@vertesia/ui 1.0.0-dev.20260227.112605Z → 1.0.0-dev.20260305.083323Z

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/lib/esm/core/components/shadcn/selectBox.js +1 -1
  2. package/lib/esm/core/components/shadcn/theme/ThemeSwitcher.js +3 -4
  3. package/lib/esm/core/components/shadcn/theme/ThemeSwitcher.js.map +1 -1
  4. package/lib/esm/core/components/shadcn/tooltip.js +1 -1
  5. package/lib/esm/core/components/shadcn/tooltip.js.map +1 -1
  6. package/lib/esm/features/agent/chat/ModernAgentConversation.js +3 -3
  7. package/lib/esm/features/agent/chat/ModernAgentConversation.js.map +1 -1
  8. package/lib/esm/features/store/collections/CreateCollection.js +13 -13
  9. package/lib/esm/features/store/collections/CreateCollection.js.map +1 -1
  10. package/lib/esm/features/store/types/SelectContentType.js +1 -1
  11. package/lib/esm/features/store/types/SelectContentType.js.map +1 -1
  12. package/lib/esm/session/UserSession.js +8 -0
  13. package/lib/esm/session/UserSession.js.map +1 -1
  14. package/lib/esm/shell/login/TerminalLogin.js +1 -1
  15. package/lib/esm/shell/login/TerminalLogin.js.map +1 -1
  16. package/lib/tsconfig.tsbuildinfo +1 -1
  17. package/lib/types/core/components/shadcn/theme/ThemeSwitcher.d.ts +6 -1
  18. package/lib/types/core/components/shadcn/theme/ThemeSwitcher.d.ts.map +1 -1
  19. package/lib/types/features/agent/chat/ModernAgentConversation.d.ts.map +1 -1
  20. package/lib/types/features/store/collections/CreateCollection.d.ts.map +1 -1
  21. package/lib/types/session/UserSession.d.ts.map +1 -1
  22. package/lib/types/shell/login/TerminalLogin.d.ts.map +1 -1
  23. package/lib/vertesia-ui-core.js +1 -1
  24. package/lib/vertesia-ui-core.js.map +1 -1
  25. package/lib/vertesia-ui-features.js +1 -1
  26. package/lib/vertesia-ui-features.js.map +1 -1
  27. package/lib/vertesia-ui-session.js +1 -1
  28. package/lib/vertesia-ui-session.js.map +1 -1
  29. package/lib/vertesia-ui-shell.js.map +1 -1
  30. package/llms.txt +124 -4
  31. package/package.json +19 -5
  32. package/src/core/components/shadcn/selectBox.tsx +1 -1
  33. package/src/core/components/shadcn/theme/ThemeSwitcher.tsx +13 -8
  34. package/src/core/components/shadcn/tooltip.tsx +1 -1
  35. package/src/css/base.css +31 -0
  36. package/src/css/color.css +136 -0
  37. package/src/css/custom-tooltips.css +64 -0
  38. package/src/css/index.css +27 -0
  39. package/src/css/theme.css +86 -0
  40. package/src/css/typography.css +88 -0
  41. package/src/css/utilities.css +72 -0
  42. package/src/features/agent/chat/ModernAgentConversation.tsx +84 -91
  43. package/src/features/store/collections/CreateCollection.tsx +36 -34
  44. package/src/features/store/types/SelectContentType.tsx +1 -1
  45. package/src/session/UserSession.ts +8 -0
  46. package/src/shell/login/TerminalLogin.tsx +1 -2
package/lib/vertesia-ui-session.js CHANGED
@@ -1,2 +1,2 @@
1
- import{jwtDecode as e}from"jwt-decode";import{Env as t}from"@vertesia/ui/env";import{getAnalytics as o,logEvent as n}from"firebase/analytics";import{initializeApp as r}from"firebase/app";import{getAuth as i,onAuthStateChanged as s}from"firebase/auth";import{useState as a,useEffect as c,useCallback as l,createContext as u,useContext as d,useRef as g}from"react";import{useUserSession as h}from"@vertesia/ui/session";import{VertesiaClient as f}from"@vertesia/client";import{jsx as m}from"react/jsx-runtime";const p="composableai.lastSelectedAccountId",w="composableai.lastSelectedProjectId";let v,k,S=null,b=null,T=null;function y(){if(!S)try{if(!t.firebase)throw new Error("Firebase configuration is not available in the environment");S=r(t.firebase)}catch(e){throw console.error("Failed to initialize Firebase app:",e),new Error("Firebase initialization failed - environment may not be properly initialized")}return S}function _(){return b||(b=o(y())),b}function j(){return T||(T=i(y())),T}async function I(e){if(e)if(t.firebase)try{e&&console.log(`Resolving tenant ID from email: ${e}`);let o=3,n=250;for(;o>0;)try{const o=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e}),signal:AbortSignal.timeout(5e3)});if(!o)throw new Error("No response received from tenant API");if(!o.ok){try{const e=await o.json();console.error("Failed to resolve tenant ID:",e.error)}catch(e){console.error(`Failed to resolve tenant ID: HTTP ${o.status}`)}if(404===o.status)return void console.warn(`Tenant not found for ${e}`);throw new Error(`HTTP error ${o.status}`)}const n=await o.json();if(n&&n.firebaseTenantId){const e=j();return e.tenantId=n.firebaseTenantId,t.firebase.providerType=n.provider??"oidc",console.log(`Tenant ID set to ${e.tenantId}`),n}return void console.error(`Invalid response format, missing tenantId for ${e}`)}catch(e){if(!(o>1))throw e;console.warn(`Tenant resolution failed, retrying in ${n}ms...`,e),await new Promise(e=>setTimeout(e,n)),n*=2,o--}}catch(e){console.error("Error setting Firebase tenant:",e instanceof Error?e.message:"Unknown error")}else console.log("Firebase configuration is not available in the environment");else console.log("No tenant name or email specified, skipping tenant setup")}async function A(e){const o=j().currentUser;return o?o.getIdToken(e).then(n=>(t.logger.info("Got Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:e}}),n)).catch(n=>(t.logger.error("Failed to get Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:e,error:n}}),console.error("Failed to get access token",n),null)):(t.logger.warn("No user found"),Promise.resolve(null))}async function U(o,n,r,i,s=0){console.log(`Getting/refreshing composable token for account ${n} and project ${r} `),t.logger.info("Getting/refreshing composable token",{vertesia:{account_id:n,project_id:r,retry_count:s}});const a=await o();if(!a)throw console.log("No id token found - using cookie auth"),new Error("No id token found");const c=t.endpoints.sts;console.log("Using STS for token generation:",c),t.logger.info("Using STS for token generation",{vertesia:{account_id:n,project_id:r,sts_url:c}});try{const l=new URL(c+"/token/issue"),u={type:"user",account_id:n,project_id:r,expires_at:i?Math.floor(Date.now()/1e3)+i:void 0},d=await fetch(l,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${a}`},body:JSON.stringify(u)});if(a&&404===d?.status){console.log("404: User not found - calling ensure-user endpoint"),t.logger.info("404: User not found - calling ensure-user endpoint",{vertesia:{account_id:n,project_id:r,status:d?.status}});const c=await fetch(t.endpoints.studio+"/auth/ensure-user",{method:"POST",headers:{Authorization:`Bearer ${a}`,"Content-Type":"application/json"}});if(412===c.status){console.log("412: No invite found - signup required"),t.logger.info("412: No invite found - signup required",{vertesia:{account_id:n,project_id:r}});const o=e(a);if(!o?.email)throw t.logger.error("No email found in id token"),new Error("No email found in id token");throw new P("User not found - signup required",o.email)}if(!c.ok)throw console.error("Failed to ensure user exists",c.status),t.logger.error("Failed to ensure user exists",{vertesia:{account_id:n,project_id:r,status:c.status}}),new Error("Failed to ensure user exists");return console.log("User ensured - retrying token generation"),t.logger.info("User ensured - retrying token generation",{vertesia:{account_id:n,project_id:r}}),U(o,n,r,i,s)}if(a&&412===d?.status){console.log("412: auth succeeded but user doesn't exist - signup required",d?.status),t.logger.error("412: auth succeeded but user doesn't exist - signup required",{vertesia:{account_id:n,project_id:r,status:d?.status}});const o=e(a);if(!o?.email)throw t.logger.error("No email found in id token"),new Error("No email found in id token");throw t.logger.error("User not found",{vertesia:{account_id:n,project_id:r,email:o.email}}),new P("User not found",o.email)}if(403===d.status){if(s>0)throw console.error("403: Access denied even without account scope - user may have no accounts"),t.logger.error("403: Access denied after retry - authorization failure",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:s}}),new Error("Access denied - user may not have access to any accounts");return console.log("403: Access denied - clearing cached account and retrying without account scope"),t.logger.warn("403: Access denied - clearing cached account and retrying",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:s}}),localStorage.removeItem(p),n&&localStorage.removeItem(w+"-"+n),U(o,void 0,void 0,i,s+1)}if(!d.ok){const e=await d.text();throw console.error("STS token generation failed:",d.status,e),t.logger.error("STS token generation failed",{vertesia:{status:d.status,error:e,account_id:n,project_id:r}}),new Error(`Failed to get token from STS: ${d.status}`)}const{token:g}=await d.json();return console.log("Successfully got token from STS"),t.logger.info("Successfully got token from STS"),g}catch(e){if(e instanceof P)throw e;throw localStorage.removeItem(p),n&&localStorage.removeItem(w+"-"+n),console.error("Failed to get composable token from STS",e),t.logger.error("Failed to get composable token from STS",{vertesia:{account_id:n,project_id:r,error:e}}),new Error("Failed to get composable token")}}async function E(e,t,o){return U(A,e,t,o)}async function F(o,n,r,i=!1,s=!1){const a=o??localStorage.getItem(p)??void 0,c=n??localStorage.getItem(w+"-"+a)??void 0;if(!i&&v&&k&&k.exp>Date.now()/1e3+300)return{rawToken:v,token:k,error:!1};if(!s&&j().currentUser?v=await E(a,c):(r||v)&&(v=await U(()=>Promise.resolve(r??v),a,c)),!v)throw t.logger.error("Cannot acquire a composable token",{vertesia:{account_id:a,project_id:c}}),new Error("Cannot acquire a composable token");if(k=e(v),!k||!k.exp||!v)throw console.error("Invalid composable token",k),t.logger.error("Invalid composable token",{vertesia:{account_id:a,project_id:c}}),new Error("Invalid composable token");return{rawToken:v,token:k,error:!1}}class P extends Error{email;constructor(e,t){super(e),this.name="UserNotFoundError",this.email=t}}function $(){const{user:e}=h(),[t,o]=a(null),[n,r]=a(!0),[i,s]=a(null);return c(()=>{(async()=>{if(!e?.email)return o(null),void r(!1);try{const t=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e.email})});if(t.ok){const e=await t.json();o(e?{tenantKey:e.name||"unknown",name:e.label||e.name||"Unknown",domain:e.domain||[],firebaseTenantId:e.firebaseTenantId,provider:e.provider,logo:e.logo}:null)}else o(null)}catch(e){console.error("Error loading current tenant:",e),s("Failed to load tenant configuration"),o(null)}finally{r(!1)}})()},[e?.email]),{currentTenant:t,isLoading:n,error:i}}const N="auth_state",L="auth_state_expiry";function C(){return{generateState:l(()=>{const e=crypto.randomUUID(),t=Date.now()+3e5;return sessionStorage.setItem(N,e),sessionStorage.setItem(L,t.toString()),e},[]),verifyState:l(e=>{if(!e)return"Missing state";const t=sessionStorage.getItem(N),o=parseInt(sessionStorage.getItem(L)||"0");let n;return n=t!==e?`State mismatched (${t} !== ${e})`:Date.now()>o?"State expired":void 0,n},[]),clearState:l(()=>{sessionStorage.removeItem(N),sessionStorage.removeItem(L)},[])}}class x{isLoading=!0;client;authError;authToken;setSession;lastSelectedAccount;lastSelectedProject;onboardingComplete;constructor(e,o){this.client=e||new f({serverUrl:t.endpoints.studio,storeUrl:t.endpoints.zeno,tokenServerUrl:t.endpoints.sts}),o&&(this.setSession=o),this.logout=this.logout.bind(this)}get store(){return this.client.store}get user(){return this.authToken}get account(){return this.authToken?.account}get project(){return this.authToken?.project}get accounts(){return this.authToken?.accounts}get authCallback(){return this.rawAuthToken.then(e=>`Bearer ${e}`)}get rawAuthToken(){return F().then(t=>{const o=t?.rawToken;if(!o)throw new Error("No token available");return this.authToken=e(o),o})}signOut(){this.logout()}getAccount(){return this.authToken?.account}async login(o){return this.authError=void 0,this.isLoading=!1,this.client.withAuthCallback(()=>this.authCallback),this.authToken=e(o),console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`),localStorage.setItem(p,this.authToken.account.id),localStorage.setItem(w+"-"+this.authToken.account.id,this.authToken.project?.id??""),t.onLogin?.(this.authToken),await this.fetchOnboardingStatus(),Promise.resolve()}isLoggedIn(){return!!this.authToken}logout(){console.log("Logging out");if(t.isDocker||[".composable.sh",".vertesia.dev","vertesia.app"].some(e=>window.location.hostname.endsWith(e))){console.log("Using central auth logout"),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0);const e=new URL("https://internal-auth.vertesia.app/"),t=new URL(window.location.href);t.hash="",e.pathname="/logout",e.searchParams.set("redirect_uri",t.toString()),location.replace(e.toString())}else console.log("Using Firebase logout"),this.authToken&&j().signOut(),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0)}async switchAccount(e){localStorage.setItem(p,e),this&&(this.account&&this.project?localStorage.setItem(w+"-"+this.account.id,this.project.id):this.account&&localStorage.removeItem(w+"-"+this.account.id)),window.location.replace("/?a="+e)}async switchProject(e){this.account&&localStorage.setItem(w+"-"+this.account.id,e),window.location.replace("/?a="+this.account?.id+"&p="+e)}async fetchAccounts(){return this.client.accounts.list().then(e=>{if(!this.authToken)throw new Error("No token available");this.authToken.accounts=e,this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch accounts",e),e})}async fetchOnboardingStatus(){if(this.onboardingComplete)return console.log("Onboarding already completed"),!1;const e=this.onboardingComplete;try{const t=await this.client.account.onboardingProgress();if(this.onboardingComplete=Object.values(t).every(e=>!0===e),e!==this.onboardingComplete)return!0;this.setSession?.(this.clone())}catch(e){console.error("Error fetching onboarding status:",e),this.onboardingComplete=!1,this.setSession?.(this.clone())}return!1}clone(){const e=new x(this.client);return e.isLoading=this.isLoading,e.authError=this.authError,e.authToken=this.authToken,e.setSession=this.setSession,e.lastSelectedAccount=this.lastSelectedAccount,e.switchAccount=this.switchAccount,e.onboardingComplete=this.onboardingComplete,e}}const D=u(void 0);function O(){const e=d(D);if(!e)throw new Error("useUserSession must be used within a UserSessionProvider");return e}const R=[".composable.sh",".vertesia.dev","vertesia.app"];function q(){return!!t.isDocker||R.some(e=>window.location.hostname.endsWith(e))}function z({children:e}){const o=new URLSearchParams(location.hash.substring(1)),n=o.get("token"),r=o.get("state"),[i,l]=a(new x),{generateState:u,verifyState:d,clearState:h}=C(),f=g(!1),v=(e,o)=>{const n=new URL(`https://internal-auth.vertesia.app/?sts=${t.endpoints.sts??"https://sts.vertesia.io"}`),r=new URL(window.location.href);r.hash="",n.searchParams.set("redirect_uri",r.toString()),n.searchParams.set("state",u()),location.replace(n.toString())};return c(()=>{if(f.current)return void console.log("Auth: skipping duplicate auth flow initiation");f.current=!0,console.log("Auth: starting auth flow"),t.logger.info("Starting auth flow");const e=new URL(window.location.href),o=e.searchParams.get("a")??localStorage.getItem(p)??void 0,a=e.searchParams.get("p")??localStorage.getItem(w+"-"+o)??void 0;if(console.log("Auth: selected account",o),console.log("Auth: selected project",a),t.logger.info("Selected account and project",{vertesia:{account_id:o,project_id:a}}),n&&r){const e=d(r);return e?(console.error(`Auth: invalid state: ${e}`),t.logger.error(`Invalid state: ${e}`,{vertesia:{state:r}}),v()):h(),void F(o,a,n,!1,q()).then(e=>{i.login(e.rawToken).then(()=>{l(i.clone()),window.location.hash=""})}).catch(e=>{if(e instanceof P)return console.log("User not found - will trigger signup flow",e),i.isLoading=!1,i.authError=e,void l(i.clone());console.error("Failed to fetch user token from studio, redirecting to central auth",e),t.logger.error("Failed to fetch user token from studio, redirecting to central auth",{vertesia:{error:e}}),v()})}if(!i.isLoggedIn()){if(console.log("Auth: not logged in & no token/state"),t.logger.info("Not logged in & no token/state",{vertesia:{account_id:o,project_id:a}}),q())return console.log("Auth: on dev domain, redirecting to central auth with selection",o,a),t.logger.info("Redirecting to central auth with selection",{vertesia:{account_id:o,project_id:a}}),void v();console.log("Auth: not on dev domain"),t.logger.info("Not on dev domain",{vertesia:{account_id:o,project_id:a}})}return s(j(),async e=>{e?(console.log("Auth: successful login with firebase"),t.logger.info("Successful login with firebase",{vertesia:{account_id:o,project_id:a}}),i.setSession=l,await F(o,a,void 0,!1,q()).then(e=>{i.login(e.rawToken).then(()=>l(i.clone()))}).catch(e=>{console.error("Failed to fetch user token from studio",e),t.logger.error("Failed to fetch user token from studio",{vertesia:{account_id:o,project_id:a,error:e}}),e instanceof P||i.logout(),i.isLoading=!1,i.authError=e,l(i.clone())})):(console.log("Auth: using anonymous user"),t.logger.info("Using anonymous user",{vertesia:{account_id:o,project_id:a}}),i.client.withAuthCallback(void 0),i.logout(),l(i.clone()))})},[]),m(D.Provider,{value:i,children:e})}function B(){return{tagUserSession:async e=>{const t=window.localStorage.getItem("composableSignupData");e?t&&window.localStorage.removeItem("composableSignupData"):console.error("No user found -- skipping tagging")},trackEvent:(e,o)=>{t.isProd||console.debug("track event",e,o),n(_(),e,{...o,debug_mode:!t.isProd})}}}export{p as LastSelectedAccountId_KEY,w as LastSelectedProjectId_KEY,P as UserNotFoundError,x as UserSession,D as UserSessionContext,z as UserSessionProvider,U as fetchComposableToken,E as fetchComposableTokenFromFirebaseToken,F as getComposableToken,_ as getFirebaseAnalytics,y as getFirebaseApp,j as getFirebaseAuth,A as getFirebaseAuthToken,I as setFirebaseTenant,q as shouldRedirectToCentralAuth,C as useAuthState,$ as useCurrentTenant,B as useUXTracking,O as useUserSession};
1
+ import{jwtDecode as e}from"jwt-decode";import{Env as t}from"@vertesia/ui/env";import{getAnalytics as o,logEvent as n}from"firebase/analytics";import{initializeApp as r}from"firebase/app";import{getAuth as i,onAuthStateChanged as s}from"firebase/auth";import{useState as a,useEffect as c,useCallback as l,createContext as u,useContext as d,useRef as g}from"react";import{useUserSession as h}from"@vertesia/ui/session";import{VertesiaClient as f}from"@vertesia/client";import{jsx as m}from"react/jsx-runtime";const p="composableai.lastSelectedAccountId",w="composableai.lastSelectedProjectId";let v,k,S=null,b=null,T=null;function y(){if(!S)try{if(!t.firebase)throw new Error("Firebase configuration is not available in the environment");S=r(t.firebase)}catch(e){throw console.error("Failed to initialize Firebase app:",e),new Error("Firebase initialization failed - environment may not be properly initialized")}return S}function _(){return b||(b=o(y())),b}function j(){return T||(T=i(y())),T}async function I(e){if(e)if(t.firebase)try{e&&console.log(`Resolving tenant ID from email: ${e}`);let o=3,n=250;for(;o>0;)try{const o=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e}),signal:AbortSignal.timeout(5e3)});if(!o)throw new Error("No response received from tenant API");if(!o.ok){try{const e=await o.json();console.error("Failed to resolve tenant ID:",e.error)}catch(e){console.error(`Failed to resolve tenant ID: HTTP ${o.status}`)}if(404===o.status)return void console.warn(`Tenant not found for ${e}`);throw new Error(`HTTP error ${o.status}`)}const n=await o.json();if(n&&n.firebaseTenantId){const e=j();return e.tenantId=n.firebaseTenantId,t.firebase.providerType=n.provider??"oidc",console.log(`Tenant ID set to ${e.tenantId}`),n}return void console.error(`Invalid response format, missing tenantId for ${e}`)}catch(e){if(!(o>1))throw e;console.warn(`Tenant resolution failed, retrying in ${n}ms...`,e),await new Promise(e=>setTimeout(e,n)),n*=2,o--}}catch(e){console.error("Error setting Firebase tenant:",e instanceof Error?e.message:"Unknown error")}else console.log("Firebase configuration is not available in the environment");else console.log("No tenant name or email specified, skipping tenant setup")}async function A(e){const o=j().currentUser;return o?o.getIdToken(e).then(n=>(t.logger.info("Got Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:e}}),n)).catch(n=>(t.logger.error("Failed to get Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:e,error:n}}),console.error("Failed to get access token",n),null)):(t.logger.warn("No user found"),Promise.resolve(null))}async function U(o,n,r,i,s=0){console.log(`Getting/refreshing composable token for account ${n} and project ${r} `),t.logger.info("Getting/refreshing composable token",{vertesia:{account_id:n,project_id:r,retry_count:s}});const a=await o();if(!a)throw console.log("No id token found - using cookie auth"),new Error("No id token found");const c=t.endpoints.sts;console.log("Using STS for token generation:",c),t.logger.info("Using STS for token generation",{vertesia:{account_id:n,project_id:r,sts_url:c}});try{const l=new URL(c+"/token/issue"),u={type:"user",account_id:n,project_id:r,expires_at:i?Math.floor(Date.now()/1e3)+i:void 0},d=await fetch(l,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${a}`},body:JSON.stringify(u)});if(a&&404===d?.status){console.log("404: User not found - calling ensure-user endpoint"),t.logger.info("404: User not found - calling ensure-user endpoint",{vertesia:{account_id:n,project_id:r,status:d?.status}});const c=await fetch(t.endpoints.studio+"/auth/ensure-user",{method:"POST",headers:{Authorization:`Bearer ${a}`,"Content-Type":"application/json"}});if(412===c.status){console.log("412: No invite found - signup required"),t.logger.info("412: No invite found - signup required",{vertesia:{account_id:n,project_id:r}});const o=e(a);if(!o?.email)throw t.logger.error("No email found in id token"),new Error("No email found in id token");throw new P("User not found - signup required",o.email)}if(!c.ok)throw console.error("Failed to ensure user exists",c.status),t.logger.error("Failed to ensure user exists",{vertesia:{account_id:n,project_id:r,status:c.status}}),new Error("Failed to ensure user exists");return console.log("User ensured - retrying token generation"),t.logger.info("User ensured - retrying token generation",{vertesia:{account_id:n,project_id:r}}),U(o,n,r,i,s)}if(a&&412===d?.status){console.log("412: auth succeeded but user doesn't exist - signup required",d?.status),t.logger.error("412: auth succeeded but user doesn't exist - signup required",{vertesia:{account_id:n,project_id:r,status:d?.status}});const o=e(a);if(!o?.email)throw t.logger.error("No email found in id token"),new Error("No email found in id token");throw t.logger.error("User not found",{vertesia:{account_id:n,project_id:r,email:o.email}}),new P("User not found",o.email)}if(403===d.status){if(s>0)throw console.error("403: Access denied even without account scope - user may have no accounts"),t.logger.error("403: Access denied after retry - authorization failure",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:s}}),new Error("Access denied - user may not have access to any accounts");return console.log("403: Access denied - clearing cached account and retrying without account scope"),t.logger.warn("403: Access denied - clearing cached account and retrying",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:s}}),localStorage.removeItem(p),n&&localStorage.removeItem(w+"-"+n),U(o,void 0,void 0,i,s+1)}if(!d.ok){const e=await d.text();throw console.error("STS token generation failed:",d.status,e),t.logger.error("STS token generation failed",{vertesia:{status:d.status,error:e,account_id:n,project_id:r}}),new Error(`Failed to get token from STS: ${d.status}`)}const{token:g}=await d.json();return console.log("Successfully got token from STS"),t.logger.info("Successfully got token from STS"),g}catch(e){if(e instanceof P)throw e;throw localStorage.removeItem(p),n&&localStorage.removeItem(w+"-"+n),console.error("Failed to get composable token from STS",e),t.logger.error("Failed to get composable token from STS",{vertesia:{account_id:n,project_id:r,error:e}}),new Error("Failed to get composable token")}}async function E(e,t,o){return U(A,e,t,o)}async function F(o,n,r,i=!1,s=!1){const a=o??localStorage.getItem(p)??void 0,c=n??localStorage.getItem(w+"-"+a)??void 0;if(!i&&v&&k&&k.exp>Date.now()/1e3+300)return{rawToken:v,token:k,error:!1};if(!s&&j().currentUser?v=await E(a,c):(r||v)&&(v=await U(()=>Promise.resolve(r??v),a,c)),!v)throw t.logger.error("Cannot acquire a composable token",{vertesia:{account_id:a,project_id:c}}),new Error("Cannot acquire a composable token");if(k=e(v),!k||!k.exp||!v)throw console.error("Invalid composable token",k),t.logger.error("Invalid composable token",{vertesia:{account_id:a,project_id:c}}),new Error("Invalid composable token");return{rawToken:v,token:k,error:!1}}class P extends Error{email;constructor(e,t){super(e),this.name="UserNotFoundError",this.email=t}}function $(){const{user:e}=h(),[t,o]=a(null),[n,r]=a(!0),[i,s]=a(null);return c(()=>{(async()=>{if(!e?.email)return o(null),void r(!1);try{const t=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e.email})});if(t.ok){const e=await t.json();o(e?{tenantKey:e.name||"unknown",name:e.label||e.name||"Unknown",domain:e.domain||[],firebaseTenantId:e.firebaseTenantId,provider:e.provider,logo:e.logo}:null)}else o(null)}catch(e){console.error("Error loading current tenant:",e),s("Failed to load tenant configuration"),o(null)}finally{r(!1)}})()},[e?.email]),{currentTenant:t,isLoading:n,error:i}}const N="auth_state",L="auth_state_expiry";function C(){return{generateState:l(()=>{const e=crypto.randomUUID(),t=Date.now()+3e5;return sessionStorage.setItem(N,e),sessionStorage.setItem(L,t.toString()),e},[]),verifyState:l(e=>{if(!e)return"Missing state";const t=sessionStorage.getItem(N),o=parseInt(sessionStorage.getItem(L)||"0");let n;return n=t!==e?`State mismatched (${t} !== ${e})`:Date.now()>o?"State expired":void 0,n},[]),clearState:l(()=>{sessionStorage.removeItem(N),sessionStorage.removeItem(L)},[])}}class x{isLoading=!0;client;authError;authToken;setSession;lastSelectedAccount;lastSelectedProject;onboardingComplete;constructor(e,o){this.client=e||new f({serverUrl:t.endpoints.studio,storeUrl:t.endpoints.zeno,tokenServerUrl:t.endpoints.sts}),o&&(this.setSession=o),this.logout=this.logout.bind(this)}get store(){return this.client.store}get user(){return this.authToken}get account(){return this.authToken?.account}get project(){return this.authToken?.project}get accounts(){return this.authToken?.accounts}get authCallback(){return this.rawAuthToken.then(e=>`Bearer ${e}`)}get rawAuthToken(){return F().then(t=>{const o=t?.rawToken;if(!o)throw new Error("No token available");return this.authToken=e(o),o})}signOut(){this.logout()}getAccount(){return this.authToken?.account}async login(o){return this.authError=void 0,this.isLoading=!1,this.client.withAuthCallback(()=>this.authCallback),this.authToken=e(o),console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`),localStorage.setItem(p,this.authToken.account.id),localStorage.setItem(w+"-"+this.authToken.account.id,this.authToken.project?.id??""),t.onLogin?.(this.authToken),await this.fetchOnboardingStatus(),Promise.resolve()}isLoggedIn(){return!!this.authToken}logout(){console.log("Logging out");if(t.isDocker||[".composable.sh",".vertesia.dev","vertesia.app"].some(e=>window.location.hostname.endsWith(e))){console.log("Using central auth logout"),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0);const e=new URL("https://internal-auth.vertesia.app/"),t=new URL(window.location.href);t.hash="",e.pathname="/logout",e.searchParams.set("redirect_uri",t.toString()),location.replace(e.toString())}else{console.log("Using Firebase logout");const e=!!this.authToken;this.authToken&&j().signOut(),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0),e&&location.replace("/")}}async switchAccount(e){localStorage.setItem(p,e),this&&(this.account&&this.project?localStorage.setItem(w+"-"+this.account.id,this.project.id):this.account&&localStorage.removeItem(w+"-"+this.account.id)),window.location.replace("/?a="+e)}async switchProject(e){this.account&&localStorage.setItem(w+"-"+this.account.id,e),window.location.replace("/?a="+this.account?.id+"&p="+e)}async fetchAccounts(){return this.client.accounts.list().then(e=>{if(!this.authToken)throw new Error("No token available");this.authToken.accounts=e,this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch accounts",e),e})}async fetchOnboardingStatus(){if(this.onboardingComplete)return console.log("Onboarding already completed"),!1;const e=this.onboardingComplete;try{const t=await this.client.account.onboardingProgress();if(this.onboardingComplete=Object.values(t).every(e=>!0===e),e!==this.onboardingComplete)return!0;this.setSession?.(this.clone())}catch(e){console.error("Error fetching onboarding status:",e),this.onboardingComplete=!1,this.setSession?.(this.clone())}return!1}clone(){const e=new x(this.client);return e.isLoading=this.isLoading,e.authError=this.authError,e.authToken=this.authToken,e.setSession=this.setSession,e.lastSelectedAccount=this.lastSelectedAccount,e.switchAccount=this.switchAccount,e.onboardingComplete=this.onboardingComplete,e}}const D=u(void 0);function O(){const e=d(D);if(!e)throw new Error("useUserSession must be used within a UserSessionProvider");return e}const R=[".composable.sh",".vertesia.dev","vertesia.app"];function q(){return!!t.isDocker||R.some(e=>window.location.hostname.endsWith(e))}function z({children:e}){const o=new URLSearchParams(location.hash.substring(1)),n=o.get("token"),r=o.get("state"),[i,l]=a(new x),{generateState:u,verifyState:d,clearState:h}=C(),f=g(!1),v=(e,o)=>{const n=new URL(`https://internal-auth.vertesia.app/?sts=${t.endpoints.sts??"https://sts.vertesia.io"}`),r=new URL(window.location.href);r.hash="",n.searchParams.set("redirect_uri",r.toString()),n.searchParams.set("state",u()),location.replace(n.toString())};return c(()=>{if(f.current)return void console.log("Auth: skipping duplicate auth flow initiation");f.current=!0,console.log("Auth: starting auth flow"),t.logger.info("Starting auth flow");const e=new URL(window.location.href),o=e.searchParams.get("a")??localStorage.getItem(p)??void 0,a=e.searchParams.get("p")??localStorage.getItem(w+"-"+o)??void 0;if(console.log("Auth: selected account",o),console.log("Auth: selected project",a),t.logger.info("Selected account and project",{vertesia:{account_id:o,project_id:a}}),n&&r){const e=d(r);return e?(console.error(`Auth: invalid state: ${e}`),t.logger.error(`Invalid state: ${e}`,{vertesia:{state:r}}),v()):h(),void F(o,a,n,!1,q()).then(e=>{i.login(e.rawToken).then(()=>{l(i.clone()),window.location.hash=""})}).catch(e=>{if(e instanceof P)return console.log("User not found - will trigger signup flow",e),i.isLoading=!1,i.authError=e,void l(i.clone());console.error("Failed to fetch user token from studio, redirecting to central auth",e),t.logger.error("Failed to fetch user token from studio, redirecting to central auth",{vertesia:{error:e}}),v()})}if(!i.isLoggedIn()){if(console.log("Auth: not logged in & no token/state"),t.logger.info("Not logged in & no token/state",{vertesia:{account_id:o,project_id:a}}),q())return console.log("Auth: on dev domain, redirecting to central auth with selection",o,a),t.logger.info("Redirecting to central auth with selection",{vertesia:{account_id:o,project_id:a}}),void v();console.log("Auth: not on dev domain"),t.logger.info("Not on dev domain",{vertesia:{account_id:o,project_id:a}})}return s(j(),async e=>{e?(console.log("Auth: successful login with firebase"),t.logger.info("Successful login with firebase",{vertesia:{account_id:o,project_id:a}}),i.setSession=l,await F(o,a,void 0,!1,q()).then(e=>{i.login(e.rawToken).then(()=>l(i.clone()))}).catch(e=>{console.error("Failed to fetch user token from studio",e),t.logger.error("Failed to fetch user token from studio",{vertesia:{account_id:o,project_id:a,error:e}}),e instanceof P||i.logout(),i.isLoading=!1,i.authError=e,l(i.clone())})):(console.log("Auth: using anonymous user"),t.logger.info("Using anonymous user",{vertesia:{account_id:o,project_id:a}}),i.client.withAuthCallback(void 0),i.logout(),l(i.clone()))})},[]),m(D.Provider,{value:i,children:e})}function B(){return{tagUserSession:async e=>{const t=window.localStorage.getItem("composableSignupData");e?t&&window.localStorage.removeItem("composableSignupData"):console.error("No user found -- skipping tagging")},trackEvent:(e,o)=>{t.isProd||console.debug("track event",e,o),n(_(),e,{...o,debug_mode:!t.isProd})}}}export{p as LastSelectedAccountId_KEY,w as LastSelectedProjectId_KEY,P as UserNotFoundError,x as UserSession,D as UserSessionContext,z as UserSessionProvider,U as fetchComposableToken,E as fetchComposableTokenFromFirebaseToken,F as getComposableToken,_ as getFirebaseAnalytics,y as getFirebaseApp,j as getFirebaseAuth,A as getFirebaseAuthToken,I as setFirebaseTenant,q as shouldRedirectToCentralAuth,C as useAuthState,$ as useCurrentTenant,B as useUXTracking,O as useUserSession};
2
2
  //# sourceMappingURL=vertesia-ui-session.js.map
package/lib/vertesia-ui-session.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"vertesia-ui-session.js","sources":["esm/session/constants.js","esm/session/auth/firebase.js","esm/session/auth/composable.js","esm/session/auth/useCurrentTenant.js","esm/session/auth/useAuthState.js","esm/session/UserSession.js","esm/session/UserSessionProvider.js","esm/session/useUXTracking.js"],"sourcesContent":["export const LastSelectedAccountId_KEY = 'composableai.lastSelectedAccountId';\nexport const LastSelectedProjectId_KEY = 'composableai.lastSelectedProjectId';\n//# sourceMappingURL=constants.js.map","import { Env } from \"@vertesia/ui/env\";\nimport { getAnalytics } from \"firebase/analytics\";\nimport { initializeApp } from \"firebase/app\";\nimport { getAuth } from \"firebase/auth\";\n// Use lazy initialization to avoid accessing Env before it's initialized\nlet _firebaseApp = null;\nlet _analytics = null;\nlet _firebaseAuth = null;\n// Getters that lazily initialize Firebase components when first accessed\nexport function getFirebaseApp() {\n if (!_firebaseApp) {\n try {\n if (!Env.firebase) {\n throw new Error(\"Firebase configuration is not available in the environment\");\n }\n _firebaseApp = initializeApp(Env.firebase);\n }\n catch (error) {\n console.error(\"Failed to initialize Firebase app:\", error);\n throw new Error(\"Firebase initialization failed - environment may not be properly initialized\");\n }\n }\n return _firebaseApp;\n}\nexport function getFirebaseAnalytics() {\n if (!_analytics) {\n _analytics = getAnalytics(getFirebaseApp());\n }\n return _analytics;\n}\nexport function getFirebaseAuth() {\n if (!_firebaseAuth) {\n _firebaseAuth = getAuth(getFirebaseApp());\n }\n return _firebaseAuth;\n}\nexport async function setFirebaseTenant(tenantEmail) {\n if (!tenantEmail) {\n console.log(\"No tenant name or email specified, skipping tenant setup\");\n return;\n }\n if (!Env.firebase) {\n console.log(\"Firebase configuration is not available in the environment\");\n return;\n }\n try {\n if (tenantEmail)\n console.log(`Resolving tenant ID from email: ${tenantEmail}`);\n // Add retry logic with exponential backoff\n let retries = 3;\n let retryDelay = 250; // Start with 250ms delay\n while (retries > 0) {\n try {\n // Call the API endpoint to resolve the tenant ID\n const response = await fetch(\"/api/resolve-tenant\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n tenantEmail: tenantEmail,\n }),\n // Add timeout to prevent hanging requests\n signal: AbortSignal.timeout(5000),\n });\n // Check for network errors\n if (!response) {\n throw new Error(\"No response received from tenant API\");\n }\n // Handle HTTP error responses\n if (!response.ok) {\n // Try to parse the error response\n try {\n const errorData = await response.json();\n console.error(\"Failed to resolve tenant ID:\", errorData.error);\n }\n catch (parseError) {\n console.error(`Failed to resolve tenant ID: HTTP ${response.status}`);\n }\n // If the error is 404 Not Found, no need to retry\n if (response.status === 404) {\n console.warn(`Tenant not found for ${tenantEmail}`);\n return;\n }\n throw new Error(`HTTP error ${response.status}`);\n }\n // Successfully got a response, parse it\n const data = (await response.json());\n if (data && data.firebaseTenantId) {\n const auth = getFirebaseAuth();\n auth.tenantId = data.firebaseTenantId;\n Env.firebase.providerType = data.provider ?? \"oidc\";\n console.log(`Tenant ID set to ${auth.tenantId}`);\n return data;\n }\n else {\n console.error(`Invalid response format, missing tenantId for ${tenantEmail}`);\n return; // No need to retry for invalid response format\n }\n }\n catch (fetchError) {\n // Only retry for network-related errors\n if (retries > 1) {\n console.warn(`Tenant resolution failed, retrying in ${retryDelay}ms...`, fetchError);\n await new Promise((resolve) => setTimeout(resolve, retryDelay));\n retryDelay *= 2; // Exponential backoff\n retries--;\n }\n else {\n throw fetchError; // Last retry failed, propagate error\n }\n }\n }\n }\n catch (error) {\n // Final error handler\n console.error(\"Error setting Firebase tenant:\", error instanceof Error ? error.message : \"Unknown error\");\n // Continue without tenant ID - authentication will work without multi-tenancy\n // but the user will access the default tenant\n }\n}\nexport async function getFirebaseAuthToken(refresh) {\n const auth = getFirebaseAuth();\n const user = auth.currentUser;\n if (user) {\n return user\n .getIdToken(refresh)\n .then((token) => {\n Env.logger.info(\"Got Firebase token\", {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n },\n });\n return token;\n })\n .catch((err) => {\n Env.logger.error(\"Failed to get Firebase token\", {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n error: err,\n },\n });\n console.error(\"Failed to get access token\", err);\n return null;\n });\n }\n else {\n Env.logger.warn(\"No user found\");\n return Promise.resolve(null);\n }\n}\n//# sourceMappingURL=firebase.js.map","import { jwtDecode } from \"jwt-decode\";\nimport { Env } from '@vertesia/ui/env';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from '../constants';\nimport { getFirebaseAuth, getFirebaseAuthToken } from './firebase';\nlet AUTH_TOKEN_RAW;\nlet AUTH_TOKEN;\nexport async function fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount = 0) {\n console.log(`Getting/refreshing composable token for account ${accountId} and project ${projectId} `);\n Env.logger.info('Getting/refreshing composable token', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n retry_count: retryCount,\n },\n });\n const idToken = await getIdToken(); //get from firebase\n if (!idToken) {\n console.log('No id token found - using cookie auth');\n throw new Error('No id token found');\n }\n // Use STS endpoint - either configured or default to sts.vertesia.io\n const stsEndpoint = Env.endpoints.sts;\n console.log('Using STS for token generation:', stsEndpoint);\n Env.logger.info('Using STS for token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n sts_url: stsEndpoint,\n },\n });\n try {\n // Call STS to generate a user token\n const stsUrl = new URL(stsEndpoint + '/token/issue');\n const requestBody = {\n type: 'user',\n account_id: accountId,\n project_id: projectId,\n expires_at: ttl ? Math.floor(Date.now() / 1000) + ttl : undefined,\n };\n const stsRes = await fetch(stsUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${idToken}` // Firebase token for authentication\n },\n body: JSON.stringify(requestBody)\n });\n if (idToken && stsRes?.status === 404) {\n // User not found in token-server - call ensure-user endpoint\n console.log('404: User not found - calling ensure-user endpoint');\n Env.logger.info('404: User not found - calling ensure-user endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status\n },\n });\n const ensureResponse = await fetch(Env.endpoints.studio + '/auth/ensure-user', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${idToken}`,\n 'Content-Type': 'application/json'\n }\n });\n if (ensureResponse.status === 412) {\n // No invite - trigger signup\n console.log('412: No invite found - signup required');\n Env.logger.info('412: No invite found - signup required', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n }\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n throw new UserNotFoundError('User not found - signup required', idTokenDecoded.email);\n }\n if (!ensureResponse.ok) {\n console.error('Failed to ensure user exists', ensureResponse.status);\n Env.logger.error('Failed to ensure user exists', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: ensureResponse.status,\n },\n });\n throw new Error('Failed to ensure user exists');\n }\n // User created/exists - retry token generation\n console.log('User ensured - retrying token generation');\n Env.logger.info('User ensured - retrying token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n }\n });\n return fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount);\n }\n if (idToken && stsRes?.status === 412) {\n console.log(\"412: auth succeeded but user doesn't exist - signup required\", stsRes?.status);\n Env.logger.error(\"412: auth succeeded but user doesn't exist - signup required\", {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n Env.logger.error('User not found', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n email: idTokenDecoded.email\n }\n });\n throw new UserNotFoundError('User not found', idTokenDecoded.email);\n }\n if (stsRes.status === 403) {\n // User doesn't have access to the requested account/project, or has no accounts\n // This can happen with:\n // 1. Stale localStorage from previous user\n // 2. User invited to a new account (doesn't have access yet)\n // 3. User exists but has no accounts at all\n if (retryCount > 0) {\n // Already retried without account scope - this is a real authorization failure\n console.error('403: Access denied even without account scope - user may have no accounts');\n Env.logger.error('403: Access denied after retry - authorization failure', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount\n },\n });\n throw new Error('Access denied - user may not have access to any accounts');\n }\n console.log('403: Access denied - clearing cached account and retrying without account scope');\n Env.logger.warn('403: Access denied - clearing cached account and retrying', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount\n },\n });\n // Clear any stale account/project from localStorage\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + accountId);\n }\n // Retry without account/project scope - let user log in to their default account\n return fetchComposableToken(getIdToken, undefined, undefined, ttl, retryCount + 1);\n }\n if (!stsRes.ok) {\n const errorText = await stsRes.text();\n console.error('STS token generation failed:', stsRes.status, errorText);\n Env.logger.error('STS token generation failed', {\n vertesia: {\n status: stsRes.status,\n error: errorText,\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error(`Failed to get token from STS: ${stsRes.status}`);\n }\n const { token } = await stsRes.json();\n console.log('Successfully got token from STS');\n Env.logger.info('Successfully got token from STS');\n return token;\n }\n catch (error) {\n if (error instanceof UserNotFoundError) {\n throw error; // Re-throw UserNotFoundError\n }\n // Clear any stale account/project from localStorage on error\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + accountId);\n }\n console.error('Failed to get composable token from STS', error);\n Env.logger.error('Failed to get composable token from STS', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new Error('Failed to get composable token');\n }\n}\n/**\n *\n * @param accountId\n * @param projectId\n * @param ttl time to live for the token in seconds\n * @returns\n */\nexport async function fetchComposableTokenFromFirebaseToken(accountId, projectId, ttl) {\n return fetchComposableToken(getFirebaseAuthToken, accountId, projectId, ttl);\n}\nexport async function getComposableToken(accountId, projectId, initToken, forceRefresh = false, useInternalAuth = false) {\n const selectedAccount = accountId ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = projectId ?? localStorage.getItem(LastSelectedProjectId_KEY + '-' + selectedAccount) ?? undefined;\n //token is still valid for more than 5 minutes\n if (!forceRefresh && AUTH_TOKEN_RAW && AUTH_TOKEN && AUTH_TOKEN.exp > (Date.now() / 1000 + 300)) {\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n //token is close to expire, refresh it\n if (!useInternalAuth && getFirebaseAuth().currentUser) {\n //we have a firebase user, get the token from there\n AUTH_TOKEN_RAW = await fetchComposableTokenFromFirebaseToken(selectedAccount, selectedProject);\n }\n else if (initToken || AUTH_TOKEN_RAW) {\n // we have a token already and no firebase user, refresh it\n AUTH_TOKEN_RAW = await fetchComposableToken(() => Promise.resolve(initToken ?? AUTH_TOKEN_RAW), selectedAccount, selectedProject);\n }\n if (!AUTH_TOKEN_RAW) {\n Env.logger.error('Cannot acquire a composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Cannot acquire a composable token');\n }\n AUTH_TOKEN = jwtDecode(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN || !AUTH_TOKEN.exp || !AUTH_TOKEN_RAW) {\n console.error('Invalid composable token', AUTH_TOKEN);\n Env.logger.error('Invalid composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n}\nexport class UserNotFoundError extends Error {\n email;\n constructor(message, email) {\n super(message);\n this.name = 'UserNotFoundError';\n this.email = email;\n }\n}\n//# sourceMappingURL=composable.js.map","import { useState, useEffect } from 'react';\nimport { useUserSession } from \"@vertesia/ui/session\";\nexport function useCurrentTenant() {\n const { user } = useUserSession();\n const [currentTenant, setCurrentTenant] = useState(null);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState(null);\n useEffect(() => {\n const loadCurrentTenant = async () => {\n if (!user?.email) {\n setCurrentTenant(null);\n setIsLoading(false);\n return;\n }\n try {\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: user.email\n })\n });\n if (response.ok) {\n const tenantData = await response.json();\n if (tenantData) {\n // Convert the resolved tenant data to our TenantConfig format\n setCurrentTenant({\n tenantKey: tenantData.name || 'unknown',\n name: tenantData.label || tenantData.name || 'Unknown',\n domain: tenantData.domain || [],\n firebaseTenantId: tenantData.firebaseTenantId,\n provider: tenantData.provider,\n logo: tenantData.logo\n });\n }\n else {\n setCurrentTenant(null);\n }\n }\n else {\n setCurrentTenant(null);\n }\n }\n catch (error) {\n console.error('Error loading current tenant:', error);\n setError('Failed to load tenant configuration');\n setCurrentTenant(null);\n }\n finally {\n setIsLoading(false);\n }\n };\n loadCurrentTenant();\n }, [user?.email]);\n return {\n currentTenant,\n isLoading,\n error\n };\n}\n//# sourceMappingURL=useCurrentTenant.js.map","/**\n * This hook is used to generate and verify state for OAuth2 authorization requests.\n * @returns\n */\nimport { useCallback } from \"react\";\nconst AUTH_STATE_KEY = 'auth_state';\nconst STATE_EXPIRY_KEY = 'auth_state_expiry';\nconst STATE_TTL = 5 * 60 * 1000; // 5 min\nexport function useAuthState() {\n // Generate new state\n const generateState = useCallback(() => {\n const state = crypto.randomUUID();\n const expiryTime = Date.now() + STATE_TTL;\n // Store state and expiry\n sessionStorage.setItem(AUTH_STATE_KEY, state);\n sessionStorage.setItem(STATE_EXPIRY_KEY, expiryTime.toString());\n return state;\n }, []);\n // Verify returned state\n const verifyState = useCallback((returnedState) => {\n if (!returnedState) {\n return 'Missing state';\n }\n const savedState = sessionStorage.getItem(AUTH_STATE_KEY);\n const expiryTime = parseInt(sessionStorage.getItem(STATE_EXPIRY_KEY) || '0');\n let reason;\n // Verify state matches and hasn't expired\n if (savedState !== returnedState) {\n reason = `State mismatched (${savedState} !== ${returnedState})`;\n }\n else if (Date.now() > expiryTime) {\n reason = 'State expired';\n }\n else {\n reason = undefined; // No errors\n }\n return reason;\n }, []);\n // Clear state (useful for cleanup)\n const clearState = useCallback(() => {\n sessionStorage.removeItem(AUTH_STATE_KEY);\n sessionStorage.removeItem(STATE_EXPIRY_KEY);\n }, []);\n return { generateState, verifyState, clearState };\n}\n//# sourceMappingURL=useAuthState.js.map","import { jwtDecode } from 'jwt-decode';\nimport { createContext, useContext } from 'react';\nimport { VertesiaClient } from '@vertesia/client';\nimport { Env } from '@vertesia/ui/env';\nimport { getComposableToken } from './auth/composable';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from './constants';\nexport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY };\nconst CENTRAL_AUTH_REDIRECT = \"https://internal-auth.vertesia.app/\";\nclass UserSession {\n isLoading = true;\n client;\n authError;\n authToken;\n setSession;\n lastSelectedAccount;\n lastSelectedProject;\n onboardingComplete;\n constructor(client, setSession) {\n if (client) {\n this.client = client;\n }\n else {\n this.client = new VertesiaClient({\n serverUrl: Env.endpoints.studio,\n storeUrl: Env.endpoints.zeno,\n tokenServerUrl: Env.endpoints.sts\n });\n }\n if (setSession) {\n this.setSession = setSession;\n }\n this.logout = this.logout.bind(this);\n }\n get store() {\n return this.client.store;\n }\n get user() {\n return this.authToken;\n }\n get account() {\n return this.authToken?.account;\n }\n get project() {\n return this.authToken?.project;\n }\n get accounts() {\n return this.authToken?.accounts;\n }\n get authCallback() {\n return this.rawAuthToken.then(token => `Bearer ${token}`);\n }\n get rawAuthToken() {\n return getComposableToken().then(res => {\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n return token;\n });\n }\n signOut() {\n this.logout();\n }\n getAccount() {\n return this.authToken?.account;\n }\n async login(token) {\n this.authError = undefined;\n this.isLoading = false;\n this.client.withAuthCallback(() => this.authCallback);\n this.authToken = jwtDecode(token);\n console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`);\n //store selected account in local storage\n localStorage.setItem(LastSelectedAccountId_KEY, this.authToken.account.id);\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.authToken.account.id, this.authToken.project?.id ?? '');\n // notify the host app of the login\n Env.onLogin?.(this.authToken);\n await this.fetchOnboardingStatus();\n return Promise.resolve();\n }\n isLoggedIn() {\n return !!this.authToken;\n }\n logout() {\n console.log('Logging out');\n // Check if we should use central auth for logout\n const devDomains = [\".composable.sh\", \".vertesia.dev\", \"vertesia.app\"];\n const shouldUseCentralAuth = Env.isDocker || devDomains.some((domain) => window.location.hostname.endsWith(domain));\n if (shouldUseCentralAuth) {\n // Redirect to central auth for logout\n // Central auth will handle Firebase logout\n console.log('Using central auth logout');\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n const logoutUrl = new URL(CENTRAL_AUTH_REDIRECT);\n const currentUrl = new URL(window.location.href);\n currentUrl.hash = \"\";\n logoutUrl.pathname = \"/logout\";\n logoutUrl.searchParams.set(\"redirect_uri\", currentUrl.toString());\n location.replace(logoutUrl.toString());\n }\n else {\n // Use Firebase logout directly\n console.log('Using Firebase logout');\n if (this.authToken) {\n getFirebaseAuth().signOut();\n }\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n }\n }\n async switchAccount(targetAccountId) {\n localStorage.setItem(LastSelectedAccountId_KEY, targetAccountId);\n if (this) {\n if (this.account && this.project) {\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.account.id, this.project.id);\n }\n else if (this.account) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + this.account.id);\n }\n }\n window.location.replace('/?a=' + targetAccountId);\n }\n async switchProject(targetProjectId) {\n if (this.account) {\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.account.id, targetProjectId);\n }\n window.location.replace('/?a=' + this.account?.id + '&p=' + targetProjectId);\n }\n async fetchAccounts() {\n return this.client.accounts.list().then(accounts => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken.accounts = accounts;\n this.setSession?.(this.clone());\n }).catch(err => {\n console.error('Failed to fetch accounts', err);\n throw err;\n });\n }\n async fetchOnboardingStatus() {\n if (this.onboardingComplete) {\n console.log('Onboarding already completed');\n return false;\n }\n const previousStatus = this.onboardingComplete;\n try {\n const onboarding = await this.client.account.onboardingProgress();\n this.onboardingComplete = Object.values(onboarding).every(value => value === true);\n if (previousStatus !== this.onboardingComplete) {\n return true;\n }\n this.setSession?.(this.clone());\n }\n catch (error) {\n console.error('Error fetching onboarding status:', error);\n this.onboardingComplete = false;\n this.setSession?.(this.clone());\n }\n return false;\n }\n clone() {\n const session = new UserSession(this.client);\n session.isLoading = this.isLoading;\n session.authError = this.authError;\n session.authToken = this.authToken;\n session.setSession = this.setSession;\n session.lastSelectedAccount = this.lastSelectedAccount;\n session.switchAccount = this.switchAccount;\n session.onboardingComplete = this.onboardingComplete;\n return session;\n }\n}\nconst UserSessionContext = createContext(undefined);\nexport function useUserSession() {\n const session = useContext(UserSessionContext);\n if (!session) {\n throw new Error('useUserSession must be used within a UserSessionProvider');\n }\n return session;\n}\nexport { UserSession, UserSessionContext };\n//# sourceMappingURL=UserSession.js.map","import { jsx as _jsx } from \"react/jsx-runtime\";\nimport { Env } from \"@vertesia/ui/env\";\nimport { onAuthStateChanged } from \"firebase/auth\";\nimport { useEffect, useRef, useState } from \"react\";\nimport { UserNotFoundError, getComposableToken } from \"./auth/composable\";\nimport { getFirebaseAuth } from \"./auth/firebase\";\nimport { useAuthState } from \"./auth/useAuthState\";\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY, UserSession, UserSessionContext } from \"./UserSession\";\nconst devDomains = [\".composable.sh\", \".vertesia.dev\", \"vertesia.app\"];\nconst CENTRAL_AUTH_REDIRECT = \"https://internal-auth.vertesia.app/\";\nexport function shouldRedirectToCentralAuth() {\n // Authentication is not supported in Docker environment.\n // See https://github.com/vertesia/studio/wiki/Composable-UI-Hosting-Options\n if (Env.isDocker) {\n return true;\n }\n return devDomains.some((domain) => window.location.hostname.endsWith(domain));\n}\nexport function UserSessionProvider({ children }) {\n const hashParams = new URLSearchParams(location.hash.substring(1));\n const token = hashParams.get(\"token\");\n const state = hashParams.get(\"state\");\n const [session, setSession] = useState(new UserSession());\n const { generateState, verifyState, clearState } = useAuthState();\n const hasInitiatedAuthRef = useRef(false);\n const redirectToCentralAuth = (projectId, accountId) => {\n const url = new URL(`${CENTRAL_AUTH_REDIRECT}?sts=${Env.endpoints.sts ?? \"https://sts.vertesia.io\"}`);\n const currentUrl = new URL(window.location.href);\n currentUrl.hash = \"\";\n if (projectId)\n currentUrl.searchParams.set(\"p\", projectId);\n if (accountId)\n currentUrl.searchParams.set(\"a\", accountId);\n url.searchParams.set(\"redirect_uri\", currentUrl.toString());\n url.searchParams.set(\"state\", generateState());\n location.replace(url.toString());\n };\n useEffect(() => {\n // Make this effect idempotent - only run auth flow once\n if (hasInitiatedAuthRef.current) {\n console.log(\"Auth: skipping duplicate auth flow initiation\");\n return;\n }\n hasInitiatedAuthRef.current = true;\n console.log(\"Auth: starting auth flow\");\n Env.logger.info(\"Starting auth flow\");\n const currentUrl = new URL(window.location.href);\n const selectedAccount = currentUrl.searchParams.get(\"a\") ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = currentUrl.searchParams.get(\"p\") ??\n localStorage.getItem(LastSelectedProjectId_KEY + \"-\" + selectedAccount) ??\n undefined;\n console.log(\"Auth: selected account\", selectedAccount);\n console.log(\"Auth: selected project\", selectedProject);\n Env.logger.info(\"Selected account and project\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (token && state) {\n const validationError = verifyState(state);\n if (validationError) {\n console.error(`Auth: invalid state: ${validationError}`);\n Env.logger.error(`Invalid state: ${validationError}`, {\n vertesia: {\n state: state,\n },\n });\n redirectToCentralAuth();\n }\n else {\n clearState();\n }\n getComposableToken(selectedAccount, selectedProject, token, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken).then(() => {\n setSession(session.clone());\n //cleanup the hash\n window.location.hash = \"\";\n });\n })\n .catch((err) => {\n // Don't redirect to central auth for UserNotFoundError - let signup flow handle it\n if (err instanceof UserNotFoundError) {\n console.log(\"User not found - will trigger signup flow\", err);\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n return;\n }\n console.error(\"Failed to fetch user token from studio, redirecting to central auth\", err);\n Env.logger.error(\"Failed to fetch user token from studio, redirecting to central auth\", {\n vertesia: {\n error: err,\n },\n });\n redirectToCentralAuth();\n });\n return;\n }\n else {\n //if on a dev domain and not logged in, redirect to central auth\n if (!session.isLoggedIn()) {\n console.log(\"Auth: not logged in & no token/state\");\n Env.logger.info(\"Not logged in & no token/state\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (shouldRedirectToCentralAuth()) {\n console.log(\"Auth: on dev domain, redirecting to central auth with selection\", selectedAccount, selectedProject);\n Env.logger.info(\"Redirecting to central auth with selection\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n redirectToCentralAuth();\n return; // Don't register onAuthStateChanged listener when redirecting\n }\n else {\n console.log(\"Auth: not on dev domain\");\n Env.logger.info(\"Not on dev domain\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n }\n }\n }\n return onAuthStateChanged(getFirebaseAuth(), async (firebaseUser) => {\n if (firebaseUser) {\n console.log(\"Auth: successful login with firebase\");\n Env.logger.info(\"Successful login with firebase\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.setSession = setSession;\n await getComposableToken(selectedAccount, selectedProject, undefined, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken).then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error(\"Failed to fetch user token from studio\", err);\n Env.logger.error(\"Failed to fetch user token from studio\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n if (!(err instanceof UserNotFoundError))\n session.logout();\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n });\n }\n else {\n // anonymous user\n console.log(\"Auth: using anonymous user\");\n Env.logger.info(\"Using anonymous user\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.client.withAuthCallback(undefined);\n session.logout();\n setSession(session.clone());\n }\n });\n }, []);\n return _jsx(UserSessionContext.Provider, { value: session, children: children });\n}\n//# sourceMappingURL=UserSessionProvider.js.map","import { Env } from '@vertesia/ui/env';\nimport { logEvent } from \"firebase/analytics\";\nimport { getFirebaseAnalytics } from \"./auth/firebase\";\nexport function useUXTracking() {\n //identify user in monitoring and UX systems\n const tagUserSession = async (user) => {\n const signupData = window.localStorage.getItem(\"composableSignupData\");\n if (!user) {\n console.error('No user found -- skipping tagging');\n return;\n }\n if (signupData) {\n window.localStorage.removeItem(\"composableSignupData\");\n }\n };\n //send event to analytics and UX systems\n const trackEvent = (eventName, eventProperties) => {\n if (!Env.isProd) {\n console.debug('track event', eventName, eventProperties);\n }\n //GA via firebase\n logEvent(getFirebaseAnalytics(), eventName, { ...eventProperties, debug_mode: !Env.isProd });\n };\n return {\n tagUserSession,\n trackEvent\n };\n}\n//# sourceMappingURL=useUXTracking.js.map"],"names":["LastSelectedAccountId_KEY","LastSelectedProjectId_KEY","AUTH_TOKEN_RAW","AUTH_TOKEN","_firebaseApp","_analytics","_firebaseAuth","getFirebaseApp","Env","firebase","Error","initializeApp","error","console","getFirebaseAnalytics","getAnalytics","getFirebaseAuth","getAuth","async","setFirebaseTenant","tenantEmail","log","retries","retryDelay","response","fetch","method","headers","body","JSON","stringify","signal","AbortSignal","timeout","ok","errorData","json","parseError","status","warn","data","firebaseTenantId","auth","tenantId","providerType","provider","fetchError","Promise","resolve","setTimeout","message","getFirebaseAuthToken","refresh","user","currentUser","getIdToken","then","token","logger","info","vertesia","user_email","email","user_name","displayName","user_id","uid","catch","err","fetchComposableToken","accountId","projectId","ttl","retryCount","account_id","project_id","retry_count","idToken","stsEndpoint","endpoints","sts","sts_url","stsUrl","URL","requestBody","type","expires_at","Math","floor","Date","now","undefined","stsRes","Authorization","ensureResponse","studio","idTokenDecoded","jwtDecode","UserNotFoundError","localStorage","removeItem","errorText","text","fetchComposableTokenFromFirebaseToken","getComposableToken","initToken","forceRefresh","useInternalAuth","selectedAccount","getItem","selectedProject","exp","rawToken","constructor","super","this","name","useCurrentTenant","useUserSession","currentTenant","setCurrentTenant","useState","isLoading","setIsLoading","setError","useEffect","tenantData","tenantKey","label","domain","logo","loadCurrentTenant","AUTH_STATE_KEY","STATE_EXPIRY_KEY","useAuthState","generateState","useCallback","state","crypto","randomUUID","expiryTime","sessionStorage","setItem","toString","verifyState","returnedState","savedState","parseInt","reason","clearState","UserSession","client","authError","authToken","setSession","lastSelectedAccount","lastSelectedProject","onboardingComplete","VertesiaClient","serverUrl","storeUrl","zeno","tokenServerUrl","logout","bind","store","account","project","accounts","authCallback","rawAuthToken","res","signOut","getAccount","login","withAuthCallback","id","onLogin","fetchOnboardingStatus","isLoggedIn","isDocker","some","window","location","hostname","endsWith","logoutUrl","currentUrl","href","hash","pathname","searchParams","set","replace","switchAccount","targetAccountId","switchProject","targetProjectId","fetchAccounts","list","clone","previousStatus","onboarding","onboardingProgress","Object","values","every","value","session","UserSessionContext","createContext","useContext","devDomains","shouldRedirectToCentralAuth","UserSessionProvider","children","hashParams","URLSearchParams","substring","get","hasInitiatedAuthRef","useRef","redirectToCentralAuth","url","current","validationError","onAuthStateChanged","firebaseUser","_jsx","Provider","useUXTracking","tagUserSession","signupData","trackEvent","eventName","eventProperties","isProd","debug","logEvent","debug_mode"],"mappings":"2fAAY,MAACA,EAA4B,qCAC5BC,EAA4B,qCCIzC,ICDIC,EACAC,EDAAC,EAAe,KACfC,EAAa,KACbC,EAAgB,KAEb,SAASC,IACZ,IAAKH,EACD,IACI,IAAKI,EAAIC,SACL,MAAM,IAAIC,MAAM,8DAEpBN,EAAeO,EAAcH,EAAIC,SACrC,CACA,MAAOG,GAEH,MADAC,QAAQD,MAAM,qCAAsCA,GAC9C,IAAIF,MAAM,+EACpB,CAEJ,OAAON,CACX,CACO,SAASU,IAIZ,OAHKT,IACDA,EAAaU,EAAaR,MAEvBF,CACX,CACO,SAASW,IAIZ,OAHKV,IACDA,EAAgBW,EAAQV,MAErBD,CACX,CACOY,eAAeC,EAAkBC,GACpC,GAAKA,EAIL,GAAKZ,EAAIC,SAIT,IACQW,GACAP,QAAQQ,IAAI,mCAAmCD,KAEnD,IAAIE,EAAU,EACVC,EAAa,IACjB,KAAOD,EAAU,GACb,IAEI,MAAME,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaA,IAGjBW,OAAQC,YAAYC,QAAQ,OAGhC,IAAKT,EACD,MAAM,IAAId,MAAM,wCAGpB,IAAKc,EAASU,GAAI,CAEd,IACI,MAAMC,QAAkBX,EAASY,OACjCvB,QAAQD,MAAM,+BAAgCuB,EAAUvB,MAC5D,CACA,MAAOyB,GACHxB,QAAQD,MAAM,qCAAqCY,EAASc,SAChE,CAEA,GAAwB,MAApBd,EAASc,OAET,YADAzB,QAAQ0B,KAAK,wBAAwBnB,KAGzC,MAAM,IAAIV,MAAM,cAAcc,EAASc,SAC3C,CAEA,MAAME,QAAchB,EAASY,OAC7B,GAAII,GAAQA,EAAKC,iBAAkB,CAC/B,MAAMC,EAAO1B,IAIb,OAHA0B,EAAKC,SAAWH,EAAKC,iBACrBjC,EAAIC,SAASmC,aAAeJ,EAAKK,UAAY,OAC7ChC,QAAQQ,IAAI,oBAAoBqB,EAAKC,YAC9BH,CACX,CAGI,YADA3B,QAAQD,MAAM,iDAAiDQ,IAGvE,CACA,MAAO0B,GAEH,KAAIxB,EAAU,GAOV,MAAMwB,EANNjC,QAAQ0B,KAAK,yCAAyChB,SAAmBuB,SACnE,IAAIC,QAASC,GAAYC,WAAWD,EAASzB,IACnDA,GAAc,EACdD,GAKR,CAER,CACA,MAAOV,GAEHC,QAAQD,MAAM,iCAAkCA,aAAiBF,MAAQE,EAAMsC,QAAU,gBAG7F,MA7EIrC,QAAQQ,IAAI,mEAJZR,QAAQQ,IAAI,2DAkFpB,CACOH,eAAeiC,EAAqBC,GACvC,MACMC,EADOrC,IACKsC,YAClB,OAAID,EACOA,EACFE,WAAWH,GACXI,KAAMC,IACPjD,EAAIkD,OAAOC,KAAK,qBAAsB,CAClCC,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,KAGVK,IAENU,MAAOC,IACR5D,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,EACTxC,MAAOwD,KAGfvD,QAAQD,MAAM,6BAA8BwD,GACrC,QAIX5D,EAAIkD,OAAOnB,KAAK,iBACTQ,QAAQC,QAAQ,MAE/B,CCtJO9B,eAAemD,EAAqBd,EAAYe,EAAWC,EAAWC,EAAKC,EAAa,GAC3F5D,QAAQQ,IAAI,mDAAmDiD,iBAAyBC,MACxF/D,EAAIkD,OAAOC,KAAK,sCAAuC,CACnDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZK,YAAaH,KAGrB,MAAMI,QAAgBtB,IACtB,IAAKsB,EAED,MADAhE,QAAQQ,IAAI,yCACN,IAAIX,MAAM,qBAGpB,MAAMoE,EAActE,EAAIuE,UAAUC,IAClCnE,QAAQQ,IAAI,kCAAmCyD,GAC/CtE,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZU,QAASH,KAGjB,IAEI,MAAMI,EAAS,IAAIC,IAAIL,EAAc,gBAC/BM,EAAc,CAChBC,KAAM,OACNX,WAAYJ,EACZK,WAAYJ,EACZe,WAAYd,EAAMe,KAAKC,MAAMC,KAAKC,MAAQ,KAAQlB,OAAMmB,GAEtDC,QAAenE,MAAMyD,EAAQ,CAC/BxD,OAAQ,OACRC,QAAS,CACL,eAAgB,mBAChBkE,cAAiB,UAAUhB,KAE/BjD,KAAMC,KAAKC,UAAUsD,KAEzB,GAAIP,GAA8B,MAAnBe,GAAQtD,OAAgB,CAEnCzB,QAAQQ,IAAI,sDACZb,EAAIkD,OAAOC,KAAK,qDAAsD,CAClEC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,GAAQtD,UAGxB,MAAMwD,QAAuBrE,MAAMjB,EAAIuE,UAAUgB,OAAS,oBAAqB,CAC3ErE,OAAQ,OACRC,QAAS,CACLkE,cAAiB,UAAUhB,IAC3B,eAAgB,sBAGxB,GAA8B,MAA1BiB,EAAexD,OAAgB,CAE/BzB,QAAQQ,IAAI,0CACZb,EAAIkD,OAAOC,KAAK,yCAA0C,CACtDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,KAGpB,MAAMyB,EAAiBC,EAAUpB,GACjC,IAAKmB,GAAgBlC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BAEpB,MAAM,IAAIwF,EAAkB,mCAAoCF,EAAelC,MACnF,CACA,IAAKgC,EAAe5D,GAShB,MARArB,QAAQD,MAAM,+BAAgCkF,EAAexD,QAC7D9B,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQwD,EAAexD,UAGzB,IAAI5B,MAAM,gCAUpB,OAPAG,QAAQQ,IAAI,4CACZb,EAAIkD,OAAOC,KAAK,2CAA4C,CACxDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,KAGbF,EAAqBd,EAAYe,EAAWC,EAAWC,EAAKC,EACvE,CACA,GAAII,GAA8B,MAAnBe,GAAQtD,OAAgB,CACnCzB,QAAQQ,IAAI,+DAAgEuE,GAAQtD,QACpF9B,EAAIkD,OAAO9C,MAAM,+DAAgE,CAC7EgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,GAAQtD,UAGxB,MAAM0D,EAAiBC,EAAUpB,GACjC,IAAKmB,GAAgBlC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BASpB,MAPAF,EAAIkD,OAAO9C,MAAM,iBAAkB,CAC/BgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZT,MAAOkC,EAAelC,SAGxB,IAAIoC,EAAkB,iBAAkBF,EAAelC,MACjE,CACA,GAAsB,MAAlB8B,EAAOtD,OAAgB,CAMvB,GAAImC,EAAa,EAWb,MATA5D,QAAQD,MAAM,6EACdJ,EAAIkD,OAAO9C,MAAM,yDAA0D,CACvEgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,EAAOtD,OACfsC,YAAaH,KAGf,IAAI/D,MAAM,4DAiBpB,OAfAG,QAAQQ,IAAI,mFACZb,EAAIkD,OAAOnB,KAAK,4DAA6D,CACzEqB,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,EAAOtD,OACfsC,YAAaH,KAIrB0B,aAAaC,WAAWpG,GACpBsE,GACA6B,aAAaC,WAAWnG,EAA4B,IAAMqE,GAGvDD,EAAqBd,OAAYoC,OAAWA,EAAWnB,EAAKC,EAAa,EACpF,CACA,IAAKmB,EAAO1D,GAAI,CACZ,MAAMmE,QAAkBT,EAAOU,OAU/B,MATAzF,QAAQD,MAAM,+BAAgCgF,EAAOtD,OAAQ+D,GAC7D7F,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNtB,OAAQsD,EAAOtD,OACf1B,MAAOyF,EACP3B,WAAYJ,EACZK,WAAYJ,KAGd,IAAI7D,MAAM,iCAAiCkF,EAAOtD,SAC5D,CACA,MAAMmB,MAAEA,SAAgBmC,EAAOxD,OAG/B,OAFAvB,QAAQQ,IAAI,mCACZb,EAAIkD,OAAOC,KAAK,mCACTF,CACX,CACA,MAAO7C,GACH,GAAIA,aAAiBsF,EACjB,MAAMtF,EAeV,MAZAuF,aAAaC,WAAWpG,GACpBsE,GACA6B,aAAaC,WAAWnG,EAA4B,IAAMqE,GAE9DzD,QAAQD,MAAM,0CAA2CA,GACzDJ,EAAIkD,OAAO9C,MAAM,0CAA2C,CACxDgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZ3D,MAAOA,KAGT,IAAIF,MAAM,iCACpB,CACJ,CAQOQ,eAAeqF,EAAsCjC,EAAWC,EAAWC,GAC9E,OAAOH,EAAqBlB,EAAsBmB,EAAWC,EAAWC,EAC5E,CACOtD,eAAesF,EAAmBlC,EAAWC,EAAWkC,EAAWC,GAAe,EAAOC,GAAkB,GAC9G,MAAMC,EAAkBtC,GAAa6B,aAAaU,QAAQ7G,SAA8B2F,EAClFmB,EAAkBvC,GAAa4B,aAAaU,QAAQ5G,EAA4B,IAAM2G,SAAoBjB,EAEhH,IAAKe,GAAgBxG,GAAkBC,GAAcA,EAAW4G,IAAOtB,KAAKC,MAAQ,IAAO,IACvF,MAAO,CAAEsB,SAAU9G,EAAgBuD,MAAOtD,EAAYS,OAAO,GAWjE,IARK+F,GAAmB3F,IAAkBsC,YAEtCpD,QAAuBqG,EAAsCK,EAAiBE,IAEzEL,GAAavG,KAElBA,QAAuBmE,EAAqB,IAAMtB,QAAQC,QAAQyD,GAAavG,GAAiB0G,EAAiBE,KAEhH5G,EAOD,MANAM,EAAIkD,OAAO9C,MAAM,oCAAqC,CAClDgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGd,IAAIpG,MAAM,qCAGpB,GADAP,EAAa8F,EAAU/F,IAClBC,IAAeA,EAAW4G,MAAQ7G,EAQnC,MAPAW,QAAQD,MAAM,2BAA4BT,GAC1CK,EAAIkD,OAAO9C,MAAM,2BAA4B,CACzCgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGd,IAAIpG,MAAM,4BAEpB,MAAO,CAAEsG,SAAU9G,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CACO,MAAMsF,UAA0BxF,MACnCoD,MACA,WAAAmD,CAAY/D,EAASY,GACjBoD,MAAMhE,GACNiE,KAAKC,KAAO,oBACZD,KAAKrD,MAAQA,CACjB,EC1PG,SAASuD,IACZ,MAAMhE,KAAEA,GAASiE,KACVC,EAAeC,GAAoBC,EAAS,OAC5CC,EAAWC,GAAgBF,GAAS,IACpC7G,EAAOgH,GAAYH,EAAS,MAkDnC,OAjDAI,EAAU,KACoB3G,WACtB,IAAKmC,GAAMS,MAGP,OAFA0D,EAAiB,WACjBG,GAAa,GAGjB,IACI,MAAMnG,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaiC,EAAKS,UAG1B,GAAItC,EAASU,GAAI,CACb,MAAM4F,QAAmBtG,EAASY,OAG9BoF,EAFAM,EAEiB,CACbC,UAAWD,EAAWV,MAAQ,UAC9BA,KAAMU,EAAWE,OAASF,EAAWV,MAAQ,UAC7Ca,OAAQH,EAAWG,QAAU,GAC7BxF,iBAAkBqF,EAAWrF,iBAC7BI,SAAUiF,EAAWjF,SACrBqF,KAAMJ,EAAWI,MAIJ,KAEzB,MAEIV,EAAiB,KAEzB,CACA,MAAO5G,GACHC,QAAQD,MAAM,gCAAiCA,GAC/CgH,EAAS,uCACTJ,EAAiB,KACrB,CACZ,QACgBG,GAAa,EACjB,GAEJQ,IACD,CAAC9E,GAAMS,QACH,CACHyD,gBACAG,YACA9G,QAER,CCxDA,MAAMwH,EAAiB,aACjBC,EAAmB,oBAElB,SAASC,IAmCZ,MAAO,CAAEC,cAjCaC,EAAY,KAC9B,MAAMC,EAAQC,OAAOC,aACfC,EAAanD,KAAKC,MALd,IASV,OAFAmD,eAAeC,QAAQV,EAAgBK,GACvCI,eAAeC,QAAQT,EAAkBO,EAAWG,YAC7CN,GACR,IA0BqBO,YAxBJR,EAAaS,IAC7B,IAAKA,EACD,MAAO,gBAEX,MAAMC,EAAaL,eAAehC,QAAQuB,GACpCQ,EAAaO,SAASN,eAAehC,QAAQwB,IAAqB,KACxE,IAAIe,EAWJ,OARIA,EADAF,IAAeD,EACN,qBAAqBC,SAAkBD,KAE3CxD,KAAKC,MAAQkD,EACT,qBAGAjD,EAENyD,GACR,IAMkCC,WAJlBb,EAAY,KAC3BK,eAAezC,WAAWgC,GAC1BS,eAAezC,WAAWiC,IAC3B,IAEP,CCnCA,MAAMiB,EACF5B,WAAY,EACZ6B,OACAC,UACAC,UACAC,WACAC,oBACAC,oBACAC,mBACA,WAAA5C,CAAYsC,EAAQG,GAEZvC,KAAKoC,OADLA,GAIc,IAAIO,EAAe,CAC7BC,UAAWvJ,EAAIuE,UAAUgB,OACzBiE,SAAUxJ,EAAIuE,UAAUkF,KACxBC,eAAgB1J,EAAIuE,UAAUC,MAGlC0E,IACAvC,KAAKuC,WAAaA,GAEtBvC,KAAKgD,OAAShD,KAAKgD,OAAOC,KAAKjD,KACnC,CACA,SAAIkD,GACA,OAAOlD,KAAKoC,OAAOc,KACvB,CACA,QAAIhH,GACA,OAAO8D,KAAKsC,SAChB,CACA,WAAIa,GACA,OAAOnD,KAAKsC,WAAWa,OAC3B,CACA,WAAIC,GACA,OAAOpD,KAAKsC,WAAWc,OAC3B,CACA,YAAIC,GACA,OAAOrD,KAAKsC,WAAWe,QAC3B,CACA,gBAAIC,GACA,OAAOtD,KAAKuD,aAAalH,KAAKC,GAAS,UAAUA,IACrD,CACA,gBAAIiH,GACA,OAAOlE,IAAqBhD,KAAKmH,IAC7B,MAAMlH,EAAQkH,GAAK3D,SACnB,IAAKvD,EACD,MAAM,IAAI/C,MAAM,sBAGpB,OADAyG,KAAKsC,UAAYxD,EAAUxC,GACpBA,GAEf,CACA,OAAAmH,GACIzD,KAAKgD,QACT,CACA,UAAAU,GACI,OAAO1D,KAAKsC,WAAWa,OAC3B,CACA,WAAMQ,CAAMrH,GAYR,OAXA0D,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKoC,OAAOwB,iBAAiB,IAAM5D,KAAKsD,cACxCtD,KAAKsC,UAAYxD,EAAUxC,GAC3B5C,QAAQQ,IAAI,iBAAiB8F,KAAKsC,WAAWrC,qBAAqBD,KAAKsC,WAAWa,QAAQlD,SAASD,KAAKsC,WAAWa,QAAQU,mBAAmB7D,KAAKsC,WAAWc,SAASnD,SAASD,KAAKsC,WAAWc,SAASS,OAEzM7E,aAAa2C,QAAQ9I,EAA2BmH,KAAKsC,UAAUa,QAAQU,IACvE7E,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKsC,UAAUa,QAAQU,GAAI7D,KAAKsC,UAAUc,SAASS,IAAM,IAEhHxK,EAAIyK,UAAU9D,KAAKsC,iBACbtC,KAAK+D,wBACJnI,QAAQC,SACnB,CACA,UAAAmI,GACI,QAAShE,KAAKsC,SAClB,CACA,MAAAU,GACItJ,QAAQQ,IAAI,eAIZ,GAD6Bb,EAAI4K,UADd,CAAC,iBAAkB,gBAAiB,gBACCC,KAAMpD,GAAWqD,OAAOC,SAASC,SAASC,SAASxD,IACjF,CAGtBpH,QAAQQ,IAAI,6BACZ8F,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKsC,eAAY9D,EACjBwB,KAAKuC,gBAAa/D,EAClBwB,KAAKoC,OAAOwB,sBAAiBpF,GAC7B,MAAM+F,EAAY,IAAIvG,IA3FJ,uCA4FZwG,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MAC3CD,EAAWE,KAAO,GAClBH,EAAUI,SAAW,UACrBJ,EAAUK,aAAaC,IAAI,eAAgBL,EAAW5C,YACtDwC,SAASU,QAAQP,EAAU3C,WAC/B,MAGIlI,QAAQQ,IAAI,yBACR8F,KAAKsC,WACLzI,IAAkB4J,UAEtBzD,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKsC,eAAY9D,EACjBwB,KAAKuC,gBAAa/D,EAClBwB,KAAKoC,OAAOwB,sBAAiBpF,EAErC,CACA,mBAAMuG,CAAcC,GAChBhG,aAAa2C,QAAQ9I,EAA2BmM,GAC5ChF,OACIA,KAAKmD,SAAWnD,KAAKoD,QACrBpE,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKmD,QAAQU,GAAI7D,KAAKoD,QAAQS,IAEhF7D,KAAKmD,SACVnE,aAAaC,WAAWnG,EAA4B,IAAMkH,KAAKmD,QAAQU,KAG/EM,OAAOC,SAASU,QAAQ,OAASE,EACrC,CACA,mBAAMC,CAAcC,GACZlF,KAAKmD,SACLnE,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKmD,QAAQU,GAAIqB,GAE5Ef,OAAOC,SAASU,QAAQ,OAAS9E,KAAKmD,SAASU,GAAK,MAAQqB,EAChE,CACA,mBAAMC,GACF,OAAOnF,KAAKoC,OAAOiB,SAAS+B,OAAO/I,KAAKgH,IACpC,IAAKrD,KAAKsC,UACN,MAAM,IAAI/I,MAAM,sBAEpByG,KAAKsC,UAAUe,SAAWA,EAC1BrD,KAAKuC,aAAavC,KAAKqF,WACxBrI,MAAMC,IAEL,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,2BAAM8G,GACF,GAAI/D,KAAK0C,mBAEL,OADAhJ,QAAQQ,IAAI,iCACL,EAEX,MAAMoL,EAAiBtF,KAAK0C,mBAC5B,IACI,MAAM6C,QAAmBvF,KAAKoC,OAAOe,QAAQqC,qBAE7C,GADAxF,KAAK0C,mBAAqB+C,OAAOC,OAAOH,GAAYI,MAAMC,IAAmB,IAAVA,GAC/DN,IAAmBtF,KAAK0C,mBACxB,OAAO,EAEX1C,KAAKuC,aAAavC,KAAKqF,QAC3B,CACA,MAAO5L,GACHC,QAAQD,MAAM,oCAAqCA,GACnDuG,KAAK0C,oBAAqB,EAC1B1C,KAAKuC,aAAavC,KAAKqF,QAC3B,CACA,OAAO,CACX,CACA,KAAAA,GACI,MAAMQ,EAAU,IAAI1D,EAAYnC,KAAKoC,QAQrC,OAPAyD,EAAQtF,UAAYP,KAAKO,UACzBsF,EAAQxD,UAAYrC,KAAKqC,UACzBwD,EAAQvD,UAAYtC,KAAKsC,UACzBuD,EAAQtD,WAAavC,KAAKuC,WAC1BsD,EAAQrD,oBAAsBxC,KAAKwC,oBACnCqD,EAAQd,cAAgB/E,KAAK+E,cAC7Bc,EAAQnD,mBAAqB1C,KAAK0C,mBAC3BmD,CACX,EAEC,MAACC,EAAqBC,OAAcvH,GAClC,SAAS2B,IACZ,MAAM0F,EAAUG,EAAWF,GAC3B,IAAKD,EACD,MAAM,IAAItM,MAAM,4DAEpB,OAAOsM,CACX,CCrLA,MAAMI,EAAa,CAAC,iBAAkB,gBAAiB,gBAEhD,SAASC,IAGZ,QAAI7M,EAAI4K,UAGDgC,EAAW/B,KAAMpD,GAAWqD,OAAOC,SAASC,SAASC,SAASxD,GACzE,CACO,SAASqF,GAAoBC,SAAEA,IAClC,MAAMC,EAAa,IAAIC,gBAAgBlC,SAASM,KAAK6B,UAAU,IACzDjK,EAAQ+J,EAAWG,IAAI,SACvBlF,EAAQ+E,EAAWG,IAAI,UACtBX,EAAStD,GAAcjC,EAAS,IAAI6B,IACrCf,cAAEA,EAAaS,YAAEA,EAAWK,WAAEA,GAAef,IAC7CsF,EAAsBC,GAAO,GAC7BC,EAAwB,CAACvJ,EAAWD,KACtC,MAAMyJ,EAAM,IAAI5I,IAAI,2CAAgC3E,EAAIuE,UAAUC,KAAO,6BACnE2G,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MAC3CD,EAAWE,KAAO,GAKlBkC,EAAIhC,aAAaC,IAAI,eAAgBL,EAAW5C,YAChDgF,EAAIhC,aAAaC,IAAI,QAASzD,KAC9BgD,SAASU,QAAQ8B,EAAIhF,aA8IzB,OA5IAlB,EAAU,KAEN,GAAI+F,EAAoBI,QAEpB,YADAnN,QAAQQ,IAAI,iDAGhBuM,EAAoBI,SAAU,EAC9BnN,QAAQQ,IAAI,4BACZb,EAAIkD,OAAOC,KAAK,sBAChB,MAAMgI,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MACrChF,EAAkB+E,EAAWI,aAAa4B,IAAI,MAAQxH,aAAaU,QAAQ7G,SAA8B2F,EACzGmB,EAAkB6E,EAAWI,aAAa4B,IAAI,MAChDxH,aAAaU,QAAQ5G,EAA4B,IAAM2G,SACvDjB,EASJ,GARA9E,QAAQQ,IAAI,yBAA0BuF,GACtC/F,QAAQQ,IAAI,yBAA0ByF,GACtCtG,EAAIkD,OAAOC,KAAK,+BAAgC,CAC5CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGhBrD,GAASgF,EAAO,CAChB,MAAMwF,EAAkBjF,EAAYP,GAsCpC,OArCIwF,GACApN,QAAQD,MAAM,wBAAwBqN,KACtCzN,EAAIkD,OAAO9C,MAAM,kBAAkBqN,IAAmB,CAClDrK,SAAU,CACN6E,MAAOA,KAGfqF,KAGAzE,SAEJ7C,EAAmBI,EAAiBE,EAAiBrD,GAAO,EAAO4J,KAC9D7J,KAAMmH,IACPqC,EAAQlC,MAAMH,EAAI3D,UAAUxD,KAAK,KAC7BkG,EAAWsD,EAAQR,SAEnBlB,OAAOC,SAASM,KAAO,OAG1B1H,MAAOC,IAER,GAAIA,aAAe8B,EAKf,OAJArF,QAAQQ,IAAI,4CAA6C+C,GACzD4I,EAAQtF,WAAY,EACpBsF,EAAQxD,UAAYpF,OACpBsF,EAAWsD,EAAQR,SAGvB3L,QAAQD,MAAM,sEAAuEwD,GACrF5D,EAAIkD,OAAO9C,MAAM,sEAAuE,CACpFgD,SAAU,CACNhD,MAAOwD,KAGf0J,KAGR,CAGI,IAAKd,EAAQ7B,aAAc,CAQvB,GAPAtK,QAAQQ,IAAI,wCACZb,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGhBuG,IASA,OARAxM,QAAQQ,IAAI,kEAAmEuF,EAAiBE,GAChGtG,EAAIkD,OAAOC,KAAK,6CAA8C,CAC1DC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,UAGpBgH,IAIAjN,QAAQQ,IAAI,2BACZb,EAAIkD,OAAOC,KAAK,oBAAqB,CACjCC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,IAI5B,CAEJ,OAAOoH,EAAmBlN,IAAmBE,MAAOiN,IAC5CA,GACAtN,QAAQQ,IAAI,wCACZb,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGpBkG,EAAQtD,WAAaA,QACflD,EAAmBI,EAAiBE,OAAiBnB,GAAW,EAAO0H,KACxE7J,KAAMmH,IACPqC,EAAQlC,MAAMH,EAAI3D,UAAUxD,KAAK,IAAMkG,EAAWsD,EAAQR,YAEzDrI,MAAOC,IACRvD,QAAQD,MAAM,yCAA0CwD,GACxD5D,EAAIkD,OAAO9C,MAAM,yCAA0C,CACvDgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,EACZlG,MAAOwD,KAGTA,aAAe8B,GACjB8G,EAAQ7C,SACZ6C,EAAQtF,WAAY,EACpBsF,EAAQxD,UAAYpF,EACpBsF,EAAWsD,EAAQR,aAKvB3L,QAAQQ,IAAI,8BACZb,EAAIkD,OAAOC,KAAK,uBAAwB,CACpCC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGpBkG,EAAQzD,OAAOwB,sBAAiBpF,GAChCqH,EAAQ7C,SACRT,EAAWsD,EAAQR,aAG5B,IACI4B,EAAKnB,EAAmBoB,SAAU,CAAEtB,MAAOC,EAASO,SAAUA,GACzE,CC/KO,SAASe,IAoBZ,MAAO,CACHC,eAnBmBrN,MAAOmC,IAC1B,MAAMmL,EAAalD,OAAOnF,aAAaU,QAAQ,wBAC1CxD,EAIDmL,GACAlD,OAAOnF,aAAaC,WAAW,wBAJ/BvF,QAAQD,MAAM,sCAiBlB6N,WATe,CAACC,EAAWC,KACtBnO,EAAIoO,QACL/N,QAAQgO,MAAM,cAAeH,EAAWC,GAG5CG,EAAShO,IAAwB4N,EAAW,IAAKC,EAAiBI,YAAavO,EAAIoO,UAM3F"}
1
+ {"version":3,"file":"vertesia-ui-session.js","sources":["esm/session/constants.js","esm/session/auth/firebase.js","esm/session/auth/composable.js","esm/session/auth/useCurrentTenant.js","esm/session/auth/useAuthState.js","esm/session/UserSession.js","esm/session/UserSessionProvider.js","esm/session/useUXTracking.js"],"sourcesContent":["export const LastSelectedAccountId_KEY = 'composableai.lastSelectedAccountId';\nexport const LastSelectedProjectId_KEY = 'composableai.lastSelectedProjectId';\n//# sourceMappingURL=constants.js.map","import { Env } from \"@vertesia/ui/env\";\nimport { getAnalytics } from \"firebase/analytics\";\nimport { initializeApp } from \"firebase/app\";\nimport { getAuth } from \"firebase/auth\";\n// Use lazy initialization to avoid accessing Env before it's initialized\nlet _firebaseApp = null;\nlet _analytics = null;\nlet _firebaseAuth = null;\n// Getters that lazily initialize Firebase components when first accessed\nexport function getFirebaseApp() {\n if (!_firebaseApp) {\n try {\n if (!Env.firebase) {\n throw new Error(\"Firebase configuration is not available in the environment\");\n }\n _firebaseApp = initializeApp(Env.firebase);\n }\n catch (error) {\n console.error(\"Failed to initialize Firebase app:\", error);\n throw new Error(\"Firebase initialization failed - environment may not be properly initialized\");\n }\n }\n return _firebaseApp;\n}\nexport function getFirebaseAnalytics() {\n if (!_analytics) {\n _analytics = getAnalytics(getFirebaseApp());\n }\n return _analytics;\n}\nexport function getFirebaseAuth() {\n if (!_firebaseAuth) {\n _firebaseAuth = getAuth(getFirebaseApp());\n }\n return _firebaseAuth;\n}\nexport async function setFirebaseTenant(tenantEmail) {\n if (!tenantEmail) {\n console.log(\"No tenant name or email specified, skipping tenant setup\");\n return;\n }\n if (!Env.firebase) {\n console.log(\"Firebase configuration is not available in the environment\");\n return;\n }\n try {\n if (tenantEmail)\n console.log(`Resolving tenant ID from email: ${tenantEmail}`);\n // Add retry logic with exponential backoff\n let retries = 3;\n let retryDelay = 250; // Start with 250ms delay\n while (retries > 0) {\n try {\n // Call the API endpoint to resolve the tenant ID\n const response = await fetch(\"/api/resolve-tenant\", {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n },\n body: JSON.stringify({\n tenantEmail: tenantEmail,\n }),\n // Add timeout to prevent hanging requests\n signal: AbortSignal.timeout(5000),\n });\n // Check for network errors\n if (!response) {\n throw new Error(\"No response received from tenant API\");\n }\n // Handle HTTP error responses\n if (!response.ok) {\n // Try to parse the error response\n try {\n const errorData = await response.json();\n console.error(\"Failed to resolve tenant ID:\", errorData.error);\n }\n catch (parseError) {\n console.error(`Failed to resolve tenant ID: HTTP ${response.status}`);\n }\n // If the error is 404 Not Found, no need to retry\n if (response.status === 404) {\n console.warn(`Tenant not found for ${tenantEmail}`);\n return;\n }\n throw new Error(`HTTP error ${response.status}`);\n }\n // Successfully got a response, parse it\n const data = (await response.json());\n if (data && data.firebaseTenantId) {\n const auth = getFirebaseAuth();\n auth.tenantId = data.firebaseTenantId;\n Env.firebase.providerType = data.provider ?? \"oidc\";\n console.log(`Tenant ID set to ${auth.tenantId}`);\n return data;\n }\n else {\n console.error(`Invalid response format, missing tenantId for ${tenantEmail}`);\n return; // No need to retry for invalid response format\n }\n }\n catch (fetchError) {\n // Only retry for network-related errors\n if (retries > 1) {\n console.warn(`Tenant resolution failed, retrying in ${retryDelay}ms...`, fetchError);\n await new Promise((resolve) => setTimeout(resolve, retryDelay));\n retryDelay *= 2; // Exponential backoff\n retries--;\n }\n else {\n throw fetchError; // Last retry failed, propagate error\n }\n }\n }\n }\n catch (error) {\n // Final error handler\n console.error(\"Error setting Firebase tenant:\", error instanceof Error ? error.message : \"Unknown error\");\n // Continue without tenant ID - authentication will work without multi-tenancy\n // but the user will access the default tenant\n }\n}\nexport async function getFirebaseAuthToken(refresh) {\n const auth = getFirebaseAuth();\n const user = auth.currentUser;\n if (user) {\n return user\n .getIdToken(refresh)\n .then((token) => {\n Env.logger.info(\"Got Firebase token\", {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n },\n });\n return token;\n })\n .catch((err) => {\n Env.logger.error(\"Failed to get Firebase token\", {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n error: err,\n },\n });\n console.error(\"Failed to get access token\", err);\n return null;\n });\n }\n else {\n Env.logger.warn(\"No user found\");\n return Promise.resolve(null);\n }\n}\n//# sourceMappingURL=firebase.js.map","import { jwtDecode } from \"jwt-decode\";\nimport { Env } from '@vertesia/ui/env';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from '../constants';\nimport { getFirebaseAuth, getFirebaseAuthToken } from './firebase';\nlet AUTH_TOKEN_RAW;\nlet AUTH_TOKEN;\nexport async function fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount = 0) {\n console.log(`Getting/refreshing composable token for account ${accountId} and project ${projectId} `);\n Env.logger.info('Getting/refreshing composable token', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n retry_count: retryCount,\n },\n });\n const idToken = await getIdToken(); //get from firebase\n if (!idToken) {\n console.log('No id token found - using cookie auth');\n throw new Error('No id token found');\n }\n // Use STS endpoint - either configured or default to sts.vertesia.io\n const stsEndpoint = Env.endpoints.sts;\n console.log('Using STS for token generation:', stsEndpoint);\n Env.logger.info('Using STS for token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n sts_url: stsEndpoint,\n },\n });\n try {\n // Call STS to generate a user token\n const stsUrl = new URL(stsEndpoint + '/token/issue');\n const requestBody = {\n type: 'user',\n account_id: accountId,\n project_id: projectId,\n expires_at: ttl ? Math.floor(Date.now() / 1000) + ttl : undefined,\n };\n const stsRes = await fetch(stsUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n 'Authorization': `Bearer ${idToken}` // Firebase token for authentication\n },\n body: JSON.stringify(requestBody)\n });\n if (idToken && stsRes?.status === 404) {\n // User not found in token-server - call ensure-user endpoint\n console.log('404: User not found - calling ensure-user endpoint');\n Env.logger.info('404: User not found - calling ensure-user endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status\n },\n });\n const ensureResponse = await fetch(Env.endpoints.studio + '/auth/ensure-user', {\n method: 'POST',\n headers: {\n 'Authorization': `Bearer ${idToken}`,\n 'Content-Type': 'application/json'\n }\n });\n if (ensureResponse.status === 412) {\n // No invite - trigger signup\n console.log('412: No invite found - signup required');\n Env.logger.info('412: No invite found - signup required', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n }\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n throw new UserNotFoundError('User not found - signup required', idTokenDecoded.email);\n }\n if (!ensureResponse.ok) {\n console.error('Failed to ensure user exists', ensureResponse.status);\n Env.logger.error('Failed to ensure user exists', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: ensureResponse.status,\n },\n });\n throw new Error('Failed to ensure user exists');\n }\n // User created/exists - retry token generation\n console.log('User ensured - retrying token generation');\n Env.logger.info('User ensured - retrying token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n }\n });\n return fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount);\n }\n if (idToken && stsRes?.status === 412) {\n console.log(\"412: auth succeeded but user doesn't exist - signup required\", stsRes?.status);\n Env.logger.error(\"412: auth succeeded but user doesn't exist - signup required\", {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n Env.logger.error('User not found', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n email: idTokenDecoded.email\n }\n });\n throw new UserNotFoundError('User not found', idTokenDecoded.email);\n }\n if (stsRes.status === 403) {\n // User doesn't have access to the requested account/project, or has no accounts\n // This can happen with:\n // 1. Stale localStorage from previous user\n // 2. User invited to a new account (doesn't have access yet)\n // 3. User exists but has no accounts at all\n if (retryCount > 0) {\n // Already retried without account scope - this is a real authorization failure\n console.error('403: Access denied even without account scope - user may have no accounts');\n Env.logger.error('403: Access denied after retry - authorization failure', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount\n },\n });\n throw new Error('Access denied - user may not have access to any accounts');\n }\n console.log('403: Access denied - clearing cached account and retrying without account scope');\n Env.logger.warn('403: Access denied - clearing cached account and retrying', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount\n },\n });\n // Clear any stale account/project from localStorage\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + accountId);\n }\n // Retry without account/project scope - let user log in to their default account\n return fetchComposableToken(getIdToken, undefined, undefined, ttl, retryCount + 1);\n }\n if (!stsRes.ok) {\n const errorText = await stsRes.text();\n console.error('STS token generation failed:', stsRes.status, errorText);\n Env.logger.error('STS token generation failed', {\n vertesia: {\n status: stsRes.status,\n error: errorText,\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error(`Failed to get token from STS: ${stsRes.status}`);\n }\n const { token } = await stsRes.json();\n console.log('Successfully got token from STS');\n Env.logger.info('Successfully got token from STS');\n return token;\n }\n catch (error) {\n if (error instanceof UserNotFoundError) {\n throw error; // Re-throw UserNotFoundError\n }\n // Clear any stale account/project from localStorage on error\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + accountId);\n }\n console.error('Failed to get composable token from STS', error);\n Env.logger.error('Failed to get composable token from STS', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new Error('Failed to get composable token');\n }\n}\n/**\n *\n * @param accountId\n * @param projectId\n * @param ttl time to live for the token in seconds\n * @returns\n */\nexport async function fetchComposableTokenFromFirebaseToken(accountId, projectId, ttl) {\n return fetchComposableToken(getFirebaseAuthToken, accountId, projectId, ttl);\n}\nexport async function getComposableToken(accountId, projectId, initToken, forceRefresh = false, useInternalAuth = false) {\n const selectedAccount = accountId ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = projectId ?? localStorage.getItem(LastSelectedProjectId_KEY + '-' + selectedAccount) ?? undefined;\n //token is still valid for more than 5 minutes\n if (!forceRefresh && AUTH_TOKEN_RAW && AUTH_TOKEN && AUTH_TOKEN.exp > (Date.now() / 1000 + 300)) {\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n //token is close to expire, refresh it\n if (!useInternalAuth && getFirebaseAuth().currentUser) {\n //we have a firebase user, get the token from there\n AUTH_TOKEN_RAW = await fetchComposableTokenFromFirebaseToken(selectedAccount, selectedProject);\n }\n else if (initToken || AUTH_TOKEN_RAW) {\n // we have a token already and no firebase user, refresh it\n AUTH_TOKEN_RAW = await fetchComposableToken(() => Promise.resolve(initToken ?? AUTH_TOKEN_RAW), selectedAccount, selectedProject);\n }\n if (!AUTH_TOKEN_RAW) {\n Env.logger.error('Cannot acquire a composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Cannot acquire a composable token');\n }\n AUTH_TOKEN = jwtDecode(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN || !AUTH_TOKEN.exp || !AUTH_TOKEN_RAW) {\n console.error('Invalid composable token', AUTH_TOKEN);\n Env.logger.error('Invalid composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n}\nexport class UserNotFoundError extends Error {\n email;\n constructor(message, email) {\n super(message);\n this.name = 'UserNotFoundError';\n this.email = email;\n }\n}\n//# sourceMappingURL=composable.js.map","import { useState, useEffect } from 'react';\nimport { useUserSession } from \"@vertesia/ui/session\";\nexport function useCurrentTenant() {\n const { user } = useUserSession();\n const [currentTenant, setCurrentTenant] = useState(null);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState(null);\n useEffect(() => {\n const loadCurrentTenant = async () => {\n if (!user?.email) {\n setCurrentTenant(null);\n setIsLoading(false);\n return;\n }\n try {\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: user.email\n })\n });\n if (response.ok) {\n const tenantData = await response.json();\n if (tenantData) {\n // Convert the resolved tenant data to our TenantConfig format\n setCurrentTenant({\n tenantKey: tenantData.name || 'unknown',\n name: tenantData.label || tenantData.name || 'Unknown',\n domain: tenantData.domain || [],\n firebaseTenantId: tenantData.firebaseTenantId,\n provider: tenantData.provider,\n logo: tenantData.logo\n });\n }\n else {\n setCurrentTenant(null);\n }\n }\n else {\n setCurrentTenant(null);\n }\n }\n catch (error) {\n console.error('Error loading current tenant:', error);\n setError('Failed to load tenant configuration');\n setCurrentTenant(null);\n }\n finally {\n setIsLoading(false);\n }\n };\n loadCurrentTenant();\n }, [user?.email]);\n return {\n currentTenant,\n isLoading,\n error\n };\n}\n//# sourceMappingURL=useCurrentTenant.js.map","/**\n * This hook is used to generate and verify state for OAuth2 authorization requests.\n * @returns\n */\nimport { useCallback } from \"react\";\nconst AUTH_STATE_KEY = 'auth_state';\nconst STATE_EXPIRY_KEY = 'auth_state_expiry';\nconst STATE_TTL = 5 * 60 * 1000; // 5 min\nexport function useAuthState() {\n // Generate new state\n const generateState = useCallback(() => {\n const state = crypto.randomUUID();\n const expiryTime = Date.now() + STATE_TTL;\n // Store state and expiry\n sessionStorage.setItem(AUTH_STATE_KEY, state);\n sessionStorage.setItem(STATE_EXPIRY_KEY, expiryTime.toString());\n return state;\n }, []);\n // Verify returned state\n const verifyState = useCallback((returnedState) => {\n if (!returnedState) {\n return 'Missing state';\n }\n const savedState = sessionStorage.getItem(AUTH_STATE_KEY);\n const expiryTime = parseInt(sessionStorage.getItem(STATE_EXPIRY_KEY) || '0');\n let reason;\n // Verify state matches and hasn't expired\n if (savedState !== returnedState) {\n reason = `State mismatched (${savedState} !== ${returnedState})`;\n }\n else if (Date.now() > expiryTime) {\n reason = 'State expired';\n }\n else {\n reason = undefined; // No errors\n }\n return reason;\n }, []);\n // Clear state (useful for cleanup)\n const clearState = useCallback(() => {\n sessionStorage.removeItem(AUTH_STATE_KEY);\n sessionStorage.removeItem(STATE_EXPIRY_KEY);\n }, []);\n return { generateState, verifyState, clearState };\n}\n//# sourceMappingURL=useAuthState.js.map","import { jwtDecode } from 'jwt-decode';\nimport { createContext, useContext } from 'react';\nimport { VertesiaClient } from '@vertesia/client';\nimport { Env } from '@vertesia/ui/env';\nimport { getComposableToken } from './auth/composable';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from './constants';\nexport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY };\nconst CENTRAL_AUTH_REDIRECT = \"https://internal-auth.vertesia.app/\";\nclass UserSession {\n isLoading = true;\n client;\n authError;\n authToken;\n setSession;\n lastSelectedAccount;\n lastSelectedProject;\n onboardingComplete;\n constructor(client, setSession) {\n if (client) {\n this.client = client;\n }\n else {\n this.client = new VertesiaClient({\n serverUrl: Env.endpoints.studio,\n storeUrl: Env.endpoints.zeno,\n tokenServerUrl: Env.endpoints.sts\n });\n }\n if (setSession) {\n this.setSession = setSession;\n }\n this.logout = this.logout.bind(this);\n }\n get store() {\n return this.client.store;\n }\n get user() {\n return this.authToken;\n }\n get account() {\n return this.authToken?.account;\n }\n get project() {\n return this.authToken?.project;\n }\n get accounts() {\n return this.authToken?.accounts;\n }\n get authCallback() {\n return this.rawAuthToken.then(token => `Bearer ${token}`);\n }\n get rawAuthToken() {\n return getComposableToken().then(res => {\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n return token;\n });\n }\n signOut() {\n this.logout();\n }\n getAccount() {\n return this.authToken?.account;\n }\n async login(token) {\n this.authError = undefined;\n this.isLoading = false;\n this.client.withAuthCallback(() => this.authCallback);\n this.authToken = jwtDecode(token);\n console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`);\n //store selected account in local storage\n localStorage.setItem(LastSelectedAccountId_KEY, this.authToken.account.id);\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.authToken.account.id, this.authToken.project?.id ?? '');\n // notify the host app of the login\n Env.onLogin?.(this.authToken);\n await this.fetchOnboardingStatus();\n return Promise.resolve();\n }\n isLoggedIn() {\n return !!this.authToken;\n }\n logout() {\n console.log('Logging out');\n // Check if we should use central auth for logout\n const devDomains = [\".composable.sh\", \".vertesia.dev\", \"vertesia.app\"];\n const shouldUseCentralAuth = Env.isDocker || devDomains.some((domain) => window.location.hostname.endsWith(domain));\n if (shouldUseCentralAuth) {\n // Redirect to central auth for logout\n // Central auth will handle Firebase logout\n console.log('Using central auth logout');\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n const logoutUrl = new URL(CENTRAL_AUTH_REDIRECT);\n const currentUrl = new URL(window.location.href);\n currentUrl.hash = \"\";\n logoutUrl.pathname = \"/logout\";\n logoutUrl.searchParams.set(\"redirect_uri\", currentUrl.toString());\n location.replace(logoutUrl.toString());\n }\n else {\n // Use Firebase logout directly\n console.log('Using Firebase logout');\n const wasLoggedIn = !!this.authToken;\n if (this.authToken) {\n getFirebaseAuth().signOut();\n }\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n // Navigate to root to avoid React rendering errors when\n // unmounting deeply nested route components during logout.\n // Only navigate if user was actually logged in to avoid\n // infinite reload loop on fresh/incognito sessions.\n if (wasLoggedIn) {\n location.replace(\"/\");\n }\n }\n }\n async switchAccount(targetAccountId) {\n localStorage.setItem(LastSelectedAccountId_KEY, targetAccountId);\n if (this) {\n if (this.account && this.project) {\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.account.id, this.project.id);\n }\n else if (this.account) {\n localStorage.removeItem(LastSelectedProjectId_KEY + '-' + this.account.id);\n }\n }\n window.location.replace('/?a=' + targetAccountId);\n }\n async switchProject(targetProjectId) {\n if (this.account) {\n localStorage.setItem(LastSelectedProjectId_KEY + '-' + this.account.id, targetProjectId);\n }\n window.location.replace('/?a=' + this.account?.id + '&p=' + targetProjectId);\n }\n async fetchAccounts() {\n return this.client.accounts.list().then(accounts => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken.accounts = accounts;\n this.setSession?.(this.clone());\n }).catch(err => {\n console.error('Failed to fetch accounts', err);\n throw err;\n });\n }\n async fetchOnboardingStatus() {\n if (this.onboardingComplete) {\n console.log('Onboarding already completed');\n return false;\n }\n const previousStatus = this.onboardingComplete;\n try {\n const onboarding = await this.client.account.onboardingProgress();\n this.onboardingComplete = Object.values(onboarding).every(value => value === true);\n if (previousStatus !== this.onboardingComplete) {\n return true;\n }\n this.setSession?.(this.clone());\n }\n catch (error) {\n console.error('Error fetching onboarding status:', error);\n this.onboardingComplete = false;\n this.setSession?.(this.clone());\n }\n return false;\n }\n clone() {\n const session = new UserSession(this.client);\n session.isLoading = this.isLoading;\n session.authError = this.authError;\n session.authToken = this.authToken;\n session.setSession = this.setSession;\n session.lastSelectedAccount = this.lastSelectedAccount;\n session.switchAccount = this.switchAccount;\n session.onboardingComplete = this.onboardingComplete;\n return session;\n }\n}\nconst UserSessionContext = createContext(undefined);\nexport function useUserSession() {\n const session = useContext(UserSessionContext);\n if (!session) {\n throw new Error('useUserSession must be used within a UserSessionProvider');\n }\n return session;\n}\nexport { UserSession, UserSessionContext };\n//# sourceMappingURL=UserSession.js.map","import { jsx as _jsx } from \"react/jsx-runtime\";\nimport { Env } from \"@vertesia/ui/env\";\nimport { onAuthStateChanged } from \"firebase/auth\";\nimport { useEffect, useRef, useState } from \"react\";\nimport { UserNotFoundError, getComposableToken } from \"./auth/composable\";\nimport { getFirebaseAuth } from \"./auth/firebase\";\nimport { useAuthState } from \"./auth/useAuthState\";\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY, UserSession, UserSessionContext } from \"./UserSession\";\nconst devDomains = [\".composable.sh\", \".vertesia.dev\", \"vertesia.app\"];\nconst CENTRAL_AUTH_REDIRECT = \"https://internal-auth.vertesia.app/\";\nexport function shouldRedirectToCentralAuth() {\n // Authentication is not supported in Docker environment.\n // See https://github.com/vertesia/studio/wiki/Composable-UI-Hosting-Options\n if (Env.isDocker) {\n return true;\n }\n return devDomains.some((domain) => window.location.hostname.endsWith(domain));\n}\nexport function UserSessionProvider({ children }) {\n const hashParams = new URLSearchParams(location.hash.substring(1));\n const token = hashParams.get(\"token\");\n const state = hashParams.get(\"state\");\n const [session, setSession] = useState(new UserSession());\n const { generateState, verifyState, clearState } = useAuthState();\n const hasInitiatedAuthRef = useRef(false);\n const redirectToCentralAuth = (projectId, accountId) => {\n const url = new URL(`${CENTRAL_AUTH_REDIRECT}?sts=${Env.endpoints.sts ?? \"https://sts.vertesia.io\"}`);\n const currentUrl = new URL(window.location.href);\n currentUrl.hash = \"\";\n if (projectId)\n currentUrl.searchParams.set(\"p\", projectId);\n if (accountId)\n currentUrl.searchParams.set(\"a\", accountId);\n url.searchParams.set(\"redirect_uri\", currentUrl.toString());\n url.searchParams.set(\"state\", generateState());\n location.replace(url.toString());\n };\n useEffect(() => {\n // Make this effect idempotent - only run auth flow once\n if (hasInitiatedAuthRef.current) {\n console.log(\"Auth: skipping duplicate auth flow initiation\");\n return;\n }\n hasInitiatedAuthRef.current = true;\n console.log(\"Auth: starting auth flow\");\n Env.logger.info(\"Starting auth flow\");\n const currentUrl = new URL(window.location.href);\n const selectedAccount = currentUrl.searchParams.get(\"a\") ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = currentUrl.searchParams.get(\"p\") ??\n localStorage.getItem(LastSelectedProjectId_KEY + \"-\" + selectedAccount) ??\n undefined;\n console.log(\"Auth: selected account\", selectedAccount);\n console.log(\"Auth: selected project\", selectedProject);\n Env.logger.info(\"Selected account and project\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (token && state) {\n const validationError = verifyState(state);\n if (validationError) {\n console.error(`Auth: invalid state: ${validationError}`);\n Env.logger.error(`Invalid state: ${validationError}`, {\n vertesia: {\n state: state,\n },\n });\n redirectToCentralAuth();\n }\n else {\n clearState();\n }\n getComposableToken(selectedAccount, selectedProject, token, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken).then(() => {\n setSession(session.clone());\n //cleanup the hash\n window.location.hash = \"\";\n });\n })\n .catch((err) => {\n // Don't redirect to central auth for UserNotFoundError - let signup flow handle it\n if (err instanceof UserNotFoundError) {\n console.log(\"User not found - will trigger signup flow\", err);\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n return;\n }\n console.error(\"Failed to fetch user token from studio, redirecting to central auth\", err);\n Env.logger.error(\"Failed to fetch user token from studio, redirecting to central auth\", {\n vertesia: {\n error: err,\n },\n });\n redirectToCentralAuth();\n });\n return;\n }\n else {\n //if on a dev domain and not logged in, redirect to central auth\n if (!session.isLoggedIn()) {\n console.log(\"Auth: not logged in & no token/state\");\n Env.logger.info(\"Not logged in & no token/state\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (shouldRedirectToCentralAuth()) {\n console.log(\"Auth: on dev domain, redirecting to central auth with selection\", selectedAccount, selectedProject);\n Env.logger.info(\"Redirecting to central auth with selection\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n redirectToCentralAuth();\n return; // Don't register onAuthStateChanged listener when redirecting\n }\n else {\n console.log(\"Auth: not on dev domain\");\n Env.logger.info(\"Not on dev domain\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n }\n }\n }\n return onAuthStateChanged(getFirebaseAuth(), async (firebaseUser) => {\n if (firebaseUser) {\n console.log(\"Auth: successful login with firebase\");\n Env.logger.info(\"Successful login with firebase\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.setSession = setSession;\n await getComposableToken(selectedAccount, selectedProject, undefined, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken).then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error(\"Failed to fetch user token from studio\", err);\n Env.logger.error(\"Failed to fetch user token from studio\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n if (!(err instanceof UserNotFoundError))\n session.logout();\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n });\n }\n else {\n // anonymous user\n console.log(\"Auth: using anonymous user\");\n Env.logger.info(\"Using anonymous user\", {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.client.withAuthCallback(undefined);\n session.logout();\n setSession(session.clone());\n }\n });\n }, []);\n return _jsx(UserSessionContext.Provider, { value: session, children: children });\n}\n//# sourceMappingURL=UserSessionProvider.js.map","import { Env } from '@vertesia/ui/env';\nimport { logEvent } from \"firebase/analytics\";\nimport { getFirebaseAnalytics } from \"./auth/firebase\";\nexport function useUXTracking() {\n //identify user in monitoring and UX systems\n const tagUserSession = async (user) => {\n const signupData = window.localStorage.getItem(\"composableSignupData\");\n if (!user) {\n console.error('No user found -- skipping tagging');\n return;\n }\n if (signupData) {\n window.localStorage.removeItem(\"composableSignupData\");\n }\n };\n //send event to analytics and UX systems\n const trackEvent = (eventName, eventProperties) => {\n if (!Env.isProd) {\n console.debug('track event', eventName, eventProperties);\n }\n //GA via firebase\n logEvent(getFirebaseAnalytics(), eventName, { ...eventProperties, debug_mode: !Env.isProd });\n };\n return {\n tagUserSession,\n trackEvent\n };\n}\n//# sourceMappingURL=useUXTracking.js.map"],"names":["LastSelectedAccountId_KEY","LastSelectedProjectId_KEY","AUTH_TOKEN_RAW","AUTH_TOKEN","_firebaseApp","_analytics","_firebaseAuth","getFirebaseApp","Env","firebase","Error","initializeApp","error","console","getFirebaseAnalytics","getAnalytics","getFirebaseAuth","getAuth","async","setFirebaseTenant","tenantEmail","log","retries","retryDelay","response","fetch","method","headers","body","JSON","stringify","signal","AbortSignal","timeout","ok","errorData","json","parseError","status","warn","data","firebaseTenantId","auth","tenantId","providerType","provider","fetchError","Promise","resolve","setTimeout","message","getFirebaseAuthToken","refresh","user","currentUser","getIdToken","then","token","logger","info","vertesia","user_email","email","user_name","displayName","user_id","uid","catch","err","fetchComposableToken","accountId","projectId","ttl","retryCount","account_id","project_id","retry_count","idToken","stsEndpoint","endpoints","sts","sts_url","stsUrl","URL","requestBody","type","expires_at","Math","floor","Date","now","undefined","stsRes","Authorization","ensureResponse","studio","idTokenDecoded","jwtDecode","UserNotFoundError","localStorage","removeItem","errorText","text","fetchComposableTokenFromFirebaseToken","getComposableToken","initToken","forceRefresh","useInternalAuth","selectedAccount","getItem","selectedProject","exp","rawToken","constructor","super","this","name","useCurrentTenant","useUserSession","currentTenant","setCurrentTenant","useState","isLoading","setIsLoading","setError","useEffect","tenantData","tenantKey","label","domain","logo","loadCurrentTenant","AUTH_STATE_KEY","STATE_EXPIRY_KEY","useAuthState","generateState","useCallback","state","crypto","randomUUID","expiryTime","sessionStorage","setItem","toString","verifyState","returnedState","savedState","parseInt","reason","clearState","UserSession","client","authError","authToken","setSession","lastSelectedAccount","lastSelectedProject","onboardingComplete","VertesiaClient","serverUrl","storeUrl","zeno","tokenServerUrl","logout","bind","store","account","project","accounts","authCallback","rawAuthToken","res","signOut","getAccount","login","withAuthCallback","id","onLogin","fetchOnboardingStatus","isLoggedIn","isDocker","some","window","location","hostname","endsWith","logoutUrl","currentUrl","href","hash","pathname","searchParams","set","replace","wasLoggedIn","switchAccount","targetAccountId","switchProject","targetProjectId","fetchAccounts","list","clone","previousStatus","onboarding","onboardingProgress","Object","values","every","value","session","UserSessionContext","createContext","useContext","devDomains","shouldRedirectToCentralAuth","UserSessionProvider","children","hashParams","URLSearchParams","substring","get","hasInitiatedAuthRef","useRef","redirectToCentralAuth","url","current","validationError","onAuthStateChanged","firebaseUser","_jsx","Provider","useUXTracking","tagUserSession","signupData","trackEvent","eventName","eventProperties","isProd","debug","logEvent","debug_mode"],"mappings":"2fAAY,MAACA,EAA4B,qCAC5BC,EAA4B,qCCIzC,ICDIC,EACAC,EDAAC,EAAe,KACfC,EAAa,KACbC,EAAgB,KAEb,SAASC,IACZ,IAAKH,EACD,IACI,IAAKI,EAAIC,SACL,MAAM,IAAIC,MAAM,8DAEpBN,EAAeO,EAAcH,EAAIC,SACrC,CACA,MAAOG,GAEH,MADAC,QAAQD,MAAM,qCAAsCA,GAC9C,IAAIF,MAAM,+EACpB,CAEJ,OAAON,CACX,CACO,SAASU,IAIZ,OAHKT,IACDA,EAAaU,EAAaR,MAEvBF,CACX,CACO,SAASW,IAIZ,OAHKV,IACDA,EAAgBW,EAAQV,MAErBD,CACX,CACOY,eAAeC,EAAkBC,GACpC,GAAKA,EAIL,GAAKZ,EAAIC,SAIT,IACQW,GACAP,QAAQQ,IAAI,mCAAmCD,KAEnD,IAAIE,EAAU,EACVC,EAAa,IACjB,KAAOD,EAAU,GACb,IAEI,MAAME,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaA,IAGjBW,OAAQC,YAAYC,QAAQ,OAGhC,IAAKT,EACD,MAAM,IAAId,MAAM,wCAGpB,IAAKc,EAASU,GAAI,CAEd,IACI,MAAMC,QAAkBX,EAASY,OACjCvB,QAAQD,MAAM,+BAAgCuB,EAAUvB,MAC5D,CACA,MAAOyB,GACHxB,QAAQD,MAAM,qCAAqCY,EAASc,SAChE,CAEA,GAAwB,MAApBd,EAASc,OAET,YADAzB,QAAQ0B,KAAK,wBAAwBnB,KAGzC,MAAM,IAAIV,MAAM,cAAcc,EAASc,SAC3C,CAEA,MAAME,QAAchB,EAASY,OAC7B,GAAII,GAAQA,EAAKC,iBAAkB,CAC/B,MAAMC,EAAO1B,IAIb,OAHA0B,EAAKC,SAAWH,EAAKC,iBACrBjC,EAAIC,SAASmC,aAAeJ,EAAKK,UAAY,OAC7ChC,QAAQQ,IAAI,oBAAoBqB,EAAKC,YAC9BH,CACX,CAGI,YADA3B,QAAQD,MAAM,iDAAiDQ,IAGvE,CACA,MAAO0B,GAEH,KAAIxB,EAAU,GAOV,MAAMwB,EANNjC,QAAQ0B,KAAK,yCAAyChB,SAAmBuB,SACnE,IAAIC,QAASC,GAAYC,WAAWD,EAASzB,IACnDA,GAAc,EACdD,GAKR,CAER,CACA,MAAOV,GAEHC,QAAQD,MAAM,iCAAkCA,aAAiBF,MAAQE,EAAMsC,QAAU,gBAG7F,MA7EIrC,QAAQQ,IAAI,mEAJZR,QAAQQ,IAAI,2DAkFpB,CACOH,eAAeiC,EAAqBC,GACvC,MACMC,EADOrC,IACKsC,YAClB,OAAID,EACOA,EACFE,WAAWH,GACXI,KAAMC,IACPjD,EAAIkD,OAAOC,KAAK,qBAAsB,CAClCC,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,KAGVK,IAENU,MAAOC,IACR5D,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,EACTxC,MAAOwD,KAGfvD,QAAQD,MAAM,6BAA8BwD,GACrC,QAIX5D,EAAIkD,OAAOnB,KAAK,iBACTQ,QAAQC,QAAQ,MAE/B,CCtJO9B,eAAemD,EAAqBd,EAAYe,EAAWC,EAAWC,EAAKC,EAAa,GAC3F5D,QAAQQ,IAAI,mDAAmDiD,iBAAyBC,MACxF/D,EAAIkD,OAAOC,KAAK,sCAAuC,CACnDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZK,YAAaH,KAGrB,MAAMI,QAAgBtB,IACtB,IAAKsB,EAED,MADAhE,QAAQQ,IAAI,yCACN,IAAIX,MAAM,qBAGpB,MAAMoE,EAActE,EAAIuE,UAAUC,IAClCnE,QAAQQ,IAAI,kCAAmCyD,GAC/CtE,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZU,QAASH,KAGjB,IAEI,MAAMI,EAAS,IAAIC,IAAIL,EAAc,gBAC/BM,EAAc,CAChBC,KAAM,OACNX,WAAYJ,EACZK,WAAYJ,EACZe,WAAYd,EAAMe,KAAKC,MAAMC,KAAKC,MAAQ,KAAQlB,OAAMmB,GAEtDC,QAAenE,MAAMyD,EAAQ,CAC/BxD,OAAQ,OACRC,QAAS,CACL,eAAgB,mBAChBkE,cAAiB,UAAUhB,KAE/BjD,KAAMC,KAAKC,UAAUsD,KAEzB,GAAIP,GAA8B,MAAnBe,GAAQtD,OAAgB,CAEnCzB,QAAQQ,IAAI,sDACZb,EAAIkD,OAAOC,KAAK,qDAAsD,CAClEC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,GAAQtD,UAGxB,MAAMwD,QAAuBrE,MAAMjB,EAAIuE,UAAUgB,OAAS,oBAAqB,CAC3ErE,OAAQ,OACRC,QAAS,CACLkE,cAAiB,UAAUhB,IAC3B,eAAgB,sBAGxB,GAA8B,MAA1BiB,EAAexD,OAAgB,CAE/BzB,QAAQQ,IAAI,0CACZb,EAAIkD,OAAOC,KAAK,yCAA0C,CACtDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,KAGpB,MAAMyB,EAAiBC,EAAUpB,GACjC,IAAKmB,GAAgBlC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BAEpB,MAAM,IAAIwF,EAAkB,mCAAoCF,EAAelC,MACnF,CACA,IAAKgC,EAAe5D,GAShB,MARArB,QAAQD,MAAM,+BAAgCkF,EAAexD,QAC7D9B,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQwD,EAAexD,UAGzB,IAAI5B,MAAM,gCAUpB,OAPAG,QAAQQ,IAAI,4CACZb,EAAIkD,OAAOC,KAAK,2CAA4C,CACxDC,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,KAGbF,EAAqBd,EAAYe,EAAWC,EAAWC,EAAKC,EACvE,CACA,GAAII,GAA8B,MAAnBe,GAAQtD,OAAgB,CACnCzB,QAAQQ,IAAI,+DAAgEuE,GAAQtD,QACpF9B,EAAIkD,OAAO9C,MAAM,+DAAgE,CAC7EgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,GAAQtD,UAGxB,MAAM0D,EAAiBC,EAAUpB,GACjC,IAAKmB,GAAgBlC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BASpB,MAPAF,EAAIkD,OAAO9C,MAAM,iBAAkB,CAC/BgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZT,MAAOkC,EAAelC,SAGxB,IAAIoC,EAAkB,iBAAkBF,EAAelC,MACjE,CACA,GAAsB,MAAlB8B,EAAOtD,OAAgB,CAMvB,GAAImC,EAAa,EAWb,MATA5D,QAAQD,MAAM,6EACdJ,EAAIkD,OAAO9C,MAAM,yDAA0D,CACvEgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,EAAOtD,OACfsC,YAAaH,KAGf,IAAI/D,MAAM,4DAiBpB,OAfAG,QAAQQ,IAAI,mFACZb,EAAIkD,OAAOnB,KAAK,4DAA6D,CACzEqB,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZjC,OAAQsD,EAAOtD,OACfsC,YAAaH,KAIrB0B,aAAaC,WAAWpG,GACpBsE,GACA6B,aAAaC,WAAWnG,EAA4B,IAAMqE,GAGvDD,EAAqBd,OAAYoC,OAAWA,EAAWnB,EAAKC,EAAa,EACpF,CACA,IAAKmB,EAAO1D,GAAI,CACZ,MAAMmE,QAAkBT,EAAOU,OAU/B,MATAzF,QAAQD,MAAM,+BAAgCgF,EAAOtD,OAAQ+D,GAC7D7F,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNtB,OAAQsD,EAAOtD,OACf1B,MAAOyF,EACP3B,WAAYJ,EACZK,WAAYJ,KAGd,IAAI7D,MAAM,iCAAiCkF,EAAOtD,SAC5D,CACA,MAAMmB,MAAEA,SAAgBmC,EAAOxD,OAG/B,OAFAvB,QAAQQ,IAAI,mCACZb,EAAIkD,OAAOC,KAAK,mCACTF,CACX,CACA,MAAO7C,GACH,GAAIA,aAAiBsF,EACjB,MAAMtF,EAeV,MAZAuF,aAAaC,WAAWpG,GACpBsE,GACA6B,aAAaC,WAAWnG,EAA4B,IAAMqE,GAE9DzD,QAAQD,MAAM,0CAA2CA,GACzDJ,EAAIkD,OAAO9C,MAAM,0CAA2C,CACxDgD,SAAU,CACNc,WAAYJ,EACZK,WAAYJ,EACZ3D,MAAOA,KAGT,IAAIF,MAAM,iCACpB,CACJ,CAQOQ,eAAeqF,EAAsCjC,EAAWC,EAAWC,GAC9E,OAAOH,EAAqBlB,EAAsBmB,EAAWC,EAAWC,EAC5E,CACOtD,eAAesF,EAAmBlC,EAAWC,EAAWkC,EAAWC,GAAe,EAAOC,GAAkB,GAC9G,MAAMC,EAAkBtC,GAAa6B,aAAaU,QAAQ7G,SAA8B2F,EAClFmB,EAAkBvC,GAAa4B,aAAaU,QAAQ5G,EAA4B,IAAM2G,SAAoBjB,EAEhH,IAAKe,GAAgBxG,GAAkBC,GAAcA,EAAW4G,IAAOtB,KAAKC,MAAQ,IAAO,IACvF,MAAO,CAAEsB,SAAU9G,EAAgBuD,MAAOtD,EAAYS,OAAO,GAWjE,IARK+F,GAAmB3F,IAAkBsC,YAEtCpD,QAAuBqG,EAAsCK,EAAiBE,IAEzEL,GAAavG,KAElBA,QAAuBmE,EAAqB,IAAMtB,QAAQC,QAAQyD,GAAavG,GAAiB0G,EAAiBE,KAEhH5G,EAOD,MANAM,EAAIkD,OAAO9C,MAAM,oCAAqC,CAClDgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGd,IAAIpG,MAAM,qCAGpB,GADAP,EAAa8F,EAAU/F,IAClBC,IAAeA,EAAW4G,MAAQ7G,EAQnC,MAPAW,QAAQD,MAAM,2BAA4BT,GAC1CK,EAAIkD,OAAO9C,MAAM,2BAA4B,CACzCgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGd,IAAIpG,MAAM,4BAEpB,MAAO,CAAEsG,SAAU9G,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CACO,MAAMsF,UAA0BxF,MACnCoD,MACA,WAAAmD,CAAY/D,EAASY,GACjBoD,MAAMhE,GACNiE,KAAKC,KAAO,oBACZD,KAAKrD,MAAQA,CACjB,EC1PG,SAASuD,IACZ,MAAMhE,KAAEA,GAASiE,KACVC,EAAeC,GAAoBC,EAAS,OAC5CC,EAAWC,GAAgBF,GAAS,IACpC7G,EAAOgH,GAAYH,EAAS,MAkDnC,OAjDAI,EAAU,KACoB3G,WACtB,IAAKmC,GAAMS,MAGP,OAFA0D,EAAiB,WACjBG,GAAa,GAGjB,IACI,MAAMnG,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaiC,EAAKS,UAG1B,GAAItC,EAASU,GAAI,CACb,MAAM4F,QAAmBtG,EAASY,OAG9BoF,EAFAM,EAEiB,CACbC,UAAWD,EAAWV,MAAQ,UAC9BA,KAAMU,EAAWE,OAASF,EAAWV,MAAQ,UAC7Ca,OAAQH,EAAWG,QAAU,GAC7BxF,iBAAkBqF,EAAWrF,iBAC7BI,SAAUiF,EAAWjF,SACrBqF,KAAMJ,EAAWI,MAIJ,KAEzB,MAEIV,EAAiB,KAEzB,CACA,MAAO5G,GACHC,QAAQD,MAAM,gCAAiCA,GAC/CgH,EAAS,uCACTJ,EAAiB,KACrB,CACZ,QACgBG,GAAa,EACjB,GAEJQ,IACD,CAAC9E,GAAMS,QACH,CACHyD,gBACAG,YACA9G,QAER,CCxDA,MAAMwH,EAAiB,aACjBC,EAAmB,oBAElB,SAASC,IAmCZ,MAAO,CAAEC,cAjCaC,EAAY,KAC9B,MAAMC,EAAQC,OAAOC,aACfC,EAAanD,KAAKC,MALd,IASV,OAFAmD,eAAeC,QAAQV,EAAgBK,GACvCI,eAAeC,QAAQT,EAAkBO,EAAWG,YAC7CN,GACR,IA0BqBO,YAxBJR,EAAaS,IAC7B,IAAKA,EACD,MAAO,gBAEX,MAAMC,EAAaL,eAAehC,QAAQuB,GACpCQ,EAAaO,SAASN,eAAehC,QAAQwB,IAAqB,KACxE,IAAIe,EAWJ,OARIA,EADAF,IAAeD,EACN,qBAAqBC,SAAkBD,KAE3CxD,KAAKC,MAAQkD,EACT,qBAGAjD,EAENyD,GACR,IAMkCC,WAJlBb,EAAY,KAC3BK,eAAezC,WAAWgC,GAC1BS,eAAezC,WAAWiC,IAC3B,IAEP,CCnCA,MAAMiB,EACF5B,WAAY,EACZ6B,OACAC,UACAC,UACAC,WACAC,oBACAC,oBACAC,mBACA,WAAA5C,CAAYsC,EAAQG,GAEZvC,KAAKoC,OADLA,GAIc,IAAIO,EAAe,CAC7BC,UAAWvJ,EAAIuE,UAAUgB,OACzBiE,SAAUxJ,EAAIuE,UAAUkF,KACxBC,eAAgB1J,EAAIuE,UAAUC,MAGlC0E,IACAvC,KAAKuC,WAAaA,GAEtBvC,KAAKgD,OAAShD,KAAKgD,OAAOC,KAAKjD,KACnC,CACA,SAAIkD,GACA,OAAOlD,KAAKoC,OAAOc,KACvB,CACA,QAAIhH,GACA,OAAO8D,KAAKsC,SAChB,CACA,WAAIa,GACA,OAAOnD,KAAKsC,WAAWa,OAC3B,CACA,WAAIC,GACA,OAAOpD,KAAKsC,WAAWc,OAC3B,CACA,YAAIC,GACA,OAAOrD,KAAKsC,WAAWe,QAC3B,CACA,gBAAIC,GACA,OAAOtD,KAAKuD,aAAalH,KAAKC,GAAS,UAAUA,IACrD,CACA,gBAAIiH,GACA,OAAOlE,IAAqBhD,KAAKmH,IAC7B,MAAMlH,EAAQkH,GAAK3D,SACnB,IAAKvD,EACD,MAAM,IAAI/C,MAAM,sBAGpB,OADAyG,KAAKsC,UAAYxD,EAAUxC,GACpBA,GAEf,CACA,OAAAmH,GACIzD,KAAKgD,QACT,CACA,UAAAU,GACI,OAAO1D,KAAKsC,WAAWa,OAC3B,CACA,WAAMQ,CAAMrH,GAYR,OAXA0D,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKoC,OAAOwB,iBAAiB,IAAM5D,KAAKsD,cACxCtD,KAAKsC,UAAYxD,EAAUxC,GAC3B5C,QAAQQ,IAAI,iBAAiB8F,KAAKsC,WAAWrC,qBAAqBD,KAAKsC,WAAWa,QAAQlD,SAASD,KAAKsC,WAAWa,QAAQU,mBAAmB7D,KAAKsC,WAAWc,SAASnD,SAASD,KAAKsC,WAAWc,SAASS,OAEzM7E,aAAa2C,QAAQ9I,EAA2BmH,KAAKsC,UAAUa,QAAQU,IACvE7E,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKsC,UAAUa,QAAQU,GAAI7D,KAAKsC,UAAUc,SAASS,IAAM,IAEhHxK,EAAIyK,UAAU9D,KAAKsC,iBACbtC,KAAK+D,wBACJnI,QAAQC,SACnB,CACA,UAAAmI,GACI,QAAShE,KAAKsC,SAClB,CACA,MAAAU,GACItJ,QAAQQ,IAAI,eAIZ,GAD6Bb,EAAI4K,UADd,CAAC,iBAAkB,gBAAiB,gBACCC,KAAMpD,GAAWqD,OAAOC,SAASC,SAASC,SAASxD,IACjF,CAGtBpH,QAAQQ,IAAI,6BACZ8F,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKsC,eAAY9D,EACjBwB,KAAKuC,gBAAa/D,EAClBwB,KAAKoC,OAAOwB,sBAAiBpF,GAC7B,MAAM+F,EAAY,IAAIvG,IA3FJ,uCA4FZwG,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MAC3CD,EAAWE,KAAO,GAClBH,EAAUI,SAAW,UACrBJ,EAAUK,aAAaC,IAAI,eAAgBL,EAAW5C,YACtDwC,SAASU,QAAQP,EAAU3C,WAC/B,KACK,CAEDlI,QAAQQ,IAAI,yBACZ,MAAM6K,IAAgB/E,KAAKsC,UACvBtC,KAAKsC,WACLzI,IAAkB4J,UAEtBzD,KAAKqC,eAAY7D,EACjBwB,KAAKO,WAAY,EACjBP,KAAKsC,eAAY9D,EACjBwB,KAAKuC,gBAAa/D,EAClBwB,KAAKoC,OAAOwB,sBAAiBpF,GAKzBuG,GACAX,SAASU,QAAQ,IAEzB,CACJ,CACA,mBAAME,CAAcC,GAChBjG,aAAa2C,QAAQ9I,EAA2BoM,GAC5CjF,OACIA,KAAKmD,SAAWnD,KAAKoD,QACrBpE,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKmD,QAAQU,GAAI7D,KAAKoD,QAAQS,IAEhF7D,KAAKmD,SACVnE,aAAaC,WAAWnG,EAA4B,IAAMkH,KAAKmD,QAAQU,KAG/EM,OAAOC,SAASU,QAAQ,OAASG,EACrC,CACA,mBAAMC,CAAcC,GACZnF,KAAKmD,SACLnE,aAAa2C,QAAQ7I,EAA4B,IAAMkH,KAAKmD,QAAQU,GAAIsB,GAE5EhB,OAAOC,SAASU,QAAQ,OAAS9E,KAAKmD,SAASU,GAAK,MAAQsB,EAChE,CACA,mBAAMC,GACF,OAAOpF,KAAKoC,OAAOiB,SAASgC,OAAOhJ,KAAKgH,IACpC,IAAKrD,KAAKsC,UACN,MAAM,IAAI/I,MAAM,sBAEpByG,KAAKsC,UAAUe,SAAWA,EAC1BrD,KAAKuC,aAAavC,KAAKsF,WACxBtI,MAAMC,IAEL,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,2BAAM8G,GACF,GAAI/D,KAAK0C,mBAEL,OADAhJ,QAAQQ,IAAI,iCACL,EAEX,MAAMqL,EAAiBvF,KAAK0C,mBAC5B,IACI,MAAM8C,QAAmBxF,KAAKoC,OAAOe,QAAQsC,qBAE7C,GADAzF,KAAK0C,mBAAqBgD,OAAOC,OAAOH,GAAYI,MAAMC,IAAmB,IAAVA,GAC/DN,IAAmBvF,KAAK0C,mBACxB,OAAO,EAEX1C,KAAKuC,aAAavC,KAAKsF,QAC3B,CACA,MAAO7L,GACHC,QAAQD,MAAM,oCAAqCA,GACnDuG,KAAK0C,oBAAqB,EAC1B1C,KAAKuC,aAAavC,KAAKsF,QAC3B,CACA,OAAO,CACX,CACA,KAAAA,GACI,MAAMQ,EAAU,IAAI3D,EAAYnC,KAAKoC,QAQrC,OAPA0D,EAAQvF,UAAYP,KAAKO,UACzBuF,EAAQzD,UAAYrC,KAAKqC,UACzByD,EAAQxD,UAAYtC,KAAKsC,UACzBwD,EAAQvD,WAAavC,KAAKuC,WAC1BuD,EAAQtD,oBAAsBxC,KAAKwC,oBACnCsD,EAAQd,cAAgBhF,KAAKgF,cAC7Bc,EAAQpD,mBAAqB1C,KAAK0C,mBAC3BoD,CACX,EAEC,MAACC,EAAqBC,OAAcxH,GAClC,SAAS2B,IACZ,MAAM2F,EAAUG,EAAWF,GAC3B,IAAKD,EACD,MAAM,IAAIvM,MAAM,4DAEpB,OAAOuM,CACX,CC7LA,MAAMI,EAAa,CAAC,iBAAkB,gBAAiB,gBAEhD,SAASC,IAGZ,QAAI9M,EAAI4K,UAGDiC,EAAWhC,KAAMpD,GAAWqD,OAAOC,SAASC,SAASC,SAASxD,GACzE,CACO,SAASsF,GAAoBC,SAAEA,IAClC,MAAMC,EAAa,IAAIC,gBAAgBnC,SAASM,KAAK8B,UAAU,IACzDlK,EAAQgK,EAAWG,IAAI,SACvBnF,EAAQgF,EAAWG,IAAI,UACtBX,EAASvD,GAAcjC,EAAS,IAAI6B,IACrCf,cAAEA,EAAaS,YAAEA,EAAWK,WAAEA,GAAef,IAC7CuF,EAAsBC,GAAO,GAC7BC,EAAwB,CAACxJ,EAAWD,KACtC,MAAM0J,EAAM,IAAI7I,IAAI,2CAAgC3E,EAAIuE,UAAUC,KAAO,6BACnE2G,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MAC3CD,EAAWE,KAAO,GAKlBmC,EAAIjC,aAAaC,IAAI,eAAgBL,EAAW5C,YAChDiF,EAAIjC,aAAaC,IAAI,QAASzD,KAC9BgD,SAASU,QAAQ+B,EAAIjF,aA8IzB,OA5IAlB,EAAU,KAEN,GAAIgG,EAAoBI,QAEpB,YADApN,QAAQQ,IAAI,iDAGhBwM,EAAoBI,SAAU,EAC9BpN,QAAQQ,IAAI,4BACZb,EAAIkD,OAAOC,KAAK,sBAChB,MAAMgI,EAAa,IAAIxG,IAAImG,OAAOC,SAASK,MACrChF,EAAkB+E,EAAWI,aAAa6B,IAAI,MAAQzH,aAAaU,QAAQ7G,SAA8B2F,EACzGmB,EAAkB6E,EAAWI,aAAa6B,IAAI,MAChDzH,aAAaU,QAAQ5G,EAA4B,IAAM2G,SACvDjB,EASJ,GARA9E,QAAQQ,IAAI,yBAA0BuF,GACtC/F,QAAQQ,IAAI,yBAA0ByF,GACtCtG,EAAIkD,OAAOC,KAAK,+BAAgC,CAC5CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGhBrD,GAASgF,EAAO,CAChB,MAAMyF,EAAkBlF,EAAYP,GAsCpC,OArCIyF,GACArN,QAAQD,MAAM,wBAAwBsN,KACtC1N,EAAIkD,OAAO9C,MAAM,kBAAkBsN,IAAmB,CAClDtK,SAAU,CACN6E,MAAOA,KAGfsF,KAGA1E,SAEJ7C,EAAmBI,EAAiBE,EAAiBrD,GAAO,EAAO6J,KAC9D9J,KAAMmH,IACPsC,EAAQnC,MAAMH,EAAI3D,UAAUxD,KAAK,KAC7BkG,EAAWuD,EAAQR,SAEnBnB,OAAOC,SAASM,KAAO,OAG1B1H,MAAOC,IAER,GAAIA,aAAe8B,EAKf,OAJArF,QAAQQ,IAAI,4CAA6C+C,GACzD6I,EAAQvF,WAAY,EACpBuF,EAAQzD,UAAYpF,OACpBsF,EAAWuD,EAAQR,SAGvB5L,QAAQD,MAAM,sEAAuEwD,GACrF5D,EAAIkD,OAAO9C,MAAM,sEAAuE,CACpFgD,SAAU,CACNhD,MAAOwD,KAGf2J,KAGR,CAGI,IAAKd,EAAQ9B,aAAc,CAQvB,GAPAtK,QAAQQ,IAAI,wCACZb,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGhBwG,IASA,OARAzM,QAAQQ,IAAI,kEAAmEuF,EAAiBE,GAChGtG,EAAIkD,OAAOC,KAAK,6CAA8C,CAC1DC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,UAGpBiH,IAIAlN,QAAQQ,IAAI,2BACZb,EAAIkD,OAAOC,KAAK,oBAAqB,CACjCC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,IAI5B,CAEJ,OAAOqH,EAAmBnN,IAAmBE,MAAOkN,IAC5CA,GACAvN,QAAQQ,IAAI,wCACZb,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGpBmG,EAAQvD,WAAaA,QACflD,EAAmBI,EAAiBE,OAAiBnB,GAAW,EAAO2H,KACxE9J,KAAMmH,IACPsC,EAAQnC,MAAMH,EAAI3D,UAAUxD,KAAK,IAAMkG,EAAWuD,EAAQR,YAEzDtI,MAAOC,IACRvD,QAAQD,MAAM,yCAA0CwD,GACxD5D,EAAIkD,OAAO9C,MAAM,yCAA0C,CACvDgD,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,EACZlG,MAAOwD,KAGTA,aAAe8B,GACjB+G,EAAQ9C,SACZ8C,EAAQvF,WAAY,EACpBuF,EAAQzD,UAAYpF,EACpBsF,EAAWuD,EAAQR,aAKvB5L,QAAQQ,IAAI,8BACZb,EAAIkD,OAAOC,KAAK,uBAAwB,CACpCC,SAAU,CACNc,WAAYkC,EACZjC,WAAYmC,KAGpBmG,EAAQ1D,OAAOwB,sBAAiBpF,GAChCsH,EAAQ9C,SACRT,EAAWuD,EAAQR,aAG5B,IACI4B,EAAKnB,EAAmBoB,SAAU,CAAEtB,MAAOC,EAASO,SAAUA,GACzE,CC/KO,SAASe,IAoBZ,MAAO,CACHC,eAnBmBtN,MAAOmC,IAC1B,MAAMoL,EAAanD,OAAOnF,aAAaU,QAAQ,wBAC1CxD,EAIDoL,GACAnD,OAAOnF,aAAaC,WAAW,wBAJ/BvF,QAAQD,MAAM,sCAiBlB8N,WATe,CAACC,EAAWC,KACtBpO,EAAIqO,QACLhO,QAAQiO,MAAM,cAAeH,EAAWC,GAG5CG,EAASjO,IAAwB6N,EAAW,IAAKC,EAAiBI,YAAaxO,EAAIqO,UAM3F"}