npm - authhero - Versions diffs - 0.113.0 → 0.114.0 - Mend

authhero 0.113.0 → 0.114.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/authhero.cjs CHANGED Viewed

@@ -146,7 +146,7 @@ PERFORMANCE OF THIS SOFTWARE.
 `,i=0;for(;i<n.length;)i+64<=n.length?r+=n.substr(i,64)+`\r
 `:r+=n.substr(i)+`\r
 `,i+=64;return r+=`-----END ${t} KEY-----\r
-`,r}async function Ev(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return Na(await jf(s))}const Iv=1e3*60*60*24,Cv=new o.OpenAPIHono().openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Ca)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ca}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new I(404,{message:"Key not found"});return t.json(r)}).openapi(o.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+Iv).toISOString()});const n=await Yc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new I(404,{message:"Key not found"});const r=await Yc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),Nv=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:o.z.object({email:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.array(il)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await gl(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),jv=on.extend({clients:o.z.array(mn)}),$v=new o.OpenAPIHono().openapi(o.createRoute({tags:["clients"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([jv,o.z.array(mn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(o.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new I(404);return t.json(i)}).openapi(o.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new I(404,{message:"Application not found"});return t.text("OK")}).openapi(o.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new I(404,{message:"Application not found"});return t.json(s)}).openapi(o.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:o.z.object(mn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||ke(),client_secret:n.client_secret||ke()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()});Zs.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any());const Ov=on.extend({tenants:o.z.array(Jn)}),Tv=new o.OpenAPIHono().openapi(o.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:tn},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.union([o.z.array(Jn),Ov])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),a=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:hr(i),q:s});return r?t.json(a):t.json(a.tenants)}).openapi(o.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Jn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new I(404);return t.json(n)}).openapi(o.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(ss.shape).partial()}}},params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(ss.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Jn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),Pv=on.extend({logs:o.z.array(as)}),Bv=new o.OpenAPIHono().openapi(o.createRoute({tags:["logs"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(as),Pv])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header"),c=await t.env.data.logs.list(a,{page:e,per_page:n,include_totals:r,sort:hr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(o.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:as}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new I(404);return t.json(r)}),Rv=on.extend({hooks:o.z.array(Kn)}),Lv=new o.OpenAPIHono().openapi(o.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Kn),Rv])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a});return i?t.json(c):t.json(c.hooks)}).openapi(o.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(os.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Kn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()}),body:{content:{"application/json":{schema:o.z.object(os.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Kn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new I(404,{message:"Hook not found"});return t.json(i)}).openapi(o.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Kn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new I(404,{message:"Hook not found"});return t.json(r)}).openapi(o.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new I(404,{message:"Hook not found"});return t.text("OK")}),Uv=on.extend({connections:o.z.array(Jt)}),Vv=new o.OpenAPIHono().openapi(o.createRoute({tags:["connections"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Jt),Uv])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a});return i?t.json(c):t.json(c.connections)}).openapi(o.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new I(404,{message:"Connection not found"});return t.text("OK")}).openapi(o.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(is.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new I(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new I(404,{message:"Connection not found"});return t.json(s)}).openapi(o.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(is.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Jt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),qv=new o.OpenAPIHono().openapi(o.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Li.parse({}))}).openapi(o.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let Ip=!1;function Rg(t){t.use(async(e,n)=>(Ip||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ip=!0),await n()))}o.z.object({alg:o.z.literal("RS256"),kty:o.z.literal("RSA"),use:o.z.literal("sig"),n:o.z.string(),e:o.z.string(),kid:o.z.string(),x5t:o.z.string(),x5c:o.z.array(o.z.string())});async function Mv(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new I(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function Dv(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),a=(await Mv(t.env)).find(l=>l.kid===e.header.kid);if(!a)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function Hv(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),a=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:a,raw:{header:e,payload:n,signature:r}}}function Lg(t){return async(e,n)=>{var i,s,a;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[d,p]=l.split(" ");if((d==null?void 0:d.toLowerCase())!=="bearer"||!p)throw new I(401,{message:"Missing bearer token"});const f=Hv(p);if(!f||!await Dv(e,f))throw new I(403,{message:"Invalid JWT signature"});e.set("user_id",f.payload.sub),e.set("user",f.payload);const m=f.payload.permissions||[],w=((a=f.payload.scope)==null?void 0:a.split(" "))||[];if(c.length&&!(c.some(h=>m.includes(h))||c.some(h=>w.includes(h))))throw new I(403,{message:"Unauthorized"})}return await n()}}const Fv=new o.OpenAPIHono().openapi(o.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ui}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new I(404,{message:"Email provider not found"});return t.json(n)}).openapi(o.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),Kv=new o.OpenAPIHono().openapi(o.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new I(404,{message:"Session not found"});return t.text("OK")}).openapi(o.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new I(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),Wv=new o.OpenAPIHono().openapi(o.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:al}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new I(404,{message:"Session not found"});return t.text("OK")}),Gv=new o.OpenAPIHono().openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Gt)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new I(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(o.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(Gt.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new I(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new I(404);return t.json(s)}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(sl.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Gt}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"The custom domain"}}}),async()=>{throw new I(501,{message:"Not implemented"})});async function sd(t,e){const n=t.req.header("x-forwarded-host");if(n){const i=await t.env.data.customDomains.getByDomain(n);if(i)return t.set("tenant_id",i.tenant_id),t.set("custom_domain",n),await e()}const r=t.req.header("host");if(r){const i=r.split(".");if(i.length>1&&typeof i[0]=="string"){const s=i[0];await t.env.data.tenants.get(s)&&t.set("tenant_id",s)}}return await e()}function Jv(t){const e=new o.OpenAPIHono;e.use(af({origin:r=>{var i;return r&&(i=t.allowedOrigins)!=null&&i.includes(r)?r:""},allowHeaders:["Tenant-Id","Content-Type","Content-Range","Auth0-Client","Authorization","Range","Upgrade-Insecure-Requests"],allowMethods:["POST","PUT","GET","DELETE","PATCH","OPTIONS"],exposeHeaders:["Content-Length","Content-Range"],maxAge:600,credentials:!0})),Rg(e),e.use(async(r,i)=>(r.env.data=ro(r,t.dataAdapter),i())),e.use(sd).use(Lg(e));const n=e.route("/branding",x0).route("/custom-domains",Gv).route("/email/providers",Fv).route("/users",jy).route("/keys",Cv).route("/users-by-email",Nv).route("/clients",$v).route("/tenants",Tv).route("/logs",Bv).route("/hooks",Lv).route("/connections",Vv).route("/prompts",qv).route("/sessions",Kv).route("/refresh_tokens",Wv);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),n}function Zv(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}var Cp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Cp||(Cp={}));var Np;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Np||(Np={}));function Yv(t){return Vg(t,Xv,ti.Include)}function Ug(t){return Vg(t,Qv,ti.None)}function Vg(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===ti.Include&&(r+="=")}return r}const Xv="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Qv="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var ti;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(ti||(ti={}));var jp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jp||(jp={}));class eb{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const $p=new eb;function kt(t,e){return(t<<32-e|t>>>e)>>>0}function tb(t){const e=new nb;return e.update(t),e.digest()}class nb{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),$p.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)$p.putUint32(e,this.H[n],n*4);return e}process(){for(let d=0;d<16;d++)this.w[d]=(this.blocks[d*4]<<24|this.blocks[d*4+1]<<16|this.blocks[d*4+2]<<8|this.blocks[d*4+3])>>>0;for(let d=16;d<64;d++){const p=(kt(this.w[d-2],17)^kt(this.w[d-2],19)^this.w[d-2]>>>10)>>>0,f=(kt(this.w[d-15],7)^kt(this.w[d-15],18)^this.w[d-15]>>>3)>>>0;this.w[d]=p+this.w[d-7]+f+this.w[d-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let d=0;d<64;d++){const p=(kt(s,6)^kt(s,11)^kt(s,25))>>>0,f=(s&a^~s&c)>>>0,m=l+p+f+rb[d]+this.w[d]|0,w=(kt(e,2)^kt(e,13)^kt(e,22))>>>0,h=(e&n^e&r^n&r)>>>0,_=w+h|0;l=c,c=a,a=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const rb=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class ib{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function sb(t){const e=tb(new TextEncoder().encode(t));return Ug(e)}function ob(){const t=new Uint8Array(32);return crypto.getRandomValues(t),Ug(t)}function Ur(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function _a(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Yv(n)}async function Fs(t){let e;try{e=await fetch(t)}catch(n){throw new Mg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);let r;try{r=qg(n)}catch{throw new Xn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);return new ib(n)}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}async function ab(t){let e;try{e=await fetch(t)}catch(n){throw new Mg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Xn(e.status,null)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);let r;try{r=qg(n)}catch{throw new Xn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}function qg(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new cb(e,n,r,i)}class Mg extends Error{constructor(e){super("Failed to send request",{cause:e})}}class cb extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Hi extends Error{constructor(n){super("Unexpected error response");te(this,"status");this.status=n}}class Xn extends Error{constructor(n,r){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=n,this.data=r}}class od{constructor(e,n,r){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const a=new URL(e);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),r===ni.S256){const c=sb(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else r===ni.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",i));return s.length>0&&a.searchParams.set("scope",s.join(" ")),a}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Ur(e,i);if(this.clientPassword!==null){const c=_a(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Fs(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Ur(e,i);if(this.clientPassword!==null){const c=_a(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Fs(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Ur(e,r);if(this.clientPassword!==null){const s=_a(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await ab(i)}}var ni;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(ni||(ni={}));var Op;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Op||(Op={}));var Tp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Tp||(Tp={}));function Vr(t){return lb(t,db,Ks.None)}function lb(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===Ks.Include&&(r+="=")}return r}const db="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Ks;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ks||(Ks={}));var Pp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Pp||(Pp={}));function ub(t,e,n){const r=Vr(new TextEncoder().encode(t)),i=Vr(new TextEncoder().encode(e)),s=Vr(n);return r+"."+i+"."+s}function pb(t,e){const n=Vr(new TextEncoder().encode(t)),r=Vr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const fb="https://appleid.apple.com/auth/authorize",hb="https://appleid.apple.com/auth/token";class Dg{constructor(e,n,r,i,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(fb);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Ur(hb,n);return await Fs(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,pb(r,i)));return ub(r,i,s)}}const gb="https://www.facebook.com/v16.0/dialog/oauth",mb="https://graph.facebook.com/v16.0/oauth/access_token";class Hg{constructor(e,n,r){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(gb);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Ur(mb,n);return await Fs(r)}}const _b="https://accounts.google.com/o/oauth2/v2/auth",Bp="https://oauth2.googleapis.com/token",yb="https://oauth2.googleapis.com/revoke";let Fg=class{constructor(e,n,r){te(this,"client");this.client=new od(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(_b,e,ni.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(Bp,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(Bp,e,[])}async revokeToken(e){await this.client.revokeToken(yb,e)}};const Zo=o.z.object({iss:o.z.string().url(),sub:o.z.string(),aud:o.z.string(),exp:o.z.number(),email:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),name:o.z.string().optional(),iat:o.z.number(),auth_time:o.z.number().optional(),nonce:o.z.string().optional(),acr:o.z.string().optional(),amr:o.z.array(o.z.string()).optional(),azp:o.z.string().optional(),at_hash:o.z.string().optional(),c_hash:o.z.string().optional()}).passthrough();Zo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function wb(t){return t.ISSUER}function at(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function je(t){return t.OAUTH_API_URL||t.ISSUER}function Kg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function vb(t,e){var l,d;const{options:n,keyArray:r}=Kg(e),i=new Dg(n.client_id,n.team_id,n.kid,r,`${je(t.env)}callback`),s=ke(),a=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((d=n.scope)==null?void 0:d.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&a.searchParams.set("response_mode","form_post"),{redirectUrl:a.href,code:s}}async function bb(t,e,n){const{options:r,keyArray:i}=Kg(e),a=await new Dg(r.client_id,r.team_id,r.kid,i,`${je(t.env)}callback`).validateAuthorizationCode(n),c=ll(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Zo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const xb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:vb,validateAuthorizationCodeAndGetUser:bb},Symbol.toStringTag,{value:"Module"}));async function kb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new Hg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke();return{redirectUrl:r.createAuthorizationURL(i,((a=n.scope)==null?void 0:a.split(" "))||["email"]).href,code:i}}async function Sb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new Hg(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const Ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:kb,validateAuthorizationCodeAndGetUser:Sb},Symbol.toStringTag,{value:"Module"}));async function zb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Fg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke(),s=ob();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function Eb(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const a=await new Fg(i.client_id,i.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n,r),c=ll(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Zo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:zb,validateAuthorizationCodeAndGetUser:Eb},Symbol.toStringTag,{value:"Module"}));async function Cb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new od(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((a=n.scope)==null?void 0:a.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function Nb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new od(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=ll(s.idToken());if(!a)throw new Error("Invalid ID token");const c=Zo.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new I(400,{message:"Failed to get user from vipps"});return await l.json()}const jb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Cb,validateAuthorizationCodeAndGetUser:Nb},Symbol.toStringTag,{value:"Module"}));function Wg(t,e){const n=t.env.STRATEGIES||{},i={apple:xb,facebook:Ab,"google-oauth2":Ib,vipps:jb,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Yo(t,e){const n=await t.data.clients.get(e);if(!n)throw new I(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},a=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(f=>f.name===c.name);return l!=null&&l.options?Jt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${at(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${at(t)}info`],connections:a,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Xo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return $b(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function $b(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function Ob(t,e,n,r){if(!r.state)throw new I(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=we(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new I(403,{message:"Connection Not Found"})}let s=await t.env.data.loginSessions.get(e.tenant.id,r.state);s||(s=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:r,csrf_token:ke(),...cn(t.req)}));const c=await Wg(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+W0*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Rp(t,{code:e,state:n}){var h;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new I(403,{message:"State not found"});const s=await r.data.loginSessions.get(t.var.tenant_id||"",i.login_id);if(!s)throw new I(403,{message:"Session not found"});const a=await Yo(r,s.authParams.client_id);t.set("client_id",a.id),t.set("tenant_id",a.tenant.id);const c=a.connections.find(_=>_.id===i.connection_id);if(!c){const _=we(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(a.tenant.id,_),new I(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=we(t,{type:he.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(a.tenant.id,_),new I(403,{message:"Redirect URI not defined"})}if(!Xo(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,v=we(t,{type:he.FAILED_LOGIN,description:_});throw await r.data.logs.create(a.tenant.id,v),new I(403,{message:_})}const d=await Wg(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...f}=d;t.set("user_id",p);const m=((h=d.email)==null?void 0:h.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const w=await so(t,{client:a,username:m,provider:c.strategy,connection:c.name,userId:p,profileData:f,isSocial:!0,ip:t.req.header("x-real-ip")});return ln(t,{client:a,authParams:s.authParams,loginSession:s,user:w})}async function Lp(t,e,n,r,i,s){const a=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!a)throw new I(400,{message:"State not found"});const c=await t.env.data.loginSessions.get(t.var.tenant_id,a.login_id);if(!c)throw new I(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new I(400,{message:"Redirect uri not found"});const d=we(t,{type:he.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});zt(t,t.env.data.logs.create(t.var.tenant_id,d));const p=new URL(l);return Zv(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${at(t.env)}enter-email?state=${c.id}&error=${n}`)}const Tb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("query");if(r)return Lp(t,e,r,i,s,a);if(!n)throw new I(400,{message:"Code is required"});return Rp(t,{code:n,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("form");if(r)return Lp(t,e,r,i,s,a);if(!n)throw new I(400,{message:"Code is required"});return Rp(t,{code:n,state:e})}),Pb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Xo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new I(400,{message:"Invalid redirect uri"});const a=t.req.header("cookie");if(a){const l=ls(r.tenant.id,a);if(l){const d=await t.env.data.sessions.get(r.tenant.id,l);if(d){const p=await t.env.data.users.get(r.tenant.id,d.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection));const f=await t.env.data.refreshTokens.list(r.tenant.id,{q:`session_id=${l}`,page:0,per_page:100,include_totals:!1});await Promise.all(f.refresh_tokens.map(m=>t.env.data.refreshTokens.remove(r.tenant.id,m.id))),await t.env.data.sessions.update(r.tenant.id,l,{revoked_at:new Date().toISOString()})}}}const c=we(t,{type:he.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":X0(r.tenant.id,t.req.header("host")),location:s}})}),Up=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),Bb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:Up}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new I(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new I(404,{message:"User not found"});return t.json(Up.parse({...e,sub:e.user_id}))}),Rb=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:mf}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new id(r.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return ol.parse({...a,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${$i}, stale-while-revalidate=${$i*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Ia}},description:"List of tenants"}}}),async t=>{const e=Ia.parse({issuer:wb(t.env),authorization_endpoint:`${je(t.env)}authorize`,token_endpoint:`${je(t.env)}oauth/token`,device_authorization_endpoint:`${je(t.env)}oauth/device/code`,userinfo_endpoint:`${je(t.env)}userinfo`,mfa_challenge_endpoint:`${je(t.env)}mfa/challenge`,jwks_uri:`${je(t.env)}.well-known/jwks.json`,registration_endpoint:`${je(t.env)}oidc/register`,revocation_endpoint:`${je(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${$i}, stale-while-revalidate=${$i*2}, stale-if-error=86400`}})});function Fi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Gg=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function Lb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Invalid client credentials"});if(n.client_secret&&!Fi(n.client_secret,e.client_secret))throw new I(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await no(t,{authParams:r,client:n});return t.json(i)}const Ub=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function Vb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new I(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new I(403,{message:"Code expired"});if(r.used_at)throw new I(403,{message:"Code already used"});const i=await t.env.data.loginSessions.get(n.tenant.id,r.login_id);if(!i)throw new I(403,{message:"Invalid login"});if("client_secret"in e){const a=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Fi(n.client_secret,e.client_secret)&&!Fi(a==null?void 0:a.client_secret,e.client_secret))throw new I(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const a=await D0(e.code_verifier,i.authParams.code_challenge_method);if(!Fi(a,i.authParams.code_challenge||""))throw new I(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new I(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new I(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),ln(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Rt.WEB_MESSAGE}})}const qb=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function Mb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new I(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new I(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new I(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const a=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:a.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return ln(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Rt.WEB_MESSAGE}})}function ad(t){return t.includes("@")?"email":"sms"}const Db=o.z.object({client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),otp:o.z.string(),authParams:Mr.optional()});async function Jg(t,{client_id:e,username:n,otp:r,authParams:i}){const s=await t.env.data.clients.get(e);if(!s)throw new I(403,{message:"Client not found"});return cd(t,s,i||{client_id:e,response_type:It.TOKEN_ID_TOKEN,response_mode:Rt.WEB_MESSAGE},n,r)}async function cd(t,e,n,r,i,s,a){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new I(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new I(400,{message:"Code expired"});if(l.used_at)throw new I(400,{message:"Code already used"});const d=ad(r),p=await c.data.loginSessions.get(e.tenant.id,l.login_id);if(!p||p.authParams.username!==r)throw new I(400,{message:"Code not found or expired"});const f=cn(t.req);if(a&&p.ip!==f.ip)return t.redirect(`${at(t.env)}invalid-session?state=${p.id}`);if(n.redirect_uri&&!Xo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new I(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const m=await so(t,{client:e,username:r,provider:d,connection:d,isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),ln(t,{user:m,client:e,loginSession:p,authParams:n,ticketAuth:s})}const Vp=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),Hb=o.z.union([Gg.extend(Vp.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...Vp.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:o.z.string(),username:o.z.string(),otp:o.z.string(),realm:o.z.enum(["email","sms"])})]);function Fb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const Kb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Hb}}}},responses:{200:{content:{"application/json":{schema:xf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=Fb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new I(400,{message:"client_id is required"});switch(t.set("client_id",r.client_id),e.grant_type){case Wn.AuthorizationCode:return Vb(t,Ub.parse(r));case Wn.ClientCredential:return Lb(t,Gg.parse(r));case Wn.RefreshToken:return Mb(t,qb.parse(r));case Wn.OTP:return Jg(t,Db.parse(r));default:throw new I(400,{message:"Not implemented"})}});var ld={exports:{}};const dd=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Zg=(t,e=dd,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};ld.exports={passwordStrength:Zg,defaultOptions:dd};var Wb=ld.exports.passwordStrength=Zg;ld.exports.defaultOptions=dd;function ud(t){return Wb(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Ai(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new I(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new I(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function Gb(t,e){var a,c;const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new I(500,{message:"Tenant not found"});const r=(await t.env.data.connections.list(t.var.tenant_id)).connections.find(l=>l.strategy==="sms")||(t.env.DEFAULT_TENANT_ID?(await t.env.data.connections.list(t.env.DEFAULT_TENANT_ID)).connections.find(l=>l.strategy==="sms"):null);if(!r)throw new I(500,{message:"SMS provider not found"});const i=((a=r.options)==null?void 0:a.provider)||"twilio",s=(c=t.env.smsProviders)==null?void 0:c[i];if(!s)throw new I(500,{message:"SMS provider not found"});await s({options:r.options,to:e.to,text:e.text,template:"auth-code",data:{code:e.code,tenantName:n.name,tenantId:n.id}})}async function Yg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});const s=`${at(t.env)}reset-password?state=${r}&code=${n}`,a={vendorName:i.name,lng:i.language||"en"};await Ai(t,{to:e,subject:re("reset_password_title",a),html:`Click here to reset your password: ${at(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:re("password_reset_title",a),resetPasswordEmailClickToReset:re("reset_password_email_click_to_reset",a),resetPasswordEmailReset:re("reset_password_email_reset",a),supportInfo:re("support_info",a),contactUs:re("contact_us",a),copyright:re("copyright",a),tenantName:i.name,tenantId:i.id}})}async function Xg(t,{to:e,code:n}){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new I(500,{message:"Tenant not found"});const i=ad(e),s=new URL(at(t.env)),a={vendorName:r.name,vendorId:r.id,loginDomain:s.hostname,code:n,lng:r.language||"en"};i==="email"?await Ai(t,{to:e,subject:re("code_email_subject",a),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",buttonColor:r.primary_color||"",welcomeToYourAccount:re("welcome_to_your_account",a),linkEmailClickToLogin:re("link_email_click_to_login",a),linkEmailLogin:re("link_email_login",a),linkEmailOrEnterCode:re("link_email_or_enter_code",a),codeValid30Mins:re("code_valid_30_minutes",a),supportInfo:re("support_info",a),contactUs:re("contact_us",a),copyright:re("copyright",a)}}):i==="sms"&&await Gb(t,{to:e,text:re("sms_code_text",a),code:n});const c=we(t,{type:he.CODE_LINK_SENT,description:e});zt(t,t.env.data.logs.create(r.id,c))}async function pd(t,{to:e,code:n,authParams:r}){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new I(400,{message:"redirect_uri is required"});const s=ad(e),a=new URL(je(t.env));a.pathname="passwordless/verify_redirect",a.searchParams.set("verification_code",n),a.searchParams.set("connection",s),a.searchParams.set("client_id",r.client_id),a.searchParams.set("redirect_uri",r.redirect_uri),a.searchParams.set("email",e),r.response_type&&a.searchParams.set("response_type",r.response_type),r.scope&&a.searchParams.set("scope",r.scope),r.state&&a.searchParams.set("state",r.state),r.nonce&&a.searchParams.set("nonce",r.nonce),r.code_challenge&&a.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&a.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&a.searchParams.set("audience",r.audience);const c={vendorName:i.name,code:n,lng:i.language||"en"};if(s!=="email")throw new I(400,{message:"Only email connections are supported for magic links"});await Ai(t,{to:e,subject:re("code_email_subject",c),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:a.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:re("welcome_to_your_account",c),linkEmailClickToLogin:re("link_email_click_to_login",c),linkEmailLogin:re("link_email_login",c),linkEmailOrEnterCode:re("link_email_or_enter_code",c),codeValid30Mins:re("code_valid_30_minutes",c),supportInfo:re("support_info",c),contactUs:re("contact_us",c),copyright:re("copyright",c)}});const l=we(t,{type:he.CODE_LINK_SENT,description:e});zt(t,t.env.data.logs.create(i.id,l))}async function fd(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new I(500,{message:"Tenant not found"});if(!e.email)throw new I(400,{message:"User has no email"});const r={vendorName:n.name,lng:n.language||"en"};await Ai(t,{to:e.email,subject:re("welcome_to_your_account",r),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${at(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:re("welcome_to_your_account",r),verifyEmailVerify:re("verify_email_verify",r),supportInfo:re("support_info",r),contactUs:re("contact_us",r),copyright:re("copyright",r)}})}async function Jb(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});const s={vendorName:i.name,lng:i.language||"en"},a=`${at(t.env)}signup?state=${r}&code=${n}`;await Ai(t,{to:e,subject:re("register_password_account",s),html:`Click here to register: ${a}`,template:"auth-pre-signup-verification",data:{vendorName:i.name,logo:i.logo||"",signupUrl:a,setPassword:re("set_password",s),registerPasswordAccount:re("register_password_account",s),clickToSignUpDescription:re("click_to_sign_up_description",s),supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",welcomeToYourAccount:re("welcome_to_your_account",s),verifyEmailVerify:re("verify_email_verify",s),supportInfo:re("support_info",s),contactUs:re("contact_us",s),copyright:re("copyright",s)}})}const Zb=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string().optional(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new I(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!ud(n))throw new I(400,{message:"Password does not meet the requirements"});if(await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:e,provider:"auth2"}))throw new I(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Qs()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await oi.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await fd(t,a);const l=we(t,{type:he.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new I(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await fr({userAdapter:t.env.data.users,tenant_id:r.tenant.id,username:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:s,csrf_token:ke(),...cn(t.req)});return await Yg(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Pn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}const Yb=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({connection:o.z.literal("email"),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:Mr.omit({client_id:!0})}),o.z.object({client_id:o.z.string(),connection:o.z.literal("sms"),phone_number:o.z.string(),send:o.z.enum(["link","code"]),authParams:Mr.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,send:i,authParams:s,connection:a}=e,c=await t.env.data.clients.get(r);if(!c)throw new I(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=a==="email"?e.email:e.phone_number,d=await n.data.loginSessions.create(c.tenant.id,{authParams:{...s,client_id:r,username:l},expires_at:new Date(Date.now()+ja).toISOString(),csrf_token:ke(),...cn(t.req)}),p=await n.data.codes.create(c.tenant.id,{code_id:Pn(),code_type:"otp",login_id:d.id,expires_at:new Date(Date.now()+ja).toISOString()});return i==="link"?await pd(t,{to:l,code:p.code_id,authParams:{...s,client_id:r}}):await Xg(t,{to:l,code:p.code_id}),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(It),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:d,nonce:p}=t.req.valid("query"),f=await Yo(e,n);return t.set("client_id",f.id),t.set("tenant_id",f.tenant.id),t.set("connection","email"),cd(t,f,{client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:d},r,i,!1,!0)});class jr extends I{constructor(n,r){super(n,r);te(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function hd(t,e,n,r,i){const{env:s}=t,{username:a}=n;if(t.set("username",a),!a)throw new I(400,{message:"Username is required"});const c=await fr({userAdapter:t.env.data.users,tenant_id:e.tenant.id,username:a,provider:"auth2"});if(!c){const h=we(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new jr(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const d=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(d&&await oi.compare(n.password,d.password))){const h=we(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(h=>h.type===he.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(h.date)>new Date(Date.now()-1e3*60*5)).length>=3){const h=we(t,{type:he.FAILED_LOGIN,description:"Too many failed login attempts"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await fd(t,c);const h=we(t,{type:he.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,h),new jr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const w=we(t,{type:he.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return zt(t,t.env.data.logs.create(e.tenant.id,w)),ln(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Xb(t,e,n,r){await so(t,{client:e,username:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=Pn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Pn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Z0).toISOString(),authParams:{client_id:e.id,username:n},csrf_token:ke(),...cn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:a.id,expires_at:new Date(Date.now()+J0).toISOString()});await Yg(t,n,c.code_id,r)}const Qb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new I(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return cd(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const a=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:ke(),...cn(t.req)});return hd(t,i,{username:s,password:e.password,client_id:n},a,!0)}else throw new I(400,{message:"Code or password required"})});function e1(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ya(t))==null?void 0:r.host)??null;if(!n)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((i=ya(a))==null?void 0:i.host)??null:c=((s=ya("https://"+a))==null?void 0:s.host)??null,n===c)return!0}return!1}function ya(t){try{return new URL(t)}catch{return null}}async function t1({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:r,csrf_token:ke(),authorization_url:t.req.url,...cn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return ln(t,{client:n,loginSession:a,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=Pn();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:a.id,expires_at:new Date(Date.now()+Qn*1e3).toISOString()}),await pd(t,{code:c,to:s,authParams:r}),t.redirect(`/u/enter-code?state=${a.id}`)}return e?t.redirect(`/u/check-account?state=${a.id}`):t.redirect(`/u/enter-email?state=${a.id}`)}function n1(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new I(403,{message:"Invalid realm"})}async function r1(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new I(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new I(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new I(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const d=n1(i);let p=await so(t,{username:c.authParams.username,provider:d,client:l,connection:d==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email||p.phone_number),t.set("user_id",p.user_id);const f=await Ff(t,{user:p,client:l,loginSession:c});return ln(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:f.id,user:p,client:l})}async function qp(t,e){return`<!DOCTYPE html>
+`,r}async function Ev(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return Na(await jf(s))}const Iv=1e3*60*60*24,Cv=new o.OpenAPIHono().openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Ca)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ca}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new I(404,{message:"Key not found"});return t.json(r)}).openapi(o.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+Iv).toISOString()});const n=await Yc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new I(404,{message:"Key not found"});const r=await Yc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),Nv=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:o.z.object({email:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.array(il)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await gl(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),jv=on.extend({clients:o.z.array(mn)}),$v=new o.OpenAPIHono().openapi(o.createRoute({tags:["clients"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([jv,o.z.array(mn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(o.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new I(404);return t.json(i)}).openapi(o.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new I(404,{message:"Application not found"});return t.text("OK")}).openapi(o.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new I(404,{message:"Application not found"});return t.json(s)}).openapi(o.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:o.z.object(mn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||ke(),client_secret:n.client_secret||ke()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()});Zs.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any());const Ov=on.extend({tenants:o.z.array(Jn)}),Tv=new o.OpenAPIHono().openapi(o.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:tn},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.union([o.z.array(Jn),Ov])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),a=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:hr(i),q:s});return r?t.json(a):t.json(a.tenants)}).openapi(o.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Jn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new I(404);return t.json(n)}).openapi(o.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(ss.shape).partial()}}},params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(ss.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Jn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),Pv=on.extend({logs:o.z.array(as)}),Bv=new o.OpenAPIHono().openapi(o.createRoute({tags:["logs"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(as),Pv])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header"),c=await t.env.data.logs.list(a,{page:e,per_page:n,include_totals:r,sort:hr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(o.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:as}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new I(404);return t.json(r)}),Rv=on.extend({hooks:o.z.array(Kn)}),Lv=new o.OpenAPIHono().openapi(o.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Kn),Rv])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a});return i?t.json(c):t.json(c.hooks)}).openapi(o.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(os.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Kn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()}),body:{content:{"application/json":{schema:o.z.object(os.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Kn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new I(404,{message:"Hook not found"});return t.json(i)}).openapi(o.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Kn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new I(404,{message:"Hook not found"});return t.json(r)}).openapi(o.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new I(404,{message:"Hook not found"});return t.text("OK")}),Uv=on.extend({connections:o.z.array(Jt)}),Vv=new o.OpenAPIHono().openapi(o.createRoute({tags:["connections"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Jt),Uv])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:hr(s),q:a});return i?t.json(c):t.json(c.connections)}).openapi(o.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new I(404,{message:"Connection not found"});return t.text("OK")}).openapi(o.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(is.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new I(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new I(404,{message:"Connection not found"});return t.json(s)}).openapi(o.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(is.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Jt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),qv=new o.OpenAPIHono().openapi(o.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Li.parse({}))}).openapi(o.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let Ip=!1;function Rg(t){t.use(async(e,n)=>(Ip||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ip=!0),await n()))}o.z.object({alg:o.z.literal("RS256"),kty:o.z.literal("RSA"),use:o.z.literal("sig"),n:o.z.string(),e:o.z.string(),kid:o.z.string(),x5t:o.z.string(),x5c:o.z.array(o.z.string())});async function Mv(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new I(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function Dv(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),a=(await Mv(t.env)).find(l=>l.kid===e.header.kid);if(!a)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function Hv(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),a=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:a,raw:{header:e,payload:n,signature:r}}}function Lg(t){return async(e,n)=>{var i,s,a;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[d,p]=l.split(" ");if((d==null?void 0:d.toLowerCase())!=="bearer"||!p)throw new I(401,{message:"Missing bearer token"});const f=Hv(p);if(!f||!await Dv(e,f))throw new I(403,{message:"Invalid JWT signature"});e.set("user_id",f.payload.sub),e.set("user",f.payload);const m=f.payload.permissions||[],w=((a=f.payload.scope)==null?void 0:a.split(" "))||[];if(c.length&&!(c.some(h=>m.includes(h))||c.some(h=>w.includes(h))))throw new I(403,{message:"Unauthorized"})}return await n()}}const Fv=new o.OpenAPIHono().openapi(o.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ui}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new I(404,{message:"Email provider not found"});return t.json(n)}).openapi(o.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),Kv=new o.OpenAPIHono().openapi(o.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Xs}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new I(404,{message:"Session not found"});return t.text("OK")}).openapi(o.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new I(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),Wv=new o.OpenAPIHono().openapi(o.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:al}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new I(404,{message:"Session not found"});return t.text("OK")}),Gv=new o.OpenAPIHono().openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:tn,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Gt)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new I(404);return t.json(r)}).openapi(o.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new I(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(o.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(Gt.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new I(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new I(404);return t.json(s)}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(sl.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Gt}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Gt}},description:"The custom domain"}}}),async()=>{throw new I(501,{message:"Not implemented"})});async function sd(t,e){const n=t.req.header("x-forwarded-host");if(n){const i=await t.env.data.customDomains.getByDomain(n);if(i)return t.set("tenant_id",i.tenant_id),t.set("custom_domain",n),await e()}const r=t.req.header("host");if(r){const i=r.split(".");if(i.length>1&&typeof i[0]=="string"){const s=i[0];await t.env.data.tenants.get(s)&&t.set("tenant_id",s)}}return await e()}function Jv(t){const e=new o.OpenAPIHono;e.use(af({origin:r=>{var i;return r&&(i=t.allowedOrigins)!=null&&i.includes(r)?r:""},allowHeaders:["Tenant-Id","Content-Type","Content-Range","Auth0-Client","Authorization","Range","Upgrade-Insecure-Requests"],allowMethods:["POST","PUT","GET","DELETE","PATCH","OPTIONS"],exposeHeaders:["Content-Length","Content-Range"],maxAge:600,credentials:!0})),Rg(e),e.use(async(r,i)=>(r.env.data=ro(r,t.dataAdapter),i())),e.use(sd).use(Lg(e));const n=e.route("/branding",x0).route("/custom-domains",Gv).route("/email/providers",Fv).route("/users",jy).route("/keys",Cv).route("/users-by-email",Nv).route("/clients",$v).route("/tenants",Tv).route("/logs",Bv).route("/hooks",Lv).route("/connections",Vv).route("/prompts",qv).route("/sessions",Kv).route("/refresh_tokens",Wv);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),n}function Zv(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}var Cp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Cp||(Cp={}));var Np;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Np||(Np={}));function Yv(t){return Vg(t,Xv,ti.Include)}function Ug(t){return Vg(t,Qv,ti.None)}function Vg(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===ti.Include&&(r+="=")}return r}const Xv="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Qv="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var ti;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(ti||(ti={}));var jp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jp||(jp={}));class eb{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const $p=new eb;function kt(t,e){return(t<<32-e|t>>>e)>>>0}function tb(t){const e=new nb;return e.update(t),e.digest()}class nb{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),$p.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)$p.putUint32(e,this.H[n],n*4);return e}process(){for(let d=0;d<16;d++)this.w[d]=(this.blocks[d*4]<<24|this.blocks[d*4+1]<<16|this.blocks[d*4+2]<<8|this.blocks[d*4+3])>>>0;for(let d=16;d<64;d++){const p=(kt(this.w[d-2],17)^kt(this.w[d-2],19)^this.w[d-2]>>>10)>>>0,f=(kt(this.w[d-15],7)^kt(this.w[d-15],18)^this.w[d-15]>>>3)>>>0;this.w[d]=p+this.w[d-7]+f+this.w[d-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let d=0;d<64;d++){const p=(kt(s,6)^kt(s,11)^kt(s,25))>>>0,f=(s&a^~s&c)>>>0,m=l+p+f+rb[d]+this.w[d]|0,w=(kt(e,2)^kt(e,13)^kt(e,22))>>>0,h=(e&n^e&r^n&r)>>>0,_=w+h|0;l=c,c=a,a=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const rb=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class ib{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function sb(t){const e=tb(new TextEncoder().encode(t));return Ug(e)}function ob(){const t=new Uint8Array(32);return crypto.getRandomValues(t),Ug(t)}function Ur(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function _a(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Yv(n)}async function Fs(t){let e;try{e=await fetch(t)}catch(n){throw new Mg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);let r;try{r=qg(n)}catch{throw new Xn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);return new ib(n)}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}async function ab(t){let e;try{e=await fetch(t)}catch(n){throw new Mg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Xn(e.status,null)}if(typeof n!="object"||n===null)throw new Xn(e.status,n);let r;try{r=qg(n)}catch{throw new Xn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}function qg(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new cb(e,n,r,i)}class Mg extends Error{constructor(e){super("Failed to send request",{cause:e})}}class cb extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Hi extends Error{constructor(n){super("Unexpected error response");te(this,"status");this.status=n}}class Xn extends Error{constructor(n,r){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=n,this.data=r}}class od{constructor(e,n,r){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const a=new URL(e);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),r===ni.S256){const c=sb(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else r===ni.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",i));return s.length>0&&a.searchParams.set("scope",s.join(" ")),a}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Ur(e,i);if(this.clientPassword!==null){const c=_a(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Fs(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Ur(e,i);if(this.clientPassword!==null){const c=_a(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Fs(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Ur(e,r);if(this.clientPassword!==null){const s=_a(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await ab(i)}}var ni;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(ni||(ni={}));var Op;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Op||(Op={}));var Tp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Tp||(Tp={}));function Vr(t){return lb(t,db,Ks.None)}function lb(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===Ks.Include&&(r+="=")}return r}const db="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Ks;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ks||(Ks={}));var Pp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Pp||(Pp={}));function ub(t,e,n){const r=Vr(new TextEncoder().encode(t)),i=Vr(new TextEncoder().encode(e)),s=Vr(n);return r+"."+i+"."+s}function pb(t,e){const n=Vr(new TextEncoder().encode(t)),r=Vr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const fb="https://appleid.apple.com/auth/authorize",hb="https://appleid.apple.com/auth/token";class Dg{constructor(e,n,r,i,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(fb);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Ur(hb,n);return await Fs(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,pb(r,i)));return ub(r,i,s)}}const gb="https://www.facebook.com/v16.0/dialog/oauth",mb="https://graph.facebook.com/v16.0/oauth/access_token";class Hg{constructor(e,n,r){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(gb);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Ur(mb,n);return await Fs(r)}}const _b="https://accounts.google.com/o/oauth2/v2/auth",Bp="https://oauth2.googleapis.com/token",yb="https://oauth2.googleapis.com/revoke";let Fg=class{constructor(e,n,r){te(this,"client");this.client=new od(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(_b,e,ni.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(Bp,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(Bp,e,[])}async revokeToken(e){await this.client.revokeToken(yb,e)}};const Zo=o.z.object({iss:o.z.string().url(),sub:o.z.string(),aud:o.z.string(),exp:o.z.number(),email:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),name:o.z.string().optional(),iat:o.z.number(),auth_time:o.z.number().optional(),nonce:o.z.string().optional(),acr:o.z.string().optional(),amr:o.z.array(o.z.string()).optional(),azp:o.z.string().optional(),at_hash:o.z.string().optional(),c_hash:o.z.string().optional()}).passthrough();Zo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function wb(t){return t.ISSUER}function at(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function je(t){return t.OAUTH_API_URL||t.ISSUER}function Kg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function vb(t,e){var l,d;const{options:n,keyArray:r}=Kg(e),i=new Dg(n.client_id,n.team_id,n.kid,r,`${je(t.env)}callback`),s=ke(),a=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((d=n.scope)==null?void 0:d.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&a.searchParams.set("response_mode","form_post"),{redirectUrl:a.href,code:s}}async function bb(t,e,n){const{options:r,keyArray:i}=Kg(e),a=await new Dg(r.client_id,r.team_id,r.kid,i,`${je(t.env)}callback`).validateAuthorizationCode(n),c=ll(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Zo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const xb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:vb,validateAuthorizationCodeAndGetUser:bb},Symbol.toStringTag,{value:"Module"}));async function kb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new Hg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke();return{redirectUrl:r.createAuthorizationURL(i,((a=n.scope)==null?void 0:a.split(" "))||["email"]).href,code:i}}async function Sb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new Hg(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const Ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:kb,validateAuthorizationCodeAndGetUser:Sb},Symbol.toStringTag,{value:"Module"}));async function zb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Fg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke(),s=ob();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function Eb(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const a=await new Fg(i.client_id,i.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n,r),c=ll(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Zo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:zb,validateAuthorizationCodeAndGetUser:Eb},Symbol.toStringTag,{value:"Module"}));async function Cb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new od(n.client_id,n.client_secret,`${je(t.env)}callback`),i=ke(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((a=n.scope)==null?void 0:a.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function Nb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new od(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=ll(s.idToken());if(!a)throw new Error("Invalid ID token");const c=Zo.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new I(400,{message:"Failed to get user from vipps"});return await l.json()}const jb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Cb,validateAuthorizationCodeAndGetUser:Nb},Symbol.toStringTag,{value:"Module"}));function Wg(t,e){const n=t.env.STRATEGIES||{},i={apple:xb,facebook:Ab,"google-oauth2":Ib,vipps:jb,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Yo(t,e){const n=await t.data.clients.get(e);if(!n)throw new I(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},a=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(f=>f.name===c.name);return l!=null&&l.options?Jt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${at(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${at(t)}info`],connections:a,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Xo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return $b(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function $b(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function Ob(t,e,n,r){if(!r.state)throw new I(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=we(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new I(403,{message:"Connection Not Found"})}let s=await t.env.data.loginSessions.get(e.tenant.id,r.state);s||(s=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:r,csrf_token:ke(),...cn(t.req)}));const c=await Wg(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+W0*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Rp(t,{code:e,state:n}){var h;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new I(403,{message:"State not found"});const s=await r.data.loginSessions.get(t.var.tenant_id||"",i.login_id);if(!s)throw new I(403,{message:"Session not found"});const a=await Yo(r,s.authParams.client_id);t.set("client_id",a.id),t.set("tenant_id",a.tenant.id);const c=a.connections.find(_=>_.id===i.connection_id);if(!c){const _=we(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(a.tenant.id,_),new I(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=we(t,{type:he.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(a.tenant.id,_),new I(403,{message:"Redirect URI not defined"})}if(!Xo(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,v=we(t,{type:he.FAILED_LOGIN,description:_});throw await r.data.logs.create(a.tenant.id,v),new I(403,{message:_})}const d=await Wg(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...f}=d;t.set("user_id",p);const m=((h=d.email)==null?void 0:h.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const w=await so(t,{client:a,username:m,provider:c.strategy,connection:c.name,userId:p,profileData:f,isSocial:!0,ip:t.req.header("x-real-ip")});return ln(t,{client:a,authParams:s.authParams,loginSession:s,user:w})}async function Lp(t,e,n,r,i,s){const a=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!a)throw new I(400,{message:"State not found"});const c=await t.env.data.loginSessions.get(t.var.tenant_id,a.login_id);if(!c)throw new I(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new I(400,{message:"Redirect uri not found"});const d=we(t,{type:he.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});zt(t,t.env.data.logs.create(t.var.tenant_id,d));const p=new URL(l);return Zv(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${at(t.env)}login/identifier?state=${c.id}&error=${n}`)}const Tb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("query");if(r)return Lp(t,e,r,i,s,a);if(!n)throw new I(400,{message:"Code is required"});return Rp(t,{code:n,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("form");if(r)return Lp(t,e,r,i,s,a);if(!n)throw new I(400,{message:"Code is required"});return Rp(t,{code:n,state:e})}),Pb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Xo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new I(400,{message:"Invalid redirect uri"});const a=t.req.header("cookie");if(a){const l=ls(r.tenant.id,a);if(l){const d=await t.env.data.sessions.get(r.tenant.id,l);if(d){const p=await t.env.data.users.get(r.tenant.id,d.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection));const f=await t.env.data.refreshTokens.list(r.tenant.id,{q:`session_id=${l}`,page:0,per_page:100,include_totals:!1});await Promise.all(f.refresh_tokens.map(m=>t.env.data.refreshTokens.remove(r.tenant.id,m.id))),await t.env.data.sessions.update(r.tenant.id,l,{revoked_at:new Date().toISOString()})}}}const c=we(t,{type:he.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":X0(r.tenant.id,t.req.header("host")),location:s}})}),Up=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),Bb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:Up}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new I(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new I(404,{message:"User not found"});return t.json(Up.parse({...e,sub:e.user_id}))}),Rb=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:mf}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new id(r.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return ol.parse({...a,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${$i}, stale-while-revalidate=${$i*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Ia}},description:"List of tenants"}}}),async t=>{const e=Ia.parse({issuer:wb(t.env),authorization_endpoint:`${je(t.env)}authorize`,token_endpoint:`${je(t.env)}oauth/token`,device_authorization_endpoint:`${je(t.env)}oauth/device/code`,userinfo_endpoint:`${je(t.env)}userinfo`,mfa_challenge_endpoint:`${je(t.env)}mfa/challenge`,jwks_uri:`${je(t.env)}.well-known/jwks.json`,registration_endpoint:`${je(t.env)}oidc/register`,revocation_endpoint:`${je(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${$i}, stale-while-revalidate=${$i*2}, stale-if-error=86400`}})});function Fi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Gg=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function Lb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Invalid client credentials"});if(n.client_secret&&!Fi(n.client_secret,e.client_secret))throw new I(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await no(t,{authParams:r,client:n});return t.json(i)}const Ub=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function Vb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new I(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new I(403,{message:"Code expired"});if(r.used_at)throw new I(403,{message:"Code already used"});const i=await t.env.data.loginSessions.get(n.tenant.id,r.login_id);if(!i)throw new I(403,{message:"Invalid login"});if("client_secret"in e){const a=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Fi(n.client_secret,e.client_secret)&&!Fi(a==null?void 0:a.client_secret,e.client_secret))throw new I(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const a=await D0(e.code_verifier,i.authParams.code_challenge_method);if(!Fi(a,i.authParams.code_challenge||""))throw new I(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new I(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new I(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),ln(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Rt.WEB_MESSAGE}})}const qb=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function Mb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new I(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new I(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new I(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new I(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const a=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:a.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return ln(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Rt.WEB_MESSAGE}})}function ad(t){return t.includes("@")?"email":"sms"}const Db=o.z.object({client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),otp:o.z.string(),authParams:Mr.optional()});async function Jg(t,{client_id:e,username:n,otp:r,authParams:i}){const s=await t.env.data.clients.get(e);if(!s)throw new I(403,{message:"Client not found"});return cd(t,s,i||{client_id:e,response_type:It.TOKEN_ID_TOKEN,response_mode:Rt.WEB_MESSAGE},n,r)}async function cd(t,e,n,r,i,s,a){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new I(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new I(400,{message:"Code expired"});if(l.used_at)throw new I(400,{message:"Code already used"});const d=ad(r),p=await c.data.loginSessions.get(e.tenant.id,l.login_id);if(!p||p.authParams.username!==r)throw new I(400,{message:"Code not found or expired"});const f=cn(t.req);if(a&&p.ip!==f.ip)return t.redirect(`${at(t.env)}invalid-session?state=${p.id}`);if(n.redirect_uri&&!Xo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new I(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const m=await so(t,{client:e,username:r,provider:d,connection:d,isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),ln(t,{user:m,client:e,loginSession:p,authParams:n,ticketAuth:s})}const Vp=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),Hb=o.z.union([Gg.extend(Vp.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...Vp.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:o.z.string(),username:o.z.string(),otp:o.z.string(),realm:o.z.enum(["email","sms"])})]);function Fb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const Kb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Hb}}}},responses:{200:{content:{"application/json":{schema:xf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=Fb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new I(400,{message:"client_id is required"});switch(t.set("client_id",r.client_id),e.grant_type){case Wn.AuthorizationCode:return Vb(t,Ub.parse(r));case Wn.ClientCredential:return Lb(t,Gg.parse(r));case Wn.RefreshToken:return Mb(t,qb.parse(r));case Wn.OTP:return Jg(t,Db.parse(r));default:throw new I(400,{message:"Not implemented"})}});var ld={exports:{}};const dd=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Zg=(t,e=dd,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};ld.exports={passwordStrength:Zg,defaultOptions:dd};var Wb=ld.exports.passwordStrength=Zg;ld.exports.defaultOptions=dd;function ud(t){return Wb(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Ai(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new I(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new I(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function Gb(t,e){var a,c;const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new I(500,{message:"Tenant not found"});const r=(await t.env.data.connections.list(t.var.tenant_id)).connections.find(l=>l.strategy==="sms")||(t.env.DEFAULT_TENANT_ID?(await t.env.data.connections.list(t.env.DEFAULT_TENANT_ID)).connections.find(l=>l.strategy==="sms"):null);if(!r)throw new I(500,{message:"SMS provider not found"});const i=((a=r.options)==null?void 0:a.provider)||"twilio",s=(c=t.env.smsProviders)==null?void 0:c[i];if(!s)throw new I(500,{message:"SMS provider not found"});await s({options:r.options,to:e.to,text:e.text,template:"auth-code",data:{code:e.code,tenantName:n.name,tenantId:n.id}})}async function Yg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});const s=`${at(t.env)}reset-password?state=${r}&code=${n}`,a={vendorName:i.name,lng:i.language||"en"};await Ai(t,{to:e,subject:re("reset_password_title",a),html:`Click here to reset your password: ${at(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:re("password_reset_title",a),resetPasswordEmailClickToReset:re("reset_password_email_click_to_reset",a),resetPasswordEmailReset:re("reset_password_email_reset",a),supportInfo:re("support_info",a),contactUs:re("contact_us",a),copyright:re("copyright",a),tenantName:i.name,tenantId:i.id}})}async function Xg(t,{to:e,code:n}){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new I(500,{message:"Tenant not found"});const i=ad(e),s=new URL(at(t.env)),a={vendorName:r.name,vendorId:r.id,loginDomain:s.hostname,code:n,lng:r.language||"en"};i==="email"?await Ai(t,{to:e,subject:re("code_email_subject",a),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",buttonColor:r.primary_color||"",welcomeToYourAccount:re("welcome_to_your_account",a),linkEmailClickToLogin:re("link_email_click_to_login",a),linkEmailLogin:re("link_email_login",a),linkEmailOrEnterCode:re("link_email_or_enter_code",a),codeValid30Mins:re("code_valid_30_minutes",a),supportInfo:re("support_info",a),contactUs:re("contact_us",a),copyright:re("copyright",a)}}):i==="sms"&&await Gb(t,{to:e,text:re("sms_code_text",a),code:n});const c=we(t,{type:he.CODE_LINK_SENT,description:e});zt(t,t.env.data.logs.create(r.id,c))}async function pd(t,{to:e,code:n,authParams:r}){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new I(400,{message:"redirect_uri is required"});const s=ad(e),a=new URL(je(t.env));a.pathname="passwordless/verify_redirect",a.searchParams.set("verification_code",n),a.searchParams.set("connection",s),a.searchParams.set("client_id",r.client_id),a.searchParams.set("redirect_uri",r.redirect_uri),a.searchParams.set("email",e),r.response_type&&a.searchParams.set("response_type",r.response_type),r.scope&&a.searchParams.set("scope",r.scope),r.state&&a.searchParams.set("state",r.state),r.nonce&&a.searchParams.set("nonce",r.nonce),r.code_challenge&&a.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&a.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&a.searchParams.set("audience",r.audience);const c={vendorName:i.name,code:n,lng:i.language||"en"};if(s!=="email")throw new I(400,{message:"Only email connections are supported for magic links"});await Ai(t,{to:e,subject:re("code_email_subject",c),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:a.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:re("welcome_to_your_account",c),linkEmailClickToLogin:re("link_email_click_to_login",c),linkEmailLogin:re("link_email_login",c),linkEmailOrEnterCode:re("link_email_or_enter_code",c),codeValid30Mins:re("code_valid_30_minutes",c),supportInfo:re("support_info",c),contactUs:re("contact_us",c),copyright:re("copyright",c)}});const l=we(t,{type:he.CODE_LINK_SENT,description:e});zt(t,t.env.data.logs.create(i.id,l))}async function fd(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new I(500,{message:"Tenant not found"});if(!e.email)throw new I(400,{message:"User has no email"});const r={vendorName:n.name,lng:n.language||"en"};await Ai(t,{to:e.email,subject:re("welcome_to_your_account",r),html:`Click here to validate your email: ${at(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${at(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:re("welcome_to_your_account",r),verifyEmailVerify:re("verify_email_verify",r),supportInfo:re("support_info",r),contactUs:re("contact_us",r),copyright:re("copyright",r)}})}async function Jb(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new I(500,{message:"Tenant not found"});const s={vendorName:i.name,lng:i.language||"en"},a=`${at(t.env)}signup?state=${r}&code=${n}`;await Ai(t,{to:e,subject:re("register_password_account",s),html:`Click here to register: ${a}`,template:"auth-pre-signup-verification",data:{vendorName:i.name,logo:i.logo||"",signupUrl:a,setPassword:re("set_password",s),registerPasswordAccount:re("register_password_account",s),clickToSignUpDescription:re("click_to_sign_up_description",s),supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",welcomeToYourAccount:re("welcome_to_your_account",s),verifyEmailVerify:re("verify_email_verify",s),supportInfo:re("support_info",s),contactUs:re("contact_us",s),copyright:re("copyright",s)}})}const Zb=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string().optional(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new I(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!ud(n))throw new I(400,{message:"Password does not meet the requirements"});if(await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:e,provider:"auth2"}))throw new I(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Qs()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await oi.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await fd(t,a);const l=we(t,{type:he.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new I(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await fr({userAdapter:t.env.data.users,tenant_id:r.tenant.id,username:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:s,csrf_token:ke(),...cn(t.req)});return await Yg(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Pn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}const Yb=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({connection:o.z.literal("email"),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:Mr.omit({client_id:!0})}),o.z.object({client_id:o.z.string(),connection:o.z.literal("sms"),phone_number:o.z.string(),send:o.z.enum(["link","code"]),authParams:Mr.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,send:i,authParams:s,connection:a}=e,c=await t.env.data.clients.get(r);if(!c)throw new I(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=a==="email"?e.email:e.phone_number,d=await n.data.loginSessions.create(c.tenant.id,{authParams:{...s,client_id:r,username:l},expires_at:new Date(Date.now()+ja).toISOString(),csrf_token:ke(),...cn(t.req)}),p=await n.data.codes.create(c.tenant.id,{code_id:Pn(),code_type:"otp",login_id:d.id,expires_at:new Date(Date.now()+ja).toISOString()});return i==="link"?await pd(t,{to:l,code:p.code_id,authParams:{...s,client_id:r}}):await Xg(t,{to:l,code:p.code_id}),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(It),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:d,nonce:p}=t.req.valid("query"),f=await Yo(e,n);return t.set("client_id",f.id),t.set("tenant_id",f.tenant.id),t.set("connection","email"),cd(t,f,{client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:d},r,i,!1,!0)});class jr extends I{constructor(n,r){super(n,r);te(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function hd(t,e,n,r,i){const{env:s}=t,{username:a}=n;if(t.set("username",a),!a)throw new I(400,{message:"Username is required"});const c=await fr({userAdapter:t.env.data.users,tenant_id:e.tenant.id,username:a,provider:"auth2"});if(!c){const h=we(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new jr(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const d=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(d&&await oi.compare(n.password,d.password))){const h=we(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(h=>h.type===he.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(h.date)>new Date(Date.now()-1e3*60*5)).length>=3){const h=we(t,{type:he.FAILED_LOGIN,description:"Too many failed login attempts"});throw zt(t,t.env.data.logs.create(e.tenant.id,h)),new jr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await fd(t,c);const h=we(t,{type:he.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,h),new jr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const w=we(t,{type:he.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return zt(t,t.env.data.logs.create(e.tenant.id,w)),ln(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Xb(t,e,n,r){await so(t,{client:e,username:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=Pn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Pn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Z0).toISOString(),authParams:{client_id:e.id,username:n},csrf_token:ke(),...cn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:a.id,expires_at:new Date(Date.now()+J0).toISOString()});await Yg(t,n,c.code_id,r)}const Qb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new I(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return cd(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const a=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:ke(),...cn(t.req)});return hd(t,i,{username:s,password:e.password,client_id:n},a,!0)}else throw new I(400,{message:"Code or password required"})});function e1(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ya(t))==null?void 0:r.host)??null;if(!n)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((i=ya(a))==null?void 0:i.host)??null:c=((s=ya("https://"+a))==null?void 0:s.host)??null,n===c)return!0}return!1}function ya(t){try{return new URL(t)}catch{return null}}async function t1({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+Qn*1e3).toISOString(),authParams:r,csrf_token:ke(),authorization_url:t.req.url,...cn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return ln(t,{client:n,loginSession:a,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=Pn();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:a.id,expires_at:new Date(Date.now()+Qn*1e3).toISOString()}),await pd(t,{code:c,to:s,authParams:r}),t.redirect(`/u/enter-code?state=${a.id}`)}return e?t.redirect(`/u/check-account?state=${a.id}`):t.redirect(`/u/login/identifier?state=${a.id}`)}function n1(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new I(403,{message:"Invalid realm"})}async function r1(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new I(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new I(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new I(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const d=n1(i);let p=await so(t,{username:c.authParams.username,provider:d,client:l,connection:d==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email||p.phone_number),t.set("user_id",p.user_id);const f=await Ff(t,{user:p,client:l,loginSession:c});return ln(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:f.id,user:p,client:l})}async function qp(t,e){return`<!DOCTYPE html>
   <html>
   <head>
@@ -216,10 +216,10 @@ PERFORMANCE OF THIS SOFTWARE.
         <\/script>
       `])))]})},Un=({children:t})=>y("div",{className:"mb-2 text-sm text-red",children:t}),O1=t=>t==="small"?"text-base":t==="medium"?"text-2xl":t==="large"?"text-3xl":"",pm=({size:t})=>{const e=O1(t);return y("div",{className:"relative inline-block leading-[0]",children:[y(Ge,{className:Dt("text-gray-200 dark:text-[#201a41]",{[e]:e}),name:"spinner-circle"}),y(Ge,{className:Dt("absolute inset-0 animate-spin text-primary",{[e]:e}),name:"spinner-inner"})]})},Ze=({children:t,className:e,Component:n="button",variant:r="primary",href:i,disabled:s,isLoading:a,id:c})=>{const l=n==="a"?{href:i}:{};return y(n,{class:Dt("btn relative w-full rounded-lg text-center",{"px-4 py-5":r!=="custom","bg-primary text-textOnPrimary hover:bg-primaryHover":r==="primary","border border-gray-300 bg-white text-black":r==="secondary","pointer-events-none cursor-not-allowed opacity-40":s,"is-loading":a},"focus:outline-none focus:ring",e),type:"submit",disabled:s,id:c,...l,children:[y("span",{className:"btn-label flex items-center justify-center space-x-2",children:t}),y("div",{className:"btn-spinner absolute left-0 top-0 flex h-full w-full items-center justify-center",children:y(pm,{size:"medium"})})]})},$r=({connection:t,text:e,icon:n=null,canResize:r=!1,loginSession:i})=>{const s=new URLSearchParams({client_id:i.authParams.client_id,connection:t});i.authParams.response_type&&s.set("response_type",i.authParams.response_type),i.authParams.redirect_uri&&s.set("redirect_uri",i.authParams.redirect_uri),i.authParams.scope&&s.set("scope",i.authParams.scope),i.authParams.nonce&&s.set("nonce",i.authParams.nonce),i.authParams.response_type&&s.set("response_type",i.authParams.response_type),i.authParams.state&&s.set("state",i.id);const a=`/authorize?${s.toString()}`;return y(Ze,{className:Dt("border border-gray-200 bg-white hover:bg-gray-100 dark:border-gray-400 dark:bg-black dark:hover:bg-black/90",{"px-0 py-3 sm:px-10 sm:py-4 short:px-0 short:py-3":r,"px-10 py-3":!r}),variant:"custom","aria-label":e,Component:"a",href:a,children:[n||"",y("div",{className:Dt("text-left text-black dark:text-white sm:text-base",{"hidden sm:inline short:hidden":r}),children:e})]})},fm=({...t})=>y("svg",{width:"45",height:"45",viewBox:"0 0 45 45",xmlns:"http://www.w3.org/2000/svg",...t,children:[y("path",{d:"M44.1035 23.0123C44.1054 21.4791 43.9758 19.9486 43.716 18.4375H22.498V27.1028H34.6507C34.4021 28.4868 33.8757 29.8061 33.1034 30.9812C32.3311 32.1562 31.3289 33.1628 30.1571 33.9401V39.5649H37.41C41.6567 35.6494 44.1035 29.859 44.1035 23.0123Z",fill:"#4285F4"}),y("path",{d:"M22.4982 44.9997C28.5698 44.9997 33.6821 43.0061 37.4101 39.5687L30.1573 33.9439C28.1386 35.3126 25.5387 36.0938 22.4982 36.0938C16.6296 36.0938 11.6485 32.1377 9.86736 26.8066H2.39575V32.6033C4.26839 36.3297 7.13989 39.4622 10.6896 41.6512C14.2394 43.8402 18.3277 44.9995 22.4982 44.9997Z",fill:"#34A853"}),y("path",{d:"M9.86737 26.8073C8.92572 24.0138 8.92572 20.9886 9.86737 18.1951V12.3984H2.39576C0.820432 15.5332 0 18.9929 0 22.5012C0 26.0095 0.820432 29.4692 2.39576 32.604L9.86737 26.8073Z",fill:"#FBBC04"}),y("path",{d:"M22.4982 8.90741C25.7068 8.85499 28.8071 10.0673 31.1291 12.2823L37.5507 5.86064C33.4788 2.03602 28.0843 -0.0637686 22.4982 0.00147616C18.3277 0.00166623 14.2394 1.16098 10.6896 3.34999C7.13989 5.539 4.26839 8.67155 2.39575 12.3979L9.86736 18.1946C11.6485 12.8635 16.6296 8.90741 22.4982 8.90741Z",fill:"#EA4335"})]}),Wt=({children:t,className:e})=>y("form",{id:"form",method:"post",className:e,children:t}),hm=({...t})=>y("svg",{version:"1.1",id:"Layer_1",xmlns:"http://www.w3.org/2000/svg",x:"0px",y:"0px",viewBox:"0 0 48 48",enableBackground:"new 0 0 48 48",width:"45",height:"45",...t,children:[y("path",{fill:"#FF5B24",d:"M3.5,8h41c1.9,0,3.5,1.6,3.5,3.5v25c0,1.9-1.6,3.5-3.5,3.5h-41C1.6,40,0,38.4,0,36.5v-25C0,9.6,1.6,8,3.5,8z"}),y("path",{fillRule:"evenodd",clipRule:"evenodd",fill:"#FFFFFF",d:`M27.9,20.3c1.4,0,2.6-1,2.6-2.5h0c0-1.5-1.2-2.5-2.6-2.5c-1.4,0-2.6,1-2.6,2.5C25.3,19.2,26.5,20.3,27.9,20.3z
     M31.2,24.4c-1.7,2.2-3.5,3.8-6.7,3.8h0c-3.2,0-5.8-2-7.7-4.8c-0.8-1.2-2-1.4-2.9-0.8c-0.8,0.6-1,1.8-0.3,2.9
-   c2.7,4.1,6.5,6.6,10.9,6.6c4,0,7.2-2,9.6-5.2c0.9-1.2,0.9-2.5,0-3.1C33.3,22.9,32.1,23.2,31.2,24.4z`})]}),el=({error:t,vendorSettings:e,loginSession:n,email:r,client:i,impersonation:s})=>{const a=i.connections.map(({name:m})=>m),c=a.includes("facebook"),l=a.includes("google-oauth2"),d=a.includes("apple"),p=a.includes("vipps"),f=c||l||d||p;return y(Ue,{title:B.t("welcome"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("welcome")}),y("div",{className:"mb-8 text-gray-300",children:B.t("login_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"mb-7",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:r||""}),s&&y("input",{type:"email",name:"act_as",placeholder:"Impersonate as",className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:""}),t&&y(Un,{children:t}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("continue")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})]}),f&&y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("continue_social_login")})]}),y("div",{className:"flex space-x-4 sm:flex-col sm:space-x-0 sm:space-y-4 short:flex-row short:space-x-4 short:space-y-0",children:[c&&y($r,{connection:"facebook",text:B.t("continue_with",{provider:"Facebook"}),canResize:!0,icon:y(Ge,{className:"text-xl text-[#1196F5] sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"facebook"}),loginSession:n}),l&&y($r,{connection:"google-oauth2",text:B.t("continue_with",{provider:"Google"}),canResize:!0,icon:y(fm,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),loginSession:n}),d&&y($r,{connection:"apple",text:B.t("continue_with",{provider:"Apple"}),canResize:!0,icon:y(Ge,{className:"text-xl text-black dark:text-white sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"apple"}),loginSession:n}),p&&y($r,{connection:"vipps",text:B.t("continue_with",{provider:"Vipps"}),canResize:!0,icon:y(hm,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),loginSession:n})]})]})]})},T1=["Auth0.swift"];function P1(t){if(!t)return"code";const e=atob(t),n=JSON.parse(e);return T1.includes(n.name)?"code":"link"}const B1=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),impersonation:o.z.string().optional()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,impersonation:n}=t.req.valid("query"),{vendorSettings:r,loginSession:i,client:s}=await Ee(t,e);return t.html(y(el,{vendorSettings:r,loginSession:i,client:s,email:i.authParams.username,impersonation:n==="true"}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({username:o.z.string().transform(t=>t.toLowerCase()),act_as:o.z.string().transform(t=>t.toLowerCase()).optional(),login_selection:o.z.enum(["code","password"]).optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),r=t.req.valid("form");t.set("body",r),t.set("username",r.username);const{client:i,loginSession:s,vendorSettings:a}=await Ee(t,n);t.set("client_id",i.id);const c=r.username,l=await io({userAdapter:e.data.users,tenant_id:i.tenant.id,email:c});if(l&&t.set("user_id",l.user_id),!l)try{await Cy(t,i,t.env.data,r.username)}catch{const w=we(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});return await t.env.data.logs.create(i.tenant.id,w),t.html(y(el,{vendorSettings:a,loginSession:s,error:B.t("user_account_does_not_exist"),email:r.username,client:i}),400)}if(s.authParams.username=r.username,s.authParams.act_as=r.act_as,await e.data.loginSessions.update(i.tenant.id,s.id,s),await z1(t,i,r.username,r.login_selection))return t.redirect(`/u/enter-password?state=${n}`);let d=Pn(),p=await e.data.codes.get(i.tenant.id,d,"otp");for(;p;)d=Pn(),p=await e.data.codes.get(i.tenant.id,d,"otp");const f=await t.env.data.codes.create(i.tenant.id,{code_id:d,code_type:"otp",login_id:s.id,expires_at:new Date(Date.now()+ja).toISOString()});return P1(s.auth0Client)==="link"&&!r.username.includes("online.no")?await pd(t,{to:r.username,code:f.code_id,authParams:s.authParams}):await Xg(t,{to:r.username,code:f.code_id}),t.redirect(`/u/enter-code?state=${n}`)}),yt=t=>y("a",{className:"block text-primary hover:text-primaryHover text-center",href:`/u/enter-email?state=${t.state}`,children:B.t("go_back")});var ii="_hp",R1={Change:"Input",DoubleClick:"DblClick"},L1={svg:"2000/svg",math:"1998/Math/MathML"},si=[],tl=new WeakMap,pr=void 0,U1=()=>pr,Ot=t=>"t"in t,ba={onClick:["click",!1]},Jp=t=>{if(!t.startsWith("on"))return;if(ba[t])return ba[t];const e=t.match(/^on([A-Z][a-zA-Z]+?(?:PointerCapture)?)(Capture)?$/);if(e){const[,n,r]=e;return ba[t]=[(R1[n]||n).toLowerCase(),!!r]}},Zp=(t,e)=>pr&&t instanceof SVGElement&&/[A-Z]/.test(e)&&(e in t.style||e.match(/^(?:o|pai|str|u|ve)/))?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,V1=(t,e,n)=>{var r;e||(e={});for(let i in e){const s=e[i];if(i!=="children"&&(!n||n[i]!==s)){i=Gs(i);const a=Jp(i);if(a){if((n==null?void 0:n[i])!==s&&(n&&t.removeEventListener(a[0],n[i],a[1]),s!=null)){if(typeof s!="function")throw new Error(`Event handler for "${i}" is not a function`);t.addEventListener(a[0],s,a[1])}}else if(i==="dangerouslySetInnerHTML"&&s)t.innerHTML=s.__html;else if(i==="ref"){let c;typeof s=="function"?c=s(t)||(()=>s(null)):s&&"current"in s&&(s.current=t,c=()=>s.current=null),tl.set(t,c)}else if(i==="style"){const c=t.style;typeof s=="string"?c.cssText=s:(c.cssText="",s!=null&&om(s,c.setProperty.bind(c)))}else{if(i==="value"){const l=t.nodeName;if(l==="INPUT"||l==="TEXTAREA"||l==="SELECT"){if(t.value=s==null||s===!1?null:s,l==="TEXTAREA"){t.textContent=s;continue}else if(l==="SELECT"){t.selectedIndex===-1&&(t.selectedIndex=0);continue}}}else(i==="checked"&&t.nodeName==="INPUT"||i==="selected"&&t.nodeName==="OPTION")&&(t[i]=s);const c=Zp(t,i);s==null||s===!1?t.removeAttribute(c):s===!0?t.setAttribute(c,""):typeof s=="string"||typeof s=="number"?t.setAttribute(c,s):t.setAttribute(c,s.toString())}}}if(n)for(let i in n){const s=n[i];if(i!=="children"&&!(i in e)){i=Gs(i);const a=Jp(i);a?t.removeEventListener(a[0],s,a[1]):i==="ref"?(r=tl.get(t))==null||r():t.removeAttribute(Zp(t,i))}}},q1=(t,e)=>{e[Ae][0]=0,si.push([t,e]);const n=e.tag[gd]||e.tag,r=n.defaultProps?{...n.defaultProps,...e.props}:e.props;try{return[n.call(null,r)]}finally{si.pop()}},gm=(t,e,n,r,i)=>{var s,a;(s=t.vR)!=null&&s.length&&(r.push(...t.vR),delete t.vR),typeof t.tag=="function"&&((a=t[Ae][1][wm])==null||a.forEach(c=>i.push(c))),t.vC.forEach(c=>{var l;if(Ot(c))n.push(c);else if(typeof c.tag=="function"||c.tag===""){c.c=e;const d=n.length;if(gm(c,e,n,r,i),c.s){for(let p=d;p<n.length;p++)n[p].s=!0;c.s=!1}}else n.push(c),(l=c.vR)!=null&&l.length&&(r.push(...c.vR),delete c.vR)})},M1=t=>{for(;;t=t.tag===ii||!t.vC||!t.pP?t.nN:t.vC[0]){if(!t)return null;if(t.tag!==ii&&t.e)return t.e}},mm=t=>{var e,n,r,i,s,a;Ot(t)||((n=(e=t[Ae])==null?void 0:e[1][wm])==null||n.forEach(c=>{var l;return(l=c[2])==null?void 0:l.call(c)}),(r=tl.get(t.e))==null||r(),t.p===2&&((i=t.vC)==null||i.forEach(c=>c.p=2)),(s=t.vC)==null||s.forEach(mm)),t.p||((a=t.e)==null||a.remove(),delete t.e),typeof t.tag=="function"&&(Or.delete(t),Ji.delete(t),delete t[Ae][3],t.a=!0)},_m=(t,e,n)=>{t.c=e,ym(t,e,n)},Yp=(t,e)=>{if(e){for(let n=0,r=t.length;n<r;n++)if(t[n]===e)return n}},Xp=Symbol(),ym=(t,e,n)=>{var d;const r=[],i=[],s=[];gm(t,e,r,i,s),i.forEach(mm);const a=n?void 0:e.childNodes;let c,l=null;if(n)c=-1;else if(!a.length)c=0;else{const p=Yp(a,M1(t.nN));p!==void 0?(l=a[p],c=p):c=Yp(a,(d=r.find(f=>f.tag!==ii&&f.e))==null?void 0:d.e)??-1,c===-1&&(n=!0)}for(let p=0,f=r.length;p<f;p++,c++){const m=r[p];let w;if(m.s&&m.e)w=m.e,m.s=!1;else{const h=n||!m.e;Ot(m)?(m.e&&m.d&&(m.e.textContent=m.t),m.d=!1,w=m.e||(m.e=document.createTextNode(m.t))):(w=m.e||(m.e=m.n?document.createElementNS(m.n,m.tag):document.createElement(m.tag)),V1(w,m.props,m.pP),ym(m,w,h))}m.tag===ii?c--:n?w.parentNode||e.appendChild(w):a[c]!==w&&a[c-1]!==w&&(a[c+1]===w?e.appendChild(a[c]):e.insertBefore(w,l||a[c]||null))}if(t.pP&&delete t.pP,s.length){const p=[],f=[];s.forEach(([,m,,w,h])=>{m&&p.push(m),w&&f.push(w),h==null||h()}),p.forEach(m=>m()),f.length&&requestAnimationFrame(()=>{f.forEach(m=>m())})}},Ji=new WeakMap,nl=(t,e,n)=>{var s,a,c,l,d,p;const r=!n&&e.pC;n&&(e.pC||(e.pC=e.vC));let i;try{n||(n=typeof e.tag=="function"?q1(t,e):zi(e.props.children)),((s=n[0])==null?void 0:s.tag)===""&&n[0][Xc]&&(i=n[0][Xc],t[5].push([t,i,e]));const f=r?[...e.pC]:e.vC?[...e.vC]:void 0,m=[];let w;for(let h=0;h<n.length;h++){Array.isArray(n[h])&&n.splice(h,1,...n[h].flat());let _=D1(n[h]);if(_){typeof _.tag=="function"&&!_.tag[tm]&&(ur.length>0&&(_[Ae][2]=ur.map(A=>[A,A.values.at(-1)])),(a=t[5])!=null&&a.length&&(_[Ae][3]=t[5].at(-1)));let v;if(f&&f.length){const A=f.findIndex(Ot(_)?C=>Ot(C):_.key!==void 0?C=>C.key===_.key&&C.tag===_.tag:C=>C.tag===_.tag);A!==-1&&(v=f[A],f.splice(A,1))}if(v)if(Ot(_))v.t!==_.t&&(v.t=_.t,v.d=!0),_=v;else{const A=v.pP=v.props;v.props=_.props,v.f||(v.f=_.f||e.f),typeof _.tag=="function"&&(v[Ae][2]=_[Ae][2]||[],v[Ae][3]=_[Ae][3],!v.f&&((v.o||v)===_.o||(l=(c=v.tag)[d1])!=null&&l.call(c,A,v.props))&&(v.s=!0)),_=v}else if(!Ot(_)&&pr){const A=Ar(pr);A&&(_.n=A)}if(!Ot(_)&&!_.s&&(nl(t,_),delete _.f),m.push(_),w&&!w.s&&!_.s)for(let A=w;A&&!Ot(A);A=(d=A.vC)==null?void 0:d.at(-1))A.nN=_;w=_}}e.vR=r?[...e.vC,...f||[]]:f||[],e.vC=m,r&&delete e.pC}catch(f){if(e.f=!0,f===Xp){if(i)return;throw f}const[m,w,h]=((p=e[Ae])==null?void 0:p[3])||[];if(w){const _=()=>Zi([0,!1,t[2]],h),v=Ji.get(h)||[];v.push(_),Ji.set(h,v);const A=w(f,()=>{const C=Ji.get(h);if(C){const O=C.indexOf(_);if(O!==-1)return C.splice(O,1),_()}});if(A){if(t[0]===1)t[1]=!0;else if(nl(t,h,[A]),(w.length===1||t!==m)&&h.c){_m(h,h.c,!1);return}throw Xp}}throw f}finally{i&&t[5].pop()}},D1=t=>{if(!(t==null||typeof t=="boolean")){if(typeof t=="string"||typeof t=="number")return{t:t.toString(),d:!0};if("vR"in t&&(t={tag:t.tag,props:t.props,key:t.key,f:t.f,type:t.tag,ref:t.props.ref,o:t.o||t}),typeof t.tag=="function")t[Ae]=[0,[]];else{const e=L1[t.tag];e&&(pr||(pr=rm("")),t.props.children=[{tag:pr,props:{value:t.n=`http://www.w3.org/${e}`,children:t.props.children}}])}return t}},Qp=(t,e)=>{var n,r;(n=e[Ae][2])==null||n.forEach(([i,s])=>{i.values.push(s)});try{nl(t,e,void 0)}catch{return}if(e.a){delete e.a;return}(r=e[Ae][2])==null||r.forEach(([i])=>{i.values.pop()}),(t[0]!==1||!t[1])&&_m(e,e.c,!1)},Or=new WeakMap,ef=[],Zi=async(t,e)=>{t[5]||(t[5]=[]);const n=Or.get(e);n&&n[0](void 0);let r;const i=new Promise(s=>r=s);if(Or.set(e,[r,()=>{t[2]?t[2](t,e,s=>{Qp(s,e)}).then(()=>r(e)):(Qp(t,e),r(e))}]),ef.length)ef.at(-1).add(e);else{await Promise.resolve();const s=Or.get(e);s&&(Or.delete(e),s[1]())}return i},H1=(t,e,n)=>({tag:ii,props:{children:t},key:n,e,p:1}),xa=0,wm=1,ka=2,Sa=3,Aa=new WeakMap,vm=(t,e)=>!t||!e||t.length!==e.length||e.some((n,r)=>n!==t[r]),F1=void 0,tf=[],K1=t=>{var a;const e=()=>typeof t=="function"?t():t,n=si.at(-1);if(!n)return[e(),()=>{}];const[,r]=n,i=(a=r[Ae][1])[xa]||(a[xa]=[]),s=r[Ae][0]++;return i[s]||(i[s]=[e(),c=>{const l=F1,d=i[s];if(typeof c=="function"&&(c=c(d[0])),!Object.is(c,d[0]))if(d[0]=c,tf.length){const[p,f]=tf.at(-1);Promise.all([p===3?r:Zi([p,!1,l],r),f]).then(([m])=>{if(!m||!(p===2||p===3))return;const w=m.vC;requestAnimationFrame(()=>{setTimeout(()=>{w===m.vC&&Zi([p===3?1:0,!1,l],m)})})})}else Zi([0,!1,l],r)}])},wd=(t,e)=>{var c;const n=si.at(-1);if(!n)return t;const[,r]=n,i=(c=r[Ae][1])[ka]||(c[ka]=[]),s=r[Ae][0]++,a=i[s];return vm(a==null?void 0:a[1],e)?i[s]=[t,e]:t=i[s][0],t},W1=t=>{const e=Aa.get(t);if(e){if(e.length===2)throw e[1];return e[0]}throw t.then(n=>Aa.set(t,[n]),n=>Aa.set(t,[void 0,n])),t},G1=(t,e)=>{var c;const n=si.at(-1);if(!n)return t();const[,r]=n,i=(c=r[Ae][1])[Sa]||(c[Sa]=[]),s=r[Ae][0]++,a=i[s];return vm(a==null?void 0:a[1],e)&&(i[s]=[t(),e]),i[s][0]},J1=rm({pending:!1,data:null,method:null,action:null}),nf=new Set,Z1=t=>{nf.add(t),t.finally(()=>nf.delete(t))},vd=(t,e)=>G1(()=>n=>{let r;t&&(typeof t=="function"?r=t(n)||(()=>{t(null)}):t&&"current"in t&&(t.current=n,r=()=>{t.current=null}));const i=e(n);return()=>{i==null||i(),r==null||r()}},[t]),Dn=Object.create(null),Ri=Object.create(null),Ci=(t,e,n,r,i)=>{if(e!=null&&e.itemProp)return{tag:t,props:e,type:t,ref:e.ref};const s=document.head;let{onLoad:a,onError:c,precedence:l,blocking:d,...p}=e,f=null,m=!1;const w=Ki[t];let h;if(w.length>0){const C=s.querySelectorAll(t);e:for(const O of C)for(const L of Ki[t])if(O.getAttribute(L)===e[L]){f=O;break e}if(!f){const O=w.reduce((L,Q)=>e[Q]===void 0?L:`${L}-${Q}-${e[Q]}`,t);m=!Ri[O],f=Ri[O]||(Ri[O]=(()=>{const L=document.createElement(t);for(const Q of w)e[Q]!==void 0&&L.setAttribute(Q,e[Q]),e.rel&&L.setAttribute("rel",e.rel);return L})())}}else h=s.querySelectorAll(t);l=r?l??"":void 0,r&&(p[Wi]=l);const _=wd(C=>{if(w.length>0){let O=!1;for(const L of s.querySelectorAll(t)){if(O&&L.getAttribute(Wi)!==l){s.insertBefore(C,L);return}L.getAttribute(Wi)===l&&(O=!0)}s.appendChild(C)}else if(h){let O=!1;for(const L of h)if(L===C){O=!0;break}O||s.insertBefore(C,s.contains(h[0])?h[0]:s.querySelector(t)),h=void 0}},[l]),v=vd(e.ref,C=>{var Q;const O=w[0];if(n===2&&(C.innerHTML=""),(m||h)&&_(C),!c&&!a)return;let L=Dn[Q=C.getAttribute(O)]||(Dn[Q]=new Promise((ce,le)=>{C.addEventListener("load",ce),C.addEventListener("error",le)}));a&&(L=L.then(a)),c&&(L=L.catch(c)),L.catch(()=>{})});if(i&&d==="render"){const C=Ki[t][0];if(e[C]){const O=e[C],L=Dn[O]||(Dn[O]=new Promise((Q,ce)=>{_(f),f.addEventListener("load",Q),f.addEventListener("error",ce)}));W1(L)}}const A={tag:t,type:t,props:{...p,ref:v},ref:v};return A.p=n,f&&(A.e=f),H1(A,s)},Y1=t=>{const e=U1(),n=e&&Ar(e);return n!=null&&n.endsWith("svg")?{tag:"title",props:t,type:"title",ref:t.ref}:Ci("title",t,void 0,!1,!1)},X1=t=>!t||["src","async"].some(e=>!t[e])?{tag:"script",props:t,type:"script",ref:t.ref}:Ci("script",t,1,!1,!0),Q1=t=>!t||!["href","precedence"].every(e=>e in t)?{tag:"style",props:t,type:"style",ref:t.ref}:(t["data-href"]=t.href,delete t.href,Ci("style",t,2,!0,!0)),ex=t=>!t||["onLoad","onError"].some(e=>e in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?{tag:"link",props:t,type:"link",ref:t.ref}:Ci("link",t,1,"precedence"in t,!0),tx=t=>Ci("meta",t,void 0,!1,!1),bm=Symbol(),nx=t=>{const{action:e,...n}=t;typeof e!="function"&&(n.action=e);const[r,i]=K1([null,!1]),s=wd(async d=>{const p=d.isTrusted?e:d.detail[bm];if(typeof p!="function")return;d.preventDefault();const f=new FormData(d.target);i([f,!0]);const m=p(f);m instanceof Promise&&(Z1(m),await m),i([null,!0])},[]),a=vd(t.ref,d=>(d.addEventListener("submit",s),()=>{d.removeEventListener("submit",s)})),[c,l]=r;return r[1]=!1,{tag:J1,props:{value:{pending:c!==null,data:c,method:c?"post":null,action:c?e:null},children:{tag:"form",props:{...n,ref:a},type:"form",ref:a}},f:l}},xm=(t,{formAction:e,...n})=>{if(typeof e=="function"){const r=wd(i=>{i.preventDefault(),i.currentTarget.form.dispatchEvent(new CustomEvent("submit",{detail:{[bm]:e}}))},[]);n.ref=vd(n.ref,i=>(i.addEventListener("click",r),()=>{i.removeEventListener("click",r)}))}return{tag:t,props:n,type:t,ref:n.ref}},rx=t=>xm("input",t),ix=t=>xm("button",t);Object.assign(Qc,{title:Y1,script:X1,style:Q1,link:ex,meta:tx,form:nx,input:rx,button:ix});new TextEncoder;const Qo=t=>{const{i18nKey:e,values:n,components:r}=t,i=B.t(e,n),s=/<(\d+)>(.*?)<\/\d+>/g,a=[];let c=0,l;for(;(l=s.exec(i))!==null;){const[,d,p]=l,f=i.substring(c,l.index);f&&a.push(f);const m=parseInt(d,10);a.push(A1(r[m],{},p)),c=s.lastIndex}return c<i.length&&a.push(i.substring(c)),y(cm,{children:a})},rf=6,rl=({error:t,vendorSettings:e,email:n,state:r,client:i,hasPasswordLogin:s})=>{const a=new URLSearchParams({state:r}),l=i.connections.map(({name:d})=>d).includes("auth2");return y(Ue,{title:B.t("verify_your_email"),vendorSettings:e,children:[y("div",{className:"mb-4 text-2xl font-medium",children:B.t("verify_your_email")}),y("div",{className:"mb-8 text-gray-300",children:y(Qo,{i18nKey:"we_sent_a_code_to",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"pt-2",children:[y("input",{autoFocus:!0,type:"text",pattern:"[0-9]*",maxLength:rf,inputMode:"numeric",name:"code",placeholder:"******",className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 pb-2 pt-2.5 text-center indent-[5px] font-mono text-3xl placeholder:text-gray-300 dark:bg-gray-600 md:text-3xl",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),minLength:rf,required:!0,id:"code-input"}),t&&y(Un,{children:t}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("login")}),y(Ge,{className:"text-xs",name:"arrow-right"})]}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]}),l&&y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("or")})]}),y(Ze,{Component:"a",href:`/u/${s?"enter-password":"pre-signup"}?${a.toString()}`,variant:"secondary",className:"block",children:B.t("enter_your_password_btn")})]})]}),y(yt,{state:r})]})]})},sx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r,client:i}=await Ee(t,e);if(!r.authParams.username)throw new I(400,{message:"Username not found in state"});const s=await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:r.authParams.username,provider:"auth2"});return t.html(y(rl,{vendorSettings:n,email:r.authParams.username,state:e,client:i,hasPasswordLogin:!!s}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({code:o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{code:n}=t.req.valid("form"),{loginSession:r,client:i,vendorSettings:s}=await Ee(t,e);if(t.set("client_id",i.id),!r.authParams.username)throw new I(400,{message:"Username not found in state"});try{return await Jg(t,{client_id:i.id,authParams:r.authParams,username:r.authParams.username,otp:n})}catch(a){const c=a,l=await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:r.authParams.username,provider:"auth2"});return t.html(y(rl,{vendorSettings:s,email:r.authParams.username,state:e,client:i,error:c.message,hasPasswordLogin:!!l}),400)}}),km=t=>{const{vendorSettings:e,state:n}=t;return y(Ue,{title:B.t("unverified_email"),vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:B.t("unverified_email")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]}),y(yt,{state:n})]}),y(yt,{state:n})]})},Yi=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t,s=new URLSearchParams({state:i});return y(Ue,{title:B.t("enter_password"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("enter_password")}),y("div",{className:"mb-6 text-gray-300",children:B.t("enter_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"mb-7",children:[y("input",{type:"text",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r}),y("input",{type:"password",name:"password",placeholder:B.t("password")||"",className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("login")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})]}),y("a",{href:`/u/forgot-password?${s.toString()}`,className:"text-primary hover:underline mb-4",children:B.t("forgot_password_link")}),y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("or")})]}),y("form",{method:"post",action:`/u/enter-email?${s.toString()}`,children:[y("input",{type:"hidden",name:"login_selection",value:"code"}),y("input",{type:"hidden",name:"username",value:r}),y(Ze,{variant:"secondary",className:"block",children:B.t("enter_a_code_btn")})]})]}),y(yt,{state:i})]})]})},ox=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,loginSession:i}=await Ee(t,e);if(!i.authParams.username)throw new I(400,{message:"Username required"});return t.html(y(Yi,{vendorSettings:n,email:i.authParams.username,state:e,client:r}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{password:r}=n,{vendorSettings:i,client:s,loginSession:a}=await Ee(t,e),{username:c}=a.authParams;if(!c)throw new I(400,{message:"Username required"});try{return await hd(t,s,{...a.authParams,password:r},a)}catch(l){const d=l;return d.code==="INVALID_PASSWORD"||d.code==="USER_NOT_FOUND"?t.html(y(Yi,{vendorSettings:i,email:c,error:B.t("invalid_password"),state:e,client:s}),400):d.code==="EMAIL_NOT_VERIFIED"?t.html(y(km,{vendorSettings:i,state:e}),400):t.html(y(Yi,{vendorSettings:i,email:c,error:d.message,state:e,client:s}),400)}}),Hn=t=>{const{state:e,error:n,vendorSettings:r,email:i,code:s}=t;return y(Ue,{title:B.t("create_account_title"),vendorSettings:r,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("create_account_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("create_account_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{children:[y("input",{type:"hidden",name:"code",value:s}),y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:i,disabled:!!i}),y("input",{type:"password",name:"password",placeholder:B.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:B.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),n&&y(Un,{children:n}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("continue")})]}),y(yt,{state:e})]})]})},ea=t=>{const{message:e,vendorSettings:n,pageTitle:r,state:i}=t;return y(Ue,{title:"Login",vendorSettings:n,children:[r?y("div",{className:"mb-6 text-gray-300",children:r}):"",y("div",{className:"flex flex-1 flex-col justify-center",children:e}),i?y(yt,{state:i}):""]})},ax=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().optional().openapi({description:"The code parameter from an email verification link"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{vendorSettings:r,loginSession:i}=await Ee(t,e),{username:s}=i.authParams;if(!s)throw new I(400,{message:"Username required"});return n?t.html(y(Hn,{state:e,vendorSettings:r,email:s,code:n})):t.html(y(Hn,{state:e,vendorSettings:r,email:s}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string(),"re-enter-password":o.z.string(),code:o.z.string().optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{env:r}=t,{vendorSettings:i,client:s,loginSession:a}=await Ee(t,e),c="Username-Password-Authentication";t.set("client_id",s.id),t.set("connection",c);const{username:l}=a.authParams;if(!l)throw new I(400,{message:"Username required"});if(n.password!==n["re-enter-password"])return t.html(y(Hn,{state:e,code:n.code,vendorSettings:i,error:B.t("create_account_passwords_didnt_match"),email:a.authParams.username}),400);if(!ud(n.password))return t.html(y(Hn,{state:e,code:n.code,vendorSettings:i,error:B.t("create_account_weak_password"),email:a.authParams.username}),400);const d=n.code?await r.data.codes.get(s.tenant.id,n.code,"email_verification"):void 0,p=d?await r.data.loginSessions.get(s.tenant.id,d.login_id):void 0;try{if(await fr({userAdapter:t.env.data.users,tenant_id:s.tenant.id,username:l,provider:"auth2"}))throw new I(400,{message:"Invalid sign up"});const m=(p==null?void 0:p.authParams.username)===l,w=await Kf(t).users.create(s.tenant.id,{user_id:`auth2|${Qs()}`,email:l,email_verified:m,provider:"auth2",connection:c,is_social:!1});return await r.data.passwords.create(s.tenant.id,{user_id:w.user_id,password:await oi.hash(n.password,10),algorithm:"bcrypt"}),m?await hd(t,s,{...a.authParams,password:n.password},a):(await fd(t,w),t.html(y(ea,{message:B.t("validate_email_body"),pageTitle:B.t("validate_email_title"),vendorSettings:i,state:e})))}catch(f){const m=await yd(r,s.id,a.authParams.vendor_id),w=f;return t.html(y(Hn,{state:e,vendorSettings:m,error:w.message,email:l}),400)}}),Fn=t=>{const{error:e,vendorSettings:n,email:r}=t;return y(Ue,{title:B.t("reset_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("reset_password_title")}),y("div",{className:"mb-6 text-gray-300",children:`${B.t("reset_password_description")} ${r}`}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Wt,{children:[y("input",{type:"password",name:"password",placeholder:B.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:B.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("reset_password_cta")})]})})]})},cx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);if(!r.authParams.username)throw new I(400,{message:"Username required"});return t.html(y(Fn,{vendorSettings:n,email:r.authParams.username}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string(),"re-enter-password":o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{password:r,"re-enter-password":i}=t.req.valid("form"),{env:s}=t,{vendorSettings:a,client:c,loginSession:l}=await Ee(t,e);if(!l.authParams.username)throw new I(400,{message:"Username required"});if(r!==i)return t.html(y(Fn,{error:B.t("create_account_passwords_didnt_match"),vendorSettings:a,email:l.authParams.username}),400);if(!ud(r))return t.html(y(Fn,{error:B.t("create_account_weak_password"),vendorSettings:a,email:l.authParams.username}),400);const d=await fr({userAdapter:s.data.users,tenant_id:c.tenant.id,username:l.authParams.username,provider:"auth2"});if(!d)throw new I(400,{message:"User not found"});try{if(!await s.data.codes.get(c.tenant.id,n,"password_reset"))return t.html(y(Fn,{error:"Code not found or expired",vendorSettings:a,email:l.authParams.username}),400);const f={user_id:d.user_id,password:await oi.hash(r,10),algorithm:"bcrypt"};await s.data.passwords.get(c.tenant.id,d.user_id)?await s.data.passwords.update(c.tenant.id,f):await s.data.passwords.create(c.tenant.id,f),d.email_verified||await s.data.users.update(c.tenant.id,d.user_id,{email_verified:!0})}catch{return t.html(y(Fn,{error:"The password could not be reset",vendorSettings:a,email:l.authParams.username}),400)}return t.html(y(ea,{message:B.t("password_has_been_reset"),vendorSettings:a,state:e}))}),Sm=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t;return y(Ue,{title:B.t("forgot_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("forgot_password_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("forgot_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r,disabled:!!r}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("forgot_password_cta")})]}),y(yt,{state:i})]})]})},Am=t=>{const{vendorSettings:e,state:n}=t;return y(Ue,{title:"Login",vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{children:B.t("forgot_password_email_sent")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]})]}),y(yt,{state:n})]})},lx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);return t.html(y(Sm,{vendorSettings:n,state:e,email:r.authParams.username}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,loginSession:i}=await Ee(t,e);return await Xb(t,r,i.authParams.username,i.id),t.html(y(Am,{vendorSettings:n,state:e}))}),zm=({vendorSettings:t,state:e,user:n})=>y(Ue,{title:re("check_email_title"),vendorSettings:t,children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-8 text-gray-700 dark:text-gray-300",children:[y(Qo,{i18nKey:"currently_logged_in_as",components:[y("span",{className:"font-semibold text-gray-900 dark:text-white"},"span")],values:{email:n.email||""}}),y("br",{}),re("continue_with_sso_provider_headline")]}),y("div",{className:"space-y-6",children:[y(Wt,{children:y(Ze,{className:"!text-base",children:y("span",{children:B.t("yes_continue_with_existing_account")})})}),y("a",{className:"block text-center text-primary hover:text-primaryHover focus:outline-none focus:ring-2 focus:ring-primary focus:ring-offset-2 dark:focus:ring-offset-gray-900",href:`/u/enter-email?state=${encodeURIComponent(e)}`,children:B.t("no_use_another")})]})]})}),dx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{vendorSettings:r,client:i}=await Ee(t,n),s=ls(i.tenant.id,t.req.header("cookie")),a=s?await e.data.sessions.get(i.tenant.id,s):null;if(!a)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,a.user_id);return c?t.html(y(zm,{vendorSettings:r,state:n,user:c})):t.redirect(`/u/enter-email?state=${n}`)}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{302:{description:"Redirect"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{loginSession:r,client:i}=await Ee(t,n),s=ls(i.tenant.id,t.req.header("cookie")),a=s?await e.data.sessions.get(i.tenant.id,s):null;if(!a)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,a.user_id);return c?ln(t,{user:c,authParams:r.authParams,client:i,loginSession:r}):t.redirect(`/u/enter-email?state=${n}`)}),Em=t=>{const{vendorSettings:e,email:n,state:r}=t;return y(Ue,{title:B.t("create_password_account_title"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("create_password_account_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("enter_email_for_verification_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Wt,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:n,disabled:!0}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("send")})]})}),y(yt,{state:r})]})},ux=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e),{username:i}=r.authParams;if(!i)throw new I(400,{message:"Username required"});return t.html(y(Em,{state:e,vendorSettings:n,email:i}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{loginSession:n,client:r}=await Ee(t,e),{username:i}=n.authParams;if(!i)throw new I(400,{message:"Username required"});const s=await t.env.data.codes.create(r.tenant.id,{code_id:Pn(),code_type:"email_verification",login_id:n.id,expires_at:new Date(Date.now()+F0).toISOString()});return await Jb(t,i,s.code_id,n.id),t.redirect(`/u/pre-signup-sent?state=${e}`)}),Im=t=>{const{redirectUrl:e,vendorSettings:n}=t;return y(Ue,{title:B.t("invalid_session_title"),vendorSettings:n,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:B.t("invalid_session_body")}),y("div",{className:"flex flex-1 flex-col justify-center",children:e&&y("a",{className:"block text-primary hover:text-primaryHover text-center",href:e,children:B.t("go_back")})})]})},px=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);let i;return r.authParams.redirect_uri&&r.authParams.state&&(i=new URL(r.authParams.redirect_uri),i.searchParams.set("state",r.authParams.state),i.searchParams.set("error","invalid_session"),i.searchParams.set("error_description",r.authParams.username||"")),t.html(y(Im,{redirectUrl:i==null?void 0:i.href,vendorSettings:n}))}),fx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const e=await yd(t.env),{state:n}=t.req.valid("query");return t.html(y(ea,{message:"Not implemented",pageTitle:"User info",vendorSettings:e,state:n}))}),Cm=({vendorSettings:t,state:e})=>{const n=new URLSearchParams({state:e});return y(Ue,{title:B.t("email_validated"),vendorSettings:t,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("email_validated")}),y("div",{className:"flex flex-1 flex-col justify-center mb-7",children:y(Ze,{Component:"a",href:`/u/enter-password?${n}`,className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:B.t("email_validated_cta")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})})})]})},hx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{var m;const{state:e,code:n}=t.req.valid("query"),{env:r}=t,{client:i,loginSession:s,vendorSettings:a}=await Ee(t,e),{username:c}=s.authParams;if(!c)throw new I(400,{message:"Username not found in state"});const l=await fr({userAdapter:r.data.users,tenant_id:i.tenant.id,username:c,provider:"auth2"});if(!l)throw new I(500,{message:"No user found"});if(!await r.data.codes.get(i.tenant.id,n,"email_verification"))throw new I(400,{message:"Code not found or expired"});await r.data.users.update(i.tenant.id,l.user_id,{email_verified:!0});const f=(await gl(r.data.users,i.tenant.id,c)).filter(w=>w.provider!=="auth2");if(f.length>0){const w=f.filter(h=>!h.linked_to);w.length>1&&console.error("More than one primary user found for email",c),w.length===0&&console.error("No primary user found for email",c),w.length===1&&await r.data.users.update(i.tenant.id,l.user_id,{linked_to:(m=w[0])==null?void 0:m.user_id})}return t.html(y(Cm,{vendorSettings:a,state:e}))}),Nm=t=>{const{vendorSettings:e,email:n,state:r}=t;return y(Ue,{title:B.t("email_verification_for_signup_sent_title"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("email_verification_for_signup_sent_title")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-6 text-gray-300",children:y(Qo,{i18nKey:"email_verification_for_signup_sent_description",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]})]}),y(yt,{state:r})]})},gx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e),{username:i}=r.authParams;if(!i)throw new I(400,{message:"Username required"});return t.html(y(Nm,{vendorSettings:n,state:e,email:i}))}),bd=`
+   c2.7,4.1,6.5,6.6,10.9,6.6c4,0,7.2-2,9.6-5.2c0.9-1.2,0.9-2.5,0-3.1C33.3,22.9,32.1,23.2,31.2,24.4z`})]}),el=({error:t,vendorSettings:e,loginSession:n,email:r,client:i,impersonation:s})=>{const a=i.connections.map(({name:m})=>m),c=a.includes("facebook"),l=a.includes("google-oauth2"),d=a.includes("apple"),p=a.includes("vipps"),f=c||l||d||p;return y(Ue,{title:B.t("welcome"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("welcome")}),y("div",{className:"mb-8 text-gray-300",children:B.t("login_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"mb-7",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:r||""}),s&&y("input",{type:"email",name:"act_as",placeholder:"Impersonate as",className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:""}),t&&y(Un,{children:t}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("continue")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})]}),f&&y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("continue_social_login")})]}),y("div",{className:"flex space-x-4 sm:flex-col sm:space-x-0 sm:space-y-4 short:flex-row short:space-x-4 short:space-y-0",children:[c&&y($r,{connection:"facebook",text:B.t("continue_with",{provider:"Facebook"}),canResize:!0,icon:y(Ge,{className:"text-xl text-[#1196F5] sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"facebook"}),loginSession:n}),l&&y($r,{connection:"google-oauth2",text:B.t("continue_with",{provider:"Google"}),canResize:!0,icon:y(fm,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),loginSession:n}),d&&y($r,{connection:"apple",text:B.t("continue_with",{provider:"Apple"}),canResize:!0,icon:y(Ge,{className:"text-xl text-black dark:text-white sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"apple"}),loginSession:n}),p&&y($r,{connection:"vipps",text:B.t("continue_with",{provider:"Vipps"}),canResize:!0,icon:y(hm,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),loginSession:n})]})]})]})},T1=["Auth0.swift"];function P1(t){if(!t)return"code";const e=atob(t),n=JSON.parse(e);return T1.includes(n.name)?"code":"link"}const B1=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),impersonation:o.z.string().optional()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,impersonation:n}=t.req.valid("query"),{vendorSettings:r,loginSession:i,client:s}=await Ee(t,e);return t.html(y(el,{vendorSettings:r,loginSession:i,client:s,email:i.authParams.username,impersonation:n==="true"}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({username:o.z.string().transform(t=>t.toLowerCase()),act_as:o.z.string().transform(t=>t.toLowerCase()).optional(),login_selection:o.z.enum(["code","password"]).optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),r=t.req.valid("form");t.set("body",r),t.set("username",r.username);const{client:i,loginSession:s,vendorSettings:a}=await Ee(t,n);t.set("client_id",i.id);const c=r.username,l=await io({userAdapter:e.data.users,tenant_id:i.tenant.id,email:c});if(l&&t.set("user_id",l.user_id),!l)try{await Cy(t,i,t.env.data,r.username)}catch{const w=we(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});return await t.env.data.logs.create(i.tenant.id,w),t.html(y(el,{vendorSettings:a,loginSession:s,error:B.t("user_account_does_not_exist"),email:r.username,client:i}),400)}if(s.authParams.username=r.username,s.authParams.act_as=r.act_as,await e.data.loginSessions.update(i.tenant.id,s.id,s),await z1(t,i,r.username,r.login_selection))return t.redirect(`/u/enter-password?state=${n}`);let d=Pn(),p=await e.data.codes.get(i.tenant.id,d,"otp");for(;p;)d=Pn(),p=await e.data.codes.get(i.tenant.id,d,"otp");const f=await t.env.data.codes.create(i.tenant.id,{code_id:d,code_type:"otp",login_id:s.id,expires_at:new Date(Date.now()+ja).toISOString()});return P1(s.auth0Client)==="link"&&!r.username.includes("online.no")?await pd(t,{to:r.username,code:f.code_id,authParams:s.authParams}):await Xg(t,{to:r.username,code:f.code_id}),t.redirect(`/u/enter-code?state=${n}`)}),yt=t=>y("a",{className:"block text-primary hover:text-primaryHover text-center",href:`/u/login/identifier?state=${t.state}`,children:B.t("go_back")});var ii="_hp",R1={Change:"Input",DoubleClick:"DblClick"},L1={svg:"2000/svg",math:"1998/Math/MathML"},si=[],tl=new WeakMap,pr=void 0,U1=()=>pr,Ot=t=>"t"in t,ba={onClick:["click",!1]},Jp=t=>{if(!t.startsWith("on"))return;if(ba[t])return ba[t];const e=t.match(/^on([A-Z][a-zA-Z]+?(?:PointerCapture)?)(Capture)?$/);if(e){const[,n,r]=e;return ba[t]=[(R1[n]||n).toLowerCase(),!!r]}},Zp=(t,e)=>pr&&t instanceof SVGElement&&/[A-Z]/.test(e)&&(e in t.style||e.match(/^(?:o|pai|str|u|ve)/))?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,V1=(t,e,n)=>{var r;e||(e={});for(let i in e){const s=e[i];if(i!=="children"&&(!n||n[i]!==s)){i=Gs(i);const a=Jp(i);if(a){if((n==null?void 0:n[i])!==s&&(n&&t.removeEventListener(a[0],n[i],a[1]),s!=null)){if(typeof s!="function")throw new Error(`Event handler for "${i}" is not a function`);t.addEventListener(a[0],s,a[1])}}else if(i==="dangerouslySetInnerHTML"&&s)t.innerHTML=s.__html;else if(i==="ref"){let c;typeof s=="function"?c=s(t)||(()=>s(null)):s&&"current"in s&&(s.current=t,c=()=>s.current=null),tl.set(t,c)}else if(i==="style"){const c=t.style;typeof s=="string"?c.cssText=s:(c.cssText="",s!=null&&om(s,c.setProperty.bind(c)))}else{if(i==="value"){const l=t.nodeName;if(l==="INPUT"||l==="TEXTAREA"||l==="SELECT"){if(t.value=s==null||s===!1?null:s,l==="TEXTAREA"){t.textContent=s;continue}else if(l==="SELECT"){t.selectedIndex===-1&&(t.selectedIndex=0);continue}}}else(i==="checked"&&t.nodeName==="INPUT"||i==="selected"&&t.nodeName==="OPTION")&&(t[i]=s);const c=Zp(t,i);s==null||s===!1?t.removeAttribute(c):s===!0?t.setAttribute(c,""):typeof s=="string"||typeof s=="number"?t.setAttribute(c,s):t.setAttribute(c,s.toString())}}}if(n)for(let i in n){const s=n[i];if(i!=="children"&&!(i in e)){i=Gs(i);const a=Jp(i);a?t.removeEventListener(a[0],s,a[1]):i==="ref"?(r=tl.get(t))==null||r():t.removeAttribute(Zp(t,i))}}},q1=(t,e)=>{e[Ae][0]=0,si.push([t,e]);const n=e.tag[gd]||e.tag,r=n.defaultProps?{...n.defaultProps,...e.props}:e.props;try{return[n.call(null,r)]}finally{si.pop()}},gm=(t,e,n,r,i)=>{var s,a;(s=t.vR)!=null&&s.length&&(r.push(...t.vR),delete t.vR),typeof t.tag=="function"&&((a=t[Ae][1][wm])==null||a.forEach(c=>i.push(c))),t.vC.forEach(c=>{var l;if(Ot(c))n.push(c);else if(typeof c.tag=="function"||c.tag===""){c.c=e;const d=n.length;if(gm(c,e,n,r,i),c.s){for(let p=d;p<n.length;p++)n[p].s=!0;c.s=!1}}else n.push(c),(l=c.vR)!=null&&l.length&&(r.push(...c.vR),delete c.vR)})},M1=t=>{for(;;t=t.tag===ii||!t.vC||!t.pP?t.nN:t.vC[0]){if(!t)return null;if(t.tag!==ii&&t.e)return t.e}},mm=t=>{var e,n,r,i,s,a;Ot(t)||((n=(e=t[Ae])==null?void 0:e[1][wm])==null||n.forEach(c=>{var l;return(l=c[2])==null?void 0:l.call(c)}),(r=tl.get(t.e))==null||r(),t.p===2&&((i=t.vC)==null||i.forEach(c=>c.p=2)),(s=t.vC)==null||s.forEach(mm)),t.p||((a=t.e)==null||a.remove(),delete t.e),typeof t.tag=="function"&&(Or.delete(t),Ji.delete(t),delete t[Ae][3],t.a=!0)},_m=(t,e,n)=>{t.c=e,ym(t,e,n)},Yp=(t,e)=>{if(e){for(let n=0,r=t.length;n<r;n++)if(t[n]===e)return n}},Xp=Symbol(),ym=(t,e,n)=>{var d;const r=[],i=[],s=[];gm(t,e,r,i,s),i.forEach(mm);const a=n?void 0:e.childNodes;let c,l=null;if(n)c=-1;else if(!a.length)c=0;else{const p=Yp(a,M1(t.nN));p!==void 0?(l=a[p],c=p):c=Yp(a,(d=r.find(f=>f.tag!==ii&&f.e))==null?void 0:d.e)??-1,c===-1&&(n=!0)}for(let p=0,f=r.length;p<f;p++,c++){const m=r[p];let w;if(m.s&&m.e)w=m.e,m.s=!1;else{const h=n||!m.e;Ot(m)?(m.e&&m.d&&(m.e.textContent=m.t),m.d=!1,w=m.e||(m.e=document.createTextNode(m.t))):(w=m.e||(m.e=m.n?document.createElementNS(m.n,m.tag):document.createElement(m.tag)),V1(w,m.props,m.pP),ym(m,w,h))}m.tag===ii?c--:n?w.parentNode||e.appendChild(w):a[c]!==w&&a[c-1]!==w&&(a[c+1]===w?e.appendChild(a[c]):e.insertBefore(w,l||a[c]||null))}if(t.pP&&delete t.pP,s.length){const p=[],f=[];s.forEach(([,m,,w,h])=>{m&&p.push(m),w&&f.push(w),h==null||h()}),p.forEach(m=>m()),f.length&&requestAnimationFrame(()=>{f.forEach(m=>m())})}},Ji=new WeakMap,nl=(t,e,n)=>{var s,a,c,l,d,p;const r=!n&&e.pC;n&&(e.pC||(e.pC=e.vC));let i;try{n||(n=typeof e.tag=="function"?q1(t,e):zi(e.props.children)),((s=n[0])==null?void 0:s.tag)===""&&n[0][Xc]&&(i=n[0][Xc],t[5].push([t,i,e]));const f=r?[...e.pC]:e.vC?[...e.vC]:void 0,m=[];let w;for(let h=0;h<n.length;h++){Array.isArray(n[h])&&n.splice(h,1,...n[h].flat());let _=D1(n[h]);if(_){typeof _.tag=="function"&&!_.tag[tm]&&(ur.length>0&&(_[Ae][2]=ur.map(A=>[A,A.values.at(-1)])),(a=t[5])!=null&&a.length&&(_[Ae][3]=t[5].at(-1)));let v;if(f&&f.length){const A=f.findIndex(Ot(_)?C=>Ot(C):_.key!==void 0?C=>C.key===_.key&&C.tag===_.tag:C=>C.tag===_.tag);A!==-1&&(v=f[A],f.splice(A,1))}if(v)if(Ot(_))v.t!==_.t&&(v.t=_.t,v.d=!0),_=v;else{const A=v.pP=v.props;v.props=_.props,v.f||(v.f=_.f||e.f),typeof _.tag=="function"&&(v[Ae][2]=_[Ae][2]||[],v[Ae][3]=_[Ae][3],!v.f&&((v.o||v)===_.o||(l=(c=v.tag)[d1])!=null&&l.call(c,A,v.props))&&(v.s=!0)),_=v}else if(!Ot(_)&&pr){const A=Ar(pr);A&&(_.n=A)}if(!Ot(_)&&!_.s&&(nl(t,_),delete _.f),m.push(_),w&&!w.s&&!_.s)for(let A=w;A&&!Ot(A);A=(d=A.vC)==null?void 0:d.at(-1))A.nN=_;w=_}}e.vR=r?[...e.vC,...f||[]]:f||[],e.vC=m,r&&delete e.pC}catch(f){if(e.f=!0,f===Xp){if(i)return;throw f}const[m,w,h]=((p=e[Ae])==null?void 0:p[3])||[];if(w){const _=()=>Zi([0,!1,t[2]],h),v=Ji.get(h)||[];v.push(_),Ji.set(h,v);const A=w(f,()=>{const C=Ji.get(h);if(C){const O=C.indexOf(_);if(O!==-1)return C.splice(O,1),_()}});if(A){if(t[0]===1)t[1]=!0;else if(nl(t,h,[A]),(w.length===1||t!==m)&&h.c){_m(h,h.c,!1);return}throw Xp}}throw f}finally{i&&t[5].pop()}},D1=t=>{if(!(t==null||typeof t=="boolean")){if(typeof t=="string"||typeof t=="number")return{t:t.toString(),d:!0};if("vR"in t&&(t={tag:t.tag,props:t.props,key:t.key,f:t.f,type:t.tag,ref:t.props.ref,o:t.o||t}),typeof t.tag=="function")t[Ae]=[0,[]];else{const e=L1[t.tag];e&&(pr||(pr=rm("")),t.props.children=[{tag:pr,props:{value:t.n=`http://www.w3.org/${e}`,children:t.props.children}}])}return t}},Qp=(t,e)=>{var n,r;(n=e[Ae][2])==null||n.forEach(([i,s])=>{i.values.push(s)});try{nl(t,e,void 0)}catch{return}if(e.a){delete e.a;return}(r=e[Ae][2])==null||r.forEach(([i])=>{i.values.pop()}),(t[0]!==1||!t[1])&&_m(e,e.c,!1)},Or=new WeakMap,ef=[],Zi=async(t,e)=>{t[5]||(t[5]=[]);const n=Or.get(e);n&&n[0](void 0);let r;const i=new Promise(s=>r=s);if(Or.set(e,[r,()=>{t[2]?t[2](t,e,s=>{Qp(s,e)}).then(()=>r(e)):(Qp(t,e),r(e))}]),ef.length)ef.at(-1).add(e);else{await Promise.resolve();const s=Or.get(e);s&&(Or.delete(e),s[1]())}return i},H1=(t,e,n)=>({tag:ii,props:{children:t},key:n,e,p:1}),xa=0,wm=1,ka=2,Sa=3,Aa=new WeakMap,vm=(t,e)=>!t||!e||t.length!==e.length||e.some((n,r)=>n!==t[r]),F1=void 0,tf=[],K1=t=>{var a;const e=()=>typeof t=="function"?t():t,n=si.at(-1);if(!n)return[e(),()=>{}];const[,r]=n,i=(a=r[Ae][1])[xa]||(a[xa]=[]),s=r[Ae][0]++;return i[s]||(i[s]=[e(),c=>{const l=F1,d=i[s];if(typeof c=="function"&&(c=c(d[0])),!Object.is(c,d[0]))if(d[0]=c,tf.length){const[p,f]=tf.at(-1);Promise.all([p===3?r:Zi([p,!1,l],r),f]).then(([m])=>{if(!m||!(p===2||p===3))return;const w=m.vC;requestAnimationFrame(()=>{setTimeout(()=>{w===m.vC&&Zi([p===3?1:0,!1,l],m)})})})}else Zi([0,!1,l],r)}])},wd=(t,e)=>{var c;const n=si.at(-1);if(!n)return t;const[,r]=n,i=(c=r[Ae][1])[ka]||(c[ka]=[]),s=r[Ae][0]++,a=i[s];return vm(a==null?void 0:a[1],e)?i[s]=[t,e]:t=i[s][0],t},W1=t=>{const e=Aa.get(t);if(e){if(e.length===2)throw e[1];return e[0]}throw t.then(n=>Aa.set(t,[n]),n=>Aa.set(t,[void 0,n])),t},G1=(t,e)=>{var c;const n=si.at(-1);if(!n)return t();const[,r]=n,i=(c=r[Ae][1])[Sa]||(c[Sa]=[]),s=r[Ae][0]++,a=i[s];return vm(a==null?void 0:a[1],e)&&(i[s]=[t(),e]),i[s][0]},J1=rm({pending:!1,data:null,method:null,action:null}),nf=new Set,Z1=t=>{nf.add(t),t.finally(()=>nf.delete(t))},vd=(t,e)=>G1(()=>n=>{let r;t&&(typeof t=="function"?r=t(n)||(()=>{t(null)}):t&&"current"in t&&(t.current=n,r=()=>{t.current=null}));const i=e(n);return()=>{i==null||i(),r==null||r()}},[t]),Dn=Object.create(null),Ri=Object.create(null),Ci=(t,e,n,r,i)=>{if(e!=null&&e.itemProp)return{tag:t,props:e,type:t,ref:e.ref};const s=document.head;let{onLoad:a,onError:c,precedence:l,blocking:d,...p}=e,f=null,m=!1;const w=Ki[t];let h;if(w.length>0){const C=s.querySelectorAll(t);e:for(const O of C)for(const L of Ki[t])if(O.getAttribute(L)===e[L]){f=O;break e}if(!f){const O=w.reduce((L,Q)=>e[Q]===void 0?L:`${L}-${Q}-${e[Q]}`,t);m=!Ri[O],f=Ri[O]||(Ri[O]=(()=>{const L=document.createElement(t);for(const Q of w)e[Q]!==void 0&&L.setAttribute(Q,e[Q]),e.rel&&L.setAttribute("rel",e.rel);return L})())}}else h=s.querySelectorAll(t);l=r?l??"":void 0,r&&(p[Wi]=l);const _=wd(C=>{if(w.length>0){let O=!1;for(const L of s.querySelectorAll(t)){if(O&&L.getAttribute(Wi)!==l){s.insertBefore(C,L);return}L.getAttribute(Wi)===l&&(O=!0)}s.appendChild(C)}else if(h){let O=!1;for(const L of h)if(L===C){O=!0;break}O||s.insertBefore(C,s.contains(h[0])?h[0]:s.querySelector(t)),h=void 0}},[l]),v=vd(e.ref,C=>{var Q;const O=w[0];if(n===2&&(C.innerHTML=""),(m||h)&&_(C),!c&&!a)return;let L=Dn[Q=C.getAttribute(O)]||(Dn[Q]=new Promise((ce,le)=>{C.addEventListener("load",ce),C.addEventListener("error",le)}));a&&(L=L.then(a)),c&&(L=L.catch(c)),L.catch(()=>{})});if(i&&d==="render"){const C=Ki[t][0];if(e[C]){const O=e[C],L=Dn[O]||(Dn[O]=new Promise((Q,ce)=>{_(f),f.addEventListener("load",Q),f.addEventListener("error",ce)}));W1(L)}}const A={tag:t,type:t,props:{...p,ref:v},ref:v};return A.p=n,f&&(A.e=f),H1(A,s)},Y1=t=>{const e=U1(),n=e&&Ar(e);return n!=null&&n.endsWith("svg")?{tag:"title",props:t,type:"title",ref:t.ref}:Ci("title",t,void 0,!1,!1)},X1=t=>!t||["src","async"].some(e=>!t[e])?{tag:"script",props:t,type:"script",ref:t.ref}:Ci("script",t,1,!1,!0),Q1=t=>!t||!["href","precedence"].every(e=>e in t)?{tag:"style",props:t,type:"style",ref:t.ref}:(t["data-href"]=t.href,delete t.href,Ci("style",t,2,!0,!0)),ex=t=>!t||["onLoad","onError"].some(e=>e in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?{tag:"link",props:t,type:"link",ref:t.ref}:Ci("link",t,1,"precedence"in t,!0),tx=t=>Ci("meta",t,void 0,!1,!1),bm=Symbol(),nx=t=>{const{action:e,...n}=t;typeof e!="function"&&(n.action=e);const[r,i]=K1([null,!1]),s=wd(async d=>{const p=d.isTrusted?e:d.detail[bm];if(typeof p!="function")return;d.preventDefault();const f=new FormData(d.target);i([f,!0]);const m=p(f);m instanceof Promise&&(Z1(m),await m),i([null,!0])},[]),a=vd(t.ref,d=>(d.addEventListener("submit",s),()=>{d.removeEventListener("submit",s)})),[c,l]=r;return r[1]=!1,{tag:J1,props:{value:{pending:c!==null,data:c,method:c?"post":null,action:c?e:null},children:{tag:"form",props:{...n,ref:a},type:"form",ref:a}},f:l}},xm=(t,{formAction:e,...n})=>{if(typeof e=="function"){const r=wd(i=>{i.preventDefault(),i.currentTarget.form.dispatchEvent(new CustomEvent("submit",{detail:{[bm]:e}}))},[]);n.ref=vd(n.ref,i=>(i.addEventListener("click",r),()=>{i.removeEventListener("click",r)}))}return{tag:t,props:n,type:t,ref:n.ref}},rx=t=>xm("input",t),ix=t=>xm("button",t);Object.assign(Qc,{title:Y1,script:X1,style:Q1,link:ex,meta:tx,form:nx,input:rx,button:ix});new TextEncoder;const Qo=t=>{const{i18nKey:e,values:n,components:r}=t,i=B.t(e,n),s=/<(\d+)>(.*?)<\/\d+>/g,a=[];let c=0,l;for(;(l=s.exec(i))!==null;){const[,d,p]=l,f=i.substring(c,l.index);f&&a.push(f);const m=parseInt(d,10);a.push(A1(r[m],{},p)),c=s.lastIndex}return c<i.length&&a.push(i.substring(c)),y(cm,{children:a})},rf=6,rl=({error:t,vendorSettings:e,email:n,state:r,client:i,hasPasswordLogin:s})=>{const a=new URLSearchParams({state:r}),l=i.connections.map(({name:d})=>d).includes("auth2");return y(Ue,{title:B.t("verify_your_email"),vendorSettings:e,children:[y("div",{className:"mb-4 text-2xl font-medium",children:B.t("verify_your_email")}),y("div",{className:"mb-8 text-gray-300",children:y(Qo,{i18nKey:"we_sent_a_code_to",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"pt-2",children:[y("input",{autoFocus:!0,type:"text",pattern:"[0-9]*",maxLength:rf,inputMode:"numeric",name:"code",placeholder:"******",className:Dt("mb-2 w-full rounded-lg border bg-gray-100 px-4 pb-2 pt-2.5 text-center indent-[5px] font-mono text-3xl placeholder:text-gray-300 dark:bg-gray-600 md:text-3xl",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),minLength:rf,required:!0,id:"code-input"}),t&&y(Un,{children:t}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("login")}),y(Ge,{className:"text-xs",name:"arrow-right"})]}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]}),l&&y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("or")})]}),y(Ze,{Component:"a",href:`/u/${s?"enter-password":"pre-signup"}?${a.toString()}`,variant:"secondary",className:"block",children:B.t("enter_your_password_btn")})]})]}),y(yt,{state:r})]})]})},sx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r,client:i}=await Ee(t,e);if(!r.authParams.username)throw new I(400,{message:"Username not found in state"});const s=await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:r.authParams.username,provider:"auth2"});return t.html(y(rl,{vendorSettings:n,email:r.authParams.username,state:e,client:i,hasPasswordLogin:!!s}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({code:o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{code:n}=t.req.valid("form"),{loginSession:r,client:i,vendorSettings:s}=await Ee(t,e);if(t.set("client_id",i.id),!r.authParams.username)throw new I(400,{message:"Username not found in state"});try{return await Jg(t,{client_id:i.id,authParams:r.authParams,username:r.authParams.username,otp:n})}catch(a){const c=a,l=await ds({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:r.authParams.username,provider:"auth2"});return t.html(y(rl,{vendorSettings:s,email:r.authParams.username,state:e,client:i,error:c.message,hasPasswordLogin:!!l}),400)}}),km=t=>{const{vendorSettings:e,state:n}=t;return y(Ue,{title:B.t("unverified_email"),vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:B.t("unverified_email")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]}),y(yt,{state:n})]}),y(yt,{state:n})]})},Yi=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t,s=new URLSearchParams({state:i});return y(Ue,{title:B.t("enter_password"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("enter_password")}),y("div",{className:"mb-6 text-gray-300",children:B.t("enter_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"mb-7",children:[y("input",{type:"text",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r}),y("input",{type:"password",name:"password",placeholder:B.t("password")||"",className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:[y("span",{children:B.t("login")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})]}),y("a",{href:`/u/forgot-password?${s.toString()}`,className:"text-primary hover:underline mb-4",children:B.t("forgot_password_link")}),y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:B.t("or")})]}),y("form",{method:"post",action:`/u/login/identifier?${s.toString()}`,children:[y("input",{type:"hidden",name:"login_selection",value:"code"}),y("input",{type:"hidden",name:"username",value:r}),y(Ze,{variant:"secondary",className:"block",children:B.t("enter_a_code_btn")})]})]}),y(yt,{state:i})]})]})},ox=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,loginSession:i}=await Ee(t,e);if(!i.authParams.username)throw new I(400,{message:"Username required"});return t.html(y(Yi,{vendorSettings:n,email:i.authParams.username,state:e,client:r}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{password:r}=n,{vendorSettings:i,client:s,loginSession:a}=await Ee(t,e),{username:c}=a.authParams;if(!c)throw new I(400,{message:"Username required"});try{return await hd(t,s,{...a.authParams,password:r},a)}catch(l){const d=l;return d.code==="INVALID_PASSWORD"||d.code==="USER_NOT_FOUND"?t.html(y(Yi,{vendorSettings:i,email:c,error:B.t("invalid_password"),state:e,client:s}),400):d.code==="EMAIL_NOT_VERIFIED"?t.html(y(km,{vendorSettings:i,state:e}),400):t.html(y(Yi,{vendorSettings:i,email:c,error:d.message,state:e,client:s}),400)}}),Hn=t=>{const{state:e,error:n,vendorSettings:r,email:i,code:s}=t;return y(Ue,{title:B.t("create_account_title"),vendorSettings:r,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("create_account_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("create_account_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{children:[y("input",{type:"hidden",name:"code",value:s}),y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:i,disabled:!!i}),y("input",{type:"password",name:"password",placeholder:B.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:B.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),n&&y(Un,{children:n}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("continue")})]}),y(yt,{state:e})]})]})},ea=t=>{const{message:e,vendorSettings:n,pageTitle:r,state:i}=t;return y(Ue,{title:"Login",vendorSettings:n,children:[r?y("div",{className:"mb-6 text-gray-300",children:r}):"",y("div",{className:"flex flex-1 flex-col justify-center",children:e}),i?y(yt,{state:i}):""]})},ax=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().optional().openapi({description:"The code parameter from an email verification link"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{vendorSettings:r,loginSession:i}=await Ee(t,e),{username:s}=i.authParams;if(!s)throw new I(400,{message:"Username required"});return n?t.html(y(Hn,{state:e,vendorSettings:r,email:s,code:n})):t.html(y(Hn,{state:e,vendorSettings:r,email:s}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string(),"re-enter-password":o.z.string(),code:o.z.string().optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{env:r}=t,{vendorSettings:i,client:s,loginSession:a}=await Ee(t,e),c="Username-Password-Authentication";t.set("client_id",s.id),t.set("connection",c);const{username:l}=a.authParams;if(!l)throw new I(400,{message:"Username required"});if(n.password!==n["re-enter-password"])return t.html(y(Hn,{state:e,code:n.code,vendorSettings:i,error:B.t("create_account_passwords_didnt_match"),email:a.authParams.username}),400);if(!ud(n.password))return t.html(y(Hn,{state:e,code:n.code,vendorSettings:i,error:B.t("create_account_weak_password"),email:a.authParams.username}),400);const d=n.code?await r.data.codes.get(s.tenant.id,n.code,"email_verification"):void 0,p=d?await r.data.loginSessions.get(s.tenant.id,d.login_id):void 0;try{if(await fr({userAdapter:t.env.data.users,tenant_id:s.tenant.id,username:l,provider:"auth2"}))throw new I(400,{message:"Invalid sign up"});const m=(p==null?void 0:p.authParams.username)===l,w=await Kf(t).users.create(s.tenant.id,{user_id:`auth2|${Qs()}`,email:l,email_verified:m,provider:"auth2",connection:c,is_social:!1});return await r.data.passwords.create(s.tenant.id,{user_id:w.user_id,password:await oi.hash(n.password,10),algorithm:"bcrypt"}),m?await hd(t,s,{...a.authParams,password:n.password},a):(await fd(t,w),t.html(y(ea,{message:B.t("validate_email_body"),pageTitle:B.t("validate_email_title"),vendorSettings:i,state:e})))}catch(f){const m=await yd(r,s.id,a.authParams.vendor_id),w=f;return t.html(y(Hn,{state:e,vendorSettings:m,error:w.message,email:l}),400)}}),Fn=t=>{const{error:e,vendorSettings:n,email:r}=t;return y(Ue,{title:B.t("reset_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("reset_password_title")}),y("div",{className:"mb-6 text-gray-300",children:`${B.t("reset_password_description")} ${r}`}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Wt,{children:[y("input",{type:"password",name:"password",placeholder:B.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:B.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("reset_password_cta")})]})})]})},cx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);if(!r.authParams.username)throw new I(400,{message:"Username required"});return t.html(y(Fn,{vendorSettings:n,email:r.authParams.username}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({password:o.z.string(),"re-enter-password":o.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{password:r,"re-enter-password":i}=t.req.valid("form"),{env:s}=t,{vendorSettings:a,client:c,loginSession:l}=await Ee(t,e);if(!l.authParams.username)throw new I(400,{message:"Username required"});if(r!==i)return t.html(y(Fn,{error:B.t("create_account_passwords_didnt_match"),vendorSettings:a,email:l.authParams.username}),400);if(!ud(r))return t.html(y(Fn,{error:B.t("create_account_weak_password"),vendorSettings:a,email:l.authParams.username}),400);const d=await fr({userAdapter:s.data.users,tenant_id:c.tenant.id,username:l.authParams.username,provider:"auth2"});if(!d)throw new I(400,{message:"User not found"});try{if(!await s.data.codes.get(c.tenant.id,n,"password_reset"))return t.html(y(Fn,{error:"Code not found or expired",vendorSettings:a,email:l.authParams.username}),400);const f={user_id:d.user_id,password:await oi.hash(r,10),algorithm:"bcrypt"};await s.data.passwords.get(c.tenant.id,d.user_id)?await s.data.passwords.update(c.tenant.id,f):await s.data.passwords.create(c.tenant.id,f),d.email_verified||await s.data.users.update(c.tenant.id,d.user_id,{email_verified:!0})}catch{return t.html(y(Fn,{error:"The password could not be reset",vendorSettings:a,email:l.authParams.username}),400)}return t.html(y(ea,{message:B.t("password_has_been_reset"),vendorSettings:a,state:e}))}),Sm=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t;return y(Ue,{title:B.t("forgot_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("forgot_password_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("forgot_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Wt,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r,disabled:!!r}),e&&y(Un,{children:e}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("forgot_password_cta")})]}),y(yt,{state:i})]})]})},Am=t=>{const{vendorSettings:e,state:n}=t;return y(Ue,{title:"Login",vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{children:B.t("forgot_password_email_sent")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]})]}),y(yt,{state:n})]})},lx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);return t.html(y(Sm,{vendorSettings:n,state:e,email:r.authParams.username}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,loginSession:i}=await Ee(t,e);return await Xb(t,r,i.authParams.username,i.id),t.html(y(Am,{vendorSettings:n,state:e}))}),zm=({vendorSettings:t,state:e,user:n})=>y(Ue,{title:re("check_email_title"),vendorSettings:t,children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-8 text-gray-700 dark:text-gray-300",children:[y(Qo,{i18nKey:"currently_logged_in_as",components:[y("span",{className:"font-semibold text-gray-900 dark:text-white"},"span")],values:{email:n.email||""}}),y("br",{}),re("continue_with_sso_provider_headline")]}),y("div",{className:"space-y-6",children:[y(Wt,{children:y(Ze,{className:"!text-base",children:y("span",{children:B.t("yes_continue_with_existing_account")})})}),y("a",{className:"block text-center text-primary hover:text-primaryHover focus:outline-none focus:ring-2 focus:ring-primary focus:ring-offset-2 dark:focus:ring-offset-gray-900",href:`/u/login/identifier?state=${encodeURIComponent(e)}`,children:B.t("no_use_another")})]})]})}),dx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{vendorSettings:r,client:i}=await Ee(t,n),s=ls(i.tenant.id,t.req.header("cookie")),a=s?await e.data.sessions.get(i.tenant.id,s):null;if(!a)return t.redirect(`/u/login/identifier?state=${n}`);const c=await e.data.users.get(i.tenant.id,a.user_id);return c?t.html(y(zm,{vendorSettings:r,state:n,user:c})):t.redirect(`/u/login/identifier?state=${n}`)}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{302:{description:"Redirect"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{loginSession:r,client:i}=await Ee(t,n),s=ls(i.tenant.id,t.req.header("cookie")),a=s?await e.data.sessions.get(i.tenant.id,s):null;if(!a)return t.redirect(`/u/login/identifier?state=${n}`);const c=await e.data.users.get(i.tenant.id,a.user_id);return c?ln(t,{user:c,authParams:r.authParams,client:i,loginSession:r}):t.redirect(`/u/login/identifier?state=${n}`)}),Em=t=>{const{vendorSettings:e,email:n,state:r}=t;return y(Ue,{title:B.t("create_password_account_title"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("create_password_account_title")}),y("div",{className:"mb-6 text-gray-300",children:B.t("enter_email_for_verification_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Wt,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:B.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:n,disabled:!0}),y(Ze,{className:"sm:mt-4 !text-base",children:B.t("send")})]})}),y(yt,{state:r})]})},ux=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e),{username:i}=r.authParams;if(!i)throw new I(400,{message:"Username required"});return t.html(y(Em,{state:e,vendorSettings:n,email:i}))}).openapi(o.createRoute({tags:["login"],method:"post",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{loginSession:n,client:r}=await Ee(t,e),{username:i}=n.authParams;if(!i)throw new I(400,{message:"Username required"});const s=await t.env.data.codes.create(r.tenant.id,{code_id:Pn(),code_type:"email_verification",login_id:n.id,expires_at:new Date(Date.now()+F0).toISOString()});return await Jb(t,i,s.code_id,n.id),t.redirect(`/u/pre-signup-sent?state=${e}`)}),Im=t=>{const{redirectUrl:e,vendorSettings:n}=t;return y(Ue,{title:B.t("invalid_session_title"),vendorSettings:n,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:B.t("invalid_session_body")}),y("div",{className:"flex flex-1 flex-col justify-center",children:e&&y("a",{className:"block text-primary hover:text-primaryHover text-center",href:e,children:B.t("go_back")})})]})},px=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e);let i;return r.authParams.redirect_uri&&r.authParams.state&&(i=new URL(r.authParams.redirect_uri),i.searchParams.set("state",r.authParams.state),i.searchParams.set("error","invalid_session"),i.searchParams.set("error_description",r.authParams.username||"")),t.html(y(Im,{redirectUrl:i==null?void 0:i.href,vendorSettings:n}))}),fx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const e=await yd(t.env),{state:n}=t.req.valid("query");return t.html(y(ea,{message:"Not implemented",pageTitle:"User info",vendorSettings:e,state:n}))}),Cm=({vendorSettings:t,state:e})=>{const n=new URLSearchParams({state:e});return y(Ue,{title:B.t("email_validated"),vendorSettings:t,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("email_validated")}),y("div",{className:"flex flex-1 flex-col justify-center mb-7",children:y(Ze,{Component:"a",href:`/u/enter-password?${n}`,className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:B.t("email_validated_cta")}),y(Ge,{className:"text-xs",name:"arrow-right"})]})})})]})},hx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"}),code:o.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{var m;const{state:e,code:n}=t.req.valid("query"),{env:r}=t,{client:i,loginSession:s,vendorSettings:a}=await Ee(t,e),{username:c}=s.authParams;if(!c)throw new I(400,{message:"Username not found in state"});const l=await fr({userAdapter:r.data.users,tenant_id:i.tenant.id,username:c,provider:"auth2"});if(!l)throw new I(500,{message:"No user found"});if(!await r.data.codes.get(i.tenant.id,n,"email_verification"))throw new I(400,{message:"Code not found or expired"});await r.data.users.update(i.tenant.id,l.user_id,{email_verified:!0});const f=(await gl(r.data.users,i.tenant.id,c)).filter(w=>w.provider!=="auth2");if(f.length>0){const w=f.filter(h=>!h.linked_to);w.length>1&&console.error("More than one primary user found for email",c),w.length===0&&console.error("No primary user found for email",c),w.length===1&&await r.data.users.update(i.tenant.id,l.user_id,{linked_to:(m=w[0])==null?void 0:m.user_id})}return t.html(y(Cm,{vendorSettings:a,state:e}))}),Nm=t=>{const{vendorSettings:e,email:n,state:r}=t;return y(Ue,{title:B.t("email_verification_for_signup_sent_title"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:B.t("email_verification_for_signup_sent_title")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-6 text-gray-300",children:y(Qo,{i18nKey:"email_verification_for_signup_sent_description",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(Ge,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:B.t("sent_code_spam")})]})]}),y(yt,{state:r})]})},gx=new o.OpenAPIHono().openapi(o.createRoute({tags:["login"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,loginSession:r}=await Ee(t,e),{username:i}=r.authParams;if(!i)throw new I(400,{message:"Username required"});return t.html(y(Nm,{vendorSettings:n,state:e,email:i}))}),bd=`
 @font-face{font-display:swap;font-family:KHTeka;font-style:normal;font-weight:400;src:url(https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Regular.woff2) format("woff2")}@font-face{font-display:swap;font-family:KHTeka;font-style:normal;font-weight:500;src:url(https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Medium.woff2) format("woff2")}@font-face{font-display:swap;font-family:KHTeka;font-style:normal;font-weight:600;src:url(https://assets.sesamy.com/fonts/khteka/WOFF2/KHTeka-Bold.woff2) format("woff2")}@font-face{font-family:uicon;src:url(https://login2.sesamy.com/_next/static/media/uicon.0b00e08a.woff2)}[class*=" uicon-"],[class^=uicon-]{font-family:uicon!important;font-size:inherit;font-style:normal;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}.uicon-apple:before{content:"\\ea01"}.uicon-arrow-down:before{content:"\\ea02"}.uicon-arrow-left:before{content:"\\ea03"}.uicon-arrow-right:before{content:"\\ea04"}.uicon-arrow-up:before{content:"\\ea05"}.uicon-facebook:before{content:"\\ea06"}.uicon-google:before{content:"\\ea07"}.uicon-info-bubble:before{content:"\\ea08"}.uicon-info:before{content:"\\ea09"}.uicon-sesamy:before{content:"\\ea0a"}.uicon-spinner-circle:before{content:"\\ea0b"}.uicon-spinner-inner:before{content:"\\ea0c"}
-/*! tailwindcss v3.4.1 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #bfbcd7;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;font-family:KHTeka,Helvetica Neue,HelveticaNeue,TeX Gyre Heros,TeXGyreHeros,FreeSans,Nimbus Sans L,Liberation Sans,Arimo,Helvetica,sans-serif;font-feature-settings:normal;font-variation-settings:normal;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-tap-highlight-color:transparent}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{color:inherit;font-family:inherit;font-feature-settings:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{color:#4b4a58;opacity:1}input::placeholder,textarea::placeholder{color:#4b4a58;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]{display:none}body,html{height:100%}body{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity));font-size:1rem;letter-spacing:.0125rem;line-height:120%;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}@media (min-width:1280px){body{font-size:1.125rem;line-height:120%}}:is(.dark body){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}button,input,optgroup,select,textarea{font-size:.875rem;letter-spacing:.0125rem;line-height:120%}@media (min-width:1280px){button,input,optgroup,select,textarea{font-size:1rem;line-height:120%}}h1{font-size:1.5rem;font-weight:500;line-height:120%}@media (min-width:1280px){h1{font-size:2rem;line-height:120%}}@media (min-width:640px){h1{font-size:3rem;letter-spacing:-.0625rem;line-height:100%}}@media (min-width:1280px){h1{font-size:3.5rem;letter-spacing:-.0625rem;line-height:100%}}h2{font-size:1.25rem;font-weight:500;line-height:120%}@media (min-width:1280px){h2{font-size:1.5rem;line-height:120%}}@media (min-width:640px){h2{font-size:2rem;letter-spacing:0;line-height:120%}}@media (min-width:1280px){h2{font-size:3rem;letter-spacing:-.0625rem;line-height:100%}}h3{font-size:1.125rem;font-weight:500;line-height:120%}@media (min-width:1280px){h3{font-size:1.25rem;line-height:120%}}@media (min-width:640px){h3{font-size:1.5rem;line-height:120%}}@media (min-width:1280px){h3{font-size:2rem;line-height:120%}}h4{font-size:1rem;font-weight:500;line-height:120%}@media (min-width:1280px){h4{font-size:1.125rem;line-height:120%}}@media (min-width:640px){h4{font-size:1.125rem;line-height:120%}}@media (min-width:1280px){h4{font-size:1.5rem;line-height:120%}}h5{font-size:.875rem;font-weight:500;line-height:120%}@media (min-width:1280px){h5{font-size:1rem;line-height:120%}}@media (min-width:640px){h5{font-size:1rem;line-height:120%}}@media (min-width:1280px){h5{font-size:1.125rem;line-height:120%}}h6{font-size:.75rem;font-weight:500;line-height:135%}@media (min-width:1280px){h6{font-size:.875rem;line-height:120%}}@media (min-width:640px){h6{font-size:.875rem;line-height:120%}}@media (min-width:1280px){h6{font-size:1rem;line-height:120%}}*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: }.pointer-events-none{pointer-events:none}.absolute{position:absolute}.relative{position:relative}.inset-0{inset:0}.left-0{left:0}.right-0{right:0}.top-0{top:0}.top-1\\/2{top:50%}.my-4{margin-bottom:1rem;margin-top:1rem}.mb-12{margin-bottom:3rem}.mb-16{margin-bottom:4rem}.mb-2{margin-bottom:.5rem}.mb-4{margin-bottom:1rem}.mb-5{margin-bottom:1.25rem}.mb-6{margin-bottom:1.5rem}.mb-7{margin-bottom:1.75rem}.mb-8{margin-bottom:2rem}.mt-8{margin-top:2rem}.block{display:block}.inline-block{display:inline-block}.flex{display:flex}.hidden{display:none}.h-5{height:1.25rem}.h-9{height:2.25rem}.h-full{height:100%}.max-h-full{max-height:100%}.min-h-\\[calc\\(100vh-83px\\)\\]{min-height:calc(100vh - 83px)}.min-h-full{min-height:100%}.w-5{width:1.25rem}.w-\\[calc\\(100\\%-theme\\(space\\.2\\)-theme\\(space\\.2\\)\\)\\]{width:calc(100% - 1rem)}.w-full{width:100%}.max-w-\\[1295px\\]{max-width:1295px}.flex-1{flex:1 1 0%}@keyframes spin{to{transform:rotate(1turn)}}.animate-spin{animation:spin 1s linear infinite}.cursor-not-allowed{cursor:not-allowed}.flex-col{flex-direction:column}.\\!flex-nowrap{flex-wrap:nowrap!important}.items-center{align-items:center}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.space-x-2>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(.5rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(.5rem*var(--tw-space-x-reverse))}.space-x-4>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(1rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(1rem*var(--tw-space-x-reverse))}.space-y-6>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(1.5rem*var(--tw-space-y-reverse));margin-top:calc(1.5rem*(1 - var(--tw-space-y-reverse)))}.overflow-hidden{overflow:hidden}.rounded-2xl{border-radius:1.25rem}.rounded-lg{border-radius:.625rem}.border{border-width:1px}.border-b{border-bottom-width:1px}.border-gray-100{--tw-border-opacity:1;border-color:rgb(248 249 251/var(--tw-border-opacity))}.border-gray-200{--tw-border-opacity:1;border-color:rgb(191 188 215/var(--tw-border-opacity))}.border-gray-300{--tw-border-opacity:1;border-color:rgb(136 134 159/var(--tw-border-opacity))}.border-gray-500{--tw-border-opacity:1;border-color:rgb(59 57 70/var(--tw-border-opacity))}.border-red{--tw-border-opacity:1;border-color:rgb(252 90 90/var(--tw-border-opacity))}.bg-gray-100{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity))}.bg-primary{background-color:var(--primary-color)}.bg-primaryHover{background-color:var(--primary-hover)}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.bg-cover{background-size:cover}.bg-center{background-position:50%}.px-0{padding-left:0;padding-right:0}.px-10{padding-left:2.5rem;padding-right:2.5rem}.px-2{padding-left:.5rem;padding-right:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.px-5{padding-left:1.25rem;padding-right:1.25rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.py-10{padding-bottom:2.5rem;padding-top:2.5rem}.py-2{padding-bottom:.5rem;padding-top:.5rem}.py-3{padding-bottom:.75rem;padding-top:.75rem}.py-5{padding-bottom:1.25rem;padding-top:1.25rem}.pb-2{padding-bottom:.5rem}.pb-8{padding-bottom:2rem}.pt-2{padding-top:.5rem}.pt-2\\.5{padding-top:.625rem}.pt-4{padding-top:1rem}.text-left{text-align:left}.text-center{text-align:center}.indent-\\[5px\\]{text-indent:5px}.font-mono{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}.\\!text-base{font-size:1rem!important;line-height:120%!important}.text-2xl{font-size:1.5rem;line-height:120%}.text-3xl{font-size:2rem;line-height:120%}.text-base{font-size:1rem;line-height:120%}.text-lg{font-size:1.125rem;line-height:120%}.text-sm{font-size:.875rem;line-height:120%}.text-xl{font-size:1.25rem;line-height:120%}.text-xs{font-size:.75rem;line-height:135%}.font-medium{font-weight:500}.font-semibold{font-weight:600}.leading-\\[0\\]{line-height:0}.text-\\[\\#1196F5\\]{--tw-text-opacity:1;color:rgb(17 150 245/var(--tw-text-opacity))}.text-\\[\\#B2B2B2\\]{--tw-text-opacity:1;color:rgb(178 178 178/var(--tw-text-opacity))}.text-black{--tw-text-opacity:1;color:rgb(0 0 0/var(--tw-text-opacity))}.text-gray-200{--tw-text-opacity:1;color:rgb(191 188 215/var(--tw-text-opacity))}.text-gray-300{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.text-gray-700{--tw-text-opacity:1;color:rgb(30 30 39/var(--tw-text-opacity))}.text-gray-900{--tw-text-opacity:1;color:rgb(8 8 14/var(--tw-text-opacity))}.text-primary{color:var(--primary-color)}.text-red{--tw-text-opacity:1;color:rgb(252 90 90/var(--tw-text-opacity))}.text-textOnPrimary{color:var(--text-on-primary)}.text-white{--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.opacity-40{opacity:.4}.row-up-left{align-content:flex-start;justify-content:flex-start}.row,.row-up-left{display:flex;flex-direction:row;flex-wrap:wrap}.row{align-content:center;align-items:center;justify-content:center}.column-left{align-items:flex-start;display:flex;flex-direction:column;justify-content:center}@media (min-width:1280px){.text-5xl{font-size:5.125rem;letter-spacing:-.125rem;line-height:100%}.text-4xl{font-size:3.5rem}.text-3xl,.text-4xl{letter-spacing:-.0625rem;line-height:100%}.text-3xl{font-size:3rem}.text-2xl{font-size:2rem}.text-2xl,.text-xl{line-height:120%}.text-xl{font-size:1.5rem}.text-lg{font-size:1.25rem}.text-base,.text-lg{line-height:120%}.text-base{font-size:1.125rem}.text-sm{font-size:1rem}.text-sm,.text-xs{line-height:120%}.text-xs{font-size:.875rem}}:root{--primary-color:#7d68f4;--primary-hover:#7e69f4;--text-on-primary:#fff}svg{transform:translate3d(var(--tw-translate-x),var(--tw-translate-y),0) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}*,:after,:before{text-underline-offset:4px}input[type=number],input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{-webkit-appearance:none;-moz-appearance:textfield!important}.btn.is-loading{cursor:not-allowed;opacity:.4;pointer-events:none}.btn .btn-spinner,.btn.is-loading .btn-label{opacity:0;visibility:hidden}.btn.is-loading .btn-spinner{opacity:1;visibility:visible}[class*=" uicon-"],[class^=uicon-]{letter-spacing:0;line-height:100%}.placeholder\\:text-gray-300::-moz-placeholder{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.placeholder\\:text-gray-300::placeholder{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.hover\\:bg-gray-100:hover{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity))}.hover\\:bg-primaryHover:hover{background-color:var(--primary-hover)}.hover\\:text-primaryHover:hover{color:var(--primary-hover)}.hover\\:underline:hover{text-decoration-line:underline}.focus\\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.focus\\:ring:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(3px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\\:ring-2:focus,.focus\\:ring:focus{box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow,0 0 #0000)}.focus\\:ring-2:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\\:ring-primary:focus{--tw-ring-color:var(--primary-color)}.focus\\:ring-offset-2:focus{--tw-ring-offset-width:2px}:is(.dark .dark\\:border-gray-400){--tw-border-opacity:1;border-color:rgb(75 74 88/var(--tw-border-opacity))}:is(.dark .dark\\:border-gray-500){--tw-border-opacity:1;border-color:rgb(59 57 70/var(--tw-border-opacity))}:is(.dark .dark\\:border-gray-600){--tw-border-opacity:1;border-color:rgb(40 40 52/var(--tw-border-opacity))}:is(.dark .dark\\:bg-black){--tw-bg-opacity:1;background-color:rgb(0 0 0/var(--tw-bg-opacity))}:is(.dark .dark\\:bg-gray-600){--tw-bg-opacity:1;background-color:rgb(40 40 52/var(--tw-bg-opacity))}:is(.dark .dark\\:bg-gray-800){--tw-bg-opacity:1;background-color:rgb(20 20 26/var(--tw-bg-opacity))}:is(.dark .dark\\:text-\\[\\#201a41\\]){--tw-text-opacity:1;color:rgb(32 26 65/var(--tw-text-opacity))}:is(.dark .dark\\:text-gray-300){--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}:is(.dark .dark\\:text-white){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}:is(.dark .dark\\:hover\\:bg-black\\/90:hover){background-color:rgba(0,0,0,.9)}:is(.dark .dark\\:focus\\:ring-offset-gray-900:focus){--tw-ring-offset-color:#08080e}@media (min-width:640px){.sm\\:absolute{position:absolute}.sm\\:left-4{left:1rem}.sm\\:top-1\\/2{top:50%}.sm\\:mt-4{margin-top:1rem}.sm\\:inline{display:inline}.sm\\:h-6{height:1.5rem}.sm\\:min-h-\\[700px\\]{min-height:700px}.sm\\:w-6{width:1.5rem}.sm\\:w-\\[calc\\(100\\%-theme\\(space\\.16\\)-theme\\(space\\.16\\)\\)\\]{width:calc(100% - 8rem)}.sm\\:w-auto{width:auto}.sm\\:max-w-md{max-width:28rem}.sm\\:-translate-y-1\\/2{--tw-translate-y:-50%;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.sm\\:flex-col{flex-direction:column}.sm\\:justify-normal{justify-content:normal}.sm\\:space-x-0>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(0px*(1 - var(--tw-space-x-reverse)));margin-right:calc(0px*var(--tw-space-x-reverse))}.sm\\:space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(1rem*var(--tw-space-y-reverse));margin-top:calc(1rem*(1 - var(--tw-space-y-reverse)))}.sm\\:bg-fixed{background-attachment:fixed}.sm\\:bg-left-top{background-position:0 0}.sm\\:px-10{padding-left:2.5rem;padding-right:2.5rem}.sm\\:px-14{padding-left:3.5rem;padding-right:3.5rem}.sm\\:py-14{padding-bottom:3.5rem;padding-top:3.5rem}.sm\\:py-4{padding-bottom:1rem;padding-top:1rem}.sm\\:pt-16{padding-top:4rem}.sm\\:text-2xl{font-size:1.5rem;line-height:120%}.sm\\:text-base{font-size:1rem;line-height:120%}}@media (min-width:1280px){.md\\:min-w-\\[448px\\]{min-width:448px}.md\\:text-3xl{font-size:2rem;line-height:120%}.md\\:text-base{font-size:1rem;line-height:120%}.md\\:text-sm{font-size:.875rem;line-height:120%}.md\\:text-xs{font-size:.75rem;line-height:135%}}@media (max-height:900px) and (min-width:640px){.short\\:static{position:static}.short\\:left-auto{left:auto}.short\\:top-auto{top:auto}.short\\:hidden{display:none}.short\\:h-5{height:1.25rem}.short\\:min-h-\\[558px\\]{min-height:558px}.short\\:w-5{width:1.25rem}.short\\:translate-y-0{--tw-translate-y:0px;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.short\\:flex-row{flex-direction:row}.short\\:space-x-4>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(1rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(1rem*var(--tw-space-x-reverse))}.short\\:space-y-0>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(0px*var(--tw-space-y-reverse));margin-top:calc(0px*(1 - var(--tw-space-y-reverse)))}.short\\:px-0{padding-left:0;padding-right:0}.short\\:py-3{padding-bottom:.75rem;padding-top:.75rem}.short\\:text-xl{font-size:1.25rem;line-height:120%}}`;function mx(){if(typeof document<"u"){const t=document.createElement("style");t.innerHTML=bd,t.setAttribute("data-authhero-tailwind",""),document.head.appendChild(t)}}function _x(t){const e=new o.OpenAPIHono;e.use(sd).use(async(r,i)=>(r.env.data=ro(r,t.dataAdapter),i())),e.get("/css/tailwind.css",async r=>{const i=bd;return r.text(i,200,{"content-type":"text/css; charset=utf-8"})});const n=e.route("/info",fx).route("/check-account",dx).route("/enter-email",B1).route("/enter-code",sx).route("/enter-password",ox).route("/invalid-session",px).route("/pre-signup",ux).route("/pre-signup-sent",gx).route("/reset-password",cx).route("/forgot-password",lx).route("/validate-email",hx).route("/signup",ax);return n.doc("/u/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Universal login"}}),n}const yx="Account detected",wx="We have detected that you have already created an account through",vx="By signing in, you agree to our",bx="and",xx="Callback URL mismatch",kx="The provided redirect_uri is not in the list of allowed callback URLs.",Sx="continue with user",Ax="Please click the button to create a new password account.",zx="Enter the code at {{vendorName}} to complete the login",Ex="Welcome to {{vendorName}}! {{code}} is the login code",Ix="Welcome to {{vendorName}}! {{code}} is the login code",Cx="The code is valid for 30 minutes",Nx="Confirm password",jx="Need Help?",$x="Contact us",Ox="or continue with social account",Tx="Continue with {{provider}}",Px="Would you like to continue with your existing account?",Bx="Copyright © 2023 SESAMY. All rights reserved.",Rx="©2023 Sesamy",Lx="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",Ux="Please enter a valid email address.",Vx="The passwords didn't match. Try again.",qx="Choose password",Mx="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",Dx="Create new account",Hx="Sign up with password",Fx="You are currently logged in as <0>{{email}}</0>",Kx="Email",Wx="Email address",Gx="Your email address has been validated",Jx="Now enter your password to login again",Zx="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",Yx="Email verification sent",Xx="Enter a code",Qx="We'll send you a verification link to ensure you own this email address.",ek="Enter new password",tk="Enter password",nk="Enter your email address and password to login.",rk="Enter your password",ik="The magic link has expired. Please click on the button below to receive a new link in your inbox.",sk="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",ok="Send password reset email",ak="Click the button below and we’ll send instructions on how to reset your password.",ck="Password reset email sent",lk="Forgot password?",dk="Forgot password?",uk="Go back",pk="Invalid password",fk=`The link is no longer valid.
+/*! tailwindcss v3.4.1 | MIT License | https://tailwindcss.com*/*,:after,:before{border:0 solid #bfbcd7;box-sizing:border-box}:after,:before{--tw-content:""}:host,html{line-height:1.5;-webkit-text-size-adjust:100%;font-family:KHTeka,Helvetica Neue,HelveticaNeue,TeX Gyre Heros,TeXGyreHeros,FreeSans,Nimbus Sans L,Liberation Sans,Arimo,Helvetica,sans-serif;font-feature-settings:normal;font-variation-settings:normal;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-tap-highlight-color:transparent}body{line-height:inherit;margin:0}hr{border-top-width:1px;color:inherit;height:0}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace;font-feature-settings:normal;font-size:1em;font-variation-settings:normal}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{border-collapse:collapse;border-color:inherit;text-indent:0}button,input,optgroup,select,textarea{color:inherit;font-family:inherit;font-feature-settings:inherit;font-size:100%;font-variation-settings:inherit;font-weight:inherit;line-height:inherit;margin:0;padding:0}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button;background-color:transparent;background-image:none}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}blockquote,dd,dl,figure,h1,h2,h3,h4,h5,h6,hr,p,pre{margin:0}fieldset{margin:0}fieldset,legend{padding:0}menu,ol,ul{list-style:none;margin:0;padding:0}dialog{padding:0}textarea{resize:vertical}input::-moz-placeholder,textarea::-moz-placeholder{color:#4b4a58;opacity:1}input::placeholder,textarea::placeholder{color:#4b4a58;opacity:1}[role=button],button{cursor:pointer}:disabled{cursor:default}audio,canvas,embed,iframe,img,object,svg,video{display:block;vertical-align:middle}img,video{height:auto;max-width:100%}[hidden]{display:none}body,html{height:100%}body{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity));font-size:1rem;letter-spacing:.0125rem;line-height:120%;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}@media (min-width:1280px){body{font-size:1.125rem;line-height:120%}}:is(.dark body){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}button,input,optgroup,select,textarea{font-size:.875rem;letter-spacing:.0125rem;line-height:120%}@media (min-width:1280px){button,input,optgroup,select,textarea{font-size:1rem;line-height:120%}}h1{font-size:1.5rem;font-weight:500;line-height:120%}@media (min-width:1280px){h1{font-size:2rem;line-height:120%}}@media (min-width:640px){h1{font-size:3rem;letter-spacing:-.0625rem;line-height:100%}}@media (min-width:1280px){h1{font-size:3.5rem;letter-spacing:-.0625rem;line-height:100%}}h2{font-size:1.25rem;font-weight:500;line-height:120%}@media (min-width:1280px){h2{font-size:1.5rem;line-height:120%}}@media (min-width:640px){h2{font-size:2rem;letter-spacing:0;line-height:120%}}@media (min-width:1280px){h2{font-size:3rem;letter-spacing:-.0625rem;line-height:100%}}h3{font-size:1.125rem;font-weight:500;line-height:120%}@media (min-width:1280px){h3{font-size:1.25rem;line-height:120%}}@media (min-width:640px){h3{font-size:1.5rem;line-height:120%}}@media (min-width:1280px){h3{font-size:2rem;line-height:120%}}h4{font-size:1rem;font-weight:500;line-height:120%}@media (min-width:1280px){h4{font-size:1.125rem;line-height:120%}}@media (min-width:640px){h4{font-size:1.125rem;line-height:120%}}@media (min-width:1280px){h4{font-size:1.5rem;line-height:120%}}h5{font-size:.875rem;font-weight:500;line-height:120%}@media (min-width:1280px){h5{font-size:1rem;line-height:120%}}@media (min-width:640px){h5{font-size:1rem;line-height:120%}}@media (min-width:1280px){h5{font-size:1.125rem;line-height:120%}}h6{font-size:.75rem;font-weight:500;line-height:135%}@media (min-width:1280px){h6{font-size:.875rem;line-height:120%}}@media (min-width:640px){h6{font-size:.875rem;line-height:120%}}@media (min-width:1280px){h6{font-size:1rem;line-height:120%}}*,:after,:before{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: }::backdrop{--tw-border-spacing-x:0;--tw-border-spacing-y:0;--tw-translate-x:0;--tw-translate-y:0;--tw-rotate:0;--tw-skew-x:0;--tw-skew-y:0;--tw-scale-x:1;--tw-scale-y:1;--tw-pan-x: ;--tw-pan-y: ;--tw-pinch-zoom: ;--tw-scroll-snap-strictness:proximity;--tw-gradient-from-position: ;--tw-gradient-via-position: ;--tw-gradient-to-position: ;--tw-ordinal: ;--tw-slashed-zero: ;--tw-numeric-figure: ;--tw-numeric-spacing: ;--tw-numeric-fraction: ;--tw-ring-inset: ;--tw-ring-offset-width:0px;--tw-ring-offset-color:#fff;--tw-ring-color:rgba(59,130,246,.5);--tw-ring-offset-shadow:0 0 #0000;--tw-ring-shadow:0 0 #0000;--tw-shadow:0 0 #0000;--tw-shadow-colored:0 0 #0000;--tw-blur: ;--tw-brightness: ;--tw-contrast: ;--tw-grayscale: ;--tw-hue-rotate: ;--tw-invert: ;--tw-saturate: ;--tw-sepia: ;--tw-drop-shadow: ;--tw-backdrop-blur: ;--tw-backdrop-brightness: ;--tw-backdrop-contrast: ;--tw-backdrop-grayscale: ;--tw-backdrop-hue-rotate: ;--tw-backdrop-invert: ;--tw-backdrop-opacity: ;--tw-backdrop-saturate: ;--tw-backdrop-sepia: }.pointer-events-none{pointer-events:none}.absolute{position:absolute}.relative{position:relative}.inset-0{inset:0}.left-0{left:0}.right-0{right:0}.top-0{top:0}.top-1\\/2{top:50%}.my-4{margin-bottom:1rem;margin-top:1rem}.mb-12{margin-bottom:3rem}.mb-16{margin-bottom:4rem}.mb-2{margin-bottom:.5rem}.mb-4{margin-bottom:1rem}.mb-5{margin-bottom:1.25rem}.mb-6{margin-bottom:1.5rem}.mb-7{margin-bottom:1.75rem}.mb-8{margin-bottom:2rem}.mt-8{margin-top:2rem}.block{display:block}.inline-block{display:inline-block}.flex{display:flex}.hidden{display:none}.h-5{height:1.25rem}.h-9{height:2.25rem}.h-full{height:100%}.max-h-full{max-height:100%}.min-h-\\[calc\\(100vh-83px\\)\\]{min-height:calc(100vh - 83px)}.min-h-full{min-height:100%}.w-5{width:1.25rem}.w-\\[calc\\(100\\%-theme\\(space\\.2\\)-theme\\(space\\.2\\)\\)\\]{width:calc(100% - 1rem)}.w-full{width:100%}.max-w-\\[1295px\\]{max-width:1295px}.flex-1{flex:1 1 0%}@keyframes spin{to{transform:rotate(1turn)}}.animate-spin{animation:spin 1s linear infinite}.cursor-not-allowed{cursor:not-allowed}.flex-col{flex-direction:column}.\\!flex-nowrap{flex-wrap:nowrap!important}.items-center{align-items:center}.justify-center{justify-content:center}.justify-between{justify-content:space-between}.space-x-2>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(.5rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(.5rem*var(--tw-space-x-reverse))}.space-x-4>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(1rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(1rem*var(--tw-space-x-reverse))}.space-y-6>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(1.5rem*var(--tw-space-y-reverse));margin-top:calc(1.5rem*(1 - var(--tw-space-y-reverse)))}.overflow-hidden{overflow:hidden}.rounded-2xl{border-radius:1.25rem}.rounded-lg{border-radius:.625rem}.border{border-width:1px}.border-b{border-bottom-width:1px}.border-gray-100{--tw-border-opacity:1;border-color:rgb(248 249 251/var(--tw-border-opacity))}.border-gray-200{--tw-border-opacity:1;border-color:rgb(191 188 215/var(--tw-border-opacity))}.border-gray-300{--tw-border-opacity:1;border-color:rgb(136 134 159/var(--tw-border-opacity))}.border-gray-500{--tw-border-opacity:1;border-color:rgb(59 57 70/var(--tw-border-opacity))}.border-red{--tw-border-opacity:1;border-color:rgb(252 90 90/var(--tw-border-opacity))}.bg-gray-100{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity))}.bg-primary{background-color:var(--primary-color)}.bg-primaryHover{background-color:var(--primary-hover)}.bg-white{--tw-bg-opacity:1;background-color:rgb(255 255 255/var(--tw-bg-opacity))}.bg-cover{background-size:cover}.bg-center{background-position:50%}.px-0{padding-left:0;padding-right:0}.px-10{padding-left:2.5rem;padding-right:2.5rem}.px-2{padding-left:.5rem;padding-right:.5rem}.px-4{padding-left:1rem;padding-right:1rem}.px-5{padding-left:1.25rem;padding-right:1.25rem}.px-6{padding-left:1.5rem;padding-right:1.5rem}.py-10{padding-bottom:2.5rem;padding-top:2.5rem}.py-2{padding-bottom:.5rem;padding-top:.5rem}.py-3{padding-bottom:.75rem;padding-top:.75rem}.py-5{padding-bottom:1.25rem;padding-top:1.25rem}.pb-2{padding-bottom:.5rem}.pb-8{padding-bottom:2rem}.pt-2{padding-top:.5rem}.pt-2\\.5{padding-top:.625rem}.pt-4{padding-top:1rem}.text-left{text-align:left}.text-center{text-align:center}.indent-\\[5px\\]{text-indent:5px}.font-mono{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,monospace}.\\!text-base{font-size:1rem!important;line-height:120%!important}.text-2xl{font-size:1.5rem;line-height:120%}.text-3xl{font-size:2rem;line-height:120%}.text-base{font-size:1rem;line-height:120%}.text-lg{font-size:1.125rem;line-height:120%}.text-sm{font-size:.875rem;line-height:120%}.text-xl{font-size:1.25rem;line-height:120%}.text-xs{font-size:.75rem;line-height:135%}.font-medium{font-weight:500}.font-semibold{font-weight:600}.leading-\\[0\\]{line-height:0}.text-\\[\\#1196F5\\]{--tw-text-opacity:1;color:rgb(17 150 245/var(--tw-text-opacity))}.text-\\[\\#B2B2B2\\]{--tw-text-opacity:1;color:rgb(178 178 178/var(--tw-text-opacity))}.text-black{--tw-text-opacity:1;color:rgb(0 0 0/var(--tw-text-opacity))}.text-gray-200{--tw-text-opacity:1;color:rgb(191 188 215/var(--tw-text-opacity))}.text-gray-300{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.text-gray-700{--tw-text-opacity:1;color:rgb(30 30 39/var(--tw-text-opacity))}.text-gray-900{--tw-text-opacity:1;color:rgb(8 8 14/var(--tw-text-opacity))}.text-primary{color:var(--primary-color)}.text-red{--tw-text-opacity:1;color:rgb(252 90 90/var(--tw-text-opacity))}.text-textOnPrimary{color:var(--text-on-primary)}.text-white{--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}.opacity-40{opacity:.4}.row-up-left{align-content:flex-start;justify-content:flex-start}.row,.row-up-left{display:flex;flex-direction:row;flex-wrap:wrap}.row{align-content:center;align-items:center;justify-content:center}.column-left{align-items:flex-start;display:flex;flex-direction:column;justify-content:center}@media (min-width:1280px){.text-5xl{font-size:5.125rem;letter-spacing:-.125rem;line-height:100%}.text-4xl{font-size:3.5rem}.text-3xl,.text-4xl{letter-spacing:-.0625rem;line-height:100%}.text-3xl{font-size:3rem}.text-2xl{font-size:2rem}.text-2xl,.text-xl{line-height:120%}.text-xl{font-size:1.5rem}.text-lg{font-size:1.25rem}.text-base,.text-lg{line-height:120%}.text-base{font-size:1.125rem}.text-sm{font-size:1rem}.text-sm,.text-xs{line-height:120%}.text-xs{font-size:.875rem}}:root{--primary-color:#7d68f4;--primary-hover:#7e69f4;--text-on-primary:#fff}svg{transform:translate3d(var(--tw-translate-x),var(--tw-translate-y),0) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}*,:after,:before{text-underline-offset:4px}input[type=number],input[type=number]::-webkit-inner-spin-button,input[type=number]::-webkit-outer-spin-button{-webkit-appearance:none;-moz-appearance:textfield!important}.btn.is-loading{cursor:not-allowed;opacity:.4;pointer-events:none}.btn .btn-spinner,.btn.is-loading .btn-label{opacity:0;visibility:hidden}.btn.is-loading .btn-spinner{opacity:1;visibility:visible}[class*=" uicon-"],[class^=uicon-]{letter-spacing:0;line-height:100%}.placeholder\\:text-gray-300::-moz-placeholder{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.placeholder\\:text-gray-300::placeholder{--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}.hover\\:bg-gray-100:hover{--tw-bg-opacity:1;background-color:rgb(248 249 251/var(--tw-bg-opacity))}.hover\\:bg-primaryHover:hover{background-color:var(--primary-hover)}.hover\\:text-primaryHover:hover{color:var(--primary-hover)}.hover\\:underline:hover{text-decoration-line:underline}.focus\\:outline-none:focus{outline:2px solid transparent;outline-offset:2px}.focus\\:ring:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(3px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\\:ring-2:focus,.focus\\:ring:focus{box-shadow:var(--tw-ring-offset-shadow),var(--tw-ring-shadow),var(--tw-shadow,0 0 #0000)}.focus\\:ring-2:focus{--tw-ring-offset-shadow:var(--tw-ring-inset) 0 0 0 var(--tw-ring-offset-width) var(--tw-ring-offset-color);--tw-ring-shadow:var(--tw-ring-inset) 0 0 0 calc(2px + var(--tw-ring-offset-width)) var(--tw-ring-color)}.focus\\:ring-primary:focus{--tw-ring-color:var(--primary-color)}.focus\\:ring-offset-2:focus{--tw-ring-offset-width:2px}:is(.dark .dark\\:border-gray-400){--tw-border-opacity:1;border-color:rgb(75 74 88/var(--tw-border-opacity))}:is(.dark .dark\\:border-gray-500){--tw-border-opacity:1;border-color:rgb(59 57 70/var(--tw-border-opacity))}:is(.dark .dark\\:border-gray-600){--tw-border-opacity:1;border-color:rgb(40 40 52/var(--tw-border-opacity))}:is(.dark .dark\\:bg-black){--tw-bg-opacity:1;background-color:rgb(0 0 0/var(--tw-bg-opacity))}:is(.dark .dark\\:bg-gray-600){--tw-bg-opacity:1;background-color:rgb(40 40 52/var(--tw-bg-opacity))}:is(.dark .dark\\:bg-gray-800){--tw-bg-opacity:1;background-color:rgb(20 20 26/var(--tw-bg-opacity))}:is(.dark .dark\\:text-\\[\\#201a41\\]){--tw-text-opacity:1;color:rgb(32 26 65/var(--tw-text-opacity))}:is(.dark .dark\\:text-gray-300){--tw-text-opacity:1;color:rgb(136 134 159/var(--tw-text-opacity))}:is(.dark .dark\\:text-white){--tw-text-opacity:1;color:rgb(255 255 255/var(--tw-text-opacity))}:is(.dark .dark\\:hover\\:bg-black\\/90:hover){background-color:rgba(0,0,0,.9)}:is(.dark .dark\\:focus\\:ring-offset-gray-900:focus){--tw-ring-offset-color:#08080e}@media (min-width:640px){.sm\\:absolute{position:absolute}.sm\\:left-4{left:1rem}.sm\\:top-1\\/2{top:50%}.sm\\:mt-4{margin-top:1rem}.sm\\:inline{display:inline}.sm\\:h-6{height:1.5rem}.sm\\:min-h-\\[700px\\]{min-height:700px}.sm\\:w-6{width:1.5rem}.sm\\:w-\\[calc\\(100\\%-theme\\(space\\.16\\)-theme\\(space\\.16\\)\\)\\]{width:calc(100% - 8rem)}.sm\\:w-auto{width:auto}.sm\\:max-w-md{max-width:28rem}.sm\\:-translate-y-1\\/2{--tw-translate-y:-50%;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.sm\\:flex-col{flex-direction:column}.sm\\:justify-normal{justify-content:normal}.sm\\:space-x-0>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(0px*(1 - var(--tw-space-x-reverse)));margin-right:calc(0px*var(--tw-space-x-reverse))}.sm\\:space-y-4>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(1rem*var(--tw-space-y-reverse));margin-top:calc(1rem*(1 - var(--tw-space-y-reverse)))}.sm\\:bg-fixed{background-attachment:fixed}.sm\\:bg-left-top{background-position:0 0}.sm\\:px-10{padding-left:2.5rem;padding-right:2.5rem}.sm\\:px-14{padding-left:3.5rem;padding-right:3.5rem}.sm\\:py-14{padding-bottom:3.5rem;padding-top:3.5rem}.sm\\:py-4{padding-bottom:1rem;padding-top:1rem}.sm\\:pt-16{padding-top:4rem}.sm\\:text-2xl{font-size:1.5rem;line-height:120%}.sm\\:text-base{font-size:1rem;line-height:120%}}@media (min-width:1280px){.md\\:min-w-\\[448px\\]{min-width:448px}.md\\:text-3xl{font-size:2rem;line-height:120%}.md\\:text-base{font-size:1rem;line-height:120%}.md\\:text-sm{font-size:.875rem;line-height:120%}.md\\:text-xs{font-size:.75rem;line-height:135%}}@media (max-height:900px) and (min-width:640px){.short\\:static{position:static}.short\\:left-auto{left:auto}.short\\:top-auto{top:auto}.short\\:hidden{display:none}.short\\:h-5{height:1.25rem}.short\\:min-h-\\[558px\\]{min-height:558px}.short\\:w-5{width:1.25rem}.short\\:translate-y-0{--tw-translate-y:0px;transform:translate(var(--tw-translate-x),var(--tw-translate-y)) rotate(var(--tw-rotate)) skewX(var(--tw-skew-x)) skewY(var(--tw-skew-y)) scaleX(var(--tw-scale-x)) scaleY(var(--tw-scale-y))}.short\\:flex-row{flex-direction:row}.short\\:space-x-4>:not([hidden])~:not([hidden]){--tw-space-x-reverse:0;margin-left:calc(1rem*(1 - var(--tw-space-x-reverse)));margin-right:calc(1rem*var(--tw-space-x-reverse))}.short\\:space-y-0>:not([hidden])~:not([hidden]){--tw-space-y-reverse:0;margin-bottom:calc(0px*var(--tw-space-y-reverse));margin-top:calc(0px*(1 - var(--tw-space-y-reverse)))}.short\\:px-0{padding-left:0;padding-right:0}.short\\:py-3{padding-bottom:.75rem;padding-top:.75rem}.short\\:text-xl{font-size:1.25rem;line-height:120%}}`;function mx(){if(typeof document<"u"){const t=document.createElement("style");t.innerHTML=bd,t.setAttribute("data-authhero-tailwind",""),document.head.appendChild(t)}}function _x(t){const e=new o.OpenAPIHono;e.use(sd).use(async(r,i)=>(r.env.data=ro(r,t.dataAdapter),i())),e.get("/css/tailwind.css",async r=>{const i=bd;return r.text(i,200,{"content-type":"text/css; charset=utf-8"})});const n=e.route("/info",fx).route("/check-account",dx).route("/login/identifier",B1).route("/enter-code",sx).route("/enter-password",ox).route("/invalid-session",px).route("/pre-signup",ux).route("/pre-signup-sent",gx).route("/reset-password",cx).route("/forgot-password",lx).route("/validate-email",hx).route("/signup",ax);return n.doc("/u/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Universal login"}}),n}const yx="Account detected",wx="We have detected that you have already created an account through",vx="By signing in, you agree to our",bx="and",xx="Callback URL mismatch",kx="The provided redirect_uri is not in the list of allowed callback URLs.",Sx="continue with user",Ax="Please click the button to create a new password account.",zx="Enter the code at {{vendorName}} to complete the login",Ex="Welcome to {{vendorName}}! {{code}} is the login code",Ix="Welcome to {{vendorName}}! {{code}} is the login code",Cx="The code is valid for 30 minutes",Nx="Confirm password",jx="Need Help?",$x="Contact us",Ox="or continue with social account",Tx="Continue with {{provider}}",Px="Would you like to continue with your existing account?",Bx="Copyright © 2023 SESAMY. All rights reserved.",Rx="©2023 Sesamy",Lx="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",Ux="Please enter a valid email address.",Vx="The passwords didn't match. Try again.",qx="Choose password",Mx="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",Dx="Create new account",Hx="Sign up with password",Fx="You are currently logged in as <0>{{email}}</0>",Kx="Email",Wx="Email address",Gx="Your email address has been validated",Jx="Now enter your password to login again",Zx="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",Yx="Email verification sent",Xx="Enter a code",Qx="We'll send you a verification link to ensure you own this email address.",ek="Enter new password",tk="Enter password",nk="Enter your email address and password to login.",rk="Enter your password",ik="The magic link has expired. Please click on the button below to receive a new link in your inbox.",sk="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",ok="Send password reset email",ak="Click the button below and we’ll send instructions on how to reset your password.",ck="Password reset email sent",lk="Forgot password?",dk="Forgot password?",uk="Go back",pk="Invalid password",fk=`The link is no longer valid.
 Please make sure to open the login link in the same browser you started the login with.
@@ -247,4 +247,4 @@ Kliknutím na odkaz níže můžete zahájit nové přihlášení.`,dC="Neplatn
 Varmista, että avaat kirjautumislinkin samalla selaimella, jolla aloitit kirjautumisen.
-Voit aloittaa uuden kirjautumisen klikkaamalla alla olevaa linkkiä.`,vj="Virheellinen linkki",bj="Kirjaudu sisään napsauttamalla painiketta",xj="Kirjaudu sisään",kj="Tai kirjoita koodi osoitteessa {{vendorName}} kirjautumisen loppuun saattamiseksi.",Sj="Kirjoita sähköpostiosoitteesi avataksesi tämän ohjelman osoitteessa {{service}}",Aj="Yhdistä tilisi {{service}}",zj="Olet kirjautunut sisään nimellä",Ej="Kirjaudu sisään",Ij="Kirjoita sähköpostiosoitteesi kirjautuaksesi sisään.",Cj="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumiskoodin.",Nj="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumislinkin.",jj="Kirjaudu ulos",$j="Ei, haluan käyttää toista tiliä",Oj="tai",Tj="Salasana",Pj="Salasana on nollattu",Bj="Menestys",Rj="Vaihda salasana tilillesi {{vendorName}} ",Lj="Vaihda salasana tilillesi {{vendorName}} ",Uj="Tietosuojakäytäntö",Vj="Uudelleenohjaus",qj="Vahvista salasana",Mj="Rekisteröi uusi salasana",Dj="Lähetä koodi uudelleen",Hj="Vaihda salasana",Fj="Kirjoita alla oleva uusi salasanasi sähköpostitiliä varten: ",Kj="Napsauta painiketta salasanasi palauttamiseksi",Wj="Napsauta painiketta salasanasi palauttamiseksi",Gj="Nollaa salasanasi",Jj="Vaihda salasana tilillesi {{vendorName}} ",Zj="Nollaa salasana",Yj="Lähetä",Xj="Lähetä minulle uusi maaginen linkki",Qj="Muista tarkistaa roskapostikansiosi, jos sähköposti ei ole saapunut.",e$="Aseta salasana",t$="Kirjaudu sisään",n$="Rekisteröityminen",r$="Rekisteröidy onnistuneesti",i$="{{code}} on kirjautumiskoodisi {{vendorName}}",s$="Näyttää siltä, että Spotify-tilisi on tällä hetkellä yhdistetty toiseen Sesamy-tiliin. Mutta älä pelkää, me opastamme sinua prosessin läpi, jotta saat tämän korjattua.",o$="Siirry Spotifyn Content Access -sivulle",a$='Aloitetaan poistamalla Spotify-tilisi linkitys. Klikkaa alla olevaa painiketta siirtyäksesi Spotifyn Content Access -sivulle. Kun olet kirjautunut sisään Spotify-tilillesi, etsi Sesamy yhdistettyjen alustojen luettelosta. Napsauta "Unlink" Sesamyn logon vieressä.',c$="Vaihe 1: Poista Spotify-tilisi linkitys",l$="Kun olet onnistuneesti irrottanut Spotify-tilisi, voit yhdistää sen uudelleen Sesamyn kanssa. Toista vain aiemmin tekemäsi vaiheet, jotka johtivat sinut tälle sivulle.",d$="Vaihe 2: Yhdistä Spotify-tilisi uudelleen Sesamyn kanssa",u$="Hups! Spotify-tilisi on jo linkitetty",p$="Jos sinulla on kysyttävää tai tarvitset apua, voit ottaa yhteyttä tukitiimiimme.",f$="Ehdot ja edellytykset",h$="Sähköpostiosoitteesi on vahvistettava. Olemme lähettäneet uuden sähköpostiviestin sähköpostiisi.",g$="Käyttäjätiliä ei ole olemassa",m$="Käyttäjätiliä ei ole olemassa",_$="Emme löytäneet käyttäjää, jolla on annettu sähköpostiosoite. Yritä uudelleen.",y$="Yritä uudelleen.",w$="Validoi koodi",v$="Tarkista sähköpostin vahvistusohjeet postilaatikostasi.",b$="Rekisteröitynyt",x$="Vahvista sähköpostiosoitteesi napsauttamalla painiketta",k$="Vahvista sähköpostiosoitteesi",S$="Vahvista sähköpostiosoitteesi",A$="Vahvista tili",z$="Vahvista sähköpostiosoitteesi",E$="Tarkista sähköpostisi osoitteesta <0>{{email}}</0> ja syötä lähettämämme kuusinumeroinen koodi.",I$="Tervetuloa",C$="Tervetuloa tilillesi {{vendorName}}!",N$="Jatka tällä tilillä",j$="Kyllä, jatka {{text}}",$$="Kyllä, jatka olemassa olevalla tilillä",O$={"Server error: Invalid code":"Virheellinen koodi","Wrong email or verification code":{"":"Väärä sähköpostiosoite tai vahvistuskoodi."},account_detected:SN,account_with_sso_provider:AN,agree_to:zN,and:EN,callback_url_mismatch:IN,callback_url_not_allowed:CN,check_email_title:NN,click_to_sign_up_description:jN,code_email_enter_code:$N,code_email_subject:ON,code_email_title:TN,code_valid_30_minutes:PN,confirm_password:BN,contact_support:RN,contact_us:LN,continue:"Jatka",continue_social_login:UN,continue_with:VN,continue_with_sso_provider_headline:qN,copyright:MN,copyright_sesamy:DN,create_account_description:HN,create_account_email_invalid:FN,create_account_passwords_didnt_match:KN,create_account_title:WN,create_account_weak_password:GN,create_new_account_link:JN,create_password_account_title:ZN,currently_logged_in_as:YN,email:XN,email_placeholder:QN,email_validated:ej,email_validated_cta:tj,email_verification_for_signup_sent_description:nj,email_verification_for_signup_sent_title:rj,enter_a_code_btn:ij,enter_email_for_verification_description:sj,enter_new_password_placeholder:oj,enter_password:aj,enter_password_description:cj,enter_your_password_btn:lj,expired_code:dj,fokus_info_message:uj,forgot_password_cta:pj,forgot_password_description:fj,forgot_password_email_sent:hj,forgot_password_link:gj,forgot_password_title:mj,go_back:_j,"invalid-email":"Virheellinen sähköpostiosoite",invalid_password:yj,invalid_session_body:wj,invalid_session_title:vj,link_email_click_to_login:bj,link_email_login:xj,link_email_or_enter_code:kj,link_page_body:Sj,link_page_headline:Aj,logged_in_as:zj,login:Ej,login_description:Ij,login_description_code:Cj,login_description_link:Nj,logout:jj,no_use_another:$j,or:Oj,password:Tj,password_has_been_reset:Pj,password_has_been_reset_title:Bj,password_reset_subject:Rj,password_reset_title:Lj,privacy_policy:Uj,redirecting:Vj,reenter_new_password_placeholder:qj,register_password_account:Mj,resend_code:Dj,reset_password_cta:Hj,reset_password_description:Fj,reset_password_email_click_to_reset:Kj,reset_password_email_cta:Wj,reset_password_email_reset:Gj,reset_password_subject:Jj,reset_password_title:Zj,send:Yj,send_me_a_new_magic_link:Xj,sent_code_spam:Qj,set_password:e$,sign_in:t$,signup:n$,signup_success:r$,sms_code_text:i$,spotify_already_linked_body:s$,spotify_already_linked_cta:o$,spotify_already_linked_step1_body:a$,spotify_already_linked_step1_title:c$,spotify_already_linked_step2_body:l$,spotify_already_linked_step2_title:d$,spotify_already_linked_title:u$,support_info:p$,terms:f$,unverified_email:h$,user_account_does_not_exist:g$,user_not_found:m$,user_not_found_body:_$,user_not_found_cta:y$,validate_code:w$,validate_email_body:v$,validate_email_title:b$,verify_email_click_to_verify:x$,verify_email_subject:k$,verify_email_title:S$,verify_email_verify:A$,verify_your_email:z$,we_sent_a_code_to:E$,welcome:I$,welcome_to_your_account:C$,yes_continue:N$,yes_continue_with:j$,yes_continue_with_existing_account:$$},T$=t=>{const{vendorSettings:e,authParams:n}=t,i=`/authorize?${new URLSearchParams({...n})}`;return y(Ue,{vendorSettings:e,title:B.t("user_not_found"),children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:B.t("user_not_found_body")}),y(Ze,{Component:"a",href:i,children:B.t("user_not_found_cta")})]})})};B.init({supportedLngs:["en","it","nb","sv","pl","cs","fi"],fallbackLng:"en",resources:{en:{translation:E2},it:{translation:RA},nb:{translation:Wz},sv:{translation:rI},pl:{translation:f5},cs:{translation:kN},fi:{translation:O$}}});function P$(t){const e=new o.OpenAPIHono;e.get("/",s=>s.json({name:"authhero"}));const n=Jv(t);e.route("/api/v2",n);const r=o1(t);e.route("/",r);const i=_x(t);return e.route("/u",i),{app:e,managementApp:n,oauthApp:r,universalApp:i,createX509Certificate:Yc}}exports.AppLogo=lm;exports.Auth0Client=yf;exports.AuthorizationResponseMode=Rt;exports.AuthorizationResponseType=It;exports.Button=Ze;exports.CheckEmailPage=zm;exports.CodeChallengeMethod=Ys;exports.EmailValidatedPage=Cm;exports.EnterCodePage=rl;exports.EnterEmailPage=el;exports.EnterPasswordPage=Yi;exports.ErrorMessage=Un;exports.Footer=dm;exports.ForgotPasswordPage=Sm;exports.ForgotPasswordSentPage=Am;exports.Form=Wt;exports.GoBack=yt;exports.GoogleLogo=fm;exports.GrantType=Wn;exports.Icon=Ge;exports.InvalidSession=Im;exports.Layout=Ue;exports.LogTypes=he;exports.Message=ea;exports.PreSignUpConfirmationPage=Nm;exports.PreSignUpPage=Em;exports.ResetPasswordPage=Fn;exports.SignUpPage=Hn;exports.SocialButton=$r;exports.Spinner=pm;exports.Trans=Qo;exports.UnverifiedEmailPage=km;exports.UserNotFoundPage=T$;exports.VippsLogo=hm;exports.applicationInsertSchema=rs;exports.applicationSchema=mn;exports.auth0UserResponseSchema=St;exports.authParamsSchema=Mr;exports.baseUserSchema=Zs;exports.bordersSchema=kf;exports.brandingSchema=Ea;exports.codeInsertSchema=hf;exports.codeSchema=p0;exports.codeTypeSchema=ff;exports.colorsSchema=Sf;exports.connectionInsertSchema=is;exports.connectionSchema=Jt;exports.customDomainInsertSchema=sl;exports.customDomainSchema=Gt;exports.customDomainWithTenantIdSchema=f0;exports.emailProviderSchema=Ui;exports.fontDetailsSchema=hn;exports.fontsSchema=Af;exports.hookInsertSchema=os;exports.hookSchema=Kn;exports.identitySchema=df;exports.init=P$;exports.injectTailwindCSS=mx;exports.jwksKeySchema=mf;exports.jwksSchema=ol;exports.logSchema=as;exports.loginSessionInsertSchema=_f;exports.loginSessionSchema=h0;exports.openIDConfigurationSchema=Ia;exports.pageBackgroundSchema=zf;exports.parseUserId=b0;exports.passwordInsertSchema=wf;exports.passwordSchema=m0;exports.profileDataSchema=lf;exports.promptSettingSchema=Li;exports.refreshTokenInsertSchema=al;exports.refreshTokenSchema=y0;exports.samlpAddon=uf;exports.sessionInsertSchema=bf;exports.sessionSchema=Xs;exports.signingKeySchema=Ca;exports.smsProviderSchema=v0;exports.smsSendParamsSchema=w0;exports.tailwindCss=bd;exports.tenantInsertSchema=ss;exports.tenantSchema=Jn;exports.themeInsertSchema=If;exports.themeSchema=_0;exports.tokenResponseSchema=xf;exports.totalsSchema=on;exports.userInsertSchema=ns;exports.userResponseSchema=l0;exports.userSchema=il;exports.vendorSettingsSchema=pf;exports.verificationMethodsSchema=gf;exports.widgetSchema=Ef;
+Voit aloittaa uuden kirjautumisen klikkaamalla alla olevaa linkkiä.`,vj="Virheellinen linkki",bj="Kirjaudu sisään napsauttamalla painiketta",xj="Kirjaudu sisään",kj="Tai kirjoita koodi osoitteessa {{vendorName}} kirjautumisen loppuun saattamiseksi.",Sj="Kirjoita sähköpostiosoitteesi avataksesi tämän ohjelman osoitteessa {{service}}",Aj="Yhdistä tilisi {{service}}",zj="Olet kirjautunut sisään nimellä",Ej="Kirjaudu sisään",Ij="Kirjoita sähköpostiosoitteesi kirjautuaksesi sisään.",Cj="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumiskoodin.",Nj="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumislinkin.",jj="Kirjaudu ulos",$j="Ei, haluan käyttää toista tiliä",Oj="tai",Tj="Salasana",Pj="Salasana on nollattu",Bj="Menestys",Rj="Vaihda salasana tilillesi {{vendorName}} ",Lj="Vaihda salasana tilillesi {{vendorName}} ",Uj="Tietosuojakäytäntö",Vj="Uudelleenohjaus",qj="Vahvista salasana",Mj="Rekisteröi uusi salasana",Dj="Lähetä koodi uudelleen",Hj="Vaihda salasana",Fj="Kirjoita alla oleva uusi salasanasi sähköpostitiliä varten: ",Kj="Napsauta painiketta salasanasi palauttamiseksi",Wj="Napsauta painiketta salasanasi palauttamiseksi",Gj="Nollaa salasanasi",Jj="Vaihda salasana tilillesi {{vendorName}} ",Zj="Nollaa salasana",Yj="Lähetä",Xj="Lähetä minulle uusi maaginen linkki",Qj="Muista tarkistaa roskapostikansiosi, jos sähköposti ei ole saapunut.",e$="Aseta salasana",t$="Kirjaudu sisään",n$="Rekisteröityminen",r$="Rekisteröidy onnistuneesti",i$="{{code}} on kirjautumiskoodisi {{vendorName}}",s$="Näyttää siltä, että Spotify-tilisi on tällä hetkellä yhdistetty toiseen Sesamy-tiliin. Mutta älä pelkää, me opastamme sinua prosessin läpi, jotta saat tämän korjattua.",o$="Siirry Spotifyn Content Access -sivulle",a$='Aloitetaan poistamalla Spotify-tilisi linkitys. Klikkaa alla olevaa painiketta siirtyäksesi Spotifyn Content Access -sivulle. Kun olet kirjautunut sisään Spotify-tilillesi, etsi Sesamy yhdistettyjen alustojen luettelosta. Napsauta "Unlink" Sesamyn logon vieressä.',c$="Vaihe 1: Poista Spotify-tilisi linkitys",l$="Kun olet onnistuneesti irrottanut Spotify-tilisi, voit yhdistää sen uudelleen Sesamyn kanssa. Toista vain aiemmin tekemäsi vaiheet, jotka johtivat sinut tälle sivulle.",d$="Vaihe 2: Yhdistä Spotify-tilisi uudelleen Sesamyn kanssa",u$="Hups! Spotify-tilisi on jo linkitetty",p$="Jos sinulla on kysyttävää tai tarvitset apua, voit ottaa yhteyttä tukitiimiimme.",f$="Ehdot ja edellytykset",h$="Sähköpostiosoitteesi on vahvistettava. Olemme lähettäneet uuden sähköpostiviestin sähköpostiisi.",g$="Käyttäjätiliä ei ole olemassa",m$="Käyttäjätiliä ei ole olemassa",_$="Emme löytäneet käyttäjää, jolla on annettu sähköpostiosoite. Yritä uudelleen.",y$="Yritä uudelleen.",w$="Validoi koodi",v$="Tarkista sähköpostin vahvistusohjeet postilaatikostasi.",b$="Rekisteröitynyt",x$="Vahvista sähköpostiosoitteesi napsauttamalla painiketta",k$="Vahvista sähköpostiosoitteesi",S$="Vahvista sähköpostiosoitteesi",A$="Vahvista tili",z$="Vahvista sähköpostiosoitteesi",E$="Tarkista sähköpostisi osoitteesta <0>{{email}}</0> ja syötä lähettämämme kuusinumeroinen koodi.",I$="Tervetuloa",C$="Tervetuloa tilillesi {{vendorName}}!",N$="Jatka tällä tilillä",j$="Kyllä, jatka {{text}}",$$="Kyllä, jatka olemassa olevalla tilillä",O$={"Server error: Invalid code":"Virheellinen koodi","Wrong email or verification code":{"":"Väärä sähköpostiosoite tai vahvistuskoodi."},account_detected:SN,account_with_sso_provider:AN,agree_to:zN,and:EN,callback_url_mismatch:IN,callback_url_not_allowed:CN,check_email_title:NN,click_to_sign_up_description:jN,code_email_enter_code:$N,code_email_subject:ON,code_email_title:TN,code_valid_30_minutes:PN,confirm_password:BN,contact_support:RN,contact_us:LN,continue:"Jatka",continue_social_login:UN,continue_with:VN,continue_with_sso_provider_headline:qN,copyright:MN,copyright_sesamy:DN,create_account_description:HN,create_account_email_invalid:FN,create_account_passwords_didnt_match:KN,create_account_title:WN,create_account_weak_password:GN,create_new_account_link:JN,create_password_account_title:ZN,currently_logged_in_as:YN,email:XN,email_placeholder:QN,email_validated:ej,email_validated_cta:tj,email_verification_for_signup_sent_description:nj,email_verification_for_signup_sent_title:rj,enter_a_code_btn:ij,enter_email_for_verification_description:sj,enter_new_password_placeholder:oj,enter_password:aj,enter_password_description:cj,enter_your_password_btn:lj,expired_code:dj,fokus_info_message:uj,forgot_password_cta:pj,forgot_password_description:fj,forgot_password_email_sent:hj,forgot_password_link:gj,forgot_password_title:mj,go_back:_j,"invalid-email":"Virheellinen sähköpostiosoite",invalid_password:yj,invalid_session_body:wj,invalid_session_title:vj,link_email_click_to_login:bj,link_email_login:xj,link_email_or_enter_code:kj,link_page_body:Sj,link_page_headline:Aj,logged_in_as:zj,login:Ej,login_description:Ij,login_description_code:Cj,login_description_link:Nj,logout:jj,no_use_another:$j,or:Oj,password:Tj,password_has_been_reset:Pj,password_has_been_reset_title:Bj,password_reset_subject:Rj,password_reset_title:Lj,privacy_policy:Uj,redirecting:Vj,reenter_new_password_placeholder:qj,register_password_account:Mj,resend_code:Dj,reset_password_cta:Hj,reset_password_description:Fj,reset_password_email_click_to_reset:Kj,reset_password_email_cta:Wj,reset_password_email_reset:Gj,reset_password_subject:Jj,reset_password_title:Zj,send:Yj,send_me_a_new_magic_link:Xj,sent_code_spam:Qj,set_password:e$,sign_in:t$,signup:n$,signup_success:r$,sms_code_text:i$,spotify_already_linked_body:s$,spotify_already_linked_cta:o$,spotify_already_linked_step1_body:a$,spotify_already_linked_step1_title:c$,spotify_already_linked_step2_body:l$,spotify_already_linked_step2_title:d$,spotify_already_linked_title:u$,support_info:p$,terms:f$,unverified_email:h$,user_account_does_not_exist:g$,user_not_found:m$,user_not_found_body:_$,user_not_found_cta:y$,validate_code:w$,validate_email_body:v$,validate_email_title:b$,verify_email_click_to_verify:x$,verify_email_subject:k$,verify_email_title:S$,verify_email_verify:A$,verify_your_email:z$,we_sent_a_code_to:E$,welcome:I$,welcome_to_your_account:C$,yes_continue:N$,yes_continue_with:j$,yes_continue_with_existing_account:$$},T$=t=>{const{vendorSettings:e,authParams:n}=t,i=`/authorize?${new URLSearchParams({...n})}`;return y(Ue,{vendorSettings:e,title:B.t("user_not_found"),children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:B.t("user_not_found_body")}),y(Ze,{Component:"a",href:i,children:B.t("user_not_found_cta")})]})})};B.init({supportedLngs:["en","it","nb","sv","pl","cs","fi"],fallbackLng:"en",resources:{en:{translation:E2},it:{translation:RA},nb:{translation:Wz},sv:{translation:rI},pl:{translation:f5},cs:{translation:kN},fi:{translation:O$}}});function P$(t){const e=new o.OpenAPIHono;e.get("/",s=>s.json({name:"authhero"}));const n=Jv(t);e.route("/api/v2",n);const r=o1(t);e.route("/",r);const i=_x(t);return e.route("/u",i),{app:e,managementApp:n,oauthApp:r,universalApp:i,createX509Certificate:Yc}}exports.AppLogo=lm;exports.Auth0Client=yf;exports.AuthorizationResponseMode=Rt;exports.AuthorizationResponseType=It;exports.Button=Ze;exports.CheckEmailPage=zm;exports.CodeChallengeMethod=Ys;exports.EmailValidatedPage=Cm;exports.EnterCodePage=rl;exports.EnterPasswordPage=Yi;exports.ErrorMessage=Un;exports.Footer=dm;exports.ForgotPasswordPage=Sm;exports.ForgotPasswordSentPage=Am;exports.Form=Wt;exports.GoBack=yt;exports.GoogleLogo=fm;exports.GrantType=Wn;exports.Icon=Ge;exports.IdentifierPage=el;exports.InvalidSession=Im;exports.Layout=Ue;exports.LogTypes=he;exports.Message=ea;exports.PreSignUpConfirmationPage=Nm;exports.PreSignUpPage=Em;exports.ResetPasswordPage=Fn;exports.SignUpPage=Hn;exports.SocialButton=$r;exports.Spinner=pm;exports.Trans=Qo;exports.UnverifiedEmailPage=km;exports.UserNotFoundPage=T$;exports.VippsLogo=hm;exports.applicationInsertSchema=rs;exports.applicationSchema=mn;exports.auth0UserResponseSchema=St;exports.authParamsSchema=Mr;exports.baseUserSchema=Zs;exports.bordersSchema=kf;exports.brandingSchema=Ea;exports.codeInsertSchema=hf;exports.codeSchema=p0;exports.codeTypeSchema=ff;exports.colorsSchema=Sf;exports.connectionInsertSchema=is;exports.connectionSchema=Jt;exports.customDomainInsertSchema=sl;exports.customDomainSchema=Gt;exports.customDomainWithTenantIdSchema=f0;exports.emailProviderSchema=Ui;exports.fontDetailsSchema=hn;exports.fontsSchema=Af;exports.hookInsertSchema=os;exports.hookSchema=Kn;exports.identitySchema=df;exports.init=P$;exports.injectTailwindCSS=mx;exports.jwksKeySchema=mf;exports.jwksSchema=ol;exports.logSchema=as;exports.loginSessionInsertSchema=_f;exports.loginSessionSchema=h0;exports.openIDConfigurationSchema=Ia;exports.pageBackgroundSchema=zf;exports.parseUserId=b0;exports.passwordInsertSchema=wf;exports.passwordSchema=m0;exports.profileDataSchema=lf;exports.promptSettingSchema=Li;exports.refreshTokenInsertSchema=al;exports.refreshTokenSchema=y0;exports.samlpAddon=uf;exports.sessionInsertSchema=bf;exports.sessionSchema=Xs;exports.signingKeySchema=Ca;exports.smsProviderSchema=v0;exports.smsSendParamsSchema=w0;exports.tailwindCss=bd;exports.tenantInsertSchema=ss;exports.tenantSchema=Jn;exports.themeInsertSchema=If;exports.themeSchema=_0;exports.tokenResponseSchema=xf;exports.totalsSchema=on;exports.userInsertSchema=ns;exports.userResponseSchema=l0;exports.userSchema=il;exports.vendorSettingsSchema=pf;exports.verificationMethodsSchema=gf;exports.widgetSchema=Ef;

package/dist/authhero.d.ts CHANGED Viewed

@@ -5139,7 +5139,7 @@ type Props$4 = {
 	client: Client;
 	impersonation?: boolean;
 };
-export declare const EnterEmailPage: FC<Props$4>;
+export declare const IdentifierPage: FC<Props$4>;
 type Props$5 = {
 	error?: string;
 	vendorSettings: VendorSettings;
@@ -8066,7 +8066,7 @@ export declare function init(config: AuthHeroConfig): {
 				status: 200;
 			};
 		};
-	}, "/enter-email"> & import("hono/types").MergeSchemaPath<{
+	}, "/login/identifier"> & import("hono/types").MergeSchemaPath<{
 		"/": {
 			$get: {
 				input: {

package/dist/authhero.mjs CHANGED Viewed

@@ -18522,7 +18522,7 @@ async function Tp(t, e, n, r, i, s) {
     error_code: i,
     state: c.authParams.state
   }), t.redirect(
-    `${lt(t.env)}enter-email?state=${c.id}&error=${n}`
+    `${lt(t.env)}login/identifier?state=${c.id}&error=${n}`
   );
 }
 const fb = new ae().openapi(
@@ -20083,7 +20083,7 @@ async function Bb({
       authParams: r
     }), t.redirect(`/u/enter-code?state=${o.id}`);
   }
-  return e ? t.redirect(`/u/check-account?state=${o.id}`) : t.redirect(`/u/enter-email?state=${o.id}`);
+  return e ? t.redirect(`/u/check-account?state=${o.id}`) : t.redirect(`/u/login/identifier?state=${o.id}`);
 }
 function Pb(t) {
   if (t === "Username-Password-Authentication")
@@ -21560,7 +21560,7 @@ const v1 = new ae().openapi(
   "a",
   {
     className: "block text-primary hover:text-primaryHover text-center",
-    href: `/u/enter-email?state=${t.state}`,
+    href: `/u/login/identifier?state=${t.state}`,
     children: R.t("go_back")
   }
 );
@@ -22403,7 +22403,7 @@ const pd = (t) => {
           "form",
           {
             method: "post",
-            action: `/u/enter-email?${s.toString()}`,
+            action: `/u/login/identifier?${s.toString()}`,
             children: [
               /* @__PURE__ */ y("input", { type: "hidden", name: "login_selection", value: "code" }),
               /* @__PURE__ */ y("input", { type: "hidden", name: "username", value: r }),
@@ -23106,7 +23106,7 @@ const pd = (t) => {
       "a",
       {
         className: "block text-center text-primary hover:text-primaryHover focus:outline-none focus:ring-2 focus:ring-primary focus:ring-offset-2 dark:focus:ring-offset-gray-900",
-        href: `/u/enter-email?state=${encodeURIComponent(e)}`,
+        href: `/u/login/identifier?state=${encodeURIComponent(e)}`,
         children: R.t("no_use_another")
       }
     )
@@ -23135,7 +23135,7 @@ const pd = (t) => {
       t.req.header("cookie")
     ), o = s ? await e.data.sessions.get(i.tenant.id, s) : null;
     if (!o)
-      return t.redirect(`/u/enter-email?state=${n}`);
+      return t.redirect(`/u/login/identifier?state=${n}`);
     const c = await e.data.users.get(
       i.tenant.id,
       o.user_id
@@ -23149,7 +23149,7 @@ const pd = (t) => {
           user: c
         }
       )
-    ) : t.redirect(`/u/enter-email?state=${n}`);
+    ) : t.redirect(`/u/login/identifier?state=${n}`);
   }
 ).openapi(
   U({
@@ -23175,7 +23175,7 @@ const pd = (t) => {
       t.req.header("cookie")
     ), o = s ? await e.data.sessions.get(i.tenant.id, s) : null;
     if (!o)
-      return t.redirect(`/u/enter-email?state=${n}`);
+      return t.redirect(`/u/login/identifier?state=${n}`);
     const c = await e.data.users.get(
       i.tenant.id,
       o.user_id
@@ -23185,7 +23185,7 @@ const pd = (t) => {
       authParams: r.authParams,
       client: i,
       loginSession: r
-    }) : t.redirect(`/u/enter-email?state=${n}`);
+    }) : t.redirect(`/u/login/identifier?state=${n}`);
   }
 ), Q1 = (t) => {
   const { vendorSettings: e, email: n, state: r } = t;
@@ -23544,7 +23544,7 @@ function cx(t) {
       "content-type": "text/css; charset=utf-8"
     });
   });
-  const n = e.route("/info", rx).route("/check-account", X1).route("/enter-email", v1).route("/enter-code", D1).route("/enter-password", H1).route("/invalid-session", nx).route("/pre-signup", ex).route("/pre-signup-sent", ax).route("/reset-password", W1).route("/forgot-password", Z1).route("/validate-email", sx).route("/signup", K1);
+  const n = e.route("/info", rx).route("/check-account", X1).route("/login/identifier", v1).route("/enter-code", D1).route("/enter-password", H1).route("/invalid-session", nx).route("/pre-signup", ex).route("/pre-signup-sent", ax).route("/reset-password", W1).route("/forgot-password", Z1).route("/validate-email", sx).route("/signup", K1);
   return n.doc("/u/spec", {
     openapi: "3.0.0",
     info: {
@@ -24499,7 +24499,6 @@ export {
   Yc as CodeChallengeMethod,
   ix as EmailValidatedPage,
   ef as EnterCodePage,
-  Fp as EnterEmailPage,
   ma as EnterPasswordPage,
   xr as ErrorMessage,
   a1 as Footer,
@@ -24510,6 +24509,7 @@ export {
   m1 as GoogleLogo,
   Or as GrantType,
   tt as Icon,
+  Fp as IdentifierPage,
   tx as InvalidSession,
   He as Layout,
   _e as LogTypes,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.113.0",
+  "version": "0.114.0",
   "files": [
     "dist"
   ],