }\n\n getDisabledUser = async(uid: string): Promise<DisabledUserRecord | null> => {\n try {\n // For edge runtime, we'll use fetch to call a REST API endpoint\n // This avoids the need for full postgres client libraries in edge\n const response = await fetch(this.config.url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${this.config.token}`,\n },\n body: JSON.stringify({\n query: `SELECT uid, email, disabled_time as \"disabledTime\" FROM ${this.tableName} WHERE uid = $1`,\n params: [uid],\n }),\n });\n\n if (!response.ok) {\n throw new Error(`HTTP error! status: ${response.status}`);\n }\n\n const result = await response.json();\n \n if (result.rows && result.rows.length > 0) {\n const row = result.rows[0];\n const disabledUser: DisabledUserRecord = {\n uid: row.uid,\n email: row.email,\n disabledTime: row.disabledTime,\n };\n \n authLogger.debug(`Found disabled user: ${uid}`);\n return disabledUser;\n }\n\n authLogger.debug(`No disabled user found: ${uid}`);\n return null;\n } catch (error) {\n authLogger.error('Failed to fetch disabled user from Postgres:', error);\n return null;\n }\n }\n}","import { Redis } from \"@upstash/redis\";\n\nimport { authLogger } from \"../utils/logger\";\nimport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n RedisConfig,\n} from \"./types\";\n\ninterface CacheEntry<T> {\n value: T;\n expiresAt: number;\n}\n\nclass TTLCache<T> {\n private cache = new Map<string, CacheEntry<T>>();\n private readonly defaultTTL: number;\n\n constructor(defaultTTLMs: number = 60000) {\n this.defaultTTL = defaultTTLMs;\n }\n\n set(key: string, value: T, ttlMs?: number): void {\n const expiresAt = Date.now() + (ttlMs ?? this.defaultTTL);\n this.cache.set(key, { value, expiresAt });\n console.log(`TTLCache.set: key=${key}, value=${JSON.stringify(value)}, expiresAt=${expiresAt}, cacheSize=${this.cache.size}`);\n }\n\n private getEntry(key: string): CacheEntry<T> | undefined {\n const entry = this.cache.get(key);\n if (!entry) return undefined;\n\n const now = Date.now();\n if (now > entry.expiresAt) {\n console.log(`TTLCache: key=${key} expired (now=${now}, expiresAt=${entry.expiresAt})`);\n this.cache.delete(key);\n return undefined;\n }\n\n return entry;\n }\n\n get(key: string): T | undefined {\n const entry = this.getEntry(key);\n const hasEntry = entry !== undefined;\n const cacheHasKey = this.cache.has(key);\n const rawEntry = this.cache.get(key);\n \n console.log(`TTLCache.get: key=${key}, hasEntry=${hasEntry}, cacheHasKey=${cacheHasKey}`);\n console.log(`TTLCache.get: rawEntry=${JSON.stringify(rawEntry)}, entry=${JSON.stringify(entry)}`);\n \n if (!entry) {\n console.log(`TTLCache.get: no entry found for key=${key}, returning undefined`);\n return undefined;\n }\n\n console.log(`TTLCache.get: returning value=${JSON.stringify(entry.value)} for key=${key}`);\n return entry.value;\n }\n\n\n delete(key: string): boolean {\n return this.cache.delete(key);\n }\n\n clear(): void {\n this.cache.clear();\n }\n\n cleanup(): void {\n const now = Date.now();\n for (const [key, entry] of this.cache.entries()) {\n if (now > entry.expiresAt) {\n this.cache.delete(key);\n }\n }\n }\n}\n\nexport class RedisAdapter implements DisabledUserAdapter {\n private redis: Redis;\n private cache: TTLCache<DisabledUserRecord | null>;\n private keyPrefix: string;\n\n constructor(config: RedisConfig) {\n this.redis = new Redis({\n url: config.url,\n token: config.token,\n });\n\n this.keyPrefix = config.keyPrefix || \"disabled_user:\";\n const cacheTTL = config.ttl || 30000; // Default 30 seconds\n this.cache = new TTLCache<DisabledUserRecord | null>(cacheTTL);\n\n setInterval(() => this.cache.cleanup(), 5 * 60 * 1000);\n }\n\n getDisabledUser = async (uid: string): Promise<DisabledUserRecord | null> => {\n const cacheKey = `${this.keyPrefix}${uid}`;\n \n authLogger.debug(`RedisAdapter: Checking cache for key: ${cacheKey}`);\n \n // Try to get from cache first\n const cachedResult = this.cache.get(cacheKey);\n authLogger.debug(`RedisAdapter: Cache get result for ${cacheKey}:`, {\n cachedResult: JSON.stringify(cachedResult),\n isUndefined: cachedResult === undefined,\n type: typeof cachedResult\n });\n \n if (cachedResult !== undefined) {\n authLogger.debug(`Cache hit for disabled user: ${uid}`, { \n cacheKey,\n cachedResult: JSON.stringify(cachedResult)\n });\n return cachedResult;\n }\n\n authLogger.debug(\n `Cache miss for disabled user: ${uid}, fetching from Redis with key: ${cacheKey}`\n );\n\n try {\n const disabledUser: DisabledUserRecord | null =\n await this.redis.get(cacheKey);\n\n authLogger.debug(`Redis returned for key ${cacheKey}:`, { \n disabledUser: JSON.stringify(disabledUser),\n type: typeof disabledUser\n });\n\n // Cache the result (including null values to prevent repeated Redis calls)\n this.cache.set(cacheKey, disabledUser);\n \n authLogger.debug(`Cached disabled user result for: ${uid}`, {\n cacheKey,\n isDisabled: !!disabledUser,\n cachedValue: JSON.stringify(disabledUser)\n });\n\n return disabledUser;\n } catch (error) {\n authLogger.error(\"Failed to fetch disabled user from Redis:\", error);\n return null;\n }\n };\n\n invalidateCache(uid: string): void {\n const cacheKey = `${this.keyPrefix}${uid}`;\n this.cache.delete(cacheKey);\n }\n}\n","import { PostgresAdapter } from \"./PostgresAdapter\";\nimport { RedisAdapter } from \"./RedisAdapter\";\nimport type { AdapterConfiguration,DisabledUserAdapter } from \"./types\";\n\nexport function createAdapter(\n config: AdapterConfiguration\n): DisabledUserAdapter {\n switch (config.type) {\n case \"redis\":\n return new RedisAdapter(config.config as any);\n case \"postgres\":\n return new PostgresAdapter(config.config as any);\n default:\n throw new Error(`Unsupported adapter type: ${(config as any).type}`);\n }\n}\n\nexport function validateCheckRevokedOptions(options?: {\n enabled: boolean;\n adapter?: AdapterConfiguration;\n}): { isValid: boolean; error?: string } {\n if (options?.enabled && !options.adapter) {\n return {\n isValid: false,\n error: \"When checkRevoked.enabled is true, an adapter must be provided\",\n };\n }\n return { isValid: true };\n}\n\n\nexport { RedisAdapter } from './RedisAdapter';\nexport { PostgresAdapter } from './PostgresAdapter';\nexport type {\n DisabledUserAdapter,\n DisabledUserRecord,\n AdapterConfig,\n RedisConfig,\n PostgresConfig,\n AdapterType,\n AdapterConfiguration,\n CheckRevokedOptions,\n} from './types';\n"],"mappings":";;;;;;;;;;;;;;;;;;AAQO,IAAM,aAAa;AAAA,EACxB,UAAU;AAAA,EACV,WAAW;AACb;AAIO,IAAM,kBAAkB;AAAA,EAC7B,2BAA2B;AAAA,EAC3B,qBAAqB;AAAA,EACrB,qBAAqB;AAAA,EACrB,gCAAgC;AAAA,EAChC,iBAAiB;AAAA,EACjB,4BAA4B;AAAA,EAC5B,4BAA4B;AAAA,EAC5B,iBAAiB;AACnB;AAiDA,SAAS,uBACP,gBACqC;AACrC,SAAO,CAAC,wBAA6B;AACnC,QACE,CAAC,uBACD,OAAO,wBAAwB,YAC/B,MAAM,QAAQ,mBAAmB,GACjC;AACA,aAAO;AAAA,IACT;AACA,UAAM,SAAS;AAEf,WAAO,OAAO,QAAQ,mBAAmB,EAAE,MAAM,CAAC,CAAC,KAAK,KAAK,MAAM;AACjE,YAAM,aAAa,OAAO,GAAG;AAC7B,UAAI,OAAO,eAAe,aAAa;AACrC,eAAO;AAAA,MACT;AACA,UAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,YAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,iBAAO,MAAM,KAAK,OAAK,WAAW,SAAS,CAAC,CAAC;AAAA,QAC/C;AACA,eAAO,MAAM,SAAS,UAAU;AAAA,MAClC;AAEA,UAAI,MAAM,QAAQ,UAAU,GAAG;AAC7B,eAAO,WAAW,SAAS,KAAK;AAAA,MAClC;AACA,aAAO,eAAe;AAAA,IACxB,CAAC;AAAA,EACH;AACF;AAEO,SAAS,mBACd,cACA,eACoB;AACpB,QAAM,iBAAiB,8BAA8B,aAAa;AAClE,SAAO;AAAA,IACL,eAAe;AAAA,MACb,GAAG;AAAA,IACL;AAAA,IACA,QAAQ,eAAe;AAAA,IACvB,OAAO;AAAA,IACP,SAAS,uBAAuB,cAAc;AAAA,IAC9C,OAAO;AAAA,EACT;AACF;AAEO,SAAS,sBAA2C;AACzD,SAAO;AAAA,IACL,eAAe;AAAA,IACf,QAAQ;AAAA,IACR,OAAO;AAAA,IACP,SAAS,MAAM;AAAA,IACf,OAAO;AAAA,EACT;AACF;AAEO,SAAS,SACd,eACA,UAAmB,IAAI,QAAQ,GAC/B,OACe;AACf,QAAM,aAAa,mBAAmB,OAAO,aAAa;AAC1D,SAAO;AAAA,IACL,QAAQ,WAAW;AAAA,IACnB,QAAQ;AAAA,IACR,YAAY;AAAA,IACZ,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,UACd,QACA,UAAU,IACV,UAAmB,IAAI,QAAQ,GACf;AAChB,SAAO,gBAAgB;AAAA,IACrB,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ,MAAM,MAAM,oBAAoB;AAAA,IAChC,OAAO;AAAA,IACP;AAAA,EACF,CAAC;AACH;AAEA,IAAM,kBAAkB,CAAyB,iBAAuB;AACtE,QAAM,UAAU,IAAI,QAAQ,aAAa,WAAW,CAAC,CAAC;AACtD,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,MAAI,aAAa,QAAQ;AACvB,QAAI;AACF,cAAQ,IAAI,UAAU,QAAQ,YAAY,aAAa,MAAM;AAAA,IAC/D,QAAQ;AAAA,IAER;AAAA,EACF;AACA,eAAa,UAAU;AACvB,SAAO;AACT;;;ACrLO,IAAe,cAAf,MAA2B;AAAA,EAChC,YAAsB,SAA0B;AAA1B;AAAA,EAA2B;AAAA,EAEvC,cAAc,QAAgB;AACtC,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAAA,EACF;AACF;;;ACGO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,wBAAwB,QAAgB,QAAqC;AACxF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,yBAAyB,QAAgB,QAAwC;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACfO,IAAM,cAAN,cAA0B,YAAY;AAAA,EAC3C,MAAa,wBAAwB,QAAgB,QAAuC;AAC1F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,qBAAqB,QAAgB,QAAoC;AACpF,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAAA,EAEE,MAAa,eAAe,QAAgB,QAA8B;AAC1E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AACF;;;ACvCO,IAAM,iBAAN,cAA6B,YAAY;AAAA,EAC9C,MAAa,kBACX,QACA,QAC6B;AAC7B,QAAI;AACF,WAAK,cAAc,MAAM;AACzB,YAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,YAAM,WAAW,MAAM,KAAK,QAA4B;AAAA,QACtD,UAAU;AAAA,QACV,QAAQ;AAAA,QACR,YAAY;AAAA,MACd,CAAC;AAED,UAAI,SAAS,QAAQ;AACnB,cAAM,eAAe,SAAS,OAAO,CAAC,GAAG,WAAW;AACpD,cAAM,IAAI,MAAM,YAAY;AAAA,MAC9B;AAEA,aAAO,SAAS;AAAA,IAClB,SAAS,OAAO;AACd,YAAM,oBAAoB,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AACpH,YAAM,IAAI,MAAM,iBAAiB;AAAA,IACnC;AAAA,EACF;AACF;;;ACzBO,IAAM,YAAN,cAAwB,YAAY;AAAA,EACzC,MAAa,kBAAkB,QAAgB,QAAiC;AAC9E,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAC1B,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR,YAAY;AAAA,IACd,CAAC;AAAA,EACH;AAEF;;;ACCO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACxC,MAAa,aAAa,QAAgB,QAA4B;AACpE,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,eAAe,gBAAgB,GAAG,WAAW,IAAI;AAEzD,UAAM,UAAkC,CAAC;AACzC,QAAI,gBAAgB;AAClB,cAAQ,SAAS,IAAI;AAAA,IACvB;AAEA,UAAM,aAAa;AAAA,MACjB,YAAY;AAAA,MACZ;AAAA,MACA,GAAG;AAAA,IACL;AAEA,WAAO,KAAK,QAAQ;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA;AAAA,MACA,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AAAA,EAEA,MAAa,oCACX,QACA,QACA,SACA;AACA,SAAK,cAAc,MAAM;AAEzB,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AAEA,WAAO,KAAK,QAA4B;AAAA,MACtC,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACvDO,IAAM,WAAN,cAAuB,YAAY;AAAA,EACtC,MAAa,YAAY,QAAgB,QAAwB,SAA2B;AAC5F,SAAK,cAAc,MAAM;AACzB,UAAM,EAAE,GAAG,WAAW,IAAI;AAE1B,UAAM,UAAkC,CAAC;AACzC,QAAI,SAAS,SAAS;AACpB,cAAQ,SAAS,IAAI,QAAQ;AAAA,IAC/B;AACA,WAAO,KAAK,QAAc;AAAA,MACxB,UAAU;AAAA,MACV,QAAQ;AAAA,MACR;AAAA,MACA,YAAY;AAAA,MACZ,cAAc;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;ACdA,SAAS,aAAa,cAAc;AAmBpC,IAAM,cAAc,MAAM,KAAK,UAAU;AAElC,IAAM,UAAmB;AAAA,EAC9B;AAAA,EACA,IAAI,QAAQ;AAEV,WAAO,QAAQ,IAAI,aAAa,SAAS,QAAQ;AAAA,EACnD;AAAA,EACA,iBAAiB,WAAW;AAAA,EAC5B,MAAM,WAAW;AAAA,EACjB,UAAU,WAAW;AAAA,EACrB,SAAS,WAAW;AAAA,EACpB,SAAS,WAAW;AAAA,EACpB,UAAU,WAAW;AACvB;;;AChDO,IAAM,8BAA8B,QAAQ,IAAI;AAEhD,SAAS,eAAmC;AACjD,MAAI,OAAO,YAAY,YAAa,QAAO;AAC3C,SAAO;AACT;AAEO,SAAS,cAAuB;AACrC,SAAO,CAAC,CAAC,aAAa;AACxB;;;ACHO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,0BAA0B,CAAC,WAAmB;AACzD,SAAO,mDAAmD,MAAM;AAClE;AAEO,IAAM,qBAAqB,CAAC,WAAmB;AACpD,SAAO,6EAA6E,MAAM;AAC5F;AAEO,IAAM,iBAAiB,CAAC,WAAmB;AAChD,SAAO,iEAAiE,MAAM;AAChF;AAEO,IAAM,yBAAyB,CAAC,WAAmB;AACxD,MAAI,YAAY,KAAK,6BAA6B;AAChD,QAAI,WAAW;AACf,QAAI,4BAA4B,WAAW,SAAS,GAAG;AACrD,iBAAW;AAAA,IACb;AAEA,WAAO,GAAG,QAAQ,GAAG,2BAA2B,yEAAyE,MAAM;AAAA,EACjI;AACA,SAAO,gFAAgF,MAAM;AAC/F;AAEO,IAAM,wBAAwB,CAAC,WAAmB;AACvD,SAAO,wEAAwE,MAAM;AACvF;;;ACuBA,IAAM,wBAA8E;AAAA,EAClF,cAAc;AAAA,EACd;AAAA,EACA,QAAQ;AAAA,EACR,uBAAuB;AAAA,EACvB,eAAe;AAAA,EACf,aAAa;AAAA,EACb,QAAQ;AACV;AAGO,SAAS,cAAc,SAA+B;AAC3D,QAAM,YAAY,OAChB,mBACmC;AACnC,UAAM,EAAE,UAAU,QAAQ,QAAQ,aAAa,cAAc,YAAY,SAAS,IAChF;AAGF,QAAI,CAAC,QAAQ;AACX,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,UACN;AAAA,YACE,QAAQ;AAAA,YACR,QAAQ;AAAA,YACR,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,UAAM,cAAc,sBAAsB,QAAQ,EAAE,MAAM;AAC1D,UAAM,WAAW,IAAI,IAAI,WAAW;AAEpC,QAAI,aAAa;AACf,aAAO,QAAQ,WAAW,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACpD,YAAI,OAAO;AACT,WAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,OAAK,SAAS,aAAa,OAAO,KAAK,CAAW,CAAC;AAAA,QAC5E;AAAA,MACF,CAAC;AAAA,IACH;AAEA,UAAM,UAA+B;AAAA,MACnC,GAAG;AAAA,IACL;AACA,QAAI;AAEJ,QAAI;AACF,UAAI,UAAU;AACZ,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,MAAM;AAAA,QACR,CAAC;AAAA,MACH,OAAO;AACL,gBAAQ,cAAc,IAAI;AAC1B,cAAM,UACJ,WAAW,SAAS,cAAc,OAAO,KAAK,UAAU,EAAE,SAAS;AACrE,cAAM,OAAO,UAAU,EAAE,MAAM,KAAK,UAAU,UAAU,EAAE,IAAI;AAE9D,cAAM,MAAM,QAAQ,MAAM,SAAS,MAAM;AAAA,UACvC;AAAA,UACA;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAEA,YAAM,iBACJ,KAAK,WACL,IAAI,SAAS,IAAI,UAAU,QAAQ,WAAW,MAC5C,UAAU,aAAa;AAC3B,YAAM,eAAe,OAAO,iBAAiB,IAAI,KAAK,IAAI,IAAI,KAAK;AAGnE,UAAI,CAAC,IAAI,IAAI;AACX,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ,YAAY,YAAY;AAAA,UAChC,QAAQ,KAAK;AAAA,UACb,YAAY,KAAK;AAAA,QACnB;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,OAAO;AAC1B,eAAO;AAAA,UACL,MAAM;AAAA,UACN,QAAQ;AAAA,YACN;AAAA,cACE,QAAQ;AAAA,cACR,QAAQ;AAAA,cACR,SAAS,MAAM,WAAW;AAAA,cAC1B,MAAM;AAAA,YACR;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,MAAM;AAAA,QACN,QAAQ,YAAY,KAAK;AAAA,QACzB,QAAQ,KAAK;AAAA,QACb,YAAY,KAAK;AAAA,MACnB;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,YAAY,MAA0C;AAC7D,MAAI,aAAa;AACjB,MAAI,OAAO,SAAS,UAAU;AAC5B,QAAI;AACF,mBAAa,KAAK,MAAM,IAAI;AAAA,IAC9B,SAAS,OAAO;AACd,aAAO,CAAC;AAAA,IACV;AAAA,EACF;AAEA,MAAI,CAAC,cAAc,OAAO,eAAe,UAAU;AACjD,WAAO,CAAC;AAAA,EACV;AAEA,MAAI,WAAW,cAAc,OAAO,WAAW,UAAU,YAAY,WAAW,UAAU,MAAM;AAC9F,UAAM,WAAW,WAAW;AAE5B,QAAI,YAAY,YAAY,MAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,SAAS,GAAG;AACxF,aAAO,SAAS,OAAO,IAAI,CAAC,QAAa,WAAW;AAAA,QAClD,MAAM,SAAS,QAAQ;AAAA,QACvB,SAAS,IAAI,WAAW;AAAA,QACxB,QAAQ,IAAI;AAAA,QACZ,QAAQ,IAAI;AAAA,MACd,CAAC,CAAC;AAAA,IACJ;AAGA,WAAO,CAAC,WAAW;AAAA,MACjB,MAAM,SAAS,MAAM,SAAS,KAAK;AAAA,MACnC,SAAS,SAAS,WAAW;AAAA,MAC7B,QAAQ,SAAS,UAAU;AAAA,MAC3B,QAAQ,SAAS,UAAU,SAAS,MAAM,SAAS,KAAK;AAAA,IAC1D,CAAC,CAAC;AAAA,EACJ;AAEA,SAAO,CAAC;AACV;AAEO,SAAS,WAAW,OAA6D;AACtF,SAAO;AAAA,IACL,QAAQ,MAAM;AAAA,IACd,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM;AAAA,IACf,MAAM,MAAM;AAAA,EACd;AACF;;;ACrNO,SAAS,cAAc,SAA+B;AAC3D,QAAM,UAAU,cAAc,OAAO;AACrC,SAAO;AAAA,IACL,OAAO,IAAI,SAAS,OAAO;AAAA,IAC3B,UAAU,IAAI,YAAY,OAAO;AAAA,IACjC,QAAQ,IAAI,eAAe,OAAO;AAAA,IAClC,QAAQ,IAAI,UAAU,OAAO;AAAA,IAC7B,QAAQ,IAAI,SAAS,OAAO;AAAA,IAC5B,UAAU,IAAI,SAAS,OAAO;AAAA,EAChC;AACF;;;ACVA,IAAM,iBAAmC;AAAA,EACvC,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AACd;AAEO,SAAS,uBACd,cAAgC,CAAC,GACf;AAClB,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACsBA,IAAM,0BAAN,MAAiE;AAAA,EACxD,YACG,mBACA,SACR;AAFQ;AACA;AAER,SAAK,iBAAiB;AACtB,SAAK,iBAAiB;AACtB,SAAK,cAAc;AACnB,WAAO,OAAO,MAAM,OAAO;AAC3B,SAAK,UAAU,KAAK,kBAAkB;AAAA,EACxC;AAAA,EAEA,IAAW,UAA6B;AACtC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,mBAAmB;AACzB,SAAK,uBAAuB,KAAK;AAAA,MAC/B,KAAK,UAAU,UAAU,QAAQ,aAAa;AAAA,IAChD;AACA,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AACrD,SAAK,OAAO,KAAK,UAAU,UAAU,QAAQ,IAAI;AACjD,SAAK,gBAAgB,KAAK,UAAU,UAAU,QAAQ,aAAa;AACnE,SAAK,iBACH,KAAK,UAAU,UAAU,QAAQ,wBAAwB,KACzD,KAAK,UAAU,UAAU,QAAQ,cAAc;AACjD,SAAK,WAAW,KAAK,UAAU,UAAU,QAAQ,QAAQ;AACzD,SAAK,YAAY,KAAK,UAAU,UAAU,QAAQ,SAAS;AAC3D,SAAK,eAAe,KAAK,UAAU,UAAU,QAAQ,YAAY;AACjE,SAAK,SAAS,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACvD;AAAA,EAEQ,mBAAmB;AACzB,UAAM,eAAe,QAAQ,IAAI,aAAa;AAC9C,UAAM,gBAAgB,eAAe,YAAY;AACjD,SAAK,uBAAuB,KAAK,UAAU,UAAU,QAAQ,OAAO;AAGpE,SAAK,kBAAkB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACpF,SAAK,uBAAuB,KAAK,UAAU,GAAG,aAAa,GAAG,UAAU,QAAQ,OAAO,EAAE;AACzF,SAAK,oBAAoB,KAAK,UAAU,UAAU,QAAQ,SAAS;AACnE,SAAK,sBAAsB,KAAK,UAAU,UAAU,QAAQ,MAAM;AAAA,EACpE;AAAA,EAEQ,gBAAgB;AACtB,SAAK,SAAS,KAAK,kBAAkB;AACrC,SAAK,eAAe,KAAK,kBAAkB,QAAQ,SAAS,MAAM,GAAG,EAAE,OAAO,OAAO;AACrF,SAAK,WAAW,KAAK,aAAa,CAAC;AACnC,SAAK,cAAc,KAAK,aAAa,CAAC;AAAA,EACxC;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,UAAU,MAAc;AAC9B,WAAO,KAAK,kBAAkB,QAAQ,IAAI,IAAI,KAAK;AAAA,EACrD;AAAA,EAEQ,yBACN,qBACoB;AACpB,QAAI,CAAC,qBAAqB;AACxB,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,QAAQ,KAAK,IAAI,oBAAoB,MAAM,KAAK,CAAC;AAExD,QAAI,CAAC,OAAO;AAEV,aAAO;AAAA,IACT;AAEA,QAAI,WAAW,UAAU;AACvB,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT;AACF;AAIO,IAAM,yBAAyB,CACpC,mBACA,YAC4B;AAC5B,SAAO,IAAI,wBAAwB,mBAAmB,OAAO;AAC/D;;;AClIA,SAAS,iBAAiB,0BAA0B,uBAAuB;;;ACwB3E,SAAS,uBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,SAAS,oBACP,OACA,SACA,SACA;AACA,SACE,MAAM,WAAW,6BAA6B,gBAC9C,CAAC,CAAC,QAAQ,wBACV,QAAQ,WAAW;AAEvB;AAEA,eAAsB,oBACpB,SACA,SACuB;AACvB,QAAM,UAAU,uBAAuB,wBAAwB,OAAO,GAAG,OAAO;AAChF,QAAM,EAAE,qBAAqB,IAAI;AAEjC,QAAM,EAAE,sBAAsB,IAAI,QAAQ,OAAO;AAEjD,iBAAe,eAAe;AAC5B,QAAI,CAAC,sBAAsB;AACzB,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO;AAAA,UACL,SAAS;AAAA,UACT,QAAQ,gBAAgB;AAAA,QAC1B;AAAA,MACF;AAAA,IACF;AACA,WAAO,MAAM,sBAAsB,sBAAsB;AAAA,MACvD,SAAS,QAAQ,QAAQ;AAAA,IAC3B,CAAC;AAAA,EACH;AAEA,iBAAe,gBAGb;AACA,UAAM,EAAE,MAAM,eAAe,MAAM,IAAI,MAAM,aAAa;AAC1D,QAAI,CAAC,eAAe;AAClB,aAAO,EAAE,MAAM,MAAM,MAAM;AAAA,IAC7B;AAEA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,EAAE,QAAQ,IAAI;AAEpB,UAAM,SAAS;AACf,UAAM,eAAe,gBAAgB;AACrC,UAAM,oBAAoB,yBAAyB,UAAU,QAAQ,SAAS,YAAY;AAC1F,UAAM,uBAAuB;AAE7B,UAAM,gBAAgB,GAAG,iBAAiB,IAAI,OAAO,KAAK,oBAAoB;AAC9E,YAAQ,OAAO,cAAc,aAAa;AAE1C,UAAM,EAAE,MAAM,SAAS,OAAO,IAAI,MAAM,YAAY,SAAS,OAAO;AACpE,QAAI,QAAQ;AACV,aAAO;AAAA,QACL,MAAM;AAAA,QACN,OAAO,SAAS,OAAO,CAAC,IAAI,IAAI,MAAM,kCAAkC;AAAA,MAC1E;AAAA,IACF;AACA,WAAO,EAAE,MAAM,EAAE,SAAS,OAAO,SAAS,QAAQ,GAAG,OAAO,KAAK;AAAA,EACnE;AAEA,iBAAe,uCAAuC;AACpD,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,QAAQ,iBAAkB,OAAO;AAE5E,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,MAAM,QAAW,QAAQ,eAAgB;AAC/E,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,uCAAuC;AACpD,UAAM,EAAE,qBAAqB,IAAI;AACjC,QAAI;AAEF,YAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,sBAAuB,OAAO;AAEzE,UAAI,QAAQ;AACV,cAAM,OAAO,CAAC;AAAA,MAChB;AAGA,YAAM,uBAAuB,SAAS,MAAM,QAAW,oBAAqB;AAC5E,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,aAAO,YAAY,KAAK,QAAQ;AAAA,IAClC;AAAA,EACF;AAEA,iBAAe,YACb,KACA,cACyC;AACzC,QAAI,EAAE,eAAe,yBAAyB;AAC5C,aAAO,UAAU,gBAAgB,eAAe;AAAA,IAClD;AAEA,QAAI;AACJ,QAAI,oBAAoB,KAAK,SAAS,OAAO,GAAG;AAC9C,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,cAAc;AAC5C,UAAI,MAAM;AACR,eAAO,SAAS,KAAK,SAAS,KAAK,SAAS,KAAK,KAAK;AAAA,MACxD;AAEA,UAAI,OAAO,OAAO,QAAQ;AACxB,uBAAe,MAAM,MAAM;AAAA,MAC7B;AAAA,IACF,OAAO;AACL,UAAI,QAAQ,WAAW,OAAO;AAC5B,uBAAe,wBAAwB;AAAA,MACzC,WAAW,CAAC,QAAQ,sBAAsB;AACxC,uBAAe,wBAAwB;AAAA,MACzC,OAAO;AACL,uBAAe;AAAA,MACjB;AAAA,IACF;AAEA,QAAI,eAAe;AAEnB,WAAO,UAAU,IAAI,QAAQ,IAAI,eAAe,CAAC;AAAA,EACnD;AAEA,MAAI,uBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;AAUO,SAAS,0BAA0B,QAA0C;AAClF,QAAM,mBAAmB,uBAAuB,OAAO,OAAO;AAC9D,QAAM,YAAY,OAAO;AAEzB,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,EAAE,OAAO,IAAI;AACnB,WAAO,oBAAoB,SAAS,EAAE,GAAG,SAAS,QAAQ,UAAU,CAAC;AAAA,EACvE;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;AC3KO,SAAS,4BAA4B,SAA4D;AACtG,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,0BAA0B,EAAC,SAAS,MAAM,UAAS,CAAC;AAEzE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;AClBA,IAAM,yBAAyB;AAAA,EAC7B,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,WAAW;AAAA,EACX,UAAU;AACZ;AAEO,SAASA,wBACd,mBACA,SACG;AACH,SAAO,OAAO,KAAK,iBAAiB,EAAE;AAAA,IACpC,CAAC,KAAQ,QAAgB;AACvB,aAAO,EAAE,GAAG,KAAK,CAAC,GAAG,GAAG,QAAQ,GAAG,KAAK,IAAI,GAAG,EAAE;AAAA,IACnD;AAAA,IACA,EAAE,GAAG,kBAAkB;AAAA,EACzB;AACF;AAEA,IAAM,gBAAgB;AACtB,IAAM,mBAAmB;AAEzB,SAAS,uBAAuB,SAAiC;AAC/D,QAAM,aAAa,QAAQ,QAAQ,IAAI,eAAe;AAEtD,MAAI,CAAC,cAAc,CAAC,WAAW,WAAW,aAAa,GAAG;AACxD,WAAO;AAAA,EACT;AAEA,SAAO,WAAW,MAAM,cAAc,MAAM;AAC9C;AAEA,SAAS,uBAAuB,SAAiC;AAC/D,QAAM,eAAe,QAAQ,QAAQ,IAAI,QAAQ,KAAK;AAEtD,MAAI,CAAC,cAAc;AACjB,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,aAAa,MAAM,GAAG,EAAE;AAAA,IACtC,CAAC,KAAK,WAAW;AACf,YAAM,CAAC,MAAM,KAAK,IAAI,OAAO,KAAK,EAAE,MAAM,GAAG;AAC7C,UAAI,IAAI,IAAI;AACZ,aAAO;AAAA,IACT;AAAA,IACA,CAAC;AAAA,EACH;AAEA,SAAO,QAAQ,gBAAgB,KAAK;AACtC;AAEA,SAASC,wBAAuB,SAA2B;AACzD,SAAO,QAAQ,QAAQ,IAAI,eAAe;AAC5C;AAEA,eAAsBC,qBACpB,SACA,SACuB;AACvB,iBAAe,uCAAuC;AACpD,UAAM,QAAQ,uBAAuB,OAAO;AAC5C,QAAI,CAAC,OAAO;AACV,aAAO,UAAU,gBAAgB,mBAAmB;AAAA,IACtD;AACA,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,OAAO,OAAO;AAEzD,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,UAAM,uBAAuB,SAAS,MAAM,QAAW,KAAK;AAC5D,WAAO;AAAA,EACT;AAEA,iBAAe,uCAAuC;AACpD,UAAM,QAAQ,uBAAuB,OAAO;AAC5C,QAAI,CAAC,OAAO;AACV,aAAO,UAAU,gBAAgB,mBAAmB;AAAA,IACtD;AAEA,UAAM,EAAE,MAAM,OAAO,IAAI,MAAM,YAAY,OAAO,OAAO;AAEzD,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,UAAM,uBAAuB,SAAS,MAAM,QAAW,KAAK;AAC5D,WAAO;AAAA,EACT;AAEA,MAAID,wBAAuB,OAAO,GAAG;AACnC,WAAO,qCAAqC;AAAA,EAC9C;AAEA,SAAO,qCAAqC;AAC9C;AASO,SAAS,8BAA8B,QAA8C;AAC1F,QAAM,mBAAmBD,wBAAuB,wBAAwB,OAAO,OAAO;AAEtF,QAAM,4BAA4B,CAAC,SAAkB,UAA0B,CAAC,MAAM;AACpF,UAAM,iBAAiB,EAAE,GAAG,kBAAkB,GAAG,QAAQ;AACzD,WAAOE,qBAAoB,SAAS,cAAc;AAAA,EACpD;AAEA,SAAO;AAAA,IACL,qBAAqB;AAAA,EACvB;AACF;;;AClHO,SAAS,iBAAiB,SAAsD;AACrF,QAAM,OAAO,EAAE,GAAG,QAAQ;AAC1B,QAAM,YAAY,cAAc,IAAI;AACpC,QAAM,eAAe,8BAA8B,EAAE,SAAS,KAAK,CAAC;AAEpE,SAAO;AAAA,IACL,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AACF;;;ACnBO,IAAK,WAAL,kBAAKC,cAAL;AACL,EAAAA,oBAAA,WAAQ,KAAR;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,UAAO,KAAP;AACA,EAAAA,oBAAA,WAAQ,KAAR;AAJU,SAAAA;AAAA,GAAA;AAaL,IAAM,SAAN,MAAa;AAAA,EACV;AAAA,EAER,YAAY,UAAkC,CAAC,GAAG;AAChD,SAAK,UAAU;AAAA,MACb,SAAS;AAAA,MACT,OAAO;AAAA,MACP,QAAQ;AAAA,MACR,GAAG;AAAA,IACL;AAAA,EACF;AAAA,EAEA,SAAe;AACb,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,UAAgB;AACd,SAAK,QAAQ,UAAU;AAAA,EACzB;AAAA,EAEA,SAAS,OAAuB;AAC9B,SAAK,QAAQ,QAAQ;AAAA,EACvB;AAAA,EAEA,UAAU,QAAsB;AAC9B,SAAK,QAAQ,SAAS;AAAA,EACxB;AAAA,EAEQ,IAAI,OAAiB,WAAmB,YAAoB,MAAmB;AACrF,QAAI,CAAC,KAAK,QAAQ,WAAW,QAAQ,KAAK,QAAQ,OAAO;AACvD;AAAA,IACF;AAEA,UAAM,aAAY,oBAAI,KAAK,GAAE,YAAY;AACzC,UAAM,mBAAmB,GAAG,SAAS,IAAI,KAAK,QAAQ,MAAM,KAAK,SAAS,KAAK,OAAO;AAEtF,YAAQ,OAAO;AAAA,MACb,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,KAAK,kBAAkB,GAAG,IAAI;AACtC;AAAA,MACF,KAAK;AACH,gBAAQ,MAAM,kBAAkB,GAAG,IAAI;AACvC;AAAA,IACJ;AAAA,EACF;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,KAAK,YAAoB,MAAmB;AAC1C,SAAK,IAAI,cAAe,QAAQ,SAAS,GAAG,IAAI;AAAA,EAClD;AAAA,EAEA,MAAM,YAAoB,MAAmB;AAC3C,SAAK,IAAI,eAAgB,SAAS,SAAS,GAAG,IAAI;AAAA,EACpD;AACF;AAEO,IAAM,eAAe,CAAC,YAA6C;AACxE,SAAO,IAAI,OAAO,OAAO;AAC3B;AAEO,IAAM,cAAc,aAAa,EAAE,QAAQ,qBAAqB,CAAC;AACjE,IAAM,aAAa,aAAa,EAAE,QAAQ,oBAAoB,CAAC;;;ACrF/D,SAAS,qBAA2B;AACzC,aAAW,OAAO;AAClB,aAAW,sBAAuB;AAElC,cAAY,OAAO;AACnB,cAAY,sBAAuB;AACrC;AAEO,SAAS,sBAA4B;AAC1C,aAAW,QAAQ;AACnB,cAAY,QAAQ;AACtB;AAEO,SAAS,YAAY,OAAuB;AACjD,aAAW,SAAS,KAAK;AACzB,cAAY,SAAS,KAAK;AAC5B;;;ACfO,IAAM,kBAAN,MAAqD;AAAA,EAClD;AAAA,EACA;AAAA,EAER,YAAY,QAAwB;AAClC,SAAK,SAAS;AACd,SAAK,YAAY,OAAO,SAAS;AAAA,EACnC;AAAA,EAEA,kBAAkB,OAAM,QAAoD;AAC1E,QAAI;AAGF,YAAM,WAAW,MAAM,MAAM,KAAK,OAAO,KAAK;AAAA,QAC5C,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,iBAAiB,UAAU,KAAK,OAAO,KAAK;AAAA,QAC9C;AAAA,QACA,MAAM,KAAK,UAAU;AAAA,UACnB,OAAO,2DAA2D,KAAK,SAAS;AAAA,UAChF,QAAQ,CAAC,GAAG;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAED,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,IAAI,MAAM,uBAAuB,SAAS,MAAM,EAAE;AAAA,MAC1D;AAEA,YAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,UAAI,OAAO,QAAQ,OAAO,KAAK,SAAS,GAAG;AACzC,cAAM,MAAM,OAAO,KAAK,CAAC;AACzB,cAAM,eAAmC;AAAA,UACvC,KAAK,IAAI;AAAA,UACT,OAAO,IAAI;AAAA,UACX,cAAc,IAAI;AAAA,QACpB;AAEA,mBAAW,MAAM,wBAAwB,GAAG,EAAE;AAC9C,eAAO;AAAA,MACT;AAEA,iBAAW,MAAM,2BAA2B,GAAG,EAAE;AACjD,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,gDAAgD,KAAK;AACtE,aAAO;AAAA,IACT;AAAA,EACF;AACF;;;ACrDA,SAAS,aAAa;AActB,IAAM,WAAN,MAAkB;AAAA,EACR,QAAQ,oBAAI,IAA2B;AAAA,EAC9B;AAAA,EAEjB,YAAY,eAAuB,KAAO;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,IAAI,KAAa,OAAU,OAAsB;AAC/C,UAAM,YAAY,KAAK,IAAI,KAAK,SAAS,KAAK;AAC9C,SAAK,MAAM,IAAI,KAAK,EAAE,OAAO,UAAU,CAAC;AACxC,YAAQ,IAAI,qBAAqB,GAAG,WAAW,KAAK,UAAU,KAAK,CAAC,eAAe,SAAS,eAAe,KAAK,MAAM,IAAI,EAAE;AAAA,EAC9H;AAAA,EAEQ,SAAS,KAAwC;AACvD,UAAM,QAAQ,KAAK,MAAM,IAAI,GAAG;AAChC,QAAI,CAAC,MAAO,QAAO;AAEnB,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,MAAM,MAAM,WAAW;AACzB,cAAQ,IAAI,iBAAiB,GAAG,iBAAiB,GAAG,eAAe,MAAM,SAAS,GAAG;AACrF,WAAK,MAAM,OAAO,GAAG;AACrB,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,IAAI,KAA4B;AAC9B,UAAM,QAAQ,KAAK,SAAS,GAAG;AAC/B,UAAM,WAAW,UAAU;AAC3B,UAAM,cAAc,KAAK,MAAM,IAAI,GAAG;AACtC,UAAM,WAAW,KAAK,MAAM,IAAI,GAAG;AAEnC,YAAQ,IAAI,qBAAqB,GAAG,cAAc,QAAQ,iBAAiB,WAAW,EAAE;AACxF,YAAQ,IAAI,0BAA0B,KAAK,UAAU,QAAQ,CAAC,WAAW,KAAK,UAAU,KAAK,CAAC,EAAE;AAEhG,QAAI,CAAC,OAAO;AACV,cAAQ,IAAI,wCAAwC,GAAG,uBAAuB;AAC9E,aAAO;AAAA,IACT;AAEA,YAAQ,IAAI,iCAAiC,KAAK,UAAU,MAAM,KAAK,CAAC,YAAY,GAAG,EAAE;AACzF,WAAO,MAAM;AAAA,EACf;AAAA,EAGA,OAAO,KAAsB;AAC3B,WAAO,KAAK,MAAM,OAAO,GAAG;AAAA,EAC9B;AAAA,EAEA,QAAc;AACZ,SAAK,MAAM,MAAM;AAAA,EACnB;AAAA,EAEA,UAAgB;AACd,UAAM,MAAM,KAAK,IAAI;AACrB,eAAW,CAAC,KAAK,KAAK,KAAK,KAAK,MAAM,QAAQ,GAAG;AAC/C,UAAI,MAAM,MAAM,WAAW;AACzB,aAAK,MAAM,OAAO,GAAG;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,eAAN,MAAkD;AAAA,EAC/C;AAAA,EACA;AAAA,EACA;AAAA,EAER,YAAY,QAAqB;AAC/B,SAAK,QAAQ,IAAI,MAAM;AAAA,MACrB,KAAK,OAAO;AAAA,MACZ,OAAO,OAAO;AAAA,IAChB,CAAC;AAED,SAAK,YAAY,OAAO,aAAa;AACrC,UAAM,WAAW,OAAO,OAAO;AAC/B,SAAK,QAAQ,IAAI,SAAoC,QAAQ;AAE7D,gBAAY,MAAM,KAAK,MAAM,QAAQ,GAAG,IAAI,KAAK,GAAI;AAAA,EACvD;AAAA,EAEA,kBAAkB,OAAO,QAAoD;AAC3E,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AAExC,eAAW,MAAM,yCAAyC,QAAQ,EAAE;AAGpE,UAAM,eAAe,KAAK,MAAM,IAAI,QAAQ;AAC5C,eAAW,MAAM,sCAAsC,QAAQ,KAAK;AAAA,MAClE,cAAc,KAAK,UAAU,YAAY;AAAA,MACzC,aAAa,iBAAiB;AAAA,MAC9B,MAAM,OAAO;AAAA,IACf,CAAC;AAED,QAAI,iBAAiB,QAAW;AAC9B,iBAAW,MAAM,gCAAgC,GAAG,IAAI;AAAA,QACtD;AAAA,QACA,cAAc,KAAK,UAAU,YAAY;AAAA,MAC3C,CAAC;AACD,aAAO;AAAA,IACT;AAEA,eAAW;AAAA,MACT,iCAAiC,GAAG,mCAAmC,QAAQ;AAAA,IACjF;AAEA,QAAI;AACF,YAAM,eACJ,MAAM,KAAK,MAAM,IAAI,QAAQ;AAE/B,iBAAW,MAAM,0BAA0B,QAAQ,KAAK;AAAA,QACtD,cAAc,KAAK,UAAU,YAAY;AAAA,QACzC,MAAM,OAAO;AAAA,MACf,CAAC;AAGD,WAAK,MAAM,IAAI,UAAU,YAAY;AAErC,iBAAW,MAAM,oCAAoC,GAAG,IAAI;AAAA,QAC1D;AAAA,QACA,YAAY,CAAC,CAAC;AAAA,QACd,aAAa,KAAK,UAAU,YAAY;AAAA,MAC1C,CAAC;AAED,aAAO;AAAA,IACT,SAAS,OAAO;AACd,iBAAW,MAAM,6CAA6C,KAAK;AACnE,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,gBAAgB,KAAmB;AACjC,UAAM,WAAW,GAAG,KAAK,SAAS,GAAG,GAAG;AACxC,SAAK,MAAM,OAAO,QAAQ;AAAA,EAC5B;AACF;;;ACnJO,SAAS,cACd,QACqB;AACrB,UAAQ,OAAO,MAAM;AAAA,IACnB,KAAK;AACH,aAAO,IAAI,aAAa,OAAO,MAAa;AAAA,IAC9C,KAAK;AACH,aAAO,IAAI,gBAAgB,OAAO,MAAa;AAAA,IACjD;AACE,YAAM,IAAI,MAAM,6BAA8B,OAAe,IAAI,EAAE;AAAA,EACvE;AACF;AAEO,SAAS,4BAA4B,SAGH;AACvC,MAAI,SAAS,WAAW,CAAC,QAAQ,SAAS;AACxC,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["mergePreDefinedOptions","hasAuthorizationHeader","authenticateRequest","LogLevel"]}
package/dist/jwt/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/jwt/index.ts","../../src/jwt/guardReturn.ts","../../src/jwt/verifyJwt.ts","../../src/utils/errors.ts","../../src/utils/rfc4648.ts","../../src/jwt/cryptoKeys.ts","../../src/jwt/algorithms.ts","../../src/jwt/jwt.ts","../../src/jwt/customJwt.ts"],"sourcesContent":["import { createJwtGuard } from './guardReturn';\nimport { ternDecodeJwt as _ternDecodeJwt } from './verifyJwt';\n\nexport const ternDecodeJwt = createJwtGuard(_ternDecodeJwt);\nexport { ternDecodeJwt as ternDecodeJwtUnguarded } from './verifyJwt';\n\nexport * from './jwt';\nexport * from './customJwt';\nexport type { JwtReturnType } from './types';","import { type JwtReturnType } from \"./types\";\n\nexport function createJwtGuard<T extends (...args: any[]) => JwtReturnType<any, any>>(decodedFn: T) {\n return (...args: Parameters<T>): NonNullable<Awaited<ReturnType<T>>['data']> | never => {\n const { data, errors } = decodedFn(...args);\n\n if (errors) {\n throw errors[0];\n }\n\n return data;\n };\n}\n","import type { DecodedIdToken, Jwt,JWTPayload } from '@tern-secure/types';\nimport {\n decodeJwt,\n decodeProtectedHeader,\n jwtVerify,\n} from 'jose';\n\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport { base64url } from '../utils/rfc4648';\nimport { importKey } from './cryptoKeys';\nimport type { JwtReturnType } from './types';\nimport {\n verifyExpirationClaim,\n verifyHeaderKid,\n verifyIssuedAtClaim,\n verifySubClaim,\n} from './verifyContent';\n\nconst DEFAULT_CLOCK_SKEW_IN_MS = 5 * 1000;\n\nexport type VerifyJwtOptions = {\n audience?: string | string[];\n clockSkewInMs?: number;\n key: JsonWebKey | string;\n};\n\nexport async function verifySignature(\n jwt: Jwt,\n key: JsonWebKey | string,\n): Promise<JwtReturnType<JWTPayload, Error>> {\n const { header, raw } = jwt;\n const joseAlgorithm = header.alg || 'RS256';\n\n try {\n const publicKey = await importKey(key, joseAlgorithm);\n\n const { payload } = await jwtVerify(raw.text, publicKey);\n\n return { data: payload };\n } catch (error) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalidSignature,\n message: (error as Error).message,\n }),\n ],\n };\n }\n}\n\nexport function ternDecodeJwt(token: string): JwtReturnType<Jwt, TokenVerificationError> {\n try {\n const header = decodeProtectedHeader(token);\n const payload = decodeJwt(token);\n\n const tokenParts = (token || '').toString().split('.');\n if (tokenParts.length !== 3) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: 'Invalid JWT format',\n }),\n ],\n };\n }\n\n const [rawHeader, rawPayload, rawSignature] = tokenParts;\n const signature = base64url.parse(rawSignature, { loose: true });\n\n const data = {\n header,\n payload,\n signature,\n raw: {\n header: rawHeader,\n payload: rawPayload,\n signature: rawSignature,\n text: token,\n },\n };\n\n return { data };\n } catch (error: any) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: error.message,\n }),\n ],\n };\n }\n}\n\nexport async function verifyJwt(\n token: string,\n options: VerifyJwtOptions,\n): Promise<JwtReturnType<DecodedIdToken, TokenVerificationError>> {\n const { key } = options;\n const clockSkew = options.clockSkewInMs || DEFAULT_CLOCK_SKEW_IN_MS;\n\n const { data: decoded, errors } = ternDecodeJwt(token);\n if (errors) {\n return { errors };\n }\n\n const { header, payload } = decoded;\n\n try {\n verifyHeaderKid(header.kid);\n verifySubClaim(payload.sub);\n verifyExpirationClaim(payload.exp, clockSkew);\n verifyIssuedAtClaim(payload.iat, clockSkew);\n } catch (error) {\n return { errors: [error as TokenVerificationError] };\n }\n\n const { data: verifiedPayload, errors: signatureErrors } = await verifySignature(decoded, key);\n if (signatureErrors) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalidSignature,\n message: 'Token signature verification failed.',\n }),\n ],\n };\n }\n\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(verifiedPayload);\n\n return { data: decodedIdToken };\n}\n","export const RefreshTokenErrorReason = {\n NonEligibleNoCookie: 'non-eligible-no-refresh-cookie',\n NonEligibleNonGet: 'non-eligible-non-get',\n InvalidSessionToken: 'invalid-session-token',\n MissingApiClient: 'missing-api-client',\n MissingIdToken: 'missing-id-token',\n MissingSessionToken: 'missing-session-token',\n MissingRefreshToken: 'missing-refresh-token',\n ExpiredIdTokenDecodeFailed: 'expired-id-token-decode-failed',\n ExpiredSessionTokenDecodeFailed: 'expired-session-token-decode-failed',\n FetchError: 'fetch-error',\n} as const;\n\nexport type TokenCarrier = 'header' | 'cookie';\n\nexport const TokenVerificationErrorReason = {\n TokenExpired: 'token-expired',\n TokenInvalid: 'token-invalid',\n TokenInvalidAlgorithm: 'token-invalid-algorithm',\n TokenInvalidAuthorizedParties: 'token-invalid-authorized-parties',\n TokenInvalidSignature: 'token-invalid-signature',\n TokenNotActiveYet: 'token-not-active-yet',\n TokenIatInTheFuture: 'token-iat-in-the-future',\n TokenVerificationFailed: 'token-verification-failed',\n InvalidSecretKey: 'secret-key-invalid',\n LocalJWKMissing: 'jwk-local-missing',\n RemoteJWKFailedToLoad: 'jwk-remote-failed-to-load',\n RemoteJWKInvalid: 'jwk-remote-invalid',\n RemoteJWKMissing: 'jwk-remote-missing',\n JWKFailedToResolve: 'jwk-failed-to-resolve',\n JWKKidMismatch: 'jwk-kid-mismatch',\n};\n\nexport type TokenVerificationErrorReason =\n (typeof TokenVerificationErrorReason)[keyof typeof TokenVerificationErrorReason];\n\nexport class TokenVerificationError extends Error {\n reason: TokenVerificationErrorReason;\n tokenCarrier?: TokenCarrier;\n\n constructor({\n message,\n reason,\n }: {\n message: string;\n reason: TokenVerificationErrorReason;\n }) {\n super(message);\n\n Object.setPrototypeOf(this, TokenVerificationError.prototype);\n\n this.reason = reason;\n this.message = message;\n }\n\n public getFullMessage() {\n return `${[this.message].filter(m => m).join(' ')} (reason=${this.reason}, token-carrier=${\n this.tokenCarrier\n })`;\n }\n }\n","/**\n * The base64url helper was extracted from the rfc4648 package\n * in order to resolve CSJ/ESM interoperability issues\n *\n * https://github.com/swansontec/rfc4648.js\n *\n * For more context please refer to:\n * - https://github.com/evanw/esbuild/issues/1719\n * - https://github.com/evanw/esbuild/issues/532\n * - https://github.com/swansontec/rollup-plugin-mjs-entry\n */\nexport const base64url = {\n parse(string: string, opts?: ParseOptions): Uint8Array {\n return parse(string, base64UrlEncoding, opts);\n },\n\n stringify(data: ArrayLike<number>, opts?: StringifyOptions): string {\n return stringify(data, base64UrlEncoding, opts);\n },\n};\n\nconst base64UrlEncoding: Encoding = {\n chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',\n bits: 6,\n};\n\ninterface Encoding {\n bits: number;\n chars: string;\n codes?: { [char: string]: number };\n}\n\ninterface ParseOptions {\n loose?: boolean;\n out?: new (size: number) => { [index: number]: number };\n}\n\ninterface StringifyOptions {\n pad?: boolean;\n}\n\nfunction parse(string: string, encoding: Encoding, opts: ParseOptions = {}): Uint8Array {\n // Build the character lookup table:\n if (!encoding.codes) {\n encoding.codes = {};\n for (let i = 0; i < encoding.chars.length; ++i) {\n encoding.codes[encoding.chars[i]] = i;\n }\n }\n\n // The string must have a whole number of bytes:\n if (!opts.loose && (string.length * encoding.bits) & 7) {\n throw new SyntaxError('Invalid padding');\n }\n\n // Count the padding bytes:\n let end = string.length;\n while (string[end - 1] === '=') {\n --end;\n\n // If we get a whole number of bytes, there is too much padding:\n if (!opts.loose && !(((string.length - end) * encoding.bits) & 7)) {\n throw new SyntaxError('Invalid padding');\n }\n }\n\n // Allocate the output:\n const out = new (opts.out ?? Uint8Array)(((end * encoding.bits) / 8) | 0) as Uint8Array;\n\n // Parse the data:\n let bits = 0; // Number of bits currently in the buffer\n let buffer = 0; // Bits waiting to be written out, MSB first\n let written = 0; // Next byte to write\n for (let i = 0; i < end; ++i) {\n // Read one character from the string:\n const value = encoding.codes[string[i]];\n if (value === undefined) {\n throw new SyntaxError('Invalid character ' + string[i]);\n }\n\n // Append the bits to the buffer:\n buffer = (buffer << encoding.bits) | value;\n bits += encoding.bits;\n\n // Write out some bits if the buffer has a byte's worth:\n if (bits >= 8) {\n bits -= 8;\n out[written++] = 0xff & (buffer >> bits);\n }\n }\n\n // Verify that we have received just enough bits:\n if (bits >= encoding.bits || 0xff & (buffer << (8 - bits))) {\n throw new SyntaxError('Unexpected end of data');\n }\n\n return out;\n}\n\nfunction stringify(data: ArrayLike<number>, encoding: Encoding, opts: StringifyOptions = {}): string {\n const { pad = true } = opts;\n const mask = (1 << encoding.bits) - 1;\n let out = '';\n\n let bits = 0; // Number of bits currently in the buffer\n let buffer = 0; // Bits waiting to be written out, MSB first\n for (let i = 0; i < data.length; ++i) {\n // Slurp data into the buffer:\n buffer = (buffer << 8) | (0xff & data[i]);\n bits += 8;\n\n // Write out as much as we can:\n while (bits > encoding.bits) {\n bits -= encoding.bits;\n out += encoding.chars[mask & (buffer >> bits)];\n }\n }\n\n // Partial character:\n if (bits) {\n out += encoding.chars[mask & (buffer << (encoding.bits - bits))];\n }\n\n // Add padding characters until we hit a byte boundary:\n if (pad) {\n while ((out.length * encoding.bits) & 7) {\n out += '=';\n }\n }\n\n return out;\n}\n","import { importJWK, importSPKI,importX509, type KeyLike } from 'jose';\n\nexport async function importKey(key: JsonWebKey | string, algorithm: string): Promise<KeyLike> {\n if (typeof key === 'object') {\n const result = await importJWK(key as Parameters<typeof importJWK>[0], algorithm);\n if (result instanceof Uint8Array) {\n throw new Error('Unexpected Uint8Array result from JWK import');\n }\n return result;\n }\n\n const keyString = key.trim();\n\n if (keyString.includes('-----BEGIN CERTIFICATE-----')) {\n return await importX509(keyString, algorithm);\n }\n\n if (keyString.includes('-----BEGIN PUBLIC KEY-----')) {\n return await importSPKI(keyString, algorithm);\n }\n\n try {\n return await importSPKI(keyString, algorithm);\n } catch (error) {\n throw new Error(\n `Unsupported key format. Supported formats: X.509 certificate (PEM), SPKI (PEM), JWK (JSON object or string). Error: ${error}`,\n );\n }\n}\n","const algToHash: Record<string, string> = {\n RS256: 'SHA-256',\n RS384: 'SHA-384',\n RS512: 'SHA-512',\n};\nconst RSA_ALGORITHM_NAME = 'RSASSA-PKCS1-v1_5';\n\nconst jwksAlgToCryptoAlg: Record<string, string> = {\n RS256: RSA_ALGORITHM_NAME,\n RS384: RSA_ALGORITHM_NAME,\n RS512: RSA_ALGORITHM_NAME,\n};\n\nexport const algs = Object.keys(algToHash);\n\nexport function getCryptoAlgorithm(algorithmName: string): RsaHashedImportParams {\n const hash = algToHash[algorithmName];\n const name = jwksAlgToCryptoAlg[algorithmName];\n\n if (!hash || !name) {\n throw new Error(`Unsupported algorithm ${algorithmName}, expected one of ${algs.join(',')}.`);\n }\n\n return {\n hash: { name: algToHash[algorithmName] },\n name: jwksAlgToCryptoAlg[algorithmName],\n };\n}\n","import type {\n DecodedIdToken,\n TernVerificationResult,\n} from \"@tern-secure/types\";\nimport { createRemoteJWKSet, decodeJwt,jwtVerify } from \"jose\";\n\n\nexport type FirebaseIdTokenPayload = DecodedIdToken;\n\n// Firebase public key endpoints\nconst FIREBASE_ID_TOKEN_URL =\n \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\";\nconst FIREBASE_SESSION_CERT_URL =\n \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\";\n\n//const FIREBASE_NEW_SESSION_PK = \"https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys\"\n\n// Simple in-memory cache for JWKS\nlet idTokenJWKS: ReturnType<typeof createRemoteJWKSet> | null = null;\nlet sessionJWKS: ReturnType<typeof createRemoteJWKSet> | null = null;\n\nconst getIdTokenJWKS = () => {\n if (!idTokenJWKS) {\n idTokenJWKS = createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n });\n }\n return idTokenJWKS;\n};\n\nconst getSessionJWKS = () => {\n if (!sessionJWKS) {\n sessionJWKS = createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n });\n }\n return sessionJWKS;\n};\n\n\n\nexport async function verifyToken(\n token: string,\n isSessionCookie = false\n): Promise<TernVerificationResult> {\n try {\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;\n if (!projectId) {\n throw new Error(\"Firebase Project ID is not configured\");\n }\n\n const { decoded } = decodeJwt(token);\n if (!decoded) {\n throw new Error(\"Invalid token format\");\n }\n\n let retries = 3;\n let lastError: Error | null = null;\n\n while (retries > 0) {\n try {\n // Use different JWKS based on token type\n const JWKS = isSessionCookie ? getSessionJWKS() : getIdTokenJWKS();\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: isSessionCookie\n ? \"https://session.firebase.google.com/\" + projectId\n : \"https://securetoken.google.com/\" + projectId,\n audience: projectId,\n algorithms: [\"RS256\"],\n });\n\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload;\n const now = Math.floor(Date.now() / 1000);\n\n // Verify token claims\n if (firebasePayload.exp <= now) {\n throw new Error(\"Token has expired\");\n }\n\n if (firebasePayload.iat > now) {\n throw new Error(\"Token issued time is in the future\");\n }\n\n if (!firebasePayload.sub) {\n throw new Error(\"Token subject is empty\");\n }\n\n if (firebasePayload.auth_time > now) {\n throw new Error(\"Token auth time is in the future\");\n }\n\n return {\n valid: true,\n uid: firebasePayload.sub,\n sub: firebasePayload.sub,\n email: firebasePayload.email,\n email_verified: firebasePayload.email_verified,\n auth_time: firebasePayload.auth_time,\n iat: firebasePayload.iat,\n exp: firebasePayload.exp,\n aud: firebasePayload.aud,\n iss: firebasePayload.iss,\n firebase: firebasePayload.firebase,\n phone_number: firebasePayload.phone_number,\n picture: firebasePayload.picture,\n };\n } catch (error) {\n lastError = error as Error;\n if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\n console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);\n retries--;\n if (retries > 0) {\n await new Promise((resolve) => setTimeout(resolve, 1000));\n continue;\n }\n }\n throw error;\n }\n }\n\n throw lastError || new Error(\"Failed to verify token after retries\");\n } catch (error) {\n console.error(\"Token verification details:\", {\n error:\n error instanceof Error\n ? {\n name: error.name,\n message: error.message,\n stack: error.stack,\n }\n : error,\n decoded: decodeJwt(token),\n isSessionCookie,\n });\n\n return {\n valid: false,\n error: {\n success: false,\n message: error instanceof Error ? error.message : \"Invalid token\",\n code: \"INVALID_TOKEN\",\n },\n };\n }\n}\n","import type { JWTPayload } from '@tern-secure/types';\nimport { importPKCS8, SignJWT } from 'jose';\n\nimport type { JwtReturnType } from './types';\n\n\nexport interface CustomTokenClaims {\n [key: string]: unknown;\n}\n\nexport class CustomTokenError extends Error {\n constructor(\n message: string,\n public code?: string,\n ) {\n super(message);\n this.name = 'CustomTokenError';\n }\n}\n\nconst RESERVED_CLAIMS = [\n 'acr',\n 'amr',\n 'at_hash',\n 'aud',\n 'auth_time',\n 'azp',\n 'cnf',\n 'c_hash',\n 'exp',\n 'firebase',\n 'iat',\n 'iss',\n 'jti',\n 'nbf',\n 'nonce',\n 'sub',\n];\n\nasync function createCustomTokenJwt(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<JwtReturnType<string, CustomTokenError>> {\n try {\n const privateKey = process.env.FIREBASE_PRIVATE_KEY;\n const clientEmail = process.env.FIREBASE_CLIENT_EMAIL;\n\n if (!privateKey || !clientEmail) {\n return {\n errors: [\n new CustomTokenError(\n 'Missing FIREBASE_PRIVATE_KEY or FIREBASE_CLIENT_EMAIL environment variables',\n 'MISSING_ENV_VARS',\n ),\n ],\n };\n }\n\n if (!uid || typeof uid !== 'string') {\n return {\n errors: [new CustomTokenError('uid must be a non-empty string', 'INVALID_UID')],\n };\n }\n\n if (uid.length > 128) {\n return {\n errors: [new CustomTokenError('uid must not exceed 128 characters', 'UID_TOO_LONG')],\n };\n }\n\n if (developerClaims) {\n for (const claim of Object.keys(developerClaims)) {\n if (RESERVED_CLAIMS.includes(claim)) {\n return {\n errors: [new CustomTokenError(`Custom claim '${claim}' is reserved`, 'RESERVED_CLAIM')],\n };\n }\n }\n }\n\n // Set expiration (default 1 hour, max 1 hour)\n const expiresIn = 3600;\n const now = Math.floor(Date.now() / 1000);\n\n const parsedPrivateKey = await importPKCS8(privateKey.replace(/\\\\n/g, '\\n'), 'RS256');\n\n const payload: JWTPayload = {\n iss: clientEmail,\n sub: clientEmail,\n aud: 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',\n iat: now,\n exp: now + expiresIn,\n uid: uid,\n ...developerClaims,\n };\n\n const jwt = await new SignJWT(payload)\n .setProtectedHeader({ alg: 'RS256', typ: 'JWT' })\n .setIssuedAt(now)\n .setExpirationTime(now + expiresIn)\n .setIssuer(clientEmail)\n .setSubject(clientEmail)\n .setAudience(\n 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',\n )\n .sign(parsedPrivateKey);\n\n return {\n data: jwt,\n };\n } catch (error) {\n const message = error instanceof Error ? error.message : 'Unknown error occurred';\n return {\n errors: [\n new CustomTokenError(`Failed to create custom token: ${message}`, 'TOKEN_CREATION_FAILED'),\n ],\n };\n }\n}\n\nexport async function createCustomToken(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<string> {\n const { data, errors } = await createCustomTokenJwt(uid, developerClaims);\n\n if (errors) {\n throw errors[0];\n }\n\n return data;\n}\n\nexport function createCustomTokenWithResult(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<JwtReturnType<string, CustomTokenError>> {\n return createCustomTokenJwt(uid, developerClaims);\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBAAAA;AAAA,EAAA;AAAA;AAAA;AAAA;;;ACEO,SAAS,eAAsE,WAAc;AAClG,SAAO,IAAI,SAA6E;AACtF,UAAM,EAAE,MAAM,OAAO,IAAI,UAAU,GAAG,IAAI;AAE1C,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AACF;;;ACXA,IAAAC,eAIO;;;ACUA,IAAM,+BAA+B;AAAA,EAC1C,cAAc;AAAA,EACd,cAAc;AAAA,EACd,uBAAuB;AAAA,EACvB,+BAA+B;AAAA,EAC/B,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,qBAAqB;AAAA,EACrB,yBAAyB;AAAA,EACzB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,uBAAuB;AAAA,EACvB,kBAAkB;AAAA,EAClB,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,gBAAgB;AAClB;AAKO,IAAM,yBAAN,MAAM,gCAA+B,MAAM;AAAA,EAChD;AAAA,EACA;AAAA,EAEA,YAAY;AAAA,IACV;AAAA,IACA;AAAA,EACF,GAGG;AACD,UAAM,OAAO;AAEb,WAAO,eAAe,MAAM,wBAAuB,SAAS;AAE5D,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACjB;AAAA,EAEO,iBAAiB;AACtB,WAAO,GAAG,CAAC,KAAK,OAAO,EAAE,OAAO,OAAK,CAAC,EAAE,KAAK,GAAG,CAAC,YAAY,KAAK,MAAM,mBACtE,KAAK,YACP;AAAA,EACF;AACA;;;ACjDK,IAAM,YAAY;AAAA,EACvB,MAAM,QAAgB,MAAiC;AACrD,WAAO,MAAM,QAAQ,mBAAmB,IAAI;AAAA,EAC9C;AAAA,EAEA,UAAU,MAAyB,MAAiC;AAClE,WAAO,UAAU,MAAM,mBAAmB,IAAI;AAAA,EAChD;AACF;AAEA,IAAM,oBAA8B;AAAA,EAClC,OAAO;AAAA,EACP,MAAM;AACR;AAiBA,SAAS,MAAM,QAAgB,UAAoB,OAAqB,CAAC,GAAe;AAEtF,MAAI,CAAC,SAAS,OAAO;AACnB,aAAS,QAAQ,CAAC;AAClB,aAAS,IAAI,GAAG,IAAI,SAAS,MAAM,QAAQ,EAAE,GAAG;AAC9C,eAAS,MAAM,SAAS,MAAM,CAAC,CAAC,IAAI;AAAA,IACtC;AAAA,EACF;AAGA,MAAI,CAAC,KAAK,SAAU,OAAO,SAAS,SAAS,OAAQ,GAAG;AACtD,UAAM,IAAI,YAAY,iBAAiB;AAAA,EACzC;AAGA,MAAI,MAAM,OAAO;AACjB,SAAO,OAAO,MAAM,CAAC,MAAM,KAAK;AAC9B,MAAE;AAGF,QAAI,CAAC,KAAK,SAAS,GAAI,OAAO,SAAS,OAAO,SAAS,OAAQ,IAAI;AACjE,YAAM,IAAI,YAAY,iBAAiB;AAAA,IACzC;AAAA,EACF;AAGA,QAAM,MAAM,KAAK,KAAK,OAAO,YAAc,MAAM,SAAS,OAAQ,IAAK,CAAC;AAGxE,MAAI,OAAO;AACX,MAAI,SAAS;AACb,MAAI,UAAU;AACd,WAAS,IAAI,GAAG,IAAI,KAAK,EAAE,GAAG;AAE5B,UAAM,QAAQ,SAAS,MAAM,OAAO,CAAC,CAAC;AACtC,QAAI,UAAU,QAAW;AACvB,YAAM,IAAI,YAAY,uBAAuB,OAAO,CAAC,CAAC;AAAA,IACxD;AAGA,aAAU,UAAU,SAAS,OAAQ;AACrC,YAAQ,SAAS;AAGjB,QAAI,QAAQ,GAAG;AACb,cAAQ;AACR,UAAI,SAAS,IAAI,MAAQ,UAAU;AAAA,IACrC;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,QAAQ,MAAQ,UAAW,IAAI,MAAQ;AAC1D,UAAM,IAAI,YAAY,wBAAwB;AAAA,EAChD;AAEA,SAAO;AACT;AAEA,SAAS,UAAU,MAAyB,UAAoB,OAAyB,CAAC,GAAW;AACnG,QAAM,EAAE,MAAM,KAAK,IAAI;AACvB,QAAM,QAAQ,KAAK,SAAS,QAAQ;AACpC,MAAI,MAAM;AAEV,MAAI,OAAO;AACX,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,EAAE,GAAG;AAEpC,aAAU,UAAU,IAAM,MAAO,KAAK,CAAC;AACvC,YAAQ;AAGR,WAAO,OAAO,SAAS,MAAM;AAC3B,cAAQ,SAAS;AACjB,aAAO,SAAS,MAAM,OAAQ,UAAU,IAAK;AAAA,IAC/C;AAAA,EACF;AAGA,MAAI,MAAM;AACR,WAAO,SAAS,MAAM,OAAQ,UAAW,SAAS,OAAO,IAAM;AAAA,EACjE;AAGA,MAAI,KAAK;AACP,WAAQ,IAAI,SAAS,SAAS,OAAQ,GAAG;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;ACnIA,kBAA+D;;;ACA/D,IAAM,YAAoC;AAAA,EACxC,OAAO;AAAA,EACP,OAAO;AAAA,EACP,OAAO;AACT;AASO,IAAM,OAAO,OAAO,KAAK,SAAS;;;AJMzC,IAAM,2BAA2B,IAAI;AAiC9B,SAAS,cAAc,OAA2D;AACvF,MAAI;AACF,UAAM,aAAS,oCAAsB,KAAK;AAC1C,UAAM,cAAU,wBAAU,KAAK;AAE/B,UAAM,cAAc,SAAS,IAAI,SAAS,EAAE,MAAM,GAAG;AACrD,QAAI,WAAW,WAAW,GAAG;AAC3B,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI,uBAAuB;AAAA,YACzB,QAAQ,6BAA6B;AAAA,YACrC,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,CAAC,WAAW,YAAY,YAAY,IAAI;AAC9C,UAAM,YAAY,UAAU,MAAM,cAAc,EAAE,OAAO,KAAK,CAAC;AAE/D,UAAM,OAAO;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,QACH,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW;AAAA,QACX,MAAM;AAAA,MACR;AAAA,IACF;AAEA,WAAO,EAAE,KAAK;AAAA,EAChB,SAAS,OAAY;AACnB,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,uBAAuB;AAAA,UACzB,QAAQ,6BAA6B;AAAA,UACrC,SAAS,MAAM;AAAA,QACjB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AK3FA,IAAAC,eAAwD;AAMxD,IAAM,wBACJ;AACF,IAAM,4BACJ;AAKF,IAAI,cAA4D;AAChE,IAAI,cAA4D;AAEhE,IAAM,iBAAiB,MAAM;AAC3B,MAAI,CAAC,aAAa;AAChB,sBAAc,iCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,MAC/D,aAAa;AAAA;AAAA,MACb,iBAAiB;AAAA;AAAA,MACjB,kBAAkB;AAAA;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,IAAM,iBAAiB,MAAM;AAC3B,MAAI,CAAC,aAAa;AAChB,sBAAc,iCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,MACnE,aAAa;AAAA;AAAA,MACb,iBAAiB;AAAA;AAAA,MACjB,kBAAkB;AAAA;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAIA,eAAsB,YACpB,OACA,kBAAkB,OACe;AACjC,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAEA,UAAM,EAAE,QAAQ,QAAI,wBAAU,KAAK;AACnC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,eAAe,IAAI,eAAe;AAEjE,cAAM,EAAE,QAAQ,IAAI,UAAM,wBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,gBAAgB,gBAAgB;AAAA,UAChC,WAAW,gBAAgB;AAAA,UAC3B,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,UAAU,gBAAgB;AAAA,UAC1B,cAAc,gBAAgB;AAAA,UAC9B,SAAS,gBAAgB;AAAA,QAC3B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,aAAS,wBAAU,KAAK;AAAA,MACxB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QAClD,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACpJA,IAAAC,eAAqC;AAS9B,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1C,YACE,SACO,MACP;AACA,UAAM,OAAO;AAFN;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,eAAe,qBACb,KACA,iBACkD;AAClD,MAAI;AACF,UAAM,aAAa,QAAQ,IAAI;AAC/B,UAAM,cAAc,QAAQ,IAAI;AAEhC,QAAI,CAAC,cAAc,CAAC,aAAa;AAC/B,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI;AAAA,YACF;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,aAAO;AAAA,QACL,QAAQ,CAAC,IAAI,iBAAiB,kCAAkC,aAAa,CAAC;AAAA,MAChF;AAAA,IACF;AAEA,QAAI,IAAI,SAAS,KAAK;AACpB,aAAO;AAAA,QACL,QAAQ,CAAC,IAAI,iBAAiB,sCAAsC,cAAc,CAAC;AAAA,MACrF;AAAA,IACF;AAEA,QAAI,iBAAiB;AACnB,iBAAW,SAAS,OAAO,KAAK,eAAe,GAAG;AAChD,YAAI,gBAAgB,SAAS,KAAK,GAAG;AACnC,iBAAO;AAAA,YACL,QAAQ,CAAC,IAAI,iBAAiB,iBAAiB,KAAK,iBAAiB,gBAAgB,CAAC;AAAA,UACxF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,YAAY;AAClB,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,UAAM,mBAAmB,UAAM,0BAAY,WAAW,QAAQ,QAAQ,IAAI,GAAG,OAAO;AAEpF,UAAM,UAAsB;AAAA,MAC1B,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,MAAM;AAAA,MACX;AAAA,MACA,GAAG;AAAA,IACL;AAEA,UAAM,MAAM,MAAM,IAAI,qBAAQ,OAAO,EAClC,mBAAmB,EAAE,KAAK,SAAS,KAAK,MAAM,CAAC,EAC/C,YAAY,GAAG,EACf,kBAAkB,MAAM,SAAS,EACjC,UAAU,WAAW,EACrB,WAAW,WAAW,EACtB;AAAA,MACC;AAAA,IACF,EACC,KAAK,gBAAgB;AAExB,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AACzD,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,iBAAiB,kCAAkC,OAAO,IAAI,uBAAuB;AAAA,MAC3F;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,kBACpB,KACA,iBACiB;AACjB,QAAM,EAAE,MAAM,OAAO,IAAI,MAAM,qBAAqB,KAAK,eAAe;AAExE,MAAI,QAAQ;AACV,UAAM,OAAO,CAAC;AAAA,EAChB;AAEA,SAAO;AACT;AAEO,SAAS,4BACd,KACA,iBACkD;AAClD,SAAO,qBAAqB,KAAK,eAAe;AAClD;;;ARvIO,IAAMC,iBAAgB,eAAe,aAAc;","names":["ternDecodeJwt","import_jose","import_jose","import_jose","ternDecodeJwt"]}
1
+ {"version":3,"sources":["../../src/jwt/index.ts","../../src/jwt/guardReturn.ts","../../src/jwt/verifyJwt.ts","../../src/utils/errors.ts","../../src/utils/rfc4648.ts","../../src/jwt/cryptoKeys.ts","../../src/jwt/algorithms.ts","../../src/jwt/jwt.ts","../../src/jwt/customJwt.ts"],"sourcesContent":["import { createJwtGuard } from './guardReturn';\nimport { ternDecodeJwt as _ternDecodeJwt } from './verifyJwt';\n\nexport const ternDecodeJwt = createJwtGuard(_ternDecodeJwt);\nexport { ternDecodeJwt as ternDecodeJwtUnguarded } from './verifyJwt';\n\nexport * from './jwt';\nexport * from './customJwt';\nexport type { JwtReturnType } from './types';","import { type JwtReturnType } from \"./types\";\n\nexport function createJwtGuard<T extends (...args: any[]) => JwtReturnType<any, any>>(decodedFn: T) {\n return (...args: Parameters<T>): NonNullable<Awaited<ReturnType<T>>['data']> | never => {\n const { data, errors } = decodedFn(...args);\n\n if (errors) {\n throw errors[0];\n }\n\n return data;\n };\n}\n","import type { DecodedIdToken, Jwt, JWTPayload } from '@tern-secure/types';\nimport {\n decodeJwt,\n decodeProtectedHeader,\n jwtVerify,\n} from 'jose';\n\nimport { TokenVerificationError, TokenVerificationErrorReason } from '../utils/errors';\nimport { mapJwtPayloadToDecodedIdToken } from '../utils/mapDecode';\nimport { base64url } from '../utils/rfc4648';\nimport { importKey } from './cryptoKeys';\nimport type { JwtReturnType } from './types';\nimport {\n verifyExpirationClaim,\n verifyHeaderKid,\n verifyIssuedAtClaim,\n verifySubClaim,\n} from './verifyContent';\n\nconst DEFAULT_CLOCK_SKEW_IN_MS = 5 * 1000;\n\nexport type VerifyJwtOptions = {\n audience?: string | string[];\n clockSkewInMs?: number;\n key: JsonWebKey | string;\n};\n\nexport async function verifySignature(\n jwt: Jwt,\n key: JsonWebKey | string,\n): Promise<JwtReturnType<JWTPayload, Error>> {\n const { header, raw } = jwt;\n const joseAlgorithm = header.alg || 'RS256';\n\n try {\n const publicKey = await importKey(key, joseAlgorithm);\n\n const { payload } = await jwtVerify(raw.text, publicKey);\n\n return { data: payload };\n } catch (error) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalidSignature,\n message: (error as Error).message,\n }),\n ],\n };\n }\n}\n\nexport function ternDecodeJwt(token: string): JwtReturnType<Jwt, TokenVerificationError> {\n try {\n const header = decodeProtectedHeader(token);\n const payload = decodeJwt(token);\n\n const tokenParts = (token || '').toString().split('.');\n if (tokenParts.length !== 3) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: 'Invalid JWT format',\n }),\n ],\n };\n }\n\n const [rawHeader, rawPayload, rawSignature] = tokenParts;\n const signature = base64url.parse(rawSignature, { loose: true });\n\n const data = {\n header,\n payload,\n signature,\n raw: {\n header: rawHeader,\n payload: rawPayload,\n signature: rawSignature,\n text: token,\n },\n };\n\n return { data };\n } catch (error: any) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalid,\n message: error.message,\n }),\n ],\n };\n }\n}\n\nexport async function verifyJwt(\n token: string,\n options: VerifyJwtOptions,\n): Promise<JwtReturnType<DecodedIdToken, TokenVerificationError>> {\n const { key } = options;\n const clockSkew = options.clockSkewInMs || DEFAULT_CLOCK_SKEW_IN_MS;\n\n const { data: decoded, errors } = ternDecodeJwt(token);\n if (errors) {\n return { errors };\n }\n\n const { header, payload } = decoded;\n\n try {\n verifyHeaderKid(header.kid);\n verifySubClaim(payload.sub);\n verifyExpirationClaim(payload.exp, clockSkew);\n verifyIssuedAtClaim(payload.iat, clockSkew);\n } catch (error) {\n return { errors: [error as TokenVerificationError] };\n }\n\n const { data: verifiedPayload, errors: signatureErrors } = await verifySignature(decoded, key);\n if (signatureErrors) {\n return {\n errors: [\n new TokenVerificationError({\n reason: TokenVerificationErrorReason.TokenInvalidSignature,\n message: 'Token signature verification failed.',\n }),\n ],\n };\n }\n\n const decodedIdToken = mapJwtPayloadToDecodedIdToken(verifiedPayload);\n\n return { data: decodedIdToken };\n}\n","export const RefreshTokenErrorReason = {\n NonEligibleNoCookie: 'non-eligible-no-refresh-cookie',\n NonEligibleNonGet: 'non-eligible-non-get',\n InvalidSessionToken: 'invalid-session-token',\n MissingApiClient: 'missing-api-client',\n MissingIdToken: 'missing-id-token',\n MissingSessionToken: 'missing-session-token',\n MissingRefreshToken: 'missing-refresh-token',\n ExpiredIdTokenDecodeFailed: 'expired-id-token-decode-failed',\n ExpiredSessionTokenDecodeFailed: 'expired-session-token-decode-failed',\n FetchError: 'fetch-error',\n} as const;\n\nexport type TokenCarrier = 'header' | 'cookie';\n\nexport const TokenVerificationErrorReason = {\n TokenExpired: 'token-expired',\n TokenInvalid: 'token-invalid',\n TokenInvalidAlgorithm: 'token-invalid-algorithm',\n TokenInvalidAuthorizedParties: 'token-invalid-authorized-parties',\n TokenInvalidSignature: 'token-invalid-signature',\n TokenNotActiveYet: 'token-not-active-yet',\n TokenIatInTheFuture: 'token-iat-in-the-future',\n TokenVerificationFailed: 'token-verification-failed',\n InvalidSecretKey: 'secret-key-invalid',\n LocalJWKMissing: 'jwk-local-missing',\n RemoteJWKFailedToLoad: 'jwk-remote-failed-to-load',\n RemoteJWKInvalid: 'jwk-remote-invalid',\n RemoteJWKMissing: 'jwk-remote-missing',\n JWKFailedToResolve: 'jwk-failed-to-resolve',\n JWKKidMismatch: 'jwk-kid-mismatch',\n};\n\nexport type TokenVerificationErrorReason =\n (typeof TokenVerificationErrorReason)[keyof typeof TokenVerificationErrorReason];\n\nexport class TokenVerificationError extends Error {\n reason: TokenVerificationErrorReason;\n tokenCarrier?: TokenCarrier;\n\n constructor({\n message,\n reason,\n }: {\n message: string;\n reason: TokenVerificationErrorReason;\n }) {\n super(message);\n\n Object.setPrototypeOf(this, TokenVerificationError.prototype);\n\n this.reason = reason;\n this.message = message;\n }\n\n public getFullMessage() {\n return `${[this.message].filter(m => m).join(' ')} (reason=${this.reason}, token-carrier=${\n this.tokenCarrier\n })`;\n }\n }\n","/**\n * The base64url helper was extracted from the rfc4648 package\n * in order to resolve CSJ/ESM interoperability issues\n *\n * https://github.com/swansontec/rfc4648.js\n *\n * For more context please refer to:\n * - https://github.com/evanw/esbuild/issues/1719\n * - https://github.com/evanw/esbuild/issues/532\n * - https://github.com/swansontec/rollup-plugin-mjs-entry\n */\nexport const base64url = {\n parse(string: string, opts?: ParseOptions): Uint8Array {\n return parse(string, base64UrlEncoding, opts);\n },\n\n stringify(data: ArrayLike<number>, opts?: StringifyOptions): string {\n return stringify(data, base64UrlEncoding, opts);\n },\n};\n\nconst base64UrlEncoding: Encoding = {\n chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_',\n bits: 6,\n};\n\ninterface Encoding {\n bits: number;\n chars: string;\n codes?: { [char: string]: number };\n}\n\ninterface ParseOptions {\n loose?: boolean;\n out?: new (size: number) => { [index: number]: number };\n}\n\ninterface StringifyOptions {\n pad?: boolean;\n}\n\nfunction parse(string: string, encoding: Encoding, opts: ParseOptions = {}): Uint8Array {\n // Build the character lookup table:\n if (!encoding.codes) {\n encoding.codes = {};\n for (let i = 0; i < encoding.chars.length; ++i) {\n encoding.codes[encoding.chars[i]] = i;\n }\n }\n\n // The string must have a whole number of bytes:\n if (!opts.loose && (string.length * encoding.bits) & 7) {\n throw new SyntaxError('Invalid padding');\n }\n\n // Count the padding bytes:\n let end = string.length;\n while (string[end - 1] === '=') {\n --end;\n\n // If we get a whole number of bytes, there is too much padding:\n if (!opts.loose && !(((string.length - end) * encoding.bits) & 7)) {\n throw new SyntaxError('Invalid padding');\n }\n }\n\n // Allocate the output:\n const out = new (opts.out ?? Uint8Array)(((end * encoding.bits) / 8) | 0) as Uint8Array;\n\n // Parse the data:\n let bits = 0; // Number of bits currently in the buffer\n let buffer = 0; // Bits waiting to be written out, MSB first\n let written = 0; // Next byte to write\n for (let i = 0; i < end; ++i) {\n // Read one character from the string:\n const value = encoding.codes[string[i]];\n if (value === undefined) {\n throw new SyntaxError('Invalid character ' + string[i]);\n }\n\n // Append the bits to the buffer:\n buffer = (buffer << encoding.bits) | value;\n bits += encoding.bits;\n\n // Write out some bits if the buffer has a byte's worth:\n if (bits >= 8) {\n bits -= 8;\n out[written++] = 0xff & (buffer >> bits);\n }\n }\n\n // Verify that we have received just enough bits:\n if (bits >= encoding.bits || 0xff & (buffer << (8 - bits))) {\n throw new SyntaxError('Unexpected end of data');\n }\n\n return out;\n}\n\nfunction stringify(data: ArrayLike<number>, encoding: Encoding, opts: StringifyOptions = {}): string {\n const { pad = true } = opts;\n const mask = (1 << encoding.bits) - 1;\n let out = '';\n\n let bits = 0; // Number of bits currently in the buffer\n let buffer = 0; // Bits waiting to be written out, MSB first\n for (let i = 0; i < data.length; ++i) {\n // Slurp data into the buffer:\n buffer = (buffer << 8) | (0xff & data[i]);\n bits += 8;\n\n // Write out as much as we can:\n while (bits > encoding.bits) {\n bits -= encoding.bits;\n out += encoding.chars[mask & (buffer >> bits)];\n }\n }\n\n // Partial character:\n if (bits) {\n out += encoding.chars[mask & (buffer << (encoding.bits - bits))];\n }\n\n // Add padding characters until we hit a byte boundary:\n if (pad) {\n while ((out.length * encoding.bits) & 7) {\n out += '=';\n }\n }\n\n return out;\n}\n","import { importJWK, importSPKI,importX509, type KeyLike } from 'jose';\n\nexport async function importKey(key: JsonWebKey | string, algorithm: string): Promise<KeyLike> {\n if (typeof key === 'object') {\n const result = await importJWK(key as Parameters<typeof importJWK>[0], algorithm);\n if (result instanceof Uint8Array) {\n throw new Error('Unexpected Uint8Array result from JWK import');\n }\n return result;\n }\n\n const keyString = key.trim();\n\n if (keyString.includes('-----BEGIN CERTIFICATE-----')) {\n return await importX509(keyString, algorithm);\n }\n\n if (keyString.includes('-----BEGIN PUBLIC KEY-----')) {\n return await importSPKI(keyString, algorithm);\n }\n\n try {\n return await importSPKI(keyString, algorithm);\n } catch (error) {\n throw new Error(\n `Unsupported key format. Supported formats: X.509 certificate (PEM), SPKI (PEM), JWK (JSON object or string). Error: ${error}`,\n );\n }\n}\n","const algToHash: Record<string, string> = {\n RS256: 'SHA-256',\n RS384: 'SHA-384',\n RS512: 'SHA-512',\n};\nconst RSA_ALGORITHM_NAME = 'RSASSA-PKCS1-v1_5';\n\nconst jwksAlgToCryptoAlg: Record<string, string> = {\n RS256: RSA_ALGORITHM_NAME,\n RS384: RSA_ALGORITHM_NAME,\n RS512: RSA_ALGORITHM_NAME,\n};\n\nexport const algs = Object.keys(algToHash);\n\nexport function getCryptoAlgorithm(algorithmName: string): RsaHashedImportParams {\n const hash = algToHash[algorithmName];\n const name = jwksAlgToCryptoAlg[algorithmName];\n\n if (!hash || !name) {\n throw new Error(`Unsupported algorithm ${algorithmName}, expected one of ${algs.join(',')}.`);\n }\n\n return {\n hash: { name: algToHash[algorithmName] },\n name: jwksAlgToCryptoAlg[algorithmName],\n };\n}\n","import type {\n DecodedIdToken,\n TernVerificationResult,\n} from \"@tern-secure/types\";\nimport { createRemoteJWKSet, decodeJwt,jwtVerify } from \"jose\";\n\n\nexport type FirebaseIdTokenPayload = DecodedIdToken;\n\n// Firebase public key endpoints\nconst FIREBASE_ID_TOKEN_URL =\n \"https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com\";\nconst FIREBASE_SESSION_CERT_URL =\n \"https://identitytoolkit.googleapis.com/v1/sessionCookiePublicKeys\";\n\n//const FIREBASE_NEW_SESSION_PK = \"https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys\"\n\n// Simple in-memory cache for JWKS\nlet idTokenJWKS: ReturnType<typeof createRemoteJWKSet> | null = null;\nlet sessionJWKS: ReturnType<typeof createRemoteJWKSet> | null = null;\n\nconst getIdTokenJWKS = () => {\n if (!idTokenJWKS) {\n idTokenJWKS = createRemoteJWKSet(new URL(FIREBASE_ID_TOKEN_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n });\n }\n return idTokenJWKS;\n};\n\nconst getSessionJWKS = () => {\n if (!sessionJWKS) {\n sessionJWKS = createRemoteJWKSet(new URL(FIREBASE_SESSION_CERT_URL), {\n cacheMaxAge: 3600000, // 1 hour\n timeoutDuration: 5000, // 5 seconds\n cooldownDuration: 30000, // 30 seconds between retries\n });\n }\n return sessionJWKS;\n};\n\n\n\nexport async function verifyToken(\n token: string,\n isSessionCookie = false\n): Promise<TernVerificationResult> {\n try {\n const projectId = process.env.NEXT_PUBLIC_FIREBASE_PROJECT_ID;\n if (!projectId) {\n throw new Error(\"Firebase Project ID is not configured\");\n }\n\n const { decoded } = decodeJwt(token);\n if (!decoded) {\n throw new Error(\"Invalid token format\");\n }\n\n let retries = 3;\n let lastError: Error | null = null;\n\n while (retries > 0) {\n try {\n // Use different JWKS based on token type\n const JWKS = isSessionCookie ? getSessionJWKS() : getIdTokenJWKS();\n\n const { payload } = await jwtVerify(token, JWKS, {\n issuer: isSessionCookie\n ? \"https://session.firebase.google.com/\" + projectId\n : \"https://securetoken.google.com/\" + projectId,\n audience: projectId,\n algorithms: [\"RS256\"],\n });\n\n const firebasePayload = payload as unknown as FirebaseIdTokenPayload;\n const now = Math.floor(Date.now() / 1000);\n\n // Verify token claims\n if (firebasePayload.exp <= now) {\n throw new Error(\"Token has expired\");\n }\n\n if (firebasePayload.iat > now) {\n throw new Error(\"Token issued time is in the future\");\n }\n\n if (!firebasePayload.sub) {\n throw new Error(\"Token subject is empty\");\n }\n\n if (firebasePayload.auth_time > now) {\n throw new Error(\"Token auth time is in the future\");\n }\n\n return {\n valid: true,\n uid: firebasePayload.sub,\n sub: firebasePayload.sub,\n email: firebasePayload.email,\n email_verified: firebasePayload.email_verified,\n auth_time: firebasePayload.auth_time,\n iat: firebasePayload.iat,\n exp: firebasePayload.exp,\n aud: firebasePayload.aud,\n iss: firebasePayload.iss,\n firebase: firebasePayload.firebase,\n phone_number: firebasePayload.phone_number,\n picture: firebasePayload.picture,\n };\n } catch (error) {\n lastError = error as Error;\n if (error instanceof Error && error.name === \"JWKSNoMatchingKey\") {\n console.warn(`JWKS retry attempt ${4 - retries}:`, error.message);\n retries--;\n if (retries > 0) {\n await new Promise((resolve) => setTimeout(resolve, 1000));\n continue;\n }\n }\n throw error;\n }\n }\n\n throw lastError || new Error(\"Failed to verify token after retries\");\n } catch (error) {\n console.error(\"Token verification details:\", {\n error:\n error instanceof Error\n ? {\n name: error.name,\n message: error.message,\n stack: error.stack,\n }\n : error,\n decoded: decodeJwt(token),\n isSessionCookie,\n });\n\n return {\n valid: false,\n error: {\n success: false,\n message: error instanceof Error ? error.message : \"Invalid token\",\n code: \"INVALID_TOKEN\",\n },\n };\n }\n}\n","import type { JWTPayload } from '@tern-secure/types';\nimport { importPKCS8, SignJWT } from 'jose';\n\nimport type { JwtReturnType } from './types';\n\n\nexport interface CustomTokenClaims {\n [key: string]: unknown;\n}\n\nexport class CustomTokenError extends Error {\n constructor(\n message: string,\n public code?: string,\n ) {\n super(message);\n this.name = 'CustomTokenError';\n }\n}\n\nconst RESERVED_CLAIMS = [\n 'acr',\n 'amr',\n 'at_hash',\n 'aud',\n 'auth_time',\n 'azp',\n 'cnf',\n 'c_hash',\n 'exp',\n 'firebase',\n 'iat',\n 'iss',\n 'jti',\n 'nbf',\n 'nonce',\n 'sub',\n];\n\nasync function createCustomTokenJwt(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<JwtReturnType<string, CustomTokenError>> {\n try {\n const privateKey = process.env.FIREBASE_PRIVATE_KEY;\n const clientEmail = process.env.FIREBASE_CLIENT_EMAIL;\n\n if (!privateKey || !clientEmail) {\n return {\n errors: [\n new CustomTokenError(\n 'Missing FIREBASE_PRIVATE_KEY or FIREBASE_CLIENT_EMAIL environment variables',\n 'MISSING_ENV_VARS',\n ),\n ],\n };\n }\n\n if (!uid || typeof uid !== 'string') {\n return {\n errors: [new CustomTokenError('uid must be a non-empty string', 'INVALID_UID')],\n };\n }\n\n if (uid.length > 128) {\n return {\n errors: [new CustomTokenError('uid must not exceed 128 characters', 'UID_TOO_LONG')],\n };\n }\n\n if (developerClaims) {\n for (const claim of Object.keys(developerClaims)) {\n if (RESERVED_CLAIMS.includes(claim)) {\n return {\n errors: [new CustomTokenError(`Custom claim '${claim}' is reserved`, 'RESERVED_CLAIM')],\n };\n }\n }\n }\n\n // Set expiration (default 1 hour, max 1 hour)\n const expiresIn = 3600;\n const now = Math.floor(Date.now() / 1000);\n\n const parsedPrivateKey = await importPKCS8(privateKey.replace(/\\\\n/g, '\\n'), 'RS256');\n\n const payload: JWTPayload = {\n iss: clientEmail,\n sub: clientEmail,\n aud: 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',\n iat: now,\n exp: now + expiresIn,\n uid: uid,\n ...developerClaims,\n };\n\n const jwt = await new SignJWT(payload)\n .setProtectedHeader({ alg: 'RS256', typ: 'JWT' })\n .setIssuedAt(now)\n .setExpirationTime(now + expiresIn)\n .setIssuer(clientEmail)\n .setSubject(clientEmail)\n .setAudience(\n 'https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit',\n )\n .sign(parsedPrivateKey);\n\n return {\n data: jwt,\n };\n } catch (error) {\n const message = error instanceof Error ? error.message : 'Unknown error occurred';\n return {\n errors: [\n new CustomTokenError(`Failed to create custom token: ${message}`, 'TOKEN_CREATION_FAILED'),\n ],\n };\n }\n}\n\nexport async function createCustomToken(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<string> {\n const { data, errors } = await createCustomTokenJwt(uid, developerClaims);\n\n if (errors) {\n throw errors[0];\n }\n\n return data;\n}\n\nexport function createCustomTokenWithResult(\n uid: string,\n developerClaims?: CustomTokenClaims,\n): Promise<JwtReturnType<string, CustomTokenError>> {\n return createCustomTokenJwt(uid, developerClaims);\n}"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBAAAA;AAAA,EAAA;AAAA;AAAA;AAAA;;;ACEO,SAAS,eAAsE,WAAc;AAClG,SAAO,IAAI,SAA6E;AACtF,UAAM,EAAE,MAAM,OAAO,IAAI,UAAU,GAAG,IAAI;AAE1C,QAAI,QAAQ;AACV,YAAM,OAAO,CAAC;AAAA,IAChB;AAEA,WAAO;AAAA,EACT;AACF;;;ACXA,IAAAC,eAIO;;;ACUA,IAAM,+BAA+B;AAAA,EAC1C,cAAc;AAAA,EACd,cAAc;AAAA,EACd,uBAAuB;AAAA,EACvB,+BAA+B;AAAA,EAC/B,uBAAuB;AAAA,EACvB,mBAAmB;AAAA,EACnB,qBAAqB;AAAA,EACrB,yBAAyB;AAAA,EACzB,kBAAkB;AAAA,EAClB,iBAAiB;AAAA,EACjB,uBAAuB;AAAA,EACvB,kBAAkB;AAAA,EAClB,kBAAkB;AAAA,EAClB,oBAAoB;AAAA,EACpB,gBAAgB;AAClB;AAKO,IAAM,yBAAN,MAAM,gCAA+B,MAAM;AAAA,EAChD;AAAA,EACA;AAAA,EAEA,YAAY;AAAA,IACV;AAAA,IACA;AAAA,EACF,GAGG;AACD,UAAM,OAAO;AAEb,WAAO,eAAe,MAAM,wBAAuB,SAAS;AAE5D,SAAK,SAAS;AACd,SAAK,UAAU;AAAA,EACjB;AAAA,EAEO,iBAAiB;AACtB,WAAO,GAAG,CAAC,KAAK,OAAO,EAAE,OAAO,OAAK,CAAC,EAAE,KAAK,GAAG,CAAC,YAAY,KAAK,MAAM,mBACtE,KAAK,YACP;AAAA,EACF;AACA;;;ACjDK,IAAM,YAAY;AAAA,EACvB,MAAM,QAAgB,MAAiC;AACrD,WAAO,MAAM,QAAQ,mBAAmB,IAAI;AAAA,EAC9C;AAAA,EAEA,UAAU,MAAyB,MAAiC;AAClE,WAAO,UAAU,MAAM,mBAAmB,IAAI;AAAA,EAChD;AACF;AAEA,IAAM,oBAA8B;AAAA,EAClC,OAAO;AAAA,EACP,MAAM;AACR;AAiBA,SAAS,MAAM,QAAgB,UAAoB,OAAqB,CAAC,GAAe;AAEtF,MAAI,CAAC,SAAS,OAAO;AACnB,aAAS,QAAQ,CAAC;AAClB,aAAS,IAAI,GAAG,IAAI,SAAS,MAAM,QAAQ,EAAE,GAAG;AAC9C,eAAS,MAAM,SAAS,MAAM,CAAC,CAAC,IAAI;AAAA,IACtC;AAAA,EACF;AAGA,MAAI,CAAC,KAAK,SAAU,OAAO,SAAS,SAAS,OAAQ,GAAG;AACtD,UAAM,IAAI,YAAY,iBAAiB;AAAA,EACzC;AAGA,MAAI,MAAM,OAAO;AACjB,SAAO,OAAO,MAAM,CAAC,MAAM,KAAK;AAC9B,MAAE;AAGF,QAAI,CAAC,KAAK,SAAS,GAAI,OAAO,SAAS,OAAO,SAAS,OAAQ,IAAI;AACjE,YAAM,IAAI,YAAY,iBAAiB;AAAA,IACzC;AAAA,EACF;AAGA,QAAM,MAAM,KAAK,KAAK,OAAO,YAAc,MAAM,SAAS,OAAQ,IAAK,CAAC;AAGxE,MAAI,OAAO;AACX,MAAI,SAAS;AACb,MAAI,UAAU;AACd,WAAS,IAAI,GAAG,IAAI,KAAK,EAAE,GAAG;AAE5B,UAAM,QAAQ,SAAS,MAAM,OAAO,CAAC,CAAC;AACtC,QAAI,UAAU,QAAW;AACvB,YAAM,IAAI,YAAY,uBAAuB,OAAO,CAAC,CAAC;AAAA,IACxD;AAGA,aAAU,UAAU,SAAS,OAAQ;AACrC,YAAQ,SAAS;AAGjB,QAAI,QAAQ,GAAG;AACb,cAAQ;AACR,UAAI,SAAS,IAAI,MAAQ,UAAU;AAAA,IACrC;AAAA,EACF;AAGA,MAAI,QAAQ,SAAS,QAAQ,MAAQ,UAAW,IAAI,MAAQ;AAC1D,UAAM,IAAI,YAAY,wBAAwB;AAAA,EAChD;AAEA,SAAO;AACT;AAEA,SAAS,UAAU,MAAyB,UAAoB,OAAyB,CAAC,GAAW;AACnG,QAAM,EAAE,MAAM,KAAK,IAAI;AACvB,QAAM,QAAQ,KAAK,SAAS,QAAQ;AACpC,MAAI,MAAM;AAEV,MAAI,OAAO;AACX,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,EAAE,GAAG;AAEpC,aAAU,UAAU,IAAM,MAAO,KAAK,CAAC;AACvC,YAAQ;AAGR,WAAO,OAAO,SAAS,MAAM;AAC3B,cAAQ,SAAS;AACjB,aAAO,SAAS,MAAM,OAAQ,UAAU,IAAK;AAAA,IAC/C;AAAA,EACF;AAGA,MAAI,MAAM;AACR,WAAO,SAAS,MAAM,OAAQ,UAAW,SAAS,OAAO,IAAM;AAAA,EACjE;AAGA,MAAI,KAAK;AACP,WAAQ,IAAI,SAAS,SAAS,OAAQ,GAAG;AACvC,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;ACnIA,kBAA+D;;;ACA/D,IAAM,YAAoC;AAAA,EACxC,OAAO;AAAA,EACP,OAAO;AAAA,EACP,OAAO;AACT;AASO,IAAM,OAAO,OAAO,KAAK,SAAS;;;AJMzC,IAAM,2BAA2B,IAAI;AAiC9B,SAAS,cAAc,OAA2D;AACvF,MAAI;AACF,UAAM,aAAS,oCAAsB,KAAK;AAC1C,UAAM,cAAU,wBAAU,KAAK;AAE/B,UAAM,cAAc,SAAS,IAAI,SAAS,EAAE,MAAM,GAAG;AACrD,QAAI,WAAW,WAAW,GAAG;AAC3B,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI,uBAAuB;AAAA,YACzB,QAAQ,6BAA6B;AAAA,YACrC,SAAS;AAAA,UACX,CAAC;AAAA,QACH;AAAA,MACF;AAAA,IACF;AAEA,UAAM,CAAC,WAAW,YAAY,YAAY,IAAI;AAC9C,UAAM,YAAY,UAAU,MAAM,cAAc,EAAE,OAAO,KAAK,CAAC;AAE/D,UAAM,OAAO;AAAA,MACX;AAAA,MACA;AAAA,MACA;AAAA,MACA,KAAK;AAAA,QACH,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW;AAAA,QACX,MAAM;AAAA,MACR;AAAA,IACF;AAEA,WAAO,EAAE,KAAK;AAAA,EAChB,SAAS,OAAY;AACnB,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,uBAAuB;AAAA,UACzB,QAAQ,6BAA6B;AAAA,UACrC,SAAS,MAAM;AAAA,QACjB,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AK3FA,IAAAC,eAAwD;AAMxD,IAAM,wBACJ;AACF,IAAM,4BACJ;AAKF,IAAI,cAA4D;AAChE,IAAI,cAA4D;AAEhE,IAAM,iBAAiB,MAAM;AAC3B,MAAI,CAAC,aAAa;AAChB,sBAAc,iCAAmB,IAAI,IAAI,qBAAqB,GAAG;AAAA,MAC/D,aAAa;AAAA;AAAA,MACb,iBAAiB;AAAA;AAAA,MACjB,kBAAkB;AAAA;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAEA,IAAM,iBAAiB,MAAM;AAC3B,MAAI,CAAC,aAAa;AAChB,sBAAc,iCAAmB,IAAI,IAAI,yBAAyB,GAAG;AAAA,MACnE,aAAa;AAAA;AAAA,MACb,iBAAiB;AAAA;AAAA,MACjB,kBAAkB;AAAA;AAAA,IACpB,CAAC;AAAA,EACH;AACA,SAAO;AACT;AAIA,eAAsB,YACpB,OACA,kBAAkB,OACe;AACjC,MAAI;AACF,UAAM,YAAY,QAAQ,IAAI;AAC9B,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AAEA,UAAM,EAAE,QAAQ,QAAI,wBAAU,KAAK;AACnC,QAAI,CAAC,SAAS;AACZ,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AAEA,QAAI,UAAU;AACd,QAAI,YAA0B;AAE9B,WAAO,UAAU,GAAG;AAClB,UAAI;AAEF,cAAM,OAAO,kBAAkB,eAAe,IAAI,eAAe;AAEjE,cAAM,EAAE,QAAQ,IAAI,UAAM,wBAAU,OAAO,MAAM;AAAA,UAC/C,QAAQ,kBACJ,yCAAyC,YACzC,oCAAoC;AAAA,UACxC,UAAU;AAAA,UACV,YAAY,CAAC,OAAO;AAAA,QACtB,CAAC;AAED,cAAM,kBAAkB;AACxB,cAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAGxC,YAAI,gBAAgB,OAAO,KAAK;AAC9B,gBAAM,IAAI,MAAM,mBAAmB;AAAA,QACrC;AAEA,YAAI,gBAAgB,MAAM,KAAK;AAC7B,gBAAM,IAAI,MAAM,oCAAoC;AAAA,QACtD;AAEA,YAAI,CAAC,gBAAgB,KAAK;AACxB,gBAAM,IAAI,MAAM,wBAAwB;AAAA,QAC1C;AAEA,YAAI,gBAAgB,YAAY,KAAK;AACnC,gBAAM,IAAI,MAAM,kCAAkC;AAAA,QACpD;AAEA,eAAO;AAAA,UACL,OAAO;AAAA,UACP,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,OAAO,gBAAgB;AAAA,UACvB,gBAAgB,gBAAgB;AAAA,UAChC,WAAW,gBAAgB;AAAA,UAC3B,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,KAAK,gBAAgB;AAAA,UACrB,UAAU,gBAAgB;AAAA,UAC1B,cAAc,gBAAgB;AAAA,UAC9B,SAAS,gBAAgB;AAAA,QAC3B;AAAA,MACF,SAAS,OAAO;AACd,oBAAY;AACZ,YAAI,iBAAiB,SAAS,MAAM,SAAS,qBAAqB;AAChE,kBAAQ,KAAK,sBAAsB,IAAI,OAAO,KAAK,MAAM,OAAO;AAChE;AACA,cAAI,UAAU,GAAG;AACf,kBAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,GAAI,CAAC;AACxD;AAAA,UACF;AAAA,QACF;AACA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,sCAAsC;AAAA,EACrE,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B;AAAA,MAC3C,OACE,iBAAiB,QACb;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,SAAS,MAAM;AAAA,QACf,OAAO,MAAM;AAAA,MACf,IACA;AAAA,MACN,aAAS,wBAAU,KAAK;AAAA,MACxB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO;AAAA,QACL,SAAS;AAAA,QACT,SAAS,iBAAiB,QAAQ,MAAM,UAAU;AAAA,QAClD,MAAM;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACpJA,IAAAC,eAAqC;AAS9B,IAAM,mBAAN,cAA+B,MAAM;AAAA,EAC1C,YACE,SACO,MACP;AACA,UAAM,OAAO;AAFN;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAEA,IAAM,kBAAkB;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAEA,eAAe,qBACb,KACA,iBACkD;AAClD,MAAI;AACF,UAAM,aAAa,QAAQ,IAAI;AAC/B,UAAM,cAAc,QAAQ,IAAI;AAEhC,QAAI,CAAC,cAAc,CAAC,aAAa;AAC/B,aAAO;AAAA,QACL,QAAQ;AAAA,UACN,IAAI;AAAA,YACF;AAAA,YACA;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAEA,QAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,aAAO;AAAA,QACL,QAAQ,CAAC,IAAI,iBAAiB,kCAAkC,aAAa,CAAC;AAAA,MAChF;AAAA,IACF;AAEA,QAAI,IAAI,SAAS,KAAK;AACpB,aAAO;AAAA,QACL,QAAQ,CAAC,IAAI,iBAAiB,sCAAsC,cAAc,CAAC;AAAA,MACrF;AAAA,IACF;AAEA,QAAI,iBAAiB;AACnB,iBAAW,SAAS,OAAO,KAAK,eAAe,GAAG;AAChD,YAAI,gBAAgB,SAAS,KAAK,GAAG;AACnC,iBAAO;AAAA,YACL,QAAQ,CAAC,IAAI,iBAAiB,iBAAiB,KAAK,iBAAiB,gBAAgB,CAAC;AAAA,UACxF;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAGA,UAAM,YAAY;AAClB,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExC,UAAM,mBAAmB,UAAM,0BAAY,WAAW,QAAQ,QAAQ,IAAI,GAAG,OAAO;AAEpF,UAAM,UAAsB;AAAA,MAC1B,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,MAAM;AAAA,MACX;AAAA,MACA,GAAG;AAAA,IACL;AAEA,UAAM,MAAM,MAAM,IAAI,qBAAQ,OAAO,EAClC,mBAAmB,EAAE,KAAK,SAAS,KAAK,MAAM,CAAC,EAC/C,YAAY,GAAG,EACf,kBAAkB,MAAM,SAAS,EACjC,UAAU,WAAW,EACrB,WAAW,WAAW,EACtB;AAAA,MACC;AAAA,IACF,EACC,KAAK,gBAAgB;AAExB,WAAO;AAAA,MACL,MAAM;AAAA,IACR;AAAA,EACF,SAAS,OAAO;AACd,UAAM,UAAU,iBAAiB,QAAQ,MAAM,UAAU;AACzD,WAAO;AAAA,MACL,QAAQ;AAAA,QACN,IAAI,iBAAiB,kCAAkC,OAAO,IAAI,uBAAuB;AAAA,MAC3F;AAAA,IACF;AAAA,EACF;AACF;AAEA,eAAsB,kBACpB,KACA,iBACiB;AACjB,QAAM,EAAE,MAAM,OAAO,IAAI,MAAM,qBAAqB,KAAK,eAAe;AAExE,MAAI,QAAQ;AACV,UAAM,OAAO,CAAC;AAAA,EAChB;AAEA,SAAO;AACT;AAEO,SAAS,4BACd,KACA,iBACkD;AAClD,SAAO,qBAAqB,KAAK,eAAe;AAClD;;;ARvIO,IAAMC,iBAAgB,eAAe,aAAc;","names":["ternDecodeJwt","import_jose","import_jose","import_jose","ternDecodeJwt"]}
package/dist/jwt/index.mjs CHANGED
@@ -3,7 +3,7 @@ import {
3
3
  createCustomToken,
4
4
  createCustomTokenWithResult,
5
5
  ternDecodeJwt
6
- } from "../chunk-SVZUAXAW.mjs";
6
+ } from "../chunk-5AP2WM3W.mjs";
7
7
 
8
8
  // src/jwt/guardReturn.ts
9
9
  function createJwtGuard(decodedFn) {
package/dist/jwt/verifyJwt.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verifyJwt.d.ts","sourceRoot":"","sources":["../../src/jwt/verifyJwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,GAAG,EAAC,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAOzE,OAAO,EAAE,sBAAsB,EAAgC,MAAM,iBAAiB,CAAC;AAIvF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAU7C,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,UAAU,GAAG,MAAM,CAAC;CAC1B,CAAC;AAEF,wBAAsB,eAAe,CACnC,GAAG,EAAE,GAAG,EACR,GAAG,EAAE,UAAU,GAAG,MAAM,GACvB,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAoB3C;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,sBAAsB,CAAC,CA2CvF;AAED,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,aAAa,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC,CAmChE"}
1
+ {"version":3,"file":"verifyJwt.d.ts","sourceRoot":"","sources":["../../src/jwt/verifyJwt.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAO1E,OAAO,EAAE,sBAAsB,EAAgC,MAAM,iBAAiB,CAAC;AAIvF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAU7C,MAAM,MAAM,gBAAgB,GAAG;IAC7B,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,EAAE,UAAU,GAAG,MAAM,CAAC;CAC1B,CAAC;AAEF,wBAAsB,eAAe,CACnC,GAAG,EAAE,GAAG,EACR,GAAG,EAAE,UAAU,GAAG,MAAM,GACvB,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAoB3C;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,sBAAsB,CAAC,CA2CvF;AAED,wBAAsB,SAAS,CAC7B,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,aAAa,CAAC,cAAc,EAAE,sBAAsB,CAAC,CAAC,CAmChE"}
package/dist/tokens/authstate.d.ts CHANGED
@@ -29,6 +29,7 @@ export type SignedInAuthObject = {
29
29
  export type SignedOutAuthObject = {
30
30
  sessionClaims: null;
31
31
  userId: null;
32
+ token: null;
32
33
  require: CheckAuthorizationFromSessionClaims;
33
34
  error: string | null;
34
35
  };
package/dist/tokens/authstate.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authstate.d.ts","sourceRoot":"","sources":["../../src/tokens/authstate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mCAAmC,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAC9F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,iBAAiB,CAAC;AAEpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAE7D,eAAO,MAAM,UAAU;;;CAGb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE,eAAO,MAAM,eAAe;;;;;;;;;CASlB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAC;AAErF,MAAM,MAAM,UAAU,GAAG,eAAe,GAAG,4BAA4B,CAAC;AAExE,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE,cAAc,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,mCAAmC,CAAC;IAC7C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,aAAa,EAAE,IAAI,CAAC;IACpB,MAAM,EAAE,IAAI,CAAC;IACb,OAAO,EAAE,mCAAmC,CAAC;IAC7C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACnC,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,kBAAkB,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,OAAO,UAAU,CAAC,SAAS,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,KAAK,CAAC;IAClB,IAAI,EAAE,MAAM,mBAAmB,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG,aAAa,GAAG,cAAc,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG,mBAAmB,CAAC;AAmClE,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,UAAU,GACxB,kBAAkB,CAWpB;AAED,wBAAgB,mBAAmB,IAAI,mBAAmB,CAOzD;AAED,wBAAgB,QAAQ,CACtB,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,OAAO,YAAgB,EAChC,KAAK,EAAE,MAAM,GACZ,aAAa,CAUf;AAED,wBAAgB,SAAS,CACvB,MAAM,EAAE,UAAU,EAClB,OAAO,SAAK,EACZ,OAAO,GAAE,OAAuB,GAC/B,cAAc,CAUhB"}
1
+ {"version":3,"file":"authstate.d.ts","sourceRoot":"","sources":["../../src/tokens/authstate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mCAAmC,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAC9F,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,MAAM,CAAC;AAGvC,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,iBAAiB,CAAC;AAEpE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAE7D,eAAO,MAAM,UAAU;;;CAGb,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAEtE,eAAO,MAAM,eAAe;;;;;;;;;CASlB,CAAC;AAEX,MAAM,MAAM,eAAe,GAAG,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAC;AAErF,MAAM,MAAM,UAAU,GAAG,eAAe,GAAG,4BAA4B,CAAC;AAExE,MAAM,MAAM,kBAAkB,GAAG;IAC/B,aAAa,EAAE,cAAc,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,mCAAmC,CAAC;IAC7C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,aAAa,EAAE,IAAI,CAAC;IACpB,MAAM,EAAE,IAAI,CAAC;IACb,KAAK,EAAE,IAAI,CAAC;IACZ,OAAO,EAAE,mCAAmC,CAAC;IAC7C,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,OAAO,UAAU,CAAC,QAAQ,CAAC;IACnC,MAAM,EAAE,IAAI,CAAC;IACb,UAAU,EAAE,IAAI,CAAC;IACjB,IAAI,EAAE,MAAM,kBAAkB,CAAC;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,MAAM,EAAE,OAAO,UAAU,CAAC,SAAS,CAAC;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,KAAK,CAAC;IAClB,IAAI,EAAE,MAAM,mBAAmB,CAAC;IAChC,KAAK,EAAE,IAAI,CAAC;IACZ,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG,aAAa,GAAG,cAAc,CAAC;AAE1D,MAAM,WAAW,eAAe;IAC9B,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,YAAY,EAAE,YAAY,CAAC;CAC5B;AAED,MAAM,MAAM,UAAU,GAAG,kBAAkB,GAAG,mBAAmB,CAAC;AAmClE,wBAAgB,kBAAkB,CAChC,YAAY,EAAE,MAAM,EACpB,aAAa,EAAE,UAAU,GACxB,kBAAkB,CAWpB;AAED,wBAAgB,mBAAmB,IAAI,mBAAmB,CAQzD;AAED,wBAAgB,QAAQ,CACtB,aAAa,EAAE,UAAU,EACzB,OAAO,EAAE,OAAO,YAAgB,EAChC,KAAK,EAAE,MAAM,GACZ,aAAa,CAUf;AAED,wBAAgB,SAAS,CACvB,MAAM,EAAE,UAAU,EAClB,OAAO,SAAK,EACZ,OAAO,GAAE,OAAuB,GAC/B,cAAc,CAUhB"}