alepha 0.20.5 → 0.20.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (367) hide show
  1. package/AGENTS.md +0 -1
  2. package/CLAUDE.md +0 -1
  3. package/assets/agents-template.md +0 -1
  4. package/dist/api/audits/index.browser.js +1 -0
  5. package/dist/api/audits/index.browser.js.map +1 -1
  6. package/dist/api/audits/index.d.ts +701 -654
  7. package/dist/api/audits/index.d.ts.map +1 -1
  8. package/dist/api/audits/index.js +24 -1
  9. package/dist/api/audits/index.js.map +1 -1
  10. package/dist/api/files/index.browser.js +1 -0
  11. package/dist/api/files/index.browser.js.map +1 -1
  12. package/dist/api/files/index.d.ts +193 -166
  13. package/dist/api/files/index.d.ts.map +1 -1
  14. package/dist/api/files/index.js +52 -0
  15. package/dist/api/files/index.js.map +1 -1
  16. package/dist/api/jobs/index.browser.js +40 -14
  17. package/dist/api/jobs/index.browser.js.map +1 -1
  18. package/dist/api/jobs/index.d.ts +639 -333
  19. package/dist/api/jobs/index.d.ts.map +1 -1
  20. package/dist/api/jobs/index.js +495 -162
  21. package/dist/api/jobs/index.js.map +1 -1
  22. package/dist/api/keys/index.d.ts +222 -188
  23. package/dist/api/keys/index.d.ts.map +1 -1
  24. package/dist/api/keys/index.js +54 -0
  25. package/dist/api/keys/index.js.map +1 -1
  26. package/dist/api/notifications/index.d.ts +265 -236
  27. package/dist/api/notifications/index.d.ts.map +1 -1
  28. package/dist/api/notifications/index.js +55 -13
  29. package/dist/api/notifications/index.js.map +1 -1
  30. package/dist/api/organizations/index.d.ts +100 -97
  31. package/dist/api/organizations/index.d.ts.map +1 -1
  32. package/dist/api/organizations/index.js.map +1 -1
  33. package/dist/api/parameters/index.d.ts +332 -314
  34. package/dist/api/parameters/index.d.ts.map +1 -1
  35. package/dist/api/parameters/index.js +37 -0
  36. package/dist/api/parameters/index.js.map +1 -1
  37. package/dist/api/payments/index.d.ts +431 -376
  38. package/dist/api/payments/index.d.ts.map +1 -1
  39. package/dist/api/payments/index.js +202 -87
  40. package/dist/api/payments/index.js.map +1 -1
  41. package/dist/api/subscriptions/index.d.ts +1695 -0
  42. package/dist/api/subscriptions/index.d.ts.map +1 -0
  43. package/dist/api/subscriptions/index.js +1919 -0
  44. package/dist/api/subscriptions/index.js.map +1 -0
  45. package/dist/api/users/index.d.ts +1001 -844
  46. package/dist/api/users/index.d.ts.map +1 -1
  47. package/dist/api/users/index.js +237 -28
  48. package/dist/api/users/index.js.map +1 -1
  49. package/dist/api/verifications/index.d.ts +123 -122
  50. package/dist/api/verifications/index.d.ts.map +1 -1
  51. package/dist/api/verifications/index.js.map +1 -1
  52. package/dist/batch/index.js.map +1 -1
  53. package/dist/bucket/index.d.ts +21 -2
  54. package/dist/bucket/index.d.ts.map +1 -1
  55. package/dist/bucket/index.js +47 -0
  56. package/dist/bucket/index.js.map +1 -1
  57. package/dist/bucket/index.workerd.js +24 -0
  58. package/dist/bucket/index.workerd.js.map +1 -1
  59. package/dist/cache/core/index.d.ts +134 -7
  60. package/dist/cache/core/index.d.ts.map +1 -1
  61. package/dist/cache/core/index.js +181 -15
  62. package/dist/cache/core/index.js.map +1 -1
  63. package/dist/cache/core/index.workerd.js +181 -15
  64. package/dist/cache/core/index.workerd.js.map +1 -1
  65. package/dist/cache/database/index.d.ts +156 -0
  66. package/dist/cache/database/index.d.ts.map +1 -0
  67. package/dist/cache/database/index.js +266 -0
  68. package/dist/cache/database/index.js.map +1 -0
  69. package/dist/cache/redis/index.d.ts +3 -2
  70. package/dist/cache/redis/index.d.ts.map +1 -1
  71. package/dist/cache/redis/index.js.map +1 -1
  72. package/dist/captcha/index.js.map +1 -1
  73. package/dist/cli/config/index.js.map +1 -1
  74. package/dist/cli/core/index.d.ts +142 -128
  75. package/dist/cli/core/index.d.ts.map +1 -1
  76. package/dist/cli/core/index.js +160 -13
  77. package/dist/cli/core/index.js.map +1 -1
  78. package/dist/cli/devtools/index.d.ts +3 -2
  79. package/dist/cli/devtools/index.d.ts.map +1 -1
  80. package/dist/cli/devtools/index.js.map +1 -1
  81. package/dist/cli/platform/index.d.ts +346 -290
  82. package/dist/cli/platform/index.d.ts.map +1 -1
  83. package/dist/cli/platform/index.js +106 -7
  84. package/dist/cli/platform/index.js.map +1 -1
  85. package/dist/cli/vendor/index.d.ts +12 -11
  86. package/dist/cli/vendor/index.d.ts.map +1 -1
  87. package/dist/cli/vendor/index.js.map +1 -1
  88. package/dist/command/index.d.ts +6 -5
  89. package/dist/command/index.d.ts.map +1 -1
  90. package/dist/command/index.js.map +1 -1
  91. package/dist/core/index.browser.js +1 -1
  92. package/dist/core/index.browser.js.map +1 -1
  93. package/dist/core/index.d.ts +119 -118
  94. package/dist/core/index.d.ts.map +1 -1
  95. package/dist/core/index.js +1 -1
  96. package/dist/core/index.js.map +1 -1
  97. package/dist/core/index.native.js +1 -1
  98. package/dist/core/index.native.js.map +1 -1
  99. package/dist/core/index.workerd.js +1 -1
  100. package/dist/core/index.workerd.js.map +1 -1
  101. package/dist/crypto/index.browser.js.map +1 -1
  102. package/dist/crypto/index.d.ts +3 -2
  103. package/dist/crypto/index.d.ts.map +1 -1
  104. package/dist/crypto/index.js.map +1 -1
  105. package/dist/datetime/index.js.map +1 -1
  106. package/dist/email/brevo/index.js.map +1 -1
  107. package/dist/email/core/index.d.ts +3 -2
  108. package/dist/email/core/index.d.ts.map +1 -1
  109. package/dist/email/core/index.js.map +1 -1
  110. package/dist/email/core/index.workerd.js.map +1 -1
  111. package/dist/email/smtp/index.d.ts +7 -6
  112. package/dist/email/smtp/index.d.ts.map +1 -1
  113. package/dist/email/smtp/index.js.map +1 -1
  114. package/dist/fake/index.js.map +1 -1
  115. package/dist/lock/core/index.d.ts +5 -4
  116. package/dist/lock/core/index.d.ts.map +1 -1
  117. package/dist/lock/core/index.js.map +1 -1
  118. package/dist/lock/redis/index.js.map +1 -1
  119. package/dist/logger/index.d.ts +10 -9
  120. package/dist/logger/index.d.ts.map +1 -1
  121. package/dist/logger/index.js.map +1 -1
  122. package/dist/mcp/index.d.ts +9 -8
  123. package/dist/mcp/index.d.ts.map +1 -1
  124. package/dist/mcp/index.js +1 -1
  125. package/dist/mcp/index.js.map +1 -1
  126. package/dist/orm/core/index.browser.js +9 -3
  127. package/dist/orm/core/index.browser.js.map +1 -1
  128. package/dist/orm/core/index.bun.js +31 -10
  129. package/dist/orm/core/index.bun.js.map +1 -1
  130. package/dist/orm/core/index.d.ts +33 -14
  131. package/dist/orm/core/index.d.ts.map +1 -1
  132. package/dist/orm/core/index.js +31 -10
  133. package/dist/orm/core/index.js.map +1 -1
  134. package/dist/orm/postgres/index.bun.js.map +1 -1
  135. package/dist/orm/postgres/index.d.ts +6 -5
  136. package/dist/orm/postgres/index.d.ts.map +1 -1
  137. package/dist/orm/postgres/index.js.map +1 -1
  138. package/dist/queue/core/index.d.ts +5 -4
  139. package/dist/queue/core/index.d.ts.map +1 -1
  140. package/dist/queue/core/index.js.map +1 -1
  141. package/dist/queue/core/index.workerd.js.map +1 -1
  142. package/dist/queue/redis/index.d.ts +3 -2
  143. package/dist/queue/redis/index.d.ts.map +1 -1
  144. package/dist/queue/redis/index.js.map +1 -1
  145. package/dist/react/auth/index.browser.js.map +1 -1
  146. package/dist/react/auth/index.js.map +1 -1
  147. package/dist/react/core/index.js.map +1 -1
  148. package/dist/react/form/index.d.ts +5 -0
  149. package/dist/react/form/index.d.ts.map +1 -1
  150. package/dist/react/form/index.js +8 -4
  151. package/dist/react/form/index.js.map +1 -1
  152. package/dist/react/head/index.browser.js.map +1 -1
  153. package/dist/react/head/index.js.map +1 -1
  154. package/dist/react/i18n/index.d.ts +2 -1
  155. package/dist/react/i18n/index.d.ts.map +1 -1
  156. package/dist/react/i18n/index.js.map +1 -1
  157. package/dist/react/intro/index.js.map +1 -1
  158. package/dist/react/router/index.browser.js.map +1 -1
  159. package/dist/react/router/index.d.ts +206 -205
  160. package/dist/react/router/index.d.ts.map +1 -1
  161. package/dist/react/router/index.js.map +1 -1
  162. package/dist/react/testing/index.js.map +1 -1
  163. package/dist/react/ui/index.d.ts +11 -11
  164. package/dist/react/ui/index.d.ts.map +1 -1
  165. package/dist/react/ui/index.js.map +1 -1
  166. package/dist/redis/index.bun.js.map +1 -1
  167. package/dist/redis/index.js.map +1 -1
  168. package/dist/retry/index.js.map +1 -1
  169. package/dist/router/index.js.map +1 -1
  170. package/dist/scheduler/index.d.ts +25 -2
  171. package/dist/scheduler/index.d.ts.map +1 -1
  172. package/dist/scheduler/index.js +12 -0
  173. package/dist/scheduler/index.js.map +1 -1
  174. package/dist/scheduler/index.workerd.js +12 -0
  175. package/dist/scheduler/index.workerd.js.map +1 -1
  176. package/dist/security/index.browser.js +29 -1
  177. package/dist/security/index.browser.js.map +1 -1
  178. package/dist/security/index.d.ts +82 -35
  179. package/dist/security/index.d.ts.map +1 -1
  180. package/dist/security/index.js +56 -3
  181. package/dist/security/index.js.map +1 -1
  182. package/dist/server/auth/index.d.ts +163 -158
  183. package/dist/server/auth/index.d.ts.map +1 -1
  184. package/dist/server/auth/index.js +16 -4
  185. package/dist/server/auth/index.js.map +1 -1
  186. package/dist/server/cookies/index.browser.js.map +1 -1
  187. package/dist/server/cookies/index.js.map +1 -1
  188. package/dist/server/core/index.browser.js.map +1 -1
  189. package/dist/server/core/index.d.ts +35 -34
  190. package/dist/server/core/index.d.ts.map +1 -1
  191. package/dist/server/core/index.js.map +1 -1
  192. package/dist/server/cors/index.d.ts +7 -6
  193. package/dist/server/cors/index.d.ts.map +1 -1
  194. package/dist/server/cors/index.js.map +1 -1
  195. package/dist/server/etag/index.js.map +1 -1
  196. package/dist/server/health/index.d.ts +16 -15
  197. package/dist/server/health/index.d.ts.map +1 -1
  198. package/dist/server/health/index.js.map +1 -1
  199. package/dist/server/links/index.browser.js.map +1 -1
  200. package/dist/server/links/index.d.ts +51 -50
  201. package/dist/server/links/index.d.ts.map +1 -1
  202. package/dist/server/links/index.js.map +1 -1
  203. package/dist/server/metrics/index.js.map +1 -1
  204. package/dist/server/proxy/index.js.map +1 -1
  205. package/dist/server/rate-limit/index.d.ts +6 -5
  206. package/dist/server/rate-limit/index.d.ts.map +1 -1
  207. package/dist/server/rate-limit/index.js.map +1 -1
  208. package/dist/server/static/index.js.map +1 -1
  209. package/dist/server/swagger/index.d.ts +2 -1
  210. package/dist/server/swagger/index.d.ts.map +1 -1
  211. package/dist/server/swagger/index.js.map +1 -1
  212. package/dist/sms/index.js.map +1 -1
  213. package/dist/system/index.browser.js.map +1 -1
  214. package/dist/system/index.js.map +1 -1
  215. package/dist/system/index.workerd.js.map +1 -1
  216. package/dist/topic/core/index.js.map +1 -1
  217. package/dist/topic/redis/index.d.ts +3 -2
  218. package/dist/topic/redis/index.d.ts.map +1 -1
  219. package/dist/topic/redis/index.js.map +1 -1
  220. package/package.json +33 -39
  221. package/src/api/audits/controllers/AdminAuditController.ts +29 -0
  222. package/src/api/audits/entities/audits.ts +1 -0
  223. package/src/api/files/controllers/FileController.ts +24 -0
  224. package/src/api/files/entities/files.ts +1 -0
  225. package/src/api/files/services/FileService.ts +41 -0
  226. package/src/api/jobs/__tests__/$job.spec.ts +501 -24
  227. package/src/api/jobs/entities/jobExecutionEntity.ts +4 -3
  228. package/src/api/jobs/index.ts +47 -10
  229. package/src/api/jobs/primitives/$job.ts +22 -9
  230. package/src/api/jobs/providers/DirectJobDispatcher.ts +71 -0
  231. package/src/api/jobs/providers/JobDispatcher.ts +49 -0
  232. package/src/api/jobs/providers/JobProvider.ts +385 -147
  233. package/src/api/jobs/providers/JobQueueProvider.ts +43 -18
  234. package/src/api/jobs/schemas/jobConfigAtom.ts +9 -3
  235. package/src/api/jobs/schemas/jobExecutionResourceSchema.ts +11 -0
  236. package/src/api/jobs/schemas/jobRegistrationSchema.ts +4 -2
  237. package/src/api/jobs/services/JobService.ts +21 -11
  238. package/src/api/keys/controllers/AdminApiKeyController.ts +23 -0
  239. package/src/api/keys/entities/apiKeyEntity.ts +1 -0
  240. package/src/api/keys/services/ApiKeyService.ts +42 -0
  241. package/src/api/notifications/__tests__/AlephaApiNotifications.spec.ts +63 -0
  242. package/src/api/notifications/controllers/AdminNotificationController.ts +48 -1
  243. package/src/api/notifications/index.ts +13 -3
  244. package/src/api/notifications/jobs/NotificationJobs.ts +0 -6
  245. package/src/api/parameters/controllers/AdminParameterController.ts +26 -0
  246. package/src/api/parameters/services/ParameterProvider.ts +18 -0
  247. package/src/api/payments/controllers/MockCheckoutController.ts +146 -0
  248. package/src/api/payments/index.ts +3 -0
  249. package/src/api/payments/providers/MemoryPaymentProvider.ts +9 -4
  250. package/src/api/payments/providers/PaymentProvider.ts +25 -9
  251. package/src/api/payments/services/PaymentService.ts +3 -0
  252. package/src/api/subscriptions/__tests__/BillingService.spec.ts +218 -0
  253. package/src/api/subscriptions/__tests__/SubscriptionService.spec.ts +278 -0
  254. package/src/api/subscriptions/controllers/AdminSubscriptionController.ts +212 -0
  255. package/src/api/subscriptions/controllers/SubscriptionController.ts +189 -0
  256. package/src/api/subscriptions/entities/subscriptionEvents.ts +54 -0
  257. package/src/api/subscriptions/entities/subscriptions.ts +68 -0
  258. package/src/api/subscriptions/index.ts +133 -0
  259. package/src/api/subscriptions/jobs/SubscriptionJobs.ts +382 -0
  260. package/src/api/subscriptions/middleware/$requireLimit.ts +50 -0
  261. package/src/api/subscriptions/middleware/$requirePlan.ts +49 -0
  262. package/src/api/subscriptions/notifications/SubscriptionNotifications.ts +110 -0
  263. package/src/api/subscriptions/schemas/cancelSubscriptionSchema.ts +8 -0
  264. package/src/api/subscriptions/schemas/changePlanSchema.ts +9 -0
  265. package/src/api/subscriptions/schemas/createSubscriptionSchema.ts +11 -0
  266. package/src/api/subscriptions/schemas/entitlementsSchema.ts +21 -0
  267. package/src/api/subscriptions/schemas/mrrSchema.ts +13 -0
  268. package/src/api/subscriptions/schemas/planDefinitionSchema.ts +71 -0
  269. package/src/api/subscriptions/schemas/planResourceSchema.ts +25 -0
  270. package/src/api/subscriptions/schemas/subscriptionEventResourceSchema.ts +8 -0
  271. package/src/api/subscriptions/schemas/subscriptionQuerySchema.ts +19 -0
  272. package/src/api/subscriptions/schemas/subscriptionResourceSchema.ts +6 -0
  273. package/src/api/subscriptions/schemas/subscriptionSettingsSchema.ts +32 -0
  274. package/src/api/subscriptions/schemas/subscriptionStatsSchema.ts +23 -0
  275. package/src/api/subscriptions/services/BillingService.ts +437 -0
  276. package/src/api/subscriptions/services/SubscriptionConfig.ts +56 -0
  277. package/src/api/subscriptions/services/SubscriptionService.ts +867 -0
  278. package/src/api/subscriptions/services/UsageService.ts +118 -0
  279. package/src/api/users/__tests__/Registration-emailMode.spec.ts +203 -0
  280. package/src/api/users/__tests__/UsernameSlugger.spec.ts +138 -0
  281. package/src/api/users/atoms/realmAuthSettingsAtom.ts +41 -3
  282. package/src/api/users/controllers/AdminSessionController.ts +29 -0
  283. package/src/api/users/controllers/AdminUserController.ts +32 -0
  284. package/src/api/users/index.ts +3 -0
  285. package/src/api/users/services/CredentialService.ts +5 -0
  286. package/src/api/users/services/RegistrationService.ts +49 -1
  287. package/src/api/users/services/SessionCrudService.ts +16 -0
  288. package/src/api/users/services/SessionService.ts +17 -59
  289. package/src/api/users/services/UsernameSlugger.ts +195 -0
  290. package/src/bucket/primitives/$bucket.ts +21 -0
  291. package/src/bucket/providers/CloudflareR2Provider.ts +15 -0
  292. package/src/bucket/providers/FileStorageProvider.ts +9 -0
  293. package/src/bucket/providers/LocalFileStorageProvider.ts +14 -0
  294. package/src/bucket/providers/MemoryFileStorageProvider.ts +9 -0
  295. package/src/bucket/providers/NodeS3BucketProvider.ts +35 -0
  296. package/src/cache/core/__tests__/$cache.memory.spec.ts +450 -0
  297. package/src/cache/core/__tests__/$cache.swr.spec.ts +394 -0
  298. package/src/cache/core/index.ts +16 -0
  299. package/src/cache/core/primitives/$cache.ts +367 -24
  300. package/src/cache/database/__tests__/DatabaseCacheProvider.behavior.spec.ts +203 -0
  301. package/src/cache/database/__tests__/DatabaseCacheProvider.spec.ts +110 -0
  302. package/src/cache/database/entities/cacheEntries.ts +55 -0
  303. package/src/cache/database/index.ts +36 -0
  304. package/src/cache/database/providers/DatabaseCacheProvider.ts +348 -0
  305. package/src/cli/core/services/ProjectScaffolder.ts +0 -2
  306. package/src/cli/core/tasks/BuildCloudflareTask.ts +33 -3
  307. package/src/cli/core/tasks/BuildSitemapTask.ts +7 -0
  308. package/src/cli/core/tasks/BuildVercelTask.ts +82 -3
  309. package/src/cli/core/templates/agentMd.ts +39 -4
  310. package/src/cli/core/templates/biomeJson.ts +25 -1
  311. package/src/cli/core/templates/saasAdminLayoutTsx.ts +2 -2
  312. package/src/cli/platform/__tests__/CloudflareAdapter.spec.ts +117 -0
  313. package/src/cli/platform/__tests__/detectResources.spec.ts +96 -0
  314. package/src/cli/platform/adapters/CloudflareAdapter.ts +104 -7
  315. package/src/cli/platform/atoms/platformOptions.ts +13 -0
  316. package/src/cli/platform/commands/platform.ts +7 -1
  317. package/src/cli/platform/schemas/platform.ts +1 -0
  318. package/src/cli/platform/services/CloudflareApi.ts +61 -0
  319. package/src/cli/platform/services/PlatformOrchestrator.ts +9 -4
  320. package/src/core/__tests__/$module.spec.ts +2 -2
  321. package/src/core/primitives/$module.ts +4 -4
  322. package/src/mcp/providers/McpServerProvider.ts +1 -1
  323. package/src/orm/core/providers/DatabaseTypeProvider.ts +9 -3
  324. package/src/orm/core/providers/drivers/DatabaseProvider.ts +1 -1
  325. package/src/orm/core/schemas/insertSchema.ts +10 -2
  326. package/src/orm/core/services/Repository.ts +27 -7
  327. package/src/react/form/hooks/useFormState.ts +8 -1
  328. package/src/react/form/index.ts +10 -1
  329. package/src/react/form/services/FormModel.ts +9 -3
  330. package/src/scheduler/index.ts +14 -0
  331. package/src/scheduler/providers/CronProvider.ts +13 -0
  332. package/src/security/atoms/currentTenantAtom.ts +34 -0
  333. package/src/security/index.browser.ts +1 -0
  334. package/src/security/index.ts +12 -1
  335. package/src/security/primitives/$issuer.ts +17 -1
  336. package/src/security/providers/SecurityProvider.ts +37 -0
  337. package/src/server/auth/__tests__/validateRedirectUri.spec.ts +78 -0
  338. package/src/server/auth/providers/ServerAuthProvider.ts +21 -5
  339. package/tsconfig.base.json +2 -1
  340. package/dist/react/websocket/index.d.ts +0 -117
  341. package/dist/react/websocket/index.d.ts.map +0 -1
  342. package/dist/react/websocket/index.js +0 -108
  343. package/dist/react/websocket/index.js.map +0 -1
  344. package/dist/websocket/index.browser.js +0 -844
  345. package/dist/websocket/index.browser.js.map +0 -1
  346. package/dist/websocket/index.d.ts +0 -876
  347. package/dist/websocket/index.d.ts.map +0 -1
  348. package/dist/websocket/index.js +0 -1175
  349. package/dist/websocket/index.js.map +0 -1
  350. package/src/react/websocket/hooks/useRoom.tsx +0 -251
  351. package/src/react/websocket/index.ts +0 -7
  352. package/src/websocket/__tests__/$channel.spec.ts +0 -30
  353. package/src/websocket/__tests__/$websocket-new.spec.ts +0 -195
  354. package/src/websocket/__tests__/RoomManager.spec.ts +0 -146
  355. package/src/websocket/__tests__/websocket-integration.spec.ts +0 -951
  356. package/src/websocket/errors/WebSocketError.ts +0 -34
  357. package/src/websocket/index.browser.ts +0 -25
  358. package/src/websocket/index.shared.ts +0 -8
  359. package/src/websocket/index.ts +0 -85
  360. package/src/websocket/interfaces/WebSocketInterfaces.ts +0 -252
  361. package/src/websocket/primitives/$channel.ts +0 -131
  362. package/src/websocket/primitives/$websocket.ts +0 -107
  363. package/src/websocket/providers/NodeWebSocketServerProvider.ts +0 -617
  364. package/src/websocket/providers/WebSocketServerProvider.ts +0 -56
  365. package/src/websocket/services/RoomManager.ts +0 -160
  366. package/src/websocket/services/WebSocketClient.ts +0 -642
  367. package/src/websocket/services/WebSocketTopicService.ts +0 -108
package/dist/server/auth/index.d.ts CHANGED
@@ -8,6 +8,7 @@ import * as _$alepha_logger0 from "alepha/logger";
8
8
  import * as _$alepha_server0 from "alepha/server";
9
9
  import { ServerRawRequest, ServerReply } from "alepha/server";
10
10
  import { ServerLinksProvider } from "alepha/server/links";
11
+ import * as _$typebox from "typebox";
11
12
 
12
13
  //#region ../../src/server/auth/constants/routes.d.ts
13
14
  declare const alephaServerAuthRoutes: {
@@ -20,85 +21,85 @@ declare const alephaServerAuthRoutes: {
20
21
  };
21
22
  //#endregion
22
23
  //#region ../../src/server/auth/schemas/authenticationProviderSchema.d.ts
23
- declare const authenticationProviderSchema: _$alepha.TObject<{
24
- name: _$alepha.TString;
25
- type: _$alepha.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
24
+ declare const authenticationProviderSchema: _$typebox.TObject<{
25
+ name: _$typebox.TString;
26
+ type: _$typebox.TUnsafe<"OAUTH2" | "OIDC" | "CREDENTIALS">;
26
27
  }>;
27
28
  type AuthenticationProvider = Static<typeof authenticationProviderSchema>;
28
29
  //#endregion
29
30
  //#region ../../src/server/auth/schemas/tokenResponseSchema.d.ts
30
- declare const tokenResponseSchema: _$alepha.TObject<{
31
- provider: _$alepha.TString;
32
- access_token: _$alepha.TString;
33
- issued_at: _$alepha.TNumber;
34
- expires_in: _$alepha.TOptional<_$alepha.TNumber>;
35
- refresh_token: _$alepha.TOptional<_$alepha.TString>;
36
- refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
37
- refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
38
- id_token: _$alepha.TOptional<_$alepha.TString>;
39
- scope: _$alepha.TOptional<_$alepha.TString>;
40
- user: _$alepha.TObject<{
41
- id: _$alepha.TString;
42
- name: _$alepha.TOptional<_$alepha.TString>;
43
- email: _$alepha.TOptional<_$alepha.TString>;
44
- username: _$alepha.TOptional<_$alepha.TString>;
45
- picture: _$alepha.TOptional<_$alepha.TString>;
46
- sessionId: _$alepha.TOptional<_$alepha.TString>;
47
- organization: _$alepha.TOptional<_$alepha.TString>;
48
- roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
49
- realm: _$alepha.TOptional<_$alepha.TString>;
31
+ declare const tokenResponseSchema: _$typebox.TObject<{
32
+ provider: _$typebox.TString;
33
+ access_token: _$typebox.TString;
34
+ issued_at: _$typebox.TNumber;
35
+ expires_in: _$typebox.TOptional<_$typebox.TNumber>;
36
+ refresh_token: _$typebox.TOptional<_$typebox.TString>;
37
+ refresh_token_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
38
+ refresh_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
39
+ id_token: _$typebox.TOptional<_$typebox.TString>;
40
+ scope: _$typebox.TOptional<_$typebox.TString>;
41
+ user: _$typebox.TObject<{
42
+ id: _$typebox.TString;
43
+ name: _$typebox.TOptional<_$typebox.TString>;
44
+ email: _$typebox.TOptional<_$typebox.TString>;
45
+ username: _$typebox.TOptional<_$typebox.TString>;
46
+ picture: _$typebox.TOptional<_$typebox.TString>;
47
+ sessionId: _$typebox.TOptional<_$typebox.TString>;
48
+ organization: _$typebox.TOptional<_$typebox.TString>;
49
+ roles: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
50
+ realm: _$typebox.TOptional<_$typebox.TString>;
50
51
  }>;
51
- api: _$alepha.TObject<{
52
- prefix: _$alepha.TOptional<_$alepha.TString>;
53
- actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
54
- path: _$alepha.TString;
55
- method: _$alepha.TOptional<_$alepha.TString>;
56
- contentType: _$alepha.TOptional<_$alepha.TString>;
57
- kind: _$alepha.TOptional<_$alepha.TString>;
58
- service: _$alepha.TOptional<_$alepha.TString>;
52
+ api: _$typebox.TObject<{
53
+ prefix: _$typebox.TOptional<_$typebox.TString>;
54
+ actions: _$typebox.TRecord<"^.*$", _$typebox.TObject<{
55
+ path: _$typebox.TString;
56
+ method: _$typebox.TOptional<_$typebox.TString>;
57
+ contentType: _$typebox.TOptional<_$typebox.TString>;
58
+ kind: _$typebox.TOptional<_$typebox.TString>;
59
+ service: _$typebox.TOptional<_$typebox.TString>;
59
60
  }>>;
60
- permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
61
+ permissions: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
61
62
  }>;
62
63
  }>;
63
64
  type TokenResponse = Static<typeof tokenResponseSchema>;
64
65
  //#endregion
65
66
  //#region ../../src/server/auth/schemas/tokensSchema.d.ts
66
- declare const tokensSchema: _$alepha.TObject<{
67
- provider: _$alepha.TString;
68
- access_token: _$alepha.TString;
69
- issued_at: _$alepha.TNumber;
70
- expires_in: _$alepha.TOptional<_$alepha.TNumber>;
71
- refresh_token: _$alepha.TOptional<_$alepha.TString>;
72
- refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
73
- refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
74
- id_token: _$alepha.TOptional<_$alepha.TString>;
75
- scope: _$alepha.TOptional<_$alepha.TString>;
67
+ declare const tokensSchema: _$typebox.TObject<{
68
+ provider: _$typebox.TString;
69
+ access_token: _$typebox.TString;
70
+ issued_at: _$typebox.TNumber;
71
+ expires_in: _$typebox.TOptional<_$typebox.TNumber>;
72
+ refresh_token: _$typebox.TOptional<_$typebox.TString>;
73
+ refresh_token_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
74
+ refresh_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
75
+ id_token: _$typebox.TOptional<_$typebox.TString>;
76
+ scope: _$typebox.TOptional<_$typebox.TString>;
76
77
  }>;
77
78
  type Tokens = Static<typeof tokensSchema>;
78
79
  //#endregion
79
80
  //#region ../../src/server/auth/schemas/userinfoResponseSchema.d.ts
80
- declare const userinfoResponseSchema: _$alepha.TObject<{
81
- user: _$alepha.TOptional<_$alepha.TObject<{
82
- id: _$alepha.TString;
83
- name: _$alepha.TOptional<_$alepha.TString>;
84
- email: _$alepha.TOptional<_$alepha.TString>;
85
- username: _$alepha.TOptional<_$alepha.TString>;
86
- picture: _$alepha.TOptional<_$alepha.TString>;
87
- sessionId: _$alepha.TOptional<_$alepha.TString>;
88
- organization: _$alepha.TOptional<_$alepha.TString>;
89
- roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
90
- realm: _$alepha.TOptional<_$alepha.TString>;
81
+ declare const userinfoResponseSchema: _$typebox.TObject<{
82
+ user: _$typebox.TOptional<_$typebox.TObject<{
83
+ id: _$typebox.TString;
84
+ name: _$typebox.TOptional<_$typebox.TString>;
85
+ email: _$typebox.TOptional<_$typebox.TString>;
86
+ username: _$typebox.TOptional<_$typebox.TString>;
87
+ picture: _$typebox.TOptional<_$typebox.TString>;
88
+ sessionId: _$typebox.TOptional<_$typebox.TString>;
89
+ organization: _$typebox.TOptional<_$typebox.TString>;
90
+ roles: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
91
+ realm: _$typebox.TOptional<_$typebox.TString>;
91
92
  }>>;
92
- api: _$alepha.TObject<{
93
- prefix: _$alepha.TOptional<_$alepha.TString>;
94
- actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
95
- path: _$alepha.TString;
96
- method: _$alepha.TOptional<_$alepha.TString>;
97
- contentType: _$alepha.TOptional<_$alepha.TString>;
98
- kind: _$alepha.TOptional<_$alepha.TString>;
99
- service: _$alepha.TOptional<_$alepha.TString>;
93
+ api: _$typebox.TObject<{
94
+ prefix: _$typebox.TOptional<_$typebox.TString>;
95
+ actions: _$typebox.TRecord<"^.*$", _$typebox.TObject<{
96
+ path: _$typebox.TString;
97
+ method: _$typebox.TOptional<_$typebox.TString>;
98
+ contentType: _$typebox.TOptional<_$typebox.TString>;
99
+ kind: _$typebox.TOptional<_$typebox.TString>;
100
+ service: _$typebox.TOptional<_$typebox.TString>;
100
101
  }>>;
101
- permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
102
+ permissions: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
102
103
  }>;
103
104
  }>;
104
105
  type UserinfoResponse = Static<typeof userinfoResponseSchema>;
@@ -1165,30 +1166,34 @@ declare class ServerAuthProvider {
1165
1166
  protected readonly dateTimeProvider: DateTimeProvider;
1166
1167
  protected readonly serverLinksProvider: ServerLinksProvider;
1167
1168
  /**
1168
- * Validates that a redirect URI is a safe relative path.
1169
- * Prevents open redirect attacks by rejecting absolute URLs and protocol-relative URLs.
1169
+ * Validates that a redirect URI is a safe relative path, or — when
1170
+ * COOKIE_PARENT_DOMAIN is configured an https URL whose host is the
1171
+ * parent domain or a subdomain of it. Used by SaaS deployments where the
1172
+ * OAuth callback dispatches users back to their tenant subdomain.
1173
+ *
1174
+ * Prevents open redirect attacks by rejecting any other absolute URL.
1170
1175
  */
1171
1176
  protected validateRedirectUri(uri: string): string;
1172
1177
  get identities(): Array<AuthPrimitive>;
1173
- protected readonly authorizationCode: _$alepha_server_cookies0.AbstractCookiePrimitive<_$alepha.TObject<{
1174
- provider: _$alepha.TString;
1175
- realm: _$alepha.TOptional<_$alepha.TString>;
1176
- codeVerifier: _$alepha.TOptional<_$alepha.TString>;
1177
- redirectUri: _$alepha.TOptional<_$alepha.TString>;
1178
- loginUri: _$alepha.TOptional<_$alepha.TString>;
1179
- state: _$alepha.TOptional<_$alepha.TString>;
1180
- nonce: _$alepha.TOptional<_$alepha.TString>;
1178
+ protected readonly authorizationCode: _$alepha_server_cookies0.AbstractCookiePrimitive<_$typebox.TObject<{
1179
+ provider: _$typebox.TString;
1180
+ realm: _$typebox.TOptional<_$typebox.TString>;
1181
+ codeVerifier: _$typebox.TOptional<_$typebox.TString>;
1182
+ redirectUri: _$typebox.TOptional<_$typebox.TString>;
1183
+ loginUri: _$typebox.TOptional<_$typebox.TString>;
1184
+ state: _$typebox.TOptional<_$typebox.TString>;
1185
+ nonce: _$typebox.TOptional<_$typebox.TString>;
1181
1186
  }>>;
1182
- readonly tokens: _$alepha_server_cookies0.AbstractCookiePrimitive<_$alepha.TObject<{
1183
- provider: _$alepha.TString;
1184
- access_token: _$alepha.TString;
1185
- issued_at: _$alepha.TNumber;
1186
- expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1187
- refresh_token: _$alepha.TOptional<_$alepha.TString>;
1188
- refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1189
- refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1190
- id_token: _$alepha.TOptional<_$alepha.TString>;
1191
- scope: _$alepha.TOptional<_$alepha.TString>;
1187
+ readonly tokens: _$alepha_server_cookies0.AbstractCookiePrimitive<_$typebox.TObject<{
1188
+ provider: _$typebox.TString;
1189
+ access_token: _$typebox.TString;
1190
+ issued_at: _$typebox.TNumber;
1191
+ expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1192
+ refresh_token: _$typebox.TOptional<_$typebox.TString>;
1193
+ refresh_token_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1194
+ refresh_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1195
+ id_token: _$typebox.TOptional<_$typebox.TString>;
1196
+ scope: _$typebox.TOptional<_$typebox.TString>;
1192
1197
  }>>;
1193
1198
  protected readonly configure: _$alepha.HookPrimitive<"configure">;
1194
1199
  /**
@@ -1199,28 +1204,28 @@ declare class ServerAuthProvider {
1199
1204
  * Get user information.
1200
1205
  */
1201
1206
  readonly userinfo: _$alepha_server0.RoutePrimitive<{
1202
- response: _$alepha.TObject<{
1203
- user: _$alepha.TOptional<_$alepha.TObject<{
1204
- id: _$alepha.TString;
1205
- name: _$alepha.TOptional<_$alepha.TString>;
1206
- email: _$alepha.TOptional<_$alepha.TString>;
1207
- username: _$alepha.TOptional<_$alepha.TString>;
1208
- picture: _$alepha.TOptional<_$alepha.TString>;
1209
- sessionId: _$alepha.TOptional<_$alepha.TString>;
1210
- organization: _$alepha.TOptional<_$alepha.TString>;
1211
- roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
1212
- realm: _$alepha.TOptional<_$alepha.TString>;
1207
+ response: _$typebox.TObject<{
1208
+ user: _$typebox.TOptional<_$typebox.TObject<{
1209
+ id: _$typebox.TString;
1210
+ name: _$typebox.TOptional<_$typebox.TString>;
1211
+ email: _$typebox.TOptional<_$typebox.TString>;
1212
+ username: _$typebox.TOptional<_$typebox.TString>;
1213
+ picture: _$typebox.TOptional<_$typebox.TString>;
1214
+ sessionId: _$typebox.TOptional<_$typebox.TString>;
1215
+ organization: _$typebox.TOptional<_$typebox.TString>;
1216
+ roles: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
1217
+ realm: _$typebox.TOptional<_$typebox.TString>;
1213
1218
  }>>;
1214
- api: _$alepha.TObject<{
1215
- prefix: _$alepha.TOptional<_$alepha.TString>;
1216
- actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
1217
- path: _$alepha.TString;
1218
- method: _$alepha.TOptional<_$alepha.TString>;
1219
- contentType: _$alepha.TOptional<_$alepha.TString>;
1220
- kind: _$alepha.TOptional<_$alepha.TString>;
1221
- service: _$alepha.TOptional<_$alepha.TString>;
1219
+ api: _$typebox.TObject<{
1220
+ prefix: _$typebox.TOptional<_$typebox.TString>;
1221
+ actions: _$typebox.TRecord<"^.*$", _$typebox.TObject<{
1222
+ path: _$typebox.TString;
1223
+ method: _$typebox.TOptional<_$typebox.TString>;
1224
+ contentType: _$typebox.TOptional<_$typebox.TString>;
1225
+ kind: _$typebox.TOptional<_$typebox.TString>;
1226
+ service: _$typebox.TOptional<_$typebox.TString>;
1222
1227
  }>>;
1223
- permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
1228
+ permissions: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
1224
1229
  }>;
1225
1230
  }>;
1226
1231
  }>;
@@ -1228,68 +1233,68 @@ declare class ServerAuthProvider {
1228
1233
  * Refresh a token for internal providers.
1229
1234
  */
1230
1235
  readonly refresh: _$alepha_server0.RoutePrimitive<{
1231
- query: _$alepha.TObject<{
1232
- provider: _$alepha.TString;
1236
+ query: _$typebox.TObject<{
1237
+ provider: _$typebox.TString;
1233
1238
  }>;
1234
- body: _$alepha.TObject<{
1235
- refresh_token: _$alepha.TString;
1236
- access_token: _$alepha.TOptional<_$alepha.TString>;
1239
+ body: _$typebox.TObject<{
1240
+ refresh_token: _$typebox.TString;
1241
+ access_token: _$typebox.TOptional<_$typebox.TString>;
1237
1242
  }>;
1238
- response: _$alepha.TObject<{
1239
- provider: _$alepha.TString;
1240
- access_token: _$alepha.TString;
1241
- issued_at: _$alepha.TNumber;
1242
- expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1243
- refresh_token: _$alepha.TOptional<_$alepha.TString>;
1244
- refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1245
- refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1246
- id_token: _$alepha.TOptional<_$alepha.TString>;
1247
- scope: _$alepha.TOptional<_$alepha.TString>;
1243
+ response: _$typebox.TObject<{
1244
+ provider: _$typebox.TString;
1245
+ access_token: _$typebox.TString;
1246
+ issued_at: _$typebox.TNumber;
1247
+ expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1248
+ refresh_token: _$typebox.TOptional<_$typebox.TString>;
1249
+ refresh_token_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1250
+ refresh_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1251
+ id_token: _$typebox.TOptional<_$typebox.TString>;
1252
+ scope: _$typebox.TOptional<_$typebox.TString>;
1248
1253
  }>;
1249
1254
  }>;
1250
1255
  /**
1251
1256
  * Login for local password-based authentication.
1252
1257
  */
1253
1258
  readonly token: _$alepha_server0.RoutePrimitive<{
1254
- query: _$alepha.TObject<{
1255
- provider: _$alepha.TString;
1256
- realm: _$alepha.TOptional<_$alepha.TString>;
1259
+ query: _$typebox.TObject<{
1260
+ provider: _$typebox.TString;
1261
+ realm: _$typebox.TOptional<_$typebox.TString>;
1257
1262
  }>;
1258
- body: _$alepha.TObject<{
1259
- username: _$alepha.TString;
1260
- password: _$alepha.TString;
1263
+ body: _$typebox.TObject<{
1264
+ username: _$typebox.TString;
1265
+ password: _$typebox.TString;
1261
1266
  }>;
1262
- response: _$alepha.TObject<{
1263
- provider: _$alepha.TString;
1264
- access_token: _$alepha.TString;
1265
- issued_at: _$alepha.TNumber;
1266
- expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1267
- refresh_token: _$alepha.TOptional<_$alepha.TString>;
1268
- refresh_token_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1269
- refresh_expires_in: _$alepha.TOptional<_$alepha.TNumber>;
1270
- id_token: _$alepha.TOptional<_$alepha.TString>;
1271
- scope: _$alepha.TOptional<_$alepha.TString>;
1272
- user: _$alepha.TObject<{
1273
- id: _$alepha.TString;
1274
- name: _$alepha.TOptional<_$alepha.TString>;
1275
- email: _$alepha.TOptional<_$alepha.TString>;
1276
- username: _$alepha.TOptional<_$alepha.TString>;
1277
- picture: _$alepha.TOptional<_$alepha.TString>;
1278
- sessionId: _$alepha.TOptional<_$alepha.TString>;
1279
- organization: _$alepha.TOptional<_$alepha.TString>;
1280
- roles: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
1281
- realm: _$alepha.TOptional<_$alepha.TString>;
1267
+ response: _$typebox.TObject<{
1268
+ provider: _$typebox.TString;
1269
+ access_token: _$typebox.TString;
1270
+ issued_at: _$typebox.TNumber;
1271
+ expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1272
+ refresh_token: _$typebox.TOptional<_$typebox.TString>;
1273
+ refresh_token_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1274
+ refresh_expires_in: _$typebox.TOptional<_$typebox.TNumber>;
1275
+ id_token: _$typebox.TOptional<_$typebox.TString>;
1276
+ scope: _$typebox.TOptional<_$typebox.TString>;
1277
+ user: _$typebox.TObject<{
1278
+ id: _$typebox.TString;
1279
+ name: _$typebox.TOptional<_$typebox.TString>;
1280
+ email: _$typebox.TOptional<_$typebox.TString>;
1281
+ username: _$typebox.TOptional<_$typebox.TString>;
1282
+ picture: _$typebox.TOptional<_$typebox.TString>;
1283
+ sessionId: _$typebox.TOptional<_$typebox.TString>;
1284
+ organization: _$typebox.TOptional<_$typebox.TString>;
1285
+ roles: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
1286
+ realm: _$typebox.TOptional<_$typebox.TString>;
1282
1287
  }>;
1283
- api: _$alepha.TObject<{
1284
- prefix: _$alepha.TOptional<_$alepha.TString>;
1285
- actions: _$alepha.TRecord<"^.*$", _$alepha.TObject<{
1286
- path: _$alepha.TString;
1287
- method: _$alepha.TOptional<_$alepha.TString>;
1288
- contentType: _$alepha.TOptional<_$alepha.TString>;
1289
- kind: _$alepha.TOptional<_$alepha.TString>;
1290
- service: _$alepha.TOptional<_$alepha.TString>;
1288
+ api: _$typebox.TObject<{
1289
+ prefix: _$typebox.TOptional<_$typebox.TString>;
1290
+ actions: _$typebox.TRecord<"^.*$", _$typebox.TObject<{
1291
+ path: _$typebox.TString;
1292
+ method: _$typebox.TOptional<_$typebox.TString>;
1293
+ contentType: _$typebox.TOptional<_$typebox.TString>;
1294
+ kind: _$typebox.TOptional<_$typebox.TString>;
1295
+ service: _$typebox.TOptional<_$typebox.TString>;
1291
1296
  }>>;
1292
- permissions: _$alepha.TOptional<_$alepha.TArray<_$alepha.TString>>;
1297
+ permissions: _$typebox.TOptional<_$typebox.TArray<_$typebox.TString>>;
1293
1298
  }>;
1294
1299
  }>;
1295
1300
  }>;
@@ -1297,10 +1302,10 @@ declare class ServerAuthProvider {
1297
1302
  * Oauth2/OIDC login route.
1298
1303
  */
1299
1304
  readonly login: _$alepha_server0.RoutePrimitive<{
1300
- query: _$alepha.TObject<{
1301
- provider: _$alepha.TString;
1302
- realm: _$alepha.TOptional<_$alepha.TString>;
1303
- redirect_uri: _$alepha.TOptional<_$alepha.TString>;
1305
+ query: _$typebox.TObject<{
1306
+ provider: _$typebox.TString;
1307
+ realm: _$typebox.TOptional<_$typebox.TString>;
1308
+ redirect_uri: _$typebox.TOptional<_$typebox.TString>;
1304
1309
  }>;
1305
1310
  }>;
1306
1311
  /**
@@ -1330,8 +1335,8 @@ declare class ServerAuthProvider {
1330
1335
  * Logout route for OAuth2/OIDC providers.
1331
1336
  */
1332
1337
  readonly logout: _$alepha_server0.RoutePrimitive<{
1333
- query: _$alepha.TObject<{
1334
- post_logout_redirect_uri: _$alepha.TOptional<_$alepha.TString>;
1338
+ query: _$typebox.TObject<{
1339
+ post_logout_redirect_uri: _$typebox.TOptional<_$typebox.TString>;
1335
1340
  }>;
1336
1341
  }>;
1337
1342
  getAuthenticationProviders(filters?: {
package/dist/server/auth/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authApple.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authFacebook.ts","../../../src/server/auth/primitives/$authFranceConnect.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/primitives/$authMicrosoft.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,WAA4B,OAAA;QAYxC,QAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,WAAmB,OAAA;YAG9B,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,WAAY,OAAA;YAevB,QAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,WAAsB,OAAA;;QAGjC,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;;AJT7C;KKaYW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;;KAIAH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;;cC8PqBC,aAAAA;;;;AAjIrB;;;;UA+QiBI,mBAAAA;EA9IIJ;;;EAAAA,SAkJRM,MAAAA;EAlJkC;AA8I/C;;EA9I+C,SAsJlCC,sBAAAA;EAqT6B;;;EAAA,SAjT7BC,cAAAA;EAIAC;;;EAAAA,SAAAA,QAAAA;EAkBAI;;;EAAAA,SAdAH,qBAAAA;EAiCAO;;;EAAAA,SA7BAN,gBAAAA;EAiDAU;;;;EAAAA,SA5CAT,wBAAAA;EAqEAc;;;;EAAAA,SAhEAb,wBAAAA;EAqFAkB;;;;EAAAA,SAhFAjB,qBAAAA;EAmGAqB;;;EAAAA,SA/FApB,qCAAAA;EAiHAwB;;;;EAAAA,SA5GAvB,gDAAAA;EAoIA4B;;;;EAAAA,SA/HA3B,qBAAAA;EAuJAgC;;;;EAAAA,SAlJA/B,oBAAAA;EAyKAoC;;;;;EAAAA,SAnKAnC,aAAAA;EAiMAyC;;;;EAAAA,SA5LAxC,UAAAA;EAkNA6C;;;EAAAA,SA9MA5C,mBAAAA;EAkOAgD;;;;EAAAA,SA7NA/C,0CAAAA;EA+OCoD;;;;EAAAA,SA1ODnD,qDAAAA;EA4OuB;;;EAAA,SAxOvBC,sBAAAA;EAwOqCpB;;;;EAAAA,SAnOrCqB,6CAAAA;EA2OU;;;;;EAAA,SArOVC,wDAAAA;EAgVoB;;;EAAA,SA5UpBC,gCAAAA;EAwPTqD;;;EAAAA,SApPSpD,eAAAA;EA+TTwD;;;EAAAA,SA3TSvD,6BAAAA;EAoUWxD;;;EAAAA,SAhUXyD,0CAAAA;EAo+DmB;;;;EAAA,SA/9DnBC,qBAAAA,GAAwB1B,mBAAAA;EAg+DeoV;;;EAAAA,SA59DvCzT,iBAAAA;EA29DoByT;;;;EAAAA,SAt9DpBxT,oBAAAA;EAu9DuCwT;;;;EAAAA,SAl9DvCvT,uBAAAA;;;ACxfb;;WD6faC,qCAAAA;EC7fiBqX;;;;EAAAA,SDkgBjBpX,wCAAAA;EClgBgG;;;;EAAA,SDugBhGC,wCAAAA;ECvgB+DqX;;;EAAAA,SD2gB/DpX,qCAAAA;EC3gBgG;;AAse7G;EAte6G,SD+gBhGC,wCAAAA;;;;WAIAC,wCAAAA;EC2CQ;;;;EAAA,SDtCRC,2CAAAA;ECsCmFiX;;;;EAAAA,SDjCnFhX,8CAAAA;ECiC0DwY;;;;EAAAA,SD5B1DvY,8CAAAA;EC4CkB;;;;EAAA,SDvClBC,wBAAAA;EC2CTyY;;;EAAAA,SDvCSxY,qBAAAA;ECoGI2W;;;;EAAAA,SD/FJ1W,gBAAAA;EC6WI8a;;;;EAAAA,SDxWJ7a,wBAAAA;ECoXIgb;;;;EAAAA,SD/WJ/a,0BAAAA;ECmXoC4a;;;;EAAAA,SD9WpC3a,2BAAAA;ECkXiB;;;;EAAA,SD7WjBC,+BAAAA;EC6WTgb;;;;EAAAA,SDxWS/a,gCAAAA;ECwW2D;;AAExE;;EAFwE,SDnW3DC,6BAAAA;ECyWH2X;;;EAAAA,SDrWG1X,qCAAAA;ECuXW;;;EAAA,SDnXXC,qCAAAA;ECqWA8a;;;;EAAAA,SDhWA7a,0CAAAA;EC8WW;;AAKxB;;EALwB,SDzWXC,6CAAAA;ECuXJ2a;;;;EAAAA,SDlXI1a,6CAAAA;EC8Wbgb;;;;EAAAA,SDzWa/a,8CAAAA;EC6WmC;;AAIhD;;EAJgD,SDxWnCC,0CAAAA;ECmXG;;;;EAAA,SD9WHC,6CAAAA;ECmXF;AA2CX;;;EA3CW,SD9WEC,6CAAAA;ECmagE4V;;;EAAAA,SD/ZhE3V,mCAAAA;ECmaSka;;;;EAAAA,SD9ZTja,+DAAAA;EC8aYqY;;;EAAAA,SD1aZpY,0CAAAA;EC4YiC+Z;;;EAAAA,SDxYjC9Z,yCAAAA;ECwYiC8Z;;;;EAAAA,SDnYjC7Z,oBAAAA;EC6Y2BmZ;;;EAAAA,SDzY3BlZ,iCAAAA;ECyYiHoV;;;;EAAAA,SDpYjHnV,oBAAAA;ECwYoCwZ;;;;;EAAAA,SDlYpCvZ,qCAAAA;EC0YLqY;;;EAAAA,SDtYKpY,6BAAAA;EC8YY8X;;;;EAAAA,SDzYZ7X,oCAAAA;EC6Y2B;;;EAAA,SDzY3BC,4BAAAA;EErqBA;;;EAAA,SFyqBAC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;;;;;;;EAOAC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;ALv+EtD;;;;;;;;;;;;;;;ACEA;;ADFA,KM6BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;;;;;;;;;AAQA;;;;;;;;;;;;;;;;;;;;;;AA+wDA;cCn+DqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;;;;;AAqXhG;;UArWiBD,cAAAA,SAAuB1C,MAAAA;EAyW9BgE;;;EArWNM,aAAAA;EAuXoB;;;;;;;;;;;AAKxB;;;;;;;;;;;;;;;AAaA;;;;;;;;;AAuDA;;;;;;;;;;;;;;;;EA5YIC,yBAAAA;AAAAA;;;;;;;;UASa9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;EC/2BC;;;;;;EDs3BdC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;ECx3BiB;;;;ED63B1BN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;EC32B1B;;;ED+2BnBM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cC9iChB,kBAAA;EAAA,mBACQ,GAAA,EADU,gBAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;;;;;YAM5B,mBAAA,CAAoB,GAAA;EAAA,IAOnB,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,wBAAA,CAAA,uBAAA,UAAA,OAAA;cANN,QAAA,CAAA,OAAA;;;;;;;;WAsBd,MAAA,EAAM,wBAAA,CAAA,uBAAA,UAAA,OAAA;cAhBc,QAAA,CAAA,OAAA;;;;;;;;;;qBAyBjB,SAAA,EATG,QAAA,CASM,aAAA;;ANpE9B;;qBMgFqB,SAAA,EAZS,QAAA,CAYA,aAAA;ENhFO;;;EAAA,SMqHnB,QAAA,mBAAQ,cAAA;;;YArCI,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,mBAAO,cAAA;;gBAtCC,QAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,mBAAK,cAAA;;gBAvCE,QAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,mBAAK,cAAA;;gBA7EA,QAAA,CAAA,OAAA;;;;;;;;;;;YA2ML,sBAAA,CACd,GAAA,EAAK,OAAA,GACJ,OAAA,CAAQ,MAAA;;;;;;YAsCK,cAAA,CACd,GAAA,EAAK,GAAA,EACL,KAAA,EAAO,WAAA,EACP,OAAA,EAAS,OAAA,EACT,GAAA,GAAM,gBAAA,GAAgB,OAAA;;;;;WA8FR,QAAA,EAAQ,gBAAA,CAAA,cAAA,CA9FA,gBAAA,CA8FA,mBAAA;;;;;WAWR,YAAA,EAAY,gBAAA,CAAA,cAAA,CAXJ,gBAAA,CAWI,mBAAA;;;;WAWZ,MAAA,mBAAM,cAAA;;mDAXM,QAAA,CAAA,OAAA;IAAA;EAAA;EAqFrB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;;;AL/nBL;;;YKuqBY,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;AJhrBL;;;YI6sBkB,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UAgCD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;;APt2BH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;EPjDyB;;;;EOsDnC,IAAA;ENjEW;;;EMsEX,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;EN7HmB;;;;;;;;;EMyI1B,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;;;;;;EAOV,YAAA;;;;;EAMA,uBAAA,GAA0B,MAAA;AAAA;AAAA,UAGX,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;ANhOF;EMqOE,aAAA;;;;EAKA,KAAA;;;ALjPF;EKsPE,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;ELzOV;;;EK8OA,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;;;;;;EA8CE,IAAA,CACX,MAAA,EAAQ,MAAA,EACR,eAAA,GAAkB,MAAA,oBACjB,OAAA,CAAQ,WAAA;EAAA,UAsDD,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;;;;;;AR1gBrC;;;;;;;;;;;;;;;ACEA;;;;cQsCa,UAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;cC5BL,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;;cCIL,aAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;AXtBlB;;;;;;;;;;;;;;;ACEA;;cWkCa,kBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cClBL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cCHL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;AdrBlB;;;;;;;;;;;;ce+Ba,cAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;AfjClB;;;;;;;;;;;;;;;cgBqCa,gBAAA,EAAgB,QAAA,CAAA,OAAA,CAI3B,QAAA,CAJ2B,MAAA"}
1
+ {"version":3,"file":"index.d.ts","names":["CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","JsonObject","JsonValue","Key","JsonArray","JsonPrimitive","ModifyAssertionFunction","Record","header","payload","PrivateKey","key","kid","JWSAlgorithm","JWK","kty","alg","use","key_ops","e","n","crv","x","y","pub","parameter","allowInsecureRequests","clockSkew","clockTolerance","customFetch","modifyAssertion","jweDecrypt","jwksCache","AuthorizationServer","MTLSEndpointAliases","issuer","authorization_endpoint","token_endpoint","jwks_uri","registration_endpoint","scopes_supported","response_types_supported","response_modes_supported","grant_types_supported","token_endpoint_auth_methods_supported","token_endpoint_auth_signing_alg_values_supported","service_documentation","ui_locales_supported","op_policy_uri","op_tos_uri","revocation_endpoint","revocation_endpoint_auth_methods_supported","revocation_endpoint_auth_signing_alg_values_supported","introspection_endpoint","introspection_endpoint_auth_methods_supported","introspection_endpoint_auth_signing_alg_values_supported","code_challenge_methods_supported","signed_metadata","device_authorization_endpoint","tls_client_certificate_bound_access_tokens","mtls_endpoint_aliases","userinfo_endpoint","acr_values_supported","subject_types_supported","id_token_signing_alg_values_supported","id_token_encryption_alg_values_supported","id_token_encryption_enc_values_supported","userinfo_signing_alg_values_supported","userinfo_encryption_alg_values_supported","userinfo_encryption_enc_values_supported","request_object_signing_alg_values_supported","request_object_encryption_alg_values_supported","request_object_encryption_enc_values_supported","display_values_supported","claim_types_supported","claims_supported","claims_locales_supported","claims_parameter_supported","request_parameter_supported","request_uri_parameter_supported","require_request_uri_registration","require_signed_request_object","pushed_authorization_request_endpoint","require_pushed_authorization_requests","introspection_signing_alg_values_supported","introspection_encryption_alg_values_supported","introspection_encryption_enc_values_supported","authorization_response_iss_parameter_supported","authorization_signing_alg_values_supported","authorization_encryption_alg_values_supported","authorization_encryption_enc_values_supported","backchannel_authentication_endpoint","backchannel_authentication_request_signing_alg_values_supported","backchannel_token_delivery_modes_supported","backchannel_user_code_parameter_supported","check_session_iframe","dpop_signing_alg_values_supported","end_session_endpoint","frontchannel_logout_session_supported","frontchannel_logout_supported","backchannel_logout_session_supported","backchannel_logout_supported","protected_resources","metadata","Pick","Client","client_id","id_token_signed_response_alg","authorization_signed_response_alg","require_auth_time","userinfo_signed_response_alg","introspection_signed_response_alg","default_max_age","use_mtls_endpoint_aliases","UnsupportedOperationError","Error","code","constructor","message","cause","options","OperationProcessingError","JWKSCacheOptions","JWKSCacheInput","CustomFetchOptions","Method","BodyType","AbortSignal","body","headers","method","redirect","signal","HttpRequestOptions","Headers","Response","Promise","url","DiscoveryRequestOptions","algorithm","discoveryRequest","URL","issuerIdentifier","processDiscoveryResponse","expectedIssuerIdentifier","response","generateRandomCodeVerifier","generateRandomState","generateRandomNonce","calculatePKCECodeChallenge","codeVerifier","DPoPRequestOptions","DPoPHandle","DPoP","PushedAuthorizationRequestOptions","URLSearchParams","ClientAuth","as","client","ClientSecretPost","clientSecret","ClientSecretBasic","ModifyAssertionOptions","PrivateKeyJwt","clientPrivateKey","ClientSecretJwt","None","TlsClientAuth","issueRequestObject","parameters","checkProtocol","enforceHttps","pushedAuthorizationRequest","clientAuthentication","calculateThumbprint","isDPoPNonceError","err","keyPair","PushedAuthorizationResponse","request_uri","expires_in","OAuth2Error","error","error_description","error_uri","algs","scope","ResponseBodyError","RESPONSE_BODY_ERROR","status","AuthorizationResponseError","AUTHORIZATION_RESPONSE_ERROR","WWWAuthenticateChallengeError","WWWAuthenticateChallenge","WWW_AUTHENTICATE_CHALLENGE","WWWAuthenticateChallengeParameters","Lowercase","realm","resource_metadata","scheme","token68","processPushedAuthorizationResponse","ProtectedResourceRequestBody","ArrayBuffer","ReadableStream","Uint8Array","ProtectedResourceRequestOptions","Omit","protectedResourceRequest","accessToken","UserInfoRequestOptions","userInfoRequest","UserInfoAddress","formatted","street_address","locality","region","postal_code","country","claim","UserInfoResponse","sub","name","given_name","family_name","middle_name","nickname","preferred_username","profile","picture","website","email","email_verified","gender","birthdate","zoneinfo","locale","phone_number","updated_at","address","ExportedJWKSCache","JWKS","jwks","uat","skipSubjectCheck","JWEDecryptOptions","JweDecryptFunction","RecognizedTokenTypes","TokenEndpointResponse","res","ProcessTokenResponseOptions","recognizedTokenTypes","processUserInfoResponse","expectedSubject","TokenEndpointRequestOptions","additionalParameters","refreshTokenGrantRequest","refreshToken","getValidatedIdTokenClaims","IDToken","ref","ValidateSignatureOptions","validateApplicationLevelSignature","processRefreshTokenResponse","nopkce","authorizationCodeGrantRequest","callbackParameters","redirectUri","JWTPayload","ConfirmationClaims","iss","aud","jti","nbf","exp","iat","cnf","nonce","auth_time","azp","AuthorizationDetails","locations","actions","datatypes","privileges","identifier","access_token","id_token","refresh_token","authorization_details","token_type","expectNoNonce","skipAuthTimeCheck","ProcessAuthorizationCodeResponseOptions","expectedNonce","maxAge","requireIdToken","processAuthorizationCodeResponse","UNSUPPORTED_OPERATION","JWT_USERINFO_EXPECTED","PARSE_ERROR","INVALID_RESPONSE","INVALID_REQUEST","RESPONSE_IS_NOT_JSON","RESPONSE_IS_NOT_CONFORM","HTTP_REQUEST_FORBIDDEN","REQUEST_PROTOCOL_FORBIDDEN","JWT_TIMESTAMP_CHECK","JWT_CLAIM_COMPARISON","JSON_ATTRIBUTE_COMPARISON","KEY_SELECTION","MISSING_SERVER_METADATA","INVALID_SERVER_METADATA","ClientCredentialsGrantRequestOptions","clientCredentialsGrantRequest","genericTokenEndpointRequest","grantType","processGenericTokenEndpointResponse","processClientCredentialsResponse","RevocationRequestOptions","revocationRequest","token","processRevocationResponse","IntrospectionRequestOptions","requestJwtResponse","introspectionRequest","jkt","IntrospectionResponse","active","sid","username","processIntrospectionResponse","keys","jwe","validateJwtAuthResponse","expectNoState","skipStateCheck","expectedState","validateDetachedSignatureResponse","Request","validateCodeIdTokenResponse","validateAuthResponse","DeviceAuthorizationRequestOptions","deviceAuthorizationRequest","DeviceAuthorizationResponse","device_code","user_code","verification_uri","verification_uri_complete","interval","processDeviceAuthorizationResponse","deviceCodeGrantRequest","deviceCode","processDeviceCodeResponse","GenerateKeyPairOptions","extractable","modulusLength","generateKeyPair","JWTAccessTokenClaims","ValidateJWTAccessTokenOptions","requireDPoP","signingAlgorithms","validateJwtAccessToken","request","expectedAudience","BackchannelAuthenticationRequestOptions","backchannelAuthenticationRequest","BackchannelAuthenticationResponse","auth_req_id","processBackchannelAuthenticationResponse","backchannelAuthenticationGrantRequest","authReqId","processBackchannelAuthenticationGrantResponse","OmitSymbolProperties","T","K","DynamicClientRegistrationRequestOptions","initialAccessToken","dynamicClientRegistrationRequest","Partial","processDynamicClientRegistrationResponse","ResourceServer","resource","authorization_servers","bearer_methods_supported","resource_signing_alg_values_supported","resource_name","resource_documentation","resource_policy_uri","resource_tos_uri","authorization_details_types_supported","dpop_bound_access_tokens_required","resourceDiscoveryRequest","resourceIdentifier","processResourceDiscoveryResponse","expectedResourceIdentifier","oauth","CryptoKey","crypto","subtle","generateKey","ReturnType","Awaited","Extract","type","CryptoKeyPair","privateKey","publicKey","AuthorizationResponseError","ResponseBodyError","WWWAuthenticateChallengeError","AuthorizationDetails","BackchannelAuthenticationResponse","ConfirmationClaims","DeviceAuthorizationResponse","OmitSymbolProperties","ExportedJWKSCache","GenerateKeyPairOptions","IDToken","IntrospectionResponse","JsonArray","JsonObject","JsonPrimitive","JsonValue","JWK","JWKS","JWSAlgorithm","ModifyAssertionFunction","ModifyAssertionOptions","MTLSEndpointAliases","PrivateKey","TokenEndpointResponse","UserInfoAddress","UserInfoResponse","WWWAuthenticateChallenge","WWWAuthenticateChallengeParameters","ClientAuth","ServerMetadata","ClientMetadata","URLSearchParams","Headers","as","client","body","headers","ClientSecretPost","clientSecret","ClientSecretBasic","ClientSecretJwt","options","None","PrivateKeyJwt","clientPrivateKey","TlsClientAuth","skipStateCheck","skipSubjectCheck","customFetch","modifyAssertion","clockSkew","clockTolerance","FetchBody","ArrayBuffer","ReadableStream","Uint8Array","DPoPHandle","Client","client_secret","use_mtls_endpoint_aliases","AuthorizationServer","calculatePKCECodeChallenge","Promise","codeVerifier","randomPKCECodeVerifier","randomNonce","randomState","ClientError","Error","code","randomDPoPKeyPair","alg","DiscoveryRequestOptions","CustomFetch","Configuration","Array","algorithm","execute","config","timeout","DynamicClientRegistrationRequestOptions","DPoPOptions","initialAccessToken","dynamicClientRegistration","URL","Partial","server","metadata","clientAuthentication","discovery","clientId","DecryptionKey","key","kid","enableDecryptingResponses","contentEncryptionAlgorithms","keys","ServerMetadataHelpers","supportsPKCE","method","ConfigurationMethods","Readonly","serverMetadata","clientMetadata","CustomFetchOptions","Record","AbortSignal","redirect","signal","Response","url","ConfigurationProperties","constructor","value","TokenEndpointResponseHelpers","claims","expiresIn","getDPoPHandle","keyPair","DeviceAuthorizationGrantPollOptions","pollDeviceAuthorizationGrant","deviceAuthorizationResponse","parameters","initiateDeviceAuthorization","initiateBackchannelAuthentication","BackchannelAuthenticationGrantPollOptions","pollBackchannelAuthenticationGrant","backchannelAuthenticationResponse","AuthorizationCodeGrantOptions","allowInsecureRequests","setJwksCache","jwksCache","getJwksCache","enableNonRepudiationChecks","useJwtResponseMode","enableDetachedSignatureResponseChecks","ImplicitAuthenticationResponseChecks","AuthorizationCodeGrantChecks","Pick","implicitAuthentication","Request","currentUrl","expectedNonce","checks","useCodeIdTokenResponseType","useIdTokenResponseType","expectedState","idTokenExpected","maxAge","pkceCodeVerifier","authorizationCodeGrant","tokenEndpointParameters","refreshTokenGrant","refreshToken","clientCredentialsGrant","buildAuthorizationUrl","buildAuthorizationUrlWithJAR","signingKey","buildAuthorizationUrlWithPAR","buildEndSessionUrl","fetchUserInfo","accessToken","expectedSubject","tokenIntrospection","token","DPoP","genericGrantRequest","grantType","tokenRevocation","fetchProtectedResource","DeviceAutorizationGrantPollOptions"],"sources":["../../../src/server/auth/constants/routes.ts","../../../src/server/auth/schemas/authenticationProviderSchema.ts","../../../src/server/auth/schemas/tokenResponseSchema.ts","../../../src/server/auth/schemas/tokensSchema.ts","../../../src/server/auth/schemas/userinfoResponseSchema.ts","../../../../../node_modules/oauth4webapi/build/index.d.ts","../../../../../node_modules/openid-client/build/index.d.ts","../../../src/server/auth/providers/ServerAuthProvider.ts","../../../src/server/auth/primitives/$auth.ts","../../../src/server/auth/primitives/$authApple.ts","../../../src/server/auth/primitives/$authCredentials.ts","../../../src/server/auth/primitives/$authFacebook.ts","../../../src/server/auth/primitives/$authFranceConnect.ts","../../../src/server/auth/primitives/$authGithub.ts","../../../src/server/auth/primitives/$authGoogle.ts","../../../src/server/auth/primitives/$authMicrosoft.ts","../../../src/server/auth/index.ts"],"x_google_ignoreList":[5,6],"mappings":";;;;;;;;;;;;;cAAa,sBAAA;;;;;;;;;;cCEA,4BAAA,YAA4B,OAAA;QAYxC,SAAA,CAAA,OAAA;;;KAEW,sBAAA,GAAyB,MAAA,QAC5B,4BAAA;;;cCZI,mBAAA,YAAmB,OAAA;YAG9B,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAEU,aAAA,GAAgB,MAAA,QAAc,mBAAA;;;cCP7B,YAAA,YAAY,OAAA;YAevB,SAAA,CAAA,OAAA;;;;;;;;;;KAEU,MAAA,GAAS,MAAA,QAAc,YAAA;;;cChBtB,sBAAA,YAAsB,OAAA;;QAGjC,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;KAEU,gBAAA,GAAmB,MAAA,QAAc,sBAAA;;;;;;KCIjCW,UAAAA,uBACUC,SAAAA;;;;KAKVE,SAAAA,GAAYF,SAAAA;;;;KAIZG,aAAAA;;;;KAIAH,SAAAA,GAAYG,aAAAA,GAAgBJ,UAAAA,GAAaG,SAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cAqFhCuB,SAAAA;;;;;;;;;;;;;;;;;cAiBAC,cAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AHvHrB;;;;;;;;ACPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiBA;;;;;;;;AChBA;;;;cC8PqBC,aAAAA;;;;;AAjIrB;;;UA+QiBI,mBAAAA;EA/QiC;AAiIlD;;EAjIkD,SAmRrCE,MAAAA;EAlJkC;;AA8I/C;EA9I+C,SAsJlCC,sBAAAA;;;;WAIAC,cAAAA;EAAAA;;;EAAAA,SAIAC,QAAAA;EAaAG;;;EAAAA,SATAF,qBAAAA;EA4BAM;;;EAAAA,SAxBAL,gBAAAA;EA6CAS;;;;EAAAA,SAxCAR,wBAAAA;EA+DAa;;;;EAAAA,SA1DAZ,wBAAAA;EAgFAiB;;;;EAAAA,SA3EAhB,qBAAAA;EA8FAoB;;;EAAAA,SA1FAnB,qCAAAA;EA6GAuB;;;;EAAAA,SAxGAtB,gDAAAA;EA+HA2B;;;;EAAAA,SA1HA1B,qBAAAA;EAkJA+B;;;;EAAAA,SA7IA9B,oBAAAA;EAqKAmC;;;;;EAAAA,SA/JAlC,aAAAA;EA4LAwC;;;;EAAAA,SAvLAvC,UAAAA;EA8MA4C;;;EAAAA,SA1MA3C,mBAAAA;EA4NA+C;;;;EAAAA,SAvNA9C,0CAAAA;EA8OAmD;;;;EAAAA,SAzOAlD,qDAAAA;EA4OIlB;;;EAAAA,SAxOJmB,sBAAAA;EAwOgCmD;;;;EAAAA,SAnOhClD,6CAAAA;EA2OImD;;;;;EAAAA,SArOJlD,wDAAAA;EAgVoB;;;EAAA,SA5UpBC,gCAAAA;EAmPToD;;;EAAAA,SA/OSnD,eAAAA;EAsQTuD;;;EAAAA,SAlQStD,6BAAAA;EAoUR6C;;;EAAAA,SAhUQ5C,0CAAAA;EAo+DD0T;;;;EAAAA,SA/9DCzT,qBAAAA,GAAwB1B,mBAAAA;EAg+DWqV;;;EAAAA,SA59DnC1T,iBAAAA;EA49D0C;;;;EAAA,SAv9D1CC,oBAAAA;EAu9DmCyT;;;;EAAAA,SAl9DnCxT,uBAAAA;;;;ACxfb;WD6faC,qCAAAA;;;;;WAKAC,wCAAAA;EClgBgG;;;;EAAA,SDugBhGC,wCAAAA;ECvgBiCwX;;;EAAAA,SD2gBjCvX,qCAAAA;EC3gBgFyX;;;EAAAA,SD+gBhFxX,wCAAAA;ECzC6C;;;EAAA,SD6C7CC,wCAAAA;EC2CDuY;;;;EAAAA,SDtCCtY,2CAAAA;ECsC0DyY;;;;EAAAA,SDjC1DxY,8CAAAA;ECiCgCuY;;;;EAAAA,SD5BhCtY,8CAAAA;EC4CI8W;;;;EAAAA,SDvCJ7W,wBAAAA;ECuCiCwY;;;EAAAA,SDnCjCvY,qBAAAA;EC2FgB;AAS7B;;;EAT6B,SDtFhBC,gBAAAA;EC+FoD;AA8QjE;;;EA9QiE,SD1FpDC,wBAAAA;EC+WmB;AAKhC;;;EALgC,SD1WnBC,0BAAAA;ECmXSgb;;;;EAAAA,SD9WT/a,2BAAAA;ECkXiB;;;;EAAA,SD7WjBC,+BAAAA;ECyWoC0a;;;;EAAAA,SDpWpCza,gCAAAA;ECwW6CsW;;;AAE1D;EAF0DA,SDnW7CrW,6BAAAA;;;;WAIAC,qCAAAA;ECuXW;;;EAAA,SDnXXC,qCAAAA;ECqWTyW;;;;EAAAA,SDhWSxW,0CAAAA;EC8WA8a;;;AAKb;EALaA,SDzWA7a,6CAAAA;;;;;WAKAC,6CAAAA;ECkX0B;;;;EAAA,SD7W1BC,8CAAAA;EC6W2B8a;;;AAIxC;EAJwCA,SDxW3B7a,0CAAAA;;;;;WAKAC,6CAAAA;ECmXF;;AA2CX;;EA3CW,SD9WEC,6CAAAA;ECmaW2V;;;EAAAA,SD/ZX1V,mCAAAA;ECmakB0V;;;;EAAAA,SD9ZlBzV,+DAAAA;ECkaSia;;;EAAAA,SD9ZTha,0CAAAA;EC8aJ2W;;;EAAAA,SD1aI1W,yCAAAA;ECwY8E;;;;EAAA,SDnY9EC,oBAAAA;EC6YG+Y;;;EAAAA,SDzYH9Y,iCAAAA;ECyY6C+Y;;;;EAAAA,SDpY7C9Y,oBAAAA;ECwYkBoV;;;;;EAAAA,SDlYlBnV,qCAAAA;ECsY6CoV;;;EAAAA,SDlY7CnV,6BAAAA;EC8YJqW;;;;EAAAA,SDzYIpW,oCAAAA;EC6Y2B;;;EAAA,SDzY3BC,4BAAAA;;AErqBb;;WFyqBaC,mBAAAA;EAAAA,UACCC,QAAAA,WAAmBrG,SAAAA;AAAAA;AAAAA,UAEhBgC,mBAAAA,SAA4BsE,IAAAA,CAAKvE,mBAAAA;EAAAA,UACpCsE,QAAAA;AAAAA;;;;;;UAOGE,MAAAA;;;;EAIbC,SAAAA;;;;;;;EAOAC,4BAAAA;EEvpBkC;;;;;;EF8pBlCC,iCAAAA;;;;;EAKAC,iBAAAA;;;;;;;EAOAC,4BAAAA;EEroB0B;;;;;;EF4oB1BC,iCAAAA;;;;EAIAC,eAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyDAC,yBAAAA;;;;GAICtF,SAAAA;;;;GAIAC,cAAAA;EAAAA,CACA2E,QAAAA,WAAmBrG,SAAAA;AAAAA;;;;KAoqDZmX,oBAAAA,oBACIC,CAAAA,IAAKC,CAAAA,0BAA2BA,CAAAA,GAAID,CAAAA,CAAEC,CAAAA;;;;ALv+EtD;;;;;;;;;;;;;;;ACEA;KK2BY6D,UAAAA,IAAcK,EAAAA,EAAIJ,cAAAA,EAAgBK,MAAAA,EAAQJ,cAAAA,EAAgBK,IAAAA,EAAMJ,eAAAA,EAAiBK,OAAAA,EAASJ,OAAAA;;;;;;;;AFpBtG;;;;;;;;ACIA;;;;;AAMA;;;;;AAIA;;;;;AAIA;;;;;;;;;;;;;AAqFA;;;;;AAiBA;;;;;AAiIA;;;;;AA8IA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+TA;;;;;;;;;AAQA;;;;;;;;;;;;;;;;;;;;;;cCpNqBgB,WAAAA,SAAoB5D,aAAAA;AAAAA,KAwF7BgE,SAAAA,GAAYC,WAAAA,UAAqBC,cAAAA,YAA0BC,UAAAA,eAAyBxB,eAAAA;;;;;;;AAqXhG;UArWiBD,cAAAA,SAAuB1C,MAAAA;;;;EAIpCsE,aAAAA;EAuXoB;;;;;;;;;;;;AAKxB;;;;;;;;;;;;;;;AAaA;;;;;;;;;AAuDA;;;;;;;;;;;;;;;EA5YIC,yBAAAA;AAAAA;;;;;;;;UASa9B,cAAAA,SAAuBzC,mBAAAA;AAAAA,UA8QvB6G,qBAAAA;;;;;;;EAObC,YAAAA,CAAaC,MAAAA;AAAAA;;;;UAKAC,oBAAAA;;;;EAIbE,cAAAA,IAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;;;;EAI7CM,cAAAA,IAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;AAAAA;AAAAA,UAEzC0E,kBAAAA;;;;EAIbrE,IAAAA,EAAMiB,SAAAA;;;;EAINhB,OAAAA,EAASqE,MAAAA;ECx2BQ;;;;ED62BjBN,MAAAA;;;;EAIAQ,QAAAA;;;;;EAKAC,MAAAA,GAASF,WAAAA;AAAAA;;;;KAKDjC,WAAAA;;;;;AAKZqC,GAAAA;;;;AAIArE,OAAAA,EAAS+D,kBAAAA,KAAuB1C,OAAAA,CAAQ+C,QAAAA;;;;UAIvBE,uBAAAA;;;;;;;GAOZ/D,WAAAA,IAAeyB,WAAAA;;;;;EAKhBM,OAAAA;AAAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;cA2CiBL,aAAAA,YAAyB0B,oBAAAA,EAAsBW,uBAAAA;;;;;;;;;;EAUhEC,WAAAA,CAAY1B,MAAAA,EAAQzD,cAAAA,EAAgB6D,QAAAA,UAAkBH,QAAAA,GAAWF,OAAAA,CAAQvD,cAAAA,YAA0B0D,oBAAAA,GAAuB5D,UAAAA;;;;EAI1H0E,cAAAA,CAAAA,GAAkBD,QAAAA,CAASxE,cAAAA,IAAkBoE,qBAAAA;EC31B/B;;;ED+1BdM,cAAAA,CAAAA,GAAkBF,QAAAA,CAASjH,oBAAAA,CAA2B0C,cAAAA;;;;MAIlDiD,OAAAA,CAAAA;;;;MAIAA,OAAAA,CAAQkC,KAAAA;;;;OAIPjE,WAAAA,KAAgByB,WAAAA;;;;OAIhBzB,WAAAA,EAAaiE,KAAAA,EAAOxC,WAAAA;AAAAA;;;cC9iChB,kBAAA;EAAA,mBACQ,GAAA,EADU,gBAAA,CACP,MAAA;EAAA,mBACH,MAAA,EAAM,MAAA;EAAA,mBACN,qBAAA,EAAqB,qBAAA;EAAA,mBACrB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,mBAAA,EAAmB,mBAAA;EPjCvC;;;;;;;;EAAA,UO2CW,mBAAA,CAAoB,GAAA;EAAA,IAmBnB,UAAA,CAAA,GAAc,KAAA,CAAM,aAAA;EAAA,mBAMZ,iBAAA,EAAiB,wBAAA,CAAA,uBAAA,WAAA,OAAA;cANN,SAAA,CAAA,OAAA;;;;;;;;WAsBd,MAAA,EAAM,wBAAA,CAAA,uBAAA,WAAA,OAAA;cAhBc,SAAA,CAAA,OAAA;;;;;;;;;;qBAyBjB,SAAA,EATG,QAAA,CASM,aAAA;;;;qBAYT,SAAA,EAZS,QAAA,CAYA,aAAA;;;AL3G9B;WKgJkB,QAAA,mBAAQ,cAAA;;;YArCI,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;WA2EZ,OAAA,mBAAO,cAAA;;gBAtCC,SAAA,CAAA,OAAA;IAAA;;;;;;;;;;;;;;;;;;;;WA6ER,KAAA,mBAAK,cAAA;;gBAvCE,SAAA,CAAA,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAoHP,KAAA,mBAAK,cAAA;;gBA7EA,SAAA,CAAA,OAAA;;;;;;;;;;;YA2ML,sBAAA,CACd,GAAA,EAAK,OAAA,GACJ,OAAA,CAAQ,MAAA;;;;;;YAsCK,cAAA,CACd,GAAA,EAAK,GAAA,EACL,KAAA,EAAO,WAAA,EACP,OAAA,EAAS,OAAA,EACT,GAAA,GAAM,gBAAA,GAAgB,OAAA;;;;;WA8FR,QAAA,EAAQ,gBAAA,CAAA,cAAA,CA9FA,gBAAA,CA8FA,mBAAA;;;;;WAWR,YAAA,EAAY,gBAAA,CAAA,cAAA,CAXJ,gBAAA,CAWI,mBAAA;;;;WAWZ,MAAA,mBAAM,cAAA;;oDAXM,SAAA,CAAA,OAAA;IAAA;EAAA;EAqFrB,0BAAA,CACL,OAAA;IAAW,SAAA;EAAA,IACV,sBAAA;EL/oBoB;;;;;EAAA,UKurBb,QAAA,CACR,IAAA;IAAiB,QAAA;IAAkB,KAAA;EAAA,IAClC,aAAA;;;;;YA6Ba,eAAA,CACd,OAAA,EAAS,OAAA,GACR,OAAA,CAAQ,MAAA;EAAA,UAgCD,SAAA,CAAU,OAAA,GAAU,OAAA,GAAU,MAAA;EAAA,UAI9B,SAAA,CAAU,MAAA,EAAQ,MAAA,EAAQ,OAAA,GAAU,OAAA;EAAA,UAgBpC,kBAAA,CAAmB,MAAA,EAAQ,MAAA;EAAA,UAcrB,aAAA,CAAc,MAAA,EAAQ,MAAA,GAAS,OAAA,CAAQ,MAAA;AAAA;AAAA,UAqDxC,aAAA;EACf,GAAA;EACA,KAAA;EACA,IAAA;EACA,UAAA;EACA,WAAA;EACA,WAAA;EACA,QAAA;EACA,kBAAA;EACA,OAAA;EACA,OAAA;EACA,OAAA;EACA,cAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;EACA,MAAA;EACA,YAAA;EACA,qBAAA;EACA,OAAA;IACE,SAAA;IACA,cAAA;IACA,QAAA;IACA,MAAA;IACA,WAAA;IACA,OAAA;EAAA;EAEF,UAAA;EAAA,CAEC,GAAA;AAAA;;;;;;;;;;APt3BH;;;;;;;;;;;;;;;ACEA;;;;;;;;;;;;cOyDa,KAAA;EAAA,UAAkB,oBAAA,GAAuB,aAAA;EAAA;;KAM1C,oBAAA;;;;;EAKV,IAAA;;ANjEF;;EMsEE,QAAA;AAAA,KACG,YAAA,GAAe,YAAA;;;;KAKR,YAAA;;;;EAIV,IAAA,EAAM,WAAA;;;;;;;;;;;;;;EAeN,QAAA,SAAiB,KAAA,CAAM,WAAA;AAAA;;;;;;;KASb,YAAA;EACV,MAAA,EAAQ,eAAA;AAAA;;;;;;;;EAUJ,WAAA,EAAa,kBAAA;AAAA;;;;;;;;EAUb,KAAA,EAAO,aAAA;AAAA;;;;;;;;;;EAYP,IAAA,EAAM,WAAA;AAAA;AAAA,KAIA,kBAAA;EACV,OAAA,EAAS,aAAA;AAAA;AAAA,KAGC,aAAA,IACV,WAAA,EAAa,WAAA,KACV,KAAA,CAAM,WAAA;AAAA,UAEM,WAAA;EACf,QAAA;EACA,QAAA;AAAA;AAAA,UAGe,WAAA;;;;EAIf,MAAA;;;;EAKA,QAAA;;;;;EAMA,YAAA;;;;;EAMA,WAAA;;;;;EAMA,UAAA;;;;EAKA,SAAA;;;;;EAMA,KAAA;EAEA,OAAA,GAAU,aAAA;;;;;;EAOV,YAAA;;;;;EAMA,uBAAA,GAA0B,MAAA;AAAA;AAAA,UAGX,kBAAA;EACf,YAAA;EACA,IAAA,EAAM,aAAA;EACN,QAAA;EACA,UAAA;EACA,KAAA;AAAA;AAAA,KAGU,aAAA,IAAiB,MAAA,EAAQ,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA,UAEjD,aAAA;;;;EAIf,QAAA;;;;EAKA,YAAA;;;;EAKA,aAAA;ENrOuB;;;EM0OvB,KAAA;;;;EAKA,QAAA,GAAW,MAAA,EAAQ,MAAA,KAAW,KAAA,CAAM,aAAA;EAEpC,OAAA,GAAU,aAAA;;;;EAKV,WAAA;;;;EAKA,KAAA;AAAA;AAAA,cAKW,aAAA,SAAsB,SAAA,CAAU,oBAAA;EAAA,mBACxB,gBAAA,EAAgB,gBAAA;EAAA,mBAChB,gBAAA,EAAgB,gBAAA;EAAA,UAEzB,WAAA,GAAc,aAAA;EAAA,UACd,gBAAA,SAAyB,OAAA,CAAQ,aAAA;EAAA,IAEhC,KAAA,CAAA,GAAS,aAAA;;;;EAOP,QAAA,CAAA,GAAY,OAAA,CAAQ,aAAA;EAAA,IActB,IAAA,CAAA;EAAA,IAIA,MAAA,CAAA,GAAU,eAAA;EAAA,IAOV,QAAA,CAAA;EAAA,IAQA,KAAA,CAAA;EAAA,IAYA,YAAA,CAAA;;;;;EAgBE,OAAA,CACX,YAAA,UACA,WAAA,YACC,OAAA,CAAQ,mBAAA;;;;;;;;;;EA8CE,IAAA,CACX,MAAA,EAAQ,MAAA,EACR,eAAA,GAAkB,MAAA,oBACjB,OAAA,CAAQ,WAAA;EAAA,UAsDD,kBAAA,CAAmB,OAAA,WAAkB,aAAA;EAYlC,OAAA,CAAA,GAAO,OAAA;AAAA;AAAA,KAsDV,WAAA;EAAyB,KAAA,QAAa,KAAA;AAAA;AAAA,UAEjC,UAAA;EACf,IAAA,IAAQ,IAAA,cAAkB,IAAA,EAAM,kBAAA,KAAuB,KAAA,CAAM,WAAA;AAAA;AAAA,UAG9C,WAAA;EACf,KAAA,IACE,QAAA,cACI,KAAA,EAAO,WAAA,KAAgB,KAAA,CAAM,WAAA;AAAA;;;;;;;;;;;;;;AR1gBrC;;;;;;;;;;;;;;;ACEA;;;cQsCa,UAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;cC5BL,gBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,WAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,kBAAA,MAAD,aAAA;;;;;;;;;;;;;cCIL,aAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;;AXtBlB;;;;;;;;;;;;;;;ACEA;cWkCa,kBAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cClBL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;cCHL,WAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;;;;;;;;;AdrBlB;;;;;;;;;;;ce+Ba,cAAA,GACX,KAAA,EAAO,eAAA,GAAkB,UAAA,EACzB,OAAA,GAAS,OAAA,CAAQ,WAAA,MAAD,aAAA;;;;;;AfjClB;;;;;;;;;;;;;;cgBqCa,gBAAA,EAAgB,QAAA,CAAA,OAAA,CAI3B,QAAA,CAJ2B,MAAA"}
package/dist/server/auth/index.js CHANGED
@@ -1438,12 +1438,24 @@ var ServerAuthProvider = class {
1438
1438
  dateTimeProvider = $inject(DateTimeProvider);
1439
1439
  serverLinksProvider = $inject(ServerLinksProvider);
1440
1440
  /**
1441
- * Validates that a redirect URI is a safe relative path.
1442
- * Prevents open redirect attacks by rejecting absolute URLs and protocol-relative URLs.
1441
+ * Validates that a redirect URI is a safe relative path, or — when
1442
+ * COOKIE_PARENT_DOMAIN is configured an https URL whose host is the
1443
+ * parent domain or a subdomain of it. Used by SaaS deployments where the
1444
+ * OAuth callback dispatches users back to their tenant subdomain.
1445
+ *
1446
+ * Prevents open redirect attacks by rejecting any other absolute URL.
1443
1447
  */
1444
1448
  validateRedirectUri(uri) {
1445
- if (!uri.startsWith("/") || uri.startsWith("//")) return "/";
1446
- return uri;
1449
+ if (uri.startsWith("/") && !uri.startsWith("//")) return uri;
1450
+ const parent = this.alepha.env.COOKIE_PARENT_DOMAIN;
1451
+ if (typeof parent === "string" && parent) try {
1452
+ const parsed = new URL(uri);
1453
+ const parentHost = parent.startsWith(".") ? parent.slice(1) : parent;
1454
+ if (parsed.protocol !== "https:") return "/";
1455
+ if (parsed.host === parentHost) return uri;
1456
+ if (parsed.host.endsWith(`.${parentHost}`)) return uri;
1457
+ } catch {}
1458
+ return "/";
1447
1459
  }
1448
1460
  get identities() {
1449
1461
  return this.alepha.primitives($auth).filter((auth) => !auth.options.disabled);