arkos 2.0.0-next.12 → 2.0.0-next.13

package/README.md

@@ -20,7 +20,7 @@
 <div align="center">
 
 **[Installation](https://www.arkosjs.com/docs/getting-started/installation)** •
-**[Documentation](https://arkosjs.com/docs/intro)** •
+**[Documentation](https://arkosjs.com/docs)** •
 **[Website](https://arkosjs.com)** •
 **[GitHub](https://github.com/uanela/arkos)** •
 **[Blog](https://www.arkosjs.com/blog)** •
@@ -205,16 +205,16 @@ export const beforeCreateOne = [
 
 ## Documentation
 
-For comprehensive guides, API reference, and examples, visit our [official documentation](https://arkosjs.com/docs/intro).
+For comprehensive guides, API reference, and examples, visit our [official documentation](https://arkosjs.com/docs).
 
 **Quick Links:**
 
-- [Getting Started Guide](https://arkosjs.com/docs/intro)
-- [Authentication Setup](https://arkosjs.com/docs/core-concepts/authentication-system)
+- [Getting Started Guide](https://arkosjs.com/docs)
+- [Authentication Setup](https://arkosjs.com/docs/core-concepts/authentication/setup)
 - [Using Interceptors](https://arkosjs.com/docs/core-concepts/interceptors)
-- [File Uploads](https://arkosjs.com/docs/core-concepts/file-uploads)
-- [Validation](https://arkosjs.com/docs/core-concepts/request-data-validation)
-- [Email Service](https://arkosjs.com/docs/core-concepts/sending-emails)
+- [File Uploads](https://arkosjs.com/docs/guides/file-uploads/setup)
+- [Validation](https://arkosjs.com/docs/guides/validation/setup)
+- [Email Service](https://arkosjs.com/docs/guides/email-service)
 
 ## Getting Nightly Updates
 
@@ -234,7 +234,7 @@ Arkos.js is built on top of industry-leading tools:
 
 ## Support & Contributing
 
-- **Documentation:** [arkosjs.com/docs](https://arkosjs.com/docs/intro)
+- **Documentation:** [arkosjs.com/docs](https://arkosjs.com/docs)
 - **Bug Reports:** [GitHub Issues](https://github.com/uanela/arkos/issues)
 - **Feature Requests:** Open a GitHub issue
 - **Contact:** [uanelaluiswayne@gmail.com](mailto:uanelaluiswayne@gmail.com)
@@ -250,7 +250,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 <div align="center">
 
 **[Installation](https://www.arkosjs.com/docs/getting-started/installation)** •
-**[Documentation](https://arkosjs.com/docs/intro)** •
+**[Documentation](https://arkosjs.com/docs)** •
 **[Website](https://arkosjs.com)** •
 **[GitHub](https://github.com/uanela/arkos)** •
 **[Blog](https://www.arkosjs.com/blog)** •

package/dist/cjs/app.js

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -8,7 +41,7 @@ exports.getAppServer = getAppServer;
 require("./utils/helpers/arkos-config.helpers.js");
 const express_1 = __importDefault(require("express"));
 const setup_app_1 = __importDefault(require("./utils/setup-app.js"));
-const initialize_app_1 = __importDefault(require("./utils/initialize-app.js"));
+const initialize_app_1 = __importStar(require("./utils/initialize-app.js"));
 const server_1 = require("./server.js");
 const runtime_cli_commander_1 = __importDefault(require("./utils/cli/utils/runtime-cli-commander.js"));
 const http_1 = require("http");
@@ -35,7 +68,8 @@ function arkos() {
         return app;
     };
     function loadApp() {
-        const _app = (0, initialize_app_1.default)(app);
+        let _app = (0, initialize_app_1.default)(app);
+        _app = (0, initialize_app_1.addGlobalErrorHandler)(_app);
         if (process.env.CLI_COMMAND)
             runtime_cli_commander_1.default.handle();
         return _app;

package/dist/cjs/app.js.map

@@ -1 +1 @@
-{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/app.ts"],"names":[],"mappings":";;;;;AA0DA,sBAyFC;AAED,oCAEC;AAvJD,gDAA8C;AAC9C,sDAA2C;AAC3C,kEAAyC;AAEzC,4EAAmD;AACnD,qCAAyC;AACzC,oGAA0E;AAC1E,+BAA+D;AAC/D,4EAAmD;AACnD,mGAAoE;AACpE,0GAAoG;AAEpG,IAAI,SAAgE,CAAC;AACrE,MAAM,QAAQ,GACZ,8EAA8E,CAAC;AACjF,IAAI,YAAY,GAAG,KAAK,CAAC;AA2CzB,SAAgB,KAAK;IACnB,IAAI,YAAY;QACd,MAAM,IAAA,oBAAS,EAAC,yCAAyC,QAAQ,EAAE,CAAC,CAAC;IAEvE,MAAM,GAAG,GAAG,IAAA,gDAAqB,EAAC,IAAA,iBAAO,GAAE,EAAE,EAAE,EAAE,KAAK,CAAiB,CAAC;IACxE,IAAA,mBAAQ,EAAC,GAAG,CAAC,CAAC;IACd,YAAY,GAAG,IAAI,CAAC;IAGpB,IAAI,KAAK,GAAa,MAAM,CAAC;IAE7B,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,KAAsB,EAAE,EAAE;QACvC,IAAI,KAAK,KAAK,MAAM;YAClB,MAAM,IAAA,oBAAS,EACb,wCAAwC,KAAK,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,WAAW,QAAQ,EAAE,CACxG,CAAC;QAEJ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9C,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAE/C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iCAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACzD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IAEF,SAAS,OAAO;QACd,MAAM,IAAI,GAAG,IAAA,wBAAa,EAAC,GAAG,CAAC,CAAC;QAChC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW;YAAE,+BAAmB,CAAC,MAAM,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,KAAK,GAAG;QACV,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,UAAU;YAC3C,MAAM,IAAA,oBAAS,EAAC,6CAA6C,QAAQ,EAAE,CAAC,CAAC;QAC3E,IAAI,KAAK,KAAK,WAAW;YACvB,MAAM,IAAA,oBAAS,EACb,uDAAuD,QAAQ,EAAE,CAClE,CAAC;QAEJ,KAAK,GAAG,UAAU,CAAC;QACnB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,KAAK,GAAG,OAAO,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAA6B,CAAC;IAGxE,MAAM,SAAS,GAAG,CAChB,IAAqB,EACrB,IAAY,EACZ,EAAiB,EACjB,EAAE;QACF,IAAA,sBAAa,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,OAAO,EAAE,IAAI,cAAa,CAAC,CAAC;IAC9B,CAAC,CAAC;IAEF,GAAG,CAAC,MAAM,GAAG,KAAK,WAAW,GAAG,IAAI;QAClC,IAAI,KAAK,KAAK,WAAW;YACvB,MAAM,IAAA,oBAAS,EAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAC5E,IAAI,KAAK,KAAK,UAAU;YACtB,MAAM,IAAA,oBAAS,EACb,gEAAgE,QAAQ,EAAE,CAC3E,CAAC;QAEJ,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;YACrB,KAAK,GAAG,WAAW,CAAC;YACpB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAO,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;QAElE,IAAK,IAAY,EAAE,MAAM,KAAK,CAAC,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU;YAC9D,SAAS,GAAG,cAAc,CACxB,IAAI,EACJ,IAAI,EACJ,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAiB,CAAC,CAC/C,CAAC;aACC,IAAI,IAAI,CAAC,CAAC,CAAC,YAAY,aAAM,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ;YAC/D,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CACxB,IAAI,EACJ,IAAI,EACJ,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAiB,CAAC,CAC/C,CAAC;QAEJ,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC","sourcesContent":["import \"./utils/helpers/arkos-config.helpers\";\nimport express, { Express } from \"express\";\nimport setupApp from \"./utils/setup-app\";\nimport { Arkos, ArkosLoadable } from \"./types/arkos\";\nimport initializeApp from \"./utils/initialize-app\";\nimport { logAppStartup } from \"./server\";\nimport runtimeCliCommander from \"./utils/cli/utils/runtime-cli-commander\";\nimport { IncomingMessage, Server, ServerResponse } from \"http\";\nimport ExitError from \"./utils/helpers/exit-error\";\nimport loadableRegistry from \"./components/arkos-loadable-registry\";\nimport { applyArkosRouterProxy } from \"./utils/arkos-router/utils/helpers/apply-arkos-router-proxy\";\n\nlet appServer: Server<typeof IncomingMessage, typeof ServerResponse>;\nconst docsLink =\n  \"https://www.arkosjs.com/docs/core-concepts/routing/setup#setting-up-your-app\";\nlet instanciated = false;\n\n/**\n * Creates and configures an Arkos application instance.\n *\n * Arkos extends Express with a small set of methods for registering routers,\n * loading route/service hooks, and booting the application. All Arkos-specific\n * setup (`app.build()`) must happen before the app starts\n * accepting requests.\n *\n * @example\n * ```ts\n * // Simple setup\n * import arkos from \"arkos\";\n *\n * const app = arkos();\n *\n * app.use(reportsRouter);\n *\n * app.listen();\n * ```\n *\n * @example\n * ```ts\n * // Custom HTTP server (e.g. for WebSockets)\n * import arkos from \"arkos\";\n * import http from \"http\";\n *\n * const app = arkos();\n *\n * app.use(reportsRouter);\n *\n * async function start() {\n *  await app.build();\n *\n *  const server = http.createServer(app);\n *  app.listen(server)\n * }\n * main()\n * ```\n *\n * @see {@link https://www.arkosjs.com/docs/core-concepts/routing/setup}\n */\nexport function arkos(): Arkos {\n  if (instanciated)\n    throw ExitError(`arkos() must be called only once, see ${docsLink}`);\n\n  const app = applyArkosRouterProxy(express(), {}, \"app\") as any as Arkos;\n  setupApp(app);\n  instanciated = true;\n\n  type AppState = \"idle\" | \"building\" | \"built\" | \"listening\";\n  let state: AppState = \"idle\";\n\n  app.load = (...items: ArkosLoadable[]) => {\n    if (state !== \"idle\")\n      throw ExitError(\n        `app.load() must be called before app.${state === \"listening\" ? \"listen\" : \"build\"}(), see ${docsLink}`\n      );\n\n    if (Array.isArray(items[0])) items = items[0];\n    items = Array.isArray(items) ? items : [items];\n\n    items.forEach((item) => loadableRegistry.register(item));\n    return app;\n  };\n\n  function loadApp() {\n    const _app = initializeApp(app);\n    if (process.env.CLI_COMMAND) runtimeCliCommander.handle();\n    return _app;\n  }\n\n  app.build = function () {\n    if (state === \"built\" || state === \"building\")\n      throw ExitError(`app.build() must only be called once, see ${docsLink}`);\n    if (state === \"listening\")\n      throw ExitError(\n        `app.build() must be called before app.listen(), see ${docsLink}`\n      );\n\n    state = \"building\";\n    const _app = loadApp();\n    state = \"built\";\n    return _app;\n  };\n\n  const originalListen = app.listen.bind(app) as any as Express[\"listen\"];\n  type UserCallback = (err?: Error) => void;\n\n  const defaultCb = (\n    port: number | string,\n    host: string,\n    cb?: UserCallback\n  ) => {\n    logAppStartup(port, host);\n    return cb || function () {};\n  };\n\n  app.listen = async function (...args): Promise<Server> {\n    if (state === \"listening\")\n      throw ExitError(`app.listen() must only be called once, see ${docsLink}`);\n    if (state === \"building\")\n      throw ExitError(\n        `app.build() must be awaited before calling app.listen(), see ${docsLink}`\n      );\n\n    if (state === \"idle\") {\n      state = \"listening\";\n      loadApp();\n    }\n\n    const port = Number(process.env.__PORT || process.env.PORT || \"8000\");\n    const host = process.env.__HOST! || process.env.HOST || \"0.0.0.0\";\n\n    if ((args as any)?.length === 0 || typeof args[0] === \"function\")\n      appServer = originalListen(\n        port,\n        host,\n        defaultCb(port, host, args[0] as UserCallback)\n      );\n    else if (args[0] instanceof Server || typeof args[0] === \"object\")\n      appServer = args[0].listen(\n        port,\n        host,\n        defaultCb(port, host, args[1] as UserCallback)\n      );\n\n    return appServer;\n  };\n\n  return app;\n}\n\nexport function getAppServer() {\n  return appServer;\n}\n"]}
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../../src/app.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0DA,sBA0FC;AAED,oCAEC;AAxJD,gDAA8C;AAC9C,sDAA2C;AAC3C,kEAAyC;AAEzC,yEAA8E;AAC9E,qCAAyC;AACzC,oGAA0E;AAC1E,+BAA+D;AAC/D,4EAAmD;AACnD,mGAAoE;AACpE,0GAAoG;AAEpG,IAAI,SAAgE,CAAC;AACrE,MAAM,QAAQ,GACZ,8EAA8E,CAAC;AACjF,IAAI,YAAY,GAAG,KAAK,CAAC;AA2CzB,SAAgB,KAAK;IACnB,IAAI,YAAY;QACd,MAAM,IAAA,oBAAS,EAAC,yCAAyC,QAAQ,EAAE,CAAC,CAAC;IAEvE,MAAM,GAAG,GAAG,IAAA,gDAAqB,EAAC,IAAA,iBAAO,GAAE,EAAE,EAAE,EAAE,KAAK,CAAiB,CAAC;IACxE,IAAA,mBAAQ,EAAC,GAAG,CAAC,CAAC;IACd,YAAY,GAAG,IAAI,CAAC;IAGpB,IAAI,KAAK,GAAa,MAAM,CAAC;IAE7B,GAAG,CAAC,IAAI,GAAG,CAAC,GAAG,KAAsB,EAAE,EAAE;QACvC,IAAI,KAAK,KAAK,MAAM;YAClB,MAAM,IAAA,oBAAS,EACb,wCAAwC,KAAK,KAAK,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,WAAW,QAAQ,EAAE,CACxG,CAAC;QAEJ,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC9C,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAE/C,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,iCAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QACzD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IAEF,SAAS,OAAO;QACd,IAAI,IAAI,GAAG,IAAA,wBAAa,EAAC,GAAG,CAAC,CAAC;QAC9B,IAAI,GAAG,IAAA,sCAAqB,EAAC,IAAI,CAAC,CAAC;QACnC,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW;YAAE,+BAAmB,CAAC,MAAM,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,GAAG,CAAC,KAAK,GAAG;QACV,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,UAAU;YAC3C,MAAM,IAAA,oBAAS,EAAC,6CAA6C,QAAQ,EAAE,CAAC,CAAC;QAC3E,IAAI,KAAK,KAAK,WAAW;YACvB,MAAM,IAAA,oBAAS,EACb,uDAAuD,QAAQ,EAAE,CAClE,CAAC;QAEJ,KAAK,GAAG,UAAU,CAAC;QACnB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;QACvB,KAAK,GAAG,OAAO,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IAEF,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAA6B,CAAC;IAGxE,MAAM,SAAS,GAAG,CAChB,IAAqB,EACrB,IAAY,EACZ,EAAiB,EACjB,EAAE;QACF,IAAA,sBAAa,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,OAAO,EAAE,IAAI,cAAa,CAAC,CAAC;IAC9B,CAAC,CAAC;IAEF,GAAG,CAAC,MAAM,GAAG,KAAK,WAAW,GAAG,IAAI;QAClC,IAAI,KAAK,KAAK,WAAW;YACvB,MAAM,IAAA,oBAAS,EAAC,8CAA8C,QAAQ,EAAE,CAAC,CAAC;QAC5E,IAAI,KAAK,KAAK,UAAU;YACtB,MAAM,IAAA,oBAAS,EACb,gEAAgE,QAAQ,EAAE,CAC3E,CAAC;QAEJ,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;YACrB,KAAK,GAAG,WAAW,CAAC;YACpB,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,CAAC,CAAC;QACtE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,MAAO,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,SAAS,CAAC;QAElE,IAAK,IAAY,EAAE,MAAM,KAAK,CAAC,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,UAAU;YAC9D,SAAS,GAAG,cAAc,CACxB,IAAI,EACJ,IAAI,EACJ,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAiB,CAAC,CAC/C,CAAC;aACC,IAAI,IAAI,CAAC,CAAC,CAAC,YAAY,aAAM,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ;YAC/D,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,CACxB,IAAI,EACJ,IAAI,EACJ,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAiB,CAAC,CAC/C,CAAC;QAEJ,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAgB,YAAY;IAC1B,OAAO,SAAS,CAAC;AACnB,CAAC","sourcesContent":["import \"./utils/helpers/arkos-config.helpers\";\nimport express, { Express } from \"express\";\nimport setupApp from \"./utils/setup-app\";\nimport { Arkos, ArkosLoadable } from \"./types/arkos\";\nimport initializeApp, { addGlobalErrorHandler } from \"./utils/initialize-app\";\nimport { logAppStartup } from \"./server\";\nimport runtimeCliCommander from \"./utils/cli/utils/runtime-cli-commander\";\nimport { IncomingMessage, Server, ServerResponse } from \"http\";\nimport ExitError from \"./utils/helpers/exit-error\";\nimport loadableRegistry from \"./components/arkos-loadable-registry\";\nimport { applyArkosRouterProxy } from \"./utils/arkos-router/utils/helpers/apply-arkos-router-proxy\";\n\nlet appServer: Server<typeof IncomingMessage, typeof ServerResponse>;\nconst docsLink =\n  \"https://www.arkosjs.com/docs/core-concepts/routing/setup#setting-up-your-app\";\nlet instanciated = false;\n\n/**\n * Creates and configures an Arkos application instance.\n *\n * Arkos extends Express with a small set of methods for registering routers,\n * loading route/service hooks, and booting the application. All Arkos-specific\n * setup (`app.build()`) must happen before the app starts\n * accepting requests.\n *\n * @example\n * ```ts\n * // Simple setup\n * import arkos from \"arkos\";\n *\n * const app = arkos();\n *\n * app.use(reportsRouter);\n *\n * app.listen();\n * ```\n *\n * @example\n * ```ts\n * // Custom HTTP server (e.g. for WebSockets)\n * import arkos from \"arkos\";\n * import http from \"http\";\n *\n * const app = arkos();\n *\n * app.use(reportsRouter);\n *\n * async function start() {\n *  await app.build();\n *\n *  const server = http.createServer(app);\n *  app.listen(server)\n * }\n * main()\n * ```\n *\n * @see {@link https://www.arkosjs.com/docs/core-concepts/routing/setup}\n */\nexport function arkos(): Arkos {\n  if (instanciated)\n    throw ExitError(`arkos() must be called only once, see ${docsLink}`);\n\n  const app = applyArkosRouterProxy(express(), {}, \"app\") as any as Arkos;\n  setupApp(app);\n  instanciated = true;\n\n  type AppState = \"idle\" | \"building\" | \"built\" | \"listening\";\n  let state: AppState = \"idle\";\n\n  app.load = (...items: ArkosLoadable[]) => {\n    if (state !== \"idle\")\n      throw ExitError(\n        `app.load() must be called before app.${state === \"listening\" ? \"listen\" : \"build\"}(), see ${docsLink}`\n      );\n\n    if (Array.isArray(items[0])) items = items[0];\n    items = Array.isArray(items) ? items : [items];\n\n    items.forEach((item) => loadableRegistry.register(item));\n    return app;\n  };\n\n  function loadApp() {\n    let _app = initializeApp(app);\n    _app = addGlobalErrorHandler(_app);\n    if (process.env.CLI_COMMAND) runtimeCliCommander.handle();\n    return _app;\n  }\n\n  app.build = function () {\n    if (state === \"built\" || state === \"building\")\n      throw ExitError(`app.build() must only be called once, see ${docsLink}`);\n    if (state === \"listening\")\n      throw ExitError(\n        `app.build() must be called before app.listen(), see ${docsLink}`\n      );\n\n    state = \"building\";\n    const _app = loadApp();\n    state = \"built\";\n    return _app;\n  };\n\n  const originalListen = app.listen.bind(app) as any as Express[\"listen\"];\n  type UserCallback = (err?: Error) => void;\n\n  const defaultCb = (\n    port: number | string,\n    host: string,\n    cb?: UserCallback\n  ) => {\n    logAppStartup(port, host);\n    return cb || function () {};\n  };\n\n  app.listen = async function (...args): Promise<Server> {\n    if (state === \"listening\")\n      throw ExitError(`app.listen() must only be called once, see ${docsLink}`);\n    if (state === \"building\")\n      throw ExitError(\n        `app.build() must be awaited before calling app.listen(), see ${docsLink}`\n      );\n\n    if (state === \"idle\") {\n      state = \"listening\";\n      loadApp();\n    }\n\n    const port = Number(process.env.__PORT || process.env.PORT || \"8000\");\n    const host = process.env.__HOST! || process.env.HOST || \"0.0.0.0\";\n\n    if ((args as any)?.length === 0 || typeof args[0] === \"function\")\n      appServer = originalListen(\n        port,\n        host,\n        defaultCb(port, host, args[0] as UserCallback)\n      );\n    else if (args[0] instanceof Server || typeof args[0] === \"object\")\n      appServer = args[0].listen(\n        port,\n        host,\n        defaultCb(port, host, args[1] as UserCallback)\n      );\n\n    return appServer;\n  };\n\n  return app;\n}\n\nexport function getAppServer() {\n  return appServer;\n}\n"]}

package/dist/cjs/exports/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/exports/index.ts"],"names":[],"mappings":";;;;;;AACA,uEAAmE;AA4BjE,+FA5BO,gCAAc,OA4BP;AA3BhB,sCAA2C;AA+BzC,+FA/BO,uBAAc,OA+BP;AA9BhB,yEAAgD;AAiC9C,sBAjCK,sBAAW,CAiCL;AAvBb,4DAAmE;AAmBjE,yGAnBO,yCAAwB,OAmBP;AAlB1B,gCAA+B;AAC/B,qEAAgE;AAmB9D,+FAnBO,iCAAc,OAmBP;AAlBhB,yEAAoE;AAmBlE,iGAnBO,qCAAgB,OAmBP;AAjBlB,6DAAyD;AAqBvD,4FArBO,0BAAW,OAqBP;AAIb,kBAAe,WAAK,CAAC","sourcesContent":["import { RouterConfig } from \"../types/router-config\";\nimport { BaseController } from \"./../modules/base/base.controller\";\nimport { getArkosConfig } from \"../server\";\nimport ArkosRouter from \"../utils/arkos-router\";\nimport { IArkosRouter } from \"../utils/arkos-router/types\";\nimport { ArkosRouteConfig } from \"../utils/arkos-router/types\";\nimport {\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n} from \"../types\";\nimport { ArkosConfig } from \"../types/new-arkos-config\";\nimport { loadEnvironmentVariables } from \"../utils/dotenv.helpers\";\nimport { arkos } from \"../app\";\nimport { ArkosRouteHook } from \"../components/arkos-route-hook\";\nimport { ArkosServiceHook } from \"../components/arkos-service-hook\";\nimport { ArkosRouteHookInstance } from \"../components/arkos-route-hook/types\";\nimport { ArkosPolicy } from \"../components/arkos-policy\";\nimport { IArkosPolicy } from \"../components/arkos-policy/types\";\nimport type { ArkosLoadable } from \"../types/arkos\";\n\nexport {\n  ArkosLoadable,\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n  IArkosRouter,\n  BaseController,\n  ArkosConfig,\n  RouterConfig,\n  loadEnvironmentVariables,\n  getArkosConfig,\n  ArkosRouteHook,\n  ArkosServiceHook,\n  ArkosRouter,\n  ArkosRouteConfig,\n  ArkosRouteHookInstance,\n  ArkosPolicy,\n  IArkosPolicy,\n};\n\nexport default arkos;\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/exports/index.ts"],"names":[],"mappings":";;;;;;AACA,uEAAmE;AA4BjE,+FA5BO,gCAAc,OA4BP;AA3BhB,sCAA2C;AAgCzC,+FAhCO,uBAAc,OAgCP;AA/BhB,yEAAgD;AAkC9C,sBAlCK,sBAAW,CAkCL;AAxBb,4DAAmE;AAoBjE,yGApBO,yCAAwB,OAoBP;AAnB1B,gCAA+B;AAC/B,qEAAgE;AAoB9D,+FApBO,iCAAc,OAoBP;AAnBhB,yEAAoE;AAoBlE,iGApBO,qCAAgB,OAoBP;AAlBlB,6DAAyD;AAsBvD,4FAtBO,0BAAW,OAsBP;AAIb,kBAAe,WAAK,CAAC","sourcesContent":["import { RouterConfig, RouteHook } from \"../types/router-config\";\nimport { BaseController } from \"./../modules/base/base.controller\";\nimport { getArkosConfig } from \"../server\";\nimport ArkosRouter from \"../utils/arkos-router\";\nimport { IArkosRouter } from \"../utils/arkos-router/types\";\nimport { ArkosRouteConfig } from \"../utils/arkos-router/types\";\nimport {\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n} from \"../types\";\nimport { ArkosConfig } from \"../types/new-arkos-config\";\nimport { loadEnvironmentVariables } from \"../utils/dotenv.helpers\";\nimport { arkos } from \"../app\";\nimport { ArkosRouteHook } from \"../components/arkos-route-hook\";\nimport { ArkosServiceHook } from \"../components/arkos-service-hook\";\nimport { ArkosRouteHookInstance } from \"../components/arkos-route-hook/types\";\nimport { ArkosPolicy } from \"../components/arkos-policy\";\nimport { IArkosPolicy } from \"../components/arkos-policy/types\";\nimport type { ArkosLoadable } from \"../types/arkos\";\n\nexport {\n  ArkosLoadable,\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n  IArkosRouter,\n  BaseController,\n  ArkosConfig,\n  RouterConfig,\n  RouteHook,\n  loadEnvironmentVariables,\n  getArkosConfig,\n  ArkosRouteHook,\n  ArkosServiceHook,\n  ArkosRouter,\n  ArkosRouteConfig,\n  ArkosRouteHookInstance,\n  ArkosPolicy,\n  IArkosPolicy,\n};\n\nexport default arkos;\n"]}

package/dist/cjs/modules/auth/auth.service.js

@@ -22,8 +22,14 @@ class AuthService {
         this.authenticate = (0, catch_async_1.default)(async (req, _, next) => {
             const hooks = (0, server_1.getArkosConfig)()?.authentication?.hooks?.authenticate;
             const before = await this.runHooks(hooks?.before, req);
-            if (before.stopped && !before.skipped)
-                return before.error ? next(before.error) : next();
+            if (before.error) {
+                const onError = await this.runErrorHooks(hooks?.onError, before.error, req);
+                if (onError.skipped) {
+                    const after = await this.runAfterHooks(hooks?.after, req);
+                    return after.error ? next(after.error) : next();
+                }
+                return next(onError.error);
+            }
             if (!before.skipped) {
                 try {
                     if ((0, arkos_config_helpers_1.isAuthenticationEnabled)()) {
@@ -39,90 +45,75 @@ class AuthService {
                         const after = await this.runAfterHooks(hooks?.after, req);
                         return after.error ? next(after.error) : next();
                     }
-                    return next(onError.error ?? err);
+                    return next(onError.error);
                 }
             }
             const after = await this.runAfterHooks(hooks?.after, req);
-            if (after.stopped)
-                return after.error ? next(after.error) : next();
+            if (after.error)
+                return next(after.error);
             next();
         });
     }
-    async runHooks(hooks, req) {
+    async runHooks(hooks, req, ctx) {
         if (!hooks)
-            return { stopped: false, skipped: false };
+            return { skipped: false };
         const hookArray = Array.isArray(hooks) ? hooks : [hooks];
         for (const hook of hookArray) {
-            let nextCalled = false;
             let skipCalled = false;
-            let hookErr;
-            await hook({
-                req,
-                next: (err) => {
-                    nextCalled = true;
-                    hookErr = err;
-                },
-                skip: () => {
-                    skipCalled = true;
-                },
-            });
-            if (hookErr)
-                return { stopped: true, skipped: false, error: hookErr };
+            try {
+                await hook({
+                    req,
+                    skip: () => {
+                        skipCalled = true;
+                    },
+                    ...ctx,
+                });
+            }
+            catch (err) {
+                return { skipped: false, error: err };
+            }
             if (skipCalled)
-                return { stopped: true, skipped: true };
-            if (nextCalled)
-                return { stopped: true, skipped: false };
+                return { skipped: true };
         }
-        return { stopped: false, skipped: false };
+        return { skipped: false };
     }
-    async runAfterHooks(hooks, req) {
+    async runAfterHooks(hooks, req, ctx) {
         if (!hooks)
-            return { stopped: false };
+            return {};
         const hookArray = Array.isArray(hooks) ? hooks : [hooks];
         for (const hook of hookArray) {
-            let nextCalled = false;
-            let hookErr;
-            await hook({
-                req,
-                next: (err) => {
-                    nextCalled = true;
-                    hookErr = err;
-                },
-            });
-            if (hookErr)
-                return { stopped: true, error: hookErr };
-            if (nextCalled)
-                return { stopped: true };
+            try {
+                await hook({ req, ...ctx });
+            }
+            catch (err) {
+                return { error: err };
+            }
         }
-        return { stopped: false };
+        return {};
     }
-    async runErrorHooks(hooks, error, req) {
+    async runErrorHooks(hooks, error, req, ctx) {
         if (!hooks)
-            return { stopped: false, skipped: false };
+            return { skipped: false, error };
         const hookArray = Array.isArray(hooks) ? hooks : [hooks];
         for (const hook of hookArray) {
-            let nextCalled = false;
             let skipCalled = false;
-            let hookErr;
-            await hook({
-                req,
-                error,
-                next: (err) => {
-                    nextCalled = true;
-                    hookErr = err;
-                },
-                skip: () => {
-                    skipCalled = true;
-                },
-            });
-            if (hookErr)
-                return { stopped: true, skipped: false, error: hookErr };
+            try {
+                await hook({
+                    req,
+                    error,
+                    skip: () => {
+                        skipCalled = true;
+                    },
+                    ...ctx,
+                });
+            }
+            catch (err) {
+                return { skipped: false, error: err };
+            }
             if (skipCalled)
-                return { stopped: true, skipped: true };
-            if (nextCalled)
-                return { stopped: true, skipped: false };
+                return { skipped: true };
         }
-        return { stopped: false, skipped: false };
+        return { skipped: false, error };
     }
     signJwtToken(id, expiresIn, secret) {
         const { authentication: configs } = (0, server_1.getArkosConfig)();
@@ -333,9 +324,23 @@ class AuthService {
         auth_action_service_1.default.add(action, resource, { [action]: rule });
         return (0, catch_async_1.default)(async (req, _, next) => {
             const hooks = (0, server_1.getArkosConfig)()?.authentication?.hooks?.authorize;
-            const before = await this.runHooks(hooks?.before, req);
-            if (before.stopped && !before.skipped)
-                return before.error ? next(before.error) : next();
+            const before = await this.runHooks(hooks?.before, req, {
+                action,
+                resource,
+                rule,
+            });
+            if (before.error) {
+                const onError = await this.runErrorHooks(hooks?.onError, before.error, req, { action, resource, rule });
+                if (onError.skipped) {
+                    const after = await this.runAfterHooks(hooks?.after, req, {
+                        action,
+                        resource,
+                        rule,
+                    });
+                    return after.error ? next(after.error) : next();
+                }
+                return next(onError.error);
+            }
             if (!before.skipped) {
                 try {
                     if (req.user) {
@@ -357,17 +362,29 @@ class AuthService {
                     }
                 }
                 catch (err) {
-                    const onError = await this.runErrorHooks(hooks?.onError, err, req);
+                    const onError = await this.runErrorHooks(hooks?.onError, err, req, {
+                        action,
+                        resource,
+                        rule,
+                    });
                     if (onError.skipped) {
-                        const after = await this.runAfterHooks(hooks?.after, req);
+                        const after = await this.runAfterHooks(hooks?.after, req, {
+                            action,
+                            resource,
+                            rule,
+                        });
                         return after.error ? next(after.error) : next();
                     }
-                    return next(onError.error ?? err);
+                    return next(onError.error);
                 }
             }
-            const after = await this.runAfterHooks(hooks?.after, req);
-            if (after.stopped)
-                return after.error ? next(after.error) : next();
+            const after = await this.runAfterHooks(hooks?.after, req, {
+                action,
+                resource,
+                rule,
+            });
+            if (after.error)
+                return next(after.error);
             next();
         });
     }

package/dist/cjs/modules/auth/auth.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../../src/modules/auth/auth.service.ts"],"names":[],"mappings":";;;;;;AAAA,gEAAgD;AAChD,wDAA8B;AAE9B,qFAA4D;AAC5D,iFAAwD;AACxD,+DAAoD;AACpD,yCAA8C;AAC9C,sEAA6C;AAC7C,uEAAuE;AAevE,qFAA2E;AAC3E,mEAGoC;AACpC,+FAAqE;AACrE,mFAGkD;AAUlD,MAAa,WAAW;IAAxB;QAIE,uBAAkB,GAAgC,EAAE,CAAC;QAqmBrD,iBAAY,GAAG,IAAA,qBAAU,EACvB,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,MAAM,KAAK,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,CAAC;YAEpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACvD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO;gBACnC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,IAAI,IAAA,8CAAuB,GAAE,EAAE,CAAC;wBAC9B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAS,CAAC;wBAC5D,IAAI,CAAC,IAAI;4BAAE,MAAM,uCAAkB,CAAC;wBACpC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;oBAClB,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;oBACnE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;wBAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEnE,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IA0LJ,CAAC;IA/yBS,KAAK,CAAC,QAAQ,CACpB,KAAsD,EACtD,GAAiB;QAEjB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAEtD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,IAAI,OAAgB,CAAC;YAErB,MAAM,IAAI,CAAC;gBACT,GAAG;gBACH,IAAI,EAAE,CAAC,GAAa,EAAE,EAAE;oBACtB,UAAU,GAAG,IAAI,CAAC;oBAClB,OAAO,GAAG,GAAG,CAAC;gBAChB,CAAC;gBACD,IAAI,EAAE,GAAG,EAAE;oBACT,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,OAAO;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACtE,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACxD,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3D,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAcO,KAAK,CAAC,aAAa,CACzB,KAAgE,EAChE,GAAiB;QAEjB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAEtC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,IAAI,OAAgB,CAAC;YAErB,MAAM,IAAI,CAAC;gBACT,GAAG;gBACH,IAAI,EAAE,CAAC,GAAa,EAAE,EAAE;oBACtB,UAAU,GAAG,IAAI,CAAC;oBAClB,OAAO,GAAG,GAAG,CAAC;gBAChB,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,OAAO;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACtD,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAaO,KAAK,CAAC,aAAa,CACzB,KAAgE,EAChE,KAAc,EACd,GAAiB;QAEjB,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAEtD,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,IAAI,UAAU,GAAG,KAAK,CAAC;YACvB,IAAI,OAAgB,CAAC;YAErB,MAAM,IAAI,CAAC;gBACT,GAAG;gBACH,KAAK;gBACL,IAAI,EAAE,CAAC,GAAa,EAAE,EAAE;oBACtB,UAAU,GAAG,IAAI,CAAC;oBAClB,OAAO,GAAG,GAAG,CAAC;gBAChB,CAAC;gBACD,IAAI,EAAE,GAAG,EAAE;oBACT,UAAU,GAAG,IAAI,CAAC;gBACpB,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,OAAO;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;YACtE,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;YACxD,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAC3D,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5C,CAAC;IAUD,YAAY,CACV,EAAmB,EACnB,SAA+B,EAC/B,MAAe;QAEf,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,IAAA,uBAAc,GAAE,CAAC;QAErD,IACE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM;YAClC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU;YACvB,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM;YAErB,MAAM,IAAI,mBAAQ,CAChB,mCAAmC,EACnC,GAAG,EACH,wBAAwB,CACzB,CAAC;QAEJ,MAAM;YACJ,MAAM;gBACN,OAAO,EAAE,GAAG,EAAE,MAAM;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU;gBACtB,mBAAQ,CAAC,UAAU,CAAC;QAEtB,SAAS,GAAG,CAAC,SAAS;YACpB,OAAO,EAAE,GAAG,EAAE,SAAS;YACvB,OAAO,CAAC,GAAG,CAAC,cAAc;YAC1B,mBAAQ,CAAC,cAAc,CAAmC,CAAC;QAE7D,OAAO,sBAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YAC9B,SAAS,EAAE,SAAuB;SACnC,CAAC,CAAC;IACL,CAAC;IAoBD,mBAAmB,CAAC,GAAiB;QACnC,MAAM,WAAW,GAAG,IAAA,uBAAc,GAAE,CAAC;QACrC,MAAM,WAAW,GAAG,WAAW,EAAE,cAAc,CAAC;QAEhD,IAAI,CAAC,GAAG;YACN,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAExE,MAAM,QAAQ,GACZ,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ;YACjC,OAAO,CAAC,GAAG,CAAC,oBAIC;YACd,KAAK,CAAC;QAER,OAAO;YACL,OAAO,EAAE,IAAI,IAAI,CACf,IAAI,CAAC,GAAG,EAAE;gBACR,MAAM,CACJ,IAAA,8BAAI,EACF,WAAW,EAAE,GAAG,EAAE,SAAS;oBACxB,OAAO,CAAC,GAAG,CAAC,cAA6B;oBACzC,mBAAQ,CAAC,cAA6B,CAC1C,CACF,CACJ;YACD,QAAQ,EACN,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ;gBAClC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,SAAS;oBAC7C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;oBAC7C,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI;YACN,MAAM,EAAE,CAAC,GAAG,EAAE;gBACZ,IAAI,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,KAAK,SAAS;oBAChD,OAAO,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC;qBACrC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;oBAClD,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;;oBAC7C,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,OAAO,CAAC;YACzE,CAAC,CAAC,EAAE;YACJ,QAAQ;SACT,CAAC;IACJ,CAAC;IAaD,gBAAgB,CAAC,QAAgB;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACvD,CAAC;IASD,KAAK,CAAC,iBAAiB,CACrB,iBAAyB,EACzB,YAAoB;QAEpB,OAAO,MAAM,kBAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAC/D,CAAC;IAQD,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,MAAM,kBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACzC,CAAC;IAmBM,gBAAgB,CAAC,QAAgB;QACtC,MAAM,eAAe,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,CAAC;QAEzD,MAAM,mBAAmB,GACvB,eAAe,EAAE,kBAAkB,EAAE,KAAK;YAC1C,oCAAoC,CAAC;QACvC,OAAO,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IASD,wBAAwB,CAAC,IAAU,EAAE,YAAoB;QACvD,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,kBAAkB,GAAG,QAAQ,CACjC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EACzD,EAAE,CACH,CAAC;YAEF,OAAO,YAAY,GAAG,kBAAkB,CAAC;QAC3C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAUD,KAAK,CAAC,cAAc,CAClB,KAAa,EACb,MAAe;QAEf,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,IAAA,uBAAc,GAAE,CAAC;QAErD,IACE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM;YAClC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU;YACvB,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM;YAErB,MAAM,IAAI,mBAAQ,CAChB,kCAAkC,EAClC,GAAG,EACH,8BAA8B,CAC/B,CAAC;QAEJ,MAAM;YACJ,MAAM;gBACN,OAAO,EAAE,GAAG,EAAE,MAAM;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU;gBACtB,mBAAQ,CAAC,UAAU,CAAC;QAEtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACzC,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,CAAC,OAAyB,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB,CAAC,MAA2B;QAClD,OAAO,MAAM,KAAK,GAAG,CAAC;IACxB,CAAC;IAEO,UAAU,CAAC,MAA2B;QAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAEO,aAAa,CACnB,MAA2B;QAE3B,OAAO,CACL,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CACxE,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAC1B,IAA4D;QAE5D,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QACrB,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACrC,OAAO,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAEO,sBAAsB,CAC5B,MAAoB,EACpB,aAAkC;QAElC,IAAI,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,OAAO,aAAa,CAAC;QACzD,IAAI,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;YACnC,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1D,OAAO,EAAE,CAAC;IACZ,CAAC;IAYS,wBAAwB,CAChC,IAAU,EACV,MAAc,EACd,aAAkC;QAElC,IAAI,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK;YAC5B,MAAM,KAAK,CACT,qHAAqH,CACtH,CAAC;QAEJ,IAAI,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAExE,OAAO,CACL,eAAe,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG;YAC5B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CACnE,CAAC;IACJ,CAAC;IAWS,KAAK,CAAC,yBAAyB,CACvC,MAAc,EACd,MAAc,EACd,QAAgB;QAEhB,MAAM,MAAM,GAAG,IAAA,kCAAiB,GAAE,CAAC;QACnC,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;YACxC,KAAK,EAAE;gBACL,MAAM;gBACN,IAAI,EAAE;oBACJ,WAAW,EAAE;wBACX,IAAI,EAAE;4BACJ,QAAQ;4BACR,MAAM;yBACP;qBACF;iBACF;aACF;YACD,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC,CAAC;IACN,CAAC;IAYD,mBAAmB,CACjB,MAAoB,EACpB,QAAgB,EAChB,aAAmC;QAEnC,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEvD,OAAO,IAAA,qBAAU,EACf,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,GAAG,CAAC,IAAY,CAAC;gBAC9B,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;gBAEjC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,IAAI,EAAE,CAAC;oBACP,OAAO;gBACT,CAAC;gBAED,MAAM,yBAAyB,GAAG,IAAI,mBAAQ,CAC5C,kDAAkD,EAClD,GAAG,EACH,sBAAsB,CACvB,CAAC;gBAEF,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;oBAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACxD,IAAI,CAAC,EAAE,EACP,MAAM,EACN,QAAQ,CACT,CAAC;oBAEF,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAC7D,CAAC;qBAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACtD,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;oBAE3D,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CACjD,IAAI,EACJ,MAAM,EACN,aAAa,CACd,CAAC;oBAEF,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IACJ,CAAC;IAQD,KAAK,CAAC,oBAAoB,CAAC,GAAiB;QAC1C,IAAI,CAAC,IAAA,8CAAuB,GAAE;YAC5B,MAAM,KAAK,CACT,oGAAoG,CACrG,CAAC;QAEJ,MAAM,MAAM,GAAG,IAAA,kCAAiB,GAAE,CAAC;QAEnC,IAAI,KAAyB,CAAC;QAE9B,IACE,GAAG,EAAE,OAAO,EAAE,aAAa;YAC3B,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC;YAChD,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAE7C,KAAK,GAAG,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAEpD,IACE,CAAC,KAAK;YACN,GAAG,EAAE,OAAO,EAAE,kBAAkB,KAAK,UAAU;YAC/C,GAAG,CAAC,OAAO,EACX,CAAC;YACD,KAAK,GAAG,GAAG,EAAE,OAAO,EAAE,kBAAkB,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,OAAmC,CAAC;QAExC,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,yCAAoB,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,EAAE;YAAE,MAAM,yCAAoB,CAAC;QAC7C,MAAM,IAAI,GAAe,MAAO,MAAc,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7D,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,mBAAQ,CAChB,wDAAwD,EACxD,GAAG,EACH,oBAAoB,CACrB,CAAC;QAEJ,IACE,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC,GAAI,CAAC;YACjD,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC;YAE/B,MAAM,IAAI,mBAAQ,CAChB,sDAAsD,EACtD,GAAG,EACH,iBAAiB,CAClB,CAAC;QAEJ,GAAG,CAAC,WAAW,GAAG,KAAK,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAwGD,SAAS,CACP,MAAoB,EACpB,QAAgB,EAChB,IAAiD;QAEjD,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5D,OAAO,IAAA,qBAAU,EACf,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,MAAM,KAAK,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,CAAC;YAEjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACvD,IAAI,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO;gBACnC,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,MAAM,IAAI,GAAG,GAAG,CAAC,IAAY,CAAC;wBAC9B,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;wBAEjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;4BACtB,MAAM,yBAAyB,GAAG,IAAI,mBAAQ,CAC5C,mDAAmD,EACnD,GAAG,EACH,sBAAsB,CACvB,CAAC;4BAEF,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gCAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACxD,IAAI,CAAC,EAAE,EACP,MAAM,EACN,QAAQ,CACT,CAAC;gCACF,IAAI,CAAC,aAAa;oCAAE,MAAM,yBAAyB,CAAC;4BACtD,CAAC;iCAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gCACtD,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CACjD,IAAI,EACJ,MAAM,EACN,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CACnB,CAAC;gCACF,IAAI,CAAC,aAAa;oCAAE,MAAM,yBAAyB,CAAC;4BACtD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;oBACnE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;wBAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,OAAO;gBAAE,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAEnE,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IACJ,CAAC;IAWD,2BAA2B,CACzB,MAAoB,EACpB,qBAA+D;QAE/D,IAAI,qBAAqB,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;YACvE,IAAI,qBAAqB,CAAC,MAAM,CAAC,KAAK,KAAK;gBAAE,OAAO,2BAAQ,CAAC;iBACxD,IAAI,qBAAqB,CAAC,MAAM,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAC5E,CAAC;;YAAM,OAAO,IAAI,CAAC,YAAY,CAAC;QAEhC,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAyBD,UAAU,CACR,MAAc,EACd,QAAgB,EAChB,aAAmC;QAGnC,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC,KAAK,CAAC;QAEhC,IAAI,KAAK,EAAE,QAAQ,CAAC,0CAA0C,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;QAEJ,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEvD,OAAO,KAAK,EAAE,IAAsB,EAAoB,EAAE;YAExD,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;YAEjC,IAAI,CAAC,IAAA,4CAAqB,GAAE;gBAC1B,MAAM,KAAK,CACT,2FAA2F,CAC5F,CAAC;YAEJ,IAAI,CAAC,IAAA,8CAAuB,GAAE;gBAAE,OAAO,KAAK,CAAC;YAC7C,IAAI,CAAC,IAAI;gBAAE,MAAM,uCAAkB,CAAC;YACpC,IAAI,IAAI,EAAE,WAAW;gBAAE,OAAO,IAAI,CAAC;YAEnC,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gBAChD,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC;iBAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtD,OAAO,CACL,CAAC,CAAC,aAAa;oBACf,IAAI,CAAC,wBAAwB,CAAC,IAAW,EAAE,MAAM,EAAE,aAAa,CAAC,CAClE,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;IACJ,CAAC;CACF;AAj0BD,kCAi0BC;AAKD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAEtC,kBAAe,WAAW,CAAC","sourcesContent":["import jwt, { SignOptions } from \"jsonwebtoken\";\nimport bcrypt from \"bcryptjs\";\nimport { User } from \"../../types\";\nimport catchAsync from \"../error-handler/utils/catch-async\";\nimport AppError from \"../error-handler/utils/app-error\";\nimport { callNext } from \"../base/base.middlewares\";\nimport { getArkosConfig } from \"../../server\";\nimport arkosEnv from \"../../utils/arkos-env\";\nimport { getPrismaInstance } from \"../../utils/helpers/prisma.helpers\";\nimport {\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n} from \"../../types\";\nimport {\n  AuthJwtPayload,\n  AccessAction,\n  AccessControlConfig,\n  AuthenticationControlConfig,\n  AccessControlRules,\n  DetailedAccessControlRule,\n} from \"../../types/auth\";\nimport { MsDuration, toMs } from \"./utils/helpers/auth.controller.helpers\";\nimport {\n  invaliAuthTokenError,\n  loginRequiredError,\n} from \"./utils/auth-error-objects\";\nimport authActionService from \"./utils/services/auth-action.service\";\nimport {\n  isAuthenticationEnabled,\n  isUsingAuthentication,\n} from \"../../utils/helpers/arkos-config.helpers\";\nimport {\n  AuthAfterHookHandler,\n  AuthErrorHookHandler,\n  AuthHookHandler,\n} from \"../../types/arkos-config/utils\";\n\n/**\n * Handles various authentication-related tasks such as JWT signing, password hashing, and verifying user credentials.\n */\nexport class AuthService {\n  /**\n   * Object containing a combination of actions per resource, tracked by each set of calls of `authService.handleAccessControl`, this can be accessed through the `authService` object or through the endpoint\n   */\n  actionsPerResource: Record<string, Set<string>> = {};\n\n  /**\n   * Runs a chain of `before` hooks in sequence.\n   *\n   * Each hook receives a `ctx` object with `req`, `next`, and `skip`.\n   *\n   * - If a hook calls `ctx.next(err)` — chain aborts and forwards to the global error handler.\n   * - If a hook calls `ctx.next()` — chain stops, no further hooks run, core logic is skipped.\n   * - If a hook calls `ctx.skip()` — chain stops, core logic is bypassed, jumps to `after` hooks.\n   * - If a hook returns without calling anything — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ stopped, skipped, error? }`\n   */\n  private async runHooks(\n    hooks: AuthHookHandler | AuthHookHandler[] | undefined,\n    req: ArkosRequest\n  ): Promise<{ stopped: boolean; skipped: boolean; error?: unknown }> {\n    if (!hooks) return { stopped: false, skipped: false };\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      let nextCalled = false;\n      let skipCalled = false;\n      let hookErr: unknown;\n\n      await hook({\n        req,\n        next: (err?: unknown) => {\n          nextCalled = true;\n          hookErr = err;\n        },\n        skip: () => {\n          skipCalled = true;\n        },\n      });\n\n      if (hookErr) return { stopped: true, skipped: false, error: hookErr };\n      if (skipCalled) return { stopped: true, skipped: true };\n      if (nextCalled) return { stopped: true, skipped: false };\n    }\n\n    return { stopped: false, skipped: false };\n  }\n\n  /**\n   * Runs a chain of `after` hooks in sequence.\n   *\n   * Each hook receives a `ctx` object with `req` and `next` only — no `skip` since\n   * there is nothing meaningful to skip to after the pipeline has completed.\n   *\n   * - If a hook calls `ctx.next(err)` — chain aborts and forwards to the global error handler.\n   * - If a hook calls `ctx.next()` — chain stops, no further hooks run.\n   * - If a hook returns without calling anything — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ stopped, error? }`\n   */\n  private async runAfterHooks(\n    hooks: AuthAfterHookHandler | AuthAfterHookHandler[] | undefined,\n    req: ArkosRequest\n  ): Promise<{ stopped: boolean; error?: unknown }> {\n    if (!hooks) return { stopped: false };\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      let nextCalled = false;\n      let hookErr: unknown;\n\n      await hook({\n        req,\n        next: (err?: unknown) => {\n          nextCalled = true;\n          hookErr = err;\n        },\n      });\n\n      if (hookErr) return { stopped: true, error: hookErr };\n      if (nextCalled) return { stopped: true };\n    }\n\n    return { stopped: false };\n  }\n\n  /**\n   * Runs a chain of `onError` hooks in sequence.\n   *\n   * Each hook receives a `ctx` object with `req`, `error`, `next`, and `skip`.\n   *\n   * - If a hook calls `ctx.next(err)` — chain aborts and forwards the error (original or replaced) to the global error handler.\n   * - If a hook calls `ctx.skip()` — suppresses the error and jumps to `after` hooks.\n   * - If a hook returns without calling anything — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ stopped, skipped, error? }`\n   */\n  private async runErrorHooks(\n    hooks: AuthErrorHookHandler | AuthErrorHookHandler[] | undefined,\n    error: unknown,\n    req: ArkosRequest\n  ): Promise<{ stopped: boolean; skipped: boolean; error?: unknown }> {\n    if (!hooks) return { stopped: false, skipped: false };\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      let nextCalled = false;\n      let skipCalled = false;\n      let hookErr: unknown;\n\n      await hook({\n        req,\n        error,\n        next: (err?: unknown) => {\n          nextCalled = true;\n          hookErr = err;\n        },\n        skip: () => {\n          skipCalled = true;\n        },\n      });\n\n      if (hookErr) return { stopped: true, skipped: false, error: hookErr };\n      if (skipCalled) return { stopped: true, skipped: true };\n      if (nextCalled) return { stopped: true, skipped: false };\n    }\n\n    return { stopped: false, skipped: false };\n  }\n\n  /**\n   * Signs a JWT token for the user.\n   *\n   * @param {number | string} id - The unique identifier of the user to generate the token for.\n   * @param {string | number} [expiresIn] - The expiration time for the token. Defaults to environment variable `JWT_EXPIRES_IN`.\n   * @param {string} [secret] - The secret key used to sign the token. Defaults to environment variable `JWT_SECRET`.\n   * @returns {string} The signed JWT token.\n   */\n  signJwtToken(\n    id: number | string,\n    expiresIn?: MsDuration | number,\n    secret?: string\n  ): string {\n    const { authentication: configs } = getArkosConfig();\n\n    if (\n      process.env.ARKOS_BUILD === \"true\" &&\n      !process.env.JWT_SECRET &&\n      !configs?.jwt?.secret\n    )\n      throw new AppError(\n        \"Missing JWT secret on production!\",\n        500,\n        \"MissingJWTOnProduction\"\n      );\n\n    secret =\n      secret ||\n      configs?.jwt?.secret ||\n      process.env.JWT_SECRET ||\n      arkosEnv.JWT_SECRET;\n\n    expiresIn = (expiresIn ||\n      configs?.jwt?.expiresIn ||\n      process.env.JWT_EXPIRES_IN ||\n      arkosEnv.JWT_EXPIRES_IN) as keyof SignOptions[\"expiresIn\"];\n\n    return jwt.sign({ id }, secret, {\n      expiresIn: expiresIn as MsDuration,\n    });\n  }\n\n  /**\n   * Retrieves cookie configuration options for JWT authentication.\n   *\n   * Merges configuration from multiple sources in order of precedence:\n   * 1. Arkos configuration file\n   * 2. Environment variables\n   * 3. Request properties (for secure flag)\n   * 4. Default fallback values\n   *\n   * @param req - ArkosRequest object used to determine if the connection is secure\n   * @returns Cookie options object with expires, httpOnly, secure, and sameSite properties\n   *\n   * @example\n   * ```typescript\n   * const cookieOptions = authService.getJwtCookieOptions(req);\n   * res.cookie('jwt', token, cookieOptions);\n   * ```\n   */\n  getJwtCookieOptions(req: ArkosRequest) {\n    const arkosConfig = getArkosConfig();\n    const authConfigs = arkosConfig?.authentication;\n\n    if (!req)\n      throw new Error(\"Missing req object in order get jwt cookie options\");\n\n    const sameSite =\n      authConfigs?.jwt?.cookie?.sameSite ||\n      (process.env.JWT_COOKIE_SAME_SITE as\n        | \"none\"\n        | \"lax\"\n        | \"strict\"\n        | undefined) ||\n      \"lax\";\n\n    return {\n      expires: new Date(\n        Date.now() +\n          Number(\n            toMs(\n              authConfigs?.jwt?.expiresIn ||\n                (process.env.JWT_EXPIRES_IN as MsDuration) ||\n                (arkosEnv.JWT_EXPIRES_IN as MsDuration)\n            )\n          )\n      ),\n      httpOnly:\n        authConfigs?.jwt?.cookie?.httpOnly ??\n        (process.env.JWT_COOKIE_HTTP_ONLY !== undefined\n          ? process.env.JWT_COOKIE_HTTP_ONLY === \"true\"\n          : undefined) ??\n        true,\n      secure: (() => {\n        if (authConfigs?.jwt?.cookie?.secure !== undefined)\n          return authConfigs?.jwt?.cookie?.secure;\n        else if (process.env.JWT_COOKIE_SECURE !== undefined)\n          return process.env.JWT_COOKIE_SECURE === \"true\";\n        else return req.secure || req.headers[\"x-forwarded-proto\"] === \"https\";\n      })(),\n      sameSite,\n    };\n  }\n\n  /**\n   * Is used by default internally by Arkos under `BaseService` class to check if the password is already hashed.\n   *\n   * This was just added to prevent unwanted errors when someone just forgets that the `BaseService` class will automatically hash the password field using `authService.hashPassword` by default.\n   *\n   * So now before `BaseService` hashes it will test it.\n   *\n   *\n   * @param password The password to be tested if is hashed\n   * @returns\n   */\n  isPasswordHashed(password: string) {\n    return !Number.isNaN(bcrypt.getRounds(password) * 1);\n  }\n\n  /**\n   * Compares a candidate password with the stored user password to check if they match.\n   *\n   * @param {string} candidatePassword - The password provided by the user during login.\n   * @param {string} userPassword - The password stored in the database.\n   * @returns {Promise<boolean>} Returns true if the passwords match, otherwise false.\n   */\n  async isCorrectPassword(\n    candidatePassword: string,\n    userPassword: string\n  ): Promise<boolean> {\n    return await bcrypt.compare(candidatePassword, userPassword);\n  }\n\n  /**\n   * Hashes a plain text password using bcrypt.\n   *\n   * @param {string} password - The password to be hashed.\n   * @returns {Promise<string>} Returns the hashed password.\n   */\n  async hashPassword(password: string): Promise<string> {\n    return await bcrypt.hash(password, 12);\n  }\n\n  /**\n   * Checks if a password is strong, requiring uppercase, lowercase, and numeric characters as the default.\n   *\n   * **NB**: You must pay attention when using custom validation with zod or class-validator, try to use the same regex always.\n   *\n   * **Note**: You can define it when calling arkos.init()\n   * ```ts\n   * arkos.init({\n   *  authentication: {\n   *    passwordValidation:{ regex: /your-desired-regex/, message: 'password must contain...'}\n   *  }\n   * })\n   * ```\n   *\n   * @param {string} password - The password to check.\n   * @returns {boolean} Returns true if the password meets the strength criteria, otherwise false.\n   */\n  public isPasswordStrong(password: string): boolean {\n    const initAuthConfigs = getArkosConfig()?.authentication;\n\n    const strongPasswordRegex =\n      initAuthConfigs?.passwordValidation?.regex ||\n      /^(?=.*[A-Z])(?=.*[a-z])(?=.*\\d).+$/;\n    return strongPasswordRegex.test(password);\n  }\n\n  /**\n   * Checks if a user has changed their password after the JWT was issued.\n   *\n   * @param {User} user - The user object containing the passwordChangedAt field.\n   * @param {number} JWTTimestamp - The timestamp when the JWT was issued.\n   * @returns {boolean} Returns true if the user changed their password after the JWT was issued, otherwise false.\n   */\n  userChangedPasswordAfter(user: User, JWTTimestamp: number): boolean {\n    if (user.passwordChangedAt) {\n      const convertedTimestamp = parseInt(\n        String(new Date(user.passwordChangedAt).getTime() / 1000),\n        10\n      );\n\n      return JWTTimestamp < convertedTimestamp;\n    }\n    return false;\n  }\n\n  /**\n   * Verifies the authenticity of a JWT token.\n   *\n   * @param {string} token - The JWT token to verify.\n   * @param {string} [secret] - The secret key used to verify the token. Defaults to environment variable `JWT_SECRET`.\n   * @returns {Promise<AuthJwtPayload>} Returns the decoded JWT payload if the token is valid.\n   * @throws {Error} Throws an error if the token is invalid or expired.\n   */\n  async verifyJwtToken(\n    token: string,\n    secret?: string\n  ): Promise<AuthJwtPayload> {\n    const { authentication: configs } = getArkosConfig();\n\n    if (\n      process.env.ARKOS_BUILD === \"true\" &&\n      !process.env.JWT_SECRET &&\n      !configs?.jwt?.secret\n    )\n      throw new AppError(\n        \"Missing JWT secret in production\",\n        500,\n        \"MissingJWTSecretInProduction\"\n      );\n\n    secret =\n      secret ||\n      configs?.jwt?.secret ||\n      process.env.JWT_SECRET ||\n      arkosEnv.JWT_SECRET;\n\n    return new Promise((resolve, reject) => {\n      jwt.verify(token, secret, (err, decoded) => {\n        if (err) reject(err);\n        else resolve(decoded as AuthJwtPayload);\n      });\n    });\n  }\n\n  private isWildcardAccess(config: AccessControlConfig): config is \"*\" {\n    return config === \"*\";\n  }\n\n  private isRoleList(config: AccessControlConfig): config is string[] {\n    return Array.isArray(config);\n  }\n\n  private isAccessRules(\n    config: AccessControlConfig\n  ): config is Partial<AccessControlRules> {\n    return (\n      typeof config === \"object\" && config !== null && !Array.isArray(config)\n    );\n  }\n\n  private normalizeRuleToRoles(\n    rule: string[] | DetailedAccessControlRule | \"*\" | undefined\n  ): string[] {\n    if (!rule) return [];\n    if (rule === \"*\") return [\"*\"];\n    if (Array.isArray(rule)) return rule;\n    return rule.roles === \"*\" ? [\"*\"] : (rule.roles ?? []);\n  }\n\n  private resolveAuthorizedRoles(\n    action: AccessAction,\n    accessControl: AccessControlConfig\n  ): string[] {\n    if (this.isWildcardAccess(accessControl)) return [\"*\"];\n    if (this.isRoleList(accessControl)) return accessControl;\n    if (this.isAccessRules(accessControl))\n      return this.normalizeRuleToRoles(accessControl[action]);\n    return [];\n  }\n\n  /**\n   * Checks if a user has permission for a specific action using static access control rules.\n   * Validates user roles against predefined access control configuration.\n   *\n   * @param user - The user object containing role or roles field\n   * @param action - The action being performed\n   * @param accessControl - Access control configuration (array of roles or object with action-role mappings)\n   * @returns True if user has permission, false otherwise\n   * @throws Error if user doesn't have role/roles field\n   */\n  protected checkStaticAccessControl(\n    user: User,\n    action: string,\n    accessControl: AccessControlConfig\n  ) {\n    if (!user?.role && !user.roles)\n      throw Error(\n        \"Validation Error: In order to use static authentication user needs at least role field or roles for multiple roles.\"\n      );\n\n    let authorizedRoles = this.resolveAuthorizedRoles(action, accessControl);\n\n    const userRoles = Array.isArray(user?.roles) ? user.roles : [user.role];\n\n    return (\n      authorizedRoles?.[0] === \"*\" ||\n      !!userRoles.some((role: string) => authorizedRoles.includes(role))\n    );\n  }\n\n  /**\n   * Checks if a user has permission for a specific action and resource using dynamic access control.\n   * Queries the database to verify user's role permissions.\n   *\n   * @param userId - The unique identifier of the user\n   * @param action - The action being performed\n   * @param resource - The resource being accessed\n   * @returns Promise resolving to true if user has permission, false otherwise\n   */\n  protected async checkDynamicAccessControl(\n    userId: string,\n    action: string,\n    resource: string\n  ) {\n    const prisma = getPrismaInstance();\n    return !!(await prisma.userRole.findFirst({\n      where: {\n        userId,\n        role: {\n          permissions: {\n            some: {\n              resource,\n              action,\n            },\n          },\n        },\n      },\n      select: { id: true },\n    }));\n  }\n\n  /**\n   * Middleware function to handle access control based on user roles and permissions.\n   *\n   * @param {AccessAction} action - The action being performed (e.g., create, update, delete, view).\n   * @param {string} resource - The resource name that the action is being performed on (e.g., \"User\", \"Post\").\n   * @param {AccessControlConfig} accessControl - The access control configuration.\n   * @returns {ArkosRequestHandler} The middleware function that checks if the user has permission to perform the action.\n   *\n   * @deprecated Will be removed on v2.0, use AuthService.authorize instead\n   */\n  handleAccessControl(\n    action: AccessAction,\n    resource: string,\n    accessControl?: AccessControlConfig\n  ): ArkosRequestHandler {\n    authActionService.add(action, resource, accessControl);\n\n    return catchAsync(\n      async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n        if (req.user) {\n          const user = req.user as User;\n          const configs = getArkosConfig();\n\n          if (user.isSuperUser) {\n            next();\n            return;\n          }\n\n          const notEnoughPermissionsError = new AppError(\n            \"You do not have permission to perfom this action\",\n            403,\n            \"NotEnoughPermissions\"\n          );\n\n          if (configs?.authentication?.mode === \"dynamic\") {\n            const hasPermission = await this.checkDynamicAccessControl(\n              user.id,\n              action,\n              resource\n            );\n\n            if (!hasPermission) return next(notEnoughPermissionsError);\n          } else if (configs?.authentication?.mode === \"static\") {\n            if (!accessControl) return next(notEnoughPermissionsError);\n\n            const hasPermission = this.checkStaticAccessControl(\n              user,\n              action,\n              accessControl\n            );\n\n            if (!hasPermission) return next(notEnoughPermissionsError);\n          }\n        }\n\n        next();\n      }\n    );\n  }\n\n  /**\n   * Processes the cookies or authoriation token and returns the user.\n   * @param req\n   * @returns {Promise<User | null>} - if authentication is turned off in arkosConfig it returns null\n   * @throws {AppError} Throws an error if the token is invalid or the user is not logged in.\n   */\n  async getAuthenticatedUser(req: ArkosRequest): Promise<User | null> {\n    if (!isAuthenticationEnabled())\n      throw Error(\n        \"ValidationError: Trying to call AuthService.getAuthenticatedUser without setting up authentication\"\n      );\n\n    const prisma = getPrismaInstance();\n\n    let token: string | undefined;\n\n    if (\n      req?.headers?.authorization &&\n      req?.headers?.authorization.startsWith(\"Bearer\") &&\n      req?.headers?.authorization.split?.(\" \")?.[1]\n    )\n      token = req?.headers?.authorization.split(\" \")[1];\n\n    if (\n      !token &&\n      req?.cookies?.arkos_access_token !== \"no-token\" &&\n      req.cookies\n    ) {\n      token = req?.cookies?.arkos_access_token;\n    }\n\n    if (!token) return null;\n\n    let decoded: AuthJwtPayload | undefined;\n\n    try {\n      decoded = await this.verifyJwtToken(token);\n    } catch (err) {\n      throw invaliAuthTokenError;\n    }\n\n    if (!decoded?.id) throw invaliAuthTokenError;\n    const user: any | null = await (prisma as any).user.findUnique({\n      where: { id: String(decoded.id) },\n    });\n\n    if (!user)\n      throw new AppError(\n        \"The user belonging to this token does no longer exists\",\n        401,\n        \"UserNoLongerExists\"\n      );\n\n    if (\n      this.userChangedPasswordAfter(user, decoded.iat!) &&\n      !req.path?.includes?.(\"logout\")\n    )\n      throw new AppError(\n        \"User recently changed password! Please log in again.\",\n        401,\n        \"PasswordChanged\"\n      );\n\n    req.accessToken = token;\n    return user;\n  }\n\n  /**\n   * Middleware to authenticate the request by extracting and verifying the JWT token and setting `req.user`.\n   *\n   * Runs `authentication.hooks.authenticate` before/after the authentication logic.\n   *\n   * Hook execution flow:\n   * - `before` hooks run first — call `ctx.skip()` to bypass core logic and jump to `after` hooks,\n   *   call `ctx.next()` to stop the chain early, or return without calling anything to continue.\n   * - Core logic runs — extracts and verifies the JWT token, sets `req.user`.\n   * - `after` hooks run — call `ctx.next(err)` to abort or return without calling anything to continue.\n   * - `onError` hooks run if core logic throws — call `ctx.skip()` to suppress the error and jump to\n   *   `after` hooks, or call `ctx.next(err)` to forward it to the global error handler.\n   *\n   * On custom routes, hooks defined in `arkosConfig` still apply since they are baked into this method.\n   *\n   * @example\n   * ```ts\n   * // custom route - hooks still run\n   * router.get(\"/custom\", authService.authenticate, handler);\n   * ```\n   *\n   * @example\n   * ```ts\n   * // skip built-in auth from a before hook\n   * before: (ctx) => {\n   *   ctx.req.user = myCustomAuth(ctx.req);\n   *   ctx.skip();\n   * }\n   * ```\n   *\n   * @see {@link https://www.arkosjs.com/docs/core-concepts/authentication/hooks}\n   */\n  authenticate = catchAsync(\n    async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n      const hooks = getArkosConfig()?.authentication?.hooks?.authenticate;\n\n      const before = await this.runHooks(hooks?.before, req);\n      if (before.stopped && !before.skipped)\n        return before.error ? next(before.error) : next();\n\n      if (!before.skipped) {\n        try {\n          if (isAuthenticationEnabled()) {\n            const user = (await this.getAuthenticatedUser(req)) as User;\n            if (!user) throw loginRequiredError;\n            req.user = user;\n          }\n        } catch (err) {\n          const onError = await this.runErrorHooks(hooks?.onError, err, req);\n          if (onError.skipped) {\n            const after = await this.runAfterHooks(hooks?.after, req);\n            return after.error ? next(after.error) : next();\n          }\n          return next(onError.error ?? err);\n        }\n      }\n\n      const after = await this.runAfterHooks(hooks?.after, req);\n      if (after.stopped) return after.error ? next(after.error) : next();\n\n      next();\n    }\n  );\n\n  /**\n   * Middleware to authorize the authenticated user for a given action on a resource.\n   *\n   * Runs `authentication.hooks.authorize` before/after the authorization logic.\n   *\n   * Hook execution flow:\n   * - `before` hooks run first — call `ctx.skip()` to bypass core logic and jump to `after` hooks,\n   *   call `ctx.next()` to stop the chain early, or return without calling anything to continue.\n   * - Core logic runs — checks user role/permissions against the access control rules.\n   * - `after` hooks run — call `ctx.next(err)` to abort or return without calling anything to continue.\n   * - `onError` hooks run if authorization fails — call `ctx.skip()` to suppress the error and jump to\n   *   `after` hooks, or call `ctx.next(err)` to forward it to the global error handler.\n   *\n   * @param resource - The resource being accessed, in kebabCase (e.g. `\"product\"`, `\"cart-item\"`)\n   * @param action - The action being performed (e.g. `\"View\"`, `\"Create\"`, `\"Delete\"`)\n   * @param rule - Access control rules for this action. Accepts a role list, a wildcard, or a `DetailedAccessControlRule`.\n   *\n   * @example\n   * ```ts\n   * router.delete(\"/products/:id\",\n   *   authService.authenticate,\n   *   authService.authorize(\"product\", \"Delete\", [\"admin\"]),\n   *   handler\n   * );\n   * ```\n   *\n   * @example\n   * ```ts\n   * // skip built-in authorization from a before hook\n   * before: (ctx) => {\n   *   ctx.req.user.role = myCustomRoleResolver(ctx.req);\n   *   ctx.skip();\n   * }\n   * ```\n   *\n   * @see {@link https://www.arkosjs.com/docs/core-concepts/authentication/hooks#authorize}\n   * @since v1.6.0-beta\n   */\n  authorize(\n    action: AccessAction,\n    resource: string,\n    rule?: string[] | DetailedAccessControlRule | \"*\"\n  ): ArkosRequestHandler {\n    authActionService.add(action, resource, { [action]: rule });\n\n    return catchAsync(\n      async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n        const hooks = getArkosConfig()?.authentication?.hooks?.authorize;\n\n        const before = await this.runHooks(hooks?.before, req);\n        if (before.stopped && !before.skipped)\n          return before.error ? next(before.error) : next();\n\n        if (!before.skipped) {\n          try {\n            if (req.user) {\n              const user = req.user as User;\n              const configs = getArkosConfig();\n\n              if (!user.isSuperUser) {\n                const notEnoughPermissionsError = new AppError(\n                  \"You do not have permission to perform this action\",\n                  403,\n                  \"NotEnoughPermissions\"\n                );\n\n                if (configs?.authentication?.mode === \"dynamic\") {\n                  const hasPermission = await this.checkDynamicAccessControl(\n                    user.id,\n                    action,\n                    resource\n                  );\n                  if (!hasPermission) throw notEnoughPermissionsError;\n                } else if (configs?.authentication?.mode === \"static\") {\n                  const hasPermission = this.checkStaticAccessControl(\n                    user,\n                    action,\n                    { [action]: rule }\n                  );\n                  if (!hasPermission) throw notEnoughPermissionsError;\n                }\n              }\n            }\n          } catch (err) {\n            const onError = await this.runErrorHooks(hooks?.onError, err, req);\n            if (onError.skipped) {\n              const after = await this.runAfterHooks(hooks?.after, req);\n              return after.error ? next(after.error) : next();\n            }\n            return next(onError.error ?? err);\n          }\n        }\n\n        const after = await this.runAfterHooks(hooks?.after, req);\n        if (after.stopped) return after.error ? next(after.error) : next();\n\n        next();\n      }\n    );\n  }\n\n  /**\n   * Handles authentication control by checking the `authenticationControl` configuration in the `authConfigs`.\n   *\n   * @param {ControllerActions} action - The action being performed (e.g., create, update, delete, view).\n   * @param {AuthenticationControlConfig} authenticationControl - The authentication configuration object.\n   * @returns {ArkosRequestHandler} The middleware function that checks if authentication is required.\n   *\n   * @deprecated Will be removed on v2.0, use AuthService.authenticate instead\n   */\n  handleAuthenticationControl(\n    action: AccessAction,\n    authenticationControl?: AuthenticationControlConfig | undefined\n  ): ArkosRequestHandler {\n    if (authenticationControl && typeof authenticationControl === \"object\") {\n      if (authenticationControl[action] === false) return callNext;\n      else if (authenticationControl[action] === true) return this.authenticate;\n    } else return this.authenticate;\n\n    return this.authenticate;\n  }\n\n  /**\n   * Creates a permission checker function for a specific action and resource.\n   *\n   * PS: This method should be called during application initialization to build permission validators.\n   *\n   * @see {@link https://www.arkosjs.com/docs/advanced-guide/fine-grained-access-control}\n   *\n   * @param action - The action to check permission for (e.g., 'View', 'Create', 'Delete')\n   * @param resource - The resource being accessed, must be in kebabCase (e.g., 'user', 'cart-item', 'order')\n   * @param accessControl - Access control rules (required for static authentication mode), and it is automatically loaded for known modules such as all prisma models, auth and file-upload.\n   * @returns A function that takes a user object and returns a boolean indicating permission status\n   *\n   * @example\n   * ```typescript\n   * const hasViewProductPermission = await authService.permission('View', 'product');\n   *\n   * // Later in handler:\n   * const canAccess = await hasViewProductPermission(user);\n   * if (canAccess) {\n   *   // User has permission\n   * }\n   * ```\n   */\n  permission(\n    action: string,\n    resource: string,\n    accessControl?: AccessControlConfig\n  ) {\n    // Check if called during request handling (deep call stack indicates handler execution)\n    const stack = new Error().stack;\n\n    if (stack?.includes(\"node_modules/express/lib/router/index.js\"))\n      throw new Error(\n        \"authService.permission() should be called during application initialization level.\"\n      );\n\n    authActionService.add(action, resource, accessControl);\n\n    return async (user: User | undefined): Promise<boolean> => {\n      // getArkosConfig must not be called the same time as arkos.init()\n      const configs = getArkosConfig();\n\n      if (!isUsingAuthentication())\n        throw Error(\n          \"Validation Error: Trying to use authService.permission without setting up authentication.\"\n        );\n\n      if (!isAuthenticationEnabled()) return false;\n      if (!user) throw loginRequiredError;\n      if (user?.isSuperUser) return true;\n\n      if (configs?.authentication?.mode === \"dynamic\") {\n        return await this.checkDynamicAccessControl(user?.id, action, resource);\n      } else if (configs?.authentication?.mode === \"static\") {\n        return (\n          !!accessControl &&\n          this.checkStaticAccessControl(user as any, action, accessControl)\n        );\n      }\n      return false;\n    };\n  }\n}\n\n/**\n * Handles various authentication-related tasks such as JWT signing, password hashing, and verifying user credentials.\n */\nconst authService = new AuthService();\n\nexport default authService;\n"]}
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../../src/modules/auth/auth.service.ts"],"names":[],"mappings":";;;;;;AAAA,gEAAgD;AAChD,wDAA8B;AAE9B,qFAA4D;AAC5D,iFAAwD;AACxD,+DAAoD;AACpD,yCAA8C;AAC9C,sEAA6C;AAC7C,uEAAuE;AAevE,qFAA2E;AAC3E,mEAGoC;AACpC,+FAAqE;AACrE,mFAGkD;AAalD,MAAa,WAAW;IAAxB;QAIE,uBAAkB,GAAgC,EAAE,CAAC;QA2mBrD,iBAAY,GAAG,IAAA,qBAAU,EACvB,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,MAAM,KAAK,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,CAAC;YAEpE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC;YACvD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CACtC,KAAK,EAAE,OAAO,EACd,MAAM,CAAC,KAAK,EACZ,GAAG,CACJ,CAAC;gBACF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;oBAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClD,CAAC;gBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,IAAI,IAAA,8CAAuB,GAAE,EAAE,CAAC;wBAC9B,MAAM,IAAI,GAAG,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAS,CAAC;wBAC5D,IAAI,CAAC,IAAI;4BAAE,MAAM,uCAAkB,CAAC;wBACpC,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;oBAClB,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;oBACnE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;wBAC1D,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;YAC1D,IAAI,KAAK,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAE1C,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IAyNJ,CAAC;IAj2BS,KAAK,CAAC,QAAQ,CACpB,KAKa,EACb,GAAiB,EACjB,GAIC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;QAEtC,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;YAEvB,IAAI,CAAC;gBACH,MAAO,IAAY,CAAC;oBAClB,GAAG;oBACH,IAAI,EAAE,GAAG,EAAE;wBACT,UAAU,GAAG,IAAI,CAAC;oBACpB,CAAC;oBACD,GAAG,GAAG;iBACP,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACxC,CAAC;YAED,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAUO,KAAK,CAAC,aAAa,CACzB,KAKa,EACb,GAAiB,EACjB,GAIC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QAEtB,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAO,IAAY,CAAC,EAAE,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,EAAE,CAAC;IACZ,CAAC;IAWO,KAAK,CAAC,aAAa,CACzB,KAKa,EACb,KAAc,EACd,GAAiB,EACjB,GAIC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;QAE7C,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAEzD,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;YAEvB,IAAI,CAAC;gBACH,MAAO,IAAY,CAAC;oBAClB,GAAG;oBACH,KAAK;oBACL,IAAI,EAAE,GAAG,EAAE;wBACT,UAAU,GAAG,IAAI,CAAC;oBACpB,CAAC;oBACD,GAAG,GAAG;iBACP,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YACxC,CAAC;YAED,IAAI,UAAU;gBAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3C,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IASD,YAAY,CACV,EAAmB,EACnB,SAA+B,EAC/B,MAAe;QAEf,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,IAAA,uBAAc,GAAE,CAAC;QAErD,IACE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM;YAClC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU;YACvB,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM;YAErB,MAAM,IAAI,mBAAQ,CAChB,mCAAmC,EACnC,GAAG,EACH,wBAAwB,CACzB,CAAC;QAEJ,MAAM;YACJ,MAAM;gBACN,OAAO,EAAE,GAAG,EAAE,MAAM;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU;gBACtB,mBAAQ,CAAC,UAAU,CAAC;QAEtB,SAAS,GAAG,CAAC,SAAS;YACpB,OAAO,EAAE,GAAG,EAAE,SAAS;YACvB,OAAO,CAAC,GAAG,CAAC,cAAc;YAC1B,mBAAQ,CAAC,cAAc,CAAmC,CAAC;QAE7D,OAAO,sBAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;YAC9B,SAAS,EAAE,SAAuB;SACnC,CAAC,CAAC;IACL,CAAC;IAoBD,mBAAmB,CAAC,GAAiB;QACnC,MAAM,WAAW,GAAG,IAAA,uBAAc,GAAE,CAAC;QACrC,MAAM,WAAW,GAAG,WAAW,EAAE,cAAc,CAAC;QAEhD,IAAI,CAAC,GAAG;YACN,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QAExE,MAAM,QAAQ,GACZ,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ;YACjC,OAAO,CAAC,GAAG,CAAC,oBAIC;YACd,KAAK,CAAC;QAER,OAAO;YACL,OAAO,EAAE,IAAI,IAAI,CACf,IAAI,CAAC,GAAG,EAAE;gBACR,MAAM,CACJ,IAAA,8BAAI,EACF,WAAW,EAAE,GAAG,EAAE,SAAS;oBACxB,OAAO,CAAC,GAAG,CAAC,cAA6B;oBACzC,mBAAQ,CAAC,cAA6B,CAC1C,CACF,CACJ;YACD,QAAQ,EACN,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,QAAQ;gBAClC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,SAAS;oBAC7C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,KAAK,MAAM;oBAC7C,CAAC,CAAC,SAAS,CAAC;gBACd,IAAI;YACN,MAAM,EAAE,CAAC,GAAG,EAAE;gBACZ,IAAI,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,KAAK,SAAS;oBAChD,OAAO,WAAW,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC;qBACrC,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,SAAS;oBAClD,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;;oBAC7C,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,OAAO,CAAC;YACzE,CAAC,CAAC,EAAE;YACJ,QAAQ;SACT,CAAC;IACJ,CAAC;IAaD,gBAAgB,CAAC,QAAgB;QAC/B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,kBAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACvD,CAAC;IASD,KAAK,CAAC,iBAAiB,CACrB,iBAAyB,EACzB,YAAoB;QAEpB,OAAO,MAAM,kBAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;IAC/D,CAAC;IAQD,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,MAAM,kBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACzC,CAAC;IAmBM,gBAAgB,CAAC,QAAgB;QACtC,MAAM,eAAe,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,CAAC;QAEzD,MAAM,mBAAmB,GACvB,eAAe,EAAE,kBAAkB,EAAE,KAAK;YAC1C,oCAAoC,CAAC;QACvC,OAAO,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC5C,CAAC;IASD,wBAAwB,CAAC,IAAU,EAAE,YAAoB;QACvD,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,MAAM,kBAAkB,GAAG,QAAQ,CACjC,MAAM,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,EACzD,EAAE,CACH,CAAC;YAEF,OAAO,YAAY,GAAG,kBAAkB,CAAC;QAC3C,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAUD,KAAK,CAAC,cAAc,CAClB,KAAa,EACb,MAAe;QAEf,MAAM,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,IAAA,uBAAc,GAAE,CAAC;QAErD,IACE,OAAO,CAAC,GAAG,CAAC,WAAW,KAAK,MAAM;YAClC,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU;YACvB,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM;YAErB,MAAM,IAAI,mBAAQ,CAChB,kCAAkC,EAClC,GAAG,EACH,8BAA8B,CAC/B,CAAC;QAEJ,MAAM;YACJ,MAAM;gBACN,OAAO,EAAE,GAAG,EAAE,MAAM;gBACpB,OAAO,CAAC,GAAG,CAAC,UAAU;gBACtB,mBAAQ,CAAC,UAAU,CAAC;QAEtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;gBACzC,IAAI,GAAG;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC;;oBAChB,OAAO,CAAC,OAAyB,CAAC,CAAC;YAC1C,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB,CAAC,MAA2B;QAClD,OAAO,MAAM,KAAK,GAAG,CAAC;IACxB,CAAC;IAEO,UAAU,CAAC,MAA2B;QAC5C,OAAO,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/B,CAAC;IAEO,aAAa,CACnB,MAA2B;QAE3B,OAAO,CACL,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CACxE,CAAC;IACJ,CAAC;IAEO,oBAAoB,CAC1B,IAA4D;QAE5D,IAAI,CAAC,IAAI;YAAE,OAAO,EAAE,CAAC;QACrB,IAAI,IAAI,KAAK,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACrC,OAAO,IAAI,CAAC,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAEO,sBAAsB,CAC5B,MAAoB,EACpB,aAAkC;QAElC,IAAI,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC;YAAE,OAAO,aAAa,CAAC;QACzD,IAAI,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;YACnC,OAAO,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1D,OAAO,EAAE,CAAC;IACZ,CAAC;IAYS,wBAAwB,CAChC,IAAU,EACV,MAAc,EACd,aAAkC;QAElC,IAAI,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK;YAC5B,MAAM,KAAK,CACT,qHAAqH,CACtH,CAAC;QAEJ,IAAI,eAAe,GAAG,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAEzE,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAExE,OAAO,CACL,eAAe,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG;YAC5B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CACnE,CAAC;IACJ,CAAC;IAWS,KAAK,CAAC,yBAAyB,CACvC,MAAc,EACd,MAAc,EACd,QAAgB;QAEhB,MAAM,MAAM,GAAG,IAAA,kCAAiB,GAAE,CAAC;QACnC,OAAO,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;YACxC,KAAK,EAAE;gBACL,MAAM;gBACN,IAAI,EAAE;oBACJ,WAAW,EAAE;wBACX,IAAI,EAAE;4BACJ,QAAQ;4BACR,MAAM;yBACP;qBACF;iBACF;aACF;YACD,MAAM,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE;SACrB,CAAC,CAAC,CAAC;IACN,CAAC;IAYD,mBAAmB,CACjB,MAAoB,EACpB,QAAgB,EAChB,aAAmC;QAEnC,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEvD,OAAO,IAAA,qBAAU,EACf,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,MAAM,IAAI,GAAG,GAAG,CAAC,IAAY,CAAC;gBAC9B,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;gBAEjC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,IAAI,EAAE,CAAC;oBACP,OAAO;gBACT,CAAC;gBAED,MAAM,yBAAyB,GAAG,IAAI,mBAAQ,CAC5C,kDAAkD,EAClD,GAAG,EACH,sBAAsB,CACvB,CAAC;gBAEF,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;oBAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACxD,IAAI,CAAC,EAAE,EACP,MAAM,EACN,QAAQ,CACT,CAAC;oBAEF,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAC7D,CAAC;qBAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACtD,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;oBAE3D,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CACjD,IAAI,EACJ,MAAM,EACN,aAAa,CACd,CAAC;oBAEF,IAAI,CAAC,aAAa;wBAAE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IACJ,CAAC;IAQD,KAAK,CAAC,oBAAoB,CAAC,GAAiB;QAC1C,IAAI,CAAC,IAAA,8CAAuB,GAAE;YAC5B,MAAM,KAAK,CACT,oGAAoG,CACrG,CAAC;QAEJ,MAAM,MAAM,GAAG,IAAA,kCAAiB,GAAE,CAAC;QAEnC,IAAI,KAAyB,CAAC;QAE9B,IACE,GAAG,EAAE,OAAO,EAAE,aAAa;YAC3B,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC;YAChD,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAE7C,KAAK,GAAG,GAAG,EAAE,OAAO,EAAE,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAEpD,IACE,CAAC,KAAK;YACN,GAAG,EAAE,OAAO,EAAE,kBAAkB,KAAK,UAAU;YAC/C,GAAG,CAAC,OAAO,EACX,CAAC;YACD,KAAK,GAAG,GAAG,EAAE,OAAO,EAAE,kBAAkB,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,OAAmC,CAAC;QAExC,IAAI,CAAC;YACH,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,yCAAoB,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,EAAE;YAAE,MAAM,yCAAoB,CAAC;QAC7C,MAAM,IAAI,GAAe,MAAO,MAAc,CAAC,IAAI,CAAC,UAAU,CAAC;YAC7D,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI;YACP,MAAM,IAAI,mBAAQ,CAChB,wDAAwD,EACxD,GAAG,EACH,oBAAoB,CACrB,CAAC;QAEJ,IACE,IAAI,CAAC,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC,GAAI,CAAC;YACjD,CAAC,GAAG,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC;YAE/B,MAAM,IAAI,mBAAQ,CAChB,sDAAsD,EACtD,GAAG,EACH,iBAAiB,CAClB,CAAC;QAEJ,GAAG,CAAC,WAAW,GAAG,KAAK,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAkHD,SAAS,CACP,MAAoB,EACpB,QAAgB,EAChB,IAAiD;QAEjD,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;QAE5D,OAAO,IAAA,qBAAU,EACf,KAAK,EAAE,GAAiB,EAAE,CAAgB,EAAE,IAAuB,EAAE,EAAE;YACrE,MAAM,KAAK,GAAG,IAAA,uBAAc,GAAE,EAAE,cAAc,EAAE,KAAK,EAAE,SAAS,CAAC;YAEjE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE;gBACrD,MAAM;gBACN,QAAQ;gBACR,IAAI;aACL,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CACtC,KAAK,EAAE,OAAO,EACd,MAAM,CAAC,KAAK,EACZ,GAAG,EACH,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAC3B,CAAC;gBACF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;oBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE;wBACxD,MAAM;wBACN,QAAQ;wBACR,IAAI;qBACL,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAClD,CAAC;gBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAC7B,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;wBACb,MAAM,IAAI,GAAG,GAAG,CAAC,IAAY,CAAC;wBAC9B,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;wBAEjC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;4BACtB,MAAM,yBAAyB,GAAG,IAAI,mBAAQ,CAC5C,mDAAmD,EACnD,GAAG,EACH,sBAAsB,CACvB,CAAC;4BAEF,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gCAChD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,yBAAyB,CACxD,IAAI,CAAC,EAAE,EACP,MAAM,EACN,QAAQ,CACT,CAAC;gCACF,IAAI,CAAC,aAAa;oCAAE,MAAM,yBAAyB,CAAC;4BACtD,CAAC;iCAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gCACtD,MAAM,aAAa,GAAG,IAAI,CAAC,wBAAwB,CACjD,IAAI,EACJ,MAAM,EACN,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CACnB,CAAC;gCACF,IAAI,CAAC,aAAa;oCAAE,MAAM,yBAAyB,CAAC;4BACtD,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE;wBACjE,MAAM;wBACN,QAAQ;wBACR,IAAI;qBACL,CAAC,CAAC;oBACH,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;wBACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE;4BACxD,MAAM;4BACN,QAAQ;4BACR,IAAI;yBACL,CAAC,CAAC;wBACH,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;oBAClD,CAAC;oBACD,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE;gBACxD,MAAM;gBACN,QAAQ;gBACR,IAAI;aACL,CAAC,CAAC;YACH,IAAI,KAAK,CAAC,KAAK;gBAAE,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAE1C,IAAI,EAAE,CAAC;QACT,CAAC,CACF,CAAC;IACJ,CAAC;IAWD,2BAA2B,CACzB,MAAoB,EACpB,qBAA+D;QAE/D,IAAI,qBAAqB,IAAI,OAAO,qBAAqB,KAAK,QAAQ,EAAE,CAAC;YACvE,IAAI,qBAAqB,CAAC,MAAM,CAAC,KAAK,KAAK;gBAAE,OAAO,2BAAQ,CAAC;iBACxD,IAAI,qBAAqB,CAAC,MAAM,CAAC,KAAK,IAAI;gBAAE,OAAO,IAAI,CAAC,YAAY,CAAC;QAC5E,CAAC;;YAAM,OAAO,IAAI,CAAC,YAAY,CAAC;QAEhC,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAyBD,UAAU,CACR,MAAc,EACd,QAAgB,EAChB,aAAmC;QAGnC,MAAM,KAAK,GAAG,IAAI,KAAK,EAAE,CAAC,KAAK,CAAC;QAEhC,IAAI,KAAK,EAAE,QAAQ,CAAC,0CAA0C,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,oFAAoF,CACrF,CAAC;QAEJ,6BAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;QAEvD,OAAO,KAAK,EAAE,IAAsB,EAAoB,EAAE;YAExD,MAAM,OAAO,GAAG,IAAA,uBAAc,GAAE,CAAC;YAEjC,IAAI,CAAC,IAAA,4CAAqB,GAAE;gBAC1B,MAAM,KAAK,CACT,2FAA2F,CAC5F,CAAC;YAEJ,IAAI,CAAC,IAAA,8CAAuB,GAAE;gBAAE,OAAO,KAAK,CAAC;YAC7C,IAAI,CAAC,IAAI;gBAAE,MAAM,uCAAkB,CAAC;YACpC,IAAI,IAAI,EAAE,WAAW;gBAAE,OAAO,IAAI,CAAC;YAEnC,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gBAChD,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC;iBAAM,IAAI,OAAO,EAAE,cAAc,EAAE,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtD,OAAO,CACL,CAAC,CAAC,aAAa;oBACf,IAAI,CAAC,wBAAwB,CAAC,IAAW,EAAE,MAAM,EAAE,aAAa,CAAC,CAClE,CAAC;YACJ,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC;IACJ,CAAC;CACF;AAh3BD,kCAg3BC;AAKD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC;AAEtC,kBAAe,WAAW,CAAC","sourcesContent":["import jwt, { SignOptions } from \"jsonwebtoken\";\nimport bcrypt from \"bcryptjs\";\nimport { User } from \"../../types\";\nimport catchAsync from \"../error-handler/utils/catch-async\";\nimport AppError from \"../error-handler/utils/app-error\";\nimport { callNext } from \"../base/base.middlewares\";\nimport { getArkosConfig } from \"../../server\";\nimport arkosEnv from \"../../utils/arkos-env\";\nimport { getPrismaInstance } from \"../../utils/helpers/prisma.helpers\";\nimport {\n  ArkosRequest,\n  ArkosResponse,\n  ArkosNextFunction,\n  ArkosRequestHandler,\n} from \"../../types\";\nimport {\n  AuthJwtPayload,\n  AccessAction,\n  AccessControlConfig,\n  AuthenticationControlConfig,\n  AccessControlRules,\n  DetailedAccessControlRule,\n} from \"../../types/auth\";\nimport { MsDuration, toMs } from \"./utils/helpers/auth.controller.helpers\";\nimport {\n  invaliAuthTokenError,\n  loginRequiredError,\n} from \"./utils/auth-error-objects\";\nimport authActionService from \"./utils/services/auth-action.service\";\nimport {\n  isAuthenticationEnabled,\n  isUsingAuthentication,\n} from \"../../utils/helpers/arkos-config.helpers\";\nimport {\n  AuthenticateHookHandler,\n  AuthenticateAfterHookHandler,\n  AuthenticateErrorHookHandler,\n  AuthorizeHookHandler,\n  AuthorizeAfterHookHandler,\n  AuthorizeErrorHookHandler,\n} from \"../../types/arkos-config/utils\";\n\n/**\n * Handles various authentication-related tasks such as JWT signing, password hashing, and verifying user credentials.\n */\nexport class AuthService {\n  /**\n   * Object containing a combination of actions per resource, tracked by each set of calls of `authService.handleAccessControl`, this can be accessed through the `authService` object or through the endpoint\n   */\n  actionsPerResource: Record<string, Set<string>> = {};\n\n  /**\n   * Runs a chain of `before` hooks in sequence.\n   *\n   * - If a hook throws — chain aborts, error is forwarded to `onError` hooks.\n   * - If a hook calls `skip()` — chain stops, core logic is bypassed, jumps to `after` hooks.\n   * - If a hook returns — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ skipped, error? }`\n   */\n  private async runHooks(\n    hooks:\n      | AuthenticateHookHandler\n      | AuthenticateHookHandler[]\n      | AuthorizeHookHandler\n      | AuthorizeHookHandler[]\n      | undefined,\n    req: ArkosRequest,\n    ctx?: {\n      action?: AccessAction;\n      resource?: string;\n      rule?: string[] | DetailedAccessControlRule | \"*\";\n    }\n  ): Promise<{ skipped: boolean; error?: unknown }> {\n    if (!hooks) return { skipped: false };\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      let skipCalled = false;\n\n      try {\n        await (hook as any)({\n          req,\n          skip: () => {\n            skipCalled = true;\n          },\n          ...ctx,\n        });\n      } catch (err) {\n        return { skipped: false, error: err };\n      }\n\n      if (skipCalled) return { skipped: true };\n    }\n\n    return { skipped: false };\n  }\n\n  /**\n   * Runs a chain of `after` hooks in sequence.\n   *\n   * - If a hook throws — chain aborts, error is forwarded to the global error handler.\n   * - If a hook returns — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ error? }`\n   */\n  private async runAfterHooks(\n    hooks:\n      | AuthenticateAfterHookHandler\n      | AuthenticateAfterHookHandler[]\n      | AuthorizeAfterHookHandler\n      | AuthorizeAfterHookHandler[]\n      | undefined,\n    req: ArkosRequest,\n    ctx?: {\n      action?: AccessAction;\n      resource?: string;\n      rule?: string[] | DetailedAccessControlRule | \"*\";\n    }\n  ): Promise<{ error?: unknown }> {\n    if (!hooks) return {};\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      try {\n        await (hook as any)({ req, ...ctx });\n      } catch (err) {\n        return { error: err };\n      }\n    }\n\n    return {};\n  }\n\n  /**\n   * Runs a chain of `onError` hooks in sequence.\n   *\n   * - If a hook throws — chain aborts, error is forwarded to the global error handler.\n   * - If a hook calls `skip()` — suppresses the error and jumps to `after` hooks.\n   * - If a hook returns — next hook in chain runs.\n   *\n   * @returns Promise resolving to `{ skipped, error? }`\n   */\n  private async runErrorHooks(\n    hooks:\n      | AuthenticateErrorHookHandler\n      | AuthenticateErrorHookHandler[]\n      | AuthorizeErrorHookHandler\n      | AuthorizeErrorHookHandler[]\n      | undefined,\n    error: unknown,\n    req: ArkosRequest,\n    ctx?: {\n      action?: AccessAction;\n      resource?: string;\n      rule?: string[] | DetailedAccessControlRule | \"*\";\n    }\n  ): Promise<{ skipped: boolean; error?: unknown }> {\n    if (!hooks) return { skipped: false, error };\n\n    const hookArray = Array.isArray(hooks) ? hooks : [hooks];\n\n    for (const hook of hookArray) {\n      let skipCalled = false;\n\n      try {\n        await (hook as any)({\n          req,\n          error,\n          skip: () => {\n            skipCalled = true;\n          },\n          ...ctx,\n        });\n      } catch (err) {\n        return { skipped: false, error: err };\n      }\n\n      if (skipCalled) return { skipped: true };\n    }\n\n    return { skipped: false, error };\n  }\n  /**\n   * Signs a JWT token for the user.\n   *\n   * @param {number | string} id - The unique identifier of the user to generate the token for.\n   * @param {string | number} [expiresIn] - The expiration time for the token. Defaults to environment variable `JWT_EXPIRES_IN`.\n   * @param {string} [secret] - The secret key used to sign the token. Defaults to environment variable `JWT_SECRET`.\n   * @returns {string} The signed JWT token.\n   */\n  signJwtToken(\n    id: number | string,\n    expiresIn?: MsDuration | number,\n    secret?: string\n  ): string {\n    const { authentication: configs } = getArkosConfig();\n\n    if (\n      process.env.ARKOS_BUILD === \"true\" &&\n      !process.env.JWT_SECRET &&\n      !configs?.jwt?.secret\n    )\n      throw new AppError(\n        \"Missing JWT secret on production!\",\n        500,\n        \"MissingJWTOnProduction\"\n      );\n\n    secret =\n      secret ||\n      configs?.jwt?.secret ||\n      process.env.JWT_SECRET ||\n      arkosEnv.JWT_SECRET;\n\n    expiresIn = (expiresIn ||\n      configs?.jwt?.expiresIn ||\n      process.env.JWT_EXPIRES_IN ||\n      arkosEnv.JWT_EXPIRES_IN) as keyof SignOptions[\"expiresIn\"];\n\n    return jwt.sign({ id }, secret, {\n      expiresIn: expiresIn as MsDuration,\n    });\n  }\n\n  /**\n   * Retrieves cookie configuration options for JWT authentication.\n   *\n   * Merges configuration from multiple sources in order of precedence:\n   * 1. Arkos configuration file\n   * 2. Environment variables\n   * 3. Request properties (for secure flag)\n   * 4. Default fallback values\n   *\n   * @param req - ArkosRequest object used to determine if the connection is secure\n   * @returns Cookie options object with expires, httpOnly, secure, and sameSite properties\n   *\n   * @example\n   * ```typescript\n   * const cookieOptions = authService.getJwtCookieOptions(req);\n   * res.cookie('jwt', token, cookieOptions);\n   * ```\n   */\n  getJwtCookieOptions(req: ArkosRequest) {\n    const arkosConfig = getArkosConfig();\n    const authConfigs = arkosConfig?.authentication;\n\n    if (!req)\n      throw new Error(\"Missing req object in order get jwt cookie options\");\n\n    const sameSite =\n      authConfigs?.jwt?.cookie?.sameSite ||\n      (process.env.JWT_COOKIE_SAME_SITE as\n        | \"none\"\n        | \"lax\"\n        | \"strict\"\n        | undefined) ||\n      \"lax\";\n\n    return {\n      expires: new Date(\n        Date.now() +\n          Number(\n            toMs(\n              authConfigs?.jwt?.expiresIn ||\n                (process.env.JWT_EXPIRES_IN as MsDuration) ||\n                (arkosEnv.JWT_EXPIRES_IN as MsDuration)\n            )\n          )\n      ),\n      httpOnly:\n        authConfigs?.jwt?.cookie?.httpOnly ??\n        (process.env.JWT_COOKIE_HTTP_ONLY !== undefined\n          ? process.env.JWT_COOKIE_HTTP_ONLY === \"true\"\n          : undefined) ??\n        true,\n      secure: (() => {\n        if (authConfigs?.jwt?.cookie?.secure !== undefined)\n          return authConfigs?.jwt?.cookie?.secure;\n        else if (process.env.JWT_COOKIE_SECURE !== undefined)\n          return process.env.JWT_COOKIE_SECURE === \"true\";\n        else return req.secure || req.headers[\"x-forwarded-proto\"] === \"https\";\n      })(),\n      sameSite,\n    };\n  }\n\n  /**\n   * Is used by default internally by Arkos under `BaseService` class to check if the password is already hashed.\n   *\n   * This was just added to prevent unwanted errors when someone just forgets that the `BaseService` class will automatically hash the password field using `authService.hashPassword` by default.\n   *\n   * So now before `BaseService` hashes it will test it.\n   *\n   *\n   * @param password The password to be tested if is hashed\n   * @returns\n   */\n  isPasswordHashed(password: string) {\n    return !Number.isNaN(bcrypt.getRounds(password) * 1);\n  }\n\n  /**\n   * Compares a candidate password with the stored user password to check if they match.\n   *\n   * @param {string} candidatePassword - The password provided by the user during login.\n   * @param {string} userPassword - The password stored in the database.\n   * @returns {Promise<boolean>} Returns true if the passwords match, otherwise false.\n   */\n  async isCorrectPassword(\n    candidatePassword: string,\n    userPassword: string\n  ): Promise<boolean> {\n    return await bcrypt.compare(candidatePassword, userPassword);\n  }\n\n  /**\n   * Hashes a plain text password using bcrypt.\n   *\n   * @param {string} password - The password to be hashed.\n   * @returns {Promise<string>} Returns the hashed password.\n   */\n  async hashPassword(password: string): Promise<string> {\n    return await bcrypt.hash(password, 12);\n  }\n\n  /**\n   * Checks if a password is strong, requiring uppercase, lowercase, and numeric characters as the default.\n   *\n   * **NB**: You must pay attention when using custom validation with zod or class-validator, try to use the same regex always.\n   *\n   * **Note**: You can define it when calling arkos.init()\n   * ```ts\n   * arkos.init({\n   *  authentication: {\n   *    passwordValidation:{ regex: /your-desired-regex/, message: 'password must contain...'}\n   *  }\n   * })\n   * ```\n   *\n   * @param {string} password - The password to check.\n   * @returns {boolean} Returns true if the password meets the strength criteria, otherwise false.\n   */\n  public isPasswordStrong(password: string): boolean {\n    const initAuthConfigs = getArkosConfig()?.authentication;\n\n    const strongPasswordRegex =\n      initAuthConfigs?.passwordValidation?.regex ||\n      /^(?=.*[A-Z])(?=.*[a-z])(?=.*\\d).+$/;\n    return strongPasswordRegex.test(password);\n  }\n\n  /**\n   * Checks if a user has changed their password after the JWT was issued.\n   *\n   * @param {User} user - The user object containing the passwordChangedAt field.\n   * @param {number} JWTTimestamp - The timestamp when the JWT was issued.\n   * @returns {boolean} Returns true if the user changed their password after the JWT was issued, otherwise false.\n   */\n  userChangedPasswordAfter(user: User, JWTTimestamp: number): boolean {\n    if (user.passwordChangedAt) {\n      const convertedTimestamp = parseInt(\n        String(new Date(user.passwordChangedAt).getTime() / 1000),\n        10\n      );\n\n      return JWTTimestamp < convertedTimestamp;\n    }\n    return false;\n  }\n\n  /**\n   * Verifies the authenticity of a JWT token.\n   *\n   * @param {string} token - The JWT token to verify.\n   * @param {string} [secret] - The secret key used to verify the token. Defaults to environment variable `JWT_SECRET`.\n   * @returns {Promise<AuthJwtPayload>} Returns the decoded JWT payload if the token is valid.\n   * @throws {Error} Throws an error if the token is invalid or expired.\n   */\n  async verifyJwtToken(\n    token: string,\n    secret?: string\n  ): Promise<AuthJwtPayload> {\n    const { authentication: configs } = getArkosConfig();\n\n    if (\n      process.env.ARKOS_BUILD === \"true\" &&\n      !process.env.JWT_SECRET &&\n      !configs?.jwt?.secret\n    )\n      throw new AppError(\n        \"Missing JWT secret in production\",\n        500,\n        \"MissingJWTSecretInProduction\"\n      );\n\n    secret =\n      secret ||\n      configs?.jwt?.secret ||\n      process.env.JWT_SECRET ||\n      arkosEnv.JWT_SECRET;\n\n    return new Promise((resolve, reject) => {\n      jwt.verify(token, secret, (err, decoded) => {\n        if (err) reject(err);\n        else resolve(decoded as AuthJwtPayload);\n      });\n    });\n  }\n\n  private isWildcardAccess(config: AccessControlConfig): config is \"*\" {\n    return config === \"*\";\n  }\n\n  private isRoleList(config: AccessControlConfig): config is string[] {\n    return Array.isArray(config);\n  }\n\n  private isAccessRules(\n    config: AccessControlConfig\n  ): config is Partial<AccessControlRules> {\n    return (\n      typeof config === \"object\" && config !== null && !Array.isArray(config)\n    );\n  }\n\n  private normalizeRuleToRoles(\n    rule: string[] | DetailedAccessControlRule | \"*\" | undefined\n  ): string[] {\n    if (!rule) return [];\n    if (rule === \"*\") return [\"*\"];\n    if (Array.isArray(rule)) return rule;\n    return rule.roles === \"*\" ? [\"*\"] : (rule.roles ?? []);\n  }\n\n  private resolveAuthorizedRoles(\n    action: AccessAction,\n    accessControl: AccessControlConfig\n  ): string[] {\n    if (this.isWildcardAccess(accessControl)) return [\"*\"];\n    if (this.isRoleList(accessControl)) return accessControl;\n    if (this.isAccessRules(accessControl))\n      return this.normalizeRuleToRoles(accessControl[action]);\n    return [];\n  }\n\n  /**\n   * Checks if a user has permission for a specific action using static access control rules.\n   * Validates user roles against predefined access control configuration.\n   *\n   * @param user - The user object containing role or roles field\n   * @param action - The action being performed\n   * @param accessControl - Access control configuration (array of roles or object with action-role mappings)\n   * @returns True if user has permission, false otherwise\n   * @throws Error if user doesn't have role/roles field\n   */\n  protected checkStaticAccessControl(\n    user: User,\n    action: string,\n    accessControl: AccessControlConfig\n  ) {\n    if (!user?.role && !user.roles)\n      throw Error(\n        \"Validation Error: In order to use static authentication user needs at least role field or roles for multiple roles.\"\n      );\n\n    let authorizedRoles = this.resolveAuthorizedRoles(action, accessControl);\n\n    const userRoles = Array.isArray(user?.roles) ? user.roles : [user.role];\n\n    return (\n      authorizedRoles?.[0] === \"*\" ||\n      !!userRoles.some((role: string) => authorizedRoles.includes(role))\n    );\n  }\n\n  /**\n   * Checks if a user has permission for a specific action and resource using dynamic access control.\n   * Queries the database to verify user's role permissions.\n   *\n   * @param userId - The unique identifier of the user\n   * @param action - The action being performed\n   * @param resource - The resource being accessed\n   * @returns Promise resolving to true if user has permission, false otherwise\n   */\n  protected async checkDynamicAccessControl(\n    userId: string,\n    action: string,\n    resource: string\n  ) {\n    const prisma = getPrismaInstance();\n    return !!(await prisma.userRole.findFirst({\n      where: {\n        userId,\n        role: {\n          permissions: {\n            some: {\n              resource,\n              action,\n            },\n          },\n        },\n      },\n      select: { id: true },\n    }));\n  }\n\n  /**\n   * Middleware function to handle access control based on user roles and permissions.\n   *\n   * @param {AccessAction} action - The action being performed (e.g., create, update, delete, view).\n   * @param {string} resource - The resource name that the action is being performed on (e.g., \"User\", \"Post\").\n   * @param {AccessControlConfig} accessControl - The access control configuration.\n   * @returns {ArkosRequestHandler} The middleware function that checks if the user has permission to perform the action.\n   *\n   * @deprecated Will be removed on v2.0, use AuthService.authorize instead\n   */\n  handleAccessControl(\n    action: AccessAction,\n    resource: string,\n    accessControl?: AccessControlConfig\n  ): ArkosRequestHandler {\n    authActionService.add(action, resource, accessControl);\n\n    return catchAsync(\n      async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n        if (req.user) {\n          const user = req.user as User;\n          const configs = getArkosConfig();\n\n          if (user.isSuperUser) {\n            next();\n            return;\n          }\n\n          const notEnoughPermissionsError = new AppError(\n            \"You do not have permission to perfom this action\",\n            403,\n            \"NotEnoughPermissions\"\n          );\n\n          if (configs?.authentication?.mode === \"dynamic\") {\n            const hasPermission = await this.checkDynamicAccessControl(\n              user.id,\n              action,\n              resource\n            );\n\n            if (!hasPermission) return next(notEnoughPermissionsError);\n          } else if (configs?.authentication?.mode === \"static\") {\n            if (!accessControl) return next(notEnoughPermissionsError);\n\n            const hasPermission = this.checkStaticAccessControl(\n              user,\n              action,\n              accessControl\n            );\n\n            if (!hasPermission) return next(notEnoughPermissionsError);\n          }\n        }\n\n        next();\n      }\n    );\n  }\n\n  /**\n   * Processes the cookies or authoriation token and returns the user.\n   * @param req\n   * @returns {Promise<User | null>} - if authentication is turned off in arkosConfig it returns null\n   * @throws {AppError} Throws an error if the token is invalid or the user is not logged in.\n   */\n  async getAuthenticatedUser(req: ArkosRequest): Promise<User | null> {\n    if (!isAuthenticationEnabled())\n      throw Error(\n        \"ValidationError: Trying to call AuthService.getAuthenticatedUser without setting up authentication\"\n      );\n\n    const prisma = getPrismaInstance();\n\n    let token: string | undefined;\n\n    if (\n      req?.headers?.authorization &&\n      req?.headers?.authorization.startsWith(\"Bearer\") &&\n      req?.headers?.authorization.split?.(\" \")?.[1]\n    )\n      token = req?.headers?.authorization.split(\" \")[1];\n\n    if (\n      !token &&\n      req?.cookies?.arkos_access_token !== \"no-token\" &&\n      req.cookies\n    ) {\n      token = req?.cookies?.arkos_access_token;\n    }\n\n    if (!token) return null;\n\n    let decoded: AuthJwtPayload | undefined;\n\n    try {\n      decoded = await this.verifyJwtToken(token);\n    } catch (err) {\n      throw invaliAuthTokenError;\n    }\n\n    if (!decoded?.id) throw invaliAuthTokenError;\n    const user: any | null = await (prisma as any).user.findUnique({\n      where: { id: String(decoded.id) },\n    });\n\n    if (!user)\n      throw new AppError(\n        \"The user belonging to this token does no longer exists\",\n        401,\n        \"UserNoLongerExists\"\n      );\n\n    if (\n      this.userChangedPasswordAfter(user, decoded.iat!) &&\n      !req.path?.includes?.(\"logout\")\n    )\n      throw new AppError(\n        \"User recently changed password! Please log in again.\",\n        401,\n        \"PasswordChanged\"\n      );\n\n    req.accessToken = token;\n    return user;\n  }\n\n  /**\n   * Middleware to authenticate the request by extracting and verifying the JWT token and setting `req.user`.\n   *\n   * Runs `authentication.hooks.authenticate` before/after the authentication logic.\n   *\n   * Hook execution flow:\n   * - `before` hooks run first — call `ctx.skip()` to bypass core logic and jump to `after` hooks,\n   *   call `ctx.next()` to stop the chain early, or return without calling anything to continue.\n   * - Core logic runs — extracts and verifies the JWT token, sets `req.user`.\n   * - `after` hooks run — call `ctx.next(err)` to abort or return without calling anything to continue.\n   * - `onError` hooks run if core logic throws — call `ctx.skip()` to suppress the error and jump to\n   *   `after` hooks, or call `ctx.next(err)` to forward it to the global error handler.\n   *\n   * On custom routes, hooks defined in `arkosConfig` still apply since they are baked into this method.\n   *\n   * @example\n   * ```ts\n   * // custom route - hooks still run\n   * router.get(\"/custom\", authService.authenticate, handler);\n   * ```\n   *\n   * @example\n   * ```ts\n   * // skip built-in auth from a before hook\n   * before: (ctx) => {\n   *   ctx.req.user = myCustomAuth(ctx.req);\n   *   ctx.skip();\n   * }\n   * ```\n   *\n   * @see {@link https://www.arkosjs.com/docs/core-concepts/authentication/hooks}\n   */\n  authenticate = catchAsync(\n    async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n      const hooks = getArkosConfig()?.authentication?.hooks?.authenticate;\n\n      const before = await this.runHooks(hooks?.before, req);\n      if (before.error) {\n        const onError = await this.runErrorHooks(\n          hooks?.onError,\n          before.error,\n          req\n        );\n        if (onError.skipped) {\n          const after = await this.runAfterHooks(hooks?.after, req);\n          return after.error ? next(after.error) : next();\n        }\n        return next(onError.error);\n      }\n\n      if (!before.skipped) {\n        try {\n          if (isAuthenticationEnabled()) {\n            const user = (await this.getAuthenticatedUser(req)) as User;\n            if (!user) throw loginRequiredError;\n            req.user = user;\n          }\n        } catch (err) {\n          const onError = await this.runErrorHooks(hooks?.onError, err, req);\n          if (onError.skipped) {\n            const after = await this.runAfterHooks(hooks?.after, req);\n            return after.error ? next(after.error) : next();\n          }\n          return next(onError.error);\n        }\n      }\n\n      const after = await this.runAfterHooks(hooks?.after, req);\n      if (after.error) return next(after.error);\n\n      next();\n    }\n  );\n\n  /**\n   * Middleware to authorize the authenticated user for a given action on a resource.\n   *\n   * Runs `authentication.hooks.authorize` before/after the authorization logic.\n   *\n   * Hook execution flow:\n   * - `before` hooks run first — call `ctx.skip()` to bypass core logic and jump to `after` hooks,\n   *   call `ctx.next()` to stop the chain early, or return without calling anything to continue.\n   * - Core logic runs — checks user role/permissions against the access control rules.\n   * - `after` hooks run — call `ctx.next(err)` to abort or return without calling anything to continue.\n   * - `onError` hooks run if authorization fails — call `ctx.skip()` to suppress the error and jump to\n   *   `after` hooks, or call `ctx.next(err)` to forward it to the global error handler.\n   *\n   * @param resource - The resource being accessed, in kebabCase (e.g. `\"product\"`, `\"cart-item\"`)\n   * @param action - The action being performed (e.g. `\"View\"`, `\"Create\"`, `\"Delete\"`)\n   * @param rule - Access control rules for this action. Accepts a role list, a wildcard, or a `DetailedAccessControlRule`.\n   *\n   * @example\n   * ```ts\n   * router.delete(\"/products/:id\",\n   *   authService.authenticate,\n   *   authService.authorize(\"product\", \"Delete\", [\"admin\"]),\n   *   handler\n   * );\n   * ```\n   *\n   * @example\n   * ```ts\n   * // skip built-in authorization from a before hook\n   * before: (ctx) => {\n   *   ctx.req.user.role = myCustomRoleResolver(ctx.req);\n   *   ctx.skip();\n   * }\n   * ```\n   *\n   * @see {@link https://www.arkosjs.com/docs/core-concepts/authentication/hooks#authorize}\n   * @since v1.6.0-beta\n   */\n  authorize(\n    action: AccessAction,\n    resource: string,\n    rule?: string[] | DetailedAccessControlRule | \"*\"\n  ): ArkosRequestHandler {\n    authActionService.add(action, resource, { [action]: rule });\n\n    return catchAsync(\n      async (req: ArkosRequest, _: ArkosResponse, next: ArkosNextFunction) => {\n        const hooks = getArkosConfig()?.authentication?.hooks?.authorize;\n\n        const before = await this.runHooks(hooks?.before, req, {\n          action,\n          resource,\n          rule,\n        });\n        if (before.error) {\n          const onError = await this.runErrorHooks(\n            hooks?.onError,\n            before.error,\n            req,\n            { action, resource, rule }\n          );\n          if (onError.skipped) {\n            const after = await this.runAfterHooks(hooks?.after, req, {\n              action,\n              resource,\n              rule,\n            });\n            return after.error ? next(after.error) : next();\n          }\n          return next(onError.error);\n        }\n\n        if (!before.skipped) {\n          try {\n            if (req.user) {\n              const user = req.user as User;\n              const configs = getArkosConfig();\n\n              if (!user.isSuperUser) {\n                const notEnoughPermissionsError = new AppError(\n                  \"You do not have permission to perform this action\",\n                  403,\n                  \"NotEnoughPermissions\"\n                );\n\n                if (configs?.authentication?.mode === \"dynamic\") {\n                  const hasPermission = await this.checkDynamicAccessControl(\n                    user.id,\n                    action,\n                    resource\n                  );\n                  if (!hasPermission) throw notEnoughPermissionsError;\n                } else if (configs?.authentication?.mode === \"static\") {\n                  const hasPermission = this.checkStaticAccessControl(\n                    user,\n                    action,\n                    { [action]: rule }\n                  );\n                  if (!hasPermission) throw notEnoughPermissionsError;\n                }\n              }\n            }\n          } catch (err) {\n            const onError = await this.runErrorHooks(hooks?.onError, err, req, {\n              action,\n              resource,\n              rule,\n            });\n            if (onError.skipped) {\n              const after = await this.runAfterHooks(hooks?.after, req, {\n                action,\n                resource,\n                rule,\n              });\n              return after.error ? next(after.error) : next();\n            }\n            return next(onError.error);\n          }\n        }\n\n        const after = await this.runAfterHooks(hooks?.after, req, {\n          action,\n          resource,\n          rule,\n        });\n        if (after.error) return next(after.error);\n\n        next();\n      }\n    );\n  }\n\n  /**\n   * Handles authentication control by checking the `authenticationControl` configuration in the `authConfigs`.\n   *\n   * @param {ControllerActions} action - The action being performed (e.g., create, update, delete, view).\n   * @param {AuthenticationControlConfig} authenticationControl - The authentication configuration object.\n   * @returns {ArkosRequestHandler} The middleware function that checks if authentication is required.\n   *\n   * @deprecated Will be removed on v2.0, use AuthService.authenticate instead\n   */\n  handleAuthenticationControl(\n    action: AccessAction,\n    authenticationControl?: AuthenticationControlConfig | undefined\n  ): ArkosRequestHandler {\n    if (authenticationControl && typeof authenticationControl === \"object\") {\n      if (authenticationControl[action] === false) return callNext;\n      else if (authenticationControl[action] === true) return this.authenticate;\n    } else return this.authenticate;\n\n    return this.authenticate;\n  }\n\n  /**\n   * Creates a permission checker function for a specific action and resource.\n   *\n   * PS: This method should be called during application initialization to build permission validators.\n   *\n   * @see {@link https://www.arkosjs.com/docs/advanced-guide/fine-grained-access-control}\n   *\n   * @param action - The action to check permission for (e.g., 'View', 'Create', 'Delete')\n   * @param resource - The resource being accessed, must be in kebabCase (e.g., 'user', 'cart-item', 'order')\n   * @param accessControl - Access control rules (required for static authentication mode), and it is automatically loaded for known modules such as all prisma models, auth and file-upload.\n   * @returns A function that takes a user object and returns a boolean indicating permission status\n   *\n   * @example\n   * ```typescript\n   * const hasViewProductPermission = await authService.permission('View', 'product');\n   *\n   * // Later in handler:\n   * const canAccess = await hasViewProductPermission(user);\n   * if (canAccess) {\n   *   // User has permission\n   * }\n   * ```\n   */\n  permission(\n    action: string,\n    resource: string,\n    accessControl?: AccessControlConfig\n  ) {\n    // Check if called during request handling (deep call stack indicates handler execution)\n    const stack = new Error().stack;\n\n    if (stack?.includes(\"node_modules/express/lib/router/index.js\"))\n      throw new Error(\n        \"authService.permission() should be called during application initialization level.\"\n      );\n\n    authActionService.add(action, resource, accessControl);\n\n    return async (user: User | undefined): Promise<boolean> => {\n      // getArkosConfig must not be called the same time as arkos.init()\n      const configs = getArkosConfig();\n\n      if (!isUsingAuthentication())\n        throw Error(\n          \"Validation Error: Trying to use authService.permission without setting up authentication.\"\n        );\n\n      if (!isAuthenticationEnabled()) return false;\n      if (!user) throw loginRequiredError;\n      if (user?.isSuperUser) return true;\n\n      if (configs?.authentication?.mode === \"dynamic\") {\n        return await this.checkDynamicAccessControl(user?.id, action, resource);\n      } else if (configs?.authentication?.mode === \"static\") {\n        return (\n          !!accessControl &&\n          this.checkStaticAccessControl(user as any, action, accessControl)\n        );\n      }\n      return false;\n    };\n  }\n}\n\n/**\n * Handles various authentication-related tasks such as JWT signing, password hashing, and verifying user credentials.\n */\nconst authService = new AuthService();\n\nexport default authService;\n"]}