@vertesia/ui 1.3.0-dev.20260620.091720Z → 1.3.0-dev.20260621.071017Z
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/router/Router.d.ts.map +1 -1
- package/lib/router/Router.js +7 -3
- package/lib/router/Router.js.map +1 -1
- package/lib/session/UserSession.d.ts.map +1 -1
- package/lib/session/UserSession.js +15 -7
- package/lib/session/UserSession.js.map +1 -1
- package/lib/session/auth/domainRouting.d.ts +10 -0
- package/lib/session/auth/domainRouting.d.ts.map +1 -1
- package/lib/session/auth/domainRouting.js +15 -0
- package/lib/session/auth/domainRouting.js.map +1 -1
- package/lib/vertesia-ui-router.js +1 -1
- package/lib/vertesia-ui-router.js.map +1 -1
- package/lib/vertesia-ui-session.js +1 -1
- package/lib/vertesia-ui-session.js.map +1 -1
- package/package.json +6 -6
- package/src/router/Router.tsx +7 -3
- package/src/session/UserSession.ts +15 -7
- package/src/session/auth/domainRouting.test.ts +28 -1
- package/src/session/auth/domainRouting.ts +16 -0
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
import{Env as e}from"@vertesia/ui/env";import{jwtDecode as t}from"jwt-decode";import{getAnalytics as o,logEvent as n}from"firebase/analytics";import{initializeApp as r}from"firebase/app";import{getAuth as i,onAuthStateChanged as a}from"firebase/auth";import{useCallback as s,createContext as c,useContext as l,useState as u,useEffect as d,useRef as h}from"react";import{i18nInstance as g,NAMESPACE as f}from"@vertesia/ui/i18n";import{VertesiaClient as m}from"@vertesia/client";import{jsx as p}from"react/jsx-runtime";const w="composableai.lastSelectedAccountId",v="composableai.lastSelectedProjectId";let k,S,T=null,b=null,_=null;function y(){if(!T)try{if(!e.firebase)throw new Error("Firebase configuration is not available in the environment");T=r(e.firebase)}catch(e){throw console.error("Failed to initialize Firebase app:",e),new Error("Firebase initialization failed - environment may not be properly initialized",{cause:e})}return T}function j(){return b||(b=o(y())),b}function I(){return _||(_=i(y())),_}async function $(t){if(t)if(e.firebase)try{t&&console.log(`Resolving tenant ID from email: ${t}`);let o=3,n=250;for(;o>0;)try{const o=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:t}),signal:AbortSignal.timeout(5e3)});if(!o)throw new Error("No response received from tenant API");if(!o.ok){try{const e=await o.json();console.error("Failed to resolve tenant ID:",e.error)}catch{console.error(`Failed to resolve tenant ID: HTTP ${o.status}`)}if(404===o.status)return void console.warn(`Tenant not found for ${t}`);throw new Error(`HTTP error ${o.status}`)}const n=await o.json();if(n?.firebaseTenantId){const t=I();return t.tenantId=n.firebaseTenantId,e.firebase.providerType=n.provider??"oidc",console.log(`Tenant ID set to ${t.tenantId}`),n}return void console.error(`Invalid response format, missing tenantId for ${t}`)}catch(e){if(!(o>1))throw e;console.warn(`Tenant resolution failed, retrying in ${n}ms...`,e),await new Promise(e=>setTimeout(e,n)),n*=2,o--}}catch(e){console.error("Error setting Firebase tenant:",e instanceof Error?e.message:"Unknown error")}else console.log("Firebase configuration is not available in the environment");else console.log("No tenant name or email specified, skipping tenant setup")}async function E(t){const o=I().currentUser;return o?o.getIdToken(t).then(n=>(e.logger.info("Got Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:t}}),n)).catch(n=>(e.logger.error("Failed to get Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:t,error:n}}),console.error("Failed to get access token",n),null)):(e.logger.warn("No user found"),Promise.resolve(null))}function A(e){return e?.replace(/\/+$/,"")}function U(e){return t(e)}async function F(o,n,r,i,a=0){console.log(`Getting/refreshing composable token for account ${n} and project ${r} `),e.logger.info("Getting/refreshing composable token",{vertesia:{account_id:n,project_id:r,retry_count:a}});const s=await o();if(!s)throw console.log("No id token found - using cookie auth"),new Error("No id token found");const c=e.endpoints.sts;console.log("Using STS for token generation:",c),e.logger.info("Using STS for token generation",{vertesia:{account_id:n,project_id:r,sts_url:c}});try{const l=new URL(`${c}/token/issue`),u={type:"user",account_id:n,project_id:r,expires_at:i?Math.floor(Date.now()/1e3)+i:void 0},d=await fetch(l,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${s}`},body:JSON.stringify(u)}).catch(t=>{throw console.error("Failed to call STS endpoint",t),e.logger.error("Failed to call STS endpoint",{vertesia:{account_id:n,project_id:r,error:t}}),new O("Failed to call STS endpoint",c)});if(s&&404===d?.status){console.log("404: User not found - calling ensure-user endpoint"),e.logger.info("404: User not found - calling ensure-user endpoint",{vertesia:{account_id:n,project_id:r,status:d?.status}});const c=await fetch(`${e.endpoints.studio}/auth/ensure-user`,{method:"POST",headers:{Authorization:`Bearer ${s}`,"Content-Type":"application/json"}});if(412===c.status){console.log("412: No invite found - signup required"),e.logger.info("412: No invite found - signup required",{vertesia:{account_id:n,project_id:r}});const o=t(s);if(!o?.email)throw e.logger.error("No email found in id token"),new Error("No email found in id token");throw new x("User not found - signup required",o.email)}if(403===c.status)throw e.logger.warn("403: Customer-domain user requires an invite to join",{vertesia:{account_id:n,project_id:r}}),new Error("Customer-domain user requires an invite to join");if(!c.ok)throw console.error("Failed to ensure user exists",c.status),e.logger.error("Failed to ensure user exists",{vertesia:{account_id:n,project_id:r,status:c.status}}),new Error("Failed to ensure user exists");return console.log("User ensured - retrying token generation"),e.logger.info("User ensured - retrying token generation",{vertesia:{account_id:n,project_id:r}}),F(o,n,r,i,a)}if(s&&412===d?.status){console.log("412: auth succeeded but user doesn't exist - signup required",d?.status),e.logger.error("412: auth succeeded but user doesn't exist - signup required",{vertesia:{account_id:n,project_id:r,status:d?.status}});const o=t(s);if(!o?.email)throw e.logger.error("No email found in id token"),new Error("No email found in id token");throw e.logger.error("User not found",{vertesia:{account_id:n,project_id:r,email:o.email}}),new x("User not found",o.email)}if(403===d.status){if(a>0)throw console.error("403: Access denied even without account scope - user may have no accounts"),e.logger.error("403: Access denied after retry - authorization failure",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:a}}),new Error("Access denied - user may not have access to any accounts");return console.log("403: Access denied - clearing cached account and retrying without account scope"),e.logger.warn("403: Access denied - clearing cached account and retrying",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:a}}),localStorage.removeItem(w),n&&localStorage.removeItem(`${v}-${n}`),F(o,void 0,void 0,i,a+1)}if(!d.ok){const t=await d.text();throw console.error("STS token generation failed:",d.status,t),e.logger.error("STS token generation failed",{vertesia:{status:d.status,error:t,account_id:n,project_id:r}}),new Error(`Failed to get token from STS: ${d.status}`)}const{token:h}=await d.json();return console.log("Successfully got token from STS"),e.logger.info("Successfully got token from STS"),h}catch(t){if(t instanceof x||t instanceof O)throw t;throw localStorage.removeItem(w),n&&localStorage.removeItem(`${v}-${n}`),console.error("Failed to get composable token from STS",t),e.logger.error("Failed to get composable token from STS",{vertesia:{account_id:n,project_id:r,error:t}}),new Error("Failed to get composable token",{cause:t})}}async function P(e,t,o){return F(E,e,t,o)}async function L(e,t,o,n){return F(()=>Promise.resolve(e),t,o,n)}function C(){return k}async function N(t,o,n,r=!1,i=!1){const a=t??localStorage.getItem(w)??void 0,s=o??localStorage.getItem(`${v}-${a}`)??void 0,c=e.isLocalDev?e.devAuthToken:void 0,l=c??n??k;if(!r&&k&&S&&S.exp>Date.now()/1e3+300)return{rawToken:k,token:S,error:!1};if(!r&&function(t){if(!t)return!1;try{return A(U(t).iss)===A(e.endpoints.sts)}catch{return!1}}(l)){if(k=l,S=U(k),!S.exp)throw new Error("Invalid composable token");return{rawToken:k,token:S,error:!1}}if(c||i||!I().currentUser?c||!n&&!k?c&&(k=c):k=await F(()=>Promise.resolve(n??k),a,s):k=await P(a,s),!k)throw e.logger.error("Cannot acquire a composable token",{vertesia:{account_id:a,project_id:s}}),new Error("Cannot acquire a composable token");if(S=U(k),!S?.exp||!k)throw console.error("Invalid composable token",S),e.logger.error("Invalid composable token",{vertesia:{account_id:a,project_id:s}}),new Error("Invalid composable token");return{rawToken:k,token:S,error:!1}}class x extends Error{email;constructor(e,t){super(e),this.name="UserNotFoundError",this.email=t}}class O extends Error{stsURL;constructor(e,t){super(e),this.name="STSError",this.stsURL=t}}const D="auth_state",R="auth_state_expiry";function z(){return{generateState:s(()=>{const e=crypto.randomUUID(),t=Date.now()+3e5;return sessionStorage.setItem(D,e),sessionStorage.setItem(R,t.toString()),e},[]),verifyState:s(e=>{if(!e)return"Missing state";const t=sessionStorage.getItem(D),o=parseInt(sessionStorage.getItem(R)||"0",10);let n;return n=t!==e?`State mismatched (${t} !== ${e})`:Date.now()>o?"State expired":void 0,n},[]),clearState:s(()=>{sessionStorage.removeItem(D),sessionStorage.removeItem(R)},[])}}function q(e){return!("firebase"===window.AUTH_MODE)}function H(){const e=new URL(document.baseURI),t=new URL(window.location.href),o=t.pathname.startsWith(e.pathname)?t:e;return o.hash="",o}class B{isLoading=!0;client;authError;authToken;setSession;lastSelectedAccount;lastSelectedProject;onboardingComplete;constructor(t,o){this.client=t||new m({serverUrl:e.endpoints.studio,storeUrl:e.endpoints.zeno,tokenServerUrl:e.endpoints.sts}),o&&(this.setSession=o),this.logout=this.logout.bind(this)}get store(){return this.client.store}get user(){return this.authToken}get account(){return this.authToken?.account}get project(){return this.authToken?.project}get accounts(){return this.authToken?.accounts}get authCallback(){return this.rawAuthToken.then(e=>`Bearer ${e}`)}get rawAuthToken(){return N().then(e=>{const o=e?.rawToken;if(!o)throw new Error("No token available");return this.authToken=t(o),o})}async refreshAuthToken(){const e=await N(void 0,void 0,void 0,!0),o=e?.rawToken;if(!o)throw new Error("No token available");return this.authToken=t(o),this.setSession?.(this.clone()),this.authToken}signOut(){this.logout()}getAccount(){return this.authToken?.account}async login(o,n={}){return this.authError=void 0,this.isLoading=!1,this.client.withAuthCallback(()=>this.authCallback),this.authToken=t(o),console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`),localStorage.setItem(w,this.authToken.account.id),localStorage.setItem(`${v}-${this.authToken.account.id}`,this.authToken.project?.id??""),e.onLogin?.(this.authToken),(n.loadOnboardingStatus??1)&&await this.fetchOnboardingStatus(),Promise.resolve()}isLoggedIn(){return!!this.authToken}logout(){if(console.log("Logging out"),q()){console.log("Using central auth logout"),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0);const e=new URL("https://internal-auth.vertesia.app/"),t=H();e.pathname="/logout",e.searchParams.set("redirect_uri",t.toString()),location.replace(e.toString())}else{console.log("Using Firebase logout");const e=!!this.authToken;this.authToken&&I().signOut(),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0),e&&location.replace("/")}}async switchAccount(e){localStorage.setItem(w,e),this&&(this.account&&this.project?localStorage.setItem(`${v}-${this.account.id}`,this.project.id):this.account&&localStorage.removeItem(`${v}-${this.account.id}`)),window.location.replace(`/?a=${e}`)}async switchProject(e){this.account&&localStorage.setItem(`${v}-${this.account.id}`,e),window.location.replace(`/?a=${this.account?.id}&p=${e}`)}async fetchAccounts(){return this.client.accounts.list().then(e=>{if(!this.authToken)throw new Error("No token available");this.authToken.accounts=e,this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch accounts",e),e})}async fetchProjects(e){return this.client.projects.list([e]).then(t=>{if(!this.authToken)throw new Error("No token available");this.authToken={...this.authToken,accounts:this.authToken.accounts?.map(o=>o.id===e?{...o,projects:t.filter(t=>t.account===e)}:o)},this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch projects",e),e})}async fetchOnboardingStatus(){if(this.onboardingComplete)return console.log("Onboarding already completed"),!1;const e=this.onboardingComplete;try{const t=await this.client.account.onboardingProgress();if(this.onboardingComplete=Object.values(t).every(e=>!0===e),e!==this.onboardingComplete)return!0;this.setSession?.(this.clone())}catch(e){console.error("Error fetching onboarding status:",e),this.onboardingComplete=!1,this.setSession?.(this.clone())}return!1}clone(){const e=new B(this.client);return e.isLoading=this.isLoading,e.authError=this.authError,e.authToken=this.authToken,e.setSession=this.setSession,e.lastSelectedAccount=this.lastSelectedAccount,e.switchAccount=this.switchAccount,e.onboardingComplete=this.onboardingComplete,e}}const G=c(void 0);function J(){const e=l(G);if(!e)throw new Error("useUserSession must be used within a UserSessionProvider");return e}function M(){const{user:e}=J(),[t,o]=u(null),[n,r]=u(!0),[i,a]=u(null);return d(()=>{(async()=>{if(!e?.email)return o(null),void r(!1);try{const t=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e.email})});if(t.ok){const e=await t.json();o(e?{tenantKey:e.name||"unknown",name:e.label||e.name||"Unknown",domain:e.domain||[],firebaseTenantId:e.firebaseTenantId,provider:e.provider,logo:e.logo}:null)}else o(null)}catch(e){console.error("Error loading current tenant:",e),a(g.getFixedT(null,f)("errors.failedToLoadTenantConfig")),o(null)}finally{r(!1)}})()},[e?.email]),{currentTenant:t,isLoading:n,error:i}}function K({children:t,loadOnboardingStatus:o=!0}){const n=new URLSearchParams(location.hash.substring(1)),r=n.get("token"),i=n.get("state"),[s,c]=u(new B),{generateState:l,verifyState:g,clearState:f}=z(),m=h(!1),k=h(void 0),S=(t,o)=>{const n=new URL(`https://internal-auth.vertesia.app/?sts=${e.endpoints.sts??"https://sts.vertesia.io"}`),r=H();n.searchParams.set("redirect_uri",r.toString()),n.searchParams.set("state",l()),location.replace(n.toString())};return k.current=()=>{if(m.current)return void console.log("Auth: skipping duplicate auth flow initiation");m.current=!0,console.log("Auth: starting auth flow"),e.logger.info("Starting auth flow");const t=new URL(window.location.href),n=t.searchParams.get("a")??localStorage.getItem(w)??void 0,l=t.searchParams.get("p")??localStorage.getItem(`${v}-${n}`)??void 0;if(console.log("Auth: selected account",n),console.log("Auth: selected project",l),e.logger.info("Selected account and project",{vertesia:{account_id:n,project_id:l}}),e.isLocalDev&&e.devAuthToken)return s.setSession=c,void N(n,l,e.devAuthToken).then(e=>{s.login(e.rawToken).then(()=>c(s.clone()))}).catch(t=>{console.error("Failed to initialize dev auth token",t),e.logger.error("Failed to initialize dev auth token",{vertesia:{account_id:n,project_id:l,error:t}}),s.isLoading=!1,s.authError=t instanceof Error?t:new Error(String(t)),c(s.clone())});if(r&&i){s.setSession=c;const t=g(i);return t?(console.error(`Auth: invalid state: ${t}`),e.logger.error(`Invalid state: ${t}`,{vertesia:{state:i}}),S()):f(),void N(n,l,r,!1,q()).then(e=>{s.login(e.rawToken,{loadOnboardingStatus:o}).then(()=>{c(s.clone()),window.location.hash=""})}).catch(t=>t instanceof x?(console.log("User not found - will trigger signup flow",t),s.isLoading=!1,s.authError=t,void c(s.clone())):t instanceof O?(console.error("STS error during token exchange",t),e.logger.error("STS error during token exchange",{vertesia:{account_id:n,project_id:l,sts_url:t.stsURL,error:t}}),window.alert("Authentication failed due to an issue with the authentication service. Please try again later."),s.logout(),c(s.clone()),void(window.location.hash="")):(console.error("Failed to fetch user token from studio, redirecting to central auth",t),e.logger.error("Failed to fetch user token from studio, redirecting to central auth",{vertesia:{error:t}}),void S()))}let u,d=!1;const h=()=>{if(!d){if(!s.isLoggedIn()){if(console.log("Auth: not logged in & no token/state"),e.logger.info("Not logged in & no token/state",{vertesia:{account_id:n,project_id:l}}),q())return console.log("Auth: host is not in Firebase auth allowlist, redirecting to central auth with selection",n,l),e.logger.info("Redirecting to central auth with selection",{vertesia:{account_id:n,project_id:l}}),void S();console.log("Auth: host is in Firebase auth allowlist"),e.logger.info("Host is in Firebase auth allowlist",{vertesia:{account_id:n,project_id:l}})}u=a(I(),async t=>{t?(console.log("Auth: successful login with firebase"),e.logger.info("Successful login with firebase",{vertesia:{account_id:n,project_id:l}}),s.setSession=c,await N(n,l,void 0,!1,q()).then(e=>{s.login(e.rawToken,{loadOnboardingStatus:o}).then(()=>c(s.clone()))}).catch(t=>{console.error("Failed to fetch user token from studio",t),e.logger.error("Failed to fetch user token from studio",{vertesia:{account_id:n,project_id:l,error:t}}),t instanceof x||s.logout(),s.isLoading=!1,s.authError=t,c(s.clone())})):(console.log("Auth: using anonymous user"),e.logger.info("Using anonymous user",{vertesia:{account_id:n,project_id:l}}),s.client.withAuthCallback(void 0),s.logout(),c(s.clone()))})}};return e.authTokenProvider?(s.setSession=c,e.authTokenProvider().then(async e=>{if(!e)return void h();const t=await N(n,l,e,!1,q());await s.login(t.rawToken,{loadOnboardingStatus:o}),d||c(s.clone())}).catch(t=>{console.warn("Auth: failed to initialize injected auth token",t),e.logger.warn("Failed to initialize injected auth token",{vertesia:{account_id:n,project_id:l,error:t}}),h()}),()=>{d=!0,u?.()}):(h(),()=>{d=!0,u?.()})},d(()=>k.current?.(),[]),p(G.Provider,{value:s,children:t})}function W(){return{tagUserSession:async e=>{const t=window.localStorage.getItem("composableSignupData");e?t&&window.localStorage.removeItem("composableSignupData"):console.error("No user found -- skipping tagging")},trackEvent:(t,o)=>{e.isProd||console.debug("track event",t,o),n(j(),t,{...o,debug_mode:!e.isProd})}}}export{w as LastSelectedAccountId_KEY,v as LastSelectedProjectId_KEY,O as STSError,x as UserNotFoundError,B as UserSession,G as UserSessionContext,K as UserSessionProvider,F as fetchComposableToken,P as fetchComposableTokenFromFirebaseToken,L as fetchComposableTokenFromVertesiaToken,N as getComposableToken,C as getCurrentVertesiaToken,j as getFirebaseAnalytics,y as getFirebaseApp,I as getFirebaseAuth,E as getFirebaseAuthToken,$ as setFirebaseTenant,z as useAuthState,M as useCurrentTenant,W as useUXTracking,J as useUserSession};
|
|
1
|
+
import{Env as e}from"@vertesia/ui/env";import{jwtDecode as t}from"jwt-decode";import{getAnalytics as o,logEvent as n}from"firebase/analytics";import{initializeApp as r}from"firebase/app";import{getAuth as i,onAuthStateChanged as a}from"firebase/auth";import{useCallback as s,createContext as c,useContext as l,useState as u,useEffect as d,useRef as h}from"react";import{i18nInstance as g,NAMESPACE as f}from"@vertesia/ui/i18n";import{VertesiaClient as m}from"@vertesia/client";import{jsx as p}from"react/jsx-runtime";const w="composableai.lastSelectedAccountId",v="composableai.lastSelectedProjectId";let k,S,T=null,b=null,_=null;function y(){if(!T)try{if(!e.firebase)throw new Error("Firebase configuration is not available in the environment");T=r(e.firebase)}catch(e){throw console.error("Failed to initialize Firebase app:",e),new Error("Firebase initialization failed - environment may not be properly initialized",{cause:e})}return T}function j(){return b||(b=o(y())),b}function I(){return _||(_=i(y())),_}async function E(t){if(t)if(e.firebase)try{t&&console.log(`Resolving tenant ID from email: ${t}`);let o=3,n=250;for(;o>0;)try{const o=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:t}),signal:AbortSignal.timeout(5e3)});if(!o)throw new Error("No response received from tenant API");if(!o.ok){try{const e=await o.json();console.error("Failed to resolve tenant ID:",e.error)}catch{console.error(`Failed to resolve tenant ID: HTTP ${o.status}`)}if(404===o.status)return void console.warn(`Tenant not found for ${t}`);throw new Error(`HTTP error ${o.status}`)}const n=await o.json();if(n?.firebaseTenantId){const t=I();return t.tenantId=n.firebaseTenantId,e.firebase.providerType=n.provider??"oidc",console.log(`Tenant ID set to ${t.tenantId}`),n}return void console.error(`Invalid response format, missing tenantId for ${t}`)}catch(e){if(!(o>1))throw e;console.warn(`Tenant resolution failed, retrying in ${n}ms...`,e),await new Promise(e=>setTimeout(e,n)),n*=2,o--}}catch(e){console.error("Error setting Firebase tenant:",e instanceof Error?e.message:"Unknown error")}else console.log("Firebase configuration is not available in the environment");else console.log("No tenant name or email specified, skipping tenant setup")}async function $(t){const o=I().currentUser;return o?o.getIdToken(t).then(n=>(e.logger.info("Got Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:t}}),n)).catch(n=>(e.logger.error("Failed to get Firebase token",{vertesia:{user_email:o.email,user_name:o.displayName,user_id:o.uid,refresh:t,error:n}}),console.error("Failed to get access token",n),null)):(e.logger.warn("No user found"),Promise.resolve(null))}function A(e){return e?.replace(/\/+$/,"")}function U(e){return t(e)}async function F(o,n,r,i,a=0){console.log(`Getting/refreshing composable token for account ${n} and project ${r} `),e.logger.info("Getting/refreshing composable token",{vertesia:{account_id:n,project_id:r,retry_count:a}});const s=await o();if(!s)throw console.log("No id token found - using cookie auth"),new Error("No id token found");const c=e.endpoints.sts;console.log("Using STS for token generation:",c),e.logger.info("Using STS for token generation",{vertesia:{account_id:n,project_id:r,sts_url:c}});try{const l=new URL(`${c}/token/issue`),u={type:"user",account_id:n,project_id:r,expires_at:i?Math.floor(Date.now()/1e3)+i:void 0},d=await fetch(l,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${s}`},body:JSON.stringify(u)}).catch(t=>{throw console.error("Failed to call STS endpoint",t),e.logger.error("Failed to call STS endpoint",{vertesia:{account_id:n,project_id:r,error:t}}),new O("Failed to call STS endpoint",c)});if(s&&404===d?.status){console.log("404: User not found - calling ensure-user endpoint"),e.logger.info("404: User not found - calling ensure-user endpoint",{vertesia:{account_id:n,project_id:r,status:d?.status}});const c=await fetch(`${e.endpoints.studio}/auth/ensure-user`,{method:"POST",headers:{Authorization:`Bearer ${s}`,"Content-Type":"application/json"}});if(412===c.status){console.log("412: No invite found - signup required"),e.logger.info("412: No invite found - signup required",{vertesia:{account_id:n,project_id:r}});const o=t(s);if(!o?.email)throw e.logger.error("No email found in id token"),new Error("No email found in id token");throw new x("User not found - signup required",o.email)}if(403===c.status)throw e.logger.warn("403: Customer-domain user requires an invite to join",{vertesia:{account_id:n,project_id:r}}),new Error("Customer-domain user requires an invite to join");if(!c.ok)throw console.error("Failed to ensure user exists",c.status),e.logger.error("Failed to ensure user exists",{vertesia:{account_id:n,project_id:r,status:c.status}}),new Error("Failed to ensure user exists");return console.log("User ensured - retrying token generation"),e.logger.info("User ensured - retrying token generation",{vertesia:{account_id:n,project_id:r}}),F(o,n,r,i,a)}if(s&&412===d?.status){console.log("412: auth succeeded but user doesn't exist - signup required",d?.status),e.logger.error("412: auth succeeded but user doesn't exist - signup required",{vertesia:{account_id:n,project_id:r,status:d?.status}});const o=t(s);if(!o?.email)throw e.logger.error("No email found in id token"),new Error("No email found in id token");throw e.logger.error("User not found",{vertesia:{account_id:n,project_id:r,email:o.email}}),new x("User not found",o.email)}if(403===d.status){if(a>0)throw console.error("403: Access denied even without account scope - user may have no accounts"),e.logger.error("403: Access denied after retry - authorization failure",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:a}}),new Error("Access denied - user may not have access to any accounts");return console.log("403: Access denied - clearing cached account and retrying without account scope"),e.logger.warn("403: Access denied - clearing cached account and retrying",{vertesia:{account_id:n,project_id:r,status:d.status,retry_count:a}}),localStorage.removeItem(w),n&&localStorage.removeItem(`${v}-${n}`),F(o,void 0,void 0,i,a+1)}if(!d.ok){const t=await d.text();throw console.error("STS token generation failed:",d.status,t),e.logger.error("STS token generation failed",{vertesia:{status:d.status,error:t,account_id:n,project_id:r}}),new Error(`Failed to get token from STS: ${d.status}`)}const{token:h}=await d.json();return console.log("Successfully got token from STS"),e.logger.info("Successfully got token from STS"),h}catch(t){if(t instanceof x||t instanceof O)throw t;throw localStorage.removeItem(w),n&&localStorage.removeItem(`${v}-${n}`),console.error("Failed to get composable token from STS",t),e.logger.error("Failed to get composable token from STS",{vertesia:{account_id:n,project_id:r,error:t}}),new Error("Failed to get composable token",{cause:t})}}async function P(e,t,o){return F($,e,t,o)}async function L(e,t,o,n){return F(()=>Promise.resolve(e),t,o,n)}function C(){return k}async function N(t,o,n,r=!1,i=!1){const a=t??localStorage.getItem(w)??void 0,s=o??localStorage.getItem(`${v}-${a}`)??void 0,c=e.isLocalDev?e.devAuthToken:void 0,l=c??n??k;if(!r&&k&&S&&S.exp>Date.now()/1e3+300)return{rawToken:k,token:S,error:!1};if(!r&&function(t){if(!t)return!1;try{return A(U(t).iss)===A(e.endpoints.sts)}catch{return!1}}(l)){if(k=l,S=U(k),!S.exp)throw new Error("Invalid composable token");return{rawToken:k,token:S,error:!1}}if(c||i||!I().currentUser?c||!n&&!k?c&&(k=c):k=await F(()=>Promise.resolve(n??k),a,s):k=await P(a,s),!k)throw e.logger.error("Cannot acquire a composable token",{vertesia:{account_id:a,project_id:s}}),new Error("Cannot acquire a composable token");if(S=U(k),!S?.exp||!k)throw console.error("Invalid composable token",S),e.logger.error("Invalid composable token",{vertesia:{account_id:a,project_id:s}}),new Error("Invalid composable token");return{rawToken:k,token:S,error:!1}}class x extends Error{email;constructor(e,t){super(e),this.name="UserNotFoundError",this.email=t}}class O extends Error{stsURL;constructor(e,t){super(e),this.name="STSError",this.stsURL=t}}const R="auth_state",D="auth_state_expiry";function z(){return{generateState:s(()=>{const e=crypto.randomUUID(),t=Date.now()+3e5;return sessionStorage.setItem(R,e),sessionStorage.setItem(D,t.toString()),e},[]),verifyState:s(e=>{if(!e)return"Missing state";const t=sessionStorage.getItem(R),o=parseInt(sessionStorage.getItem(D)||"0",10);let n;return n=t!==e?`State mismatched (${t} !== ${e})`:Date.now()>o?"State expired":void 0,n},[]),clearState:s(()=>{sessionStorage.removeItem(R),sessionStorage.removeItem(D)},[])}}function q(e){return!("firebase"===window.AUTH_MODE)}function H(){const e=new URL(document.baseURI),t=new URL(window.location.href),o=t.pathname.startsWith(e.pathname)?t:e;return o.hash="",o}function B(){const e=new URL(document.baseURI);return e.hash="",e.search="",e}class G{isLoading=!0;client;authError;authToken;setSession;lastSelectedAccount;lastSelectedProject;onboardingComplete;constructor(t,o){this.client=t||new m({serverUrl:e.endpoints.studio,storeUrl:e.endpoints.zeno,tokenServerUrl:e.endpoints.sts}),o&&(this.setSession=o),this.logout=this.logout.bind(this)}get store(){return this.client.store}get user(){return this.authToken}get account(){return this.authToken?.account}get project(){return this.authToken?.project}get accounts(){return this.authToken?.accounts}get authCallback(){return this.rawAuthToken.then(e=>`Bearer ${e}`)}get rawAuthToken(){return N().then(e=>{const o=e?.rawToken;if(!o)throw new Error("No token available");return this.authToken=t(o),o})}async refreshAuthToken(){const e=await N(void 0,void 0,void 0,!0),o=e?.rawToken;if(!o)throw new Error("No token available");return this.authToken=t(o),this.setSession?.(this.clone()),this.authToken}signOut(){this.logout()}getAccount(){return this.authToken?.account}async login(o,n={}){return this.authError=void 0,this.isLoading=!1,this.client.withAuthCallback(()=>this.authCallback),this.authToken=t(o),console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`),localStorage.setItem(w,this.authToken.account.id),localStorage.setItem(`${v}-${this.authToken.account.id}`,this.authToken.project?.id??""),e.onLogin?.(this.authToken),(n.loadOnboardingStatus??1)&&await this.fetchOnboardingStatus(),Promise.resolve()}isLoggedIn(){return!!this.authToken}logout(){if(console.log("Logging out"),q()){console.log("Using central auth logout"),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0);const e=new URL("https://internal-auth.vertesia.app/"),t=H();e.pathname="/logout",e.searchParams.set("redirect_uri",t.toString()),location.replace(e.toString())}else{console.log("Using Firebase logout");const e=!!this.authToken;this.authToken&&I().signOut(),this.authError=void 0,this.isLoading=!1,this.authToken=void 0,this.setSession=void 0,this.client.withAuthCallback(void 0),e&&location.replace(B().toString())}}async switchAccount(e){localStorage.setItem(w,e),this&&(this.account&&this.project?localStorage.setItem(`${v}-${this.account.id}`,this.project.id):this.account&&localStorage.removeItem(`${v}-${this.account.id}`));const t=B();t.searchParams.set("a",e),window.location.replace(t.toString())}async switchProject(e){this.account&&localStorage.setItem(`${v}-${this.account.id}`,e);const t=B();this.account?.id&&t.searchParams.set("a",this.account.id),t.searchParams.set("p",e),window.location.replace(t.toString())}async fetchAccounts(){return this.client.accounts.list().then(e=>{if(!this.authToken)throw new Error("No token available");this.authToken.accounts=e,this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch accounts",e),e})}async fetchProjects(e){return this.client.projects.list([e]).then(t=>{if(!this.authToken)throw new Error("No token available");this.authToken={...this.authToken,accounts:this.authToken.accounts?.map(o=>o.id===e?{...o,projects:t.filter(t=>t.account===e)}:o)},this.setSession?.(this.clone())}).catch(e=>{throw console.error("Failed to fetch projects",e),e})}async fetchOnboardingStatus(){if(this.onboardingComplete)return console.log("Onboarding already completed"),!1;const e=this.onboardingComplete;try{const t=await this.client.account.onboardingProgress();if(this.onboardingComplete=Object.values(t).every(e=>!0===e),e!==this.onboardingComplete)return!0;this.setSession?.(this.clone())}catch(e){console.error("Error fetching onboarding status:",e),this.onboardingComplete=!1,this.setSession?.(this.clone())}return!1}clone(){const e=new G(this.client);return e.isLoading=this.isLoading,e.authError=this.authError,e.authToken=this.authToken,e.setSession=this.setSession,e.lastSelectedAccount=this.lastSelectedAccount,e.switchAccount=this.switchAccount,e.onboardingComplete=this.onboardingComplete,e}}const J=c(void 0);function M(){const e=l(J);if(!e)throw new Error("useUserSession must be used within a UserSessionProvider");return e}function K(){const{user:e}=M(),[t,o]=u(null),[n,r]=u(!0),[i,a]=u(null);return d(()=>{(async()=>{if(!e?.email)return o(null),void r(!1);try{const t=await fetch("/api/resolve-tenant",{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({tenantEmail:e.email})});if(t.ok){const e=await t.json();o(e?{tenantKey:e.name||"unknown",name:e.label||e.name||"Unknown",domain:e.domain||[],firebaseTenantId:e.firebaseTenantId,provider:e.provider,logo:e.logo}:null)}else o(null)}catch(e){console.error("Error loading current tenant:",e),a(g.getFixedT(null,f)("errors.failedToLoadTenantConfig")),o(null)}finally{r(!1)}})()},[e?.email]),{currentTenant:t,isLoading:n,error:i}}function W({children:t,loadOnboardingStatus:o=!0}){const n=new URLSearchParams(location.hash.substring(1)),r=n.get("token"),i=n.get("state"),[s,c]=u(new G),{generateState:l,verifyState:g,clearState:f}=z(),m=h(!1),k=h(void 0),S=(t,o)=>{const n=new URL(`https://internal-auth.vertesia.app/?sts=${e.endpoints.sts??"https://sts.vertesia.io"}`),r=H();n.searchParams.set("redirect_uri",r.toString()),n.searchParams.set("state",l()),location.replace(n.toString())};return k.current=()=>{if(m.current)return void console.log("Auth: skipping duplicate auth flow initiation");m.current=!0,console.log("Auth: starting auth flow"),e.logger.info("Starting auth flow");const t=new URL(window.location.href),n=t.searchParams.get("a")??localStorage.getItem(w)??void 0,l=t.searchParams.get("p")??localStorage.getItem(`${v}-${n}`)??void 0;if(console.log("Auth: selected account",n),console.log("Auth: selected project",l),e.logger.info("Selected account and project",{vertesia:{account_id:n,project_id:l}}),e.isLocalDev&&e.devAuthToken)return s.setSession=c,void N(n,l,e.devAuthToken).then(e=>{s.login(e.rawToken).then(()=>c(s.clone()))}).catch(t=>{console.error("Failed to initialize dev auth token",t),e.logger.error("Failed to initialize dev auth token",{vertesia:{account_id:n,project_id:l,error:t}}),s.isLoading=!1,s.authError=t instanceof Error?t:new Error(String(t)),c(s.clone())});if(r&&i){s.setSession=c;const t=g(i);return t?(console.error(`Auth: invalid state: ${t}`),e.logger.error(`Invalid state: ${t}`,{vertesia:{state:i}}),S()):f(),void N(n,l,r,!1,q()).then(e=>{s.login(e.rawToken,{loadOnboardingStatus:o}).then(()=>{c(s.clone()),window.location.hash=""})}).catch(t=>t instanceof x?(console.log("User not found - will trigger signup flow",t),s.isLoading=!1,s.authError=t,void c(s.clone())):t instanceof O?(console.error("STS error during token exchange",t),e.logger.error("STS error during token exchange",{vertesia:{account_id:n,project_id:l,sts_url:t.stsURL,error:t}}),window.alert("Authentication failed due to an issue with the authentication service. Please try again later."),s.logout(),c(s.clone()),void(window.location.hash="")):(console.error("Failed to fetch user token from studio, redirecting to central auth",t),e.logger.error("Failed to fetch user token from studio, redirecting to central auth",{vertesia:{error:t}}),void S()))}let u,d=!1;const h=()=>{if(!d){if(!s.isLoggedIn()){if(console.log("Auth: not logged in & no token/state"),e.logger.info("Not logged in & no token/state",{vertesia:{account_id:n,project_id:l}}),q())return console.log("Auth: host is not in Firebase auth allowlist, redirecting to central auth with selection",n,l),e.logger.info("Redirecting to central auth with selection",{vertesia:{account_id:n,project_id:l}}),void S();console.log("Auth: host is in Firebase auth allowlist"),e.logger.info("Host is in Firebase auth allowlist",{vertesia:{account_id:n,project_id:l}})}u=a(I(),async t=>{t?(console.log("Auth: successful login with firebase"),e.logger.info("Successful login with firebase",{vertesia:{account_id:n,project_id:l}}),s.setSession=c,await N(n,l,void 0,!1,q()).then(e=>{s.login(e.rawToken,{loadOnboardingStatus:o}).then(()=>c(s.clone()))}).catch(t=>{console.error("Failed to fetch user token from studio",t),e.logger.error("Failed to fetch user token from studio",{vertesia:{account_id:n,project_id:l,error:t}}),t instanceof x||s.logout(),s.isLoading=!1,s.authError=t,c(s.clone())})):(console.log("Auth: using anonymous user"),e.logger.info("Using anonymous user",{vertesia:{account_id:n,project_id:l}}),s.client.withAuthCallback(void 0),s.logout(),c(s.clone()))})}};return e.authTokenProvider?(s.setSession=c,e.authTokenProvider().then(async e=>{if(!e)return void h();const t=await N(n,l,e,!1,q());await s.login(t.rawToken,{loadOnboardingStatus:o}),d||c(s.clone())}).catch(t=>{console.warn("Auth: failed to initialize injected auth token",t),e.logger.warn("Failed to initialize injected auth token",{vertesia:{account_id:n,project_id:l,error:t}}),h()}),()=>{d=!0,u?.()}):(h(),()=>{d=!0,u?.()})},d(()=>k.current?.(),[]),p(J.Provider,{value:s,children:t})}function Q(){return{tagUserSession:async e=>{const t=window.localStorage.getItem("composableSignupData");e?t&&window.localStorage.removeItem("composableSignupData"):console.error("No user found -- skipping tagging")},trackEvent:(t,o)=>{e.isProd||console.debug("track event",t,o),n(j(),t,{...o,debug_mode:!e.isProd})}}}export{w as LastSelectedAccountId_KEY,v as LastSelectedProjectId_KEY,O as STSError,x as UserNotFoundError,G as UserSession,J as UserSessionContext,W as UserSessionProvider,F as fetchComposableToken,P as fetchComposableTokenFromFirebaseToken,L as fetchComposableTokenFromVertesiaToken,N as getComposableToken,C as getCurrentVertesiaToken,j as getFirebaseAnalytics,y as getFirebaseApp,I as getFirebaseAuth,$ as getFirebaseAuthToken,E as setFirebaseTenant,z as useAuthState,K as useCurrentTenant,Q as useUXTracking,M as useUserSession};
|
|
2
2
|
//# sourceMappingURL=vertesia-ui-session.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"vertesia-ui-session.js","sources":["session/constants.js","session/auth/firebase.js","session/auth/composable.js","session/auth/useAuthState.js","session/auth/domainRouting.js","session/UserSession.js","session/auth/useCurrentTenant.js","session/UserSessionProvider.js","session/useUXTracking.js"],"sourcesContent":["export const LastSelectedAccountId_KEY = 'composableai.lastSelectedAccountId';\nexport const LastSelectedProjectId_KEY = 'composableai.lastSelectedProjectId';\n//# sourceMappingURL=constants.js.map","import { Env } from '@vertesia/ui/env';\nimport { getAnalytics } from 'firebase/analytics';\nimport { initializeApp } from 'firebase/app';\nimport { getAuth } from 'firebase/auth';\n// Use lazy initialization to avoid accessing Env before it's initialized\nlet _firebaseApp = null;\nlet _analytics = null;\nlet _firebaseAuth = null;\n// Getters that lazily initialize Firebase components when first accessed\nexport function getFirebaseApp() {\n if (!_firebaseApp) {\n try {\n if (!Env.firebase) {\n throw new Error('Firebase configuration is not available in the environment');\n }\n _firebaseApp = initializeApp(Env.firebase);\n }\n catch (error) {\n console.error('Failed to initialize Firebase app:', error);\n throw new Error('Firebase initialization failed - environment may not be properly initialized', {\n cause: error,\n });\n }\n }\n return _firebaseApp;\n}\nexport function getFirebaseAnalytics() {\n if (!_analytics) {\n _analytics = getAnalytics(getFirebaseApp());\n }\n return _analytics;\n}\nexport function getFirebaseAuth() {\n if (!_firebaseAuth) {\n _firebaseAuth = getAuth(getFirebaseApp());\n }\n return _firebaseAuth;\n}\nexport async function setFirebaseTenant(tenantEmail) {\n if (!tenantEmail) {\n console.log('No tenant name or email specified, skipping tenant setup');\n return;\n }\n if (!Env.firebase) {\n console.log('Firebase configuration is not available in the environment');\n return;\n }\n try {\n if (tenantEmail)\n console.log(`Resolving tenant ID from email: ${tenantEmail}`);\n // Add retry logic with exponential backoff\n let retries = 3;\n let retryDelay = 250; // Start with 250ms delay\n while (retries > 0) {\n try {\n // Call the API endpoint to resolve the tenant ID\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: tenantEmail,\n }),\n // Add timeout to prevent hanging requests\n signal: AbortSignal.timeout(5000),\n });\n // Check for network errors\n if (!response) {\n throw new Error('No response received from tenant API');\n }\n // Handle HTTP error responses\n if (!response.ok) {\n // Try to parse the error response\n try {\n const errorData = await response.json();\n console.error('Failed to resolve tenant ID:', errorData.error);\n }\n catch {\n console.error(`Failed to resolve tenant ID: HTTP ${response.status}`);\n }\n // If the error is 404 Not Found, no need to retry\n if (response.status === 404) {\n console.warn(`Tenant not found for ${tenantEmail}`);\n return;\n }\n throw new Error(`HTTP error ${response.status}`);\n }\n // Successfully got a response, parse it\n const data = (await response.json());\n if (data?.firebaseTenantId) {\n const auth = getFirebaseAuth();\n auth.tenantId = data.firebaseTenantId;\n Env.firebase.providerType = data.provider ?? 'oidc';\n console.log(`Tenant ID set to ${auth.tenantId}`);\n return data;\n }\n else {\n console.error(`Invalid response format, missing tenantId for ${tenantEmail}`);\n return; // No need to retry for invalid response format\n }\n }\n catch (fetchError) {\n // Only retry for network-related errors\n if (retries > 1) {\n console.warn(`Tenant resolution failed, retrying in ${retryDelay}ms...`, fetchError);\n await new Promise((resolve) => setTimeout(resolve, retryDelay));\n retryDelay *= 2; // Exponential backoff\n retries--;\n }\n else {\n throw fetchError; // Last retry failed, propagate error\n }\n }\n }\n }\n catch (error) {\n // Final error handler\n console.error('Error setting Firebase tenant:', error instanceof Error ? error.message : 'Unknown error');\n // Continue without tenant ID - authentication will work without multi-tenancy\n // but the user will access the default tenant\n }\n}\nexport async function getFirebaseAuthToken(refresh) {\n const auth = getFirebaseAuth();\n const user = auth.currentUser;\n if (user) {\n return user\n .getIdToken(refresh)\n .then((token) => {\n Env.logger.info('Got Firebase token', {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n },\n });\n return token;\n })\n .catch((err) => {\n Env.logger.error('Failed to get Firebase token', {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n error: err,\n },\n });\n console.error('Failed to get access token', err);\n return null;\n });\n }\n else {\n Env.logger.warn('No user found');\n return Promise.resolve(null);\n }\n}\n//# sourceMappingURL=firebase.js.map","import { Env } from '@vertesia/ui/env';\nimport { jwtDecode } from 'jwt-decode';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from '../constants';\nimport { getFirebaseAuth, getFirebaseAuthToken } from './firebase';\nlet AUTH_TOKEN_RAW;\nlet AUTH_TOKEN;\nfunction normalizeIssuer(value) {\n return value?.replace(/\\/+$/, '');\n}\nfunction decodeToken(token) {\n return jwtDecode(token);\n}\nfunction isVertesiaIssuedToken(token) {\n if (!token)\n return false;\n try {\n const decoded = decodeToken(token);\n return normalizeIssuer(decoded.iss) === normalizeIssuer(Env.endpoints.sts);\n }\n catch {\n return false;\n }\n}\nexport async function fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount = 0) {\n console.log(`Getting/refreshing composable token for account ${accountId} and project ${projectId} `);\n Env.logger.info('Getting/refreshing composable token', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n retry_count: retryCount,\n },\n });\n const idToken = await getIdToken(); //get from firebase\n if (!idToken) {\n console.log('No id token found - using cookie auth');\n throw new Error('No id token found');\n }\n // Use STS endpoint - either configured or default to sts.vertesia.io\n const stsEndpoint = Env.endpoints.sts;\n console.log('Using STS for token generation:', stsEndpoint);\n Env.logger.info('Using STS for token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n sts_url: stsEndpoint,\n },\n });\n try {\n // Call STS to generate a user token\n const stsUrl = new URL(`${stsEndpoint}/token/issue`);\n const requestBody = {\n type: 'user',\n account_id: accountId,\n project_id: projectId,\n expires_at: ttl ? Math.floor(Date.now() / 1000) + ttl : undefined,\n };\n const stsRes = await fetch(stsUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${idToken}`, // Firebase token for authentication\n },\n body: JSON.stringify(requestBody),\n }).catch((error) => {\n console.error('Failed to call STS endpoint', error);\n Env.logger.error('Failed to call STS endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new STSError('Failed to call STS endpoint', stsEndpoint);\n });\n if (idToken && stsRes?.status === 404) {\n // User not found in token-server - call ensure-user endpoint\n console.log('404: User not found - calling ensure-user endpoint');\n Env.logger.info('404: User not found - calling ensure-user endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status,\n },\n });\n const ensureResponse = await fetch(`${Env.endpoints.studio}/auth/ensure-user`, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${idToken}`,\n 'Content-Type': 'application/json',\n },\n });\n if (ensureResponse.status === 412) {\n // No invite - trigger signup\n console.log('412: No invite found - signup required');\n Env.logger.info('412: No invite found - signup required', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n throw new UserNotFoundError('User not found - signup required', idTokenDecoded.email);\n }\n if (ensureResponse.status === 403) {\n // SigninScreen keys the invite-required view off this message.\n Env.logger.warn('403: Customer-domain user requires an invite to join', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error('Customer-domain user requires an invite to join');\n }\n if (!ensureResponse.ok) {\n console.error('Failed to ensure user exists', ensureResponse.status);\n Env.logger.error('Failed to ensure user exists', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: ensureResponse.status,\n },\n });\n throw new Error('Failed to ensure user exists');\n }\n // User created/exists - retry token generation\n console.log('User ensured - retrying token generation');\n Env.logger.info('User ensured - retrying token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n return fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount);\n }\n if (idToken && stsRes?.status === 412) {\n console.log(\"412: auth succeeded but user doesn't exist - signup required\", stsRes?.status);\n Env.logger.error(\"412: auth succeeded but user doesn't exist - signup required\", {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status,\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n Env.logger.error('User not found', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n email: idTokenDecoded.email,\n },\n });\n throw new UserNotFoundError('User not found', idTokenDecoded.email);\n }\n if (stsRes.status === 403) {\n // User doesn't have access to the requested account/project, or has no accounts\n // This can happen with:\n // 1. Stale localStorage from previous user\n // 2. User invited to a new account (doesn't have access yet)\n // 3. User exists but has no accounts at all\n if (retryCount > 0) {\n // Already retried without account scope - this is a real authorization failure\n console.error('403: Access denied even without account scope - user may have no accounts');\n Env.logger.error('403: Access denied after retry - authorization failure', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount,\n },\n });\n throw new Error('Access denied - user may not have access to any accounts');\n }\n console.log('403: Access denied - clearing cached account and retrying without account scope');\n Env.logger.warn('403: Access denied - clearing cached account and retrying', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount,\n },\n });\n // Clear any stale account/project from localStorage\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${accountId}`);\n }\n // Retry without account/project scope - let user log in to their default account\n return fetchComposableToken(getIdToken, undefined, undefined, ttl, retryCount + 1);\n }\n if (!stsRes.ok) {\n const errorText = await stsRes.text();\n console.error('STS token generation failed:', stsRes.status, errorText);\n Env.logger.error('STS token generation failed', {\n vertesia: {\n status: stsRes.status,\n error: errorText,\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error(`Failed to get token from STS: ${stsRes.status}`);\n }\n const { token } = await stsRes.json();\n console.log('Successfully got token from STS');\n Env.logger.info('Successfully got token from STS');\n return token;\n }\n catch (error) {\n if (error instanceof UserNotFoundError || error instanceof STSError) {\n throw error; // Re-throw UserNotFoundError and STSError to be handled separately in the caller\n }\n // Clear any stale account/project from localStorage on error\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${accountId}`);\n }\n console.error('Failed to get composable token from STS', error);\n Env.logger.error('Failed to get composable token from STS', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new Error('Failed to get composable token', { cause: error });\n }\n}\n/**\n *\n * @param accountId\n * @param projectId\n * @param ttl time to live for the token in seconds\n * @returns\n */\nexport async function fetchComposableTokenFromFirebaseToken(accountId, projectId, ttl) {\n return fetchComposableToken(getFirebaseAuthToken, accountId, projectId, ttl);\n}\n/**\n * Mint a scoped Vertesia token from an existing Vertesia JWT. STS accepts STS-issued\n * tokens on /token/issue, so this works for sessions established via Central Auth where\n * the browser has no Firebase user.\n */\nexport async function fetchComposableTokenFromVertesiaToken(vertesiaToken, accountId, projectId, ttl) {\n return fetchComposableToken(() => Promise.resolve(vertesiaToken), accountId, projectId, ttl);\n}\n/** Returns the cached Vertesia raw JWT, if any. Does not refresh. */\nexport function getCurrentVertesiaToken() {\n return AUTH_TOKEN_RAW;\n}\nexport async function getComposableToken(accountId, projectId, initToken, forceRefresh = false, useInternalAuth = false) {\n const selectedAccount = accountId ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = projectId ?? localStorage.getItem(`${LastSelectedProjectId_KEY}-${selectedAccount}`) ?? undefined;\n const devAuthToken = Env.isLocalDev ? Env.devAuthToken : undefined;\n const suppliedToken = devAuthToken ?? initToken ?? AUTH_TOKEN_RAW;\n //token is still valid for more than 5 minutes\n if (!forceRefresh && AUTH_TOKEN_RAW && AUTH_TOKEN && AUTH_TOKEN.exp > Date.now() / 1000 + 300) {\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n if (!forceRefresh && isVertesiaIssuedToken(suppliedToken)) {\n AUTH_TOKEN_RAW = suppliedToken;\n AUTH_TOKEN = decodeToken(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN.exp) {\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n //token is close to expire, refresh it\n if (!devAuthToken && !useInternalAuth && getFirebaseAuth().currentUser) {\n //we have a firebase user, get the token from there\n AUTH_TOKEN_RAW = await fetchComposableTokenFromFirebaseToken(selectedAccount, selectedProject);\n }\n else if (!devAuthToken && (initToken || AUTH_TOKEN_RAW)) {\n // we have a token already and no firebase user, refresh it\n AUTH_TOKEN_RAW = await fetchComposableToken(() => Promise.resolve(initToken ?? AUTH_TOKEN_RAW), selectedAccount, selectedProject);\n }\n else if (devAuthToken) {\n AUTH_TOKEN_RAW = devAuthToken;\n }\n if (!AUTH_TOKEN_RAW) {\n Env.logger.error('Cannot acquire a composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Cannot acquire a composable token');\n }\n AUTH_TOKEN = decodeToken(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN?.exp || !AUTH_TOKEN_RAW) {\n console.error('Invalid composable token', AUTH_TOKEN);\n Env.logger.error('Invalid composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n}\nexport class UserNotFoundError extends Error {\n email;\n constructor(message, email) {\n super(message);\n this.name = 'UserNotFoundError';\n this.email = email;\n }\n}\nexport class STSError extends Error {\n stsURL;\n constructor(message, stsURL) {\n super(message);\n this.name = 'STSError';\n this.stsURL = stsURL;\n }\n}\n//# sourceMappingURL=composable.js.map","/**\n * This hook is used to generate and verify state for OAuth2 authorization requests.\n * @returns\n */\nimport { useCallback } from 'react';\nconst AUTH_STATE_KEY = 'auth_state';\nconst STATE_EXPIRY_KEY = 'auth_state_expiry';\nconst STATE_TTL = 5 * 60 * 1000; // 5 min\nexport function useAuthState() {\n // Generate new state\n const generateState = useCallback(() => {\n const state = crypto.randomUUID();\n const expiryTime = Date.now() + STATE_TTL;\n // Store state and expiry\n sessionStorage.setItem(AUTH_STATE_KEY, state);\n sessionStorage.setItem(STATE_EXPIRY_KEY, expiryTime.toString());\n return state;\n }, []);\n // Verify returned state\n const verifyState = useCallback((returnedState) => {\n if (!returnedState) {\n return 'Missing state';\n }\n const savedState = sessionStorage.getItem(AUTH_STATE_KEY);\n const expiryTime = parseInt(sessionStorage.getItem(STATE_EXPIRY_KEY) || '0', 10);\n let reason;\n // Verify state matches and hasn't expired\n if (savedState !== returnedState) {\n reason = `State mismatched (${savedState} !== ${returnedState})`;\n }\n else if (Date.now() > expiryTime) {\n reason = 'State expired';\n }\n else {\n reason = undefined; // No errors\n }\n return reason;\n }, []);\n // Clear state (useful for cleanup)\n const clearState = useCallback(() => {\n sessionStorage.removeItem(AUTH_STATE_KEY);\n sessionStorage.removeItem(STATE_EXPIRY_KEY);\n }, []);\n return { generateState, verifyState, clearState };\n}\n//# sourceMappingURL=useAuthState.js.map","export function shouldUseFirebaseAuth(_hostname) {\n return window.AUTH_MODE === 'firebase';\n}\nexport function shouldRedirectToCentralAuth(_hostname) {\n return !shouldUseFirebaseAuth();\n}\n/**\n * The page URL to return to after a central-auth round-trip (`redirect_uri`).\n *\n * Apps served under a deep gateway mount carry a `<base href=\"/tenants/<t>/apps/<app>/.../app/\">`\n * that the app-gateway injects at serve time. The in-app router rewrites the address bar relative\n * to the origin rather than that mount, so by the time the auth flow runs `window.location` can\n * read as the bare origin `/`. Building `redirect_uri` from that drops the app path, and the\n * post-login token bounces back to a URL that serves no app.\n *\n * Prefer the live location when it still sits under the mount (preserves the in-app deep route);\n * otherwise fall back to `document.baseURI` — the mount, which the router cannot clobber. With no\n * `<base>` element (the Studio UI), `document.baseURI` is the document URL and its `pathname` is a\n * prefix of the live location, so the live URL is used unchanged — no behavior change there.\n */\nexport function authReturnUrl() {\n const base = new URL(document.baseURI);\n const current = new URL(window.location.href);\n const target = current.pathname.startsWith(base.pathname) ? current : base;\n target.hash = '';\n return target;\n}\n//# sourceMappingURL=domainRouting.js.map","import { VertesiaClient } from '@vertesia/client';\nimport { Env } from '@vertesia/ui/env';\nimport { jwtDecode } from 'jwt-decode';\nimport { createContext, useContext } from 'react';\nimport { getComposableToken } from './auth/composable';\nimport { authReturnUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from './constants';\nexport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY };\nconst CENTRAL_AUTH_REDIRECT = 'https://internal-auth.vertesia.app/';\nclass UserSession {\n isLoading = true;\n client;\n authError;\n authToken;\n setSession;\n lastSelectedAccount;\n lastSelectedProject;\n onboardingComplete;\n constructor(client, setSession) {\n if (client) {\n this.client = client;\n }\n else {\n this.client = new VertesiaClient({\n serverUrl: Env.endpoints.studio,\n storeUrl: Env.endpoints.zeno,\n tokenServerUrl: Env.endpoints.sts,\n });\n }\n if (setSession) {\n this.setSession = setSession;\n }\n this.logout = this.logout.bind(this);\n }\n get store() {\n return this.client.store;\n }\n get user() {\n //compatibility\n return this.authToken;\n }\n get account() {\n //compatibility\n return this.authToken?.account;\n }\n get project() {\n return this.authToken?.project;\n }\n get accounts() {\n //compatibility\n return this.authToken?.accounts;\n }\n get authCallback() {\n return this.rawAuthToken.then((token) => `Bearer ${token}`);\n }\n get rawAuthToken() {\n return getComposableToken().then((res) => {\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n return token;\n });\n }\n /**\n * Force a fresh Vertesia JWT from STS, bypassing the in-memory cache.\n * Use this when the current token's claims (e.g. `apps`) are suspected\n * stale — STS recomputes the `apps` claim from ACEs on every issuance.\n */\n async refreshAuthToken() {\n const res = await getComposableToken(undefined, undefined, undefined, true);\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n this.setSession?.(this.clone());\n return this.authToken;\n }\n signOut() {\n //compatibility\n this.logout();\n }\n getAccount() {\n return this.authToken?.account;\n }\n async login(token, options = {}) {\n this.authError = undefined;\n this.isLoading = false;\n this.client.withAuthCallback(() => this.authCallback);\n this.authToken = jwtDecode(token);\n console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`);\n //store selected account in local storage\n localStorage.setItem(LastSelectedAccountId_KEY, this.authToken.account.id);\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.authToken.account.id}`, this.authToken.project?.id ?? '');\n // notify the host app of the login\n Env.onLogin?.(this.authToken);\n if (options.loadOnboardingStatus ?? true) {\n await this.fetchOnboardingStatus();\n }\n return Promise.resolve();\n }\n isLoggedIn() {\n return !!this.authToken;\n }\n logout() {\n console.log('Logging out');\n if (shouldRedirectToCentralAuth()) {\n // Redirect to central auth for logout\n // Central auth will handle Firebase logout\n console.log('Using central auth logout');\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n const logoutUrl = new URL(CENTRAL_AUTH_REDIRECT);\n const currentUrl = authReturnUrl();\n logoutUrl.pathname = '/logout';\n logoutUrl.searchParams.set('redirect_uri', currentUrl.toString());\n location.replace(logoutUrl.toString());\n }\n else {\n // Use Firebase logout directly\n console.log('Using Firebase logout');\n const wasLoggedIn = !!this.authToken;\n if (this.authToken) {\n void getFirebaseAuth().signOut();\n }\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n // Navigate to root to avoid React rendering errors when\n // unmounting deeply nested route components during logout.\n // Only navigate if user was actually logged in to avoid\n // infinite reload loop on fresh/incognito sessions.\n if (wasLoggedIn) {\n location.replace('/');\n }\n }\n }\n async switchAccount(targetAccountId) {\n localStorage.setItem(LastSelectedAccountId_KEY, targetAccountId);\n if (this) {\n if (this.account && this.project) {\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.account.id}`, this.project.id);\n }\n else if (this.account) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${this.account.id}`);\n }\n }\n window.location.replace(`/?a=${targetAccountId}`);\n }\n async switchProject(targetProjectId) {\n if (this.account) {\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.account.id}`, targetProjectId);\n }\n window.location.replace(`/?a=${this.account?.id}&p=${targetProjectId}`);\n }\n async fetchAccounts() {\n return this.client.accounts\n .list()\n .then((accounts) => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken.accounts = accounts;\n this.setSession?.(this.clone());\n })\n .catch((err) => {\n console.error('Failed to fetch accounts', err);\n throw err;\n });\n }\n async fetchProjects(accountId) {\n return this.client.projects\n .list([accountId])\n .then((projects) => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken = {\n ...this.authToken,\n accounts: this.authToken.accounts?.map((account) => {\n if (account.id === accountId) {\n return {\n ...account,\n projects: projects.filter((project) => project.account === accountId),\n };\n }\n return account;\n }),\n };\n this.setSession?.(this.clone());\n })\n .catch((err) => {\n console.error('Failed to fetch projects', err);\n throw err;\n });\n }\n async fetchOnboardingStatus() {\n if (this.onboardingComplete) {\n console.log('Onboarding already completed');\n return false;\n }\n const previousStatus = this.onboardingComplete;\n try {\n const onboarding = await this.client.account.onboardingProgress();\n this.onboardingComplete = Object.values(onboarding).every((value) => value === true);\n if (previousStatus !== this.onboardingComplete) {\n return true;\n }\n this.setSession?.(this.clone());\n }\n catch (error) {\n console.error('Error fetching onboarding status:', error);\n this.onboardingComplete = false;\n this.setSession?.(this.clone());\n }\n return false;\n }\n clone() {\n const session = new UserSession(this.client);\n session.isLoading = this.isLoading;\n session.authError = this.authError;\n session.authToken = this.authToken;\n session.setSession = this.setSession;\n session.lastSelectedAccount = this.lastSelectedAccount;\n session.switchAccount = this.switchAccount;\n session.onboardingComplete = this.onboardingComplete;\n return session;\n }\n}\nconst UserSessionContext = createContext(undefined);\nexport function useUserSession() {\n const session = useContext(UserSessionContext);\n if (!session) {\n throw new Error('useUserSession must be used within a UserSessionProvider');\n }\n return session;\n}\nexport { UserSession, UserSessionContext };\n//# sourceMappingURL=UserSession.js.map","import { i18nInstance, NAMESPACE } from '@vertesia/ui/i18n';\nimport { useEffect, useState } from 'react';\nimport { useUserSession } from '../UserSession';\nexport function useCurrentTenant() {\n const { user } = useUserSession();\n const [currentTenant, setCurrentTenant] = useState(null);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState(null);\n useEffect(() => {\n const loadCurrentTenant = async () => {\n if (!user?.email) {\n setCurrentTenant(null);\n setIsLoading(false);\n return;\n }\n try {\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: user.email,\n }),\n });\n if (response.ok) {\n const tenantData = await response.json();\n if (tenantData) {\n // Convert the resolved tenant data to our TenantConfig format\n setCurrentTenant({\n tenantKey: tenantData.name || 'unknown',\n name: tenantData.label || tenantData.name || 'Unknown',\n domain: tenantData.domain || [],\n firebaseTenantId: tenantData.firebaseTenantId,\n provider: tenantData.provider,\n logo: tenantData.logo,\n });\n }\n else {\n setCurrentTenant(null);\n }\n }\n else {\n setCurrentTenant(null);\n }\n }\n catch (error) {\n console.error('Error loading current tenant:', error);\n setError(i18nInstance.getFixedT(null, NAMESPACE)('errors.failedToLoadTenantConfig'));\n setCurrentTenant(null);\n }\n finally {\n setIsLoading(false);\n }\n };\n void loadCurrentTenant();\n }, [user?.email]);\n return {\n currentTenant,\n isLoading,\n error,\n };\n}\n//# sourceMappingURL=useCurrentTenant.js.map","import { jsx as _jsx } from \"react/jsx-runtime\";\nimport { Env } from '@vertesia/ui/env';\nimport { onAuthStateChanged } from 'firebase/auth';\nimport { useEffect, useRef, useState } from 'react';\nimport { getComposableToken, STSError, UserNotFoundError } from './auth/composable';\nimport { authReturnUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { useAuthState } from './auth/useAuthState';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY, UserSession, UserSessionContext } from './UserSession';\nconst CENTRAL_AUTH_REDIRECT = 'https://internal-auth.vertesia.app/';\nexport function UserSessionProvider({ children, loadOnboardingStatus = true }) {\n const hashParams = new URLSearchParams(location.hash.substring(1));\n const token = hashParams.get('token');\n const state = hashParams.get('state');\n const [session, setSession] = useState(new UserSession());\n const { generateState, verifyState, clearState } = useAuthState();\n const hasInitiatedAuthRef = useRef(false);\n const authFlowRef = useRef(undefined);\n const redirectToCentralAuth = (projectId, accountId) => {\n const url = new URL(`${CENTRAL_AUTH_REDIRECT}?sts=${Env.endpoints.sts ?? 'https://sts.vertesia.io'}`);\n const currentUrl = authReturnUrl();\n if (projectId)\n currentUrl.searchParams.set('p', projectId);\n if (accountId)\n currentUrl.searchParams.set('a', accountId);\n url.searchParams.set('redirect_uri', currentUrl.toString());\n url.searchParams.set('state', generateState());\n location.replace(url.toString());\n };\n authFlowRef.current = () => {\n // Make this effect idempotent - only run auth flow once\n if (hasInitiatedAuthRef.current) {\n console.log('Auth: skipping duplicate auth flow initiation');\n return;\n }\n hasInitiatedAuthRef.current = true;\n console.log('Auth: starting auth flow');\n Env.logger.info('Starting auth flow');\n const currentUrl = new URL(window.location.href);\n const selectedAccount = currentUrl.searchParams.get('a') ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = currentUrl.searchParams.get('p') ??\n localStorage.getItem(`${LastSelectedProjectId_KEY}-${selectedAccount}`) ??\n undefined;\n console.log('Auth: selected account', selectedAccount);\n console.log('Auth: selected project', selectedProject);\n Env.logger.info('Selected account and project', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (Env.isLocalDev && Env.devAuthToken) {\n session.setSession = setSession;\n getComposableToken(selectedAccount, selectedProject, Env.devAuthToken)\n .then((res) => {\n session.login(res.rawToken).then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error('Failed to initialize dev auth token', err);\n Env.logger.error('Failed to initialize dev auth token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n session.isLoading = false;\n session.authError = err instanceof Error ? err : new Error(String(err));\n setSession(session.clone());\n });\n return;\n }\n if (token && state) {\n session.setSession = setSession;\n const validationError = verifyState(state);\n if (validationError) {\n console.error(`Auth: invalid state: ${validationError}`);\n Env.logger.error(`Invalid state: ${validationError}`, {\n vertesia: {\n state: state,\n },\n });\n redirectToCentralAuth();\n }\n else {\n clearState();\n }\n getComposableToken(selectedAccount, selectedProject, token, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken, { loadOnboardingStatus }).then(() => {\n setSession(session.clone());\n //cleanup the hash\n window.location.hash = '';\n });\n })\n .catch((err) => {\n // Don't redirect to central auth for UserNotFoundError - let signup flow handle it\n if (err instanceof UserNotFoundError) {\n console.log('User not found - will trigger signup flow', err);\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n return;\n }\n if (err instanceof STSError) {\n console.error('STS error during token exchange', err);\n Env.logger.error('STS error during token exchange', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n sts_url: err.stsURL,\n error: err,\n },\n });\n window.alert('Authentication failed due to an issue with the authentication service. Please try again later.');\n session.logout();\n setSession(session.clone());\n window.location.hash = '';\n return;\n }\n console.error('Failed to fetch user token from studio, redirecting to central auth', err);\n Env.logger.error('Failed to fetch user token from studio, redirecting to central auth', {\n vertesia: {\n error: err,\n },\n });\n redirectToCentralAuth();\n });\n return;\n }\n let cancelled = false;\n let unsubscribe;\n const startFirebaseOrCentralAuth = () => {\n if (cancelled)\n return;\n // If the current host is not in the Firebase allowlist, central auth owns sign-in.\n if (!session.isLoggedIn()) {\n console.log('Auth: not logged in & no token/state');\n Env.logger.info('Not logged in & no token/state', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (shouldRedirectToCentralAuth()) {\n console.log('Auth: host is not in Firebase auth allowlist, redirecting to central auth with selection', selectedAccount, selectedProject);\n Env.logger.info('Redirecting to central auth with selection', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n redirectToCentralAuth();\n return; // Don't register onAuthStateChanged listener when redirecting\n }\n console.log('Auth: host is in Firebase auth allowlist');\n Env.logger.info('Host is in Firebase auth allowlist', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n }\n unsubscribe = onAuthStateChanged(getFirebaseAuth(), async (firebaseUser) => {\n if (firebaseUser) {\n console.log('Auth: successful login with firebase');\n Env.logger.info('Successful login with firebase', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.setSession = setSession;\n await getComposableToken(selectedAccount, selectedProject, undefined, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session\n .login(res.rawToken, { loadOnboardingStatus })\n .then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error('Failed to fetch user token from studio', err);\n Env.logger.error('Failed to fetch user token from studio', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n if (!(err instanceof UserNotFoundError))\n session.logout();\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n });\n }\n else {\n // anonymous user\n console.log('Auth: using anonymous user');\n Env.logger.info('Using anonymous user', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.client.withAuthCallback(undefined);\n session.logout();\n setSession(session.clone());\n }\n });\n };\n if (Env.authTokenProvider) {\n session.setSession = setSession;\n void Env.authTokenProvider()\n .then(async (injectedToken) => {\n if (!injectedToken) {\n startFirebaseOrCentralAuth();\n return;\n }\n const res = await getComposableToken(selectedAccount, selectedProject, injectedToken, false, shouldRedirectToCentralAuth());\n await session.login(res.rawToken, { loadOnboardingStatus });\n if (!cancelled)\n setSession(session.clone());\n })\n .catch((err) => {\n console.warn('Auth: failed to initialize injected auth token', err);\n Env.logger.warn('Failed to initialize injected auth token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n startFirebaseOrCentralAuth();\n });\n return () => {\n cancelled = true;\n unsubscribe?.();\n };\n }\n startFirebaseOrCentralAuth();\n return () => {\n cancelled = true;\n unsubscribe?.();\n };\n };\n useEffect(() => {\n return authFlowRef.current?.();\n }, []);\n return _jsx(UserSessionContext.Provider, { value: session, children: children });\n}\n//# sourceMappingURL=UserSessionProvider.js.map","import { Env } from '@vertesia/ui/env';\nimport { logEvent } from 'firebase/analytics';\nimport { getFirebaseAnalytics } from './auth/firebase';\nexport function useUXTracking() {\n //identify user in monitoring and UX systems\n const tagUserSession = async (user) => {\n const signupData = window.localStorage.getItem('composableSignupData');\n if (!user) {\n console.error('No user found -- skipping tagging');\n return;\n }\n if (signupData) {\n window.localStorage.removeItem('composableSignupData');\n }\n };\n //send event to analytics and UX systems\n const trackEvent = (eventName, eventProperties) => {\n if (!Env.isProd) {\n console.debug('track event', eventName, eventProperties);\n }\n //GA via firebase\n logEvent(getFirebaseAnalytics(), eventName, { ...eventProperties, debug_mode: !Env.isProd });\n };\n return {\n tagUserSession,\n trackEvent,\n };\n}\n//# sourceMappingURL=useUXTracking.js.map"],"names":["LastSelectedAccountId_KEY","LastSelectedProjectId_KEY","AUTH_TOKEN_RAW","AUTH_TOKEN","_firebaseApp","_analytics","_firebaseAuth","getFirebaseApp","Env","firebase","Error","initializeApp","error","console","cause","getFirebaseAnalytics","getAnalytics","getFirebaseAuth","getAuth","async","setFirebaseTenant","tenantEmail","log","retries","retryDelay","response","fetch","method","headers","body","JSON","stringify","signal","AbortSignal","timeout","ok","errorData","json","status","warn","data","firebaseTenantId","auth","tenantId","providerType","provider","fetchError","Promise","resolve","setTimeout","message","getFirebaseAuthToken","refresh","user","currentUser","getIdToken","then","token","logger","info","vertesia","user_email","email","user_name","displayName","user_id","uid","catch","err","normalizeIssuer","value","replace","decodeToken","jwtDecode","fetchComposableToken","accountId","projectId","ttl","retryCount","account_id","project_id","retry_count","idToken","stsEndpoint","endpoints","sts","sts_url","stsUrl","URL","requestBody","type","expires_at","Math","floor","Date","now","undefined","stsRes","Authorization","STSError","ensureResponse","studio","idTokenDecoded","UserNotFoundError","localStorage","removeItem","errorText","text","fetchComposableTokenFromFirebaseToken","fetchComposableTokenFromVertesiaToken","vertesiaToken","getCurrentVertesiaToken","getComposableToken","initToken","forceRefresh","useInternalAuth","selectedAccount","getItem","selectedProject","devAuthToken","isLocalDev","suppliedToken","exp","rawToken","iss","isVertesiaIssuedToken","constructor","super","this","name","stsURL","AUTH_STATE_KEY","STATE_EXPIRY_KEY","useAuthState","generateState","useCallback","state","crypto","randomUUID","expiryTime","sessionStorage","setItem","toString","verifyState","returnedState","savedState","parseInt","reason","clearState","shouldRedirectToCentralAuth","_hostname","window","AUTH_MODE","authReturnUrl","base","document","baseURI","current","location","href","target","pathname","startsWith","hash","UserSession","isLoading","client","authError","authToken","setSession","lastSelectedAccount","lastSelectedProject","onboardingComplete","VertesiaClient","serverUrl","storeUrl","zeno","tokenServerUrl","logout","bind","store","account","project","accounts","authCallback","rawAuthToken","res","refreshAuthToken","clone","signOut","getAccount","login","options","withAuthCallback","id","onLogin","loadOnboardingStatus","fetchOnboardingStatus","isLoggedIn","logoutUrl","currentUrl","searchParams","set","wasLoggedIn","switchAccount","targetAccountId","switchProject","targetProjectId","fetchAccounts","list","fetchProjects","projects","map","filter","previousStatus","onboarding","onboardingProgress","Object","values","every","session","UserSessionContext","createContext","useUserSession","useContext","useCurrentTenant","currentTenant","setCurrentTenant","useState","setIsLoading","setError","useEffect","tenantData","tenantKey","label","domain","logo","i18nInstance","getFixedT","NAMESPACE","loadCurrentTenant","UserSessionProvider","children","hashParams","URLSearchParams","substring","get","hasInitiatedAuthRef","useRef","authFlowRef","redirectToCentralAuth","url","String","validationError","alert","unsubscribe","cancelled","startFirebaseOrCentralAuth","onAuthStateChanged","firebaseUser","authTokenProvider","injectedToken","_jsx","Provider","useUXTracking","tagUserSession","signupData","trackEvent","eventName","eventProperties","isProd","debug","logEvent","debug_mode"],"mappings":"qgBAAY,MAACA,EAA4B,qCAC5BC,EAA4B,qCCIzC,ICDIC,EACAC,EDAAC,EAAe,KACfC,EAAa,KACbC,EAAgB,KAEb,SAASC,IACZ,IAAKH,EACD,IACI,IAAKI,EAAIC,SACL,MAAM,IAAIC,MAAM,8DAEpBN,EAAeO,EAAcH,EAAIC,SACrC,CACA,MAAOG,GAEH,MADAC,QAAQD,MAAM,qCAAsCA,GAC9C,IAAIF,MAAM,+EAAgF,CAC5FI,MAAOF,GAEf,CAEJ,OAAOR,CACX,CACO,SAASW,IAIZ,OAHKV,IACDA,EAAaW,EAAaT,MAEvBF,CACX,CACO,SAASY,IAIZ,OAHKX,IACDA,EAAgBY,EAAQX,MAErBD,CACX,CACOa,eAAeC,EAAkBC,GACpC,GAAKA,EAIL,GAAKb,EAAIC,SAIT,IACQY,GACAR,QAAQS,IAAI,mCAAmCD,KAEnD,IAAIE,EAAU,EACVC,EAAa,IACjB,KAAOD,EAAU,GACb,IAEI,MAAME,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaA,IAGjBW,OAAQC,YAAYC,QAAQ,OAGhC,IAAKT,EACD,MAAM,IAAIf,MAAM,wCAGpB,IAAKe,EAASU,GAAI,CAEd,IACI,MAAMC,QAAkBX,EAASY,OACjCxB,QAAQD,MAAM,+BAAgCwB,EAAUxB,MAC5D,CACA,MACIC,QAAQD,MAAM,qCAAqCa,EAASa,SAChE,CAEA,GAAwB,MAApBb,EAASa,OAET,YADAzB,QAAQ0B,KAAK,wBAAwBlB,KAGzC,MAAM,IAAIX,MAAM,cAAce,EAASa,SAC3C,CAEA,MAAME,QAAcf,EAASY,OAC7B,GAAIG,GAAMC,iBAAkB,CACxB,MAAMC,EAAOzB,IAIb,OAHAyB,EAAKC,SAAWH,EAAKC,iBACrBjC,EAAIC,SAASmC,aAAeJ,EAAKK,UAAY,OAC7ChC,QAAQS,IAAI,oBAAoBoB,EAAKC,YAC9BH,CACX,CAGI,YADA3B,QAAQD,MAAM,iDAAiDS,IAGvE,CACA,MAAOyB,GAEH,KAAIvB,EAAU,GAOV,MAAMuB,EANNjC,QAAQ0B,KAAK,yCAAyCf,SAAmBsB,SACnE,IAAIC,QAASC,GAAYC,WAAWD,EAASxB,IACnDA,GAAc,EACdD,GAKR,CAER,CACA,MAAOX,GAEHC,QAAQD,MAAM,iCAAkCA,aAAiBF,MAAQE,EAAMsC,QAAU,gBAG7F,MA7EIrC,QAAQS,IAAI,mEAJZT,QAAQS,IAAI,2DAkFpB,CACOH,eAAegC,EAAqBC,GACvC,MACMC,EADOpC,IACKqC,YAClB,OAAID,EACOA,EACFE,WAAWH,GACXI,KAAMC,IACPjD,EAAIkD,OAAOC,KAAK,qBAAsB,CAClCC,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,KAGVK,IAENU,MAAOC,IACR5D,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,EACTxC,MAAOwD,KAGfvD,QAAQD,MAAM,6BAA8BwD,GACrC,QAIX5D,EAAIkD,OAAOnB,KAAK,iBACTQ,QAAQC,QAAQ,MAE/B,CCxJA,SAASqB,EAAgBC,GACrB,OAAOA,GAAOC,QAAQ,OAAQ,GAClC,CACA,SAASC,EAAYf,GACjB,OAAOgB,EAAUhB,EACrB,CAYOtC,eAAeuD,EAAqBnB,EAAYoB,EAAWC,EAAWC,EAAKC,EAAa,GAC3FjE,QAAQS,IAAI,mDAAmDqD,iBAAyBC,MACxFpE,EAAIkD,OAAOC,KAAK,sCAAuC,CACnDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZK,YAAaH,KAGrB,MAAMI,QAAgB3B,IACtB,IAAK2B,EAED,MADArE,QAAQS,IAAI,yCACN,IAAIZ,MAAM,qBAGpB,MAAMyE,EAAc3E,EAAI4E,UAAUC,IAClCxE,QAAQS,IAAI,kCAAmC6D,GAC/C3E,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZU,QAASH,KAGjB,IAEI,MAAMI,EAAS,IAAIC,IAAI,GAAGL,iBACpBM,EAAc,CAChBC,KAAM,OACNX,WAAYJ,EACZK,WAAYJ,EACZe,WAAYd,EAAMe,KAAKC,MAAMC,KAAKC,MAAQ,KAAQlB,OAAMmB,GAEtDC,QAAevE,MAAM6D,EAAQ,CAC/B5D,OAAQ,OACRC,QAAS,CACL,eAAgB,mBAChBsE,cAAe,UAAUhB,KAE7BrD,KAAMC,KAAKC,UAAU0D,KACtBtB,MAAOvD,IASN,MARAC,QAAQD,MAAM,8BAA+BA,GAC7CJ,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZhE,MAAOA,KAGT,IAAIuF,EAAS,8BAA+BhB,KAEtD,GAAID,GAA8B,MAAnBe,GAAQ3D,OAAgB,CAEnCzB,QAAQS,IAAI,sDACZd,EAAIkD,OAAOC,KAAK,qDAAsD,CAClEC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,GAAQ3D,UAGxB,MAAM8D,QAAuB1E,MAAM,GAAGlB,EAAI4E,UAAUiB,0BAA2B,CAC3E1E,OAAQ,OACRC,QAAS,CACLsE,cAAe,UAAUhB,IACzB,eAAgB,sBAGxB,GAA8B,MAA1BkB,EAAe9D,OAAgB,CAE/BzB,QAAQS,IAAI,0CACZd,EAAIkD,OAAOC,KAAK,yCAA0C,CACtDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGpB,MAAM0B,EAAiB7B,EAAUS,GACjC,IAAKoB,GAAgBxC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BAEpB,MAAM,IAAI6F,EAAkB,mCAAoCD,EAAexC,MACnF,CACA,GAA8B,MAA1BsC,EAAe9D,OAQf,MANA9B,EAAIkD,OAAOnB,KAAK,uDAAwD,CACpEqB,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGd,IAAIlE,MAAM,mDAEpB,IAAK0F,EAAejE,GAShB,MARAtB,QAAQD,MAAM,+BAAgCwF,EAAe9D,QAC7D9B,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ8D,EAAe9D,UAGzB,IAAI5B,MAAM,gCAUpB,OAPAG,QAAQS,IAAI,4CACZd,EAAIkD,OAAOC,KAAK,2CAA4C,CACxDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGbF,EAAqBnB,EAAYoB,EAAWC,EAAWC,EAAKC,EACvE,CACA,GAAII,GAA8B,MAAnBe,GAAQ3D,OAAgB,CACnCzB,QAAQS,IAAI,+DAAgE2E,GAAQ3D,QACpF9B,EAAIkD,OAAO9C,MAAM,+DAAgE,CAC7EgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,GAAQ3D,UAGxB,MAAMgE,EAAiB7B,EAAUS,GACjC,IAAKoB,GAAgBxC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BASpB,MAPAF,EAAIkD,OAAO9C,MAAM,iBAAkB,CAC/BgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZd,MAAOwC,EAAexC,SAGxB,IAAIyC,EAAkB,iBAAkBD,EAAexC,MACjE,CACA,GAAsB,MAAlBmC,EAAO3D,OAAgB,CAMvB,GAAIwC,EAAa,EAWb,MATAjE,QAAQD,MAAM,6EACdJ,EAAIkD,OAAO9C,MAAM,yDAA0D,CACvEgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,EAAO3D,OACf2C,YAAaH,KAGf,IAAIpE,MAAM,4DAiBpB,OAfAG,QAAQS,IAAI,mFACZd,EAAIkD,OAAOnB,KAAK,4DAA6D,CACzEqB,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,EAAO3D,OACf2C,YAAaH,KAIrB0B,aAAaC,WAAWzG,GACpB2E,GACA6B,aAAaC,WAAW,GAAGxG,KAA6B0E,KAGrDD,EAAqBnB,OAAYyC,OAAWA,EAAWnB,EAAKC,EAAa,EACpF,CACA,IAAKmB,EAAO9D,GAAI,CACZ,MAAMuE,QAAkBT,EAAOU,OAU/B,MATA9F,QAAQD,MAAM,+BAAgCqF,EAAO3D,OAAQoE,GAC7DlG,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNtB,OAAQ2D,EAAO3D,OACf1B,MAAO8F,EACP3B,WAAYJ,EACZK,WAAYJ,KAGd,IAAIlE,MAAM,iCAAiCuF,EAAO3D,SAC5D,CACA,MAAMmB,MAAEA,SAAgBwC,EAAO5D,OAG/B,OAFAxB,QAAQS,IAAI,mCACZd,EAAIkD,OAAOC,KAAK,mCACTF,CACX,CACA,MAAO7C,GACH,GAAIA,aAAiB2F,GAAqB3F,aAAiBuF,EACvD,MAAMvF,EAeV,MAZA4F,aAAaC,WAAWzG,GACpB2E,GACA6B,aAAaC,WAAW,GAAGxG,KAA6B0E,KAE5D9D,QAAQD,MAAM,0CAA2CA,GACzDJ,EAAIkD,OAAO9C,MAAM,0CAA2C,CACxDgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZhE,MAAOA,KAGT,IAAIF,MAAM,iCAAkC,CAAEI,MAAOF,GAC/D,CACJ,CAQOO,eAAeyF,EAAsCjC,EAAWC,EAAWC,GAC9E,OAAOH,EAAqBvB,EAAsBwB,EAAWC,EAAWC,EAC5E,CAMO1D,eAAe0F,EAAsCC,EAAenC,EAAWC,EAAWC,GAC7F,OAAOH,EAAqB,IAAM3B,QAAQC,QAAQ8D,GAAgBnC,EAAWC,EAAWC,EAC5F,CAEO,SAASkC,IACZ,OAAO7G,CACX,CACOiB,eAAe6F,EAAmBrC,EAAWC,EAAWqC,EAAWC,GAAe,EAAOC,GAAkB,GAC9G,MAAMC,EAAkBzC,GAAa6B,aAAaa,QAAQrH,SAA8BgG,EAClFsB,EAAkB1C,GAAa4B,aAAaa,QAAQ,GAAGpH,KAA6BmH,WAAsBpB,EAC1GuB,EAAe/G,EAAIgH,WAAahH,EAAI+G,kBAAevB,EACnDyB,EAAgBF,GAAgBN,GAAa/G,EAEnD,IAAKgH,GAAgBhH,GAAkBC,GAAcA,EAAWuH,IAAM5B,KAAKC,MAAQ,IAAO,IACtF,MAAO,CAAE4B,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,GAEjE,IAAKsG,GA9PT,SAA+BzD,GAC3B,IAAKA,EACD,OAAO,EACX,IAEI,OAAOY,EADSG,EAAYf,GACGmE,OAASvD,EAAgB7D,EAAI4E,UAAUC,IAC1E,CACA,MACI,OAAO,CACX,CACJ,CAoPyBwC,CAAsBJ,GAAgB,CAGvD,GAFAvH,EAAiBuH,EACjBtH,EAAaqE,EAAYtE,IACpBC,EAAWuH,IACZ,MAAM,IAAIhH,MAAM,4BAEpB,MAAO,CAAEiH,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CAaA,GAXK2G,GAAiBJ,IAAmBlG,IAAkBqC,YAIjDiE,IAAiBN,IAAa/G,EAI/BqH,IACLrH,EAAiBqH,GAHjBrH,QAAuBwE,EAAqB,IAAM3B,QAAQC,QAAQiE,GAAa/G,GAAiBkH,EAAiBE,GAJjHpH,QAAuB0G,EAAsCQ,EAAiBE,IAS7EpH,EAOD,MANAM,EAAIkD,OAAO9C,MAAM,oCAAqC,CAClDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGd,IAAI5G,MAAM,qCAGpB,GADAP,EAAaqE,EAAYtE,IACpBC,GAAYuH,MAAQxH,EAQrB,MAPAW,QAAQD,MAAM,2BAA4BT,GAC1CK,EAAIkD,OAAO9C,MAAM,2BAA4B,CACzCgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGd,IAAI5G,MAAM,4BAEpB,MAAO,CAAEiH,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CACO,MAAM2F,UAA0B7F,MACnCoD,MACA,WAAAgE,CAAY5E,EAASY,GACjBiE,MAAM7E,GACN8E,KAAKC,KAAO,oBACZD,KAAKlE,MAAQA,CACjB,EAEG,MAAMqC,UAAiBzF,MAC1BwH,OACA,WAAAJ,CAAY5E,EAASgF,GACjBH,MAAM7E,GACN8E,KAAKC,KAAO,WACZD,KAAKE,OAASA,CAClB,EC7TJ,MAAMC,EAAiB,aACjBC,EAAmB,oBAElB,SAASC,IAmCZ,MAAO,CAAEC,cAjCaC,EAAY,KAC9B,MAAMC,EAAQC,OAAOC,aACfC,EAAa7C,KAAKC,MALd,IASV,OAFA6C,eAAeC,QAAQV,EAAgBK,GACvCI,eAAeC,QAAQT,EAAkBO,EAAWG,YAC7CN,GACR,IA0BqBO,YAxBJR,EAAaS,IAC7B,IAAKA,EACD,MAAO,gBAEX,MAAMC,EAAaL,eAAevB,QAAQc,GACpCQ,EAAaO,SAASN,eAAevB,QAAQe,IAAqB,IAAK,IAC7E,IAAIe,EAWJ,OARIA,EADAF,IAAeD,EACN,qBAAqBC,SAAkBD,KAE3ClD,KAAKC,MAAQ4C,EACT,qBAGA3C,EAENmD,GACR,IAMkCC,WAJlBb,EAAY,KAC3BK,eAAenC,WAAW0B,GAC1BS,eAAenC,WAAW2B,IAC3B,IAEP,CCzCO,SAASiB,EAA4BC,GACxC,QAH4B,aAArBC,OAAOC,UAIlB,CAeO,SAASC,IACZ,MAAMC,EAAO,IAAIlE,IAAImE,SAASC,SACxBC,EAAU,IAAIrE,IAAI+D,OAAOO,SAASC,MAClCC,EAASH,EAAQI,SAASC,WAAWR,EAAKO,UAAYJ,EAAUH,EAEtE,OADAM,EAAOG,KAAO,GACPH,CACX,CChBA,MAAMI,EACFC,WAAY,EACZC,OACAC,UACAC,UACAC,WACAC,oBACAC,oBACAC,mBACA,WAAA9C,CAAYwC,EAAQG,GAEZzC,KAAKsC,OADLA,GAIc,IAAIO,EAAe,CAC7BC,UAAWtK,EAAI4E,UAAUiB,OACzB0E,SAAUvK,EAAI4E,UAAU4F,KACxBC,eAAgBzK,EAAI4E,UAAUC,MAGlCoF,IACAzC,KAAKyC,WAAaA,GAEtBzC,KAAKkD,OAASlD,KAAKkD,OAAOC,KAAKnD,KACnC,CACA,SAAIoD,GACA,OAAOpD,KAAKsC,OAAOc,KACvB,CACA,QAAI/H,GAEA,OAAO2E,KAAKwC,SAChB,CACA,WAAIa,GAEA,OAAOrD,KAAKwC,WAAWa,OAC3B,CACA,WAAIC,GACA,OAAOtD,KAAKwC,WAAWc,OAC3B,CACA,YAAIC,GAEA,OAAOvD,KAAKwC,WAAWe,QAC3B,CACA,gBAAIC,GACA,OAAOxD,KAAKyD,aAAajI,KAAMC,GAAU,UAAUA,IACvD,CACA,gBAAIgI,GACA,OAAOzE,IAAqBxD,KAAMkI,IAC9B,MAAMjI,EAAQiI,GAAK/D,SACnB,IAAKlE,EACD,MAAM,IAAI/C,MAAM,sBAGpB,OADAsH,KAAKwC,UAAY/F,EAAUhB,GACpBA,GAEf,CAMA,sBAAMkI,GACF,MAAMD,QAAY1E,OAAmBhB,OAAWA,OAAWA,GAAW,GAChEvC,EAAQiI,GAAK/D,SACnB,IAAKlE,EACD,MAAM,IAAI/C,MAAM,sBAIpB,OAFAsH,KAAKwC,UAAY/F,EAAUhB,GAC3BuE,KAAKyC,aAAazC,KAAK4D,SAChB5D,KAAKwC,SAChB,CACA,OAAAqB,GAEI7D,KAAKkD,QACT,CACA,UAAAY,GACI,OAAO9D,KAAKwC,WAAWa,OAC3B,CACA,WAAMU,CAAMtI,EAAOuI,EAAU,IAczB,OAbAhE,KAAKuC,eAAYvE,EACjBgC,KAAKqC,WAAY,EACjBrC,KAAKsC,OAAO2B,iBAAiB,IAAMjE,KAAKwD,cACxCxD,KAAKwC,UAAY/F,EAAUhB,GAC3B5C,QAAQS,IAAI,iBAAiB0G,KAAKwC,WAAWvC,qBAAqBD,KAAKwC,WAAWa,QAAQpD,SAASD,KAAKwC,WAAWa,QAAQa,mBAAmBlE,KAAKwC,WAAWc,SAASrD,SAASD,KAAKwC,WAAWc,SAASY,OAEzM1F,aAAaqC,QAAQ7I,EAA2BgI,KAAKwC,UAAUa,QAAQa,IACvE1F,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAKwC,UAAUa,QAAQa,KAAMlE,KAAKwC,UAAUc,SAASY,IAAM,IAEhH1L,EAAI2L,UAAUnE,KAAKwC,YACfwB,EAAQI,sBAAwB,UAC1BpE,KAAKqE,wBAERtJ,QAAQC,SACnB,CACA,UAAAsJ,GACI,QAAStE,KAAKwC,SAClB,CACA,MAAAU,GAEI,GADArK,QAAQS,IAAI,eACR+H,IAA+B,CAG/BxI,QAAQS,IAAI,6BACZ0G,KAAKuC,eAAYvE,EACjBgC,KAAKqC,WAAY,EACjBrC,KAAKwC,eAAYxE,EACjBgC,KAAKyC,gBAAazE,EAClBgC,KAAKsC,OAAO2B,sBAAiBjG,GAC7B,MAAMuG,EAAY,IAAI/G,IA7GJ,uCA8GZgH,EAAa/C,IACnB8C,EAAUtC,SAAW,UACrBsC,EAAUE,aAAaC,IAAI,eAAgBF,EAAW1D,YACtDgB,SAASvF,QAAQgI,EAAUzD,WAC/B,KACK,CAEDjI,QAAQS,IAAI,yBACZ,MAAMqL,IAAgB3E,KAAKwC,UACvBxC,KAAKwC,WACAvJ,IAAkB4K,UAE3B7D,KAAKuC,eAAYvE,EACjBgC,KAAKqC,WAAY,EACjBrC,KAAKwC,eAAYxE,EACjBgC,KAAKyC,gBAAazE,EAClBgC,KAAKsC,OAAO2B,sBAAiBjG,GAKzB2G,GACA7C,SAASvF,QAAQ,IAEzB,CACJ,CACA,mBAAMqI,CAAcC,GAChBrG,aAAaqC,QAAQ7I,EAA2B6M,GAC5C7E,OACIA,KAAKqD,SAAWrD,KAAKsD,QACrB9E,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAKqD,QAAQa,KAAMlE,KAAKsD,QAAQY,IAEhFlE,KAAKqD,SACV7E,aAAaC,WAAW,GAAGxG,KAA6B+H,KAAKqD,QAAQa,OAG7E3C,OAAOO,SAASvF,QAAQ,OAAOsI,IACnC,CACA,mBAAMC,CAAcC,GACZ/E,KAAKqD,SACL7E,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAKqD,QAAQa,KAAMa,GAE5ExD,OAAOO,SAASvF,QAAQ,OAAOyD,KAAKqD,SAASa,QAAQa,IACzD,CACA,mBAAMC,GACF,OAAOhF,KAAKsC,OAAOiB,SACd0B,OACAzJ,KAAM+H,IACP,IAAKvD,KAAKwC,UACN,MAAM,IAAI9J,MAAM,sBAEpBsH,KAAKwC,UAAUe,SAAWA,EAC1BvD,KAAKyC,aAAazC,KAAK4D,WAEtBzH,MAAOC,IAER,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,mBAAM8I,CAAcvI,GAChB,OAAOqD,KAAKsC,OAAO6C,SACdF,KAAK,CAACtI,IACNnB,KAAM2J,IACP,IAAKnF,KAAKwC,UACN,MAAM,IAAI9J,MAAM,sBAEpBsH,KAAKwC,UAAY,IACVxC,KAAKwC,UACRe,SAAUvD,KAAKwC,UAAUe,UAAU6B,IAAK/B,GAChCA,EAAQa,KAAOvH,EACR,IACA0G,EACH8B,SAAUA,EAASE,OAAQ/B,GAAYA,EAAQD,UAAY1G,IAG5D0G,IAGfrD,KAAKyC,aAAazC,KAAK4D,WAEtBzH,MAAOC,IAER,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,2BAAMiI,GACF,GAAIrE,KAAK4C,mBAEL,OADA/J,QAAQS,IAAI,iCACL,EAEX,MAAMgM,EAAiBtF,KAAK4C,mBAC5B,IACI,MAAM2C,QAAmBvF,KAAKsC,OAAOe,QAAQmC,qBAE7C,GADAxF,KAAK4C,mBAAqB6C,OAAOC,OAAOH,GAAYI,MAAOrJ,IAAoB,IAAVA,GACjEgJ,IAAmBtF,KAAK4C,mBACxB,OAAO,EAEX5C,KAAKyC,aAAazC,KAAK4D,QAC3B,CACA,MAAOhL,GACHC,QAAQD,MAAM,oCAAqCA,GACnDoH,KAAK4C,oBAAqB,EAC1B5C,KAAKyC,aAAazC,KAAK4D,QAC3B,CACA,OAAO,CACX,CACA,KAAAA,GACI,MAAMgC,EAAU,IAAIxD,EAAYpC,KAAKsC,QAQrC,OAPAsD,EAAQvD,UAAYrC,KAAKqC,UACzBuD,EAAQrD,UAAYvC,KAAKuC,UACzBqD,EAAQpD,UAAYxC,KAAKwC,UACzBoD,EAAQnD,WAAazC,KAAKyC,WAC1BmD,EAAQlD,oBAAsB1C,KAAK0C,oBACnCkD,EAAQhB,cAAgB5E,KAAK4E,cAC7BgB,EAAQhD,mBAAqB5C,KAAK4C,mBAC3BgD,CACX,EAEC,MAACC,EAAqBC,OAAc9H,GAClC,SAAS+H,IACZ,MAAMH,EAAUI,EAAWH,GAC3B,IAAKD,EACD,MAAM,IAAIlN,MAAM,4DAEpB,OAAOkN,CACX,CCjPO,SAASK,IACZ,MAAM5K,KAAEA,GAAS0K,KACVG,EAAeC,GAAoBC,EAAS,OAC5C/D,EAAWgE,GAAgBD,GAAS,IACpCxN,EAAO0N,GAAYF,EAAS,MAkDnC,OAjDAG,EAAU,KACoBpN,WACtB,IAAKkC,GAAMS,MAGP,OAFAqK,EAAiB,WACjBE,GAAa,GAGjB,IACI,MAAM5M,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAagC,EAAKS,UAG1B,GAAIrC,EAASU,GAAI,CACb,MAAMqM,QAAmB/M,EAASY,OAG9B8L,EAFAK,EAEiB,CACbC,UAAWD,EAAWvG,MAAQ,UAC9BA,KAAMuG,EAAWE,OAASF,EAAWvG,MAAQ,UAC7C0G,OAAQH,EAAWG,QAAU,GAC7BlM,iBAAkB+L,EAAW/L,iBAC7BI,SAAU2L,EAAW3L,SACrB+L,KAAMJ,EAAWI,MAIJ,KAEzB,MAEIT,EAAiB,KAEzB,CACA,MAAOvN,GACHC,QAAQD,MAAM,gCAAiCA,GAC/C0N,EAASO,EAAaC,UAAU,KAAMC,EAA7BF,CAAwC,oCACjDV,EAAiB,KACrB,CACZ,QACgBE,GAAa,EACjB,GAECW,IACN,CAAC3L,GAAMS,QACH,CACHoK,gBACA7D,YACAzJ,QAER,CCpDO,SAASqO,GAAoBC,SAAEA,EAAQ9C,qBAAEA,GAAuB,IACnE,MAAM+C,EAAa,IAAIC,gBAAgBtF,SAASK,KAAKkF,UAAU,IACzD5L,EAAQ0L,EAAWG,IAAI,SACvB9G,EAAQ2G,EAAWG,IAAI,UACtB1B,EAASnD,GAAc2D,EAAS,IAAIhE,IACrC9B,cAAEA,EAAaS,YAAEA,EAAWK,WAAEA,GAAef,IAC7CkH,EAAsBC,GAAO,GAC7BC,EAAcD,OAAOxJ,GACrB0J,EAAwB,CAAC9K,EAAWD,KACtC,MAAMgL,EAAM,IAAInK,IAAI,2CAAgChF,EAAI4E,UAAUC,KAAO,6BACnEmH,EAAa/C,IAKnBkG,EAAIlD,aAAaC,IAAI,eAAgBF,EAAW1D,YAChD6G,EAAIlD,aAAaC,IAAI,QAASpE,KAC9BwB,SAASvF,QAAQoL,EAAI7G,aA6NzB,OA3NA2G,EAAY5F,QAAU,KAElB,GAAI0F,EAAoB1F,QAEpB,YADAhJ,QAAQS,IAAI,iDAGhBiO,EAAoB1F,SAAU,EAC9BhJ,QAAQS,IAAI,4BACZd,EAAIkD,OAAOC,KAAK,sBAChB,MAAM6I,EAAa,IAAIhH,IAAI+D,OAAOO,SAASC,MACrC3C,EAAkBoF,EAAWC,aAAa6C,IAAI,MAAQ9I,aAAaa,QAAQrH,SAA8BgG,EACzGsB,EAAkBkF,EAAWC,aAAa6C,IAAI,MAChD9I,aAAaa,QAAQ,GAAGpH,KAA6BmH,WACrDpB,EASJ,GARAnF,QAAQS,IAAI,yBAA0B8F,GACtCvG,QAAQS,IAAI,yBAA0BgG,GACtC9G,EAAIkD,OAAOC,KAAK,+BAAgC,CAC5CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGhB9G,EAAIgH,YAAchH,EAAI+G,aAmBtB,OAlBAqG,EAAQnD,WAAaA,OACrBzD,EAAmBI,EAAiBE,EAAiB9G,EAAI+G,cACpD/D,KAAMkI,IACPkC,EAAQ7B,MAAML,EAAI/D,UAAUnE,KAAK,IAAMiH,EAAWmD,EAAQhC,YAEzDzH,MAAOC,IACRvD,QAAQD,MAAM,sCAAuCwD,GACrD5D,EAAIkD,OAAO9C,MAAM,sCAAuC,CACpDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGfwJ,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYnG,aAAe1D,MAAQ0D,EAAM,IAAI1D,MAAMkP,OAAOxL,IAClEqG,EAAWmD,EAAQhC,WAI3B,GAAInI,GAAS+E,EAAO,CAChBoF,EAAQnD,WAAaA,EACrB,MAAMoF,EAAkB9G,EAAYP,GAsDpC,OArDIqH,GACAhP,QAAQD,MAAM,wBAAwBiP,KACtCrP,EAAIkD,OAAO9C,MAAM,kBAAkBiP,IAAmB,CAClDjM,SAAU,CACN4E,MAAOA,KAGfkH,KAGAtG,SAEJpC,EAAmBI,EAAiBE,EAAiB7D,GAAO,EAAO4F,KAC9D7F,KAAMkI,IACPkC,EAAQ7B,MAAML,EAAI/D,SAAU,CAAEyE,yBAAwB5I,KAAK,KACvDiH,EAAWmD,EAAQhC,SAEnBrC,OAAOO,SAASK,KAAO,OAG1BhG,MAAOC,GAEJA,aAAemC,GACf1F,QAAQS,IAAI,4CAA6C8C,GACzDwJ,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYnG,OACpBqG,EAAWmD,EAAQhC,UAGnBxH,aAAe+B,GACftF,QAAQD,MAAM,kCAAmCwD,GACjD5D,EAAIkD,OAAO9C,MAAM,kCAAmC,CAChDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZhC,QAASlB,EAAI8D,OACbtH,MAAOwD,KAGfmF,OAAOuG,MAAM,kGACblC,EAAQ1C,SACRT,EAAWmD,EAAQhC,cACnBrC,OAAOO,SAASK,KAAO,MAG3BtJ,QAAQD,MAAM,sEAAuEwD,GACrF5D,EAAIkD,OAAO9C,MAAM,sEAAuE,CACpFgD,SAAU,CACNhD,MAAOwD,UAGfsL,KAGR,CACA,IACIK,EADAC,GAAY,EAEhB,MAAMC,EAA6B,KAC/B,IAAID,EAAJ,CAGA,IAAKpC,EAAQtB,aAAc,CAQvB,GAPAzL,QAAQS,IAAI,wCACZd,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGhB+B,IASA,OARAxI,QAAQS,IAAI,2FAA4F8F,EAAiBE,GACzH9G,EAAIkD,OAAOC,KAAK,6CAA8C,CAC1DC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,UAGpBoI,IAGJ7O,QAAQS,IAAI,4CACZd,EAAIkD,OAAOC,KAAK,qCAAsC,CAClDC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,IAGxB,CACAyI,EAAcG,EAAmBjP,IAAmBE,MAAOgP,IACnDA,GACAtP,QAAQS,IAAI,wCACZd,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGpBsG,EAAQnD,WAAaA,QACfzD,EAAmBI,EAAiBE,OAAiBtB,GAAW,EAAOqD,KACxE7F,KAAMkI,IACPkC,EACK7B,MAAML,EAAI/D,SAAU,CAAEyE,yBACtB5I,KAAK,IAAMiH,EAAWmD,EAAQhC,YAElCzH,MAAOC,IACRvD,QAAQD,MAAM,yCAA0CwD,GACxD5D,EAAIkD,OAAO9C,MAAM,yCAA0C,CACvDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGTA,aAAemC,GACjBqH,EAAQ1C,SACZ0C,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYnG,EACpBqG,EAAWmD,EAAQhC,aAKvB/K,QAAQS,IAAI,8BACZd,EAAIkD,OAAOC,KAAK,uBAAwB,CACpCC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGpBsG,EAAQtD,OAAO2B,sBAAiBjG,GAChC4H,EAAQ1C,SACRT,EAAWmD,EAAQhC,WAxEvB,GA4ER,OAAIpL,EAAI4P,mBACJxC,EAAQnD,WAAaA,EAChBjK,EAAI4P,oBACJ5M,KAAKrC,MAAOkP,IACb,IAAKA,EAED,YADAJ,IAGJ,MAAMvE,QAAY1E,EAAmBI,EAAiBE,EAAiB+I,GAAe,EAAOhH,WACvFuE,EAAQ7B,MAAML,EAAI/D,SAAU,CAAEyE,yBAC/B4D,GACDvF,EAAWmD,EAAQhC,WAEtBzH,MAAOC,IACRvD,QAAQ0B,KAAK,iDAAkD6B,GAC/D5D,EAAIkD,OAAOnB,KAAK,2CAA4C,CACxDqB,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGf6L,MAEG,KACHD,GAAY,EACZD,SAGRE,IACO,KACHD,GAAY,EACZD,SAGRxB,EAAU,IACCkB,EAAY5F,YACpB,IACIyG,EAAKzC,EAAmB0C,SAAU,CAAEjM,MAAOsJ,EAASsB,SAAUA,GACzE,CCtPO,SAASsB,IAoBZ,MAAO,CACHC,eAnBmBtP,MAAOkC,IAC1B,MAAMqN,EAAanH,OAAO/C,aAAaa,QAAQ,wBAC1ChE,EAIDqN,GACAnH,OAAO/C,aAAaC,WAAW,wBAJ/B5F,QAAQD,MAAM,sCAiBlB+P,WATe,CAACC,EAAWC,KACtBrQ,EAAIsQ,QACLjQ,QAAQkQ,MAAM,cAAeH,EAAWC,GAG5CG,EAASjQ,IAAwB6P,EAAW,IAAKC,EAAiBI,YAAazQ,EAAIsQ,UAM3F"}
|
|
1
|
+
{"version":3,"file":"vertesia-ui-session.js","sources":["session/constants.js","session/auth/firebase.js","session/auth/composable.js","session/auth/useAuthState.js","session/auth/domainRouting.js","session/UserSession.js","session/auth/useCurrentTenant.js","session/UserSessionProvider.js","session/useUXTracking.js"],"sourcesContent":["export const LastSelectedAccountId_KEY = 'composableai.lastSelectedAccountId';\nexport const LastSelectedProjectId_KEY = 'composableai.lastSelectedProjectId';\n//# sourceMappingURL=constants.js.map","import { Env } from '@vertesia/ui/env';\nimport { getAnalytics } from 'firebase/analytics';\nimport { initializeApp } from 'firebase/app';\nimport { getAuth } from 'firebase/auth';\n// Use lazy initialization to avoid accessing Env before it's initialized\nlet _firebaseApp = null;\nlet _analytics = null;\nlet _firebaseAuth = null;\n// Getters that lazily initialize Firebase components when first accessed\nexport function getFirebaseApp() {\n if (!_firebaseApp) {\n try {\n if (!Env.firebase) {\n throw new Error('Firebase configuration is not available in the environment');\n }\n _firebaseApp = initializeApp(Env.firebase);\n }\n catch (error) {\n console.error('Failed to initialize Firebase app:', error);\n throw new Error('Firebase initialization failed - environment may not be properly initialized', {\n cause: error,\n });\n }\n }\n return _firebaseApp;\n}\nexport function getFirebaseAnalytics() {\n if (!_analytics) {\n _analytics = getAnalytics(getFirebaseApp());\n }\n return _analytics;\n}\nexport function getFirebaseAuth() {\n if (!_firebaseAuth) {\n _firebaseAuth = getAuth(getFirebaseApp());\n }\n return _firebaseAuth;\n}\nexport async function setFirebaseTenant(tenantEmail) {\n if (!tenantEmail) {\n console.log('No tenant name or email specified, skipping tenant setup');\n return;\n }\n if (!Env.firebase) {\n console.log('Firebase configuration is not available in the environment');\n return;\n }\n try {\n if (tenantEmail)\n console.log(`Resolving tenant ID from email: ${tenantEmail}`);\n // Add retry logic with exponential backoff\n let retries = 3;\n let retryDelay = 250; // Start with 250ms delay\n while (retries > 0) {\n try {\n // Call the API endpoint to resolve the tenant ID\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: tenantEmail,\n }),\n // Add timeout to prevent hanging requests\n signal: AbortSignal.timeout(5000),\n });\n // Check for network errors\n if (!response) {\n throw new Error('No response received from tenant API');\n }\n // Handle HTTP error responses\n if (!response.ok) {\n // Try to parse the error response\n try {\n const errorData = await response.json();\n console.error('Failed to resolve tenant ID:', errorData.error);\n }\n catch {\n console.error(`Failed to resolve tenant ID: HTTP ${response.status}`);\n }\n // If the error is 404 Not Found, no need to retry\n if (response.status === 404) {\n console.warn(`Tenant not found for ${tenantEmail}`);\n return;\n }\n throw new Error(`HTTP error ${response.status}`);\n }\n // Successfully got a response, parse it\n const data = (await response.json());\n if (data?.firebaseTenantId) {\n const auth = getFirebaseAuth();\n auth.tenantId = data.firebaseTenantId;\n Env.firebase.providerType = data.provider ?? 'oidc';\n console.log(`Tenant ID set to ${auth.tenantId}`);\n return data;\n }\n else {\n console.error(`Invalid response format, missing tenantId for ${tenantEmail}`);\n return; // No need to retry for invalid response format\n }\n }\n catch (fetchError) {\n // Only retry for network-related errors\n if (retries > 1) {\n console.warn(`Tenant resolution failed, retrying in ${retryDelay}ms...`, fetchError);\n await new Promise((resolve) => setTimeout(resolve, retryDelay));\n retryDelay *= 2; // Exponential backoff\n retries--;\n }\n else {\n throw fetchError; // Last retry failed, propagate error\n }\n }\n }\n }\n catch (error) {\n // Final error handler\n console.error('Error setting Firebase tenant:', error instanceof Error ? error.message : 'Unknown error');\n // Continue without tenant ID - authentication will work without multi-tenancy\n // but the user will access the default tenant\n }\n}\nexport async function getFirebaseAuthToken(refresh) {\n const auth = getFirebaseAuth();\n const user = auth.currentUser;\n if (user) {\n return user\n .getIdToken(refresh)\n .then((token) => {\n Env.logger.info('Got Firebase token', {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n },\n });\n return token;\n })\n .catch((err) => {\n Env.logger.error('Failed to get Firebase token', {\n vertesia: {\n user_email: user.email,\n user_name: user.displayName,\n user_id: user.uid,\n refresh: refresh,\n error: err,\n },\n });\n console.error('Failed to get access token', err);\n return null;\n });\n }\n else {\n Env.logger.warn('No user found');\n return Promise.resolve(null);\n }\n}\n//# sourceMappingURL=firebase.js.map","import { Env } from '@vertesia/ui/env';\nimport { jwtDecode } from 'jwt-decode';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from '../constants';\nimport { getFirebaseAuth, getFirebaseAuthToken } from './firebase';\nlet AUTH_TOKEN_RAW;\nlet AUTH_TOKEN;\nfunction normalizeIssuer(value) {\n return value?.replace(/\\/+$/, '');\n}\nfunction decodeToken(token) {\n return jwtDecode(token);\n}\nfunction isVertesiaIssuedToken(token) {\n if (!token)\n return false;\n try {\n const decoded = decodeToken(token);\n return normalizeIssuer(decoded.iss) === normalizeIssuer(Env.endpoints.sts);\n }\n catch {\n return false;\n }\n}\nexport async function fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount = 0) {\n console.log(`Getting/refreshing composable token for account ${accountId} and project ${projectId} `);\n Env.logger.info('Getting/refreshing composable token', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n retry_count: retryCount,\n },\n });\n const idToken = await getIdToken(); //get from firebase\n if (!idToken) {\n console.log('No id token found - using cookie auth');\n throw new Error('No id token found');\n }\n // Use STS endpoint - either configured or default to sts.vertesia.io\n const stsEndpoint = Env.endpoints.sts;\n console.log('Using STS for token generation:', stsEndpoint);\n Env.logger.info('Using STS for token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n sts_url: stsEndpoint,\n },\n });\n try {\n // Call STS to generate a user token\n const stsUrl = new URL(`${stsEndpoint}/token/issue`);\n const requestBody = {\n type: 'user',\n account_id: accountId,\n project_id: projectId,\n expires_at: ttl ? Math.floor(Date.now() / 1000) + ttl : undefined,\n };\n const stsRes = await fetch(stsUrl, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Authorization: `Bearer ${idToken}`, // Firebase token for authentication\n },\n body: JSON.stringify(requestBody),\n }).catch((error) => {\n console.error('Failed to call STS endpoint', error);\n Env.logger.error('Failed to call STS endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new STSError('Failed to call STS endpoint', stsEndpoint);\n });\n if (idToken && stsRes?.status === 404) {\n // User not found in token-server - call ensure-user endpoint\n console.log('404: User not found - calling ensure-user endpoint');\n Env.logger.info('404: User not found - calling ensure-user endpoint', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status,\n },\n });\n const ensureResponse = await fetch(`${Env.endpoints.studio}/auth/ensure-user`, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${idToken}`,\n 'Content-Type': 'application/json',\n },\n });\n if (ensureResponse.status === 412) {\n // No invite - trigger signup\n console.log('412: No invite found - signup required');\n Env.logger.info('412: No invite found - signup required', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n throw new UserNotFoundError('User not found - signup required', idTokenDecoded.email);\n }\n if (ensureResponse.status === 403) {\n // SigninScreen keys the invite-required view off this message.\n Env.logger.warn('403: Customer-domain user requires an invite to join', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error('Customer-domain user requires an invite to join');\n }\n if (!ensureResponse.ok) {\n console.error('Failed to ensure user exists', ensureResponse.status);\n Env.logger.error('Failed to ensure user exists', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: ensureResponse.status,\n },\n });\n throw new Error('Failed to ensure user exists');\n }\n // User created/exists - retry token generation\n console.log('User ensured - retrying token generation');\n Env.logger.info('User ensured - retrying token generation', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n },\n });\n return fetchComposableToken(getIdToken, accountId, projectId, ttl, retryCount);\n }\n if (idToken && stsRes?.status === 412) {\n console.log(\"412: auth succeeded but user doesn't exist - signup required\", stsRes?.status);\n Env.logger.error(\"412: auth succeeded but user doesn't exist - signup required\", {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes?.status,\n },\n });\n const idTokenDecoded = jwtDecode(idToken);\n if (!idTokenDecoded?.email) {\n Env.logger.error('No email found in id token');\n throw new Error('No email found in id token');\n }\n Env.logger.error('User not found', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n email: idTokenDecoded.email,\n },\n });\n throw new UserNotFoundError('User not found', idTokenDecoded.email);\n }\n if (stsRes.status === 403) {\n // User doesn't have access to the requested account/project, or has no accounts\n // This can happen with:\n // 1. Stale localStorage from previous user\n // 2. User invited to a new account (doesn't have access yet)\n // 3. User exists but has no accounts at all\n if (retryCount > 0) {\n // Already retried without account scope - this is a real authorization failure\n console.error('403: Access denied even without account scope - user may have no accounts');\n Env.logger.error('403: Access denied after retry - authorization failure', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount,\n },\n });\n throw new Error('Access denied - user may not have access to any accounts');\n }\n console.log('403: Access denied - clearing cached account and retrying without account scope');\n Env.logger.warn('403: Access denied - clearing cached account and retrying', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n status: stsRes.status,\n retry_count: retryCount,\n },\n });\n // Clear any stale account/project from localStorage\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${accountId}`);\n }\n // Retry without account/project scope - let user log in to their default account\n return fetchComposableToken(getIdToken, undefined, undefined, ttl, retryCount + 1);\n }\n if (!stsRes.ok) {\n const errorText = await stsRes.text();\n console.error('STS token generation failed:', stsRes.status, errorText);\n Env.logger.error('STS token generation failed', {\n vertesia: {\n status: stsRes.status,\n error: errorText,\n account_id: accountId,\n project_id: projectId,\n },\n });\n throw new Error(`Failed to get token from STS: ${stsRes.status}`);\n }\n const { token } = await stsRes.json();\n console.log('Successfully got token from STS');\n Env.logger.info('Successfully got token from STS');\n return token;\n }\n catch (error) {\n if (error instanceof UserNotFoundError || error instanceof STSError) {\n throw error; // Re-throw UserNotFoundError and STSError to be handled separately in the caller\n }\n // Clear any stale account/project from localStorage on error\n localStorage.removeItem(LastSelectedAccountId_KEY);\n if (accountId) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${accountId}`);\n }\n console.error('Failed to get composable token from STS', error);\n Env.logger.error('Failed to get composable token from STS', {\n vertesia: {\n account_id: accountId,\n project_id: projectId,\n error: error,\n },\n });\n throw new Error('Failed to get composable token', { cause: error });\n }\n}\n/**\n *\n * @param accountId\n * @param projectId\n * @param ttl time to live for the token in seconds\n * @returns\n */\nexport async function fetchComposableTokenFromFirebaseToken(accountId, projectId, ttl) {\n return fetchComposableToken(getFirebaseAuthToken, accountId, projectId, ttl);\n}\n/**\n * Mint a scoped Vertesia token from an existing Vertesia JWT. STS accepts STS-issued\n * tokens on /token/issue, so this works for sessions established via Central Auth where\n * the browser has no Firebase user.\n */\nexport async function fetchComposableTokenFromVertesiaToken(vertesiaToken, accountId, projectId, ttl) {\n return fetchComposableToken(() => Promise.resolve(vertesiaToken), accountId, projectId, ttl);\n}\n/** Returns the cached Vertesia raw JWT, if any. Does not refresh. */\nexport function getCurrentVertesiaToken() {\n return AUTH_TOKEN_RAW;\n}\nexport async function getComposableToken(accountId, projectId, initToken, forceRefresh = false, useInternalAuth = false) {\n const selectedAccount = accountId ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = projectId ?? localStorage.getItem(`${LastSelectedProjectId_KEY}-${selectedAccount}`) ?? undefined;\n const devAuthToken = Env.isLocalDev ? Env.devAuthToken : undefined;\n const suppliedToken = devAuthToken ?? initToken ?? AUTH_TOKEN_RAW;\n //token is still valid for more than 5 minutes\n if (!forceRefresh && AUTH_TOKEN_RAW && AUTH_TOKEN && AUTH_TOKEN.exp > Date.now() / 1000 + 300) {\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n if (!forceRefresh && isVertesiaIssuedToken(suppliedToken)) {\n AUTH_TOKEN_RAW = suppliedToken;\n AUTH_TOKEN = decodeToken(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN.exp) {\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n }\n //token is close to expire, refresh it\n if (!devAuthToken && !useInternalAuth && getFirebaseAuth().currentUser) {\n //we have a firebase user, get the token from there\n AUTH_TOKEN_RAW = await fetchComposableTokenFromFirebaseToken(selectedAccount, selectedProject);\n }\n else if (!devAuthToken && (initToken || AUTH_TOKEN_RAW)) {\n // we have a token already and no firebase user, refresh it\n AUTH_TOKEN_RAW = await fetchComposableToken(() => Promise.resolve(initToken ?? AUTH_TOKEN_RAW), selectedAccount, selectedProject);\n }\n else if (devAuthToken) {\n AUTH_TOKEN_RAW = devAuthToken;\n }\n if (!AUTH_TOKEN_RAW) {\n Env.logger.error('Cannot acquire a composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Cannot acquire a composable token');\n }\n AUTH_TOKEN = decodeToken(AUTH_TOKEN_RAW);\n if (!AUTH_TOKEN?.exp || !AUTH_TOKEN_RAW) {\n console.error('Invalid composable token', AUTH_TOKEN);\n Env.logger.error('Invalid composable token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n throw new Error('Invalid composable token');\n }\n return { rawToken: AUTH_TOKEN_RAW, token: AUTH_TOKEN, error: false };\n}\nexport class UserNotFoundError extends Error {\n email;\n constructor(message, email) {\n super(message);\n this.name = 'UserNotFoundError';\n this.email = email;\n }\n}\nexport class STSError extends Error {\n stsURL;\n constructor(message, stsURL) {\n super(message);\n this.name = 'STSError';\n this.stsURL = stsURL;\n }\n}\n//# sourceMappingURL=composable.js.map","/**\n * This hook is used to generate and verify state for OAuth2 authorization requests.\n * @returns\n */\nimport { useCallback } from 'react';\nconst AUTH_STATE_KEY = 'auth_state';\nconst STATE_EXPIRY_KEY = 'auth_state_expiry';\nconst STATE_TTL = 5 * 60 * 1000; // 5 min\nexport function useAuthState() {\n // Generate new state\n const generateState = useCallback(() => {\n const state = crypto.randomUUID();\n const expiryTime = Date.now() + STATE_TTL;\n // Store state and expiry\n sessionStorage.setItem(AUTH_STATE_KEY, state);\n sessionStorage.setItem(STATE_EXPIRY_KEY, expiryTime.toString());\n return state;\n }, []);\n // Verify returned state\n const verifyState = useCallback((returnedState) => {\n if (!returnedState) {\n return 'Missing state';\n }\n const savedState = sessionStorage.getItem(AUTH_STATE_KEY);\n const expiryTime = parseInt(sessionStorage.getItem(STATE_EXPIRY_KEY) || '0', 10);\n let reason;\n // Verify state matches and hasn't expired\n if (savedState !== returnedState) {\n reason = `State mismatched (${savedState} !== ${returnedState})`;\n }\n else if (Date.now() > expiryTime) {\n reason = 'State expired';\n }\n else {\n reason = undefined; // No errors\n }\n return reason;\n }, []);\n // Clear state (useful for cleanup)\n const clearState = useCallback(() => {\n sessionStorage.removeItem(AUTH_STATE_KEY);\n sessionStorage.removeItem(STATE_EXPIRY_KEY);\n }, []);\n return { generateState, verifyState, clearState };\n}\n//# sourceMappingURL=useAuthState.js.map","export function shouldUseFirebaseAuth(_hostname) {\n return window.AUTH_MODE === 'firebase';\n}\nexport function shouldRedirectToCentralAuth(_hostname) {\n return !shouldUseFirebaseAuth();\n}\n/**\n * The page URL to return to after a central-auth round-trip (`redirect_uri`).\n *\n * Apps served under a deep gateway mount carry a `<base href=\"/tenants/<t>/apps/<app>/.../app/\">`\n * that the app-gateway injects at serve time. The in-app router rewrites the address bar relative\n * to the origin rather than that mount, so by the time the auth flow runs `window.location` can\n * read as the bare origin `/`. Building `redirect_uri` from that drops the app path, and the\n * post-login token bounces back to a URL that serves no app.\n *\n * Prefer the live location when it still sits under the mount (preserves the in-app deep route);\n * otherwise fall back to `document.baseURI` — the mount, which the router cannot clobber. With no\n * `<base>` element (the Studio UI), `document.baseURI` is the document URL and its `pathname` is a\n * prefix of the live location, so the live URL is used unchanged — no behavior change there.\n */\nexport function authReturnUrl() {\n const base = new URL(document.baseURI);\n const current = new URL(window.location.href);\n const target = current.pathname.startsWith(base.pathname) ? current : base;\n target.hash = '';\n return target;\n}\n/**\n * The app's mount root URL — the served `<base href>` (or the origin root for the Studio UI).\n *\n * Used for full-reload navigations that intentionally reset to the app root (logout, account /\n * project switch). Building these from a bare `/` drops a gateway-mounted app off its mount and\n * lands on a URL that serves no app; resolving against `document.baseURI` keeps the reload inside\n * the mount. For the Studio UI (no `<base>` element) `document.baseURI` is the origin root, so the\n * behavior is unchanged.\n */\nexport function mountRootUrl() {\n const url = new URL(document.baseURI);\n url.hash = '';\n url.search = '';\n return url;\n}\n//# sourceMappingURL=domainRouting.js.map","import { VertesiaClient } from '@vertesia/client';\nimport { Env } from '@vertesia/ui/env';\nimport { jwtDecode } from 'jwt-decode';\nimport { createContext, useContext } from 'react';\nimport { getComposableToken } from './auth/composable';\nimport { authReturnUrl, mountRootUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from './constants';\nexport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY };\nconst CENTRAL_AUTH_REDIRECT = 'https://internal-auth.vertesia.app/';\nclass UserSession {\n isLoading = true;\n client;\n authError;\n authToken;\n setSession;\n lastSelectedAccount;\n lastSelectedProject;\n onboardingComplete;\n constructor(client, setSession) {\n if (client) {\n this.client = client;\n }\n else {\n this.client = new VertesiaClient({\n serverUrl: Env.endpoints.studio,\n storeUrl: Env.endpoints.zeno,\n tokenServerUrl: Env.endpoints.sts,\n });\n }\n if (setSession) {\n this.setSession = setSession;\n }\n this.logout = this.logout.bind(this);\n }\n get store() {\n return this.client.store;\n }\n get user() {\n //compatibility\n return this.authToken;\n }\n get account() {\n //compatibility\n return this.authToken?.account;\n }\n get project() {\n return this.authToken?.project;\n }\n get accounts() {\n //compatibility\n return this.authToken?.accounts;\n }\n get authCallback() {\n return this.rawAuthToken.then((token) => `Bearer ${token}`);\n }\n get rawAuthToken() {\n return getComposableToken().then((res) => {\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n return token;\n });\n }\n /**\n * Force a fresh Vertesia JWT from STS, bypassing the in-memory cache.\n * Use this when the current token's claims (e.g. `apps`) are suspected\n * stale — STS recomputes the `apps` claim from ACEs on every issuance.\n */\n async refreshAuthToken() {\n const res = await getComposableToken(undefined, undefined, undefined, true);\n const token = res?.rawToken;\n if (!token) {\n throw new Error('No token available');\n }\n this.authToken = jwtDecode(token);\n this.setSession?.(this.clone());\n return this.authToken;\n }\n signOut() {\n //compatibility\n this.logout();\n }\n getAccount() {\n return this.authToken?.account;\n }\n async login(token, options = {}) {\n this.authError = undefined;\n this.isLoading = false;\n this.client.withAuthCallback(() => this.authCallback);\n this.authToken = jwtDecode(token);\n console.log(`Logging in as ${this.authToken?.name} with account ${this.authToken?.account.name} (${this.authToken?.account.id}, and project ${this.authToken?.project?.name} (${this.authToken?.project?.id})`);\n //store selected account in local storage\n localStorage.setItem(LastSelectedAccountId_KEY, this.authToken.account.id);\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.authToken.account.id}`, this.authToken.project?.id ?? '');\n // notify the host app of the login\n Env.onLogin?.(this.authToken);\n if (options.loadOnboardingStatus ?? true) {\n await this.fetchOnboardingStatus();\n }\n return Promise.resolve();\n }\n isLoggedIn() {\n return !!this.authToken;\n }\n logout() {\n console.log('Logging out');\n if (shouldRedirectToCentralAuth()) {\n // Redirect to central auth for logout\n // Central auth will handle Firebase logout\n console.log('Using central auth logout');\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n const logoutUrl = new URL(CENTRAL_AUTH_REDIRECT);\n const currentUrl = authReturnUrl();\n logoutUrl.pathname = '/logout';\n logoutUrl.searchParams.set('redirect_uri', currentUrl.toString());\n location.replace(logoutUrl.toString());\n }\n else {\n // Use Firebase logout directly\n console.log('Using Firebase logout');\n const wasLoggedIn = !!this.authToken;\n if (this.authToken) {\n void getFirebaseAuth().signOut();\n }\n this.authError = undefined;\n this.isLoading = false;\n this.authToken = undefined;\n this.setSession = undefined;\n this.client.withAuthCallback(undefined);\n // Navigate to the app root to avoid React rendering errors when\n // unmounting deeply nested route components during logout.\n // Use the mount root (not bare '/') so a gateway-mounted app stays\n // on its mount. Only navigate if user was actually logged in to\n // avoid an infinite reload loop on fresh/incognito sessions.\n if (wasLoggedIn) {\n location.replace(mountRootUrl().toString());\n }\n }\n }\n async switchAccount(targetAccountId) {\n localStorage.setItem(LastSelectedAccountId_KEY, targetAccountId);\n if (this) {\n if (this.account && this.project) {\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.account.id}`, this.project.id);\n }\n else if (this.account) {\n localStorage.removeItem(`${LastSelectedProjectId_KEY}-${this.account.id}`);\n }\n }\n const url = mountRootUrl();\n url.searchParams.set('a', targetAccountId);\n window.location.replace(url.toString());\n }\n async switchProject(targetProjectId) {\n if (this.account) {\n localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.account.id}`, targetProjectId);\n }\n const url = mountRootUrl();\n if (this.account?.id) {\n url.searchParams.set('a', this.account.id);\n }\n url.searchParams.set('p', targetProjectId);\n window.location.replace(url.toString());\n }\n async fetchAccounts() {\n return this.client.accounts\n .list()\n .then((accounts) => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken.accounts = accounts;\n this.setSession?.(this.clone());\n })\n .catch((err) => {\n console.error('Failed to fetch accounts', err);\n throw err;\n });\n }\n async fetchProjects(accountId) {\n return this.client.projects\n .list([accountId])\n .then((projects) => {\n if (!this.authToken) {\n throw new Error('No token available');\n }\n this.authToken = {\n ...this.authToken,\n accounts: this.authToken.accounts?.map((account) => {\n if (account.id === accountId) {\n return {\n ...account,\n projects: projects.filter((project) => project.account === accountId),\n };\n }\n return account;\n }),\n };\n this.setSession?.(this.clone());\n })\n .catch((err) => {\n console.error('Failed to fetch projects', err);\n throw err;\n });\n }\n async fetchOnboardingStatus() {\n if (this.onboardingComplete) {\n console.log('Onboarding already completed');\n return false;\n }\n const previousStatus = this.onboardingComplete;\n try {\n const onboarding = await this.client.account.onboardingProgress();\n this.onboardingComplete = Object.values(onboarding).every((value) => value === true);\n if (previousStatus !== this.onboardingComplete) {\n return true;\n }\n this.setSession?.(this.clone());\n }\n catch (error) {\n console.error('Error fetching onboarding status:', error);\n this.onboardingComplete = false;\n this.setSession?.(this.clone());\n }\n return false;\n }\n clone() {\n const session = new UserSession(this.client);\n session.isLoading = this.isLoading;\n session.authError = this.authError;\n session.authToken = this.authToken;\n session.setSession = this.setSession;\n session.lastSelectedAccount = this.lastSelectedAccount;\n session.switchAccount = this.switchAccount;\n session.onboardingComplete = this.onboardingComplete;\n return session;\n }\n}\nconst UserSessionContext = createContext(undefined);\nexport function useUserSession() {\n const session = useContext(UserSessionContext);\n if (!session) {\n throw new Error('useUserSession must be used within a UserSessionProvider');\n }\n return session;\n}\nexport { UserSession, UserSessionContext };\n//# sourceMappingURL=UserSession.js.map","import { i18nInstance, NAMESPACE } from '@vertesia/ui/i18n';\nimport { useEffect, useState } from 'react';\nimport { useUserSession } from '../UserSession';\nexport function useCurrentTenant() {\n const { user } = useUserSession();\n const [currentTenant, setCurrentTenant] = useState(null);\n const [isLoading, setIsLoading] = useState(true);\n const [error, setError] = useState(null);\n useEffect(() => {\n const loadCurrentTenant = async () => {\n if (!user?.email) {\n setCurrentTenant(null);\n setIsLoading(false);\n return;\n }\n try {\n const response = await fetch('/api/resolve-tenant', {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify({\n tenantEmail: user.email,\n }),\n });\n if (response.ok) {\n const tenantData = await response.json();\n if (tenantData) {\n // Convert the resolved tenant data to our TenantConfig format\n setCurrentTenant({\n tenantKey: tenantData.name || 'unknown',\n name: tenantData.label || tenantData.name || 'Unknown',\n domain: tenantData.domain || [],\n firebaseTenantId: tenantData.firebaseTenantId,\n provider: tenantData.provider,\n logo: tenantData.logo,\n });\n }\n else {\n setCurrentTenant(null);\n }\n }\n else {\n setCurrentTenant(null);\n }\n }\n catch (error) {\n console.error('Error loading current tenant:', error);\n setError(i18nInstance.getFixedT(null, NAMESPACE)('errors.failedToLoadTenantConfig'));\n setCurrentTenant(null);\n }\n finally {\n setIsLoading(false);\n }\n };\n void loadCurrentTenant();\n }, [user?.email]);\n return {\n currentTenant,\n isLoading,\n error,\n };\n}\n//# sourceMappingURL=useCurrentTenant.js.map","import { jsx as _jsx } from \"react/jsx-runtime\";\nimport { Env } from '@vertesia/ui/env';\nimport { onAuthStateChanged } from 'firebase/auth';\nimport { useEffect, useRef, useState } from 'react';\nimport { getComposableToken, STSError, UserNotFoundError } from './auth/composable';\nimport { authReturnUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';\nimport { getFirebaseAuth } from './auth/firebase';\nimport { useAuthState } from './auth/useAuthState';\nimport { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY, UserSession, UserSessionContext } from './UserSession';\nconst CENTRAL_AUTH_REDIRECT = 'https://internal-auth.vertesia.app/';\nexport function UserSessionProvider({ children, loadOnboardingStatus = true }) {\n const hashParams = new URLSearchParams(location.hash.substring(1));\n const token = hashParams.get('token');\n const state = hashParams.get('state');\n const [session, setSession] = useState(new UserSession());\n const { generateState, verifyState, clearState } = useAuthState();\n const hasInitiatedAuthRef = useRef(false);\n const authFlowRef = useRef(undefined);\n const redirectToCentralAuth = (projectId, accountId) => {\n const url = new URL(`${CENTRAL_AUTH_REDIRECT}?sts=${Env.endpoints.sts ?? 'https://sts.vertesia.io'}`);\n const currentUrl = authReturnUrl();\n if (projectId)\n currentUrl.searchParams.set('p', projectId);\n if (accountId)\n currentUrl.searchParams.set('a', accountId);\n url.searchParams.set('redirect_uri', currentUrl.toString());\n url.searchParams.set('state', generateState());\n location.replace(url.toString());\n };\n authFlowRef.current = () => {\n // Make this effect idempotent - only run auth flow once\n if (hasInitiatedAuthRef.current) {\n console.log('Auth: skipping duplicate auth flow initiation');\n return;\n }\n hasInitiatedAuthRef.current = true;\n console.log('Auth: starting auth flow');\n Env.logger.info('Starting auth flow');\n const currentUrl = new URL(window.location.href);\n const selectedAccount = currentUrl.searchParams.get('a') ?? localStorage.getItem(LastSelectedAccountId_KEY) ?? undefined;\n const selectedProject = currentUrl.searchParams.get('p') ??\n localStorage.getItem(`${LastSelectedProjectId_KEY}-${selectedAccount}`) ??\n undefined;\n console.log('Auth: selected account', selectedAccount);\n console.log('Auth: selected project', selectedProject);\n Env.logger.info('Selected account and project', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (Env.isLocalDev && Env.devAuthToken) {\n session.setSession = setSession;\n getComposableToken(selectedAccount, selectedProject, Env.devAuthToken)\n .then((res) => {\n session.login(res.rawToken).then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error('Failed to initialize dev auth token', err);\n Env.logger.error('Failed to initialize dev auth token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n session.isLoading = false;\n session.authError = err instanceof Error ? err : new Error(String(err));\n setSession(session.clone());\n });\n return;\n }\n if (token && state) {\n session.setSession = setSession;\n const validationError = verifyState(state);\n if (validationError) {\n console.error(`Auth: invalid state: ${validationError}`);\n Env.logger.error(`Invalid state: ${validationError}`, {\n vertesia: {\n state: state,\n },\n });\n redirectToCentralAuth();\n }\n else {\n clearState();\n }\n getComposableToken(selectedAccount, selectedProject, token, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session.login(res.rawToken, { loadOnboardingStatus }).then(() => {\n setSession(session.clone());\n //cleanup the hash\n window.location.hash = '';\n });\n })\n .catch((err) => {\n // Don't redirect to central auth for UserNotFoundError - let signup flow handle it\n if (err instanceof UserNotFoundError) {\n console.log('User not found - will trigger signup flow', err);\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n return;\n }\n if (err instanceof STSError) {\n console.error('STS error during token exchange', err);\n Env.logger.error('STS error during token exchange', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n sts_url: err.stsURL,\n error: err,\n },\n });\n window.alert('Authentication failed due to an issue with the authentication service. Please try again later.');\n session.logout();\n setSession(session.clone());\n window.location.hash = '';\n return;\n }\n console.error('Failed to fetch user token from studio, redirecting to central auth', err);\n Env.logger.error('Failed to fetch user token from studio, redirecting to central auth', {\n vertesia: {\n error: err,\n },\n });\n redirectToCentralAuth();\n });\n return;\n }\n let cancelled = false;\n let unsubscribe;\n const startFirebaseOrCentralAuth = () => {\n if (cancelled)\n return;\n // If the current host is not in the Firebase allowlist, central auth owns sign-in.\n if (!session.isLoggedIn()) {\n console.log('Auth: not logged in & no token/state');\n Env.logger.info('Not logged in & no token/state', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n if (shouldRedirectToCentralAuth()) {\n console.log('Auth: host is not in Firebase auth allowlist, redirecting to central auth with selection', selectedAccount, selectedProject);\n Env.logger.info('Redirecting to central auth with selection', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n redirectToCentralAuth();\n return; // Don't register onAuthStateChanged listener when redirecting\n }\n console.log('Auth: host is in Firebase auth allowlist');\n Env.logger.info('Host is in Firebase auth allowlist', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n }\n unsubscribe = onAuthStateChanged(getFirebaseAuth(), async (firebaseUser) => {\n if (firebaseUser) {\n console.log('Auth: successful login with firebase');\n Env.logger.info('Successful login with firebase', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.setSession = setSession;\n await getComposableToken(selectedAccount, selectedProject, undefined, false, shouldRedirectToCentralAuth())\n .then((res) => {\n session\n .login(res.rawToken, { loadOnboardingStatus })\n .then(() => setSession(session.clone()));\n })\n .catch((err) => {\n console.error('Failed to fetch user token from studio', err);\n Env.logger.error('Failed to fetch user token from studio', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n if (!(err instanceof UserNotFoundError))\n session.logout();\n session.isLoading = false;\n session.authError = err;\n setSession(session.clone());\n });\n }\n else {\n // anonymous user\n console.log('Auth: using anonymous user');\n Env.logger.info('Using anonymous user', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n },\n });\n session.client.withAuthCallback(undefined);\n session.logout();\n setSession(session.clone());\n }\n });\n };\n if (Env.authTokenProvider) {\n session.setSession = setSession;\n void Env.authTokenProvider()\n .then(async (injectedToken) => {\n if (!injectedToken) {\n startFirebaseOrCentralAuth();\n return;\n }\n const res = await getComposableToken(selectedAccount, selectedProject, injectedToken, false, shouldRedirectToCentralAuth());\n await session.login(res.rawToken, { loadOnboardingStatus });\n if (!cancelled)\n setSession(session.clone());\n })\n .catch((err) => {\n console.warn('Auth: failed to initialize injected auth token', err);\n Env.logger.warn('Failed to initialize injected auth token', {\n vertesia: {\n account_id: selectedAccount,\n project_id: selectedProject,\n error: err,\n },\n });\n startFirebaseOrCentralAuth();\n });\n return () => {\n cancelled = true;\n unsubscribe?.();\n };\n }\n startFirebaseOrCentralAuth();\n return () => {\n cancelled = true;\n unsubscribe?.();\n };\n };\n useEffect(() => {\n return authFlowRef.current?.();\n }, []);\n return _jsx(UserSessionContext.Provider, { value: session, children: children });\n}\n//# sourceMappingURL=UserSessionProvider.js.map","import { Env } from '@vertesia/ui/env';\nimport { logEvent } from 'firebase/analytics';\nimport { getFirebaseAnalytics } from './auth/firebase';\nexport function useUXTracking() {\n //identify user in monitoring and UX systems\n const tagUserSession = async (user) => {\n const signupData = window.localStorage.getItem('composableSignupData');\n if (!user) {\n console.error('No user found -- skipping tagging');\n return;\n }\n if (signupData) {\n window.localStorage.removeItem('composableSignupData');\n }\n };\n //send event to analytics and UX systems\n const trackEvent = (eventName, eventProperties) => {\n if (!Env.isProd) {\n console.debug('track event', eventName, eventProperties);\n }\n //GA via firebase\n logEvent(getFirebaseAnalytics(), eventName, { ...eventProperties, debug_mode: !Env.isProd });\n };\n return {\n tagUserSession,\n trackEvent,\n };\n}\n//# sourceMappingURL=useUXTracking.js.map"],"names":["LastSelectedAccountId_KEY","LastSelectedProjectId_KEY","AUTH_TOKEN_RAW","AUTH_TOKEN","_firebaseApp","_analytics","_firebaseAuth","getFirebaseApp","Env","firebase","Error","initializeApp","error","console","cause","getFirebaseAnalytics","getAnalytics","getFirebaseAuth","getAuth","async","setFirebaseTenant","tenantEmail","log","retries","retryDelay","response","fetch","method","headers","body","JSON","stringify","signal","AbortSignal","timeout","ok","errorData","json","status","warn","data","firebaseTenantId","auth","tenantId","providerType","provider","fetchError","Promise","resolve","setTimeout","message","getFirebaseAuthToken","refresh","user","currentUser","getIdToken","then","token","logger","info","vertesia","user_email","email","user_name","displayName","user_id","uid","catch","err","normalizeIssuer","value","replace","decodeToken","jwtDecode","fetchComposableToken","accountId","projectId","ttl","retryCount","account_id","project_id","retry_count","idToken","stsEndpoint","endpoints","sts","sts_url","stsUrl","URL","requestBody","type","expires_at","Math","floor","Date","now","undefined","stsRes","Authorization","STSError","ensureResponse","studio","idTokenDecoded","UserNotFoundError","localStorage","removeItem","errorText","text","fetchComposableTokenFromFirebaseToken","fetchComposableTokenFromVertesiaToken","vertesiaToken","getCurrentVertesiaToken","getComposableToken","initToken","forceRefresh","useInternalAuth","selectedAccount","getItem","selectedProject","devAuthToken","isLocalDev","suppliedToken","exp","rawToken","iss","isVertesiaIssuedToken","constructor","super","this","name","stsURL","AUTH_STATE_KEY","STATE_EXPIRY_KEY","useAuthState","generateState","useCallback","state","crypto","randomUUID","expiryTime","sessionStorage","setItem","toString","verifyState","returnedState","savedState","parseInt","reason","clearState","shouldRedirectToCentralAuth","_hostname","window","AUTH_MODE","authReturnUrl","base","document","baseURI","current","location","href","target","pathname","startsWith","hash","mountRootUrl","url","search","UserSession","isLoading","client","authError","authToken","setSession","lastSelectedAccount","lastSelectedProject","onboardingComplete","VertesiaClient","serverUrl","storeUrl","zeno","tokenServerUrl","logout","bind","store","account","project","accounts","authCallback","rawAuthToken","res","refreshAuthToken","clone","signOut","getAccount","login","options","withAuthCallback","id","onLogin","loadOnboardingStatus","fetchOnboardingStatus","isLoggedIn","logoutUrl","currentUrl","searchParams","set","wasLoggedIn","switchAccount","targetAccountId","switchProject","targetProjectId","fetchAccounts","list","fetchProjects","projects","map","filter","previousStatus","onboarding","onboardingProgress","Object","values","every","session","UserSessionContext","createContext","useUserSession","useContext","useCurrentTenant","currentTenant","setCurrentTenant","useState","setIsLoading","setError","useEffect","tenantData","tenantKey","label","domain","logo","i18nInstance","getFixedT","NAMESPACE","loadCurrentTenant","UserSessionProvider","children","hashParams","URLSearchParams","substring","get","hasInitiatedAuthRef","useRef","authFlowRef","redirectToCentralAuth","String","validationError","alert","unsubscribe","cancelled","startFirebaseOrCentralAuth","onAuthStateChanged","firebaseUser","authTokenProvider","injectedToken","_jsx","Provider","useUXTracking","tagUserSession","signupData","trackEvent","eventName","eventProperties","isProd","debug","logEvent","debug_mode"],"mappings":"qgBAAY,MAACA,EAA4B,qCAC5BC,EAA4B,qCCIzC,ICDIC,EACAC,EDAAC,EAAe,KACfC,EAAa,KACbC,EAAgB,KAEb,SAASC,IACZ,IAAKH,EACD,IACI,IAAKI,EAAIC,SACL,MAAM,IAAIC,MAAM,8DAEpBN,EAAeO,EAAcH,EAAIC,SACrC,CACA,MAAOG,GAEH,MADAC,QAAQD,MAAM,qCAAsCA,GAC9C,IAAIF,MAAM,+EAAgF,CAC5FI,MAAOF,GAEf,CAEJ,OAAOR,CACX,CACO,SAASW,IAIZ,OAHKV,IACDA,EAAaW,EAAaT,MAEvBF,CACX,CACO,SAASY,IAIZ,OAHKX,IACDA,EAAgBY,EAAQX,MAErBD,CACX,CACOa,eAAeC,EAAkBC,GACpC,GAAKA,EAIL,GAAKb,EAAIC,SAIT,IACQY,GACAR,QAAQS,IAAI,mCAAmCD,KAEnD,IAAIE,EAAU,EACVC,EAAa,IACjB,KAAOD,EAAU,GACb,IAEI,MAAME,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAaA,IAGjBW,OAAQC,YAAYC,QAAQ,OAGhC,IAAKT,EACD,MAAM,IAAIf,MAAM,wCAGpB,IAAKe,EAASU,GAAI,CAEd,IACI,MAAMC,QAAkBX,EAASY,OACjCxB,QAAQD,MAAM,+BAAgCwB,EAAUxB,MAC5D,CACA,MACIC,QAAQD,MAAM,qCAAqCa,EAASa,SAChE,CAEA,GAAwB,MAApBb,EAASa,OAET,YADAzB,QAAQ0B,KAAK,wBAAwBlB,KAGzC,MAAM,IAAIX,MAAM,cAAce,EAASa,SAC3C,CAEA,MAAME,QAAcf,EAASY,OAC7B,GAAIG,GAAMC,iBAAkB,CACxB,MAAMC,EAAOzB,IAIb,OAHAyB,EAAKC,SAAWH,EAAKC,iBACrBjC,EAAIC,SAASmC,aAAeJ,EAAKK,UAAY,OAC7ChC,QAAQS,IAAI,oBAAoBoB,EAAKC,YAC9BH,CACX,CAGI,YADA3B,QAAQD,MAAM,iDAAiDS,IAGvE,CACA,MAAOyB,GAEH,KAAIvB,EAAU,GAOV,MAAMuB,EANNjC,QAAQ0B,KAAK,yCAAyCf,SAAmBsB,SACnE,IAAIC,QAASC,GAAYC,WAAWD,EAASxB,IACnDA,GAAc,EACdD,GAKR,CAER,CACA,MAAOX,GAEHC,QAAQD,MAAM,iCAAkCA,aAAiBF,MAAQE,EAAMsC,QAAU,gBAG7F,MA7EIrC,QAAQS,IAAI,mEAJZT,QAAQS,IAAI,2DAkFpB,CACOH,eAAegC,EAAqBC,GACvC,MACMC,EADOpC,IACKqC,YAClB,OAAID,EACOA,EACFE,WAAWH,GACXI,KAAMC,IACPjD,EAAIkD,OAAOC,KAAK,qBAAsB,CAClCC,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,KAGVK,IAENU,MAAOC,IACR5D,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNC,WAAYR,EAAKS,MACjBC,UAAWV,EAAKW,YAChBC,QAASZ,EAAKa,IACdd,QAASA,EACTxC,MAAOwD,KAGfvD,QAAQD,MAAM,6BAA8BwD,GACrC,QAIX5D,EAAIkD,OAAOnB,KAAK,iBACTQ,QAAQC,QAAQ,MAE/B,CCxJA,SAASqB,EAAgBC,GACrB,OAAOA,GAAOC,QAAQ,OAAQ,GAClC,CACA,SAASC,EAAYf,GACjB,OAAOgB,EAAUhB,EACrB,CAYOtC,eAAeuD,EAAqBnB,EAAYoB,EAAWC,EAAWC,EAAKC,EAAa,GAC3FjE,QAAQS,IAAI,mDAAmDqD,iBAAyBC,MACxFpE,EAAIkD,OAAOC,KAAK,sCAAuC,CACnDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZK,YAAaH,KAGrB,MAAMI,QAAgB3B,IACtB,IAAK2B,EAED,MADArE,QAAQS,IAAI,yCACN,IAAIZ,MAAM,qBAGpB,MAAMyE,EAAc3E,EAAI4E,UAAUC,IAClCxE,QAAQS,IAAI,kCAAmC6D,GAC/C3E,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZU,QAASH,KAGjB,IAEI,MAAMI,EAAS,IAAIC,IAAI,GAAGL,iBACpBM,EAAc,CAChBC,KAAM,OACNX,WAAYJ,EACZK,WAAYJ,EACZe,WAAYd,EAAMe,KAAKC,MAAMC,KAAKC,MAAQ,KAAQlB,OAAMmB,GAEtDC,QAAevE,MAAM6D,EAAQ,CAC/B5D,OAAQ,OACRC,QAAS,CACL,eAAgB,mBAChBsE,cAAe,UAAUhB,KAE7BrD,KAAMC,KAAKC,UAAU0D,KACtBtB,MAAOvD,IASN,MARAC,QAAQD,MAAM,8BAA+BA,GAC7CJ,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZhE,MAAOA,KAGT,IAAIuF,EAAS,8BAA+BhB,KAEtD,GAAID,GAA8B,MAAnBe,GAAQ3D,OAAgB,CAEnCzB,QAAQS,IAAI,sDACZd,EAAIkD,OAAOC,KAAK,qDAAsD,CAClEC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,GAAQ3D,UAGxB,MAAM8D,QAAuB1E,MAAM,GAAGlB,EAAI4E,UAAUiB,0BAA2B,CAC3E1E,OAAQ,OACRC,QAAS,CACLsE,cAAe,UAAUhB,IACzB,eAAgB,sBAGxB,GAA8B,MAA1BkB,EAAe9D,OAAgB,CAE/BzB,QAAQS,IAAI,0CACZd,EAAIkD,OAAOC,KAAK,yCAA0C,CACtDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGpB,MAAM0B,EAAiB7B,EAAUS,GACjC,IAAKoB,GAAgBxC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BAEpB,MAAM,IAAI6F,EAAkB,mCAAoCD,EAAexC,MACnF,CACA,GAA8B,MAA1BsC,EAAe9D,OAQf,MANA9B,EAAIkD,OAAOnB,KAAK,uDAAwD,CACpEqB,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGd,IAAIlE,MAAM,mDAEpB,IAAK0F,EAAejE,GAShB,MARAtB,QAAQD,MAAM,+BAAgCwF,EAAe9D,QAC7D9B,EAAIkD,OAAO9C,MAAM,+BAAgC,CAC7CgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ8D,EAAe9D,UAGzB,IAAI5B,MAAM,gCAUpB,OAPAG,QAAQS,IAAI,4CACZd,EAAIkD,OAAOC,KAAK,2CAA4C,CACxDC,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,KAGbF,EAAqBnB,EAAYoB,EAAWC,EAAWC,EAAKC,EACvE,CACA,GAAII,GAA8B,MAAnBe,GAAQ3D,OAAgB,CACnCzB,QAAQS,IAAI,+DAAgE2E,GAAQ3D,QACpF9B,EAAIkD,OAAO9C,MAAM,+DAAgE,CAC7EgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,GAAQ3D,UAGxB,MAAMgE,EAAiB7B,EAAUS,GACjC,IAAKoB,GAAgBxC,MAEjB,MADAtD,EAAIkD,OAAO9C,MAAM,8BACX,IAAIF,MAAM,8BASpB,MAPAF,EAAIkD,OAAO9C,MAAM,iBAAkB,CAC/BgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZd,MAAOwC,EAAexC,SAGxB,IAAIyC,EAAkB,iBAAkBD,EAAexC,MACjE,CACA,GAAsB,MAAlBmC,EAAO3D,OAAgB,CAMvB,GAAIwC,EAAa,EAWb,MATAjE,QAAQD,MAAM,6EACdJ,EAAIkD,OAAO9C,MAAM,yDAA0D,CACvEgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,EAAO3D,OACf2C,YAAaH,KAGf,IAAIpE,MAAM,4DAiBpB,OAfAG,QAAQS,IAAI,mFACZd,EAAIkD,OAAOnB,KAAK,4DAA6D,CACzEqB,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZtC,OAAQ2D,EAAO3D,OACf2C,YAAaH,KAIrB0B,aAAaC,WAAWzG,GACpB2E,GACA6B,aAAaC,WAAW,GAAGxG,KAA6B0E,KAGrDD,EAAqBnB,OAAYyC,OAAWA,EAAWnB,EAAKC,EAAa,EACpF,CACA,IAAKmB,EAAO9D,GAAI,CACZ,MAAMuE,QAAkBT,EAAOU,OAU/B,MATA9F,QAAQD,MAAM,+BAAgCqF,EAAO3D,OAAQoE,GAC7DlG,EAAIkD,OAAO9C,MAAM,8BAA+B,CAC5CgD,SAAU,CACNtB,OAAQ2D,EAAO3D,OACf1B,MAAO8F,EACP3B,WAAYJ,EACZK,WAAYJ,KAGd,IAAIlE,MAAM,iCAAiCuF,EAAO3D,SAC5D,CACA,MAAMmB,MAAEA,SAAgBwC,EAAO5D,OAG/B,OAFAxB,QAAQS,IAAI,mCACZd,EAAIkD,OAAOC,KAAK,mCACTF,CACX,CACA,MAAO7C,GACH,GAAIA,aAAiB2F,GAAqB3F,aAAiBuF,EACvD,MAAMvF,EAeV,MAZA4F,aAAaC,WAAWzG,GACpB2E,GACA6B,aAAaC,WAAW,GAAGxG,KAA6B0E,KAE5D9D,QAAQD,MAAM,0CAA2CA,GACzDJ,EAAIkD,OAAO9C,MAAM,0CAA2C,CACxDgD,SAAU,CACNmB,WAAYJ,EACZK,WAAYJ,EACZhE,MAAOA,KAGT,IAAIF,MAAM,iCAAkC,CAAEI,MAAOF,GAC/D,CACJ,CAQOO,eAAeyF,EAAsCjC,EAAWC,EAAWC,GAC9E,OAAOH,EAAqBvB,EAAsBwB,EAAWC,EAAWC,EAC5E,CAMO1D,eAAe0F,EAAsCC,EAAenC,EAAWC,EAAWC,GAC7F,OAAOH,EAAqB,IAAM3B,QAAQC,QAAQ8D,GAAgBnC,EAAWC,EAAWC,EAC5F,CAEO,SAASkC,IACZ,OAAO7G,CACX,CACOiB,eAAe6F,EAAmBrC,EAAWC,EAAWqC,EAAWC,GAAe,EAAOC,GAAkB,GAC9G,MAAMC,EAAkBzC,GAAa6B,aAAaa,QAAQrH,SAA8BgG,EAClFsB,EAAkB1C,GAAa4B,aAAaa,QAAQ,GAAGpH,KAA6BmH,WAAsBpB,EAC1GuB,EAAe/G,EAAIgH,WAAahH,EAAI+G,kBAAevB,EACnDyB,EAAgBF,GAAgBN,GAAa/G,EAEnD,IAAKgH,GAAgBhH,GAAkBC,GAAcA,EAAWuH,IAAM5B,KAAKC,MAAQ,IAAO,IACtF,MAAO,CAAE4B,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,GAEjE,IAAKsG,GA9PT,SAA+BzD,GAC3B,IAAKA,EACD,OAAO,EACX,IAEI,OAAOY,EADSG,EAAYf,GACGmE,OAASvD,EAAgB7D,EAAI4E,UAAUC,IAC1E,CACA,MACI,OAAO,CACX,CACJ,CAoPyBwC,CAAsBJ,GAAgB,CAGvD,GAFAvH,EAAiBuH,EACjBtH,EAAaqE,EAAYtE,IACpBC,EAAWuH,IACZ,MAAM,IAAIhH,MAAM,4BAEpB,MAAO,CAAEiH,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CAaA,GAXK2G,GAAiBJ,IAAmBlG,IAAkBqC,YAIjDiE,IAAiBN,IAAa/G,EAI/BqH,IACLrH,EAAiBqH,GAHjBrH,QAAuBwE,EAAqB,IAAM3B,QAAQC,QAAQiE,GAAa/G,GAAiBkH,EAAiBE,GAJjHpH,QAAuB0G,EAAsCQ,EAAiBE,IAS7EpH,EAOD,MANAM,EAAIkD,OAAO9C,MAAM,oCAAqC,CAClDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGd,IAAI5G,MAAM,qCAGpB,GADAP,EAAaqE,EAAYtE,IACpBC,GAAYuH,MAAQxH,EAQrB,MAPAW,QAAQD,MAAM,2BAA4BT,GAC1CK,EAAIkD,OAAO9C,MAAM,2BAA4B,CACzCgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGd,IAAI5G,MAAM,4BAEpB,MAAO,CAAEiH,SAAUzH,EAAgBuD,MAAOtD,EAAYS,OAAO,EACjE,CACO,MAAM2F,UAA0B7F,MACnCoD,MACA,WAAAgE,CAAY5E,EAASY,GACjBiE,MAAM7E,GACN8E,KAAKC,KAAO,oBACZD,KAAKlE,MAAQA,CACjB,EAEG,MAAMqC,UAAiBzF,MAC1BwH,OACA,WAAAJ,CAAY5E,EAASgF,GACjBH,MAAM7E,GACN8E,KAAKC,KAAO,WACZD,KAAKE,OAASA,CAClB,EC7TJ,MAAMC,EAAiB,aACjBC,EAAmB,oBAElB,SAASC,IAmCZ,MAAO,CAAEC,cAjCaC,EAAY,KAC9B,MAAMC,EAAQC,OAAOC,aACfC,EAAa7C,KAAKC,MALd,IASV,OAFA6C,eAAeC,QAAQV,EAAgBK,GACvCI,eAAeC,QAAQT,EAAkBO,EAAWG,YAC7CN,GACR,IA0BqBO,YAxBJR,EAAaS,IAC7B,IAAKA,EACD,MAAO,gBAEX,MAAMC,EAAaL,eAAevB,QAAQc,GACpCQ,EAAaO,SAASN,eAAevB,QAAQe,IAAqB,IAAK,IAC7E,IAAIe,EAWJ,OARIA,EADAF,IAAeD,EACN,qBAAqBC,SAAkBD,KAE3ClD,KAAKC,MAAQ4C,EACT,qBAGA3C,EAENmD,GACR,IAMkCC,WAJlBb,EAAY,KAC3BK,eAAenC,WAAW0B,GAC1BS,eAAenC,WAAW2B,IAC3B,IAEP,CCzCO,SAASiB,EAA4BC,GACxC,QAH4B,aAArBC,OAAOC,UAIlB,CAeO,SAASC,IACZ,MAAMC,EAAO,IAAIlE,IAAImE,SAASC,SACxBC,EAAU,IAAIrE,IAAI+D,OAAOO,SAASC,MAClCC,EAASH,EAAQI,SAASC,WAAWR,EAAKO,UAAYJ,EAAUH,EAEtE,OADAM,EAAOG,KAAO,GACPH,CACX,CAUO,SAASI,IACZ,MAAMC,EAAM,IAAI7E,IAAImE,SAASC,SAG7B,OAFAS,EAAIF,KAAO,GACXE,EAAIC,OAAS,GACND,CACX,CC/BA,MAAME,EACFC,WAAY,EACZC,OACAC,UACAC,UACAC,WACAC,oBACAC,oBACAC,mBACA,WAAAjD,CAAY2C,EAAQG,GAEZ5C,KAAKyC,OADLA,GAIc,IAAIO,EAAe,CAC7BC,UAAWzK,EAAI4E,UAAUiB,OACzB6E,SAAU1K,EAAI4E,UAAU+F,KACxBC,eAAgB5K,EAAI4E,UAAUC,MAGlCuF,IACA5C,KAAK4C,WAAaA,GAEtB5C,KAAKqD,OAASrD,KAAKqD,OAAOC,KAAKtD,KACnC,CACA,SAAIuD,GACA,OAAOvD,KAAKyC,OAAOc,KACvB,CACA,QAAIlI,GAEA,OAAO2E,KAAK2C,SAChB,CACA,WAAIa,GAEA,OAAOxD,KAAK2C,WAAWa,OAC3B,CACA,WAAIC,GACA,OAAOzD,KAAK2C,WAAWc,OAC3B,CACA,YAAIC,GAEA,OAAO1D,KAAK2C,WAAWe,QAC3B,CACA,gBAAIC,GACA,OAAO3D,KAAK4D,aAAapI,KAAMC,GAAU,UAAUA,IACvD,CACA,gBAAImI,GACA,OAAO5E,IAAqBxD,KAAMqI,IAC9B,MAAMpI,EAAQoI,GAAKlE,SACnB,IAAKlE,EACD,MAAM,IAAI/C,MAAM,sBAGpB,OADAsH,KAAK2C,UAAYlG,EAAUhB,GACpBA,GAEf,CAMA,sBAAMqI,GACF,MAAMD,QAAY7E,OAAmBhB,OAAWA,OAAWA,GAAW,GAChEvC,EAAQoI,GAAKlE,SACnB,IAAKlE,EACD,MAAM,IAAI/C,MAAM,sBAIpB,OAFAsH,KAAK2C,UAAYlG,EAAUhB,GAC3BuE,KAAK4C,aAAa5C,KAAK+D,SAChB/D,KAAK2C,SAChB,CACA,OAAAqB,GAEIhE,KAAKqD,QACT,CACA,UAAAY,GACI,OAAOjE,KAAK2C,WAAWa,OAC3B,CACA,WAAMU,CAAMzI,EAAO0I,EAAU,IAczB,OAbAnE,KAAK0C,eAAY1E,EACjBgC,KAAKwC,WAAY,EACjBxC,KAAKyC,OAAO2B,iBAAiB,IAAMpE,KAAK2D,cACxC3D,KAAK2C,UAAYlG,EAAUhB,GAC3B5C,QAAQS,IAAI,iBAAiB0G,KAAK2C,WAAW1C,qBAAqBD,KAAK2C,WAAWa,QAAQvD,SAASD,KAAK2C,WAAWa,QAAQa,mBAAmBrE,KAAK2C,WAAWc,SAASxD,SAASD,KAAK2C,WAAWc,SAASY,OAEzM7F,aAAaqC,QAAQ7I,EAA2BgI,KAAK2C,UAAUa,QAAQa,IACvE7F,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAK2C,UAAUa,QAAQa,KAAMrE,KAAK2C,UAAUc,SAASY,IAAM,IAEhH7L,EAAI8L,UAAUtE,KAAK2C,YACfwB,EAAQI,sBAAwB,UAC1BvE,KAAKwE,wBAERzJ,QAAQC,SACnB,CACA,UAAAyJ,GACI,QAASzE,KAAK2C,SAClB,CACA,MAAAU,GAEI,GADAxK,QAAQS,IAAI,eACR+H,IAA+B,CAG/BxI,QAAQS,IAAI,6BACZ0G,KAAK0C,eAAY1E,EACjBgC,KAAKwC,WAAY,EACjBxC,KAAK2C,eAAY3E,EACjBgC,KAAK4C,gBAAa5E,EAClBgC,KAAKyC,OAAO2B,sBAAiBpG,GAC7B,MAAM0G,EAAY,IAAIlH,IA7GJ,uCA8GZmH,EAAalD,IACnBiD,EAAUzC,SAAW,UACrByC,EAAUE,aAAaC,IAAI,eAAgBF,EAAW7D,YACtDgB,SAASvF,QAAQmI,EAAU5D,WAC/B,KACK,CAEDjI,QAAQS,IAAI,yBACZ,MAAMwL,IAAgB9E,KAAK2C,UACvB3C,KAAK2C,WACA1J,IAAkB+K,UAE3BhE,KAAK0C,eAAY1E,EACjBgC,KAAKwC,WAAY,EACjBxC,KAAK2C,eAAY3E,EACjBgC,KAAK4C,gBAAa5E,EAClBgC,KAAKyC,OAAO2B,sBAAiBpG,GAMzB8G,GACAhD,SAASvF,QAAQ6F,IAAetB,WAExC,CACJ,CACA,mBAAMiE,CAAcC,GAChBxG,aAAaqC,QAAQ7I,EAA2BgN,GAC5ChF,OACIA,KAAKwD,SAAWxD,KAAKyD,QACrBjF,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAKwD,QAAQa,KAAMrE,KAAKyD,QAAQY,IAEhFrE,KAAKwD,SACVhF,aAAaC,WAAW,GAAGxG,KAA6B+H,KAAKwD,QAAQa,OAG7E,MAAMhC,EAAMD,IACZC,EAAIuC,aAAaC,IAAI,IAAKG,GAC1BzD,OAAOO,SAASvF,QAAQ8F,EAAIvB,WAChC,CACA,mBAAMmE,CAAcC,GACZlF,KAAKwD,SACLhF,aAAaqC,QAAQ,GAAG5I,KAA6B+H,KAAKwD,QAAQa,KAAMa,GAE5E,MAAM7C,EAAMD,IACRpC,KAAKwD,SAASa,IACdhC,EAAIuC,aAAaC,IAAI,IAAK7E,KAAKwD,QAAQa,IAE3ChC,EAAIuC,aAAaC,IAAI,IAAKK,GAC1B3D,OAAOO,SAASvF,QAAQ8F,EAAIvB,WAChC,CACA,mBAAMqE,GACF,OAAOnF,KAAKyC,OAAOiB,SACd0B,OACA5J,KAAMkI,IACP,IAAK1D,KAAK2C,UACN,MAAM,IAAIjK,MAAM,sBAEpBsH,KAAK2C,UAAUe,SAAWA,EAC1B1D,KAAK4C,aAAa5C,KAAK+D,WAEtB5H,MAAOC,IAER,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,mBAAMiJ,CAAc1I,GAChB,OAAOqD,KAAKyC,OAAO6C,SACdF,KAAK,CAACzI,IACNnB,KAAM8J,IACP,IAAKtF,KAAK2C,UACN,MAAM,IAAIjK,MAAM,sBAEpBsH,KAAK2C,UAAY,IACV3C,KAAK2C,UACRe,SAAU1D,KAAK2C,UAAUe,UAAU6B,IAAK/B,GAChCA,EAAQa,KAAO1H,EACR,IACA6G,EACH8B,SAAUA,EAASE,OAAQ/B,GAAYA,EAAQD,UAAY7G,IAG5D6G,IAGfxD,KAAK4C,aAAa5C,KAAK+D,WAEtB5H,MAAOC,IAER,MADAvD,QAAQD,MAAM,2BAA4BwD,GACpCA,GAEd,CACA,2BAAMoI,GACF,GAAIxE,KAAK+C,mBAEL,OADAlK,QAAQS,IAAI,iCACL,EAEX,MAAMmM,EAAiBzF,KAAK+C,mBAC5B,IACI,MAAM2C,QAAmB1F,KAAKyC,OAAOe,QAAQmC,qBAE7C,GADA3F,KAAK+C,mBAAqB6C,OAAOC,OAAOH,GAAYI,MAAOxJ,IAAoB,IAAVA,GACjEmJ,IAAmBzF,KAAK+C,mBACxB,OAAO,EAEX/C,KAAK4C,aAAa5C,KAAK+D,QAC3B,CACA,MAAOnL,GACHC,QAAQD,MAAM,oCAAqCA,GACnDoH,KAAK+C,oBAAqB,EAC1B/C,KAAK4C,aAAa5C,KAAK+D,QAC3B,CACA,OAAO,CACX,CACA,KAAAA,GACI,MAAMgC,EAAU,IAAIxD,EAAYvC,KAAKyC,QAQrC,OAPAsD,EAAQvD,UAAYxC,KAAKwC,UACzBuD,EAAQrD,UAAY1C,KAAK0C,UACzBqD,EAAQpD,UAAY3C,KAAK2C,UACzBoD,EAAQnD,WAAa5C,KAAK4C,WAC1BmD,EAAQlD,oBAAsB7C,KAAK6C,oBACnCkD,EAAQhB,cAAgB/E,KAAK+E,cAC7BgB,EAAQhD,mBAAqB/C,KAAK+C,mBAC3BgD,CACX,EAEC,MAACC,EAAqBC,OAAcjI,GAClC,SAASkI,IACZ,MAAMH,EAAUI,EAAWH,GAC3B,IAAKD,EACD,MAAM,IAAIrN,MAAM,4DAEpB,OAAOqN,CACX,CCzPO,SAASK,IACZ,MAAM/K,KAAEA,GAAS6K,KACVG,EAAeC,GAAoBC,EAAS,OAC5C/D,EAAWgE,GAAgBD,GAAS,IACpC3N,EAAO6N,GAAYF,EAAS,MAkDnC,OAjDAG,EAAU,KACoBvN,WACtB,IAAKkC,GAAMS,MAGP,OAFAwK,EAAiB,WACjBE,GAAa,GAGjB,IACI,MAAM/M,QAAiBC,MAAM,sBAAuB,CAChDC,OAAQ,OACRC,QAAS,CACL,eAAgB,oBAEpBC,KAAMC,KAAKC,UAAU,CACjBV,YAAagC,EAAKS,UAG1B,GAAIrC,EAASU,GAAI,CACb,MAAMwM,QAAmBlN,EAASY,OAG9BiM,EAFAK,EAEiB,CACbC,UAAWD,EAAW1G,MAAQ,UAC9BA,KAAM0G,EAAWE,OAASF,EAAW1G,MAAQ,UAC7C6G,OAAQH,EAAWG,QAAU,GAC7BrM,iBAAkBkM,EAAWlM,iBAC7BI,SAAU8L,EAAW9L,SACrBkM,KAAMJ,EAAWI,MAIJ,KAEzB,MAEIT,EAAiB,KAEzB,CACA,MAAO1N,GACHC,QAAQD,MAAM,gCAAiCA,GAC/C6N,EAASO,EAAaC,UAAU,KAAMC,EAA7BF,CAAwC,oCACjDV,EAAiB,KACrB,CACZ,QACgBE,GAAa,EACjB,GAECW,IACN,CAAC9L,GAAMS,QACH,CACHuK,gBACA7D,YACA5J,QAER,CCpDO,SAASwO,GAAoBC,SAAEA,EAAQ9C,qBAAEA,GAAuB,IACnE,MAAM+C,EAAa,IAAIC,gBAAgBzF,SAASK,KAAKqF,UAAU,IACzD/L,EAAQ6L,EAAWG,IAAI,SACvBjH,EAAQ8G,EAAWG,IAAI,UACtB1B,EAASnD,GAAc2D,EAAS,IAAIhE,IACrCjC,cAAEA,EAAaS,YAAEA,EAAWK,WAAEA,GAAef,IAC7CqH,EAAsBC,GAAO,GAC7BC,EAAcD,OAAO3J,GACrB6J,EAAwB,CAACjL,EAAWD,KACtC,MAAM0F,EAAM,IAAI7E,IAAI,2CAAgChF,EAAI4E,UAAUC,KAAO,6BACnEsH,EAAalD,IAKnBY,EAAIuC,aAAaC,IAAI,eAAgBF,EAAW7D,YAChDuB,EAAIuC,aAAaC,IAAI,QAASvE,KAC9BwB,SAASvF,QAAQ8F,EAAIvB,aA6NzB,OA3NA8G,EAAY/F,QAAU,KAElB,GAAI6F,EAAoB7F,QAEpB,YADAhJ,QAAQS,IAAI,iDAGhBoO,EAAoB7F,SAAU,EAC9BhJ,QAAQS,IAAI,4BACZd,EAAIkD,OAAOC,KAAK,sBAChB,MAAMgJ,EAAa,IAAInH,IAAI+D,OAAOO,SAASC,MACrC3C,EAAkBuF,EAAWC,aAAa6C,IAAI,MAAQjJ,aAAaa,QAAQrH,SAA8BgG,EACzGsB,EAAkBqF,EAAWC,aAAa6C,IAAI,MAChDjJ,aAAaa,QAAQ,GAAGpH,KAA6BmH,WACrDpB,EASJ,GARAnF,QAAQS,IAAI,yBAA0B8F,GACtCvG,QAAQS,IAAI,yBAA0BgG,GACtC9G,EAAIkD,OAAOC,KAAK,+BAAgC,CAC5CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGhB9G,EAAIgH,YAAchH,EAAI+G,aAmBtB,OAlBAwG,EAAQnD,WAAaA,OACrB5D,EAAmBI,EAAiBE,EAAiB9G,EAAI+G,cACpD/D,KAAMqI,IACPkC,EAAQ7B,MAAML,EAAIlE,UAAUnE,KAAK,IAAMoH,EAAWmD,EAAQhC,YAEzD5H,MAAOC,IACRvD,QAAQD,MAAM,sCAAuCwD,GACrD5D,EAAIkD,OAAO9C,MAAM,sCAAuC,CACpDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGf2J,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYtG,aAAe1D,MAAQ0D,EAAM,IAAI1D,MAAMoP,OAAO1L,IAClEwG,EAAWmD,EAAQhC,WAI3B,GAAItI,GAAS+E,EAAO,CAChBuF,EAAQnD,WAAaA,EACrB,MAAMmF,EAAkBhH,EAAYP,GAsDpC,OArDIuH,GACAlP,QAAQD,MAAM,wBAAwBmP,KACtCvP,EAAIkD,OAAO9C,MAAM,kBAAkBmP,IAAmB,CAClDnM,SAAU,CACN4E,MAAOA,KAGfqH,KAGAzG,SAEJpC,EAAmBI,EAAiBE,EAAiB7D,GAAO,EAAO4F,KAC9D7F,KAAMqI,IACPkC,EAAQ7B,MAAML,EAAIlE,SAAU,CAAE4E,yBAAwB/I,KAAK,KACvDoH,EAAWmD,EAAQhC,SAEnBxC,OAAOO,SAASK,KAAO,OAG1BhG,MAAOC,GAEJA,aAAemC,GACf1F,QAAQS,IAAI,4CAA6C8C,GACzD2J,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYtG,OACpBwG,EAAWmD,EAAQhC,UAGnB3H,aAAe+B,GACftF,QAAQD,MAAM,kCAAmCwD,GACjD5D,EAAIkD,OAAO9C,MAAM,kCAAmC,CAChDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZhC,QAASlB,EAAI8D,OACbtH,MAAOwD,KAGfmF,OAAOyG,MAAM,kGACbjC,EAAQ1C,SACRT,EAAWmD,EAAQhC,cACnBxC,OAAOO,SAASK,KAAO,MAG3BtJ,QAAQD,MAAM,sEAAuEwD,GACrF5D,EAAIkD,OAAO9C,MAAM,sEAAuE,CACpFgD,SAAU,CACNhD,MAAOwD,UAGfyL,KAGR,CACA,IACII,EADAC,GAAY,EAEhB,MAAMC,EAA6B,KAC/B,IAAID,EAAJ,CAGA,IAAKnC,EAAQtB,aAAc,CAQvB,GAPA5L,QAAQS,IAAI,wCACZd,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGhB+B,IASA,OARAxI,QAAQS,IAAI,2FAA4F8F,EAAiBE,GACzH9G,EAAIkD,OAAOC,KAAK,6CAA8C,CAC1DC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,UAGpBuI,IAGJhP,QAAQS,IAAI,4CACZd,EAAIkD,OAAOC,KAAK,qCAAsC,CAClDC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,IAGxB,CACA2I,EAAcG,EAAmBnP,IAAmBE,MAAOkP,IACnDA,GACAxP,QAAQS,IAAI,wCACZd,EAAIkD,OAAOC,KAAK,iCAAkC,CAC9CC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGpByG,EAAQnD,WAAaA,QACf5D,EAAmBI,EAAiBE,OAAiBtB,GAAW,EAAOqD,KACxE7F,KAAMqI,IACPkC,EACK7B,MAAML,EAAIlE,SAAU,CAAE4E,yBACtB/I,KAAK,IAAMoH,EAAWmD,EAAQhC,YAElC5H,MAAOC,IACRvD,QAAQD,MAAM,yCAA0CwD,GACxD5D,EAAIkD,OAAO9C,MAAM,yCAA0C,CACvDgD,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGTA,aAAemC,GACjBwH,EAAQ1C,SACZ0C,EAAQvD,WAAY,EACpBuD,EAAQrD,UAAYtG,EACpBwG,EAAWmD,EAAQhC,aAKvBlL,QAAQS,IAAI,8BACZd,EAAIkD,OAAOC,KAAK,uBAAwB,CACpCC,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,KAGpByG,EAAQtD,OAAO2B,sBAAiBpG,GAChC+H,EAAQ1C,SACRT,EAAWmD,EAAQhC,WAxEvB,GA4ER,OAAIvL,EAAI8P,mBACJvC,EAAQnD,WAAaA,EAChBpK,EAAI8P,oBACJ9M,KAAKrC,MAAOoP,IACb,IAAKA,EAED,YADAJ,IAGJ,MAAMtE,QAAY7E,EAAmBI,EAAiBE,EAAiBiJ,GAAe,EAAOlH,WACvF0E,EAAQ7B,MAAML,EAAIlE,SAAU,CAAE4E,yBAC/B2D,GACDtF,EAAWmD,EAAQhC,WAEtB5H,MAAOC,IACRvD,QAAQ0B,KAAK,iDAAkD6B,GAC/D5D,EAAIkD,OAAOnB,KAAK,2CAA4C,CACxDqB,SAAU,CACNmB,WAAYqC,EACZpC,WAAYsC,EACZ1G,MAAOwD,KAGf+L,MAEG,KACHD,GAAY,EACZD,SAGRE,IACO,KACHD,GAAY,EACZD,SAGRvB,EAAU,IACCkB,EAAY/F,YACpB,IACI2G,EAAKxC,EAAmByC,SAAU,CAAEnM,MAAOyJ,EAASsB,SAAUA,GACzE,CCtPO,SAASqB,IAoBZ,MAAO,CACHC,eAnBmBxP,MAAOkC,IAC1B,MAAMuN,EAAarH,OAAO/C,aAAaa,QAAQ,wBAC1ChE,EAIDuN,GACArH,OAAO/C,aAAaC,WAAW,wBAJ/B5F,QAAQD,MAAM,sCAiBlBiQ,WATe,CAACC,EAAWC,KACtBvQ,EAAIwQ,QACLnQ,QAAQoQ,MAAM,cAAeH,EAAWC,GAG5CG,EAASnQ,IAAwB+P,EAAW,IAAKC,EAAiBI,YAAa3Q,EAAIwQ,UAM3F"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vertesia/ui",
|
|
3
|
-
"version": "1.3.0-dev.
|
|
3
|
+
"version": "1.3.0-dev.20260621.071017Z",
|
|
4
4
|
"description": "Vertesia UI components and and hooks",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./lib/index.js",
|
|
@@ -90,10 +90,10 @@
|
|
|
90
90
|
"vega": "^6.2.0",
|
|
91
91
|
"vega-embed": "^7.1.0",
|
|
92
92
|
"vega-lite": "^6.4.3",
|
|
93
|
-
"@vertesia/
|
|
94
|
-
"@vertesia/
|
|
95
|
-
"@vertesia/json": "1.3.0-dev.
|
|
96
|
-
"@vertesia/
|
|
93
|
+
"@vertesia/common": "1.3.0-dev.20260621.071017Z",
|
|
94
|
+
"@vertesia/fusion-ux": "1.3.0-dev.20260621.071017Z",
|
|
95
|
+
"@vertesia/json": "1.3.0-dev.20260621.071017Z",
|
|
96
|
+
"@vertesia/client": "1.3.0-dev.20260621.071017Z"
|
|
97
97
|
},
|
|
98
98
|
"devDependencies": {
|
|
99
99
|
"@rollup/plugin-commonjs": "^29.0.3",
|
|
@@ -185,7 +185,7 @@
|
|
|
185
185
|
"url": "https://github.com/vertesia/composableai.git",
|
|
186
186
|
"directory": "packages/ui"
|
|
187
187
|
},
|
|
188
|
-
"gitHead": "
|
|
188
|
+
"gitHead": "c18b2526f5f701c6942e00bf988bb166ac3c61f3",
|
|
189
189
|
"scripts": {
|
|
190
190
|
"build": "rm -rf ./lib ./tsconfig.tsbuildinfo && tsc --build && pnpm exec rollup -c",
|
|
191
191
|
"lint": "biome lint src && pnpm run check:rtl-classes",
|
package/src/router/Router.tsx
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { createContext, useContext, useEffect } from 'react';
|
|
2
2
|
import { HistoryNavigator, type LocationChangeEvent, type NavigateOptions } from './HistoryNavigator';
|
|
3
3
|
import { type PathMatch, PathMatcher } from './PathMatcher';
|
|
4
|
-
import { isRootPath, joinPath, type PathMatchParams, stripMountBasename } from './path';
|
|
4
|
+
import { getMountBasename, isRootPath, joinPath, type PathMatchParams, stripMountBasename } from './path';
|
|
5
5
|
|
|
6
6
|
export type RouteComponentProps = PathMatchParams;
|
|
7
7
|
export type LazyRouteModule = { default: React.ComponentType<Record<string, never>> };
|
|
@@ -186,8 +186,12 @@ export function useNavigate() {
|
|
|
186
186
|
}
|
|
187
187
|
|
|
188
188
|
export function useRouterBasePath() {
|
|
189
|
-
const {
|
|
190
|
-
|
|
189
|
+
const { router } = useRouterContext();
|
|
190
|
+
// For a nested router the base is its mount segment within the parent. For a top-level router the
|
|
191
|
+
// base is the served `<base href>` mount prefix (empty for the origin-served Studio UI) — NOT the
|
|
192
|
+
// matched route, so apps can build mount-correct sibling links (e.g. `${base}/assistant`) and
|
|
193
|
+
// compare them against the full `useLocation().pathname`, which carries the mount.
|
|
194
|
+
return router instanceof NestedRouter ? router.basePath : getMountBasename();
|
|
191
195
|
}
|
|
192
196
|
|
|
193
197
|
type UseParamsReturn<T> = T extends string ? string : Record<string, string>;
|
|
@@ -5,7 +5,7 @@ import { jwtDecode } from 'jwt-decode';
|
|
|
5
5
|
import { createContext, useContext } from 'react';
|
|
6
6
|
|
|
7
7
|
import { getComposableToken } from './auth/composable';
|
|
8
|
-
import { authReturnUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';
|
|
8
|
+
import { authReturnUrl, mountRootUrl, shouldRedirectToCentralAuth } from './auth/domainRouting';
|
|
9
9
|
import { getFirebaseAuth } from './auth/firebase';
|
|
10
10
|
|
|
11
11
|
import { LastSelectedAccountId_KEY, LastSelectedProjectId_KEY } from './constants';
|
|
@@ -168,12 +168,13 @@ class UserSession {
|
|
|
168
168
|
this.authToken = undefined;
|
|
169
169
|
this.setSession = undefined;
|
|
170
170
|
this.client.withAuthCallback(undefined);
|
|
171
|
-
// Navigate to root to avoid React rendering errors when
|
|
171
|
+
// Navigate to the app root to avoid React rendering errors when
|
|
172
172
|
// unmounting deeply nested route components during logout.
|
|
173
|
-
//
|
|
174
|
-
//
|
|
173
|
+
// Use the mount root (not bare '/') so a gateway-mounted app stays
|
|
174
|
+
// on its mount. Only navigate if user was actually logged in to
|
|
175
|
+
// avoid an infinite reload loop on fresh/incognito sessions.
|
|
175
176
|
if (wasLoggedIn) {
|
|
176
|
-
location.replace(
|
|
177
|
+
location.replace(mountRootUrl().toString());
|
|
177
178
|
}
|
|
178
179
|
}
|
|
179
180
|
}
|
|
@@ -188,7 +189,9 @@ class UserSession {
|
|
|
188
189
|
}
|
|
189
190
|
}
|
|
190
191
|
|
|
191
|
-
|
|
192
|
+
const url = mountRootUrl();
|
|
193
|
+
url.searchParams.set('a', targetAccountId);
|
|
194
|
+
window.location.replace(url.toString());
|
|
192
195
|
}
|
|
193
196
|
|
|
194
197
|
async switchProject(targetProjectId: string) {
|
|
@@ -196,7 +199,12 @@ class UserSession {
|
|
|
196
199
|
localStorage.setItem(`${LastSelectedProjectId_KEY}-${this.account.id}`, targetProjectId);
|
|
197
200
|
}
|
|
198
201
|
|
|
199
|
-
|
|
202
|
+
const url = mountRootUrl();
|
|
203
|
+
if (this.account?.id) {
|
|
204
|
+
url.searchParams.set('a', this.account.id);
|
|
205
|
+
}
|
|
206
|
+
url.searchParams.set('p', targetProjectId);
|
|
207
|
+
window.location.replace(url.toString());
|
|
200
208
|
}
|
|
201
209
|
|
|
202
210
|
async fetchAccounts() {
|
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
import { afterEach, describe, expect, it } from 'vitest';
|
|
2
|
-
import { shouldRedirectToCentralAuth, shouldUseFirebaseAuth } from './domainRouting';
|
|
2
|
+
import { mountRootUrl, shouldRedirectToCentralAuth, shouldUseFirebaseAuth } from './domainRouting';
|
|
3
|
+
|
|
4
|
+
// Stub document.baseURI to simulate the served `<base href>` (deep gateway mount) or its absence.
|
|
5
|
+
function setBaseURI(baseURI: string) {
|
|
6
|
+
(globalThis as { document?: unknown }).document = { baseURI };
|
|
7
|
+
}
|
|
3
8
|
|
|
4
9
|
describe('domainRouting', () => {
|
|
5
10
|
afterEach(() => {
|
|
6
11
|
delete (globalThis as { window?: unknown }).window;
|
|
12
|
+
delete (globalThis as { document?: unknown }).document;
|
|
7
13
|
});
|
|
8
14
|
|
|
9
15
|
it("uses Firebase auth when AUTH_MODE is 'firebase'", () => {
|
|
@@ -23,4 +29,25 @@ describe('domainRouting', () => {
|
|
|
23
29
|
expect(shouldUseFirebaseAuth()).toBe(false);
|
|
24
30
|
expect(shouldRedirectToCentralAuth()).toBe(true);
|
|
25
31
|
});
|
|
32
|
+
|
|
33
|
+
describe('mountRootUrl', () => {
|
|
34
|
+
it('returns the deep gateway mount root (dropping any deep route / query / hash)', () => {
|
|
35
|
+
const mount = 'https://gw.example.com/tenants/05948c_5ed5f4/apps/furniture-catalog/versions/v1/app/';
|
|
36
|
+
setBaseURI(mount);
|
|
37
|
+
expect(mountRootUrl().toString()).toBe(mount);
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it('strips an existing query and hash so callers control the reload target', () => {
|
|
41
|
+
setBaseURI('https://gw.example.com/tenants/t/apps/a/versions/v/app/');
|
|
42
|
+
const url = mountRootUrl();
|
|
43
|
+
url.searchParams.set('a', 'acct1');
|
|
44
|
+
url.searchParams.set('p', 'proj1');
|
|
45
|
+
expect(url.toString()).toBe('https://gw.example.com/tenants/t/apps/a/versions/v/app/?a=acct1&p=proj1');
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
it('is the origin root for the Studio UI (no <base> element)', () => {
|
|
49
|
+
setBaseURI('https://studio.vertesia.io/');
|
|
50
|
+
expect(mountRootUrl().toString()).toBe('https://studio.vertesia.io/');
|
|
51
|
+
});
|
|
52
|
+
});
|
|
26
53
|
});
|