@uniforge/platform-core 0.1.0-alpha.2

package/dist/auth/index.d.cts

@@ -0,0 +1,184 @@
+import { S as Session, a as ShopContext } from '../types-CgnJiK8Z.cjs';
+export { A as AssociatedUser, O as OnlineAccessInfo, b as SessionData, c as Shop } from '../types-CgnJiK8Z.cjs';
+
+/**
+ * Pluggable session storage interface.
+ *
+ * Consumers implement this interface for their persistence backend
+ * (e.g., Prisma/PostgreSQL, Redis, in-memory). The framework wraps
+ * this with an encrypting decorator so storage adapters never see
+ * plaintext tokens.
+ */
+
+/** Pluggable session storage backend. */
+interface SessionStorage {
+    /** Persist a session. Returns true on success. */
+    storeSession(session: Session): Promise<boolean>;
+    /** Load a session by ID. Returns undefined if not found. */
+    loadSession(id: string): Promise<Session | undefined>;
+    /** Delete a session by ID. Returns true on success. */
+    deleteSession(id: string): Promise<boolean>;
+    /** Delete multiple sessions by ID. Returns true on success. */
+    deleteSessions(ids: string[]): Promise<boolean>;
+    /** Find all sessions for a given shop domain. */
+    findSessionsByShop(shop: string): Promise<Session[]>;
+}
+
+/**
+ * Framework-agnostic authentication middleware interfaces.
+ *
+ * These are implemented in @uniforge/core and adapted to specific
+ * HTTP frameworks via platform adapters.
+ */
+
+/** Normalized HTTP request for auth middleware. */
+interface AuthRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[] | undefined>;
+    query: Record<string, string>;
+    rawBody?: Buffer;
+}
+/** Discriminated union of auth middleware outcomes. */
+type AuthResult = AuthResultSuccess | AuthResultRedirect | AuthResultError;
+/** Successful authentication result with session and shop context. */
+interface AuthResultSuccess {
+    authenticated: true;
+    session: Session;
+    shopContext: ShopContext;
+}
+/** Auth result requiring a redirect (e.g., to OAuth). */
+interface AuthResultRedirect {
+    authenticated: false;
+    redirectUrl: string;
+    statusCode: 302 | 307;
+}
+/** Auth result representing an authentication failure. */
+interface AuthResultError {
+    authenticated: false;
+    error: AuthError;
+}
+/** Structured authentication error with code and HTTP status. */
+interface AuthError {
+    code: AuthErrorCode;
+    message: string;
+    statusCode: number;
+}
+/** All possible authentication error codes. */
+type AuthErrorCode = 'SESSION_NOT_FOUND' | 'SESSION_EXPIRED' | 'TOKEN_EXCHANGE_FAILED' | 'TOKEN_REFRESH_FAILED' | 'HMAC_VALIDATION_FAILED' | 'INVALID_SHOP' | 'SCOPE_MISMATCH' | 'SHOPIFY_UNAVAILABLE' | 'ENCRYPTION_ERROR' | 'UNKNOWN_ERROR';
+/** Framework-agnostic authentication middleware. */
+interface AuthMiddleware {
+    authenticate(request: AuthRequest): Promise<AuthResult>;
+}
+/** Configuration for public and protected route patterns. */
+interface RouteProtectionConfig {
+    protectedRoutes?: string[];
+    publicRoutes?: string[];
+}
+
+/**
+ * Token encryption interfaces.
+ *
+ * Defines AES-256-GCM encryption types for access tokens at rest
+ * with key rotation support via key registry pattern.
+ */
+/** Encryption configuration with key registry. */
+interface EncryptionConfig {
+    keys: EncryptionKey[];
+}
+/** An encryption key with its identifier and creation date. */
+interface EncryptionKey {
+    id: string;
+    key: Buffer | string;
+    createdAt: Date;
+}
+/** AES-256-GCM encrypted payload with metadata. */
+interface EncryptedPayload {
+    ciphertext: string;
+    iv: string;
+    authTag: string;
+    keyId: string;
+}
+/** Service for encrypting and decrypting access tokens. */
+interface TokenEncryptionService {
+    /** Encrypt a plaintext string using the active key. */
+    encrypt(plaintext: string): EncryptedPayload;
+    /** Decrypt an encrypted payload back to plaintext. */
+    decrypt(payload: EncryptedPayload): string;
+    /** Check if a payload was encrypted with the current active key. */
+    isEncryptedWithActiveKey(payload: EncryptedPayload): boolean;
+}
+
+/**
+ * Authentication event types and handler interface.
+ *
+ * Defines structured event types for audit logging of all
+ * authentication-related actions across the framework.
+ */
+/** All possible authentication event types for audit logging. */
+type AuthEventType = 'token_exchange_success' | 'token_exchange_failure' | 'oauth_begin' | 'oauth_callback_success' | 'oauth_callback_failure' | 'session_created' | 'session_expired' | 'session_deleted' | 'token_refreshed' | 'token_refresh_failed' | 'hmac_validation_failed' | 'middleware_authorized' | 'middleware_unauthorized';
+/** Structured authentication event for audit logging. */
+interface AuthEvent {
+    id: string;
+    type: AuthEventType;
+    shopDomain: string;
+    sessionId: string | null;
+    userId: number | null;
+    outcome: 'success' | 'failure';
+    metadata: Record<string, string>;
+    timestamp: Date;
+}
+/** Handler for processing authentication events. */
+interface AuthEventHandler {
+    onAuthEvent(event: AuthEvent): Promise<void> | void;
+}
+
+/**
+ * Core authentication configuration types.
+ *
+ * These interfaces define the configuration surface for UniForge's
+ * authentication system.
+ */
+
+/** Core authentication configuration. */
+interface AuthConfig {
+    apiKey: string;
+    apiSecretKey: string;
+    scopes: string[];
+    hostName: string;
+    apiVersion: string;
+    isEmbeddedApp?: boolean;
+    sessionStorage: SessionStorage;
+    encryption: EncryptionConfig;
+    eventHandler?: AuthEventHandler;
+    session?: SessionConfig;
+    tokenRefresh?: TokenRefreshConfig;
+}
+/** Session behavior configuration. */
+interface SessionConfig {
+    expirationTimeoutSeconds?: number;
+    useExpiringOfflineTokens?: boolean;
+}
+/** Token refresh retry configuration. */
+interface TokenRefreshConfig {
+    maxRetries?: number;
+    refreshBufferSeconds?: number;
+}
+
+/**
+ * Session ID and shop domain validation helpers.
+ */
+/** Result of parsing a session ID string. */
+interface ParsedSessionId {
+    type: 'offline' | 'online';
+    shop: string;
+    userId: number | null;
+}
+/** Validate that a string is a valid Shopify myshopify.com domain. */
+declare function isValidShopDomain(domain: string): boolean;
+/** Validate that a string is a valid session ID format. */
+declare function isValidSessionId(id: string): boolean;
+/** Parse a session ID string into its components (type, shop, userId). */
+declare function parseSessionId(id: string): ParsedSessionId | null;
+
+export { type AuthConfig, type AuthError, type AuthErrorCode, type AuthEvent, type AuthEventHandler, type AuthEventType, type AuthMiddleware, type AuthRequest, type AuthResult, type AuthResultError, type AuthResultRedirect, type AuthResultSuccess, type EncryptedPayload, type EncryptionConfig, type EncryptionKey, type ParsedSessionId, type RouteProtectionConfig, Session, type SessionConfig, type SessionStorage, ShopContext, type TokenEncryptionService, type TokenRefreshConfig, isValidSessionId, isValidShopDomain, parseSessionId };

package/dist/auth/index.d.ts

@@ -0,0 +1,184 @@
+import { S as Session, a as ShopContext } from '../types-CgnJiK8Z.js';
+export { A as AssociatedUser, O as OnlineAccessInfo, b as SessionData, c as Shop } from '../types-CgnJiK8Z.js';
+
+/**
+ * Pluggable session storage interface.
+ *
+ * Consumers implement this interface for their persistence backend
+ * (e.g., Prisma/PostgreSQL, Redis, in-memory). The framework wraps
+ * this with an encrypting decorator so storage adapters never see
+ * plaintext tokens.
+ */
+
+/** Pluggable session storage backend. */
+interface SessionStorage {
+    /** Persist a session. Returns true on success. */
+    storeSession(session: Session): Promise<boolean>;
+    /** Load a session by ID. Returns undefined if not found. */
+    loadSession(id: string): Promise<Session | undefined>;
+    /** Delete a session by ID. Returns true on success. */
+    deleteSession(id: string): Promise<boolean>;
+    /** Delete multiple sessions by ID. Returns true on success. */
+    deleteSessions(ids: string[]): Promise<boolean>;
+    /** Find all sessions for a given shop domain. */
+    findSessionsByShop(shop: string): Promise<Session[]>;
+}
+
+/**
+ * Framework-agnostic authentication middleware interfaces.
+ *
+ * These are implemented in @uniforge/core and adapted to specific
+ * HTTP frameworks via platform adapters.
+ */
+
+/** Normalized HTTP request for auth middleware. */
+interface AuthRequest {
+    method: string;
+    url: string;
+    headers: Record<string, string | string[] | undefined>;
+    query: Record<string, string>;
+    rawBody?: Buffer;
+}
+/** Discriminated union of auth middleware outcomes. */
+type AuthResult = AuthResultSuccess | AuthResultRedirect | AuthResultError;
+/** Successful authentication result with session and shop context. */
+interface AuthResultSuccess {
+    authenticated: true;
+    session: Session;
+    shopContext: ShopContext;
+}
+/** Auth result requiring a redirect (e.g., to OAuth). */
+interface AuthResultRedirect {
+    authenticated: false;
+    redirectUrl: string;
+    statusCode: 302 | 307;
+}
+/** Auth result representing an authentication failure. */
+interface AuthResultError {
+    authenticated: false;
+    error: AuthError;
+}
+/** Structured authentication error with code and HTTP status. */
+interface AuthError {
+    code: AuthErrorCode;
+    message: string;
+    statusCode: number;
+}
+/** All possible authentication error codes. */
+type AuthErrorCode = 'SESSION_NOT_FOUND' | 'SESSION_EXPIRED' | 'TOKEN_EXCHANGE_FAILED' | 'TOKEN_REFRESH_FAILED' | 'HMAC_VALIDATION_FAILED' | 'INVALID_SHOP' | 'SCOPE_MISMATCH' | 'SHOPIFY_UNAVAILABLE' | 'ENCRYPTION_ERROR' | 'UNKNOWN_ERROR';
+/** Framework-agnostic authentication middleware. */
+interface AuthMiddleware {
+    authenticate(request: AuthRequest): Promise<AuthResult>;
+}
+/** Configuration for public and protected route patterns. */
+interface RouteProtectionConfig {
+    protectedRoutes?: string[];
+    publicRoutes?: string[];
+}
+
+/**
+ * Token encryption interfaces.
+ *
+ * Defines AES-256-GCM encryption types for access tokens at rest
+ * with key rotation support via key registry pattern.
+ */
+/** Encryption configuration with key registry. */
+interface EncryptionConfig {
+    keys: EncryptionKey[];
+}
+/** An encryption key with its identifier and creation date. */
+interface EncryptionKey {
+    id: string;
+    key: Buffer | string;
+    createdAt: Date;
+}
+/** AES-256-GCM encrypted payload with metadata. */
+interface EncryptedPayload {
+    ciphertext: string;
+    iv: string;
+    authTag: string;
+    keyId: string;
+}
+/** Service for encrypting and decrypting access tokens. */
+interface TokenEncryptionService {
+    /** Encrypt a plaintext string using the active key. */
+    encrypt(plaintext: string): EncryptedPayload;
+    /** Decrypt an encrypted payload back to plaintext. */
+    decrypt(payload: EncryptedPayload): string;
+    /** Check if a payload was encrypted with the current active key. */
+    isEncryptedWithActiveKey(payload: EncryptedPayload): boolean;
+}
+
+/**
+ * Authentication event types and handler interface.
+ *
+ * Defines structured event types for audit logging of all
+ * authentication-related actions across the framework.
+ */
+/** All possible authentication event types for audit logging. */
+type AuthEventType = 'token_exchange_success' | 'token_exchange_failure' | 'oauth_begin' | 'oauth_callback_success' | 'oauth_callback_failure' | 'session_created' | 'session_expired' | 'session_deleted' | 'token_refreshed' | 'token_refresh_failed' | 'hmac_validation_failed' | 'middleware_authorized' | 'middleware_unauthorized';
+/** Structured authentication event for audit logging. */
+interface AuthEvent {
+    id: string;
+    type: AuthEventType;
+    shopDomain: string;
+    sessionId: string | null;
+    userId: number | null;
+    outcome: 'success' | 'failure';
+    metadata: Record<string, string>;
+    timestamp: Date;
+}
+/** Handler for processing authentication events. */
+interface AuthEventHandler {
+    onAuthEvent(event: AuthEvent): Promise<void> | void;
+}
+
+/**
+ * Core authentication configuration types.
+ *
+ * These interfaces define the configuration surface for UniForge's
+ * authentication system.
+ */
+
+/** Core authentication configuration. */
+interface AuthConfig {
+    apiKey: string;
+    apiSecretKey: string;
+    scopes: string[];
+    hostName: string;
+    apiVersion: string;
+    isEmbeddedApp?: boolean;
+    sessionStorage: SessionStorage;
+    encryption: EncryptionConfig;
+    eventHandler?: AuthEventHandler;
+    session?: SessionConfig;
+    tokenRefresh?: TokenRefreshConfig;
+}
+/** Session behavior configuration. */
+interface SessionConfig {
+    expirationTimeoutSeconds?: number;
+    useExpiringOfflineTokens?: boolean;
+}
+/** Token refresh retry configuration. */
+interface TokenRefreshConfig {
+    maxRetries?: number;
+    refreshBufferSeconds?: number;
+}
+
+/**
+ * Session ID and shop domain validation helpers.
+ */
+/** Result of parsing a session ID string. */
+interface ParsedSessionId {
+    type: 'offline' | 'online';
+    shop: string;
+    userId: number | null;
+}
+/** Validate that a string is a valid Shopify myshopify.com domain. */
+declare function isValidShopDomain(domain: string): boolean;
+/** Validate that a string is a valid session ID format. */
+declare function isValidSessionId(id: string): boolean;
+/** Parse a session ID string into its components (type, shop, userId). */
+declare function parseSessionId(id: string): ParsedSessionId | null;
+
+export { type AuthConfig, type AuthError, type AuthErrorCode, type AuthEvent, type AuthEventHandler, type AuthEventType, type AuthMiddleware, type AuthRequest, type AuthResult, type AuthResultError, type AuthResultRedirect, type AuthResultSuccess, type EncryptedPayload, type EncryptionConfig, type EncryptionKey, type ParsedSessionId, type RouteProtectionConfig, Session, type SessionConfig, type SessionStorage, ShopContext, type TokenEncryptionService, type TokenRefreshConfig, isValidSessionId, isValidShopDomain, parseSessionId };

package/dist/auth/index.js

@@ -0,0 +1,62 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/auth/index.ts
+var auth_exports = {};
+__export(auth_exports, {
+  isValidSessionId: () => isValidSessionId,
+  isValidShopDomain: () => isValidShopDomain,
+  parseSessionId: () => parseSessionId
+});
+module.exports = __toCommonJS(auth_exports);
+
+// src/auth/validators.ts
+var SHOP_DOMAIN_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]*\.myshopify\.com$/;
+function isValidShopDomain(domain) {
+  return SHOP_DOMAIN_REGEX.test(domain);
+}
+function isValidSessionId(id) {
+  return parseSessionId(id) !== null;
+}
+function parseSessionId(id) {
+  if (!id) return null;
+  if (id.startsWith("offline_")) {
+    const shop = id.slice("offline_".length);
+    if (!isValidShopDomain(shop)) return null;
+    return { type: "offline", shop, userId: null };
+  }
+  if (id.startsWith("online_")) {
+    const rest = id.slice("online_".length);
+    const lastUnderscore = rest.lastIndexOf("_");
+    if (lastUnderscore === -1) return null;
+    const shop = rest.slice(0, lastUnderscore);
+    const userIdStr = rest.slice(lastUnderscore + 1);
+    if (!isValidShopDomain(shop)) return null;
+    if (!/^\d+$/.test(userIdStr)) return null;
+    return { type: "online", shop, userId: parseInt(userIdStr, 10) };
+  }
+  return null;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  isValidSessionId,
+  isValidShopDomain,
+  parseSessionId
+});
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/index.ts","../../src/auth/validators.ts"],"sourcesContent":["/**\n * @uniforge/platform-core - Authentication\n *\n * Platform-agnostic authentication interfaces and types.\n */\n\n// Types\nexport type {\n  Session,\n  SessionData,\n  OnlineAccessInfo,\n  AssociatedUser,\n  Shop,\n  ShopContext,\n} from './types';\n\n// Session Storage\nexport type { SessionStorage } from './session-storage';\n\n// Middleware\nexport type {\n  AuthRequest,\n  AuthResult,\n  AuthResultSuccess,\n  AuthResultRedirect,\n  AuthResultError,\n  AuthError,\n  AuthErrorCode,\n  AuthMiddleware,\n  RouteProtectionConfig,\n} from './middleware';\n\n// Encryption\nexport type {\n  EncryptionConfig,\n  EncryptionKey,\n  EncryptedPayload,\n  TokenEncryptionService,\n} from './encryption';\n\n// Events\nexport type {\n  AuthEventType,\n  AuthEvent,\n  AuthEventHandler,\n} from './events';\n\n// Configuration\nexport type {\n  AuthConfig,\n  SessionConfig,\n  TokenRefreshConfig,\n} from './config';\n\n// Validators\nexport {\n  isValidSessionId,\n  isValidShopDomain,\n  parseSessionId,\n} from './validators';\nexport type { ParsedSessionId } from './validators';\n","/**\n * Session ID and shop domain validation helpers.\n */\n\nconst SHOP_DOMAIN_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]*\\.myshopify\\.com$/;\n\n/** Result of parsing a session ID string. */\nexport interface ParsedSessionId {\n  type: 'offline' | 'online';\n  shop: string;\n  userId: number | null;\n}\n\n/** Validate that a string is a valid Shopify myshopify.com domain. */\nexport function isValidShopDomain(domain: string): boolean {\n  return SHOP_DOMAIN_REGEX.test(domain);\n}\n\n/** Validate that a string is a valid session ID format. */\nexport function isValidSessionId(id: string): boolean {\n  return parseSessionId(id) !== null;\n}\n\n/** Parse a session ID string into its components (type, shop, userId). */\nexport function parseSessionId(id: string): ParsedSessionId | null {\n  if (!id) return null;\n\n  if (id.startsWith('offline_')) {\n    const shop = id.slice('offline_'.length);\n    if (!isValidShopDomain(shop)) return null;\n    return { type: 'offline', shop, userId: null };\n  }\n\n  if (id.startsWith('online_')) {\n    const rest = id.slice('online_'.length);\n    const lastUnderscore = rest.lastIndexOf('_');\n    if (lastUnderscore === -1) return null;\n\n    const shop = rest.slice(0, lastUnderscore);\n    const userIdStr = rest.slice(lastUnderscore + 1);\n\n    if (!isValidShopDomain(shop)) return null;\n    if (!/^\\d+$/.test(userIdStr)) return null;\n\n    return { type: 'online', shop, userId: parseInt(userIdStr, 10) };\n  }\n\n  return null;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIA,IAAM,oBAAoB;AAUnB,SAAS,kBAAkB,QAAyB;AACzD,SAAO,kBAAkB,KAAK,MAAM;AACtC;AAGO,SAAS,iBAAiB,IAAqB;AACpD,SAAO,eAAe,EAAE,MAAM;AAChC;AAGO,SAAS,eAAe,IAAoC;AACjE,MAAI,CAAC,GAAI,QAAO;AAEhB,MAAI,GAAG,WAAW,UAAU,GAAG;AAC7B,UAAM,OAAO,GAAG,MAAM,WAAW,MAAM;AACvC,QAAI,CAAC,kBAAkB,IAAI,EAAG,QAAO;AACrC,WAAO,EAAE,MAAM,WAAW,MAAM,QAAQ,KAAK;AAAA,EAC/C;AAEA,MAAI,GAAG,WAAW,SAAS,GAAG;AAC5B,UAAM,OAAO,GAAG,MAAM,UAAU,MAAM;AACtC,UAAM,iBAAiB,KAAK,YAAY,GAAG;AAC3C,QAAI,mBAAmB,GAAI,QAAO;AAElC,UAAM,OAAO,KAAK,MAAM,GAAG,cAAc;AACzC,UAAM,YAAY,KAAK,MAAM,iBAAiB,CAAC;AAE/C,QAAI,CAAC,kBAAkB,IAAI,EAAG,QAAO;AACrC,QAAI,CAAC,QAAQ,KAAK,SAAS,EAAG,QAAO;AAErC,WAAO,EAAE,MAAM,UAAU,MAAM,QAAQ,SAAS,WAAW,EAAE,EAAE;AAAA,EACjE;AAEA,SAAO;AACT;","names":[]}

package/dist/auth/index.mjs

@@ -0,0 +1,33 @@
+// src/auth/validators.ts
+var SHOP_DOMAIN_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]*\.myshopify\.com$/;
+function isValidShopDomain(domain) {
+  return SHOP_DOMAIN_REGEX.test(domain);
+}
+function isValidSessionId(id) {
+  return parseSessionId(id) !== null;
+}
+function parseSessionId(id) {
+  if (!id) return null;
+  if (id.startsWith("offline_")) {
+    const shop = id.slice("offline_".length);
+    if (!isValidShopDomain(shop)) return null;
+    return { type: "offline", shop, userId: null };
+  }
+  if (id.startsWith("online_")) {
+    const rest = id.slice("online_".length);
+    const lastUnderscore = rest.lastIndexOf("_");
+    if (lastUnderscore === -1) return null;
+    const shop = rest.slice(0, lastUnderscore);
+    const userIdStr = rest.slice(lastUnderscore + 1);
+    if (!isValidShopDomain(shop)) return null;
+    if (!/^\d+$/.test(userIdStr)) return null;
+    return { type: "online", shop, userId: parseInt(userIdStr, 10) };
+  }
+  return null;
+}
+export {
+  isValidSessionId,
+  isValidShopDomain,
+  parseSessionId
+};
+//# sourceMappingURL=index.mjs.map

package/dist/auth/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/validators.ts"],"sourcesContent":["/**\n * Session ID and shop domain validation helpers.\n */\n\nconst SHOP_DOMAIN_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]*\\.myshopify\\.com$/;\n\n/** Result of parsing a session ID string. */\nexport interface ParsedSessionId {\n  type: 'offline' | 'online';\n  shop: string;\n  userId: number | null;\n}\n\n/** Validate that a string is a valid Shopify myshopify.com domain. */\nexport function isValidShopDomain(domain: string): boolean {\n  return SHOP_DOMAIN_REGEX.test(domain);\n}\n\n/** Validate that a string is a valid session ID format. */\nexport function isValidSessionId(id: string): boolean {\n  return parseSessionId(id) !== null;\n}\n\n/** Parse a session ID string into its components (type, shop, userId). */\nexport function parseSessionId(id: string): ParsedSessionId | null {\n  if (!id) return null;\n\n  if (id.startsWith('offline_')) {\n    const shop = id.slice('offline_'.length);\n    if (!isValidShopDomain(shop)) return null;\n    return { type: 'offline', shop, userId: null };\n  }\n\n  if (id.startsWith('online_')) {\n    const rest = id.slice('online_'.length);\n    const lastUnderscore = rest.lastIndexOf('_');\n    if (lastUnderscore === -1) return null;\n\n    const shop = rest.slice(0, lastUnderscore);\n    const userIdStr = rest.slice(lastUnderscore + 1);\n\n    if (!isValidShopDomain(shop)) return null;\n    if (!/^\\d+$/.test(userIdStr)) return null;\n\n    return { type: 'online', shop, userId: parseInt(userIdStr, 10) };\n  }\n\n  return null;\n}\n"],"mappings":";AAIA,IAAM,oBAAoB;AAUnB,SAAS,kBAAkB,QAAyB;AACzD,SAAO,kBAAkB,KAAK,MAAM;AACtC;AAGO,SAAS,iBAAiB,IAAqB;AACpD,SAAO,eAAe,EAAE,MAAM;AAChC;AAGO,SAAS,eAAe,IAAoC;AACjE,MAAI,CAAC,GAAI,QAAO;AAEhB,MAAI,GAAG,WAAW,UAAU,GAAG;AAC7B,UAAM,OAAO,GAAG,MAAM,WAAW,MAAM;AACvC,QAAI,CAAC,kBAAkB,IAAI,EAAG,QAAO;AACrC,WAAO,EAAE,MAAM,WAAW,MAAM,QAAQ,KAAK;AAAA,EAC/C;AAEA,MAAI,GAAG,WAAW,SAAS,GAAG;AAC5B,UAAM,OAAO,GAAG,MAAM,UAAU,MAAM;AACtC,UAAM,iBAAiB,KAAK,YAAY,GAAG;AAC3C,QAAI,mBAAmB,GAAI,QAAO;AAElC,UAAM,OAAO,KAAK,MAAM,GAAG,cAAc;AACzC,UAAM,YAAY,KAAK,MAAM,iBAAiB,CAAC;AAE/C,QAAI,CAAC,kBAAkB,IAAI,EAAG,QAAO;AACrC,QAAI,CAAC,QAAQ,KAAK,SAAS,EAAG,QAAO;AAErC,WAAO,EAAE,MAAM,UAAU,MAAM,QAAQ,SAAS,WAAW,EAAE,EAAE;AAAA,EACjE;AAEA,SAAO;AACT;","names":[]}