@workos-inc/authkit-nextjs 2.12.2 → 2.13.0

package/README.md

@@ -142,31 +142,33 @@ The `onSuccess` callback receives the following data:
 
 **Note**: `authenticationMethod` is only provided during the initial authentication callback. It will not be available in subsequent requests or session refreshes.
 
-### Middleware / Proxy
+### Proxy / Middleware
 
-This library relies on Next.js middleware to provide session management for routes.
+This library relies on Next.js proxy (called "middleware" in Next.js ≤15) to provide session management for routes.
 
-**For Next.js ≤15:** Create a `middleware.ts` file in the root of your project.
 **For Next.js 16+:** Create a `proxy.ts` file in the root of your project.
+**For Next.js ≤15:** Create a `middleware.ts` file in the root of your project.
 
-The code remains the same; only the filename changes:
+The code remains the same; only the filename and export name differ:
 
 ```ts
+// proxy.ts (Next.js 16+) or middleware.ts (Next.js ≤15)
 import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
 
 export default authkitMiddleware();
+// For Next.js 16+, you can also use: export { default as proxy } from './proxy';
 
 // Match against pages that require auth
 // Leave this out if you want auth on every resource (including images, css etc.)
 export const config = { matcher: ['/', '/admin'] };
 ```
 
-The middleware can be configured with several options.
+The proxy/middleware can be configured with several options.
 
 | Option           | Default     | Description                                                                                                             |
 | ---------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------- |
 | `redirectUri`    | `undefined` | Used in cases where you need your redirect URI to be set dynamically (e.g. Vercel preview deployments)                  |
-| `middlewareAuth` | `undefined` | Used to configure middleware auth options. See [middleware auth](#middleware-auth) for more details.                    |
+| `middlewareAuth` | `undefined` | Used to configure proxy/middleware auth options. See [middleware auth](#middleware-auth) for more details.              |
 | `debug`          | `false`     | Enables debug logs.                                                                                                     |
 | `signUpPaths`    | `[]`        | Used to specify paths that should use the 'sign-up' screen hint when redirecting to AuthKit.                            |
 | `eagerAuth`      | `false`     | Enables synchronous access token availability for third-party services. See [eager auth](#eager-auth) for more details. |
@@ -189,6 +191,118 @@ export const config = { matcher: ['/', '/admin'] };
 
 Custom redirect URIs will be used over a redirect URI configured in the environment variables.
 
+#### Composable proxy/middleware
+
+If you need to combine AuthKit with other proxy logic (rate limiting, redirects, etc.), use the `authkit()` function with `handleAuthkitHeaders()` helper:
+
+```ts
+// proxy.ts (Next.js 16+) or middleware.ts (Next.js ≤15)
+import { NextRequest } from 'next/server';
+import { authkit, handleAuthkitHeaders } from '@workos-inc/authkit-nextjs';
+
+export default async function proxy(request: NextRequest) {
+  // For Next.js ≤15, use: export default async function middleware(request: NextRequest) {
+  // Get session, headers, and the WorkOS authorization URL for sign-in redirects
+  const { session, headers, authorizationUrl } = await authkit(request);
+
+  const { pathname } = request.nextUrl;
+
+  // Redirect unauthenticated users on protected routes
+  if (pathname.startsWith('/app') && !session.user && authorizationUrl) {
+    return handleAuthkitHeaders(request, headers, { redirect: authorizationUrl });
+  }
+
+  // Custom redirects (relative URLs supported)
+  if (pathname === '/old-path') {
+    return handleAuthkitHeaders(request, headers, { redirect: '/new-path' });
+  }
+
+  // Continue request with properly merged headers
+  return handleAuthkitHeaders(request, headers);
+}
+
+export const config = { matcher: ['/', '/app/:path*'] };
+```
+
+> [!IMPORTANT]
+> Always use `handleAuthkitHeaders()` when returning a response. This helper ensures:
+>
+> - AuthKit headers are properly passed to your pages (so `withAuth()` works)
+> - Internal headers (session data, URLs) are never leaked to the browser
+> - Only safe response headers (`Set-Cookie`, `Cache-Control`, `Vary`) are forwarded
+> - `Cache-Control: no-store` is automatically set when cookies are present
+> - `Vary` headers are properly merged when multiple values exist
+> - Relative redirect URLs are automatically normalized to absolute URLs
+> - POST/PUT redirects use 303 status to prevent form resubmission
+
+> [!NOTE]
+> The `redirect` option should only be used with trusted values (e.g., `authorizationUrl` from `authkit()` or hardcoded paths). Never pass user-controlled input directly to `redirect` without validation, as this could enable open redirect attacks.
+
+##### Redirect options
+
+```ts
+handleAuthkitHeaders(request, headers, {
+  redirect: '/login', // URL to redirect to (string or URL object)
+  redirectStatus: 307, // 302 | 303 | 307 | 308 (default: 307 for GET, 303 for POST)
+});
+```
+
+##### Advanced: Composing with rewrites
+
+For advanced use cases like rewrites, use the lower-level `partitionAuthkitHeaders()` and `applyResponseHeaders()`:
+
+```ts
+// proxy.ts (Next.js 16+) or middleware.ts (Next.js ≤15)
+import { NextRequest, NextResponse } from 'next/server';
+import { authkit, partitionAuthkitHeaders, applyResponseHeaders } from '@workos-inc/authkit-nextjs';
+
+export default async function proxy(request: NextRequest) {
+  // For Next.js ≤15, use: export default async function middleware(request: NextRequest) {
+  const { headers } = await authkit(request);
+  const { requestHeaders, responseHeaders } = partitionAuthkitHeaders(request, headers);
+
+  // Create your own response (rewrite, etc.)
+  const response = NextResponse.rewrite(new URL('/app/dashboard', request.url), {
+    request: { headers: requestHeaders },
+  });
+
+  // Apply AuthKit response headers (Set-Cookie, etc.)
+  applyResponseHeaders(response, responseHeaders);
+
+  return response;
+}
+```
+
+##### Internal headers reference
+
+AuthKit uses internal headers to pass data between proxy/middleware and server components. These are automatically handled by the helpers above, but understanding them helps with debugging.
+
+**Request headers** (passed to server components, never sent to browser):
+
+| Header                | Purpose                                                                                    |
+| --------------------- | ------------------------------------------------------------------------------------------ |
+| `x-workos-middleware` | Flag indicating AuthKit proxy/middleware is active. Required for `withAuth()` to function. |
+| `x-workos-session`    | Encrypted session data. Contains user info, access token, and refresh token.               |
+| `x-url`               | Current request URL. Used for redirect-after-login and generating sign-in URLs.            |
+| `x-redirect-uri`      | OAuth callback URI. Used by `getAuthorizationUrl()` for the OAuth flow.                    |
+| `x-sign-up-paths`     | Paths configured to trigger sign-up instead of sign-in flow.                               |
+
+> **Security:** These headers contain sensitive session data. The `handleAuthkitHeaders()` helper ensures they're forwarded to your pages (so `withAuth()` works) but never leaked to the browser. Client-injected `x-workos-*` headers are stripped and replaced with trusted values.
+
+**Response headers** (safe to send to browser):
+
+| Header               | Purpose                                                                                |
+| -------------------- | -------------------------------------------------------------------------------------- |
+| `Set-Cookie`         | Session cookies (e.g., `wos-session`). Multiple cookies are properly appended.         |
+| `Cache-Control`      | Caching directives. Auto-set to `no-store` when cookies are present.                   |
+| `Vary`               | Cache variation keys. Values are deduplicated when merging.                            |
+| `WWW-Authenticate`   | Authentication challenge for 401 responses (API auth flows).                           |
+| `Proxy-Authenticate` | Authentication challenge for proxy auth.                                               |
+| `Link`               | Pagination, preload hints, etc.                                                        |
+| `x-middleware-cache` | Next.js proxy/middleware result caching. Set to `no-cache` to prevent stale responses. |
+
+Only these allowlisted headers are forwarded to the browser. Any other headers from `authkit()` (including future `x-workos-*` headers) are filtered out for security.
+
 ## Usage
 
 ### Wrap your app in `AuthKitProvider`
@@ -220,7 +334,7 @@ import { withAuth } from '@workos-inc/authkit-nextjs';
 export default async function RootLayout({ children }: { children: React.ReactNode }) {
   // Fetch auth data on the server
   const auth = await withAuth();
-  
+
   // Remove the accessToken from the auth object as it is not needed on the client side
   const { accessToken, ...initialAuth } = auth;
 
@@ -503,16 +617,16 @@ const { session, headers } = await authkit(request, {
 });
 ```
 
-These callbacks provide a way to perform side effects when sessions are refreshed in the middleware. Common use cases include:
+These callbacks provide a way to perform side effects when sessions are refreshed in the proxy/middleware. Common use cases include:
 
 - Logging authentication events
 - Updating last activity timestamps
 - Triggering organization-specific data prefetching
 - Recording failed refresh attempts
 
-### Middleware auth
+### Proxy / Middleware auth
 
-The default behavior of this library is to request authentication via the `withAuth` method on a per-page basis. There are some use cases where you don't want to call `withAuth` (e.g. you don't need user data for your page) or if you'd prefer a "secure by default" approach where every route defined in your middleware matcher is protected unless specified otherwise. In those cases you can opt-in to use middleware auth instead:
+The default behavior of this library is to request authentication via the `withAuth` method on a per-page basis. There are some use cases where you don't want to call `withAuth` (e.g. you don't need user data for your page) or if you'd prefer a "secure by default" approach where every route defined in your proxy/middleware matcher is protected unless specified otherwise. In those cases you can opt-in to use `middlewareAuth` instead:
 
 ```ts
 import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
@@ -539,7 +653,7 @@ The `eagerAuth` option enables synchronous access to authentication tokens on in
 
 #### How it works
 
-When `eagerAuth: true` is set, the middleware temporarily stores the access token in a short-lived cookie (30 seconds) that is:
+When `eagerAuth: true` is set, the proxy/middleware temporarily stores the access token in a short-lived cookie (30 seconds) that is:
 
 - Only set on initial page loads (not API or prefetch requests)
 - Immediately consumed and deleted by the client
@@ -547,7 +661,7 @@ When `eagerAuth: true` is set, the middleware temporarily stores the access toke
 
 #### Usage
 
-Enable eager auth in your middleware configuration:
+Enable eager auth in your proxy/middleware configuration:
 
 ```ts
 import { authkitMiddleware } from '@workos-inc/authkit-nextjs';
@@ -601,62 +715,6 @@ Eager auth makes tokens briefly accessible via JavaScript (30-second window) to
 - Most API calls where a brief loading state is acceptable
 - When you don't need immediate token access on page load
 
-### Composing middleware
-
-> **Security note:** Always forward `request.headers` when returning `NextResponse.*` to mitigate SSRF issues in Next.js < 14.2.32 (14.x) or < 15.4.7 (15.x). This pattern is safe on all versions. We strongly recommend upgrading to the latest Next.js.
-
-If you don't want to use `authkitMiddleware` and instead want to compose your own middleware, you can use the `authkit` method. In this mode you are responsible to handling what to do when there's no session on a protected route.
-
-> **Note:** For Next.js 16+, name your file `proxy.ts` and the function `proxy` instead of `middleware`.
-
-```ts
-export default async function middleware(request: NextRequest) {
-  // Perform logic before or after AuthKit
-
-  // Auth object contains the session, response headers and an authorization URL in the case that the session isn't valid
-  // This method will automatically handle setting the cookie and refreshing the session
-  const {
-    session,
-    headers: authkitHeaders,
-    authorizationUrl,
-  } = await authkit(request, {
-    debug: true,
-  });
-
-  const { pathname } = new URL(request.url);
-
-  // Control of what to do when there's no session on a protected route is left to the developer
-  if (pathname.startsWith('/account') && !session.user) {
-    console.log('No session on protected path');
-    return NextResponse.redirect(authorizationUrl);
-  }
-
-  // Forward the incoming request headers (mitigation) and pass AuthKit headers as request headers
-  const response = NextResponse.next({
-    request: { headers: authkitHeaders },
-  });
-
-  // Copy Set-Cookie and cache control headers to the response, but exclude the internal
-  // x-workos-session header which contains encrypted session data and should never appear
-  // in HTTP responses (it's only used to pass session data between middleware and page handlers)
-  for (const [key, value] of authkitHeaders) {
-    if (key.toLowerCase() === 'x-workos-session') {
-      continue; // Internal header - must not leak to response
-    }
-    if (key.toLowerCase() === 'set-cookie') {
-      response.headers.append(key, value);
-    } else {
-      response.headers.set(key, value);
-    }
-  }
-
-  return response;
-}
-
-// Match against the pages
-export const config = { matcher: ['/', '/account/:path*'] };
-```
-
 ### Signing out
 
 Use the `signOut` method to sign out the current logged in user and redirect to your app's default Logout URI. The Logout URI is set in your WorkOS dashboard settings under "Redirect".
@@ -818,7 +876,7 @@ The library automatically sets appropriate cache headers on all authenticated re
 - `Pragma: no-cache` - HTTP/1.0 compatibility
 - `Expires: 0` - HTTP/1.0 cache expiration
 - `Vary: Cookie` - Ensures CDNs differentiate between different users (defense-in-depth)
-- `x-middleware-cache: no-cache` - Prevents Next.js middleware result caching
+- `x-middleware-cache: no-cache` - Prevents Next.js proxy/middleware result caching
 
 These headers are applied automatically when:
 
@@ -834,7 +892,7 @@ These headers are applied automatically when:
 
 ### Debugging
 
-To enable debug logs, initialize the middleware with the debug flag enabled.
+To enable debug logs, initialize the proxy/middleware with the debug flag enabled.
 
 ```js
 import { authkitMiddleware } from '@workos-inc/authkit-nextjs';

package/dist/esm/errors.js

@@ -0,0 +1,33 @@
+import { decodeJwt } from './jwt.js';
+export class AuthKitError extends Error {
+    constructor(message, cause, data) {
+        super(message);
+        this.name = 'AuthKitError';
+        this.cause = cause;
+        this.data = data;
+    }
+}
+export class TokenRefreshError extends AuthKitError {
+    constructor(message, cause, context) {
+        super(message, cause);
+        this.name = 'TokenRefreshError';
+        this.userId = context === null || context === void 0 ? void 0 : context.userId;
+        this.sessionId = context === null || context === void 0 ? void 0 : context.sessionId;
+    }
+}
+export function getSessionErrorContext(session) {
+    if (!(session === null || session === void 0 ? void 0 : session.accessToken)) {
+        return {};
+    }
+    try {
+        const { payload } = decodeJwt(session.accessToken);
+        return {
+            userId: payload.sub,
+            sessionId: payload.sid,
+        };
+    }
+    catch (_a) {
+        return {};
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/esm/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../src/errors.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,MAAM,OAAO,YAAa,SAAQ,KAAK;IAGrC,YAAY,OAAe,EAAE,KAAe,EAAE,IAA8B;QAC1E,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;CACF;AAOD,MAAM,OAAO,iBAAkB,SAAQ,YAAY;IAIjD,YAAY,OAAe,EAAE,KAAe,EAAE,OAAkC;QAC9E,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACtB,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,IAAI,CAAC,MAAM,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,MAAM,CAAC;QAC9B,IAAI,CAAC,SAAS,GAAG,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,CAAC;IACtC,CAAC;CACF;AAED,MAAM,UAAU,sBAAsB,CAAC,OAAwB;IAC7D,IAAI,CAAC,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,WAAW,CAAA,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACnD,OAAO;YACL,MAAM,EAAE,OAAO,CAAC,GAAG;YACnB,SAAS,EAAE,OAAO,CAAC,GAAG;SACvB,CAAC;IACJ,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/esm/get-authorization-url.js

@@ -2,8 +2,13 @@ import { getWorkOS } from './workos.js';
 import { WORKOS_CLIENT_ID, WORKOS_REDIRECT_URI } from './env-variables.js';
 import { headers } from 'next/headers';
 async function getAuthorizationUrl(options = {}) {
-    const headersList = await headers();
-    const { returnPathname, screenHint, organizationId, redirectUri = headersList.get('x-redirect-uri'), loginHint, prompt, state: customState, } = options;
+    var _a;
+    const { returnPathname, screenHint, organizationId, loginHint, prompt, state: customState } = options;
+    let redirectUri = options.redirectUri;
+    if (!redirectUri) {
+        const headersList = await headers();
+        redirectUri = (_a = headersList.get('x-redirect-uri')) !== null && _a !== void 0 ? _a : undefined;
+    }
     const internalState = returnPathname
         ? btoa(JSON.stringify({ returnPathname })).replace(/\+/g, '-').replace(/\//g, '_')
         : null;

package/dist/esm/get-authorization-url.js.map

@@ -1 +1 @@
-{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;IAChE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,EACJ,cAAc,EACd,UAAU,EACV,cAAc,EACd,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAC/C,SAAS,EACT,MAAM,EACN,KAAK,EAAE,WAAW,GACnB,GAAG,OAAO,CAAC;IAEZ,MAAM,aAAa,GAAG,cAAc;QAClC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;QAClF,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,UAAU,GACd,aAAa,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,WAAW,IAAI,SAAS,CAAC;IAE/G,OAAO,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;QACpD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,UAAU;QACjB,UAAU;QACV,cAAc;QACd,SAAS;QACT,MAAM;KACP,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}
+{"version":3,"file":"get-authorization-url.js","sourceRoot":"","sources":["../../src/get-authorization-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACxC,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAE3E,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAEvC,KAAK,UAAU,mBAAmB,CAAC,UAA6B,EAAE;;IAChE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IACtG,IAAI,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;IACtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,gBAAgB,CAAC,mCAAI,SAAS,CAAC;IAC/D,CAAC;IAED,MAAM,aAAa,GAAG,cAAc;QAClC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;QAClF,CAAC,CAAC,IAAI,CAAC;IAET,MAAM,UAAU,GACd,aAAa,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,IAAI,WAAW,EAAE,CAAC,CAAC,CAAC,aAAa,IAAI,WAAW,IAAI,SAAS,CAAC;IAE/G,OAAO,SAAS,EAAE,CAAC,cAAc,CAAC,mBAAmB,CAAC;QACpD,QAAQ,EAAE,SAAS;QACnB,QAAQ,EAAE,gBAAgB;QAC1B,WAAW,EAAE,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,mBAAmB;QAC/C,KAAK,EAAE,UAAU;QACjB,UAAU;QACV,cAAc;QACd,SAAS;QACT,MAAM;KACP,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

package/dist/esm/index.js

@@ -1,9 +1,11 @@
 import { getSignInUrl, getSignUpUrl, signOut, switchToOrganization } from './auth.js';
 import { handleAuth } from './authkit-callback-route.js';
+import { AuthKitError, TokenRefreshError } from './errors.js';
 import { authkit, authkitMiddleware } from './middleware.js';
+export { applyResponseHeaders, handleAuthkitHeaders, partitionAuthkitHeaders, isAuthkitRequestHeader, AUTHKIT_REQUEST_HEADERS, } from './middleware-helpers.js';
 import { getTokenClaims, refreshSession, saveSession, withAuth } from './session.js';
 import { validateApiKey } from './validate-api-key.js';
 import { getWorkOS } from './workos.js';
 export * from './interfaces.js';
-export { authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, withAuth, getTokenClaims, validateApiKey, };
+export { AuthKitError, TokenRefreshError, authkit, authkitMiddleware, getSignInUrl, getSignUpUrl, getTokenClaims, getWorkOS, handleAuth, refreshSession, saveSession, signOut, switchToOrganization, validateApiKey, withAuth, };
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,cAAc,iBAAiB,CAAC;AAEhC,OAAO,EACL,OAAO,EACP,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,SAAS,EACT,UAAU,EACV,cAAc,EACd,WAAW,EACX,OAAO,EACP,oBAAoB,EACpB,QAAQ,EACR,cAAc,EACd,cAAc,GACf,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC9D,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EACL,oBAAoB,EACpB,oBAAoB,EACpB,uBAAuB,EACvB,sBAAsB,EACtB,uBAAuB,GAKxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACrF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,cAAc,iBAAiB,CAAC;AAEhC,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,OAAO,EACP,iBAAiB,EACjB,YAAY,EACZ,YAAY,EACZ,cAAc,EACd,SAAS,EACT,UAAU,EACV,cAAc,EACd,WAAW,EACX,OAAO,EACP,oBAAoB,EACpB,cAAc,EACd,QAAQ,GACT,CAAC"}

package/dist/esm/middleware-helpers.js

@@ -0,0 +1,99 @@
+import { NextResponse } from 'next/server';
+/** Internal AuthKit headers - forwarded to downstream requests but never sent to browser. */
+export const AUTHKIT_REQUEST_HEADERS = [
+    'x-workos-middleware',
+    'x-url',
+    'x-redirect-uri',
+    'x-sign-up-paths',
+    'x-workos-session',
+];
+const ALLOWED_RESPONSE_HEADERS = [
+    'set-cookie',
+    'cache-control',
+    'vary',
+    'www-authenticate',
+    'proxy-authenticate',
+    'link',
+    'x-middleware-cache',
+];
+const MULTI_VALUE_HEADERS = ['set-cookie', 'www-authenticate', 'proxy-authenticate', 'link'];
+export function isAuthkitRequestHeader(name) {
+    const lower = name.toLowerCase();
+    return AUTHKIT_REQUEST_HEADERS.includes(lower) || lower.startsWith('x-workos-');
+}
+function setHeader(headers, name, value) {
+    const lower = name.toLowerCase();
+    if (MULTI_VALUE_HEADERS.includes(lower)) {
+        headers.append(name, value);
+    }
+    else if (lower === 'vary') {
+        const existing = headers.get(name);
+        const merged = new Set([
+            ...(existing ? existing.split(',').map((v) => v.trim()) : []),
+            ...value.split(',').map((v) => v.trim()),
+        ]);
+        headers.set(name, [...merged].join(', '));
+    }
+    else {
+        headers.set(name, value);
+    }
+}
+/**
+ * Partitions AuthKit headers into request headers (for withAuth) and response headers (for browser).
+ */
+export function partitionAuthkitHeaders(request, authkitHeaders) {
+    const headers = new Headers(authkitHeaders);
+    const requestHeaders = new Headers(request.headers);
+    // Strip any client-injected authkit headers, then apply trusted ones
+    for (const name of [...requestHeaders.keys()]) {
+        if (isAuthkitRequestHeader(name)) {
+            requestHeaders.delete(name);
+        }
+    }
+    for (const headerName of AUTHKIT_REQUEST_HEADERS) {
+        const value = headers.get(headerName);
+        if (value != null) {
+            requestHeaders.set(headerName, value);
+        }
+    }
+    // Build response headers from allowlist only
+    const responseHeaders = new Headers();
+    for (const [name, value] of headers) {
+        const lower = name.toLowerCase();
+        if (!isAuthkitRequestHeader(lower) && ALLOWED_RESPONSE_HEADERS.includes(lower)) {
+            setHeader(responseHeaders, name, value);
+        }
+    }
+    // Auto-add cache-control when setting cookies
+    if (responseHeaders.has('set-cookie') && !responseHeaders.has('cache-control')) {
+        responseHeaders.set('cache-control', 'no-store');
+    }
+    return { requestHeaders, responseHeaders };
+}
+export function applyResponseHeaders(response, responseHeaders) {
+    for (const [name, value] of responseHeaders) {
+        setHeader(response.headers, name, value);
+    }
+    return response;
+}
+/**
+ * Creates a NextResponse with properly merged AuthKit headers.
+ */
+export function handleAuthkitHeaders(request, authkitHeaders, options = {}) {
+    const { requestHeaders, responseHeaders } = partitionAuthkitHeaders(request, authkitHeaders);
+    const { redirect, redirectStatus } = options;
+    if (redirect != null && redirect !== '') {
+        let redirectUrl;
+        try {
+            redirectUrl = redirect instanceof URL ? redirect : new URL(redirect, request.url);
+        }
+        catch (_a) {
+            throw new Error(`Invalid redirect URL: "${redirect}". Must be a valid absolute or relative URL.`);
+        }
+        const method = request.method.toUpperCase();
+        const status = redirectStatus !== null && redirectStatus !== void 0 ? redirectStatus : (method === 'GET' || method === 'HEAD' ? 307 : 303);
+        return applyResponseHeaders(NextResponse.redirect(redirectUrl, status), responseHeaders);
+    }
+    return applyResponseHeaders(NextResponse.next({ request: { headers: requestHeaders } }), responseHeaders);
+}
+//# sourceMappingURL=middleware-helpers.js.map

package/dist/esm/middleware-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware-helpers.js","sourceRoot":"","sources":["../../src/middleware-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AAExD,6FAA6F;AAC7F,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,qBAAqB;IACrB,OAAO;IACP,gBAAgB;IAChB,iBAAiB;IACjB,kBAAkB;CACV,CAAC;AAIX,MAAM,wBAAwB,GAAsB;IAClD,YAAY;IACZ,eAAe;IACf,MAAM;IACN,kBAAkB;IAClB,oBAAoB;IACpB,MAAM;IACN,oBAAoB;CACrB,CAAC;AAEF,MAAM,mBAAmB,GAAsB,CAAC,YAAY,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC;AAEhH,MAAM,UAAU,sBAAsB,CAAC,IAAY;IACjD,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,OAAQ,uBAA6C,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AACzG,CAAC;AAED,SAAS,SAAS,CAAC,OAAgB,EAAE,IAAY,EAAE,KAAa;IAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,mBAAmB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxC,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;SAAM,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QAC5B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC;YACrB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7D,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACzC,CAAC,CAAC;QACH,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5C,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3B,CAAC;AACH,CAAC;AAOD;;GAEG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAoB,EAAE,cAAuB;IACnF,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAC5C,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpD,qEAAqE;IACrE,KAAK,MAAM,IAAI,IAAI,CAAC,GAAG,cAAc,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC;QAC9C,IAAI,sBAAsB,CAAC,IAAI,CAAC,EAAE,CAAC;YACjC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IACD,KAAK,MAAM,UAAU,IAAI,uBAAuB,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACtC,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;YAClB,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAC;IACtC,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,wBAAwB,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YAC/E,SAAS,CAAC,eAAe,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,IAAI,eAAe,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC/E,eAAe,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,QAAsB,EAAE,eAAwB;IACnF,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,eAAe,EAAE,CAAC;QAC5C,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAYD;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAoB,EACpB,cAAuB,EACvB,UAAuC,EAAE;IAEzC,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,GAAG,uBAAuB,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IAC7F,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE7C,IAAI,QAAQ,IAAI,IAAI,IAAI,QAAQ,KAAK,EAAE,EAAE,CAAC;QACxC,IAAI,WAAgB,CAAC;QACrB,IAAI,CAAC;YACH,WAAW,GAAG,QAAQ,YAAY,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACpF,CAAC;QAAC,WAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,8CAA8C,CAAC,CAAC;QACpG,CAAC;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,cAAc,aAAd,cAAc,cAAd,cAAc,GAAI,CAAC,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACrF,OAAO,oBAAoB,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,eAAe,CAAC,CAAC;IAC3F,CAAC;IAED,OAAO,oBAAoB,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,cAAc,EAAE,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC;AAC5G,CAAC"}

package/dist/esm/session.js

@@ -3,13 +3,14 @@ import { sealData, unsealData } from 'iron-session';
 import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
 import { cookies, headers } from 'next/headers';
 import { redirect } from 'next/navigation';
-import { NextResponse } from 'next/server';
 import { getCookieOptions, getJwtCookie } from './cookie.js';
 import { WORKOS_CLIENT_ID, WORKOS_COOKIE_NAME, WORKOS_COOKIE_PASSWORD, WORKOS_REDIRECT_URI } from './env-variables.js';
+import { TokenRefreshError, getSessionErrorContext } from './errors.js';
 import { getAuthorizationUrl } from './get-authorization-url.js';
 import { getWorkOS } from './workos.js';
 import { parse, tokensToRegexp } from 'path-to-regexp';
-import { lazy, redirectWithFallback, setCachePreventionHeaders } from './utils.js';
+import { handleAuthkitHeaders } from './middleware-helpers.js';
+import { lazy, setCachePreventionHeaders } from './utils.js';
 const sessionHeaderName = 'x-workos-session';
 const middlewareHeaderName = 'x-workos-middleware';
 const signUpPathsHeaderName = 'x-sign-up-paths';
@@ -100,42 +101,19 @@ async function updateSessionMiddleware(request, debug, middlewareAuth, redirectU
         screenHint: getScreenHint(signUpPaths, request.nextUrl.pathname),
         eagerAuth,
     });
-    // If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
-    if (middlewareAuth.enabled && matchedPaths.length === 0 && !session.user) {
-        if (debug) {
-            console.log(`Unauthenticated user on protected route ${request.url}, redirecting to AuthKit`);
-        }
-        return redirectWithFallback(authorizationUrl, headers);
-    }
     // Record the sign up paths so we can use them later
     if (signUpPaths.length > 0) {
         headers.set(signUpPathsHeaderName, signUpPaths.join(','));
     }
     applyCacheSecurityHeaders(headers, request, session);
-    // Create a new request with modified headers (for page handlers)
-    const requestHeaders = new Headers(request.headers);
-    requestHeaders.set(middlewareHeaderName, headers.get(middlewareHeaderName));
-    requestHeaders.set('x-url', headers.get('x-url'));
-    if (headers.has('x-redirect-uri')) {
-        requestHeaders.set('x-redirect-uri', headers.get('x-redirect-uri'));
-    }
-    if (headers.has(signUpPathsHeaderName)) {
-        requestHeaders.set(signUpPathsHeaderName, headers.get(signUpPathsHeaderName));
-    }
-    // Pass session to page handlers via request header
-    // This ensures handlers see refreshed sessions immediately (before Set-Cookie reaches browser)
-    const sessionHeader = headers.get(sessionHeaderName);
-    if (sessionHeader) {
-        requestHeaders.set(sessionHeaderName, sessionHeader);
+    // If the user is logged out and this path isn't on the allowlist for logged out paths, redirect to AuthKit.
+    if (middlewareAuth.enabled && matchedPaths.length === 0 && !session.user) {
+        if (debug) {
+            console.log(`Unauthenticated user on protected route ${request.url}, redirecting to AuthKit`);
+        }
+        return handleAuthkitHeaders(request, headers, { redirect: authorizationUrl });
     }
-    // Remove session header from response headers to prevent leakage
-    headers.delete(sessionHeaderName);
-    return NextResponse.next({
-        request: {
-            headers: requestHeaders,
-        },
-        headers,
-    });
+    return handleAuthkitHeaders(request, headers);
 }
 async function updateSession(request, options = { debug: false }) {
     var _a, _b;
@@ -288,9 +266,7 @@ async function refreshSession({ organizationId: nextOrganizationId, ensureSigned
         });
     }
     catch (error) {
-        throw new Error(`Failed to refresh session: ${error instanceof Error ? error.message : String(error)}`, {
-            cause: error,
-        });
+        throw new TokenRefreshError(`Failed to refresh session: ${error instanceof Error ? error.message : String(error)}`, error, getSessionErrorContext(session));
     }
     const headersList = await headers();
     const url = headersList.get('x-url');

package/dist/esm/session.js.map

@@ -1 +1 @@
-{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAC3C,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,IAAI,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAEnF,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,OAAgB,EAChB,OAAoB,EACpB,WAAgD;IAEhD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,sDAAsD;IACtD,IAAI,CAAC,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAA,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CACT,MAAM,EACN,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IAEF,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,gBAA0B,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAED,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAErD,iEAAiE;IACjE,MAAM,cAAc,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,cAAc,CAAC,GAAG,CAAC,oBAAoB,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAE,CAAC,CAAC;IAC7E,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,cAAc,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAE,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACvC,cAAc,CAAC,GAAG,CAAC,qBAAqB,EAAE,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAE,CAAC,CAAC;IACjF,CAAC;IAED,mDAAmD;IACnD,+FAA+F;IAC/F,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACrD,IAAI,aAAa,EAAE,CAAC;QAClB,cAAc,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;IACvD,CAAC;IAED,iEAAiE;IACjE,OAAO,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAElC,OAAO,YAAY,CAAC,IAAI,CAAC;QACvB,OAAO,EAAE;YACP,OAAO,EAAE,cAAc;SACxB;QACD,OAAO;KACR,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,yBAAyB,CAAC,iBAAiB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/D,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE;YACtG,KAAK,EAAE,KAAK;SACb,CAAC,CAAC;IACL,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/session.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AAEb,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EAAc,kBAAkB,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC5E,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE3C,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvH,OAAO,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAUjE,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,EAAE,IAAI,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AAE7D,MAAM,iBAAiB,GAAG,kBAAkB,CAAC;AAC7C,MAAM,oBAAoB,GAAG,qBAAqB,CAAC;AACnD,MAAM,qBAAqB,GAAG,iBAAiB,CAAC;AAChD,MAAM,aAAa,GAAG,qBAAqB,CAAC;AAE5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;AAE9G;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAChC,OAAgB,EAChB,OAAoB,EACpB,WAAgD;IAEhD,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,sDAAsD;IACtD,IAAI,CAAC,CAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,WAAW,CAAA,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxC,IAAI,WAAW,EAAE,CAAC;QAChB,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACnC,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACvC,IAAI,OAAO;gBAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CACT,MAAM,EACN,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,IAAI,CAAC,CACd,CAAC;IAEF,yBAAyB,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAS,wBAAwB,CAAC,OAAoB;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnD,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IACjG,MAAM,UAAU,GACd,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,UAAU;QAC7C,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,KAAK,UAAU;QACjD,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;IAE9C,OAAO,iBAAiB,IAAI,CAAC,YAAY,IAAI,CAAC,UAAU,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,OAAgB;IAC5C,OAAO,QAAQ,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,sBAAsB;QAChC,GAAG,EAAE,CAAC;KACP,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,uBAAuB,CACpC,OAAoB,EACpB,KAAc,EACd,cAAqC,EACrC,WAAmB,EACnB,WAAqB,EACrB,SAAS,GAAG,KAAK;IAEjB,IAAI,CAAC,WAAW,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4FAA4F,CAAC,CAAC;IAChH,CAAC;IAED,IAAI,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,uGAAuG,CACxG,CAAC;IACJ,CAAC;IAED,IAAI,GAAG,CAAC;IAER,IAAI,WAAW,EAAE,CAAC;QAChB,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACrC,CAAC;IAED,IACE,cAAc,CAAC,OAAO;QACtB,GAAG,CAAC,QAAQ,KAAK,OAAO,CAAC,OAAO,CAAC,QAAQ;QACzC,CAAC,cAAc,CAAC,oBAAoB,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAC3D,CAAC;QACD,qBAAqB;QACrB,qCAAqC;QACrC,kDAAkD;QAClD,6DAA6D;QAC7D,EAAE;QACF,mGAAmG;QACnG,4GAA4G;QAC5G,cAAc,CAAC,oBAAoB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,YAAY,GAAa,cAAc,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QACrF,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QAEvD,OAAO,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE;QAC1E,KAAK;QACL,WAAW;QACX,UAAU,EAAE,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC;QAChE,SAAS;KACV,CAAC,CAAC;IAEH,oDAAoD;IACpD,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC5D,CAAC;IAED,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAErD,4GAA4G;IAC5G,IAAI,cAAc,CAAC,OAAO,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,GAAG,CAAC,2CAA2C,OAAO,CAAC,GAAG,0BAA0B,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,gBAA0B,EAAE,CAAC,CAAC;IAC1F,CAAC;IAED,OAAO,oBAAoB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,UAA0B,EAAE,KAAK,EAAE,KAAK,EAAE;;IAE1C,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEpD,0GAA0G;IAC1G,uBAAuB;IACvB,6EAA6E;IAC7E,MAAM,iBAAiB,GAAG,IAAI,OAAO,EAAE,CAAC;IAExC,kGAAkG;IAClG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAEpD,0FAA0F;IAC1F,qGAAqG;IACrG,gFAAgF;IAChF,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,mGAAmG;QACnG,gEAAgE;QAChE,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;IAC/D,CAAC;IAED,iBAAiB,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;IAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QAED,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;gBACvD,UAAU,EAAE,OAAO,CAAC,UAAU;aAC/B,CAAC;SACH,CAAC;IACJ,CAAC;IAED,MAAM,eAAe,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IAEvD,yBAAyB,CAAC,iBAAiB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAE/D,IAAI,eAAe,EAAE,CAAC;QACpB,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAE,CAAC,KAAK,CAAC,CAAC;QAEjF,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAEhD,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC7D,0DAA0D;YAC1D,IAAI,CAAC,iBAAiB,IAAI,iBAAiB,CAAC,KAAK,KAAK,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC1E,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;YACzF,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,uBAAuB;YACvB,OAAO,CAAC,GAAG,CACT,oBAAoB,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,wCAAwC,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,uBAAuB,EAAE,CAC/I,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9F,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,EAAE,GACrD,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5D,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,6BAA6B;SAC9C,CAAC,CAAC;QAEL,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAChD,CAAC;QACD,qDAAqD;QACrD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC;YAC5C,WAAW;YACX,YAAY;YACZ,IAAI;YACJ,YAAY;SACb,CAAC,CAAC;QAEH,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,GAAG,UAAU,IAAI,gBAAgB,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QACpH,iBAAiB,CAAC,GAAG,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,CAAC;QAE3D,yCAAyC;QACzC,8EAA8E;QAC9E,IAAI,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;QAExC,MAAA,OAAO,CAAC,uBAAuB,wDAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvF,OAAO;YACL,OAAO,EAAE;gBACP,SAAS;gBACT,IAAI;gBACJ,cAAc;gBACd,IAAI;gBACJ,KAAK;gBACL,WAAW;gBACX,YAAY;gBACZ,YAAY;gBACZ,YAAY;gBACZ,WAAW;aACZ;YACD,OAAO,EAAE,iBAAiB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,qCAAqC,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,0GAA0G;QAC1G,MAAM,YAAY,GAAG,GAAG,UAAU,cAAc,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,gBAAgB,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;QAC1H,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAErD,4CAA4C;QAC5C,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,MAAM,eAAe,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC9D,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,CAAC;QAC1D,CAAC;QAED,MAAA,OAAO,CAAC,qBAAqB,wDAAG,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QAEvD,OAAO;YACL,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;YACvB,OAAO,EAAE,iBAAiB;YAC1B,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;gBAC1C,cAAc,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC;gBAC9C,WAAW,EAAE,OAAO,CAAC,WAAW,IAAI,mBAAmB;aACxD,CAAC;SACH,CAAC;IACJ,CAAC;AACH,CAAC;AAOD,KAAK,UAAU,cAAc,CAAC,EAC5B,cAAc,EAAE,kBAAkB,EAClC,cAAc,GAAG,KAAK,MAIpB,EAAE;IACJ,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EAAE,MAAM,EAAE,6BAA6B,EAAE,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAE9F,IAAI,aAAa,CAAC;IAElB,IAAI,CAAC;QACH,aAAa,GAAG,MAAM,SAAS,EAAE,CAAC,cAAc,CAAC,4BAA4B,CAAC;YAC5E,QAAQ,EAAE,gBAAgB;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,cAAc,EAAE,kBAAkB,aAAlB,kBAAkB,cAAlB,kBAAkB,GAAI,6BAA6B;SACpE,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,iBAAiB,CACzB,8BAA8B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EACtF,KAAK,EACL,sBAAsB,CAAC,OAAO,CAAC,CAChC,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,MAAM,WAAW,CAAC,aAAa,EAAE,GAAG,IAAI,mBAAmB,CAAC,CAAC;IAE7D,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAE1D,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,WAAW,CAAC,CAAC;IAExC,OAAO;QACL,SAAS;QACT,IAAI;QACJ,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY;QACZ,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,SAAS,0BAA0B,CAAC,QAAgB;IAClD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;QACrD,MAAM,IAAI,GAAG,GAAG,GAAG,CAAC,QAAS,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,EAAE,CAAC;QAEjD,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;QAC3B,MAAM,KAAK,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC;QAE5C,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEjE,MAAM,IAAI,KAAK,CAAC,qDAAqD,OAAO,EAAE,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,KAAK,UAAU,gBAAgB;;IAC7B,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAErC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IAED,yDAAyD;IACzD,MAAM,WAAW,GAAG,MAAA,WAAW,CAAC,GAAG,CAAC,qBAAqB,CAAC,0CAAE,KAAK,CAAC,GAAG,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC;IACvC,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAExD,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC;IAE9C,QAAQ,CAAC,MAAM,mBAAmB,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,WAAoB;IAEpB,MAAM,KAAK,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,CAAC,MAAM,QAAQ,EAAE,CAAC,CAAC,WAAW,CAAC;IAC5D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,SAAS,CAAI,KAAK,CAAC,CAAC;AAC7B,CAAC;AAID,KAAK,UAAU,QAAQ,CAAC,OAAsC;IAC5D,MAAM,OAAO,GAAG,MAAM,oBAAoB,EAAE,CAAC;IAE7C,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,cAAc,EAAE,CAAC;YAC5B,MAAM,gBAAgB,EAAE,CAAC;QAC3B,CAAC;QACD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,EACJ,GAAG,EAAE,SAAS,EACd,MAAM,EAAE,cAAc,EACtB,IAAI,EACJ,KAAK,EACL,WAAW,EACX,YAAY,EACZ,aAAa,EAAE,YAAY,GAC5B,GAAG,SAAS,CAAc,OAAO,CAAC,WAAW,CAAC,CAAC;IAEhD,OAAO;QACL,SAAS;QACT,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,cAAc;QACd,IAAI;QACJ,KAAK;QACL,WAAW;QACX,YAAY;QACZ,YAAY;QACZ,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,WAAW,EAAE,OAAO,CAAC,WAAW;KACjC,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB;IAClD,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC;QACrC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,WAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,OAAqB;IAC9D,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,IAAI,MAAM,CAAC;IAEX,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;QACpC,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,UAAU,CAAU,MAAM,CAAC,KAAK,EAAE;YACvC,QAAQ,EAAE,sBAAsB;SACjC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,KAAK,UAAU,oBAAoB;IACjC,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IAErE,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,GAAG,GAAG,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,IAAI,KAAK,CACb,iCAAiC,GAAG,aAAH,GAAG,cAAH,GAAG,GAAI,SAAS,iLAAiL,CACnO,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACtD,IAAI,CAAC,UAAU;QAAE,OAAO;IAExB,OAAO,UAAU,CAAU,UAAU,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAE5B,OAAO,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACzG,CAAC;AAED,SAAS,aAAa,CAAC,WAAiC,EAAE,QAAgB;IACxE,IAAI,CAAC,WAAW;QAAE,OAAO,SAAS,CAAC;IAEnC,MAAM,eAAe,GAAa,WAAW,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChE,MAAM,SAAS,GAAG,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACvD,OAAO,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,eAAe,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5D,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,iBAAmD,EACnD,OAA6B;IAE7B,MAAM,UAAU,GAAG,kBAAkB,IAAI,aAAa,CAAC;IACvD,MAAM,gBAAgB,GAAG,MAAM,cAAc,CAAC,iBAAiB,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,MAAM,OAAO,EAAE,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAChE,WAAW,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,uBAAuB,EAAE,QAAQ,EAAE,CAAC"}

package/dist/esm/types/errors.d.ts

@@ -0,0 +1,15 @@
+import type { Session } from './interfaces.js';
+export declare class AuthKitError extends Error {
+    data?: Record<string, unknown>;
+    constructor(message: string, cause?: unknown, data?: Record<string, unknown>);
+}
+export interface TokenRefreshErrorContext {
+    userId?: string;
+    sessionId?: string;
+}
+export declare class TokenRefreshError extends AuthKitError {
+    readonly userId?: string;
+    readonly sessionId?: string;
+    constructor(message: string, cause?: unknown, context?: TokenRefreshErrorContext);
+}
+export declare function getSessionErrorContext(session?: Session | null): TokenRefreshErrorContext;