npm - authhero - Versions diffs - 0.36.0 → 0.36.2 - Mend

authhero 0.36.0 → 0.36.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/authhero.cjs CHANGED Viewed

@@ -165,7 +165,7 @@ PERFORMANCE OF THIS SOFTWARE.
       <\/script>
   </body>
-  </html>`}async function Xx({ctx:t,client:e,session:a,redirect_uri:i,state:r,nonce:n,code_challenge_method:s,code_challenge:o,audience:l,scope:c}){const{env:d}=t,m=new URL(i);if(a){t.set("user_id",a.user_id);const v=new Headers,p=Fy(e.tenant.id,a.session_id);v.set("set-cookie",p);const b=await d.data.users.get(e.tenant.id,a.user_id);if(b){t.set("username",b.email),t.set("connection",b.connection);const k=await Kh(t,{client:e,authParams:{client_id:e.id,audience:l,code_challenge_method:s,code_challenge:o,scope:c,state:r,nonce:n,response_type:gi.TOKEN_ID_TOKEN},user:b,sid:a.session_id});await d.data.sessions.update(e.tenant.id,a.session_id,{used_at:new Date().toISOString()});const x=ia(t,{type:Ge.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});return await t.env.data.logs.create(e.tenant.id,x),t.html(yg(`${m.protocol}//${m.host}`,JSON.stringify(k)),{headers:v})}}const y=ia(t,{type:Ge.FAILED_SILENT_AUTH,description:"Login required"});return await t.env.data.logs.create(e.tenant.id,y),t.html(yg(`${m.protocol}//${m.host}`,JSON.stringify({error:"login_required",error_description:"Login required",state:r})))}var kg;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(kg||(kg={}));var vg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(vg||(vg={}));function Qx(t){return fk(t,ej,_s.Include)}function gk(t){return fk(t,aj,_s.None)}function fk(t,e,a){let i="";for(let r=0;r<t.byteLength;r+=3){let n=0,s=0;for(let o=0;o<3&&r+o<t.byteLength;o++)n=n<<8|t[r+o],s+=8;for(let o=0;o<4;o++)s>=6?(i+=e[n>>s-6&63],s-=6):s>0?(i+=e[n<<6-s&63],s=0):a===_s.Include&&(i+="=")}return i}const ej="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",aj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var _s;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(_s||(_s={}));var wg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(wg||(wg={}));class tj{uint8(e,a){if(e.byteLength<a+1)throw new TypeError("Insufficient bytes");return e[a]}uint16(e,a){if(e.byteLength<a+2)throw new TypeError("Insufficient bytes");return e[a]<<8|e[a+1]}uint32(e,a){if(e.byteLength<a+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=e[a+r]<<24-r*8;return i}uint64(e,a){if(e.byteLength<a+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(e[a+r])<<BigInt(56-r*8);return i}putUint8(e,a,i){if(e.length<i+1)throw new TypeError("Not enough space");if(a<0||a>255)throw new TypeError("Invalid uint8 value");e[i]=a}putUint16(e,a,i){if(e.length<i+2)throw new TypeError("Not enough space");if(a<0||a>65535)throw new TypeError("Invalid uint16 value");e[i]=a>>8,e[i+1]=a&255}putUint32(e,a,i){if(e.length<i+4)throw new TypeError("Not enough space");if(a<0||a>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)e[i+r]=a>>(3-r)*8&255}putUint64(e,a,i){if(e.length<i+8)throw new TypeError("Not enough space");if(a<0||a>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)e[i+r]=Number(a>>BigInt((7-r)*8)&0xffn)}}const _g=new tj;function ct(t,e){return(t<<32-e|t>>>e)>>>0}function ij(t){const e=new rj;return e.update(t),e.digest()}class rj{constructor(){M(this,"blockSize",64);M(this,"size",32);M(this,"blocks",new Uint8Array(64));M(this,"currentBlockSize",0);M(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));M(this,"l",0n);M(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let a=0;if(this.currentBlockSize>0){const i=e.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),a+=i.byteLength,this.currentBlockSize=0}for(;a+64<=e.byteLength;){const i=e.slice(a,a+64);this.blocks.set(i),this.process(),a+=64}if(e.byteLength-a>0){const i=e.slice(a);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),_g.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let a=0;a<8;a++)_g.putUint32(e,this.H[a],a*4);return e}process(){for(let c=0;c<16;c++)this.w[c]=(this.blocks[c*4]<<24|this.blocks[c*4+1]<<16|this.blocks[c*4+2]<<8|this.blocks[c*4+3])>>>0;for(let c=16;c<64;c++){const d=(ct(this.w[c-2],17)^ct(this.w[c-2],19)^this.w[c-2]>>>10)>>>0,m=(ct(this.w[c-15],7)^ct(this.w[c-15],18)^this.w[c-15]>>>3)>>>0;this.w[c]=d+this.w[c-7]+m+this.w[c-16]|0}let e=this.H[0],a=this.H[1],i=this.H[2],r=this.H[3],n=this.H[4],s=this.H[5],o=this.H[6],l=this.H[7];for(let c=0;c<64;c++){const d=(ct(n,6)^ct(n,11)^ct(n,25))>>>0,m=(n&s^~n&o)>>>0,y=l+d+m+nj[c]+this.w[c]|0,v=(ct(e,2)^ct(e,13)^ct(e,22))>>>0,p=(e&a^e&i^a&i)>>>0,b=v+p|0;l=o,o=s,s=n,n=r+y|0,r=i,i=a,a=e,e=y+b|0}this.H[0]=e+this.H[0]|0,this.H[1]=a+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=n+this.H[4]|0,this.H[5]=s+this.H[5]|0,this.H[6]=o+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const nj=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class sj{constructor(e){M(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function oj(t){const e=ij(new TextEncoder().encode(t));return gk(e)}function lj(){const t=new Uint8Array(32);return crypto.getRandomValues(t),gk(t)}function $n(t,e){const a=new TextEncoder().encode(e.toString()),i=new Request(t,{method:"POST",body:a});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",a.byteLength.toString()),i}function Yc(t,e){const a=new TextEncoder().encode(`${t}:${e}`);return Qx(a)}async function Sl(t){console.log("sendTokenRequest:"+t.url);let e;try{e=await fetch(t)}catch(i){throw new yk(i)}let a;try{a=await e.json()}catch{throw new Error("Failed to parse response body")}if(typeof a!="object"||a===null)throw new Error("Unexpected response body data");if("error"in a&&typeof a.error=="string")throw bk(a);return new sj(a)}async function cj(t){let e;try{e=await fetch(t)}catch(i){throw new yk(i)}if(e.ok)return;let a;try{a=await e.json()}catch{throw new Error("Failed to parse response body")}if(typeof a!="object"||a===null)throw new Error("Unexpected response body data");if("error"in a&&typeof a.error=="string")throw bk(a)}function bk(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let a=null,i=null,r=null;return"error_description"in t&&typeof t.error_description=="string"&&(a=t.error_description),"error_uri"in t&&typeof t.error_uri=="string"&&(i=t.error_uri),"state"in t&&typeof t.state=="string"&&(r=t.state),new dj(e,a,i,r)}class yk extends Error{constructor(e){super("Failed to send request",{cause:e})}}class dj extends Error{constructor(a,i,r,n){super(`OAuth request error: ${a}`);M(this,"code");M(this,"description");M(this,"uri");M(this,"state");this.code=a,this.description=i,this.uri=r,this.state=n}}class Gh{constructor(e,a,i){M(this,"clientId");M(this,"clientPassword");M(this,"redirectURI");this.clientId=e,this.clientPassword=a,this.redirectURI=i}createAuthorizationURL(e,a,i){const r=new URL(e);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",a),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(e,a,i,r,n){const s=new URL(e);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&s.searchParams.set("redirect_uri",this.redirectURI),s.searchParams.set("state",a),i===xs.S256){const o=oj(r);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",o)}else i===xs.Plain&&(s.searchParams.set("code_challenge_method","plain"),s.searchParams.set("code_challenge",r));return n.length>0&&s.searchParams.set("scope",n.join(" ")),s}async validateAuthorizationCode(e,a,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",a),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const n=$n(e,r);if(this.clientPassword!==null){const o=Yc(this.clientId,this.clientPassword);n.headers.set("Authorization",`Basic ${o}`)}return await Sl(n)}async refreshAccessToken(e,a,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",a),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const n=$n(e,r);if(this.clientPassword!==null){const o=Yc(this.clientId,this.clientPassword);n.headers.set("Authorization",`Basic ${o}`)}return await Sl(n)}async revokeToken(e,a){const i=new URLSearchParams;i.set("token",a),this.clientPassword===null&&i.set("client_id",this.clientId);const r=$n(e,i);if(this.clientPassword!==null){const n=Yc(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${n}`)}await cj(r)}}var xs;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(xs||(xs={}));var xg;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(xg||(xg={}));var jg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jg||(jg={}));function Tn(t){return uj(t,hj,Al.None)}function uj(t,e,a){let i="";for(let r=0;r<t.byteLength;r+=3){let n=0,s=0;for(let o=0;o<3&&r+o<t.byteLength;o++)n=n<<8|t[r+o],s+=8;for(let o=0;o<4;o++)s>=6?(i+=e[n>>s-6&63],s-=6):s>0?(i+=e[n<<6-s&63],s=0):a===Al.Include&&(i+="=")}return i}const hj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Al;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Al||(Al={}));var zg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(zg||(zg={}));function mj(t,e,a){const i=Tn(new TextEncoder().encode(t)),r=Tn(new TextEncoder().encode(e)),n=Tn(a);return i+"."+r+"."+n}function pj(t,e){const a=Tn(new TextEncoder().encode(t)),i=Tn(new TextEncoder().encode(e)),r=a+"."+i;return new TextEncoder().encode(r)}const gj="https://appleid.apple.com/auth/authorize",fj="https://appleid.apple.com/auth/token";class kk{constructor(e,a,i,r,n){M(this,"clientId");M(this,"teamId");M(this,"keyId");M(this,"pkcs8PrivateKey");M(this,"redirectURI");this.clientId=e,this.teamId=a,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=n}createAuthorizationURL(e,a){const i=new URL(gj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),i.searchParams.set("scope",a.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),a.set("redirect_uri",this.redirectURI),a.set("client_id",this.clientId);const i=await this.createClientSecret();a.set("client_secret",i);const r=$n(fj,a);return await Sl(r)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),a=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:a+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:a}),n=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,pj(i,r)));return mj(i,r,n)}}const bj="https://www.facebook.com/v16.0/dialog/oauth",yj="https://graph.facebook.com/v16.0/oauth/access_token";class vk{constructor(e,a,i){M(this,"clientId");M(this,"clientSecret");M(this,"redirectURI");this.clientId=e,this.clientSecret=a,this.redirectURI=i}createAuthorizationURL(e,a){const i=new URL(bj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),i.searchParams.set("scope",a.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),a.set("redirect_uri",this.redirectURI),a.set("client_id",this.clientId),a.set("client_secret",this.clientSecret);const i=$n(yj,a);return await Sl(i)}}const kj="https://accounts.google.com/o/oauth2/v2/auth",qg="https://oauth2.googleapis.com/token",vj="https://oauth2.googleapis.com/revoke";class wk{constructor(e,a,i){M(this,"client");this.client=new Gh(e,a,i)}createAuthorizationURL(e,a,i){return this.client.createAuthorizationURLWithPKCE(kj,e,xs.S256,a,i)}async validateAuthorizationCode(e,a){return await this.client.validateAuthorizationCode(qg,e,a)}async refreshAccessToken(e){return await this.client.refreshAccessToken(qg,e,[])}async revokeToken(e){await this.client.revokeToken(vj,e)}}const Ac=g.object({iss:g.string().url(),sub:g.string(),aud:g.string(),exp:g.number(),email:g.string().optional(),given_name:g.string().optional(),family_name:g.string().optional(),name:g.string().optional(),iat:g.number(),auth_time:g.number().optional(),nonce:g.string().optional(),acr:g.string().optional(),amr:g.array(g.string()).optional(),azp:g.string().optional(),at_hash:g.string().optional(),c_hash:g.string().optional()}).passthrough(),wj=Ac.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function _k(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const a=Buffer.from(e.app_secret,"utf-8"),i=a.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return a.fill(0),{options:e,keyArray:r}}async function _j(t,e){var l,c;const{options:a,keyArray:i}=_k(e),r=new kk(a.client_id,a.team_id,a.kid,i,`${t.env.ISSUER}callback`),n=rt(),s=await r.createAuthorizationURL(n,((l=a.scope)==null?void 0:l.split(" "))||["name","email"]);return(((c=a.scope)==null?void 0:c.split(" "))||["name","email"]).some(d=>["email","name"].includes(d))&&s.searchParams.set("response_mode","form_post"),{redirectUrl:s.href,code:n}}async function xj(t,e,a){const{options:i,keyArray:r}=_k(e),s=await new kk(i.client_id,i.team_id,i.kid,r,`${t.env.ISSUER}callback`).validateAuthorizationCode(a),o=Hh(s.idToken());if(!o)throw new Error("Invalid ID token");const l=Ac.parse(o.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const jj=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:_j,validateAuthorizationCodeAndGetUser:xj},Symbol.toStringTag,{value:"Module"}));async function zj(t,e){var s;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required authentication parameters");const i=new vk(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt();return{redirectUrl:i.createAuthorizationURL(r,((s=a.scope)==null?void 0:s.split(" "))||["email"]).href,code:r}}async function qj(t,e,a){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const n=await new vk(i.client_id,i.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode(a),s=Hh(n.idToken());if(!s)throw new Error("Invalid ID token");const o=Ac.parse(s.payload);return{sub:o.sub,email:o.email,given_name:o.given_name,family_name:o.family_name,name:o.name,picture:o.picture,locale:o.locale}}const Sj=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:zj,validateAuthorizationCodeAndGetUser:qj},Symbol.toStringTag,{value:"Module"}));async function Aj(t,e){var o;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required Google authentication parameters");const i=new wk(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt(),n=lj();return{redirectUrl:i.createAuthorizationURL(r,n,((o=a.scope)==null?void 0:o.split(" "))??["email","profile"]).href,code:r,codeVerifier:n}}async function Ej(t,e,a,i){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const s=await new wk(r.client_id,r.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode(a,i);console.log("got here");const o=Hh(s.idToken());if(!o)throw new Error("Invalid ID token");const l=Ac.parse(o.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Ij=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Aj,validateAuthorizationCodeAndGetUser:Ej},Symbol.toStringTag,{value:"Module"}));async function Oj(t,e){var s;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required authentication parameters");const i=new Gh(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt();return{redirectUrl:i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,((s=a.scope)==null?void 0:s.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]).href,code:r}}async function Cj(t,e,a){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const n=await new Gh(i.client_id,i.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",a,null),s=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${n.accessToken}`}}),o=wj.parse(await s.json());return{sub:o.sub,email:o.email,given_name:o.given_name,family_name:o.family_name,name:o.name,picture:o.picture,locale:o.locale}}const $j=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Oj,validateAuthorizationCodeAndGetUser:Cj},Symbol.toStringTag,{value:"Module"}));function xk(t,e){const a=t.env.STRATEGIES||{},r={apple:jj,facebook:Sj,"google-oauth2":Ij,vipps:$j,...a}[e];if(!r)throw new Error(`Strategy ${e} not found`);return r}async function jk(t,e){const a=await t.data.clients.get(e);if(!a)throw new P(403,{message:"Client not found"});const i=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,r=await t.data.connections.list(a.tenant.id,{include_totals:!1,page:0,per_page:100}),n=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID,{include_totals:!1,page:0,per_page:100}):{connections:[]},s=r.connections.map(o=>{var d;const l=(d=n.connections)==null?void 0:d.find(m=>m.name===o.name);return l!=null&&l.options?ai.parse({...l||{},...o,options:{...l.options||{},...o.options}}):o}).filter(o=>o);return{...a,web_origins:[...(i==null?void 0:i.web_origins)||[],...a.web_origins||[],`${t.ISSUER}u/login`],allowed_logout_urls:[...(i==null?void 0:i.allowed_logout_urls)||[],...a.allowed_logout_urls||[],t.ISSUER],callbacks:[...(i==null?void 0:i.callbacks)||[],...a.callbacks||[],`${t.ISSUER}u/info`],connections:s,domains:[...a.domains||[],...(i==null?void 0:i.domains)||[]],tenant:{...(i==null?void 0:i.tenant)||{},...a.tenant}}}function Tj(t){return async(e,a)=>{if(!a.email||!a.email_verified)return t.users.create(e,a);const i=await Wf({userAdapter:t.users,tenant_id:e,email:a.email});return i?(await t.users.create(e,{...a,linked_to:i.user_id}),i):t.users.create(e,a)}}async function zk(t,e,a){for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(a)})).ok){const n=ia(t,{type:Ge.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});await a.logs.create(t.var.tenant_id,n)}}function Nj(t,e){return async(a,i)=>{const{hooks:r}=await e.hooks.list(a,{q:"trigger_id:post-user-registration",page:0,per_page:100,include_totals:!1});return await zk(t,r,{tenant_id:a,user:i,trigger_id:"post-user-registration"}),i}}function Rj(t,e){return async(a,i)=>{const{hooks:r}=await e.hooks.list(a,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await zk(t,r,{tenant_id:a,email:i,trigger_id:"pre-user-signup"})}}function Pj(t,e){return async(a,i)=>{let r=await Tj(e)(a,i);return await Nj(t,e)(a,r),r}}async function Bj(t,e,a,i){if(e.disable_sign_ups&&!await Wf({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:i})){const n=ia(t,{type:Ge.FAILED_SIGNUP,description:"Public signup is disabled"});throw await t.env.data.logs.create(e.tenant.id,n),new P(400,{message:"Signups are disabled for this client"})}await Rj(t,a)(t.var.tenant_id||"",i)}function Uj(t,e){return{...e,users:{...e.users,create:Pj(t,e)}}}async function Lj(t,e,a,i){if(!i.state)throw new P(400,{message:"State not found"});const r=e.connections.find(l=>l.name===a);if(!r){t.set("client_id",e.id);const l=ia(t,{type:Ge.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new P(403,{message:"Connection Not Found"})}let n=await t.env.data.logins.get(e.tenant.id,i.state);n||(n=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+ql*1e3).toISOString(),authParams:i,...Fr(t.req)}));const o=await xk(t,r.strategy).getRedirect(t,r);return await t.env.data.codes.create(e.tenant.id,{login_id:n.login_id,code_id:o.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:o.codeVerifier,expires_at:new Date(Date.now()+gx*1e3).toISOString()}),t.redirect(o.redirectUrl)}async function Sg(t,{code:e,state:a}){var p;const{env:i}=t,r=await i.data.codes.get(t.var.tenant_id||"",a,"oauth2_state");if(!r||!r.connection_id)throw new P(403,{message:"State not found"});const n=await i.data.logins.get(t.var.tenant_id||"",r.login_id);if(!n)throw new P(403,{message:"Session not found"});const s=await jk(i,n.authParams.client_id);t.set("client_id",s.id),t.set("tenant_id",s.tenant.id);const o=s.connections.find(b=>b.id===r.connection_id);if(!o){const b=ia(t,{type:Ge.FAILED_LOGIN,description:"Connection not found"});throw await i.data.logs.create(s.tenant.id,b),new P(403,{message:"Connection not found"})}if(t.set("connection",o.name),!n.authParams.redirect_uri){const b=ia(t,{type:Ge.FAILED_LOGIN,description:"Redirect URI not defined"});throw await i.data.logs.create(s.tenant.id,b),new P(403,{message:"Redirect URI not defined"})}if(!qc(n.authParams.redirect_uri,s.callbacks||[])){const b=`Invalid redirect URI - ${n.authParams.redirect_uri}`,k=ia(t,{type:Ge.FAILED_LOGIN,description:b});throw await i.data.logs.create(s.tenant.id,k),new P(403,{message:b})}const c=await xk(t,o.strategy).validateAuthorizationCodeAndGetUser(t,o,e,r.code_verifier),{sub:d,...m}=c;t.set("user_id",d);const y=((p=c.email)==null?void 0:p.toLocaleLowerCase())||`${o.name}.${d}@${new URL(t.env.ISSUER).hostname}`;t.set("username",y);let v=await Rl({userAdapter:i.data.users,tenant_id:s.tenant.id,email:y,provider:o.name});if(!v){try{await Bj(t,s,t.env.data,y)}catch(b){const k=b;throw new P(500,{message:`Failed to run preUserSignupHook: ${k.message}`})}v=await i.data.users.create(s.tenant.id,{user_id:`${o.name}|${d}`,email:y,name:y,provider:o.name,connection:o.name,email_verified:!0,last_ip:"",is_social:!0,last_login:new Date().toISOString(),profileData:JSON.stringify(m)}),t.set("user_id",v.user_id)}return Js(t,{client:s,authParams:n.authParams,loginSession:n,user:v})}const Dj=new We().openapi(he({tags:["oauth"],method:"get",path:"/",request:{query:g.object({client_id:g.string(),vendor_id:g.string().optional(),redirect_uri:g.string(),scope:g.string().optional(),state:g.string(),prompt:g.string().optional(),response_mode:g.nativeEnum(Gr).optional(),response_type:g.nativeEnum(gi).optional(),audience:g.string().optional(),connection:g.string().optional(),nonce:g.string().optional(),max_age:g.string().optional(),login_ticket:g.string().optional(),code_challenge_method:g.nativeEnum(Nl).optional(),code_challenge:g.string().optional(),realm:g.string().optional(),auth0Client:g.string().optional(),login_hint:g.string().optional(),ui_locales:g.string().optional()})},responses:{200:{description:"Silent authentication page"},302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{env:e}=t,{client_id:a,vendor_id:i,redirect_uri:r,scope:n,state:s,audience:o,nonce:l,connection:c,response_type:d,code_challenge:m,code_challenge_method:y,prompt:v,login_ticket:p,realm:b,auth0Client:k,login_hint:x,ui_locales:C}=t.req.valid("query"),I=await jk(e,a);t.set("client_id",I.id);const U={redirect_uri:r,scope:n,state:s,client_id:a,vendor_id:i,audience:o,nonce:l,prompt:v,response_type:d,code_challenge:m,code_challenge_method:y,username:x,ui_locales:C},ne=t.req.header("origin");if(ne&&!Wx(ne,I.web_origins||[]))throw new P(403,{message:`Origin ${ne} not allowed`});if(U.redirect_uri&&!qc(U.redirect_uri,I.callbacks||[]))throw new P(400,{message:`Invalid redirect URI - ${U.redirect_uri}`});const ce=Ky(I.tenant.id,t.req.header("cookie")),K=ce?await e.data.sessions.get(I.tenant.id,ce):void 0;if(v=="none"){if(!d)throw new P(400,{message:"Missing response_type"});return Xx({ctx:t,session:K||void 0,redirect_uri:r,state:s,response_type:d,client:I,nonce:l,code_challenge_method:y,code_challenge:m,audience:o,scope:n})}return c&&c!=="email"?Lj(t,I,c,U):p?Yx(t,I.tenant.id,p,U,b):Gx({ctx:t,client:I,auth0Client:k,authParams:U,session:K||void 0,connection:c,login_hint:x})});function Mj(t,e){Object.keys(e).forEach(a=>{const i=e[a];i!=null&&i.length&&t.searchParams.set(a,i)})}async function Ag(t,e,a,i,r,n){const s=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!s)throw new P(400,{message:"State not found"});const o=await t.env.data.logins.get(t.var.tenant_id,s.login_id);if(!o)throw new P(400,{message:"Login not found"});const{redirect_uri:l}=o.authParams;if(!l)throw new P(400,{message:"Redirect uri not found"});const c=ia(t,{type:Ge.FAILED_LOGIN,description:`Failed connection login: ${r} ${a}, ${i}`});ti(t,t.env.data.logs.create(t.var.tenant_id,c));const d=new URL(l);return Mj(d,{error:a,error_description:i,error_reason:n,error_code:r,state:o.authParams.state}),t.redirect(`${t.env.ISSUER}u/enter-email?state=${o.login_id}&error=${a}`)}const Vj=new We().openapi(he({tags:["oauth2"],method:"get",path:"/",request:{query:g.object({state:g.string(),code:g.string().optional(),scope:g.string().optional(),hd:g.string().optional(),error:g.string().optional(),error_description:g.string().optional(),error_code:g.string().optional(),error_reason:g.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:a,error:i,error_description:r,error_code:n,error_reason:s}=t.req.valid("query");if(i)return Ag(t,e,i,r,n,s);if(!a)throw new P(400,{message:"Code is required"});return Sg(t,{code:a,state:e})}).openapi(he({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:g.object({state:g.string(),code:g.string().optional(),scope:g.string().optional(),hd:g.string().optional(),error:g.string().optional(),error_description:g.string().optional(),error_code:g.string().optional(),error_reason:g.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:a,error:i,error_description:r,error_code:n,error_reason:s}=t.req.valid("form");if(i)return Ag(t,e,i,r,n,s);if(!a)throw new P(400,{message:"Code is required"});return Sg(t,{code:a,state:e})});function Hj(){const t=new We;t.use(Vy(t));const e=t.route("/v2/logout",Cx).route("/userinfo",$x).route("/.well-known",fx).route("/oauth/token",Ix).route("/dbconnections",Vx).route("/passwordless",Hx).route("/co/authenticate",Fx).route("/authorize",Dj).route("/callback",Vj);return e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"}}),My(e),e}const Zj="Account detected",Kj="We have detected that you have already created an account through",Fj="By signing in, you agree to our",Wj="and",Gj="Callback URL mismatch",Jj="The provided redirect_uri is not in the list of allowed callback URLs.",Yj="continue with user",Xj="Please click the button to create a new password account.",Qj="Enter the code at {{vendorName}} to complete the login",e3="Welcome to {{vendorName}}! {{code}} is the login code",a3="Welcome to {{vendorName}}! {{code}} is the login code",t3="The code is valid for 30 minutes",i3="Confirm password",r3="Need Help?",n3="Contact us",s3="or continue with social account",o3="Continue with {{provider}}",l3="Would you like to continue with your existing account?",c3="Copyright © 2023 SESAMY. All rights reserved.",d3="©2023 Sesamy",u3="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",h3="Please enter a valid email address.",m3="The passwords didn't match. Try again.",p3="Choose password",g3="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",f3="Create new account",b3="Sign up with password",y3="You are currently logged in as <0>{{email}}</0>",k3="Email",v3="Email address",w3="Your email address has been validated",_3="Now enter your password to login again",x3="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",j3="Email verification sent",z3="Enter a code",q3="We'll send you a verification link to ensure you own this email address.",S3="Enter new password",A3="Enter password",E3="Enter your email address and password to login.",I3="Enter your password",O3="The magic link has expired. Please click on the button below to receive a new link in your inbox.",C3="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",$3="Send password reset email",T3="Click the button below and we’ll send instructions on how to reset your password.",N3="Password reset email sent",R3="Forgot password?",P3="Forgot password?",B3="Go back",U3="Invalid password",L3=`The link is no longer valid.
+  </html>`}async function Xx({ctx:t,client:e,session:a,redirect_uri:i,state:r,nonce:n,code_challenge_method:s,code_challenge:o,audience:l,scope:c}){const{env:d}=t,m=new URL(i);if(a){t.set("user_id",a.user_id);const v=new Headers,p=Fy(e.tenant.id,a.session_id);v.set("set-cookie",p);const b=await d.data.users.get(e.tenant.id,a.user_id);if(b){t.set("username",b.email),t.set("connection",b.connection);const k=await Kh(t,{client:e,authParams:{client_id:e.id,audience:l,code_challenge_method:s,code_challenge:o,scope:c,state:r,nonce:n,response_type:gi.TOKEN_ID_TOKEN},user:b,sid:a.session_id});await d.data.sessions.update(e.tenant.id,a.session_id,{used_at:new Date().toISOString()});const x=ia(t,{type:Ge.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});return await t.env.data.logs.create(e.tenant.id,x),t.html(yg(`${m.protocol}//${m.host}`,JSON.stringify(k)),{headers:v})}}const y=ia(t,{type:Ge.FAILED_SILENT_AUTH,description:"Login required"});return await t.env.data.logs.create(e.tenant.id,y),t.html(yg(`${m.protocol}//${m.host}`,JSON.stringify({error:"login_required",error_description:"Login required",state:r})))}var kg;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(kg||(kg={}));var vg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(vg||(vg={}));function Qx(t){return fk(t,ej,_s.Include)}function gk(t){return fk(t,aj,_s.None)}function fk(t,e,a){let i="";for(let r=0;r<t.byteLength;r+=3){let n=0,s=0;for(let o=0;o<3&&r+o<t.byteLength;o++)n=n<<8|t[r+o],s+=8;for(let o=0;o<4;o++)s>=6?(i+=e[n>>s-6&63],s-=6):s>0?(i+=e[n<<6-s&63],s=0):a===_s.Include&&(i+="=")}return i}const ej="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",aj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var _s;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(_s||(_s={}));var wg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(wg||(wg={}));class tj{uint8(e,a){if(e.byteLength<a+1)throw new TypeError("Insufficient bytes");return e[a]}uint16(e,a){if(e.byteLength<a+2)throw new TypeError("Insufficient bytes");return e[a]<<8|e[a+1]}uint32(e,a){if(e.byteLength<a+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=e[a+r]<<24-r*8;return i}uint64(e,a){if(e.byteLength<a+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(e[a+r])<<BigInt(56-r*8);return i}putUint8(e,a,i){if(e.length<i+1)throw new TypeError("Not enough space");if(a<0||a>255)throw new TypeError("Invalid uint8 value");e[i]=a}putUint16(e,a,i){if(e.length<i+2)throw new TypeError("Not enough space");if(a<0||a>65535)throw new TypeError("Invalid uint16 value");e[i]=a>>8,e[i+1]=a&255}putUint32(e,a,i){if(e.length<i+4)throw new TypeError("Not enough space");if(a<0||a>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)e[i+r]=a>>(3-r)*8&255}putUint64(e,a,i){if(e.length<i+8)throw new TypeError("Not enough space");if(a<0||a>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)e[i+r]=Number(a>>BigInt((7-r)*8)&0xffn)}}const _g=new tj;function ct(t,e){return(t<<32-e|t>>>e)>>>0}function ij(t){const e=new rj;return e.update(t),e.digest()}class rj{constructor(){M(this,"blockSize",64);M(this,"size",32);M(this,"blocks",new Uint8Array(64));M(this,"currentBlockSize",0);M(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));M(this,"l",0n);M(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let a=0;if(this.currentBlockSize>0){const i=e.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),a+=i.byteLength,this.currentBlockSize=0}for(;a+64<=e.byteLength;){const i=e.slice(a,a+64);this.blocks.set(i),this.process(),a+=64}if(e.byteLength-a>0){const i=e.slice(a);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),_g.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let a=0;a<8;a++)_g.putUint32(e,this.H[a],a*4);return e}process(){for(let c=0;c<16;c++)this.w[c]=(this.blocks[c*4]<<24|this.blocks[c*4+1]<<16|this.blocks[c*4+2]<<8|this.blocks[c*4+3])>>>0;for(let c=16;c<64;c++){const d=(ct(this.w[c-2],17)^ct(this.w[c-2],19)^this.w[c-2]>>>10)>>>0,m=(ct(this.w[c-15],7)^ct(this.w[c-15],18)^this.w[c-15]>>>3)>>>0;this.w[c]=d+this.w[c-7]+m+this.w[c-16]|0}let e=this.H[0],a=this.H[1],i=this.H[2],r=this.H[3],n=this.H[4],s=this.H[5],o=this.H[6],l=this.H[7];for(let c=0;c<64;c++){const d=(ct(n,6)^ct(n,11)^ct(n,25))>>>0,m=(n&s^~n&o)>>>0,y=l+d+m+nj[c]+this.w[c]|0,v=(ct(e,2)^ct(e,13)^ct(e,22))>>>0,p=(e&a^e&i^a&i)>>>0,b=v+p|0;l=o,o=s,s=n,n=r+y|0,r=i,i=a,a=e,e=y+b|0}this.H[0]=e+this.H[0]|0,this.H[1]=a+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=n+this.H[4]|0,this.H[5]=s+this.H[5]|0,this.H[6]=o+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const nj=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class sj{constructor(e){M(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function oj(t){const e=ij(new TextEncoder().encode(t));return gk(e)}function lj(){const t=new Uint8Array(32);return crypto.getRandomValues(t),gk(t)}function $n(t,e){const a=new TextEncoder().encode(e.toString()),i=new Request(t,{method:"POST",body:a});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",a.byteLength.toString()),i}function Yc(t,e){const a=new TextEncoder().encode(`${t}:${e}`);return Qx(a)}async function Sl(t){console.log("sendTokenRequest:"+t.url);let e;try{e=await fetch(t)}catch(i){throw new yk(i)}let a;try{a=await e.json()}catch{throw new Error("Failed to parse response body")}if(typeof a!="object"||a===null)throw new Error("Unexpected response body data");if("error"in a&&typeof a.error=="string")throw bk(a);return new sj(a)}async function cj(t){let e;try{e=await fetch(t)}catch(i){throw new yk(i)}if(e.ok)return;let a;try{a=await e.json()}catch{throw new Error("Failed to parse response body")}if(typeof a!="object"||a===null)throw new Error("Unexpected response body data");if("error"in a&&typeof a.error=="string")throw bk(a)}function bk(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let a=null,i=null,r=null;return"error_description"in t&&typeof t.error_description=="string"&&(a=t.error_description),"error_uri"in t&&typeof t.error_uri=="string"&&(i=t.error_uri),"state"in t&&typeof t.state=="string"&&(r=t.state),new dj(e,a,i,r)}class yk extends Error{constructor(e){super("Failed to send request",{cause:e})}}class dj extends Error{constructor(a,i,r,n){super(`OAuth request error: ${a}`);M(this,"code");M(this,"description");M(this,"uri");M(this,"state");this.code=a,this.description=i,this.uri=r,this.state=n}}class Gh{constructor(e,a,i){M(this,"clientId");M(this,"clientPassword");M(this,"redirectURI");this.clientId=e,this.clientPassword=a,this.redirectURI=i}createAuthorizationURL(e,a,i){const r=new URL(e);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",a),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(e,a,i,r,n){const s=new URL(e);if(s.searchParams.set("response_type","code"),s.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&s.searchParams.set("redirect_uri",this.redirectURI),s.searchParams.set("state",a),i===xs.S256){const o=oj(r);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",o)}else i===xs.Plain&&(s.searchParams.set("code_challenge_method","plain"),s.searchParams.set("code_challenge",r));return n.length>0&&s.searchParams.set("scope",n.join(" ")),s}async validateAuthorizationCode(e,a,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",a),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const n=$n(e,r);if(this.clientPassword!==null){const o=Yc(this.clientId,this.clientPassword);n.headers.set("Authorization",`Basic ${o}`)}return await Sl(n)}async refreshAccessToken(e,a,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",a),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const n=$n(e,r);if(this.clientPassword!==null){const o=Yc(this.clientId,this.clientPassword);n.headers.set("Authorization",`Basic ${o}`)}return await Sl(n)}async revokeToken(e,a){const i=new URLSearchParams;i.set("token",a),this.clientPassword===null&&i.set("client_id",this.clientId);const r=$n(e,i);if(this.clientPassword!==null){const n=Yc(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${n}`)}await cj(r)}}var xs;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(xs||(xs={}));var xg;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(xg||(xg={}));var jg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jg||(jg={}));function Tn(t){return uj(t,hj,Al.None)}function uj(t,e,a){let i="";for(let r=0;r<t.byteLength;r+=3){let n=0,s=0;for(let o=0;o<3&&r+o<t.byteLength;o++)n=n<<8|t[r+o],s+=8;for(let o=0;o<4;o++)s>=6?(i+=e[n>>s-6&63],s-=6):s>0?(i+=e[n<<6-s&63],s=0):a===Al.Include&&(i+="=")}return i}const hj="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Al;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Al||(Al={}));var zg;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(zg||(zg={}));function mj(t,e,a){const i=Tn(new TextEncoder().encode(t)),r=Tn(new TextEncoder().encode(e)),n=Tn(a);return i+"."+r+"."+n}function pj(t,e){const a=Tn(new TextEncoder().encode(t)),i=Tn(new TextEncoder().encode(e)),r=a+"."+i;return new TextEncoder().encode(r)}const gj="https://appleid.apple.com/auth/authorize",fj="https://appleid.apple.com/auth/token";class kk{constructor(e,a,i,r,n){M(this,"clientId");M(this,"teamId");M(this,"keyId");M(this,"pkcs8PrivateKey");M(this,"redirectURI");this.clientId=e,this.teamId=a,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=n}createAuthorizationURL(e,a){const i=new URL(gj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),i.searchParams.set("scope",a.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),a.set("redirect_uri",this.redirectURI),a.set("client_id",this.clientId);const i=await this.createClientSecret();a.set("client_secret",i);const r=$n(fj,a);return await Sl(r)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),a=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:a+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:a}),n=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,pj(i,r)));return mj(i,r,n)}}const bj="https://www.facebook.com/v16.0/dialog/oauth",yj="https://graph.facebook.com/v16.0/oauth/access_token";class vk{constructor(e,a,i){M(this,"clientId");M(this,"clientSecret");M(this,"redirectURI");this.clientId=e,this.clientSecret=a,this.redirectURI=i}createAuthorizationURL(e,a){const i=new URL(bj);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),i.searchParams.set("scope",a.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const a=new URLSearchParams;a.set("grant_type","authorization_code"),a.set("code",e),a.set("redirect_uri",this.redirectURI),a.set("client_id",this.clientId),a.set("client_secret",this.clientSecret);const i=$n(yj,a);return await Sl(i)}}const kj="https://accounts.google.com/o/oauth2/v2/auth",qg="https://oauth2.googleapis.com/token",vj="https://oauth2.googleapis.com/revoke";class wk{constructor(e,a,i){M(this,"client");this.client=new Gh(e,a,i)}createAuthorizationURL(e,a,i){return this.client.createAuthorizationURLWithPKCE(kj,e,xs.S256,a,i)}async validateAuthorizationCode(e,a){return await this.client.validateAuthorizationCode(qg,e,a)}async refreshAccessToken(e){return await this.client.refreshAccessToken(qg,e,[])}async revokeToken(e){await this.client.revokeToken(vj,e)}}const Ac=g.object({iss:g.string().url(),sub:g.string(),aud:g.string(),exp:g.number(),email:g.string().optional(),given_name:g.string().optional(),family_name:g.string().optional(),name:g.string().optional(),iat:g.number(),auth_time:g.number().optional(),nonce:g.string().optional(),acr:g.string().optional(),amr:g.array(g.string()).optional(),azp:g.string().optional(),at_hash:g.string().optional(),c_hash:g.string().optional()}).passthrough(),wj=Ac.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function _k(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const a=Buffer.from(e.app_secret,"utf-8"),i=a.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return a.fill(0),{options:e,keyArray:r}}async function _j(t,e){var l,c;const{options:a,keyArray:i}=_k(e),r=new kk(a.client_id,a.team_id,a.kid,i,`${t.env.ISSUER}callback`),n=rt(),s=await r.createAuthorizationURL(n,((l=a.scope)==null?void 0:l.split(" "))||["name","email"]);return(((c=a.scope)==null?void 0:c.split(" "))||["name","email"]).some(d=>["email","name"].includes(d))&&s.searchParams.set("response_mode","form_post"),{redirectUrl:s.href,code:n}}async function xj(t,e,a){const{options:i,keyArray:r}=_k(e),s=await new kk(i.client_id,i.team_id,i.kid,r,`${t.env.ISSUER}callback`).validateAuthorizationCode(a),o=Hh(s.idToken());if(!o)throw new Error("Invalid ID token");const l=Ac.parse(o.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const jj=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:_j,validateAuthorizationCodeAndGetUser:xj},Symbol.toStringTag,{value:"Module"}));async function zj(t,e){var s;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required authentication parameters");const i=new vk(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt();return{redirectUrl:i.createAuthorizationURL(r,((s=a.scope)==null?void 0:s.split(" "))||["email"]).href,code:r}}async function qj(t,e,a){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const n=await new vk(i.client_id,i.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode(a),s=Hh(n.idToken());if(!s)throw new Error("Invalid ID token");const o=Ac.parse(s.payload);return{sub:o.sub,email:o.email,given_name:o.given_name,family_name:o.family_name,name:o.name,picture:o.picture,locale:o.locale}}const Sj=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:zj,validateAuthorizationCodeAndGetUser:qj},Symbol.toStringTag,{value:"Module"}));async function Aj(t,e){var o;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required Google authentication parameters");const i=new wk(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt(),n=lj();return{redirectUrl:i.createAuthorizationURL(r,n,((o=a.scope)==null?void 0:o.split(" "))??["email","profile"]).href,code:r,codeVerifier:n}}async function Ej(t,e,a,i){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const s=await new wk(r.client_id,r.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode(a,i);console.log("got here");const o=Hh(s.idToken());if(!o)throw new Error("Invalid ID token");const l=Ac.parse(o.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Ij=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Aj,validateAuthorizationCodeAndGetUser:Ej},Symbol.toStringTag,{value:"Module"}));async function Oj(t,e){var s;const{options:a}=e;if(!(a!=null&&a.client_id)||!a.client_secret)throw new Error("Missing required authentication parameters");const i=new Gh(a.client_id,a.client_secret,`${t.env.ISSUER}callback`),r=rt();return{redirectUrl:i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,((s=a.scope)==null?void 0:s.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]).href,code:r}}async function Cj(t,e,a){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const n=await new Gh(i.client_id,i.client_secret,`${t.env.ISSUER}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",a,null),s=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${n.accessToken}`}}),o=wj.parse(await s.json());return{sub:o.sub,email:o.email,given_name:o.given_name,family_name:o.family_name,name:o.name,picture:o.picture,locale:o.locale}}const $j=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Oj,validateAuthorizationCodeAndGetUser:Cj},Symbol.toStringTag,{value:"Module"}));function xk(t,e){const a=t.env.STRATEGIES||{},r={apple:jj,facebook:Sj,"google-oauth2":Ij,vipps:$j,...a}[e];if(!r)throw new Error(`Strategy ${e} not found`);return r}async function jk(t,e){const a=await t.data.clients.get(e);if(!a)throw new P(403,{message:"Client not found"});const i=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,r=await t.data.connections.list(a.tenant.id),n=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},s=r.connections.map(o=>{var d;const l=(d=n.connections)==null?void 0:d.find(m=>m.name===o.name);return l!=null&&l.options?ai.parse({...l||{},...o,options:{...l.options||{},...o.options}}):o}).filter(o=>o);return{...a,web_origins:[...(i==null?void 0:i.web_origins)||[],...a.web_origins||[],`${t.ISSUER}u/login`],allowed_logout_urls:[...(i==null?void 0:i.allowed_logout_urls)||[],...a.allowed_logout_urls||[],t.ISSUER],callbacks:[...(i==null?void 0:i.callbacks)||[],...a.callbacks||[],`${t.ISSUER}u/info`],connections:s,domains:[...a.domains||[],...(i==null?void 0:i.domains)||[]],tenant:{...(i==null?void 0:i.tenant)||{},...a.tenant}}}function Tj(t){return async(e,a)=>{if(!a.email||!a.email_verified)return t.users.create(e,a);const i=await Wf({userAdapter:t.users,tenant_id:e,email:a.email});return i?(await t.users.create(e,{...a,linked_to:i.user_id}),i):t.users.create(e,a)}}async function zk(t,e,a){for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(a)})).ok){const n=ia(t,{type:Ge.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});await a.logs.create(t.var.tenant_id,n)}}function Nj(t,e){return async(a,i)=>{const{hooks:r}=await e.hooks.list(a);return await zk(t,r,{tenant_id:a,user:i,trigger_id:"post-user-registration"}),i}}function Rj(t,e){return async(a,i)=>{const{hooks:r}=await e.hooks.list(a,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await zk(t,r,{tenant_id:a,email:i,trigger_id:"pre-user-signup"})}}function Pj(t,e){return async(a,i)=>{let r=await Tj(e)(a,i);return await Nj(t,e)(a,r),r}}async function Bj(t,e,a,i){if(e.disable_sign_ups&&!await Wf({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:i})){const n=ia(t,{type:Ge.FAILED_SIGNUP,description:"Public signup is disabled"});throw await t.env.data.logs.create(e.tenant.id,n),new P(400,{message:"Signups are disabled for this client"})}await Rj(t,a)(t.var.tenant_id||"",i)}function Uj(t,e){return{...e,users:{...e.users,create:Pj(t,e)}}}async function Lj(t,e,a,i){if(!i.state)throw new P(400,{message:"State not found"});const r=e.connections.find(l=>l.name===a);if(!r){t.set("client_id",e.id);const l=ia(t,{type:Ge.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new P(403,{message:"Connection Not Found"})}let n=await t.env.data.logins.get(e.tenant.id,i.state);n||(n=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+ql*1e3).toISOString(),authParams:i,...Fr(t.req)}));const o=await xk(t,r.strategy).getRedirect(t,r);return await t.env.data.codes.create(e.tenant.id,{login_id:n.login_id,code_id:o.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:o.codeVerifier,expires_at:new Date(Date.now()+gx*1e3).toISOString()}),t.redirect(o.redirectUrl)}async function Sg(t,{code:e,state:a}){var p;const{env:i}=t,r=await i.data.codes.get(t.var.tenant_id||"",a,"oauth2_state");if(!r||!r.connection_id)throw new P(403,{message:"State not found"});const n=await i.data.logins.get(t.var.tenant_id||"",r.login_id);if(!n)throw new P(403,{message:"Session not found"});const s=await jk(i,n.authParams.client_id);t.set("client_id",s.id),t.set("tenant_id",s.tenant.id);const o=s.connections.find(b=>b.id===r.connection_id);if(!o){const b=ia(t,{type:Ge.FAILED_LOGIN,description:"Connection not found"});throw await i.data.logs.create(s.tenant.id,b),new P(403,{message:"Connection not found"})}if(t.set("connection",o.name),!n.authParams.redirect_uri){const b=ia(t,{type:Ge.FAILED_LOGIN,description:"Redirect URI not defined"});throw await i.data.logs.create(s.tenant.id,b),new P(403,{message:"Redirect URI not defined"})}if(!qc(n.authParams.redirect_uri,s.callbacks||[])){const b=`Invalid redirect URI - ${n.authParams.redirect_uri}`,k=ia(t,{type:Ge.FAILED_LOGIN,description:b});throw await i.data.logs.create(s.tenant.id,k),new P(403,{message:b})}const c=await xk(t,o.strategy).validateAuthorizationCodeAndGetUser(t,o,e,r.code_verifier),{sub:d,...m}=c;t.set("user_id",d);const y=((p=c.email)==null?void 0:p.toLocaleLowerCase())||`${o.name}.${d}@${new URL(t.env.ISSUER).hostname}`;t.set("username",y);let v=await Rl({userAdapter:i.data.users,tenant_id:s.tenant.id,email:y,provider:o.name});if(!v){try{await Bj(t,s,t.env.data,y)}catch(b){const k=b;throw new P(500,{message:`Failed to run preUserSignupHook: ${k.message}`})}v=await i.data.users.create(s.tenant.id,{user_id:`${o.name}|${d}`,email:y,name:y,provider:o.name,connection:o.name,email_verified:!0,last_ip:"",is_social:!0,last_login:new Date().toISOString(),profileData:JSON.stringify(m)}),t.set("user_id",v.user_id)}return Js(t,{client:s,authParams:n.authParams,loginSession:n,user:v})}const Dj=new We().openapi(he({tags:["oauth"],method:"get",path:"/",request:{query:g.object({client_id:g.string(),vendor_id:g.string().optional(),redirect_uri:g.string(),scope:g.string().optional(),state:g.string(),prompt:g.string().optional(),response_mode:g.nativeEnum(Gr).optional(),response_type:g.nativeEnum(gi).optional(),audience:g.string().optional(),connection:g.string().optional(),nonce:g.string().optional(),max_age:g.string().optional(),login_ticket:g.string().optional(),code_challenge_method:g.nativeEnum(Nl).optional(),code_challenge:g.string().optional(),realm:g.string().optional(),auth0Client:g.string().optional(),login_hint:g.string().optional(),ui_locales:g.string().optional()})},responses:{200:{description:"Silent authentication page"},302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{env:e}=t,{client_id:a,vendor_id:i,redirect_uri:r,scope:n,state:s,audience:o,nonce:l,connection:c,response_type:d,code_challenge:m,code_challenge_method:y,prompt:v,login_ticket:p,realm:b,auth0Client:k,login_hint:x,ui_locales:C}=t.req.valid("query"),I=await jk(e,a);t.set("client_id",I.id);const U={redirect_uri:r,scope:n,state:s,client_id:a,vendor_id:i,audience:o,nonce:l,prompt:v,response_type:d,code_challenge:m,code_challenge_method:y,username:x,ui_locales:C},ne=t.req.header("origin");if(ne&&!Wx(ne,I.web_origins||[]))throw new P(403,{message:`Origin ${ne} not allowed`});if(U.redirect_uri&&!qc(U.redirect_uri,I.callbacks||[]))throw new P(400,{message:`Invalid redirect URI - ${U.redirect_uri}`});const ce=Ky(I.tenant.id,t.req.header("cookie")),K=ce?await e.data.sessions.get(I.tenant.id,ce):void 0;if(v=="none"){if(!d)throw new P(400,{message:"Missing response_type"});return Xx({ctx:t,session:K||void 0,redirect_uri:r,state:s,response_type:d,client:I,nonce:l,code_challenge_method:y,code_challenge:m,audience:o,scope:n})}return c&&c!=="email"?Lj(t,I,c,U):p?Yx(t,I.tenant.id,p,U,b):Gx({ctx:t,client:I,auth0Client:k,authParams:U,session:K||void 0,connection:c,login_hint:x})});function Mj(t,e){Object.keys(e).forEach(a=>{const i=e[a];i!=null&&i.length&&t.searchParams.set(a,i)})}async function Ag(t,e,a,i,r,n){const s=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!s)throw new P(400,{message:"State not found"});const o=await t.env.data.logins.get(t.var.tenant_id,s.login_id);if(!o)throw new P(400,{message:"Login not found"});const{redirect_uri:l}=o.authParams;if(!l)throw new P(400,{message:"Redirect uri not found"});const c=ia(t,{type:Ge.FAILED_LOGIN,description:`Failed connection login: ${r} ${a}, ${i}`});ti(t,t.env.data.logs.create(t.var.tenant_id,c));const d=new URL(l);return Mj(d,{error:a,error_description:i,error_reason:n,error_code:r,state:o.authParams.state}),t.redirect(`${t.env.ISSUER}u/enter-email?state=${o.login_id}&error=${a}`)}const Vj=new We().openapi(he({tags:["oauth2"],method:"get",path:"/",request:{query:g.object({state:g.string(),code:g.string().optional(),scope:g.string().optional(),hd:g.string().optional(),error:g.string().optional(),error_description:g.string().optional(),error_code:g.string().optional(),error_reason:g.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:a,error:i,error_description:r,error_code:n,error_reason:s}=t.req.valid("query");if(i)return Ag(t,e,i,r,n,s);if(!a)throw new P(400,{message:"Code is required"});return Sg(t,{code:a,state:e})}).openapi(he({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:g.object({state:g.string(),code:g.string().optional(),scope:g.string().optional(),hd:g.string().optional(),error:g.string().optional(),error_description:g.string().optional(),error_code:g.string().optional(),error_reason:g.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:a,error:i,error_description:r,error_code:n,error_reason:s}=t.req.valid("form");if(i)return Ag(t,e,i,r,n,s);if(!a)throw new P(400,{message:"Code is required"});return Sg(t,{code:a,state:e})});function Hj(){const t=new We;t.use(Vy(t));const e=t.route("/v2/logout",Cx).route("/userinfo",$x).route("/.well-known",fx).route("/oauth/token",Ix).route("/dbconnections",Vx).route("/passwordless",Hx).route("/co/authenticate",Fx).route("/authorize",Dj).route("/callback",Vj);return e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"}}),My(e),e}const Zj="Account detected",Kj="We have detected that you have already created an account through",Fj="By signing in, you agree to our",Wj="and",Gj="Callback URL mismatch",Jj="The provided redirect_uri is not in the list of allowed callback URLs.",Yj="continue with user",Xj="Please click the button to create a new password account.",Qj="Enter the code at {{vendorName}} to complete the login",e3="Welcome to {{vendorName}}! {{code}} is the login code",a3="Welcome to {{vendorName}}! {{code}} is the login code",t3="The code is valid for 30 minutes",i3="Confirm password",r3="Need Help?",n3="Contact us",s3="or continue with social account",o3="Continue with {{provider}}",l3="Would you like to continue with your existing account?",c3="Copyright © 2023 SESAMY. All rights reserved.",d3="©2023 Sesamy",u3="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",h3="Please enter a valid email address.",m3="The passwords didn't match. Try again.",p3="Choose password",g3="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",f3="Create new account",b3="Sign up with password",y3="You are currently logged in as <0>{{email}}</0>",k3="Email",v3="Email address",w3="Your email address has been validated",_3="Now enter your password to login again",x3="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",j3="Email verification sent",z3="Enter a code",q3="We'll send you a verification link to ensure you own this email address.",S3="Enter new password",A3="Enter password",E3="Enter your email address and password to login.",I3="Enter your password",O3="The magic link has expired. Please click on the button below to receive a new link in your inbox.",C3="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",$3="Send password reset email",T3="Click the button below and we’ll send instructions on how to reset your password.",N3="Password reset email sent",R3="Forgot password?",P3="Forgot password?",B3="Go back",U3="Invalid password",L3=`The link is no longer valid.
 Please make sure to open the login link in the same browser you started the login with.

package/dist/authhero.d.ts CHANGED Viewed

@@ -4240,7 +4240,7 @@ export interface ListCodesResponse extends Totals {
 export interface CodesAdapter {
 	create: (tenant_id: string, code: CodeInsert) => Promise<Code>;
 	get: (tenant_id: string, code_id: string, type: CodeType) => Promise<Code | null>;
-	list: (tenant_id: string, params: ListParams) => Promise<ListCodesResponse>;
+	list: (tenant_id: string, params?: ListParams) => Promise<ListCodesResponse>;
 	used: (tenant_id: string, code_id: string) => Promise<boolean>;
 	remove: (tenant_id: string, code_id: string) => Promise<boolean>;
 }
@@ -4255,7 +4255,7 @@ export interface ListSesssionsResponse extends Totals {
 export interface SessionsAdapter {
 	create: (tenant_id: string, session: SessionInsert) => Promise<Session>;
 	get: (tenant_id: string, id: string) => Promise<Session | null>;
-	list(tenantId: string, params: ListParams): Promise<ListSesssionsResponse>;
+	list(tenantId: string, params?: ListParams): Promise<ListSesssionsResponse>;
 	update: (tenant_id: string, id: string, session: {
 		used_at: string;
 	}) => Promise<boolean>;
@@ -4271,7 +4271,7 @@ export interface CreateTenantParams {
 export interface TenantsDataAdapter {
 	create(params: CreateTenantParams): Promise<Tenant>;
 	get(id: string): Promise<Tenant | null>;
-	list(params: ListParams): Promise<{
+	list(params?: ListParams): Promise<{
 		tenants: Tenant[];
 		totals?: Totals;
 	}>;
@@ -4285,7 +4285,7 @@ export interface UserDataAdapter {
 	get(tenant_id: string, id: string): Promise<User | null>;
 	create(tenantId: string, user: UserInsert): Promise<User>;
 	remove(tenantId: string, id: string): Promise<boolean>;
-	list(tenantId: string, params: ListParams): Promise<ListUsersResponse>;
+	list(tenantId: string, params?: ListParams): Promise<ListUsersResponse>;
 	update(tenantId: string, id: string, user: Partial<User>): Promise<boolean>;
 	unlink(tenantId: string, id: string, provider: string, linked_user_id: string): Promise<boolean>;
 }
@@ -4294,14 +4294,14 @@ export interface ListLogsResponse extends Totals {
 }
 export interface LogsDataAdapter {
 	create(tenantId: string, params: Log): Promise<Log>;
-	list(tenantId: string, params: ListParams): Promise<ListLogsResponse>;
+	list(tenantId: string, params?: ListParams): Promise<ListLogsResponse>;
 	get(tenantId: string, logId: string): Promise<LogsResponse | null>;
 }
 export interface ApplicationsAdapter {
 	create(tenant_id: string, params: ApplicationInsert): Promise<Application>;
 	get(tenant_id: string, id: string): Promise<Application | null>;
 	remove(tenant_id: string, id: string): Promise<boolean>;
-	list(tenant_id: string, params: ListParams): Promise<{
+	list(tenant_id: string, params?: ListParams): Promise<{
 		applications: Application[];
 		totals?: Totals;
 	}>;
@@ -4315,14 +4315,14 @@ export interface ConnectionsAdapter {
 	remove(tenant_id: string, connection_id: string): Promise<boolean>;
 	get(tenant_id: string, connection_id: string): Promise<Connection | null>;
 	update(tenant_id: string, connection_id: string, params: Partial<ConnectionInsert>): Promise<boolean>;
-	list(tenant_id: string, params: ListParams): Promise<ListConnectionsResponse>;
+	list(tenant_id: string, params?: ListParams): Promise<ListConnectionsResponse>;
 }
 export interface ListDomainsResponse extends Totals {
 	domains: Domain[];
 }
 export interface DomainsAdapter {
 	create(tenant_id: string, params: Domain): Promise<Domain>;
-	list(tenant_id: string, params: ListParams): Promise<ListDomainsResponse>;
+	list(tenant_id: string, params?: ListParams): Promise<ListDomainsResponse>;
 }
 export interface KeysAdapter {
 	create: (key: SigningKey) => Promise<void>;
@@ -4341,7 +4341,7 @@ export interface HooksAdapter {
 	remove: (tenant_id: string, hook_id: string) => Promise<boolean>;
 	get: (tenant_id: string, hook_id: string) => Promise<Hook | null>;
 	update: (tenant_id: string, hook_id: string, hook: Partial<HookInsert>) => Promise<boolean>;
-	list: (tenant_id: string, params: ListParams) => Promise<ListHooksResponse>;
+	list: (tenant_id: string, params?: ListParams) => Promise<ListHooksResponse>;
 }
 export interface ClientsAdapter {
 	get: (id: string) => Promise<Client | null>;

package/dist/authhero.mjs CHANGED Viewed

@@ -26168,15 +26168,7 @@ async function ok(t, e) {
   const a = await t.data.clients.get(e);
   if (!a)
     throw new P(403, { message: "Client not found" });
-  const i = t.DEFAULT_CLIENT_ID ? await t.data.clients.get(t.DEFAULT_CLIENT_ID) : void 0, r = await t.data.connections.list(a.tenant.id, {
-    include_totals: !1,
-    page: 0,
-    per_page: 100
-  }), n = t.DEFAULT_TENANT_ID ? await t.data.connections.list(t.DEFAULT_TENANT_ID, {
-    include_totals: !1,
-    page: 0,
-    per_page: 100
-  }) : { connections: [] }, s = r.connections.map((o) => {
+  const i = t.DEFAULT_CLIENT_ID ? await t.data.clients.get(t.DEFAULT_CLIENT_ID) : void 0, r = await t.data.connections.list(a.tenant.id), n = t.DEFAULT_TENANT_ID ? await t.data.connections.list(t.DEFAULT_TENANT_ID) : { connections: [] }, s = r.connections.map((o) => {
     var d;
     const l = (d = n.connections) == null ? void 0 : d.find(
       (m) => m.name === o.name
@@ -26248,12 +26240,7 @@ async function lk(t, e, a) {
 }
 function Sj(t, e) {
   return async (a, i) => {
-    const { hooks: r } = await e.hooks.list(a, {
-      q: "trigger_id:post-user-registration",
-      page: 0,
-      per_page: 100,
-      include_totals: !1
-    });
+    const { hooks: r } = await e.hooks.list(a);
     return await lk(t, r, {
       tenant_id: a,
       user: i,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.36.0",
+  "version": "0.36.2",
   "files": [
     "dist"
   ],
@@ -25,7 +25,7 @@
     "vite": "^5.4.11",
     "vite-plugin-dts": "^4.3.0",
     "vitest": "^2.1.5",
-    "@authhero/kysely-adapter": "^0.27.0"
+    "@authhero/kysely-adapter": "^0.28.1"
   },
   "dependencies": {
     "@peculiar/x509": "^1.12.3",
@@ -36,7 +36,7 @@
     "nanoid": "^5.0.8",
     "oslo": "^1.2.1",
     "zxcvbn": "^4.4.2",
-    "@authhero/adapter-interfaces": "^0.35.0"
+    "@authhero/adapter-interfaces": "^0.36.0"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^0.18.0",