@tgtone/auth-sdk 1.0.0

package/README.md

@@ -0,0 +1,140 @@
+# 🔐 TGT One Auth Client SDK
+
+SDK para integrar autenticación JWT + Bearer Token en aplicaciones del ecosistema TGT One.
+
+---
+
+## 📦 Instalación
+
+```bash
+npm install @tgtone/auth-sdk
+```
+
+---
+
+## 🚀 Quick Start
+
+```typescript
+import { TGTAuthClient } from '@tgtone/auth-sdk';
+
+const auth = new TGTAuthClient({
+  identityUrl: 'https://identity.tgtone.cl',
+  appDomain: window.location.hostname,
+  debug: true
+});
+
+// Verificar sesión (v1.1+)
+const session = await auth.checkSession();
+if (session) {
+  console.log('Usuario:', session.user.email);
+  console.log('Tenant:', session.tenantName);
+  console.log('Roles:', session.roles);
+  console.log('Expira:', session.expiresAt);
+}
+```
+
+---
+
+## 📋 API Principal
+
+### `checkSession(): Promise<TGTSession | null>`
+Verifica sesión, valida JWT localmente (tenant_id + expiración), guarda en localStorage y valida con backend.
+
+**Retorna:** `TGTSession` con `{ user, tenantId, tenantName, roles, expiresAt }` o `null`.
+
+### `getSession(): TGTSession | null`
+Obtiene sesión completa en memoria.
+
+### `getTenantId(): string | null`
+Obtiene ID del tenant actual.
+
+### `logout(): Promise<void>`
+Cierra sesión y limpia localStorage.
+
+### `hasRole(app: string, role: string): boolean`
+Verifica si tiene un rol.
+
+```typescript
+if (auth.hasRole('console', 'admin')) {
+  // Mostrar admin panel
+}
+```
+
+---
+
+## 🔄 Cómo Funciona
+
+1. Usuario visita tu app
+2. `checkSession()` no encuentra token → redirige a Identity
+3. Usuario hace login en Identity
+4. Identity redirige a `tu-app?token=eyJhbGci...`
+5. SDK lee token de URL y guarda en localStorage
+6. SDK valida token con `Authorization: Bearer ...`
+7. Retorna usuario
+
+---
+
+## 📚 Documentación Completa
+
+- **[docs/LOVABLE_QUICK_START.md](./docs/LOVABLE_QUICK_START.md)** - Guía para Lovable/React
+- **[docs/INTEGRATION_EXAMPLES.md](./docs/INTEGRATION_EXAMPLES.md)** - Ejemplos para otros frameworks
+- **[docs/CHANGELOG.md](./docs/CHANGELOG.md)** - Historial de cambios
+
+---
+
+## 🧪 Testing Rápido
+
+```typescript
+// 1. Obtener token con curl
+// curl -X POST https://identity-backend.run.app/api/v1/auth/login \
+//   -d '{"email": "user@tgtone.cl", "password": "pass"}'
+
+// 2. Guardar manualmente
+localStorage.setItem('tgtone_auth_token', 'eyJhbGci...');
+
+// 3. Usar
+const user = await auth.checkSession();
+```
+
+---
+
+## 👤 Estructura del Usuario
+
+```typescript
+interface TGTUser {
+  sub: string;              // ID
+  email: string;
+  name: string;
+  tenant_id: string;
+  tenant_name: string;
+  roles: Record<string, string[]>; // { console: ['owner'], zenith: ['admin'] }
+}
+```
+
+---
+
+## ⚙️ Configuración
+
+```typescript
+interface TGTAuthConfig {
+  identityUrl: string;      // URL del backend Identity
+  appDomain: string;        // Dominio de tu app
+  onAuthSuccess?: (user: TGTUser) => void;
+  onAuthFailure?: () => void;
+  debug?: boolean;
+}
+```
+
+---
+
+## 🔐 Seguridad
+
+- **Token storage**: localStorage (`tgtone_auth_token`)
+- **Transport**: Authorization header con Bearer token
+- **Validation**: Backend valida JWT signature
+- **No cookies**: Todo con Bearer tokens
+
+---
+
+**Versión:** 1.0.1  
+**Última actualización:** 2025-10-16

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export { TGTAuthClient } from './tgtone-auth-client';
+export { useTGTAuth } from './react-hook';
+export type { TGTUser, TGTAuthConfig, SessionResponse, } from './tgtone-auth-client';
+export type { UseTGTAuthResult } from './react-hook';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,YAAY,EACV,OAAO,EACP,aAAa,EACb,eAAe,GAChB,MAAM,sBAAsB,CAAC;AAE9B,YAAY,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,3 @@
+export { TGTAuthClient } from './tgtone-auth-client';
+export { useTGTAuth } from './react-hook';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAGrD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC"}

package/dist/react-hook.d.ts

@@ -0,0 +1,13 @@
+import { TGTAuthClient, TGTSession, TGTAuthConfig } from './tgtone-auth-client';
+export interface UseTGTAuthResult {
+    session: TGTSession | null;
+    loading: boolean;
+    logout: () => Promise<void>;
+    hasRole: (appName: string, roleName: string) => boolean;
+    getRoles: (appName: string) => string[];
+    hasAccessToApp: (appName: string) => boolean;
+    tenantId: string | null;
+    authClient: TGTAuthClient;
+}
+export declare function useTGTAuth(config: TGTAuthConfig): UseTGTAuthResult;
+//# sourceMappingURL=react-hook.d.ts.map

package/dist/react-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"react-hook.d.ts","sourceRoot":"","sources":["../react-hook.tsx"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEhF,MAAM,WAAW,gBAAgB;IAE/B,OAAO,EAAE,UAAU,GAAG,IAAI,CAAC;IAG3B,OAAO,EAAE,OAAO,CAAC;IAGjB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAG5B,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;IAGxD,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,MAAM,EAAE,CAAC;IAGxC,cAAc,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC;IAG7C,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IAGxB,UAAU,EAAE,aAAa,CAAC;CAC3B;AAmCD,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,GAAG,gBAAgB,CAoClE"}

package/dist/react-hook.js

@@ -0,0 +1,38 @@
+import { useState, useEffect } from 'react';
+import { TGTAuthClient } from './tgtone-auth-client';
+export function useTGTAuth(config) {
+    const [session, setSession] = useState(null);
+    const [loading, setLoading] = useState(true);
+    const [authClient] = useState(() => new TGTAuthClient(config));
+    useEffect(() => {
+        async function validateSession() {
+            try {
+                const authenticatedSession = await authClient.checkSession();
+                setSession(authenticatedSession);
+            }
+            catch (error) {
+                console.error('[useTGTAuth] Error validando sesión:', error);
+                setSession(null);
+            }
+            finally {
+                setLoading(false);
+            }
+        }
+        validateSession();
+    }, [authClient]);
+    const logout = async () => {
+        await authClient.logout();
+        setSession(null);
+    };
+    return {
+        session,
+        loading,
+        logout,
+        hasRole: authClient.hasRole.bind(authClient),
+        getRoles: authClient.getRoles.bind(authClient),
+        hasAccessToApp: authClient.hasAccessToApp.bind(authClient),
+        tenantId: authClient.getTenantId(),
+        authClient,
+    };
+}
+//# sourceMappingURL=react-hook.js.map

package/dist/react-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"react-hook.js","sourceRoot":"","sources":["../react-hook.tsx"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAC5C,OAAO,EAAE,aAAa,EAA6B,MAAM,sBAAsB,CAAC;AA6DhF,MAAM,UAAU,UAAU,CAAC,MAAqB;IAC9C,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAoB,IAAI,CAAC,CAAC;IAChE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,QAAQ,CAAC,GAAG,EAAE,CAAC,IAAI,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;IAE/D,SAAS,CAAC,GAAG,EAAE;QACb,KAAK,UAAU,eAAe;YAC5B,IAAI,CAAC;gBACH,MAAM,oBAAoB,GAAG,MAAM,UAAU,CAAC,YAAY,EAAE,CAAC;gBAC7D,UAAU,CAAC,oBAAoB,CAAC,CAAC;YACnC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;gBAC7D,UAAU,CAAC,IAAI,CAAC,CAAC;YACnB,CAAC;oBAAS,CAAC;gBACT,UAAU,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;QAED,eAAe,EAAE,CAAC;IACpB,CAAC,EAAE,CAAC,UAAU,CAAC,CAAC,CAAC;IAEjB,MAAM,MAAM,GAAG,KAAK,IAAI,EAAE;QACxB,MAAM,UAAU,CAAC,MAAM,EAAE,CAAC;QAC1B,UAAU,CAAC,IAAI,CAAC,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO;QACL,OAAO;QACP,OAAO;QACP,MAAM;QACN,OAAO,EAAE,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC;QAC5C,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC;QAC9C,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC;QAC1D,QAAQ,EAAE,UAAU,CAAC,WAAW,EAAE;QAClC,UAAU;KACX,CAAC;AACJ,CAAC"}

package/dist/tgtone-auth-client.d.ts

@@ -0,0 +1,70 @@
+export interface JWTPayload {
+    iss: string;
+    aud: string;
+    sub: string;
+    jti: string;
+    email: string;
+    email_verified: boolean;
+    name: string;
+    tenant_id: string;
+    tenant_name: string;
+    roles: Record<string, string[]>;
+    iat: number;
+    exp: number;
+}
+export interface TGTUser {
+    sub: string;
+    email: string;
+    email_verified: boolean;
+    name: string;
+    tenant_id: string;
+    tenant_name: string;
+    roles: Record<string, string[]>;
+}
+export interface TGTSession {
+    user: TGTUser;
+    tenantId: string;
+    tenantName: string;
+    expiresAt: Date;
+}
+export interface TGTAuthConfig {
+    identityUrl: string;
+    appDomain: string;
+    onAuthSuccess?: (session: TGTSession) => void;
+    onAuthFailure?: () => void;
+    debug?: boolean;
+}
+export interface SessionResponse {
+    user: TGTUser;
+}
+export declare class TGTAuthClient {
+    private static readonly TOKEN_KEY;
+    private static readonly TEMP_TOKEN_KEY;
+    private config;
+    private currentUser;
+    private currentSession;
+    constructor(config: TGTAuthConfig);
+    checkSession(): Promise<TGTSession | null>;
+    getSession(): TGTSession | null;
+    getUser(): TGTUser | null;
+    getTenantId(): string | null;
+    redirectToLogin(): void;
+    logout(): Promise<void>;
+    verifyMfa(tempToken: string, code: string): Promise<TGTSession | null>;
+    hasRole(appName: string, roleName: string): boolean;
+    getRoles(appName: string): string[];
+    hasAccessToApp(appName: string): boolean;
+    private getTokenFromUrl;
+    private removeTokenFromUrl;
+    private storeToken;
+    private getStoredToken;
+    private clearStoredToken;
+    private storeTempToken;
+    private getTempToken;
+    private clearTempToken;
+    private handleNoSession;
+    private log;
+}
+export declare function useTGTAuth(config: TGTAuthConfig): void;
+export default TGTAuthClient;
+//# sourceMappingURL=tgtone-auth-client.d.ts.map

package/dist/tgtone-auth-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tgtone-auth-client.d.ts","sourceRoot":"","sources":["../tgtone-auth-client.ts"],"names":[],"mappings":"AA6BA,MAAM,WAAW,UAAU;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,OAAO;IACtB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,EAAE,OAAO,CAAC;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,OAAO,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IAEnB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAK5B,WAAW,EAAE,MAAM,CAAC;IAMpB,SAAS,EAAE,MAAM,CAAC;IAMlB,aAAa,CAAC,EAAE,CAAC,OAAO,EAAE,UAAU,KAAK,IAAI,CAAC;IAM9C,aAAa,CAAC,EAAE,MAAM,IAAI,CAAC;IAM3B,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,OAAO,CAAC;CACf;AAMD,qBAAa,aAAa;IAExB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAuB;IACxD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAuB;IAE7D,OAAO,CAAC,MAAM,CAA0B;IACxC,OAAO,CAAC,WAAW,CAAwB;IAC3C,OAAO,CAAC,cAAc,CAA2B;gBAErC,MAAM,EAAE,aAAa;IAuC3B,YAAY,IAAI,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAgIhD,UAAU,IAAI,UAAU,GAAG,IAAI;IAU/B,OAAO,IAAI,OAAO,GAAG,IAAI;IASzB,WAAW,IAAI,MAAM,GAAG,IAAI;IAQ5B,eAAe,IAAI,IAAI;IAWjB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAmDvB,SAAS,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAwE5E,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO;IAanD,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,EAAE;IAWnC,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;IAYxC,OAAO,CAAC,eAAe;IAUvB,OAAO,CAAC,kBAAkB;IAa1B,OAAO,CAAC,UAAU;IAclB,OAAO,CAAC,cAAc;IActB,OAAO,CAAC,gBAAgB;IAcxB,OAAO,CAAC,cAAc;IActB,OAAO,CAAC,YAAY;IAcpB,OAAO,CAAC,cAAc;IAWtB,OAAO,CAAC,eAAe;IAKvB,OAAO,CAAC,GAAG;CAKZ;AAwBD,wBAAgB,UAAU,CAAC,MAAM,EAAE,aAAa,QAS/C;AAMD,eAAe,aAAa,CAAC"}

package/dist/tgtone-auth-client.js

@@ -0,0 +1,305 @@
+import { jwtDecode } from 'jwt-decode';
+export class TGTAuthClient {
+    constructor(config) {
+        this.currentUser = null;
+        this.currentSession = null;
+        this.config = {
+            onAuthSuccess: () => { },
+            onAuthFailure: () => { },
+            debug: false,
+            ...config,
+        };
+        this.log('🔹 TGT Auth Client inicializado', this.config);
+    }
+    async checkSession() {
+        try {
+            const tempToken = this.getTempToken();
+            if (tempToken) {
+                this.log('🔹 Flujo MFA en progreso (tempToken detectado)');
+                return null;
+            }
+            const urlToken = this.getTokenFromUrl();
+            if (urlToken) {
+                this.log('🔹 Token encontrado en URL, guardando en localStorage');
+                this.storeToken(urlToken);
+                this.removeTokenFromUrl();
+            }
+            const token = this.getStoredToken();
+            if (!token) {
+                this.log('❌ No hay token en localStorage');
+                this.handleNoSession();
+                return null;
+            }
+            this.log('🔹 Decodificando JWT localmente...');
+            let decoded;
+            try {
+                decoded = jwtDecode(token);
+            }
+            catch (error) {
+                this.log('❌ Error decodificando JWT:', error);
+                this.clearStoredToken();
+                this.handleNoSession();
+                return null;
+            }
+            if (!decoded.tenant_id) {
+                this.log('❌ Token inválido: falta tenant_id');
+                this.clearStoredToken();
+                this.handleNoSession();
+                return null;
+            }
+            const now = Date.now();
+            const expiresAt = new Date(decoded.exp * 1000);
+            if (decoded.exp * 1000 < now) {
+                this.log('❌ Token expirado:', expiresAt);
+                this.clearStoredToken();
+                this.handleNoSession();
+                return null;
+            }
+            this.log('✅ JWT válido localmente');
+            this.log('🔹 Tenant:', decoded.tenant_id, '-', decoded.tenant_name);
+            this.log('🔹 Expira:', expiresAt);
+            this.log('🔹 Roles:', decoded.roles);
+            this.log('🔹 Verificando sesión con backend...');
+            const response = await fetch(`${this.config.identityUrl}/api/v1/auth/me`, {
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Authorization': `Bearer ${token}`,
+                },
+            });
+            if (!response.ok) {
+                this.log('❌ Backend rechazó el token (HTTP', response.status, ')');
+                this.clearStoredToken();
+                this.handleNoSession();
+                return null;
+            }
+            const data = await response.json();
+            const session = {
+                user: data.user,
+                tenantId: decoded.tenant_id,
+                tenantName: decoded.tenant_name,
+                expiresAt: expiresAt,
+            };
+            this.currentUser = data.user;
+            this.currentSession = session;
+            this.log('✅ Sesión válida:', data.user.email);
+            this.config.onAuthSuccess(session);
+            return session;
+        }
+        catch (error) {
+            this.log('❌ Error verificando sesión:', error);
+            if (error instanceof TypeError && error.message.includes('Failed to fetch')) {
+                console.error(`
+🚫 Error de Conexión - TGT Auth Client
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Origen:  ${typeof window !== 'undefined' ? window.location.origin : 'unknown'}
+Destino: ${this.config.identityUrl}
+
+Posibles causas:
+1. Identity backend está offline
+2. Problema de CORS
+3. Red bloqueada
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+        `);
+            }
+            this.clearStoredToken();
+            this.handleNoSession();
+            return null;
+        }
+    }
+    getSession() {
+        return this.currentSession;
+    }
+    getUser() {
+        return this.currentUser;
+    }
+    getTenantId() {
+        return this.currentSession?.tenantId || null;
+    }
+    redirectToLogin() {
+        const loginUrl = `${this.config.identityUrl}/login?redirect=${this.config.appDomain}`;
+        this.log('🔄 Redirigiendo a login:', loginUrl);
+        this.log('🔄 Desde origen:', typeof window !== 'undefined' ? window.location.origin : 'unknown');
+        window.location.href = loginUrl;
+    }
+    async logout() {
+        try {
+            this.log('🔹 Cerrando sesión...');
+            this.log('🔹 Origen:', typeof window !== 'undefined' ? window.location.origin : 'unknown');
+            const token = this.getStoredToken();
+            await fetch(`${this.config.identityUrl}/api/v1/auth/logout`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...(token && { 'Authorization': `Bearer ${token}` }),
+                },
+            });
+            this.currentUser = null;
+            this.clearStoredToken();
+            this.clearTempToken();
+            this.log('✅ Sesión cerrada');
+            this.redirectToLogin();
+        }
+        catch (error) {
+            this.log('❌ Error al cerrar sesión:', error);
+            this.log('❌ Origen:', typeof window !== 'undefined' ? window.location.origin : 'unknown');
+            this.clearStoredToken();
+            this.clearTempToken();
+            this.redirectToLogin();
+        }
+    }
+    async verifyMfa(tempToken, code) {
+        try {
+            this.log('🔹 Verificando código MFA...');
+            const response = await fetch(`${this.config.identityUrl}/api/v1/auth/mfa/verify`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ tempToken, code }),
+            });
+            if (!response.ok) {
+                const error = await response.json();
+                throw new Error(error.message || 'Código MFA inválido');
+            }
+            const data = await response.json();
+            if (!data.token || !data.user) {
+                throw new Error('Respuesta inválida del servidor');
+            }
+            this.storeToken(data.token);
+            this.clearTempToken();
+            const payload = jwtDecode(data.token);
+            this.currentUser = {
+                sub: payload.sub,
+                email: payload.email,
+                email_verified: payload.email_verified,
+                name: payload.name,
+                tenant_id: payload.tenant_id,
+                tenant_name: payload.tenant_name,
+                roles: payload.roles,
+            };
+            this.currentSession = {
+                user: this.currentUser,
+                tenantId: payload.tenant_id,
+                tenantName: payload.tenant_name,
+                expiresAt: new Date(payload.exp * 1000),
+            };
+            this.log('✅ MFA verificado correctamente');
+            this.config.onAuthSuccess(this.currentSession);
+            return this.currentSession;
+        }
+        catch (error) {
+            this.log('❌ Error verificando MFA:', error);
+            throw error;
+        }
+    }
+    hasRole(appName, roleName) {
+        if (!this.currentUser)
+            return false;
+        const appRoles = this.currentUser.roles[appName] || [];
+        return appRoles.includes(roleName);
+    }
+    getRoles(appName) {
+        if (!this.currentUser)
+            return [];
+        return this.currentUser.roles[appName] || [];
+    }
+    hasAccessToApp(appName) {
+        return this.getRoles(appName).length > 0;
+    }
+    getTokenFromUrl() {
+        if (typeof window === 'undefined')
+            return null;
+        const params = new URLSearchParams(window.location.search);
+        return params.get('token');
+    }
+    removeTokenFromUrl() {
+        if (typeof window === 'undefined')
+            return;
+        const url = new URL(window.location.href);
+        url.searchParams.delete('token');
+        window.history.replaceState({}, '', url.toString());
+    }
+    storeToken(token) {
+        if (typeof window === 'undefined')
+            return;
+        try {
+            localStorage.setItem(TGTAuthClient.TOKEN_KEY, token);
+            this.log('✅ Token guardado en localStorage');
+        }
+        catch (error) {
+            this.log('❌ Error guardando token:', error);
+        }
+    }
+    getStoredToken() {
+        if (typeof window === 'undefined')
+            return null;
+        try {
+            return localStorage.getItem(TGTAuthClient.TOKEN_KEY);
+        }
+        catch (error) {
+            this.log('❌ Error leyendo token:', error);
+            return null;
+        }
+    }
+    clearStoredToken() {
+        if (typeof window === 'undefined')
+            return;
+        try {
+            localStorage.removeItem(TGTAuthClient.TOKEN_KEY);
+            this.log('✅ Token eliminado de localStorage');
+        }
+        catch (error) {
+            this.log('❌ Error eliminando token:', error);
+        }
+    }
+    storeTempToken(tempToken) {
+        if (typeof window === 'undefined')
+            return;
+        try {
+            localStorage.setItem(TGTAuthClient.TEMP_TOKEN_KEY, tempToken);
+            this.log('✅ Token temporal MFA guardado');
+        }
+        catch (error) {
+            this.log('❌ Error guardando token temporal:', error);
+        }
+    }
+    getTempToken() {
+        if (typeof window === 'undefined')
+            return null;
+        try {
+            return localStorage.getItem(TGTAuthClient.TEMP_TOKEN_KEY);
+        }
+        catch (error) {
+            this.log('❌ Error leyendo token temporal:', error);
+            return null;
+        }
+    }
+    clearTempToken() {
+        if (typeof window === 'undefined')
+            return;
+        try {
+            localStorage.removeItem(TGTAuthClient.TEMP_TOKEN_KEY);
+            this.log('✅ Token temporal MFA eliminado');
+        }
+        catch (error) {
+            this.log('❌ Error eliminando token temporal:', error);
+        }
+    }
+    handleNoSession() {
+        this.config.onAuthFailure();
+        this.redirectToLogin();
+    }
+    log(...args) {
+        if (this.config.debug) {
+            console.log('[TGT Auth]', ...args);
+        }
+    }
+}
+TGTAuthClient.TOKEN_KEY = 'tgtone_auth_token';
+TGTAuthClient.TEMP_TOKEN_KEY = 'tgtone_temp_token';
+export function useTGTAuth(config) {
+    throw new Error('useTGTAuth requiere React. Importa desde tgtone-auth-client/react');
+}
+export default TGTAuthClient;
+//# sourceMappingURL=tgtone-auth-client.js.map

package/dist/tgtone-auth-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tgtone-auth-client.js","sourceRoot":"","sources":["../tgtone-auth-client.ts"],"names":[],"mappings":"AAuBA,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA+EvC,MAAM,OAAO,aAAa;IASxB,YAAY,MAAqB;QAHzB,gBAAW,GAAmB,IAAI,CAAC;QACnC,mBAAc,GAAsB,IAAI,CAAC;QAG/C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,GAAG,EAAE,GAAE,CAAC;YACvB,aAAa,EAAE,GAAG,EAAE,GAAE,CAAC;YACvB,KAAK,EAAE,KAAK;YACZ,GAAG,MAAM;SACV,CAAC;QAEF,IAAI,CAAC,GAAG,CAAC,iCAAiC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IAC3D,CAAC;IA8BD,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC;YAEH,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YACtC,IAAI,SAAS,EAAE,CAAC;gBACd,IAAI,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;gBAC3D,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBAClE,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAE1B,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,CAAC;YAGD,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YACpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;gBAC3C,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAG/C,IAAI,OAAmB,CAAC;YACxB,IAAI,CAAC;gBACH,OAAO,GAAG,SAAS,CAAa,KAAK,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;gBAC9C,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBACvB,IAAI,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBAC9C,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAGD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;YAE/C,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,GAAG,EAAE,CAAC;gBAC7B,IAAI,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;gBACzC,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;YACpC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;YACpE,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YAGrC,IAAI,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACjD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,iBAAiB,EAAE;gBACxE,MAAM,EAAE,KAAK;gBACb,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,eAAe,EAAE,UAAU,KAAK,EAAE;iBACnC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,GAAG,CAAC,kCAAkC,EAAE,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBACnE,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,IAAI,CAAC,eAAe,EAAE,CAAC;gBACvB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,IAAI,GAAoB,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAGpD,MAAM,OAAO,GAAe;gBAC1B,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU,EAAE,OAAO,CAAC,WAAW;gBAC/B,SAAS,EAAE,SAAS;aACrB,CAAC;YAEF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC;YAC7B,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC;YAE9B,IAAI,CAAC,GAAG,CAAC,kBAAkB,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC9C,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;YAEnC,OAAO,OAAO,CAAC;QAEjB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YAE/C,IAAI,KAAK,YAAY,SAAS,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC5E,OAAO,CAAC,KAAK,CAAC;;;WAGX,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;WAClE,IAAI,CAAC,MAAM,CAAC,WAAW;;;;;;;SAOzB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,eAAe,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAQD,UAAU;QACR,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAQD,OAAO;QACL,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAOD,WAAW;QACT,OAAO,IAAI,CAAC,cAAc,EAAE,QAAQ,IAAI,IAAI,CAAC;IAC/C,CAAC;IAMD,eAAe;QACb,MAAM,QAAQ,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,mBAAmB,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACtF,IAAI,CAAC,GAAG,CAAC,0BAA0B,EAAE,QAAQ,CAAC,CAAC;QAC/C,IAAI,CAAC,GAAG,CAAC,kBAAkB,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACjG,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC;IAClC,CAAC;IAMD,KAAK,CAAC,MAAM;QACV,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAE3F,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;YAEpC,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,qBAAqB,EAAE;gBAC3D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,GAAG,CAAC,KAAK,IAAI,EAAE,eAAe,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC;iBACrD;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YACxB,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YAG7B,IAAI,CAAC,eAAe,EAAE,CAAC;QAEzB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAC7C,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,OAAO,MAAM,KAAK,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YAE1F,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,EAAE,CAAC;YAEtB,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,CAAC;IACH,CAAC;IAmBD,KAAK,CAAC,SAAS,CAAC,SAAiB,EAAE,IAAY;QAC7C,IAAI,CAAC;YACH,IAAI,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;YAEzC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,yBAAyB,EAAE;gBAChF,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;aAC1C,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,IAAI,qBAAqB,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YAGD,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5B,IAAI,CAAC,cAAc,EAAE,CAAC;YAGtB,MAAM,OAAO,GAAG,SAAS,CAAa,IAAI,CAAC,KAAK,CAAC,CAAC;YAElD,IAAI,CAAC,WAAW,GAAG;gBACjB,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB,CAAC;YAEF,IAAI,CAAC,cAAc,GAAG;gBACpB,IAAI,EAAE,IAAI,CAAC,WAAW;gBACtB,QAAQ,EAAE,OAAO,CAAC,SAAS;gBAC3B,UAAU,EAAE,OAAO,CAAC,WAAW;gBAC/B,SAAS,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;aACxC,CAAC;YAEF,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;YAE/C,OAAO,IAAI,CAAC,cAAc,CAAC;QAE7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;YAC5C,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAgBD,OAAO,CAAC,OAAe,EAAE,QAAgB;QACvC,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO,KAAK,CAAC;QAEpC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACvD,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACrC,CAAC;IAQD,QAAQ,CAAC,OAAe;QACtB,IAAI,CAAC,IAAI,CAAC,WAAW;YAAE,OAAO,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/C,CAAC;IAQD,cAAc,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3C,CAAC;IAUO,eAAe;QACrB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAE/C,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC3D,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAKO,kBAAkB;QACxB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO;QAE1C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1C,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAGjC,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;IACtD,CAAC;IAKO,UAAU,CAAC,KAAa;QAC9B,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO;QAE1C,IAAI,CAAC;YACH,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAKO,cAAc;QACpB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAE/C,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACvD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKO,gBAAgB;QACtB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO;QAE1C,IAAI,CAAC;YACH,YAAY,CAAC,UAAU,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YACjD,IAAI,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;QAChD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAKO,cAAc,CAAC,SAAiB;QACtC,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO;QAE1C,IAAI,CAAC;YACH,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,cAAc,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAC5C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAKO,YAAY;QAClB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO,IAAI,CAAC;QAE/C,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;QAC5D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKO,cAAc;QACpB,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAO;QAE1C,IAAI,CAAC;YACH,YAAY,CAAC,UAAU,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC;YACtD,IAAI,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;QAC5B,IAAI,CAAC,eAAe,EAAE,CAAC;IACzB,CAAC;IAEO,GAAG,CAAC,GAAG,IAAW;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,IAAI,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;;AApeuB,uBAAS,GAAG,mBAAmB,AAAtB,CAAuB;AAChC,4BAAc,GAAG,mBAAmB,AAAtB,CAAuB;AA4f/D,MAAM,UAAU,UAAU,CAAC,MAAqB;IAM9C,MAAM,IAAI,KAAK,CACb,mEAAmE,CACpE,CAAC;AACJ,CAAC;AAMD,eAAe,aAAa,CAAC"}