authhero 0.45.0 → 0.46.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authhero.cjs +1 -1
- package/dist/authhero.mjs +3 -1
- package/package.json +1 -1
package/dist/authhero.cjs
CHANGED
|
@@ -122,7 +122,7 @@ PERFORMANCE OF THIS SOFTWARE.
|
|
|
122
122
|
`,r=0;for(;r<t.length;)r+64<=t.length?i+=t.substr(r,64)+`\r
|
|
123
123
|
`:i+=t.substr(r)+`\r
|
|
124
124
|
`,r+=64;return i+=`-----END ${n} KEY-----\r
|
|
125
|
-
`,i}async function g0(n){const e=await n.publicKey.export(),t=await crypto.subtle.exportKey("jwk",e),i=JSON.stringify(t,Object.keys(t).sort()),s=new TextEncoder().encode(i);return La(await Bf(s))}const _0=1e3*60*60*24,m0=new a.OpenAPIHono().openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(wo)}},description:"List of keys"}}}),async n=>{const t=(await n.env.data.keys.list()).filter(i=>"cert"in i).map(i=>i);return n.json(t)}).openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:wo}},description:"The requested key"}}}),async n=>{const{kid:e}=n.req.valid("param"),i=(await n.env.data.keys.list()).find(r=>r.kid===e);if(!i)throw new N(404,{message:"Key not found"});return n.json(i)}).openapi(a.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async n=>{const e=await n.env.data.keys.list();for await(const i of e)await n.env.data.keys.update(i.kid,{revoked_at:new Date(Date.now()+_0).toISOString()});const t=await Ua({name:`CN=${n.env.ORGANIZATION_NAME}`});return await n.env.data.keys.create(t),n.text("OK",{status:201})}).openapi(a.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async n=>{const{kid:e}=n.req.valid("param");if(!await n.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Key not found"});const i=await Ua({name:`CN=${n.env.ORGANIZATION_NAME}`});return await n.env.data.keys.create(i),n.text("OK")}),y0=new a.OpenAPIHono().openapi(a.createRoute({tags:["users"],method:"get",path:"/",request:{query:a.z.object({email:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.array(Da)}},description:"List of users"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{email:t}=n.req.valid("query"),r=(await Ud(n.env.data.users,e,t)).filter(s=>!s.linked_to);return n.json(r)}),v0=Mt.extend({clients:a.z.array(Jt)}),w0=new a.OpenAPIHono().openapi(a.createRoute({tags:["clients"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([v0,a.z.array(Jt)])}},description:"List of clients"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r,sort:s,q:o}=n.req.valid("query"),l=(await n.env.data.applications.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o})).applications;return r?n.json({clients:l,start:0,limit:10,length:l.length}):n.json(l)}).openapi(a.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"An application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),r=(await n.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===t);if(!r)throw new N(404);return n.json(r)}).openapi(a.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param");if(!await n.env.data.applications.remove(e,t))throw new N(404,{message:"Application not found"});return n.text("OK")}).openapi(a.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(dr.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"The update application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),r=n.req.valid("json");await n.env.data.applications.update(e,t,r);const s=await n.env.data.applications.get(e,t);if(!s)throw new N(404,{message:"Application not found"});return n.json(s)}).openapi(a.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(dr.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:a.z.object(Jt.shape)}},description:"An application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i={...t,id:t.id||Ke(),client_secret:t.client_secret||Ke()},r=await n.env.data.applications.create(e,i);return n.json(r,{status:201})});a.z.object({start:a.z.number(),limit:a.z.number(),length:a.z.number()});ns.extend({email:a.z.string(),login_count:a.z.number(),multifactor:a.z.array(a.z.string()).optional(),last_ip:a.z.string().optional(),last_login:a.z.string().optional(),user_id:a.z.string()}).catchall(a.z.any());const b0=Mt.extend({tenants:a.z.array(An)}),k0=new a.OpenAPIHono().openapi(a.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:rn},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.union([a.z.array(An),b0])}},description:"List of tenants"}}}),async n=>{const{page:e,per_page:t,include_totals:i,sort:r,q:s}=n.req.valid("query"),o=await n.env.data.tenants.list({page:e,per_page:t,include_totals:i,sort:Mn(r),q:s});return i?n.json(o):n.json(o.tenants)}).openapi(a.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:An}},description:"A tenant"}}}),async n=>{const{id:e}=n.req.valid("param"),t=await n.env.data.tenants.get(e);if(!t)throw new N(404);return n.json(t)}).openapi(a.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{id:e}=n.req.valid("param");return await n.env.data.tenants.remove(e),n.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(fr.shape).partial()}}},params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{id:e}=n.req.valid("param"),t=n.req.valid("json");return await n.env.data.tenants.update(e,t),n.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(fr.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:An}},description:"An tenant"}}}),async n=>{const e=n.req.valid("json"),t=await n.env.data.tenants.create(e);return n.json(t,{status:201})}),x0=Mt.extend({logs:a.z.array(gr)}),S0=new a.OpenAPIHono().openapi(a.createRoute({tags:["logs"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(gr),x0])}},description:"List of log rows"}}}),async n=>{const{page:e,per_page:t,include_totals:i,sort:r,q:s}=n.req.valid("query"),{"tenant-id":o}=n.req.valid("header"),c=await n.env.data.logs.list(o,{page:e,per_page:t,include_totals:i,sort:Mn(r),q:s});return i?n.json(c):n.json(c.logs)}).openapi(a.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:gr}},description:"A log entry"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=await n.env.data.logs.get(e,t);if(!i)throw new N(404);return n.json(i)}),A0=Mt.extend({hooks:a.z.array(xn)}),I0=new a.OpenAPIHono().openapi(a.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(xn),A0])}},description:"List of hooks"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r,sort:s,q:o}=n.req.valid("query"),c=await n.env.data.hooks.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o});return r?n.json(c):n.json(c.hooks)}).openapi(a.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(hr.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:xn}},description:"The created hook"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.hooks.create(e,t);return n.json(i,{status:201})}).openapi(a.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()}),body:{content:{"application/json":{schema:a.z.object(hr.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param"),i=n.req.valid("json");await n.env.data.hooks.update(e,t,i);const r=await n.env.data.hooks.get(e,t);if(!r)throw new N(404,{message:"Hook not found"});return n.json(r)}).openapi(a.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xn}},description:"A hook"},404:{description:"Hook not found"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param"),i=await n.env.data.hooks.get(e,t);if(!i)throw new N(404,{message:"Hook not found"});return n.json(i)}).openapi(a.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param");if(!await n.env.data.hooks.remove(e,t))throw new N(404,{message:"Hook not found"});return n.text("OK")}),E0=Mt.extend({connections:a.z.array(zt)}),$0=new a.OpenAPIHono().openapi(a.createRoute({tags:["connections"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(zt),E0])}},description:"List of connectionss"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r=!1,sort:s,q:o}=n.req.valid("query"),c=await n.env.data.connections.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o});return r?n.json(c):n.json(c.connections)}).openapi(a.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:zt}},description:"A connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=await n.env.data.connections.get(e,t);if(!i)throw new N(404);return n.json(i)}).openapi(a.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param");if(!await n.env.data.connections.remove(e,t))throw new N(404,{message:"Connection not found"});return n.text("OK")}).openapi(a.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(pr.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:zt}},description:"The updated connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=n.req.valid("json");if(!await n.env.data.connections.update(e,t,i))throw new N(404,{message:"Connection not found"});const s=await n.env.data.connections.get(e,t);if(!s)throw new N(404,{message:"Connection not found"});return n.json(s)}).openapi(a.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(pr.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:zt}},description:"A connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.connections.create(e,t);return n.json(i,{status:201})}),C0=new a.OpenAPIHono().openapi(a.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.promptSettings.get(e);return t?n.json(t):n.json(Xi.parse({}))}).openapi(a.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Xi.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.promptSettings.get(e);return Object.assign(i,t),await n.env.data.promptSettings.set(e,i),n.json(i)});let Ju=!1;function Tf(n){n.use(async(e,t)=>(Ju||(n.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ju=!0),await t()))}a.z.object({alg:a.z.literal("RS256"),kty:a.z.literal("RSA"),use:a.z.literal("sig"),n:a.z.string(),e:a.z.string(),kid:a.z.string(),x5t:a.z.string(),x5c:a.z.array(a.z.string())});async function j0(n){try{const e=await n.JWKS_SERVICE.fetch(n.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new N(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function z0(n,e){const i=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),r=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),o=(await j0(n.env)).find(l=>l.kid===e.header.kid);if(!o)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",o,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,r,i)}function N0(n){const[e,t,i]=n.split(".");if(!e||!t||!i)return null;const r=JSON.parse(atob(e)),s=JSON.parse(atob(t)),o=atob(i.replace(/-/g,"+").replace(/_/g,"/"));return{header:r,payload:s,signature:o,raw:{header:e,payload:t,signature:i}}}function Rf(n){return async(e,t)=>{var r,s,o;const i=n.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(i&&"route"in i){const c=(s=(r=i.route.security)==null?void 0:r[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await t();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new N(401,{message:"Missing bearer token"});const g=N0(p);if(!g||!await z0(e,g))throw new N(403,{message:"Invalid JWT signature"});e.set("user_id",g.payload.sub),e.set("user",g.payload);const m=g.payload.permissions||[],x=((o=g.payload.scope)==null?void 0:o.split(" "))||[];if(c.length&&!(c.some(h=>m.includes(h))||c.some(h=>x.includes(h))))throw new N(403,{message:"Unauthorized"})}return await t()}}const O0=new a.OpenAPIHono().openapi(a.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Qi}},description:"Email provider"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.emailProviders.get(e);if(!t)throw new N(404,{message:"Email provider not found"});return n.json(t)}).openapi(a.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Qi.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.emailProviders.create(e,t),n.text("OK",{status:201})}).openapi(a.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Qi.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.emailProviders.update(e,t),n.text("OK")});function B0(){const n=new a.OpenAPIHono;n.use(Rf(n));const e=n.route("/branding",eg).route("/email/providers",O0).route("/users",mg).route("/keys",m0).route("/users-by-email",y0).route("/clients",w0).route("/tenants",k0).route("/logs",S0).route("/hooks",I0).route("/connections",$0).route("/prompts",C0);return Tf(e),e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"}}),e}function T0(n,e){Object.keys(e).forEach(t=>{const i=e[t];i!=null&&i.length&&n.searchParams.set(t,i)})}function Vn(n){var e,t,i;return{auth0Client:(e=n.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(t=n.header("x-real-ip"))==null?void 0:t.slice(0,45),useragent:(i=n.header("user-agent"))==null?void 0:i.slice(0,512)}}const Yi=60*5,Pf=30*24*60*60,Xr=24*60*60,R0="auth-token",Zu=30*60*1e3,P0=5*60,L0=5*60;var Yu;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(Yu||(Yu={}));var Xu;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(Xu||(Xu={}));function U0(n){return Uf(n,V0,Si.Include)}function Lf(n){return Uf(n,M0,Si.None)}function Uf(n,e,t){let i="";for(let r=0;r<n.byteLength;r+=3){let s=0,o=0;for(let c=0;c<3&&r+c<n.byteLength;c++)s=s<<8|n[r+c],o+=8;for(let c=0;c<4;c++)o>=6?(i+=e[s>>o-6&63],o-=6):o>0?(i+=e[s<<6-o&63],o=0):t===Si.Include&&(i+="=")}return i}const V0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",M0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Si;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(Si||(Si={}));var Qu;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(Qu||(Qu={}));class H0{uint8(e,t){if(e.byteLength<t+1)throw new TypeError("Insufficient bytes");return e[t]}uint16(e,t){if(e.byteLength<t+2)throw new TypeError("Insufficient bytes");return e[t]<<8|e[t+1]}uint32(e,t){if(e.byteLength<t+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=e[t+r]<<24-r*8;return i}uint64(e,t){if(e.byteLength<t+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(e[t+r])<<BigInt(56-r*8);return i}putUint8(e,t,i){if(e.length<i+1)throw new TypeError("Not enough space");if(t<0||t>255)throw new TypeError("Invalid uint8 value");e[i]=t}putUint16(e,t,i){if(e.length<i+2)throw new TypeError("Not enough space");if(t<0||t>65535)throw new TypeError("Invalid uint16 value");e[i]=t>>8,e[i+1]=t&255}putUint32(e,t,i){if(e.length<i+4)throw new TypeError("Not enough space");if(t<0||t>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)e[i+r]=t>>(3-r)*8&255}putUint64(e,t,i){if(e.length<i+8)throw new TypeError("Not enough space");if(t<0||t>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)e[i+r]=Number(t>>BigInt((7-r)*8)&0xffn)}}const ed=new H0;function pt(n,e){return(n<<32-e|n>>>e)>>>0}function D0(n){const e=new F0;return e.update(n),e.digest()}class F0{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let t=0;if(this.currentBlockSize>0){const i=e.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),t+=i.byteLength,this.currentBlockSize=0}for(;t+64<=e.byteLength;){const i=e.slice(t,t+64);this.blocks.set(i),this.process(),t+=64}if(e.byteLength-t>0){const i=e.slice(t);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),ed.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let t=0;t<8;t++)ed.putUint32(e,this.H[t],t*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(pt(this.w[u-2],17)^pt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,g=(pt(this.w[u-15],7)^pt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+g+this.w[u-16]|0}let e=this.H[0],t=this.H[1],i=this.H[2],r=this.H[3],s=this.H[4],o=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(pt(s,6)^pt(s,11)^pt(s,25))>>>0,g=(s&o^~s&c)>>>0,m=l+p+g+q0[u]+this.w[u]|0,x=(pt(e,2)^pt(e,13)^pt(e,22))>>>0,h=(e&t^e&i^t&i)>>>0,_=x+h|0;l=c,c=o,o=s,s=r+m|0,r=i,i=t,t=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=t+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=o+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const q0=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class K0{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function W0(n){const e=D0(new TextEncoder().encode(n));return Lf(e)}function G0(){const n=new Uint8Array(32);return crypto.getRandomValues(n),Lf(n)}function li(n,e){const t=new TextEncoder().encode(e.toString()),i=new Request(n,{method:"POST",body:t});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",t.byteLength.toString()),i}function go(n,e){const t=new TextEncoder().encode(`${n}:${e}`);return U0(t)}async function Qr(n){let e;try{e=await fetch(n)}catch(t){throw new Mf(t)}if(e.status===400||e.status===401){let t;try{t=await e.json()}catch{throw new rr(e.status)}if(typeof t!="object"||t===null)throw new $n(e.status,t);let i;try{i=Vf(t)}catch{throw new $n(e.status,t)}throw i}if(e.status===200){let t;try{t=await e.json()}catch{throw new rr(e.status)}if(typeof t!="object"||t===null)throw new $n(e.status,t);return new K0(t)}throw e.body!==null&&await e.body.cancel(),new rr(e.status)}async function J0(n){let e;try{e=await fetch(n)}catch(t){throw new Mf(t)}if(e.status===400||e.status===401){let t;try{t=await e.json()}catch{throw new $n(e.status,null)}if(typeof t!="object"||t===null)throw new $n(e.status,t);let i;try{i=Vf(t)}catch{throw new $n(e.status,t)}throw i}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new rr(e.status)}function Vf(n){let e;if("error"in n&&typeof n.error=="string")e=n.error;else throw new Error("Invalid error response");let t=null,i=null,r=null;if("error_description"in n){if(typeof n.error_description!="string")throw new Error("Invalid data");t=n.error_description}if("error_uri"in n){if(typeof n.error_uri!="string")throw new Error("Invalid data");i=n.error_uri}if("state"in n){if(typeof n.state!="string")throw new Error("Invalid data");r=n.state}return new Z0(e,t,i,r)}class Mf extends Error{constructor(e){super("Failed to send request",{cause:e})}}class Z0 extends Error{constructor(t,i,r,s){super(`OAuth request error: ${t}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=t,this.description=i,this.uri=r,this.state=s}}class rr extends Error{constructor(t){super("Unexpected error response");te(this,"status");this.status=t}}class $n extends Error{constructor(t,i){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=t,this.data=i}}class Uc{constructor(e,t,i){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=t,this.redirectURI=i}createAuthorizationURL(e,t,i){const r=new URL(e);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",t),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(e,t,i,r,s){const o=new URL(e);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&o.searchParams.set("redirect_uri",this.redirectURI),o.searchParams.set("state",t),i===Ai.S256){const c=W0(r);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",c)}else i===Ai.Plain&&(o.searchParams.set("code_challenge_method","plain"),o.searchParams.set("code_challenge",r));return s.length>0&&o.searchParams.set("scope",s.join(" ")),o}async validateAuthorizationCode(e,t,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",t),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const s=li(e,r);if(this.clientPassword!==null){const c=go(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Qr(s)}async refreshAccessToken(e,t,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",t),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const s=li(e,r);if(this.clientPassword!==null){const c=go(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Qr(s)}async revokeToken(e,t){const i=new URLSearchParams;i.set("token",t),this.clientPassword===null&&i.set("client_id",this.clientId);const r=li(e,i);if(this.clientPassword!==null){const s=go(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${s}`)}await J0(r)}}var Ai;(function(n){n[n.S256=0]="S256",n[n.Plain=1]="Plain"})(Ai||(Ai={}));var td;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(td||(td={}));var nd;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(nd||(nd={}));function ui(n){return Y0(n,X0,es.None)}function Y0(n,e,t){let i="";for(let r=0;r<n.byteLength;r+=3){let s=0,o=0;for(let c=0;c<3&&r+c<n.byteLength;c++)s=s<<8|n[r+c],o+=8;for(let c=0;c<4;c++)o>=6?(i+=e[s>>o-6&63],o-=6):o>0?(i+=e[s<<6-o&63],o=0):t===es.Include&&(i+="=")}return i}const X0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var es;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(es||(es={}));var id;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(id||(id={}));function Q0(n,e,t){const i=ui(new TextEncoder().encode(n)),r=ui(new TextEncoder().encode(e)),s=ui(t);return i+"."+r+"."+s}function em(n,e){const t=ui(new TextEncoder().encode(n)),i=ui(new TextEncoder().encode(e)),r=t+"."+i;return new TextEncoder().encode(r)}const tm="https://appleid.apple.com/auth/authorize",nm="https://appleid.apple.com/auth/token";class Hf{constructor(e,t,i,r,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=t,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=s}createAuthorizationURL(e,t){const i=new URL(tm);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),t.length>0&&i.searchParams.set("scope",t.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const t=new URLSearchParams;t.set("grant_type","authorization_code"),t.set("code",e),t.set("redirect_uri",this.redirectURI),t.set("client_id",this.clientId);const i=await this.createClientSecret();t.set("client_secret",i);const r=li(nm,t);return await Qr(r)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),t=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:t+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:t}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,em(i,r)));return Q0(i,r,s)}}const im="https://www.facebook.com/v16.0/dialog/oauth",rm="https://graph.facebook.com/v16.0/oauth/access_token";class Df{constructor(e,t,i){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=t,this.redirectURI=i}createAuthorizationURL(e,t){const i=new URL(im);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),t.length>0&&i.searchParams.set("scope",t.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const t=new URLSearchParams;t.set("grant_type","authorization_code"),t.set("code",e),t.set("redirect_uri",this.redirectURI),t.set("client_id",this.clientId),t.set("client_secret",this.clientSecret);const i=li(rm,t);return await Qr(i)}}const sm="https://accounts.google.com/o/oauth2/v2/auth",rd="https://oauth2.googleapis.com/token",om="https://oauth2.googleapis.com/revoke";class Ff{constructor(e,t,i){te(this,"client");this.client=new Uc(e,t,i)}createAuthorizationURL(e,t,i){return this.client.createAuthorizationURLWithPKCE(sm,e,Ai.S256,t,i)}async validateAuthorizationCode(e,t){return await this.client.validateAuthorizationCode(rd,e,t)}async refreshAccessToken(e){return await this.client.refreshAccessToken(rd,e,[])}async revokeToken(e){await this.client.revokeToken(om,e)}}class Vc{constructor(e,t){te(this,"value");te(this,"unit");this.value=e,this.unit=t}milliseconds(){return this.unit==="ms"?this.value:this.unit==="s"?this.value*1e3:this.unit==="m"?this.value*1e3*60:this.unit==="h"?this.value*1e3*60*60:this.unit==="d"?this.value*1e3*60*60*24:this.value*1e3*60*60*24*7}seconds(){return this.milliseconds()/1e3}transform(e){return new Vc(Math.round(this.milliseconds()*e),"ms")}}async function sd(n,e,t,i){const r={alg:n,typ:"JWT",...i==null?void 0:i.headers},s={...t};(i==null?void 0:i.audiences)!==void 0&&(s.aud=i.audiences),(i==null?void 0:i.subject)!==void 0&&(s.sub=i.subject),(i==null?void 0:i.issuer)!==void 0&&(s.iss=i.issuer),(i==null?void 0:i.jwtId)!==void 0&&(s.jti=i.jwtId),(i==null?void 0:i.expiresIn)!==void 0&&(s.exp=Math.floor(Date.now()/1e3)+i.expiresIn.seconds()),(i==null?void 0:i.notBefore)!==void 0&&(s.nbf=Math.floor(i.notBefore.getTime()/1e3)),s.iat=Math.floor(Date.now()/1e3);const o=new TextEncoder,c=tn.encode(o.encode(JSON.stringify(r)),{includePadding:!1}),l=tn.encode(o.encode(JSON.stringify(s)),{includePadding:!1}),u=o.encode([c,l].join(".")),p=await cm(n).sign(e,u),g=tn.encode(new Uint8Array(p),{includePadding:!1});return[c,l,g].join(".")}function am(n){const e=n.split(".");return e.length!==3?null:e}function Mc(n){const e=am(n);if(!e)return null;const t=new TextDecoder,i=tn.decode(e[0],{strict:!1}),r=tn.decode(e[1],{strict:!1}),s=JSON.parse(t.decode(i));if(typeof s!="object"||s===null||!("alg"in s)||!lm(s.alg)||"typ"in s&&s.typ!=="JWT")return null;const o=JSON.parse(t.decode(r));if(typeof o!="object"||o===null)return null;const c={algorithm:s.alg,expiresAt:null,subject:null,issuedAt:null,issuer:null,jwtId:null,audiences:null,notBefore:null};if("exp"in o){if(typeof o.exp!="number")return null;c.expiresAt=new Date(o.exp*1e3)}if("iss"in o){if(typeof o.iss!="string")return null;c.issuer=o.iss}if("sub"in o){if(typeof o.sub!="string")return null;c.subject=o.sub}if("aud"in o)if(Array.isArray(o.aud)){for(const l of o.aud)if(typeof l!="string")return null;c.audiences=o.aud}else{if(typeof o.aud!="string")return null;c.audiences=[o.aud]}if("nbf"in o){if(typeof o.nbf!="number")return null;c.notBefore=new Date(o.nbf*1e3)}if("iat"in o){if(typeof o.iat!="number")return null;c.issuedAt=new Date(o.iat*1e3)}if("jti"in o){if(typeof o.jti!="string")return null;c.jwtId=o.jti}return{value:n,header:{...s,typ:"JWT",alg:s.alg},payload:{...o},parts:e,...c}}function cm(n){return new f0(um[n])}function lm(n){return typeof n!="string"?!1:["HS256","HS384","HS512","RS256","RS384","RS512","ES256","ES384","ES512","PS256","PS384","PS512"].includes(n)}const um={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},Gs=a.z.object({iss:a.z.string().url(),sub:a.z.string(),aud:a.z.string(),exp:a.z.number(),email:a.z.string().optional(),given_name:a.z.string().optional(),family_name:a.z.string().optional(),name:a.z.string().optional(),iat:a.z.number(),auth_time:a.z.number().optional(),nonce:a.z.string().optional(),acr:a.z.string().optional(),amr:a.z.array(a.z.string()).optional(),azp:a.z.string().optional(),at_hash:a.z.string().optional(),c_hash:a.z.string().optional()}).passthrough();Gs.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function qf(n){const{options:e}=n;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const t=Buffer.from(e.app_secret,"utf-8"),i=t.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return t.fill(0),{options:e,keyArray:r}}async function dm(n,e){var l,u;const{options:t,keyArray:i}=qf(e),r=new Hf(t.client_id,t.team_id,t.kid,i,`${n.env.ISSUER}callback`),s=Ke(),o=await r.createAuthorizationURL(s,((l=t.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=t.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&o.searchParams.set("response_mode","form_post"),{redirectUrl:o.href,code:s}}async function pm(n,e,t){const{options:i,keyArray:r}=qf(e),o=await new Hf(i.client_id,i.team_id,i.kid,r,`${n.env.ISSUER}callback`).validateAuthorizationCode(t),c=Mc(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Gs.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const fm=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:dm,validateAuthorizationCodeAndGetUser:pm},Symbol.toStringTag,{value:"Module"}));async function hm(n,e){var o;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required authentication parameters");const i=new Df(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke();return{redirectUrl:i.createAuthorizationURL(r,((o=t.scope)==null?void 0:o.split(" "))||["email"]).href,code:r}}async function gm(n,e,t){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const s=await new Df(i.client_id,i.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode(t),o=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!o.ok)throw new Error("Failed to fetch user info");const c=await o.json();return n.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const _m=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:hm,validateAuthorizationCodeAndGetUser:gm},Symbol.toStringTag,{value:"Module"}));async function mm(n,e){var c;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required Google authentication parameters");const i=new Ff(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke(),s=G0();return{redirectUrl:i.createAuthorizationURL(r,s,((c=t.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:r,codeVerifier:s}}async function ym(n,e,t,i){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const o=await new Ff(r.client_id,r.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode(t,i);console.log("got here");const c=Mc(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Gs.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const vm=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:mm,validateAuthorizationCodeAndGetUser:ym},Symbol.toStringTag,{value:"Module"}));async function wm(n,e){var o;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required authentication parameters");const i=new Uc(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke(),s=i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,((o=t.scope)==null?void 0:o.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:r}}async function bm(n,e,t){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const s=await new Uc(i.client_id,i.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",t,null),o=Mc(s.idToken());if(!o)throw new Error("Invalid ID token");const c=Gs.parse(o.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new N(400,{message:"Failed to get user from vipps"});return await l.json()}const km=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:wm,validateAuthorizationCodeAndGetUser:bm},Symbol.toStringTag,{value:"Module"}));function Kf(n,e){const t=n.env.STRATEGIES||{},r={apple:fm,facebook:_m,"google-oauth2":vm,vipps:km,...t}[e];if(!r)throw new Error(`Strategy ${e} not found`);return r}async function Hc(n,e){const t=await n.data.clients.get(e);if(!t)throw new N(403,{message:"Client not found"});const i=n.DEFAULT_CLIENT_ID?await n.data.clients.get(n.DEFAULT_CLIENT_ID):void 0,r=await n.data.connections.list(t.tenant.id),s=n.DEFAULT_TENANT_ID?await n.data.connections.list(n.DEFAULT_TENANT_ID):{connections:[]},o=r.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(g=>g.name===c.name);return l!=null&&l.options?zt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...t,web_origins:[...(i==null?void 0:i.web_origins)||[],...t.web_origins||[],`${n.ISSUER}u/login`],allowed_logout_urls:[...(i==null?void 0:i.allowed_logout_urls)||[],...t.allowed_logout_urls||[],n.ISSUER],callbacks:[...(i==null?void 0:i.callbacks)||[],...t.callbacks||[],`${n.ISSUER}u/info`],connections:o,domains:[...t.domains||[],...(i==null?void 0:i.domains)||[]],tenant:{...(i==null?void 0:i.tenant)||{},...t.tenant}}}function Js(n,e=[]){try{const t=new URL(n);return e.some(i=>{try{return xm(t,new URL(i))}catch{return!1}})}catch{return!1}}function xm(n,e){if(n.protocol!==e.protocol||n.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const t=e.hostname.split(".").slice(1).join(".");return n.hostname.endsWith(t)}return n.hostname===e.hostname}function Sm(n){try{const t=/-----BEGIN (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----([^-]*)-----END (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----/.exec(n);if(!t||!t[1])throw new Error("Invalid PEM format");return Uint8Array.from(atob(t[1].replace(/\s/g,"")),i=>i.charCodeAt(0)).buffer}finally{n=n.replace(/./g,"\0")}}async function Am(n,e){if(e==="plain")return n;const t=new TextEncoder().encode(n),i=await Bf(t);return tn.encode(new Uint8Array(i))}function Wf(n,e,t){const i=[];return i.push([encodeURIComponent(n),encodeURIComponent(e)]),(t==null?void 0:t.domain)!==void 0&&i.push(["Domain",t.domain]),(t==null?void 0:t.expires)!==void 0&&i.push(["Expires",t.expires.toUTCString()]),t!=null&&t.httpOnly&&i.push(["HttpOnly"]),(t==null?void 0:t.maxAge)!==void 0&&i.push(["Max-Age",t.maxAge.toString()]),(t==null?void 0:t.path)!==void 0&&i.push(["Path",t.path]),(t==null?void 0:t.sameSite)==="lax"&&i.push(["SameSite","Lax"]),(t==null?void 0:t.sameSite)==="none"&&i.push(["SameSite","None"]),(t==null?void 0:t.sameSite)==="strict"&&i.push(["SameSite","Strict"]),t!=null&&t.secure&&i.push(["Secure"]),i.map(r=>r.join("=")).join("; ")}function Im(n){const e=new Map,t=n.split("; ");for(const i of t){const r=i.split("="),s=r[0],o=r[1]??"";s&&e.set(decodeURIComponent(s),decodeURIComponent(o))}return e}function Dc(n){return`${n}-${R0}`}function Gf(n,e){return e?Im(e).get(Dc(n)):void 0}function Em(n){const e={path:"/",httpOnly:!0,secure:!0,maxAge:0};return Wf(Dc(n),"",{...e,sameSite:"none"})}function Jf(n,e){const t={path:"/",httpOnly:!0,secure:!0,maxAge:Pf};return Wf(Dc(n),e,{...t,sameSite:"none"})}var Fc={},Zs={};(function(n){const e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",t=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",i="["+e+"]["+t+"]*",r=new RegExp("^"+i+"$"),s=function(c,l){const u=[];let p=l.exec(c);for(;p;){const g=[];g.startIndex=l.lastIndex-p[0].length;const m=p.length;for(let x=0;x<m;x++)g.push(p[x]);u.push(g),p=l.exec(c)}return u},o=function(c){const l=r.exec(c);return!(l===null||typeof l>"u")};n.isExist=function(c){return typeof c<"u"},n.isEmptyObject=function(c){return Object.keys(c).length===0},n.merge=function(c,l,u){if(l){const p=Object.keys(l),g=p.length;for(let m=0;m<g;m++)u==="strict"?c[p[m]]=[l[p[m]]]:c[p[m]]=l[p[m]]}},n.getValue=function(c){return n.isExist(c)?c:""},n.isName=o,n.getAllMatches=s,n.nameRegexp=i})(Zs);const qc=Zs,$m={allowBooleanAttributes:!1,unpairedTags:[]};Fc.validate=function(n,e){e=Object.assign({},$m,e);const t=[];let i=!1,r=!1;n[0]==="\uFEFF"&&(n=n.substr(1));for(let s=0;s<n.length;s++)if(n[s]==="<"&&n[s+1]==="?"){if(s+=2,s=ad(n,s),s.err)return s}else if(n[s]==="<"){let o=s;if(s++,n[s]==="!"){s=cd(n,s);continue}else{let c=!1;n[s]==="/"&&(c=!0,s++);let l="";for(;s<n.length&&n[s]!==">"&&n[s]!==" "&&n[s]!==" "&&n[s]!==`
|
|
125
|
+
`,i}async function g0(n){const e=await n.publicKey.export(),t=await crypto.subtle.exportKey("jwk",e),i=JSON.stringify(t,Object.keys(t).sort()),s=new TextEncoder().encode(i);return La(await Bf(s))}const _0=1e3*60*60*24,m0=new a.OpenAPIHono().openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(wo)}},description:"List of keys"}}}),async n=>{const t=(await n.env.data.keys.list()).filter(i=>"cert"in i).map(i=>i);return n.json(t)}).openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:wo}},description:"The requested key"}}}),async n=>{const{kid:e}=n.req.valid("param"),i=(await n.env.data.keys.list()).find(r=>r.kid===e);if(!i)throw new N(404,{message:"Key not found"});return n.json(i)}).openapi(a.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async n=>{const e=await n.env.data.keys.list();for await(const i of e)await n.env.data.keys.update(i.kid,{revoked_at:new Date(Date.now()+_0).toISOString()});const t=await Ua({name:`CN=${n.env.ORGANIZATION_NAME}`});return await n.env.data.keys.create(t),n.text("OK",{status:201})}).openapi(a.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async n=>{const{kid:e}=n.req.valid("param");if(!await n.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Key not found"});const i=await Ua({name:`CN=${n.env.ORGANIZATION_NAME}`});return await n.env.data.keys.create(i),n.text("OK")}),y0=new a.OpenAPIHono().openapi(a.createRoute({tags:["users"],method:"get",path:"/",request:{query:a.z.object({email:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.array(Da)}},description:"List of users"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{email:t}=n.req.valid("query"),r=(await Ud(n.env.data.users,e,t)).filter(s=>!s.linked_to);return n.json(r)}),v0=Mt.extend({clients:a.z.array(Jt)}),w0=new a.OpenAPIHono().openapi(a.createRoute({tags:["clients"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([v0,a.z.array(Jt)])}},description:"List of clients"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r,sort:s,q:o}=n.req.valid("query"),l=(await n.env.data.applications.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o})).applications;return r?n.json({clients:l,start:0,limit:10,length:l.length}):n.json(l)}).openapi(a.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"An application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),r=(await n.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===t);if(!r)throw new N(404);return n.json(r)}).openapi(a.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param");if(!await n.env.data.applications.remove(e,t))throw new N(404,{message:"Application not found"});return n.text("OK")}).openapi(a.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(dr.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Jt}},description:"The update application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),r=n.req.valid("json");await n.env.data.applications.update(e,t,r);const s=await n.env.data.applications.get(e,t);if(!s)throw new N(404,{message:"Application not found"});return n.json(s)}).openapi(a.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(dr.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:a.z.object(Jt.shape)}},description:"An application"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i={...t,id:t.id||Ke(),client_secret:t.client_secret||Ke()},r=await n.env.data.applications.create(e,i);return n.json(r,{status:201})});a.z.object({start:a.z.number(),limit:a.z.number(),length:a.z.number()});ns.extend({email:a.z.string(),login_count:a.z.number(),multifactor:a.z.array(a.z.string()).optional(),last_ip:a.z.string().optional(),last_login:a.z.string().optional(),user_id:a.z.string()}).catchall(a.z.any());const b0=Mt.extend({tenants:a.z.array(An)}),k0=new a.OpenAPIHono().openapi(a.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:rn},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.union([a.z.array(An),b0])}},description:"List of tenants"}}}),async n=>{const{page:e,per_page:t,include_totals:i,sort:r,q:s}=n.req.valid("query"),o=await n.env.data.tenants.list({page:e,per_page:t,include_totals:i,sort:Mn(r),q:s});return i?n.json(o):n.json(o.tenants)}).openapi(a.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:An}},description:"A tenant"}}}),async n=>{const{id:e}=n.req.valid("param"),t=await n.env.data.tenants.get(e);if(!t)throw new N(404);return n.json(t)}).openapi(a.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{id:e}=n.req.valid("param");return await n.env.data.tenants.remove(e),n.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(fr.shape).partial()}}},params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{id:e}=n.req.valid("param"),t=n.req.valid("json");return await n.env.data.tenants.update(e,t),n.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(fr.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:An}},description:"An tenant"}}}),async n=>{const e=n.req.valid("json"),t=await n.env.data.tenants.create(e);return n.json(t,{status:201})}),x0=Mt.extend({logs:a.z.array(gr)}),S0=new a.OpenAPIHono().openapi(a.createRoute({tags:["logs"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(gr),x0])}},description:"List of log rows"}}}),async n=>{const{page:e,per_page:t,include_totals:i,sort:r,q:s}=n.req.valid("query"),{"tenant-id":o}=n.req.valid("header"),c=await n.env.data.logs.list(o,{page:e,per_page:t,include_totals:i,sort:Mn(r),q:s});return i?n.json(c):n.json(c.logs)}).openapi(a.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:gr}},description:"A log entry"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=await n.env.data.logs.get(e,t);if(!i)throw new N(404);return n.json(i)}),A0=Mt.extend({hooks:a.z.array(xn)}),I0=new a.OpenAPIHono().openapi(a.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(xn),A0])}},description:"List of hooks"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r,sort:s,q:o}=n.req.valid("query"),c=await n.env.data.hooks.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o});return r?n.json(c):n.json(c.hooks)}).openapi(a.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(hr.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:xn}},description:"The created hook"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.hooks.create(e,t);return n.json(i,{status:201})}).openapi(a.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()}),body:{content:{"application/json":{schema:a.z.object(hr.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param"),i=n.req.valid("json");await n.env.data.hooks.update(e,t,i);const r=await n.env.data.hooks.get(e,t);if(!r)throw new N(404,{message:"Hook not found"});return n.json(r)}).openapi(a.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xn}},description:"A hook"},404:{description:"Hook not found"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param"),i=await n.env.data.hooks.get(e,t);if(!i)throw new N(404,{message:"Hook not found"});return n.json(i)}).openapi(a.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{hook_id:t}=n.req.valid("param");if(!await n.env.data.hooks.remove(e,t))throw new N(404,{message:"Hook not found"});return n.text("OK")}),E0=Mt.extend({connections:a.z.array(zt)}),$0=new a.OpenAPIHono().openapi(a.createRoute({tags:["connections"],method:"get",path:"/",request:{query:rn,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(zt),E0])}},description:"List of connectionss"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{page:t,per_page:i,include_totals:r=!1,sort:s,q:o}=n.req.valid("query"),c=await n.env.data.connections.list(e,{page:t,per_page:i,include_totals:r,sort:Mn(s),q:o});return r?n.json(c):n.json(c.connections)}).openapi(a.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:zt}},description:"A connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=await n.env.data.connections.get(e,t);if(!i)throw new N(404);return n.json(i)}).openapi(a.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param");if(!await n.env.data.connections.remove(e,t))throw new N(404,{message:"Connection not found"});return n.text("OK")}).openapi(a.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(pr.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:zt}},description:"The updated connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),{id:t}=n.req.valid("param"),i=n.req.valid("json");if(!await n.env.data.connections.update(e,t,i))throw new N(404,{message:"Connection not found"});const s=await n.env.data.connections.get(e,t);if(!s)throw new N(404,{message:"Connection not found"});return n.json(s)}).openapi(a.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(pr.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:zt}},description:"A connection"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.connections.create(e,t);return n.json(i,{status:201})}),C0=new a.OpenAPIHono().openapi(a.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Xi}},description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.promptSettings.get(e);return t?n.json(t):n.json(Xi.parse({}))}).openapi(a.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Xi.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json"),i=await n.env.data.promptSettings.get(e);return Object.assign(i,t),await n.env.data.promptSettings.set(e,i),n.json(i)});let Ju=!1;function Tf(n){n.use(async(e,t)=>(Ju||(n.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ju=!0),await t()))}a.z.object({alg:a.z.literal("RS256"),kty:a.z.literal("RSA"),use:a.z.literal("sig"),n:a.z.string(),e:a.z.string(),kid:a.z.string(),x5t:a.z.string(),x5c:a.z.array(a.z.string())});async function j0(n){try{const e=await n.JWKS_SERVICE.fetch(n.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new N(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function z0(n,e){const i=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),r=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),o=(await j0(n.env)).find(l=>l.kid===e.header.kid);if(!o)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",o,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,r,i)}function N0(n){const[e,t,i]=n.split(".");if(!e||!t||!i)return null;const r=JSON.parse(atob(e)),s=JSON.parse(atob(t)),o=atob(i.replace(/-/g,"+").replace(/_/g,"/"));return{header:r,payload:s,signature:o,raw:{header:e,payload:t,signature:i}}}function Rf(n){return async(e,t)=>{var r,s,o;const i=n.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(i&&"route"in i){const c=(s=(r=i.route.security)==null?void 0:r[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await t();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new N(401,{message:"Missing bearer token"});const g=N0(p);if(!g||!await z0(e,g))throw new N(403,{message:"Invalid JWT signature"});e.set("user_id",g.payload.sub),e.set("user",g.payload);const m=g.payload.permissions||[],x=((o=g.payload.scope)==null?void 0:o.split(" "))||[];if(c.length&&!(c.some(h=>m.includes(h))||c.some(h=>x.includes(h))))throw new N(403,{message:"Unauthorized"})}return await t()}}const O0=new a.OpenAPIHono().openapi(a.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Qi}},description:"Email provider"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.emailProviders.get(e);if(!t)throw new N(404,{message:"Email provider not found"});return n.json(t)}).openapi(a.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Qi.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.emailProviders.create(e,t),n.text("OK",{status:201})}).openapi(a.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Qi.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.emailProviders.update(e,t),n.text("OK")});function B0(){const n=new a.OpenAPIHono;n.use(Rf(n));const e=n.route("/branding",eg).route("/email/providers",O0).route("/users",mg).route("/keys",m0).route("/users-by-email",y0).route("/clients",w0).route("/tenants",k0).route("/logs",S0).route("/hooks",I0).route("/connections",$0).route("/prompts",C0);return Tf(e),e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"}}),e}function T0(n,e){Object.keys(e).forEach(t=>{const i=e[t];i!=null&&i.length&&n.searchParams.set(t,i)})}function Vn(n){var e,t,i;return{auth0Client:(e=n.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(t=n.header("x-real-ip"))==null?void 0:t.slice(0,45),useragent:(i=n.header("user-agent"))==null?void 0:i.slice(0,512)}}const Yi=60*5,Pf=30*24*60*60,Xr=24*60*60,R0="auth-token",Zu=30*60*1e3,P0=5*60,L0=5*60;var Yu;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(Yu||(Yu={}));var Xu;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(Xu||(Xu={}));function U0(n){return Uf(n,V0,Si.Include)}function Lf(n){return Uf(n,M0,Si.None)}function Uf(n,e,t){let i="";for(let r=0;r<n.byteLength;r+=3){let s=0,o=0;for(let c=0;c<3&&r+c<n.byteLength;c++)s=s<<8|n[r+c],o+=8;for(let c=0;c<4;c++)o>=6?(i+=e[s>>o-6&63],o-=6):o>0?(i+=e[s<<6-o&63],o=0):t===Si.Include&&(i+="=")}return i}const V0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",M0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Si;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(Si||(Si={}));var Qu;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(Qu||(Qu={}));class H0{uint8(e,t){if(e.byteLength<t+1)throw new TypeError("Insufficient bytes");return e[t]}uint16(e,t){if(e.byteLength<t+2)throw new TypeError("Insufficient bytes");return e[t]<<8|e[t+1]}uint32(e,t){if(e.byteLength<t+4)throw new TypeError("Insufficient bytes");let i=0;for(let r=0;r<4;r++)i|=e[t+r]<<24-r*8;return i}uint64(e,t){if(e.byteLength<t+8)throw new TypeError("Insufficient bytes");let i=0n;for(let r=0;r<8;r++)i|=BigInt(e[t+r])<<BigInt(56-r*8);return i}putUint8(e,t,i){if(e.length<i+1)throw new TypeError("Not enough space");if(t<0||t>255)throw new TypeError("Invalid uint8 value");e[i]=t}putUint16(e,t,i){if(e.length<i+2)throw new TypeError("Not enough space");if(t<0||t>65535)throw new TypeError("Invalid uint16 value");e[i]=t>>8,e[i+1]=t&255}putUint32(e,t,i){if(e.length<i+4)throw new TypeError("Not enough space");if(t<0||t>4294967295)throw new TypeError("Invalid uint32 value");for(let r=0;r<4;r++)e[i+r]=t>>(3-r)*8&255}putUint64(e,t,i){if(e.length<i+8)throw new TypeError("Not enough space");if(t<0||t>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let r=0;r<8;r++)e[i+r]=Number(t>>BigInt((7-r)*8)&0xffn)}}const ed=new H0;function pt(n,e){return(n<<32-e|n>>>e)>>>0}function D0(n){const e=new F0;return e.update(n),e.digest()}class F0{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let t=0;if(this.currentBlockSize>0){const i=e.slice(0,64-this.currentBlockSize);this.blocks.set(i,this.currentBlockSize),this.process(),t+=i.byteLength,this.currentBlockSize=0}for(;t+64<=e.byteLength;){const i=e.slice(t,t+64);this.blocks.set(i),this.process(),t+=64}if(e.byteLength-t>0){const i=e.slice(t);this.blocks.set(i),this.currentBlockSize=i.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),ed.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let t=0;t<8;t++)ed.putUint32(e,this.H[t],t*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(pt(this.w[u-2],17)^pt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,g=(pt(this.w[u-15],7)^pt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+g+this.w[u-16]|0}let e=this.H[0],t=this.H[1],i=this.H[2],r=this.H[3],s=this.H[4],o=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(pt(s,6)^pt(s,11)^pt(s,25))>>>0,g=(s&o^~s&c)>>>0,m=l+p+g+q0[u]+this.w[u]|0,x=(pt(e,2)^pt(e,13)^pt(e,22))>>>0,h=(e&t^e&i^t&i)>>>0,_=x+h|0;l=c,c=o,o=s,s=r+m|0,r=i,i=t,t=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=t+this.H[1]|0,this.H[2]=i+this.H[2]|0,this.H[3]=r+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=o+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const q0=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class K0{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function W0(n){const e=D0(new TextEncoder().encode(n));return Lf(e)}function G0(){const n=new Uint8Array(32);return crypto.getRandomValues(n),Lf(n)}function li(n,e){const t=new TextEncoder().encode(e.toString()),i=new Request(n,{method:"POST",body:t});return i.headers.set("Content-Type","application/x-www-form-urlencoded"),i.headers.set("Accept","application/json"),i.headers.set("User-Agent","arctic"),i.headers.set("Content-Length",t.byteLength.toString()),i}function go(n,e){const t=new TextEncoder().encode(`${n}:${e}`);return U0(t)}async function Qr(n){let e;try{e=await fetch(n)}catch(t){throw new Mf(t)}if(e.status===400||e.status===401){let t;try{t=await e.json()}catch{throw new rr(e.status)}if(typeof t!="object"||t===null)throw new $n(e.status,t);let i;try{i=Vf(t)}catch{throw new $n(e.status,t)}throw i}if(e.status===200){let t;try{t=await e.json()}catch{throw new rr(e.status)}if(typeof t!="object"||t===null)throw new $n(e.status,t);return new K0(t)}throw e.body!==null&&await e.body.cancel(),new rr(e.status)}async function J0(n){let e;try{e=await fetch(n)}catch(t){throw new Mf(t)}if(e.status===400||e.status===401){let t;try{t=await e.json()}catch{throw new $n(e.status,null)}if(typeof t!="object"||t===null)throw new $n(e.status,t);let i;try{i=Vf(t)}catch{throw new $n(e.status,t)}throw i}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new rr(e.status)}function Vf(n){let e;if("error"in n&&typeof n.error=="string")e=n.error;else throw new Error("Invalid error response");let t=null,i=null,r=null;if("error_description"in n){if(typeof n.error_description!="string")throw new Error("Invalid data");t=n.error_description}if("error_uri"in n){if(typeof n.error_uri!="string")throw new Error("Invalid data");i=n.error_uri}if("state"in n){if(typeof n.state!="string")throw new Error("Invalid data");r=n.state}return new Z0(e,t,i,r)}class Mf extends Error{constructor(e){super("Failed to send request",{cause:e})}}class Z0 extends Error{constructor(t,i,r,s){super(`OAuth request error: ${t}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=t,this.description=i,this.uri=r,this.state=s}}class rr extends Error{constructor(t){super("Unexpected error response");te(this,"status");this.status=t}}class $n extends Error{constructor(t,i){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=t,this.data=i}}class Uc{constructor(e,t,i){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=t,this.redirectURI=i}createAuthorizationURL(e,t,i){const r=new URL(e);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&r.searchParams.set("redirect_uri",this.redirectURI),r.searchParams.set("state",t),i.length>0&&r.searchParams.set("scope",i.join(" ")),r}createAuthorizationURLWithPKCE(e,t,i,r,s){const o=new URL(e);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&o.searchParams.set("redirect_uri",this.redirectURI),o.searchParams.set("state",t),i===Ai.S256){const c=W0(r);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",c)}else i===Ai.Plain&&(o.searchParams.set("code_challenge_method","plain"),o.searchParams.set("code_challenge",r));return s.length>0&&o.searchParams.set("scope",s.join(" ")),o}async validateAuthorizationCode(e,t,i){const r=new URLSearchParams;r.set("grant_type","authorization_code"),r.set("code",t),this.redirectURI!==null&&r.set("redirect_uri",this.redirectURI),i!==null&&r.set("code_verifier",i),this.clientPassword===null&&r.set("client_id",this.clientId);const s=li(e,r);if(this.clientPassword!==null){const c=go(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Qr(s)}async refreshAccessToken(e,t,i){const r=new URLSearchParams;r.set("grant_type","refresh_token"),r.set("refresh_token",t),this.clientPassword===null&&r.set("client_id",this.clientId),i.length>0&&r.set("scope",i.join(" "));const s=li(e,r);if(this.clientPassword!==null){const c=go(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Qr(s)}async revokeToken(e,t){const i=new URLSearchParams;i.set("token",t),this.clientPassword===null&&i.set("client_id",this.clientId);const r=li(e,i);if(this.clientPassword!==null){const s=go(this.clientId,this.clientPassword);r.headers.set("Authorization",`Basic ${s}`)}await J0(r)}}var Ai;(function(n){n[n.S256=0]="S256",n[n.Plain=1]="Plain"})(Ai||(Ai={}));var td;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(td||(td={}));var nd;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(nd||(nd={}));function ui(n){return Y0(n,X0,es.None)}function Y0(n,e,t){let i="";for(let r=0;r<n.byteLength;r+=3){let s=0,o=0;for(let c=0;c<3&&r+c<n.byteLength;c++)s=s<<8|n[r+c],o+=8;for(let c=0;c<4;c++)o>=6?(i+=e[s>>o-6&63],o-=6):o>0?(i+=e[s<<6-o&63],o=0):t===es.Include&&(i+="=")}return i}const X0="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var es;(function(n){n[n.Include=0]="Include",n[n.None=1]="None"})(es||(es={}));var id;(function(n){n[n.Required=0]="Required",n[n.Ignore=1]="Ignore"})(id||(id={}));function Q0(n,e,t){const i=ui(new TextEncoder().encode(n)),r=ui(new TextEncoder().encode(e)),s=ui(t);return i+"."+r+"."+s}function em(n,e){const t=ui(new TextEncoder().encode(n)),i=ui(new TextEncoder().encode(e)),r=t+"."+i;return new TextEncoder().encode(r)}const tm="https://appleid.apple.com/auth/authorize",nm="https://appleid.apple.com/auth/token";class Hf{constructor(e,t,i,r,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=t,this.keyId=i,this.pkcs8PrivateKey=r,this.redirectURI=s}createAuthorizationURL(e,t){const i=new URL(tm);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),t.length>0&&i.searchParams.set("scope",t.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const t=new URLSearchParams;t.set("grant_type","authorization_code"),t.set("code",e),t.set("redirect_uri",this.redirectURI),t.set("client_id",this.clientId);const i=await this.createClientSecret();t.set("client_secret",i);const r=li(nm,t);return await Qr(r)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),t=Math.floor(Date.now()/1e3),i=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),r=JSON.stringify({iss:this.teamId,exp:t+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:t}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,em(i,r)));return Q0(i,r,s)}}const im="https://www.facebook.com/v16.0/dialog/oauth",rm="https://graph.facebook.com/v16.0/oauth/access_token";class Df{constructor(e,t,i){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=t,this.redirectURI=i}createAuthorizationURL(e,t){const i=new URL(im);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),i.searchParams.set("state",e),t.length>0&&i.searchParams.set("scope",t.join(" ")),i.searchParams.set("redirect_uri",this.redirectURI),i}async validateAuthorizationCode(e){const t=new URLSearchParams;t.set("grant_type","authorization_code"),t.set("code",e),t.set("redirect_uri",this.redirectURI),t.set("client_id",this.clientId),t.set("client_secret",this.clientSecret);const i=li(rm,t);return await Qr(i)}}const sm="https://accounts.google.com/o/oauth2/v2/auth",rd="https://oauth2.googleapis.com/token",om="https://oauth2.googleapis.com/revoke";class Ff{constructor(e,t,i){te(this,"client");this.client=new Uc(e,t,i)}createAuthorizationURL(e,t,i){return this.client.createAuthorizationURLWithPKCE(sm,e,Ai.S256,t,i)}async validateAuthorizationCode(e,t){return await this.client.validateAuthorizationCode(rd,e,t)}async refreshAccessToken(e){return await this.client.refreshAccessToken(rd,e,[])}async revokeToken(e){await this.client.revokeToken(om,e)}}class Vc{constructor(e,t){te(this,"value");te(this,"unit");this.value=e,this.unit=t}milliseconds(){return this.unit==="ms"?this.value:this.unit==="s"?this.value*1e3:this.unit==="m"?this.value*1e3*60:this.unit==="h"?this.value*1e3*60*60:this.unit==="d"?this.value*1e3*60*60*24:this.value*1e3*60*60*24*7}seconds(){return this.milliseconds()/1e3}transform(e){return new Vc(Math.round(this.milliseconds()*e),"ms")}}async function sd(n,e,t,i){const r={alg:n,typ:"JWT",...i==null?void 0:i.headers},s={...t};(i==null?void 0:i.audiences)!==void 0&&(s.aud=i.audiences),(i==null?void 0:i.subject)!==void 0&&(s.sub=i.subject),(i==null?void 0:i.issuer)!==void 0&&(s.iss=i.issuer),(i==null?void 0:i.jwtId)!==void 0&&(s.jti=i.jwtId),(i==null?void 0:i.expiresIn)!==void 0&&(s.exp=Math.floor(Date.now()/1e3)+i.expiresIn.seconds()),(i==null?void 0:i.notBefore)!==void 0&&(s.nbf=Math.floor(i.notBefore.getTime()/1e3)),s.iat=Math.floor(Date.now()/1e3);const o=new TextEncoder,c=tn.encode(o.encode(JSON.stringify(r)),{includePadding:!1}),l=tn.encode(o.encode(JSON.stringify(s)),{includePadding:!1}),u=o.encode([c,l].join(".")),p=await cm(n).sign(e,u),g=tn.encode(new Uint8Array(p),{includePadding:!1});return[c,l,g].join(".")}function am(n){const e=n.split(".");return e.length!==3?null:e}function Mc(n){const e=am(n);if(!e)return null;const t=new TextDecoder,i=tn.decode(e[0],{strict:!1}),r=tn.decode(e[1],{strict:!1}),s=JSON.parse(t.decode(i));if(typeof s!="object"||s===null||!("alg"in s)||!lm(s.alg)||"typ"in s&&s.typ!=="JWT")return null;const o=JSON.parse(t.decode(r));if(typeof o!="object"||o===null)return null;const c={algorithm:s.alg,expiresAt:null,subject:null,issuedAt:null,issuer:null,jwtId:null,audiences:null,notBefore:null};if("exp"in o){if(typeof o.exp!="number")return null;c.expiresAt=new Date(o.exp*1e3)}if("iss"in o){if(typeof o.iss!="string")return null;c.issuer=o.iss}if("sub"in o){if(typeof o.sub!="string")return null;c.subject=o.sub}if("aud"in o)if(Array.isArray(o.aud)){for(const l of o.aud)if(typeof l!="string")return null;c.audiences=o.aud}else{if(typeof o.aud!="string")return null;c.audiences=[o.aud]}if("nbf"in o){if(typeof o.nbf!="number")return null;c.notBefore=new Date(o.nbf*1e3)}if("iat"in o){if(typeof o.iat!="number")return null;c.issuedAt=new Date(o.iat*1e3)}if("jti"in o){if(typeof o.jti!="string")return null;c.jwtId=o.jti}return{value:n,header:{...s,typ:"JWT",alg:s.alg},payload:{...o},parts:e,...c}}function cm(n){return new f0(um[n])}function lm(n){return typeof n!="string"?!1:["HS256","HS384","HS512","RS256","RS384","RS512","ES256","ES384","ES512","PS256","PS384","PS512"].includes(n)}const um={RS256:"SHA-256",RS384:"SHA-384",RS512:"SHA-512"},Gs=a.z.object({iss:a.z.string().url(),sub:a.z.string(),aud:a.z.string(),exp:a.z.number(),email:a.z.string().optional(),given_name:a.z.string().optional(),family_name:a.z.string().optional(),name:a.z.string().optional(),iat:a.z.number(),auth_time:a.z.number().optional(),nonce:a.z.string().optional(),acr:a.z.string().optional(),amr:a.z.array(a.z.string()).optional(),azp:a.z.string().optional(),at_hash:a.z.string().optional(),c_hash:a.z.string().optional()}).passthrough();Gs.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function qf(n){const{options:e}=n;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const t=Buffer.from(e.app_secret,"utf-8"),i=t.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),r=Uint8Array.from(Buffer.from(i,"base64"));return t.fill(0),{options:e,keyArray:r}}async function dm(n,e){var l,u;const{options:t,keyArray:i}=qf(e),r=new Hf(t.client_id,t.team_id,t.kid,i,`${n.env.ISSUER}callback`),s=Ke(),o=await r.createAuthorizationURL(s,((l=t.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=t.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&o.searchParams.set("response_mode","form_post"),{redirectUrl:o.href,code:s}}async function pm(n,e,t){const{options:i,keyArray:r}=qf(e),o=await new Hf(i.client_id,i.team_id,i.kid,r,`${n.env.ISSUER}callback`).validateAuthorizationCode(t),c=Mc(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Gs.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const fm=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:dm,validateAuthorizationCodeAndGetUser:pm},Symbol.toStringTag,{value:"Module"}));async function hm(n,e){var o;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required authentication parameters");const i=new Df(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke();return{redirectUrl:i.createAuthorizationURL(r,((o=t.scope)==null?void 0:o.split(" "))||["email"]).href,code:r}}async function gm(n,e,t){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const s=await new Df(i.client_id,i.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode(t),o=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!o.ok)throw new Error("Failed to fetch user info");const c=await o.json();return n.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const _m=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:hm,validateAuthorizationCodeAndGetUser:gm},Symbol.toStringTag,{value:"Module"}));async function mm(n,e){var c;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required Google authentication parameters");const i=new Ff(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke(),s=G0();return{redirectUrl:i.createAuthorizationURL(r,s,((c=t.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:r,codeVerifier:s}}async function ym(n,e,t,i){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret||!i)throw new Error("Missing required authentication parameters");const o=await new Ff(r.client_id,r.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode(t,i);console.log("got here");const c=Mc(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Gs.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const vm=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:mm,validateAuthorizationCodeAndGetUser:ym},Symbol.toStringTag,{value:"Module"}));async function wm(n,e){var o;const{options:t}=e;if(!(t!=null&&t.client_id)||!t.client_secret)throw new Error("Missing required authentication parameters");const i=new Uc(t.client_id,t.client_secret,`${n.env.ISSUER}callback`),r=Ke(),s=i.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",r,((o=t.scope)==null?void 0:o.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:r}}async function bm(n,e,t){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret)throw new Error("Missing required authentication parameters");const s=await new Uc(i.client_id,i.client_secret,`${n.env.ISSUER}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",t,null),o=Mc(s.idToken());if(!o)throw new Error("Invalid ID token");const c=Gs.parse(o.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new N(400,{message:"Failed to get user from vipps"});return await l.json()}const km=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:wm,validateAuthorizationCodeAndGetUser:bm},Symbol.toStringTag,{value:"Module"}));function Kf(n,e){const t=n.env.STRATEGIES||{},r={apple:fm,facebook:_m,"google-oauth2":vm,vipps:km,...t}[e];if(!r)throw new Error(`Strategy ${e} not found`);return r}async function Hc(n,e){const t=await n.data.clients.get(e);if(!t)throw new N(403,{message:"Client not found"});const i=n.DEFAULT_CLIENT_ID?await n.data.clients.get(n.DEFAULT_CLIENT_ID):void 0,r=await n.data.connections.list(t.tenant.id),s=n.DEFAULT_TENANT_ID?await n.data.connections.list(n.DEFAULT_TENANT_ID):{connections:[]},o=r.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(g=>g.name===c.name);return l!=null&&l.options?zt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...t,web_origins:[...(i==null?void 0:i.web_origins)||[],...t.web_origins||[],`${n.ISSUER}u/login`],allowed_logout_urls:[...(i==null?void 0:i.allowed_logout_urls)||[],...t.allowed_logout_urls||[],n.ISSUER],callbacks:[...(i==null?void 0:i.callbacks)||[],...t.callbacks||[],`${n.ISSUER}u/info`],connections:o,domains:[...t.domains||[],...(i==null?void 0:i.domains)||[]],tenant:{...(i==null?void 0:i.tenant)||{},...t.tenant}}}function Js(n,e=[]){try{const t=new URL(n);return e.some(i=>{try{return xm(t,new URL(i))}catch{return!1}})}catch{return!1}}function xm(n,e){if(n.protocol!==e.protocol||n.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const t=e.hostname.split(".").slice(1).join(".");return n.hostname.endsWith(t)}return n.hostname===e.hostname}function Sm(n){try{const t=/-----BEGIN (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----([^-]*)-----END (?:RSA )?(?:PRIVATE|PUBLIC) KEY-----/.exec(n);if(!t||!t[1])throw new Error("Invalid PEM format");return Uint8Array.from(atob(t[1].replace(/\s/g,"")),i=>i.charCodeAt(0)).buffer}finally{n=n.replace(/./g,"\0")}}async function Am(n,e){if(e==="plain")return n;const t=new TextEncoder().encode(n),i=await Bf(t);return tn.encode(new Uint8Array(i),{includePadding:!1})}function Wf(n,e,t){const i=[];return i.push([encodeURIComponent(n),encodeURIComponent(e)]),(t==null?void 0:t.domain)!==void 0&&i.push(["Domain",t.domain]),(t==null?void 0:t.expires)!==void 0&&i.push(["Expires",t.expires.toUTCString()]),t!=null&&t.httpOnly&&i.push(["HttpOnly"]),(t==null?void 0:t.maxAge)!==void 0&&i.push(["Max-Age",t.maxAge.toString()]),(t==null?void 0:t.path)!==void 0&&i.push(["Path",t.path]),(t==null?void 0:t.sameSite)==="lax"&&i.push(["SameSite","Lax"]),(t==null?void 0:t.sameSite)==="none"&&i.push(["SameSite","None"]),(t==null?void 0:t.sameSite)==="strict"&&i.push(["SameSite","Strict"]),t!=null&&t.secure&&i.push(["Secure"]),i.map(r=>r.join("=")).join("; ")}function Im(n){const e=new Map,t=n.split("; ");for(const i of t){const r=i.split("="),s=r[0],o=r[1]??"";s&&e.set(decodeURIComponent(s),decodeURIComponent(o))}return e}function Dc(n){return`${n}-${R0}`}function Gf(n,e){return e?Im(e).get(Dc(n)):void 0}function Em(n){const e={path:"/",httpOnly:!0,secure:!0,maxAge:0};return Wf(Dc(n),"",{...e,sameSite:"none"})}function Jf(n,e){const t={path:"/",httpOnly:!0,secure:!0,maxAge:Pf};return Wf(Dc(n),e,{...t,sameSite:"none"})}var Fc={},Zs={};(function(n){const e=":A-Za-z_\\u00C0-\\u00D6\\u00D8-\\u00F6\\u00F8-\\u02FF\\u0370-\\u037D\\u037F-\\u1FFF\\u200C-\\u200D\\u2070-\\u218F\\u2C00-\\u2FEF\\u3001-\\uD7FF\\uF900-\\uFDCF\\uFDF0-\\uFFFD",t=e+"\\-.\\d\\u00B7\\u0300-\\u036F\\u203F-\\u2040",i="["+e+"]["+t+"]*",r=new RegExp("^"+i+"$"),s=function(c,l){const u=[];let p=l.exec(c);for(;p;){const g=[];g.startIndex=l.lastIndex-p[0].length;const m=p.length;for(let x=0;x<m;x++)g.push(p[x]);u.push(g),p=l.exec(c)}return u},o=function(c){const l=r.exec(c);return!(l===null||typeof l>"u")};n.isExist=function(c){return typeof c<"u"},n.isEmptyObject=function(c){return Object.keys(c).length===0},n.merge=function(c,l,u){if(l){const p=Object.keys(l),g=p.length;for(let m=0;m<g;m++)u==="strict"?c[p[m]]=[l[p[m]]]:c[p[m]]=l[p[m]]}},n.getValue=function(c){return n.isExist(c)?c:""},n.isName=o,n.getAllMatches=s,n.nameRegexp=i})(Zs);const qc=Zs,$m={allowBooleanAttributes:!1,unpairedTags:[]};Fc.validate=function(n,e){e=Object.assign({},$m,e);const t=[];let i=!1,r=!1;n[0]==="\uFEFF"&&(n=n.substr(1));for(let s=0;s<n.length;s++)if(n[s]==="<"&&n[s+1]==="?"){if(s+=2,s=ad(n,s),s.err)return s}else if(n[s]==="<"){let o=s;if(s++,n[s]==="!"){s=cd(n,s);continue}else{let c=!1;n[s]==="/"&&(c=!0,s++);let l="";for(;s<n.length&&n[s]!==">"&&n[s]!==" "&&n[s]!==" "&&n[s]!==`
|
|
126
126
|
`&&n[s]!=="\r";s++)l+=n[s];if(l=l.trim(),l[l.length-1]==="/"&&(l=l.substring(0,l.length-1),s--),!Rm(l)){let g;return l.trim().length===0?g="Invalid space after '<'.":g="Tag '"+l+"' is an invalid name.",ye("InvalidTag",g,Oe(n,s))}const u=zm(n,s);if(u===!1)return ye("InvalidAttr","Attributes for '"+l+"' have open quote.",Oe(n,s));let p=u.value;if(s=u.index,p[p.length-1]==="/"){const g=s-p.length;p=p.substring(0,p.length-1);const m=ld(p,e);if(m===!0)i=!0;else return ye(m.err.code,m.err.msg,Oe(n,g+m.err.line))}else if(c)if(u.tagClosed){if(p.trim().length>0)return ye("InvalidTag","Closing tag '"+l+"' can't have attributes or invalid starting.",Oe(n,o));if(t.length===0)return ye("InvalidTag","Closing tag '"+l+"' has not been opened.",Oe(n,o));{const g=t.pop();if(l!==g.tagName){let m=Oe(n,g.tagStartPos);return ye("InvalidTag","Expected closing tag '"+g.tagName+"' (opened in line "+m.line+", col "+m.col+") instead of closing tag '"+l+"'.",Oe(n,o))}t.length==0&&(r=!0)}}else return ye("InvalidTag","Closing tag '"+l+"' doesn't have proper closing.",Oe(n,s));else{const g=ld(p,e);if(g!==!0)return ye(g.err.code,g.err.msg,Oe(n,s-p.length+g.err.line));if(r===!0)return ye("InvalidXml","Multiple possible root nodes found.",Oe(n,s));e.unpairedTags.indexOf(l)!==-1||t.push({tagName:l,tagStartPos:o}),i=!0}for(s++;s<n.length;s++)if(n[s]==="<")if(n[s+1]==="!"){s++,s=cd(n,s);continue}else if(n[s+1]==="?"){if(s=ad(n,++s),s.err)return s}else break;else if(n[s]==="&"){const g=Bm(n,s);if(g==-1)return ye("InvalidChar","char '&' is not expected.",Oe(n,s));s=g}else if(r===!0&&!od(n[s]))return ye("InvalidXml","Extra text at the end",Oe(n,s));n[s]==="<"&&s--}}else{if(od(n[s]))continue;return ye("InvalidChar","char '"+n[s]+"' is not expected.",Oe(n,s))}if(i){if(t.length==1)return ye("InvalidTag","Unclosed tag '"+t[0].tagName+"'.",Oe(n,t[0].tagStartPos));if(t.length>0)return ye("InvalidXml","Invalid '"+JSON.stringify(t.map(s=>s.tagName),null,4).replace(/\r?\n/g,"")+"' found.",{line:1,col:1})}else return ye("InvalidXml","Start tag expected.",1);return!0};function od(n){return n===" "||n===" "||n===`
|
|
127
127
|
`||n==="\r"}function ad(n,e){const t=e;for(;e<n.length;e++)if(n[e]=="?"||n[e]==" "){const i=n.substr(t,e-t);if(e>5&&i==="xml")return ye("InvalidXml","XML declaration allowed only at the start of the document.",Oe(n,e));if(n[e]=="?"&&n[e+1]==">"){e++;break}else continue}return e}function cd(n,e){if(n.length>e+5&&n[e+1]==="-"&&n[e+2]==="-"){for(e+=3;e<n.length;e++)if(n[e]==="-"&&n[e+1]==="-"&&n[e+2]===">"){e+=2;break}}else if(n.length>e+8&&n[e+1]==="D"&&n[e+2]==="O"&&n[e+3]==="C"&&n[e+4]==="T"&&n[e+5]==="Y"&&n[e+6]==="P"&&n[e+7]==="E"){let t=1;for(e+=8;e<n.length;e++)if(n[e]==="<")t++;else if(n[e]===">"&&(t--,t===0))break}else if(n.length>e+9&&n[e+1]==="["&&n[e+2]==="C"&&n[e+3]==="D"&&n[e+4]==="A"&&n[e+5]==="T"&&n[e+6]==="A"&&n[e+7]==="["){for(e+=8;e<n.length;e++)if(n[e]==="]"&&n[e+1]==="]"&&n[e+2]===">"){e+=2;break}}return e}const Cm='"',jm="'";function zm(n,e){let t="",i="",r=!1;for(;e<n.length;e++){if(n[e]===Cm||n[e]===jm)i===""?i=n[e]:i!==n[e]||(i="");else if(n[e]===">"&&i===""){r=!0;break}t+=n[e]}return i!==""?!1:{value:t,index:e,tagClosed:r}}const Nm=new RegExp(`(\\s*)([^\\s=]+)(\\s*=)?(\\s*(['"])(([\\s\\S])*?)\\5)?`,"g");function ld(n,e){const t=qc.getAllMatches(n,Nm),i={};for(let r=0;r<t.length;r++){if(t[r][1].length===0)return ye("InvalidAttr","Attribute '"+t[r][2]+"' has no space in starting.",ti(t[r]));if(t[r][3]!==void 0&&t[r][4]===void 0)return ye("InvalidAttr","Attribute '"+t[r][2]+"' is without value.",ti(t[r]));if(t[r][3]===void 0&&!e.allowBooleanAttributes)return ye("InvalidAttr","boolean attribute '"+t[r][2]+"' is not allowed.",ti(t[r]));const s=t[r][2];if(!Tm(s))return ye("InvalidAttr","Attribute '"+s+"' is an invalid name.",ti(t[r]));if(!i.hasOwnProperty(s))i[s]=1;else return ye("InvalidAttr","Attribute '"+s+"' is repeated.",ti(t[r]))}return!0}function Om(n,e){let t=/\d/;for(n[e]==="x"&&(e++,t=/[\da-fA-F]/);e<n.length;e++){if(n[e]===";")return e;if(!n[e].match(t))break}return-1}function Bm(n,e){if(e++,n[e]===";")return-1;if(n[e]==="#")return e++,Om(n,e);let t=0;for(;e<n.length;e++,t++)if(!(n[e].match(/\w/)&&t<20)){if(n[e]===";")break;return-1}return e}function ye(n,e,t){return{err:{code:n,msg:e,line:t.line||t,col:t.col}}}function Tm(n){return qc.isName(n)}function Rm(n){return qc.isName(n)}function Oe(n,e){const t=n.substring(0,e).split(/\r?\n/);return{line:t.length,col:t[t.length-1].length+1}}function ti(n){return n.startIndex+n[1].length}var Kc={};const Zf={preserveOrder:!1,attributeNamePrefix:"@_",attributesGroupName:!1,textNodeName:"#text",ignoreAttributes:!0,removeNSPrefix:!1,allowBooleanAttributes:!1,parseTagValue:!0,parseAttributeValue:!1,trimValues:!0,cdataPropName:!1,numberParseOptions:{hex:!0,leadingZeros:!0,eNotation:!0},tagValueProcessor:function(n,e){return e},attributeValueProcessor:function(n,e){return e},stopNodes:[],alwaysCreateTextNode:!1,isArray:()=>!1,commentPropName:!1,unpairedTags:[],processEntities:!0,htmlEntities:!1,ignoreDeclaration:!1,ignorePiTags:!1,transformTagName:!1,transformAttributeName:!1,updateTag:function(n,e,t){return n}},Pm=function(n){return Object.assign({},Zf,n)};Kc.buildOptions=Pm;Kc.defaultOptions=Zf;class Lm{constructor(e){this.tagname=e,this.child=[],this[":@"]={}}add(e,t){e==="__proto__"&&(e="#__proto__"),this.child.push({[e]:t})}addChild(e){e.tagname==="__proto__"&&(e.tagname="#__proto__"),e[":@"]&&Object.keys(e[":@"]).length>0?this.child.push({[e.tagname]:e.child,":@":e[":@"]}):this.child.push({[e.tagname]:e.child})}}var Um=Lm;const Vm=Zs;function Mm(n,e){const t={};if(n[e+3]==="O"&&n[e+4]==="C"&&n[e+5]==="T"&&n[e+6]==="Y"&&n[e+7]==="P"&&n[e+8]==="E"){e=e+9;let i=1,r=!1,s=!1,o="";for(;e<n.length;e++)if(n[e]==="<"&&!s){if(r&&Fm(n,e)){e+=7;let c,l;[c,l,e]=Hm(n,e+1),l.indexOf("&")===-1&&(t[Gm(c)]={regx:RegExp(`&${c};`,"g"),val:l})}else if(r&&qm(n,e))e+=8;else if(r&&Km(n,e))e+=8;else if(r&&Wm(n,e))e+=9;else if(Dm)s=!0;else throw new Error("Invalid DOCTYPE");i++,o=""}else if(n[e]===">"){if(s?n[e-1]==="-"&&n[e-2]==="-"&&(s=!1,i--):i--,i===0)break}else n[e]==="["?r=!0:o+=n[e];if(i!==0)throw new Error("Unclosed DOCTYPE")}else throw new Error("Invalid Tag instead of DOCTYPE");return{entities:t,i:e}}function Hm(n,e){let t="";for(;e<n.length&&n[e]!=="'"&&n[e]!=='"';e++)t+=n[e];if(t=t.trim(),t.indexOf(" ")!==-1)throw new Error("External entites are not supported");const i=n[e++];let r="";for(;e<n.length&&n[e]!==i;e++)r+=n[e];return[t,r,e]}function Dm(n,e){return n[e+1]==="!"&&n[e+2]==="-"&&n[e+3]==="-"}function Fm(n,e){return n[e+1]==="!"&&n[e+2]==="E"&&n[e+3]==="N"&&n[e+4]==="T"&&n[e+5]==="I"&&n[e+6]==="T"&&n[e+7]==="Y"}function qm(n,e){return n[e+1]==="!"&&n[e+2]==="E"&&n[e+3]==="L"&&n[e+4]==="E"&&n[e+5]==="M"&&n[e+6]==="E"&&n[e+7]==="N"&&n[e+8]==="T"}function Km(n,e){return n[e+1]==="!"&&n[e+2]==="A"&&n[e+3]==="T"&&n[e+4]==="T"&&n[e+5]==="L"&&n[e+6]==="I"&&n[e+7]==="S"&&n[e+8]==="T"}function Wm(n,e){return n[e+1]==="!"&&n[e+2]==="N"&&n[e+3]==="O"&&n[e+4]==="T"&&n[e+5]==="A"&&n[e+6]==="T"&&n[e+7]==="I"&&n[e+8]==="O"&&n[e+9]==="N"}function Gm(n){if(Vm.isName(n))return n;throw new Error(`Invalid entity name ${n}`)}var Jm=Mm;const Zm=/^[-+]?0x[a-fA-F0-9]+$/,Ym=/^([\-\+])?(0*)(\.[0-9]+([eE]\-?[0-9]+)?|[0-9]+(\.[0-9]+([eE]\-?[0-9]+)?)?)$/;!Number.parseInt&&window.parseInt&&(Number.parseInt=window.parseInt);!Number.parseFloat&&window.parseFloat&&(Number.parseFloat=window.parseFloat);const Xm={hex:!0,leadingZeros:!0,decimalPoint:".",eNotation:!0};function Qm(n,e={}){if(e=Object.assign({},Xm,e),!n||typeof n!="string")return n;let t=n.trim();if(e.skipLike!==void 0&&e.skipLike.test(t))return n;if(e.hex&&Zm.test(t))return Number.parseInt(t,16);{const i=Ym.exec(t);if(i){const r=i[1],s=i[2];let o=ey(i[3]);const c=i[4]||i[6];if(!e.leadingZeros&&s.length>0&&r&&t[2]!==".")return n;if(!e.leadingZeros&&s.length>0&&!r&&t[1]!==".")return n;{const l=Number(t),u=""+l;return u.search(/[eE]/)!==-1||c?e.eNotation?l:n:t.indexOf(".")!==-1?u==="0"&&o===""||u===o||r&&u==="-"+o?l:n:s?o===u||r+o===u?l:n:t===u||t===r+u?l:n}}else return n}}function ey(n){return n&&n.indexOf(".")!==-1&&(n=n.replace(/0+$/,""),n==="."?n="0":n[0]==="."?n="0"+n:n[n.length-1]==="."&&(n=n.substr(0,n.length-1))),n}var ty=Qm;function ny(n){return typeof n=="function"?n:Array.isArray(n)?e=>{for(const t of n)if(typeof t=="string"&&e===t||t instanceof RegExp&&t.test(e))return!0}:()=>!1}var Yf=ny;const Xf=Zs,ni=Um,iy=Jm,ry=ty,sy=Yf;let oy=class{constructor(e){this.options=e,this.currentNode=null,this.tagsNodeStack=[],this.docTypeEntities={},this.lastEntities={apos:{regex:/&(apos|#39|#x27);/g,val:"'"},gt:{regex:/&(gt|#62|#x3E);/g,val:">"},lt:{regex:/&(lt|#60|#x3C);/g,val:"<"},quot:{regex:/&(quot|#34|#x22);/g,val:'"'}},this.ampEntity={regex:/&(amp|#38|#x26);/g,val:"&"},this.htmlEntities={space:{regex:/&(nbsp|#160);/g,val:" "},cent:{regex:/&(cent|#162);/g,val:"¢"},pound:{regex:/&(pound|#163);/g,val:"£"},yen:{regex:/&(yen|#165);/g,val:"¥"},euro:{regex:/&(euro|#8364);/g,val:"€"},copyright:{regex:/&(copy|#169);/g,val:"©"},reg:{regex:/&(reg|#174);/g,val:"®"},inr:{regex:/&(inr|#8377);/g,val:"₹"},num_dec:{regex:/&#([0-9]{1,7});/g,val:(t,i)=>String.fromCharCode(Number.parseInt(i,10))},num_hex:{regex:/&#x([0-9a-fA-F]{1,6});/g,val:(t,i)=>String.fromCharCode(Number.parseInt(i,16))}},this.addExternalEntities=ay,this.parseXml=py,this.parseTextData=cy,this.resolveNameSpace=ly,this.buildAttributesMap=dy,this.isItStopNode=_y,this.replaceEntitiesValue=hy,this.readStopNodeData=yy,this.saveTextToParentTag=gy,this.addChild=fy,this.ignoreAttributesFn=sy(this.options.ignoreAttributes)}};function ay(n){const e=Object.keys(n);for(let t=0;t<e.length;t++){const i=e[t];this.lastEntities[i]={regex:new RegExp("&"+i+";","g"),val:n[i]}}}function cy(n,e,t,i,r,s,o){if(n!==void 0&&(this.options.trimValues&&!i&&(n=n.trim()),n.length>0)){o||(n=this.replaceEntitiesValue(n));const c=this.options.tagValueProcessor(e,n,t,r,s);return c==null?n:typeof c!=typeof n||c!==n?c:this.options.trimValues?Ma(n,this.options.parseTagValue,this.options.numberParseOptions):n.trim()===n?Ma(n,this.options.parseTagValue,this.options.numberParseOptions):n}}function ly(n){if(this.options.removeNSPrefix){const e=n.split(":"),t=n.charAt(0)==="/"?"/":"";if(e[0]==="xmlns")return"";e.length===2&&(n=t+e[1])}return n}const uy=new RegExp(`([^\\s=]+)\\s*(=\\s*(['"])([\\s\\S]*?)\\3)?`,"gm");function dy(n,e,t){if(this.options.ignoreAttributes!==!0&&typeof n=="string"){const i=Xf.getAllMatches(n,uy),r=i.length,s={};for(let o=0;o<r;o++){const c=this.resolveNameSpace(i[o][1]);if(this.ignoreAttributesFn(c,e))continue;let l=i[o][4],u=this.options.attributeNamePrefix+c;if(c.length)if(this.options.transformAttributeName&&(u=this.options.transformAttributeName(u)),u==="__proto__"&&(u="#__proto__"),l!==void 0){this.options.trimValues&&(l=l.trim()),l=this.replaceEntitiesValue(l);const p=this.options.attributeValueProcessor(c,l,e);p==null?s[u]=l:typeof p!=typeof l||p!==l?s[u]=p:s[u]=Ma(l,this.options.parseAttributeValue,this.options.numberParseOptions)}else this.options.allowBooleanAttributes&&(s[u]=!0)}if(!Object.keys(s).length)return;if(this.options.attributesGroupName){const o={};return o[this.options.attributesGroupName]=s,o}return s}}const py=function(n){n=n.replace(/\r\n?/g,`
|
|
128
128
|
`);const e=new ni("!xml");let t=e,i="",r="";for(let s=0;s<n.length;s++)if(n[s]==="<")if(n[s+1]==="/"){const c=Xt(n,">",s,"Closing Tag is not closed.");let l=n.substring(s+2,c).trim();if(this.options.removeNSPrefix){const g=l.indexOf(":");g!==-1&&(l=l.substr(g+1))}this.options.transformTagName&&(l=this.options.transformTagName(l)),t&&(i=this.saveTextToParentTag(i,t,r));const u=r.substring(r.lastIndexOf(".")+1);if(l&&this.options.unpairedTags.indexOf(l)!==-1)throw new Error(`Unpaired tag can not be used as closing tag: </${l}>`);let p=0;u&&this.options.unpairedTags.indexOf(u)!==-1?(p=r.lastIndexOf(".",r.lastIndexOf(".")-1),this.tagsNodeStack.pop()):p=r.lastIndexOf("."),r=r.substring(0,p),t=this.tagsNodeStack.pop(),i="",s=c}else if(n[s+1]==="?"){let c=Va(n,s,!1,"?>");if(!c)throw new Error("Pi Tag is not closed.");if(i=this.saveTextToParentTag(i,t,r),!(this.options.ignoreDeclaration&&c.tagName==="?xml"||this.options.ignorePiTags)){const l=new ni(c.tagName);l.add(this.options.textNodeName,""),c.tagName!==c.tagExp&&c.attrExpPresent&&(l[":@"]=this.buildAttributesMap(c.tagExp,r,c.tagName)),this.addChild(t,l,r)}s=c.closeIndex+1}else if(n.substr(s+1,3)==="!--"){const c=Xt(n,"-->",s+4,"Comment is not closed.");if(this.options.commentPropName){const l=n.substring(s+4,c-2);i=this.saveTextToParentTag(i,t,r),t.add(this.options.commentPropName,[{[this.options.textNodeName]:l}])}s=c}else if(n.substr(s+1,2)==="!D"){const c=iy(n,s);this.docTypeEntities=c.entities,s=c.i}else if(n.substr(s+1,2)==="!["){const c=Xt(n,"]]>",s,"CDATA is not closed.")-2,l=n.substring(s+9,c);i=this.saveTextToParentTag(i,t,r);let u=this.parseTextData(l,t.tagname,r,!0,!1,!0,!0);u==null&&(u=""),this.options.cdataPropName?t.add(this.options.cdataPropName,[{[this.options.textNodeName]:l}]):t.add(this.options.textNodeName,u),s=c+2}else{let c=Va(n,s,this.options.removeNSPrefix),l=c.tagName;const u=c.rawTagName;let p=c.tagExp,g=c.attrExpPresent,m=c.closeIndex;this.options.transformTagName&&(l=this.options.transformTagName(l)),t&&i&&t.tagname!=="!xml"&&(i=this.saveTextToParentTag(i,t,r,!1));const x=t;if(x&&this.options.unpairedTags.indexOf(x.tagname)!==-1&&(t=this.tagsNodeStack.pop(),r=r.substring(0,r.lastIndexOf("."))),l!==e.tagname&&(r+=r?"."+l:l),this.isItStopNode(this.options.stopNodes,r,l)){let h="";if(p.length>0&&p.lastIndexOf("/")===p.length-1)l[l.length-1]==="/"?(l=l.substr(0,l.length-1),r=r.substr(0,r.length-1),p=l):p=p.substr(0,p.length-1),s=c.closeIndex;else if(this.options.unpairedTags.indexOf(l)!==-1)s=c.closeIndex;else{const b=this.readStopNodeData(n,u,m+1);if(!b)throw new Error(`Unexpected end of ${u}`);s=b.i,h=b.tagContent}const _=new ni(l);l!==p&&g&&(_[":@"]=this.buildAttributesMap(p,r,l)),h&&(h=this.parseTextData(h,l,r,!0,g,!0,!0)),r=r.substr(0,r.lastIndexOf(".")),_.add(this.options.textNodeName,h),this.addChild(t,_,r)}else{if(p.length>0&&p.lastIndexOf("/")===p.length-1){l[l.length-1]==="/"?(l=l.substr(0,l.length-1),r=r.substr(0,r.length-1),p=l):p=p.substr(0,p.length-1),this.options.transformTagName&&(l=this.options.transformTagName(l));const h=new ni(l);l!==p&&g&&(h[":@"]=this.buildAttributesMap(p,r,l)),this.addChild(t,h,r),r=r.substr(0,r.lastIndexOf("."))}else{const h=new ni(l);this.tagsNodeStack.push(t),l!==p&&g&&(h[":@"]=this.buildAttributesMap(p,r,l)),this.addChild(t,h,r),t=h}i="",s=m}}else i+=n[s];return e.child};function fy(n,e,t){const i=this.options.updateTag(e.tagname,t,e[":@"]);i===!1||(typeof i=="string"&&(e.tagname=i),n.addChild(e))}const hy=function(n){if(this.options.processEntities){for(let e in this.docTypeEntities){const t=this.docTypeEntities[e];n=n.replace(t.regx,t.val)}for(let e in this.lastEntities){const t=this.lastEntities[e];n=n.replace(t.regex,t.val)}if(this.options.htmlEntities)for(let e in this.htmlEntities){const t=this.htmlEntities[e];n=n.replace(t.regex,t.val)}n=n.replace(this.ampEntity.regex,this.ampEntity.val)}return n};function gy(n,e,t,i){return n&&(i===void 0&&(i=Object.keys(e.child).length===0),n=this.parseTextData(n,e.tagname,t,!1,e[":@"]?Object.keys(e[":@"]).length!==0:!1,i),n!==void 0&&n!==""&&e.add(this.options.textNodeName,n),n=""),n}function _y(n,e,t){const i="*."+t;for(const r in n){const s=n[r];if(i===s||e===s)return!0}return!1}function my(n,e,t=">"){let i,r="";for(let s=e;s<n.length;s++){let o=n[s];if(i)o===i&&(i="");else if(o==='"'||o==="'")i=o;else if(o===t[0])if(t[1]){if(n[s+1]===t[1])return{data:r,index:s}}else return{data:r,index:s};else o===" "&&(o=" ");r+=o}}function Xt(n,e,t,i){const r=n.indexOf(e,t);if(r===-1)throw new Error(i);return r+e.length-1}function Va(n,e,t,i=">"){const r=my(n,e+1,i);if(!r)return;let s=r.data;const o=r.index,c=s.search(/\s/);let l=s,u=!0;c!==-1&&(l=s.substring(0,c),s=s.substring(c+1).trimStart());const p=l;if(t){const g=l.indexOf(":");g!==-1&&(l=l.substr(g+1),u=l!==r.data.substr(g+1))}return{tagName:l,tagExp:s,closeIndex:o,attrExpPresent:u,rawTagName:p}}function yy(n,e,t){const i=t;let r=1;for(;t<n.length;t++)if(n[t]==="<")if(n[t+1]==="/"){const s=Xt(n,">",t,`${e} is not closed`);if(n.substring(t+2,s).trim()===e&&(r--,r===0))return{tagContent:n.substring(i,t),i:s};t=s}else if(n[t+1]==="?")t=Xt(n,"?>",t+1,"StopNode is not closed.");else if(n.substr(t+1,3)==="!--")t=Xt(n,"-->",t+3,"StopNode is not closed.");else if(n.substr(t+1,2)==="![")t=Xt(n,"]]>",t,"StopNode is not closed.")-2;else{const s=Va(n,t,">");s&&((s&&s.tagName)===e&&s.tagExp[s.tagExp.length-1]!=="/"&&r++,t=s.closeIndex)}}function Ma(n,e,t){if(e&&typeof n=="string"){const i=n.trim();return i==="true"?!0:i==="false"?!1:ry(n,t)}else return Xf.isExist(n)?n:""}var vy=oy,Qf={};function wy(n,e){return eh(n,e)}function eh(n,e,t){let i;const r={};for(let s=0;s<n.length;s++){const o=n[s],c=by(o);let l="";if(t===void 0?l=c:l=t+"."+c,c===e.textNodeName)i===void 0?i=o[c]:i+=""+o[c];else{if(c===void 0)continue;if(o[c]){let u=eh(o[c],e,l);const p=xy(u,e);o[":@"]?ky(u,o[":@"],l,e):Object.keys(u).length===1&&u[e.textNodeName]!==void 0&&!e.alwaysCreateTextNode?u=u[e.textNodeName]:Object.keys(u).length===0&&(e.alwaysCreateTextNode?u[e.textNodeName]="":u=""),r[c]!==void 0&&r.hasOwnProperty(c)?(Array.isArray(r[c])||(r[c]=[r[c]]),r[c].push(u)):e.isArray(c,l,p)?r[c]=[u]:r[c]=u}}}return typeof i=="string"?i.length>0&&(r[e.textNodeName]=i):i!==void 0&&(r[e.textNodeName]=i),r}function by(n){const e=Object.keys(n);for(let t=0;t<e.length;t++){const i=e[t];if(i!==":@")return i}}function ky(n,e,t,i){if(e){const r=Object.keys(e),s=r.length;for(let o=0;o<s;o++){const c=r[o];i.isArray(c,t+"."+c,!0,!0)?n[c]=[e[c]]:n[c]=e[c]}}}function xy(n,e){const{textNodeName:t}=e,i=Object.keys(n).length;return!!(i===0||i===1&&(n[t]||typeof n[t]=="boolean"||n[t]===0))}Qf.prettify=wy;const{buildOptions:Sy}=Kc,Ay=vy,{prettify:Iy}=Qf,Ey=Fc;let $y=class{constructor(e){this.externalEntities={},this.options=Sy(e)}parse(e,t){if(typeof e!="string")if(e.toString)e=e.toString();else throw new Error("XML data is accepted in String or Bytes[] form.");if(t){t===!0&&(t={});const s=Ey.validate(e,t);if(s!==!0)throw Error(`${s.err.msg}:${s.err.line}:${s.err.col}`)}const i=new Ay(this.options);i.addExternalEntities(this.externalEntities);const r=i.parseXml(e);return this.options.preserveOrder||r===void 0?r:Iy(r,this.options)}addEntity(e,t){if(t.indexOf("&")!==-1)throw new Error("Entity value can't have '&'");if(e.indexOf("&")!==-1||e.indexOf(";")!==-1)throw new Error("An entity must be set without '&' and ';'. Eg. use '#xD' for '
'");if(t==="&")throw new Error("An entity with value '&' is not permitted");this.externalEntities[e]=t}};var Cy=$y;const jy=`
|
package/dist/authhero.mjs
CHANGED
|
@@ -15931,7 +15931,9 @@ async function vm(n, e) {
|
|
|
15931
15931
|
if (e === "plain")
|
|
15932
15932
|
return n;
|
|
15933
15933
|
const t = new TextEncoder().encode(n), i = await vf(t);
|
|
15934
|
-
return Qt.encode(new Uint8Array(i)
|
|
15934
|
+
return Qt.encode(new Uint8Array(i), {
|
|
15935
|
+
includePadding: !1
|
|
15936
|
+
});
|
|
15935
15937
|
}
|
|
15936
15938
|
function Of(n, e, t) {
|
|
15937
15939
|
const i = [];
|