npm - authhero - Versions diffs - 0.56.0 → 0.57.0 - Mend

authhero 0.56.0 → 0.57.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/authhero.cjs CHANGED Viewed

@@ -1,4 +1,4 @@
-"use strict";var Eh=Object.defineProperty;var zh=(n,e,t)=>e in n?Eh(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t;var te=(n,e,t)=>zh(n,typeof e!="symbol"?e+"":e,t);Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("@hono/zod-openapi"),X=n=>typeof n=="string",ni=()=>{let n,e;const t=new Promise((i,r)=>{n=i,e=r});return t.resolve=n,t.reject=e,t},cl=n=>n==null?"":""+n,$h=(n,e,t)=>{n.forEach(i=>{e[i]&&(t[i]=e[i])})},Ch=/###/g,ll=n=>n&&n.indexOf("###")>-1?n.replace(Ch,"."):n,ul=n=>!n||X(n),ai=(n,e,t)=>{const i=X(e)?e.split("."):e;let r=0;for(;r<i.length-1;){if(ul(n))return{};const s=ll(i[r]);!n[s]&&t&&(n[s]=new t),Object.prototype.hasOwnProperty.call(n,s)?n=n[s]:n={},++r}return ul(n)?{}:{obj:n,k:ll(i[r])}},dl=(n,e,t)=>{const{obj:i,k:r}=ai(n,e,Object);if(i!==void 0||e.length===1){i[r]=t;return}let s=e[e.length-1],a=e.slice(0,e.length-1),c=ai(n,a,Object);for(;c.obj===void 0&&a.length;)s=`${a[a.length-1]}.${s}`,a=a.slice(0,a.length-1),c=ai(n,a,Object),c!=null&&c.obj&&typeof c.obj[`${c.k}.${s}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${s}`]=t},jh=(n,e,t,i)=>{const{obj:r,k:s}=ai(n,e,Object);r[s]=r[s]||[],r[s].push(t)},lr=(n,e)=>{const{obj:t,k:i}=ai(n,e);if(t&&Object.prototype.hasOwnProperty.call(t,i))return t[i]},Nh=(n,e,t)=>{const i=lr(n,t);return i!==void 0?i:lr(e,t)},kd=(n,e,t)=>{for(const i in e)i!=="__proto__"&&i!=="constructor"&&(i in n?X(n[i])||n[i]instanceof String||X(e[i])||e[i]instanceof String?t&&(n[i]=e[i]):kd(n[i],e[i],t):n[i]=e[i]);return n},kn=n=>n.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var Oh={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const Bh=n=>X(n)?n.replace(/[&<>"'\/]/g,e=>Oh[e]):n;class Th{constructor(e){this.capacity=e,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(e){const t=this.regExpMap.get(e);if(t!==void 0)return t;const i=new RegExp(e);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(e,i),this.regExpQueue.push(e),i}}const Rh=[" ",",","?","!",";"],Ph=new Th(20),Lh=(n,e,t)=>{e=e||"",t=t||"";const i=Rh.filter(a=>e.indexOf(a)<0&&t.indexOf(a)<0);if(i.length===0)return!0;const r=Ph.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let s=!r.test(n);if(!s){const a=n.indexOf(t);a>0&&!r.test(n.substring(0,a))&&(s=!0)}return s},wo=function(n,e){let t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:".";if(!n)return;if(n[e])return Object.prototype.hasOwnProperty.call(n,e)?n[e]:void 0;const i=e.split(t);let r=n;for(let s=0;s<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=s;l<i.length;++l)if(l!==s&&(c+=t),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;s+=l-s+1;break}r=a}return r},ur=n=>n==null?void 0:n.replace("_","-"),Uh={type:"logger",log(n){this.output("log",n)},warn(n){this.output("warn",n)},error(n){this.output("error",n)},output(n,e){var t,i;(i=(t=console==null?void 0:console[n])==null?void 0:t.apply)==null||i.call(t,console,e)}};class dr{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.init(e,t)}init(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.prefix=t.prefix||"i18next:",this.logger=e||Uh,this.options=t,this.debug=t.debug}log(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"log","",!0)}warn(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"warn","",!0)}error(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"error","")}deprecate(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(e,t,i,r){return r&&!this.debug?null:(X(e[0])&&(e[0]=`${i}${this.prefix} ${e[0]}`),this.logger[t](e))}create(e){return new dr(this.logger,{prefix:`${this.prefix}:${e}:`,...this.options})}clone(e){return e=e||this.options,e.prefix=e.prefix||this.prefix,new dr(this.logger,e)}}var gt=new dr;class is{constructor(){this.observers={}}on(e,t){return e.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(t)||0;this.observers[i].set(t,r+1)}),this}off(e,t){if(this.observers[e]){if(!t){delete this.observers[e];return}this.observers[e].delete(t)}}emit(e){for(var t=arguments.length,i=new Array(t>1?t-1:0),r=1;r<t;r++)i[r-1]=arguments[r];this.observers[e]&&Array.from(this.observers[e].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c(...i)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c.apply(c,[e,...i])})}}class pl extends is{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{ns:["translation"],defaultNS:"translation"};super(),this.data=e||{},this.options=t,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(e){this.options.ns.indexOf(e)<0&&this.options.ns.push(e)}removeNamespaces(e){const t=this.options.ns.indexOf(e);t>-1&&this.options.ns.splice(t,1)}getResource(e,t,i){var u,p;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;e.indexOf(".")>-1?c=e.split("."):(c=[e,t],i&&(Array.isArray(i)?c.push(...i):X(i)&&s?c.push(...i.split(s)):c.push(i)));const l=lr(this.data,c);return!l&&!t&&!i&&e.indexOf(".")>-1&&(e=c[0],t=c[1],i=c.slice(2).join(".")),l||!a||!X(i)?l:wo((p=(u=this.data)==null?void 0:u[e])==null?void 0:p[t],i,s)}addResource(e,t,i,r){let s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:{silent:!1};const a=s.keySeparator!==void 0?s.keySeparator:this.options.keySeparator;let c=[e,t];i&&(c=c.concat(a?i.split(a):i)),e.indexOf(".")>-1&&(c=e.split("."),r=t,t=c[1]),this.addNamespaces(t),dl(this.data,c,r),s.silent||this.emit("added",e,t,i,r)}addResources(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{silent:!1};for(const s in i)(X(i[s])||Array.isArray(i[s]))&&this.addResource(e,t,s,i[s],{silent:!0});r.silent||this.emit("added",e,t,i)}addResourceBundle(e,t,i,r,s){let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{silent:!1,skipCopy:!1},c=[e,t];e.indexOf(".")>-1&&(c=e.split("."),r=i,i=t,t=c[1]),this.addNamespaces(t);let l=lr(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?kd(l,i,s):l={...l,...i},dl(this.data,c,l),a.silent||this.emit("added",e,t,i)}removeResourceBundle(e,t){this.hasResourceBundle(e,t)&&delete this.data[e][t],this.removeNamespaces(t),this.emit("removed",e,t)}hasResourceBundle(e,t){return this.getResource(e,t)!==void 0}getResourceBundle(e,t){return t||(t=this.options.defaultNS),this.getResource(e,t)}getDataByLanguage(e){return this.data[e]}hasLanguageSomeTranslations(e){const t=this.getDataByLanguage(e);return!!(t&&Object.keys(t)||[]).find(r=>t[r]&&Object.keys(t[r]).length>0)}toJSON(){return this.data}}var xd={processors:{},addPostProcessor(n){this.processors[n.name]=n},handle(n,e,t,i,r){return n.forEach(s=>{var a;e=((a=this.processors[s])==null?void 0:a.process(e,t,i,r))??e}),e}};const fl={};class pr extends is{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};super(),$h(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],e,this),this.options=t,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=gt.create("translator")}changeLanguage(e){e&&(this.language=e)}exists(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};if(e==null)return!1;const i=this.resolve(e,t);return(i==null?void 0:i.res)!==void 0}extractFromKey(e,t){let i=t.nsSeparator!==void 0?t.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=t.keySeparator!==void 0?t.keySeparator:this.options.keySeparator;let s=t.ns||this.options.defaultNS||[];const a=i&&e.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!t.keySeparator&&!this.options.userDefinedNsSeparator&&!t.nsSeparator&&!Lh(e,i,r);if(a&&!c){const l=e.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:e,namespaces:X(s)?[s]:s};const u=e.split(i);(i!==r||i===r&&this.options.ns.indexOf(u[0])>-1)&&(s=u.shift()),e=u.join(r)}return{key:e,namespaces:X(s)?[s]:s}}translate(e,t,i){if(typeof t!="object"&&this.options.overloadTranslationOptionHandler&&(t=this.options.overloadTranslationOptionHandler(arguments)),typeof t=="object"&&(t={...t}),t||(t={}),e==null)return"";Array.isArray(e)||(e=[String(e)]);const r=t.returnDetails!==void 0?t.returnDetails:this.options.returnDetails,s=t.keySeparator!==void 0?t.keySeparator:this.options.keySeparator,{key:a,namespaces:c}=this.extractFromKey(e[e.length-1],t),l=c[c.length-1],u=t.lng||this.language,p=t.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if((u==null?void 0:u.toLowerCase())==="cimode"){if(p){const F=t.nsSeparator||this.options.nsSeparator;return r?{res:`${l}${F}${a}`,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(t)}:`${l}${F}${a}`}return r?{res:a,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(t)}:a}const g=this.resolve(e,t);let _=g==null?void 0:g.res;const x=(g==null?void 0:g.usedKey)||a,h=(g==null?void 0:g.exactUsedKey)||a,m=Object.prototype.toString.apply(_),b=["[object Number]","[object Function]","[object RegExp]"],S=t.joinArrays!==void 0?t.joinArrays:this.options.joinArrays,O=!this.i18nFormat||this.i18nFormat.handleAsObject,T=!X(_)&&typeof _!="boolean"&&typeof _!="number";if(O&&_&&T&&b.indexOf(m)<0&&!(X(S)&&Array.isArray(_))){if(!t.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const F=this.options.returnedObjectHandler?this.options.returnedObjectHandler(x,_,{...t,ns:c}):`key '${a} (${this.language})' returned an object instead of string.`;return r?(g.res=F,g.usedParams=this.getUsedParamsDetails(t),g):F}if(s){const F=Array.isArray(_),oe=F?[]:{},pe=F?h:x;for(const ce in _)if(Object.prototype.hasOwnProperty.call(_,ce)){const Pe=`${pe}${s}${ce}`;oe[ce]=this.translate(Pe,{...t,joinArrays:!1,ns:c}),oe[ce]===Pe&&(oe[ce]=_[ce])}_=oe}}else if(O&&X(S)&&Array.isArray(_))_=_.join(S),_&&(_=this.extendTranslation(_,e,t,i));else{let F=!1,oe=!1;const pe=t.count!==void 0&&!X(t.count),ce=pr.hasDefaultValue(t),Pe=pe?this.pluralResolver.getSuffix(u,t.count,t):"",it=t.ordinal&&pe?this.pluralResolver.getSuffix(u,t.count,{ordinal:!1}):"",Fe=pe&&!t.ordinal&&t.count===0,z=Fe&&t[`defaultValue${this.options.pluralSeparator}zero`]||t[`defaultValue${Pe}`]||t[`defaultValue${it}`]||t.defaultValue;!this.isValidLookup(_)&&ce&&(F=!0,_=z),this.isValidLookup(_)||(oe=!0,_=a);const A=(t.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&oe?void 0:_,w=ce&&z!==_&&this.options.updateMissing;if(oe||F||w){if(this.logger.log(w?"updateKey":"missingKey",u,l,a,w?z:_),s){const Z=this.resolve(a,{...t,keySeparator:!1});Z&&Z.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let v=[];const $=this.languageUtils.getFallbackCodes(this.options.fallbackLng,t.lng||this.language);if(this.options.saveMissingTo==="fallback"&&$&&$[0])for(let Z=0;Z<$.length;Z++)v.push($[Z]);else this.options.saveMissingTo==="all"?v=this.languageUtils.toResolveHierarchy(t.lng||this.language):v.push(t.lng||this.language);const R=(Z,K,ee)=>{var M;const se=ce&&ee!==_?ee:A;this.options.missingKeyHandler?this.options.missingKeyHandler(Z,l,K,se,w,t):(M=this.backendConnector)!=null&&M.saveMissing&&this.backendConnector.saveMissing(Z,l,K,se,w,t),this.emit("missingKey",Z,l,K,_)};this.options.saveMissing&&(this.options.saveMissingPlurals&&pe?v.forEach(Z=>{const K=this.pluralResolver.getSuffixes(Z,t);Fe&&t[`defaultValue${this.options.pluralSeparator}zero`]&&K.indexOf(`${this.options.pluralSeparator}zero`)<0&&K.push(`${this.options.pluralSeparator}zero`),K.forEach(ee=>{R([Z],a+ee,t[`defaultValue${ee}`]||z)})}):R(v,a,z))}_=this.extendTranslation(_,e,t,g,i),oe&&_===a&&this.options.appendNamespaceToMissingKey&&(_=`${l}:${a}`),(oe||F)&&this.options.parseMissingKeyHandler&&(_=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${l}:${a}`:a,F?_:void 0))}return r?(g.res=_,g.usedParams=this.getUsedParamsDetails(t),g):_}extendTranslation(e,t,i,r,s){var u,p;var a=this;if((u=this.i18nFormat)!=null&&u.parse)e=this.i18nFormat.parse(e,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const g=X(e)&&(((p=i==null?void 0:i.interpolation)==null?void 0:p.skipOnVariables)!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let _;if(g){const h=e.match(this.interpolator.nestingRegexp);_=h&&h.length}let x=i.replace&&!X(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(x={...this.options.interpolation.defaultVariables,...x}),e=this.interpolator.interpolate(e,x,i.lng||this.language||r.usedLng,i),g){const h=e.match(this.interpolator.nestingRegexp),m=h&&h.length;_<m&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(e=this.interpolator.nest(e,function(){for(var h=arguments.length,m=new Array(h),b=0;b<h;b++)m[b]=arguments[b];return(s==null?void 0:s[0])===m[0]&&!i.context?(a.logger.warn(`It seems you are nesting recursively key: ${m[0]} in key: ${t[0]}`),null):a.translate(...m,t)},i)),i.interpolation&&this.interpolator.reset()}const c=i.postProcess||this.options.postProcess,l=X(c)?[c]:c;return e!=null&&(l!=null&&l.length)&&i.applyPostProcessor!==!1&&(e=xd.handle(l,e,t,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),e}resolve(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i,r,s,a,c;return X(e)&&(e=[e]),e.forEach(l=>{if(this.isValidLookup(i))return;const u=this.extractFromKey(l,t),p=u.key;r=p;let g=u.namespaces;this.options.fallbackNS&&(g=g.concat(this.options.fallbackNS));const _=t.count!==void 0&&!X(t.count),x=_&&!t.ordinal&&t.count===0,h=t.context!==void 0&&(X(t.context)||typeof t.context=="number")&&t.context!=="",m=t.lngs?t.lngs:this.languageUtils.toResolveHierarchy(t.lng||this.language,t.fallbackLng);g.forEach(b=>{var S,O;this.isValidLookup(i)||(c=b,!fl[`${m[0]}-${b}`]&&((S=this.utils)!=null&&S.hasLoadedNamespace)&&!((O=this.utils)!=null&&O.hasLoadedNamespace(c))&&(fl[`${m[0]}-${b}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(T=>{var pe;if(this.isValidLookup(i))return;a=T;const F=[p];if((pe=this.i18nFormat)!=null&&pe.addLookupKeys)this.i18nFormat.addLookupKeys(F,p,T,b,t);else{let ce;_&&(ce=this.pluralResolver.getSuffix(T,t.count,t));const Pe=`${this.options.pluralSeparator}zero`,it=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(_&&(F.push(p+ce),t.ordinal&&ce.indexOf(it)===0&&F.push(p+ce.replace(it,this.options.pluralSeparator)),x&&F.push(p+Pe)),h){const Fe=`${p}${this.options.contextSeparator}${t.context}`;F.push(Fe),_&&(F.push(Fe+ce),t.ordinal&&ce.indexOf(it)===0&&F.push(Fe+ce.replace(it,this.options.pluralSeparator)),x&&F.push(Fe+Pe))}}let oe;for(;oe=F.pop();)this.isValidLookup(i)||(s=oe,i=this.getResource(T,b,oe,t))}))})}),{res:i,usedKey:r,exactUsedKey:s,usedLng:a,usedNS:c}}isValidLookup(e){return e!==void 0&&!(!this.options.returnNull&&e===null)&&!(!this.options.returnEmptyString&&e==="")}getResource(e,t,i){var s;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};return(s=this.i18nFormat)!=null&&s.getResource?this.i18nFormat.getResource(e,t,i,r):this.resourceStore.getResource(e,t,i,r)}getUsedParamsDetails(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};const t=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=e.replace&&!X(e.replace);let r=i?e.replace:e;if(i&&typeof e.count<"u"&&(r.count=e.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const s of t)delete r[s]}return r}static hasDefaultValue(e){const t="defaultValue";for(const i in e)if(Object.prototype.hasOwnProperty.call(e,i)&&t===i.substring(0,t.length)&&e[i]!==void 0)return!0;return!1}}class hl{constructor(e){this.options=e,this.supportedLngs=this.options.supportedLngs||!1,this.logger=gt.create("languageUtils")}getScriptPartFromCode(e){if(e=ur(e),!e||e.indexOf("-")<0)return null;const t=e.split("-");return t.length===2||(t.pop(),t[t.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(t.join("-"))}getLanguagePartFromCode(e){if(e=ur(e),!e||e.indexOf("-")<0)return e;const t=e.split("-");return this.formatLanguageCode(t[0])}formatLanguageCode(e){if(X(e)&&e.indexOf("-")>-1){let t;try{t=Intl.getCanonicalLocales(e)[0]}catch{}return t&&this.options.lowerCaseLng&&(t=t.toLowerCase()),t||(this.options.lowerCaseLng?e.toLowerCase():e)}return this.options.cleanCode||this.options.lowerCaseLng?e.toLowerCase():e}isSupportedCode(e){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(e=this.getLanguagePartFromCode(e)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(e)>-1}getBestMatchFromCodes(e){if(!e)return null;let t;return e.forEach(i=>{if(t)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(t=r)}),!t&&this.options.supportedLngs&&e.forEach(i=>{if(t)return;const r=this.getLanguagePartFromCode(i);if(this.isSupportedCode(r))return t=r;t=this.options.supportedLngs.find(s=>{if(s===r)return s;if(!(s.indexOf("-")<0&&r.indexOf("-")<0)&&(s.indexOf("-")>0&&r.indexOf("-")<0&&s.substring(0,s.indexOf("-"))===r||s.indexOf(r)===0&&r.length>1))return s})}),t||(t=this.getFallbackCodes(this.options.fallbackLng)[0]),t}getFallbackCodes(e,t){if(!e)return[];if(typeof e=="function"&&(e=e(t)),X(e)&&(e=[e]),Array.isArray(e))return e;if(!t)return e.default||[];let i=e[t];return i||(i=e[this.getScriptPartFromCode(t)]),i||(i=e[this.formatLanguageCode(t)]),i||(i=e[this.getLanguagePartFromCode(t)]),i||(i=e.default),i||[]}toResolveHierarchy(e,t){const i=this.getFallbackCodes(t||this.options.fallbackLng||[],e),r=[],s=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return X(e)&&(e.indexOf("-")>-1||e.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&s(this.formatLanguageCode(e)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&s(this.getScriptPartFromCode(e)),this.options.load!=="currentOnly"&&s(this.getLanguagePartFromCode(e))):X(e)&&s(this.formatLanguageCode(e)),i.forEach(a=>{r.indexOf(a)<0&&s(this.formatLanguageCode(a))}),r}}const gl={zero:0,one:1,two:2,few:3,many:4,other:5},_l={select:n=>n===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class Vh{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.languageUtils=e,this.options=t,this.logger=gt.create("pluralResolver"),this.pluralRulesCache={}}addRule(e,t){this.rules[e]=t}clearCache(){this.pluralRulesCache={}}getRule(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};const i=ur(e==="dev"?"en":e),r=t.ordinal?"ordinal":"cardinal",s=JSON.stringify({cleanedCode:i,type:r});if(s in this.pluralRulesCache)return this.pluralRulesCache[s];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(!Intl)return this.logger.error("No Intl support, please use an Intl polyfill!"),_l;if(!e.match(/-|_/))return _l;const l=this.languageUtils.getLanguagePartFromCode(e);a=this.getRule(l,t)}return this.pluralRulesCache[s]=a,a}needsPlural(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i=this.getRule(e,t);return i||(i=this.getRule("dev",t)),(i==null?void 0:i.resolvedOptions().pluralCategories.length)>1}getPluralFormsOfKey(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this.getSuffixes(e,i).map(r=>`${t}${r}`)}getSuffixes(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i=this.getRule(e,t);return i||(i=this.getRule("dev",t)),i?i.resolvedOptions().pluralCategories.sort((r,s)=>gl[r]-gl[s]).map(r=>`${this.options.prepend}${t.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};const r=this.getRule(e,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(t)}`:(this.logger.warn(`no plural rule found for: ${e}`),this.getSuffix("dev",t,i))}}const ml=function(n,e,t){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:".",r=arguments.length>4&&arguments[4]!==void 0?arguments[4]:!0,s=Nh(n,e,t);return!s&&r&&X(t)&&(s=wo(n,t,i),s===void 0&&(s=wo(e,t,i))),s},ro=n=>n.replace(/\$/g,"$$$$");class Mh{constructor(){var t;let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=gt.create("interpolator"),this.options=e,this.format=((t=e==null?void 0:e.interpolation)==null?void 0:t.format)||(i=>i),this.init(e)}init(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};e.interpolation||(e.interpolation={escapeValue:!0});const{escape:t,escapeValue:i,useRawValueToEscape:r,prefix:s,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:u,unescapeSuffix:p,unescapePrefix:g,nestingPrefix:_,nestingPrefixEscaped:x,nestingSuffix:h,nestingSuffixEscaped:m,nestingOptionsSeparator:b,maxReplaces:S,alwaysFormat:O}=e.interpolation;this.escape=t!==void 0?t:Bh,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=s?kn(s):a||"{{",this.suffix=c?kn(c):l||"}}",this.formatSeparator=u||",",this.unescapePrefix=p?"":g||"-",this.unescapeSuffix=this.unescapePrefix?"":p||"",this.nestingPrefix=_?kn(_):x||kn("$t("),this.nestingSuffix=h?kn(h):m||kn(")"),this.nestingOptionsSeparator=b||",",this.maxReplaces=S||1e3,this.alwaysFormat=O!==void 0?O:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const e=(t,i)=>(t==null?void 0:t.source)===i?(t.lastIndex=0,t):new RegExp(i,"g");this.regexp=e(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=e(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=e(this.nestingRegexp,`${this.nestingPrefix}(.+?)${this.nestingSuffix}`)}interpolate(e,t,i,r){var x;let s,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},u=h=>{if(h.indexOf(this.formatSeparator)<0){const O=ml(t,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(O,void 0,i,{...r,...t,interpolationkey:h}):O}const m=h.split(this.formatSeparator),b=m.shift().trim(),S=m.join(this.formatSeparator).trim();return this.format(ml(t,l,b,this.options.keySeparator,this.options.ignoreJSONStructure),S,i,{...r,...t,interpolationkey:b})};this.resetRegExp();const p=(r==null?void 0:r.missingInterpolationHandler)||this.options.missingInterpolationHandler,g=((x=r==null?void 0:r.interpolation)==null?void 0:x.skipOnVariables)!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>ro(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?ro(this.escape(h)):ro(h)}].forEach(h=>{for(c=0;s=h.regex.exec(e);){const m=s[1].trim();if(a=u(m),a===void 0)if(typeof p=="function"){const S=p(e,s,r);a=X(S)?S:""}else if(r&&Object.prototype.hasOwnProperty.call(r,m))a="";else if(g){a=s[0];continue}else this.logger.warn(`missed to pass in variable ${m} for interpolating ${e}`),a="";else!X(a)&&!this.useRawValueToEscape&&(a=cl(a));const b=h.safeValue(a);if(e=e.replace(s[0],b),g?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=s[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),e}nest(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},r,s,a;const c=(l,u)=>{const p=this.nestingOptionsSeparator;if(l.indexOf(p)<0)return l;const g=l.split(new RegExp(`${p}[ ]*{`));let _=`{${g[1]}`;l=g[0],_=this.interpolate(_,a);const x=_.match(/'/g),h=_.match(/"/g);(((x==null?void 0:x.length)??0)%2===0&&!h||h.length%2!==0)&&(_=_.replace(/'/g,'"'));try{a=JSON.parse(_),u&&(a={...u,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${p}${_}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(e);){let l=[];a={...i},a=a.replace&&!X(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;let u=!1;if(r[0].indexOf(this.formatSeparator)!==-1&&!/{.*}/.test(r[1])){const p=r[1].split(this.formatSeparator).map(g=>g.trim());r[1]=p.shift(),l=p,u=!0}if(s=t(c.call(this,r[1].trim(),a),a),s&&r[0]===e&&!X(s))return s;X(s)||(s=cl(s)),s||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${e}`),s=""),u&&(s=l.reduce((p,g)=>this.format(p,g,i.lng,{...i,interpolationkey:r[1].trim()}),s.trim())),e=e.replace(r[0],s),this.regexp.lastIndex=0}return e}}const Hh=n=>{let e=n.toLowerCase().trim();const t={};if(n.indexOf("(")>-1){const i=n.split("(");e=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);e==="currency"&&r.indexOf(":")<0?t.currency||(t.currency=r.trim()):e==="relativetime"&&r.indexOf(":")<0?t.range||(t.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),u=l.join(":").trim().replace(/^'+|'+$/g,""),p=c.trim();t[p]||(t[p]=u),u==="false"&&(t[p]=!1),u==="true"&&(t[p]=!0),isNaN(u)||(t[p]=parseInt(u,10))}})}return{formatName:e,formatOptions:t}},xn=n=>{const e={};return(t,i,r)=>{let s=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(s={...s,[r.interpolationkey]:void 0});const a=i+JSON.stringify(s);let c=e[a];return c||(c=n(ur(i),r),e[a]=c),c(t)}};class Dh{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=gt.create("formatter"),this.options=e,this.formats={number:xn((t,i)=>{const r=new Intl.NumberFormat(t,{...i});return s=>r.format(s)}),currency:xn((t,i)=>{const r=new Intl.NumberFormat(t,{...i,style:"currency"});return s=>r.format(s)}),datetime:xn((t,i)=>{const r=new Intl.DateTimeFormat(t,{...i});return s=>r.format(s)}),relativetime:xn((t,i)=>{const r=new Intl.RelativeTimeFormat(t,{...i});return s=>r.format(s,i.range||"day")}),list:xn((t,i)=>{const r=new Intl.ListFormat(t,{...i});return s=>r.format(s)})},this.init(e)}init(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};this.formatSeparator=t.interpolation.formatSeparator||","}add(e,t){this.formats[e.toLowerCase().trim()]=t}addCached(e,t){this.formats[e.toLowerCase().trim()]=xn(t)}format(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=t.split(this.formatSeparator);if(s.length>1&&s[0].indexOf("(")>1&&s[0].indexOf(")")<0&&s.find(c=>c.indexOf(")")>-1)){const c=s.findIndex(l=>l.indexOf(")")>-1);s[0]=[s[0],...s.splice(1,c)].join(this.formatSeparator)}return s.reduce((c,l)=>{var g;const{formatName:u,formatOptions:p}=Hh(l);if(this.formats[u]){let _=c;try{const x=((g=r==null?void 0:r.formatParams)==null?void 0:g[r.interpolationkey])||{},h=x.locale||x.lng||r.locale||r.lng||i;_=this.formats[u](c,h,{...p,...r,...x})}catch(x){this.logger.warn(x)}return _}else this.logger.warn(`there was no format function for ${u}`);return c},e)}}const qh=(n,e)=>{n.pending[e]!==void 0&&(delete n.pending[e],n.pendingCount--)};class Fh extends is{constructor(e,t,i){var s,a;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};super(),this.backend=e,this.store=t,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=gt.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],(a=(s=this.backend)==null?void 0:s.init)==null||a.call(s,i,r.backend,r)}queueLoad(e,t,i,r){const s={},a={},c={},l={};return e.forEach(u=>{let p=!0;t.forEach(g=>{const _=`${u}|${g}`;!i.reload&&this.store.hasResourceBundle(u,g)?this.state[_]=2:this.state[_]<0||(this.state[_]===1?a[_]===void 0&&(a[_]=!0):(this.state[_]=1,p=!1,a[_]===void 0&&(a[_]=!0),s[_]===void 0&&(s[_]=!0),l[g]===void 0&&(l[g]=!0)))}),p||(c[u]=!0)}),(Object.keys(s).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(s),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(e,t,i){const r=e.split("|"),s=r[0],a=r[1];t&&this.emit("failedLoading",s,a,t),!t&&i&&this.store.addResourceBundle(s,a,i,void 0,void 0,{skipCopy:!0}),this.state[e]=t?-1:2,t&&i&&(this.state[e]=0);const c={};this.queue.forEach(l=>{jh(l.loaded,[s],a),qh(l,e),t&&l.errors.push(t),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(u=>{c[u]||(c[u]={});const p=l.loaded[u];p.length&&p.forEach(g=>{c[u][g]===void 0&&(c[u][g]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:0,s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:this.retryTimeout,a=arguments.length>5?arguments[5]:void 0;if(!e.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:e,ns:t,fcName:i,tried:r,wait:s,callback:a});return}this.readingCalls++;const c=(u,p)=>{if(this.readingCalls--,this.waitingReads.length>0){const g=this.waitingReads.shift();this.read(g.lng,g.ns,g.fcName,g.tried,g.wait,g.callback)}if(u&&p&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,e,t,i,r+1,s*2,a)},s);return}a(u,p)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const u=l(e,t);u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}return}return l(e,t,c)}prepareLoading(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},r=arguments.length>3?arguments[3]:void 0;if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();X(e)&&(e=this.languageUtils.toResolveHierarchy(e)),X(t)&&(t=[t]);const s=this.queueLoad(e,t,i,r);if(!s.toLoad.length)return s.pending.length||r(),null;s.toLoad.forEach(a=>{this.loadOne(a)})}load(e,t,i){this.prepareLoading(e,t,{},i)}reload(e,t,i){this.prepareLoading(e,t,{reload:!0},i)}loadOne(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"";const i=e.split("|"),r=i[0],s=i[1];this.read(r,s,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${t}loading namespace ${s} for language ${r} failed`,a),!a&&c&&this.logger.log(`${t}loaded namespace ${s} for language ${r}`,c),this.loaded(e,a,c)})}saveMissing(e,t,i,r,s){var l,u,p,g,_;let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{},c=arguments.length>6&&arguments[6]!==void 0?arguments[6]:()=>{};if((u=(l=this.services)==null?void 0:l.utils)!=null&&u.hasLoadedNamespace&&!((g=(p=this.services)==null?void 0:p.utils)!=null&&g.hasLoadedNamespace(t))){this.logger.warn(`did not save key "${i}" as the namespace "${t}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if((_=this.backend)!=null&&_.create){const x={...a,isUpdate:s},h=this.backend.create.bind(this.backend);if(h.length<6)try{let m;h.length===5?m=h(e,t,i,r,x):m=h(e,t,i,r),m&&typeof m.then=="function"?m.then(b=>c(null,b)).catch(c):c(null,m)}catch(m){c(m)}else h(e,t,i,r,c,x)}!e||!e[0]||this.store.addResource(e[0],t,i,r)}}}const yl=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:n=>{let e={};if(typeof n[1]=="object"&&(e=n[1]),X(n[1])&&(e.defaultValue=n[1]),X(n[2])&&(e.tDescription=n[2]),typeof n[2]=="object"||typeof n[3]=="object"){const t=n[3]||n[2];Object.keys(t).forEach(i=>{e[i]=t[i]})}return e},interpolation:{escapeValue:!0,format:n=>n,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0}}),vl=n=>{var e,t;return X(n.ns)&&(n.ns=[n.ns]),X(n.fallbackLng)&&(n.fallbackLng=[n.fallbackLng]),X(n.fallbackNS)&&(n.fallbackNS=[n.fallbackNS]),((t=(e=n.supportedLngs)==null?void 0:e.indexOf)==null?void 0:t.call(e,"cimode"))<0&&(n.supportedLngs=n.supportedLngs.concat(["cimode"])),typeof n.initImmediate=="boolean"&&(n.initAsync=n.initImmediate),n},Ji=()=>{},Kh=n=>{Object.getOwnPropertyNames(Object.getPrototypeOf(n)).forEach(t=>{typeof n[t]=="function"&&(n[t]=n[t].bind(n))})};class gi extends is{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1?arguments[1]:void 0;if(super(),this.options=vl(e),this.services={},this.logger=gt,this.modules={external:[]},Kh(this),t&&!this.isInitialized&&!e.isClone){if(!this.options.initAsync)return this.init(e,t),this;setTimeout(()=>{this.init(e,t)},0)}}init(){var e=this;let t=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},i=arguments.length>1?arguments[1]:void 0;this.isInitializing=!0,typeof t=="function"&&(i=t,t={}),!t.defaultNS&&t.defaultNS!==!1&&t.ns&&(X(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const r=yl();this.options={...r,...this.options,...vl(t)},this.options.interpolation={...r.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator);const s=p=>p?typeof p=="function"?new p:p:null;if(!this.options.isClone){this.modules.logger?gt.init(s(this.modules.logger),this.options):gt.init(null,this.options);let p;this.modules.formatter?p=this.modules.formatter:p=Dh;const g=new hl(this.options);this.store=new pl(this.options.resources,this.options);const _=this.services;_.logger=gt,_.resourceStore=this.store,_.languageUtils=g,_.pluralResolver=new Vh(g,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),p&&(!this.options.interpolation.format||this.options.interpolation.format===r.interpolation.format)&&(_.formatter=s(p),_.formatter.init(_,this.options),this.options.interpolation.format=_.formatter.format.bind(_.formatter)),_.interpolator=new Mh(this.options),_.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},_.backendConnector=new Fh(s(this.modules.backend),_.resourceStore,_,this.options),_.backendConnector.on("*",function(x){for(var h=arguments.length,m=new Array(h>1?h-1:0),b=1;b<h;b++)m[b-1]=arguments[b];e.emit(x,...m)}),this.modules.languageDetector&&(_.languageDetector=s(this.modules.languageDetector),_.languageDetector.init&&_.languageDetector.init(_,this.options.detection,this.options)),this.modules.i18nFormat&&(_.i18nFormat=s(this.modules.i18nFormat),_.i18nFormat.init&&_.i18nFormat.init(this)),this.translator=new pr(this.services,this.options),this.translator.on("*",function(x){for(var h=arguments.length,m=new Array(h>1?h-1:0),b=1;b<h;b++)m[b-1]=arguments[b];e.emit(x,...m)}),this.modules.external.forEach(x=>{x.init&&x.init(this)})}if(this.format=this.options.interpolation.format,i||(i=Ji),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const p=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);p.length>0&&p[0]!=="dev"&&(this.options.lng=p[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(p=>{this[p]=function(){return e.store[p](...arguments)}}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(p=>{this[p]=function(){return e.store[p](...arguments),e}});const l=ni(),u=()=>{const p=(g,_)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),l.resolve(_),i(g,_)};if(this.languages&&!this.isInitialized)return p(null,this.t.bind(this));this.changeLanguage(this.options.lng,p)};return this.options.resources||!this.options.initAsync?u():setTimeout(u,0),l}loadResources(e){var s,a;let i=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ji;const r=X(e)?e:this.language;if(typeof e=="function"&&(i=e),!this.options.resources||this.options.partialBundledLanguages){if((r==null?void 0:r.toLowerCase())==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const c=[],l=u=>{if(!u||u==="cimode")return;this.services.languageUtils.toResolveHierarchy(u).forEach(g=>{g!=="cimode"&&c.indexOf(g)<0&&c.push(g)})};r?l(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(p=>l(p)),(a=(s=this.options.preload)==null?void 0:s.forEach)==null||a.call(s,u=>l(u)),this.services.backendConnector.load(c,this.options.ns,u=>{!u&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(u)})}else i(null)}reloadResources(e,t,i){const r=ni();return typeof e=="function"&&(i=e,e=void 0),typeof t=="function"&&(i=t,t=void 0),e||(e=this.languages),t||(t=this.options.ns),i||(i=Ji),this.services.backendConnector.reload(e,t,s=>{r.resolve(),i(s)}),r}use(e){if(!e)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!e.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return e.type==="backend"&&(this.modules.backend=e),(e.type==="logger"||e.log&&e.warn&&e.error)&&(this.modules.logger=e),e.type==="languageDetector"&&(this.modules.languageDetector=e),e.type==="i18nFormat"&&(this.modules.i18nFormat=e),e.type==="postProcessor"&&xd.addPostProcessor(e),e.type==="formatter"&&(this.modules.formatter=e),e.type==="3rdParty"&&this.modules.external.push(e),this}setResolvedLanguage(e){if(!(!e||!this.languages)&&!(["cimode","dev"].indexOf(e)>-1))for(let t=0;t<this.languages.length;t++){const i=this.languages[t];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}}changeLanguage(e,t){var i=this;this.isLanguageChangingTo=e;const r=ni();this.emit("languageChanging",e);const s=l=>{this.language=l,this.languages=this.services.languageUtils.toResolveHierarchy(l),this.resolvedLanguage=void 0,this.setResolvedLanguage(l)},a=(l,u)=>{u?(s(u),this.translator.changeLanguage(u),this.isLanguageChangingTo=void 0,this.emit("languageChanged",u),this.logger.log("languageChanged",u)):this.isLanguageChangingTo=void 0,r.resolve(function(){return i.t(...arguments)}),t&&t(l,function(){return i.t(...arguments)})},c=l=>{var p,g;!e&&!l&&this.services.languageDetector&&(l=[]);const u=X(l)?l:this.services.languageUtils.getBestMatchFromCodes(l);u&&(this.language||s(u),this.translator.language||this.translator.changeLanguage(u),(g=(p=this.services.languageDetector)==null?void 0:p.cacheUserLanguage)==null||g.call(p,u)),this.loadResources(u,_=>{a(_,u)})};return!e&&this.services.languageDetector&&!this.services.languageDetector.async?c(this.services.languageDetector.detect()):!e&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(c):this.services.languageDetector.detect(c):c(e),r}getFixedT(e,t,i){var r=this;const s=function(a,c){let l;if(typeof c!="object"){for(var u=arguments.length,p=new Array(u>2?u-2:0),g=2;g<u;g++)p[g-2]=arguments[g];l=r.options.overloadTranslationOptionHandler([a,c].concat(p))}else l={...c};l.lng=l.lng||s.lng,l.lngs=l.lngs||s.lngs,l.ns=l.ns||s.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||s.keyPrefix);const _=r.options.keySeparator||".";let x;return l.keyPrefix&&Array.isArray(a)?x=a.map(h=>`${l.keyPrefix}${_}${h}`):x=l.keyPrefix?`${l.keyPrefix}${_}${a}`:a,r.t(x,l)};return X(e)?s.lng=e:s.lngs=e,s.ns=t,s.keyPrefix=i,s}t(){var r;for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return(r=this.translator)==null?void 0:r.translate(...t)}exists(){var r;for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return(r=this.translator)==null?void 0:r.exists(...t)}setDefaultNamespace(e){this.options.defaultNS=e}hasLoadedNamespace(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=t.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,s=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const u=this.services.backendConnector.state[`${c}|${l}`];return u===-1||u===0||u===2};if(t.precheck){const c=t.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,e)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,e)&&(!r||a(s,e)))}loadNamespaces(e,t){const i=ni();return this.options.ns?(X(e)&&(e=[e]),e.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),t&&t(r)}),i):(t&&t(),Promise.resolve())}loadLanguages(e,t){const i=ni();X(e)&&(e=[e]);const r=this.options.preload||[],s=e.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return s.length?(this.options.preload=r.concat(s),this.loadResources(a=>{i.resolve(),t&&t(a)}),i):(t&&t(),Promise.resolve())}dir(e){var r,s;if(e||(e=this.resolvedLanguage||(((r=this.languages)==null?void 0:r.length)>0?this.languages[0]:this.language)),!e)return"rtl";const t=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=((s=this.services)==null?void 0:s.languageUtils)||new hl(yl());return t.indexOf(i.getLanguagePartFromCode(e))>-1||e.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1?arguments[1]:void 0;return new gi(e,t)}cloneInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ji;const i=e.forkResourceStore;i&&delete e.forkResourceStore;const r={...this.options,...e,isClone:!0},s=new gi(r);if((e.debug!==void 0||e.prefix!==void 0)&&(s.logger=s.logger.clone(e)),["store","services","language"].forEach(c=>{s[c]=this[c]}),s.services={...this.services},s.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},i){const c=Object.keys(this.store.data).reduce((l,u)=>(l[u]={...this.store.data[u]},Object.keys(l[u]).reduce((p,g)=>(p[g]={...l[u][g]},p),{})),{});s.store=new pl(c,r),s.services.resourceStore=s.store}return s.translator=new pr(s.services,r),s.translator.on("*",function(c){for(var l=arguments.length,u=new Array(l>1?l-1:0),p=1;p<l;p++)u[p-1]=arguments[p];s.emit(c,...u)}),s.init(r,t),s.translator.options=r,s.translator.backendConnector.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},s}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const Oe=gi.createInstance();Oe.createInstance=gi.createInstance;Oe.createInstance;Oe.dir;Oe.init;Oe.loadResources;Oe.reloadResources;Oe.use;Oe.changeLanguage;Oe.getFixedT;const ue=Oe.t;Oe.exists;Oe.setDefaultNamespace;Oe.hasLoadedNamespace;Oe.loadNamespaces;Oe.loadLanguages;const qt=o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()}),Fa=o.z.object({created_at:o.z.string(),updated_at:o.z.string()}),Sd=o.z.object({email:o.z.string().optional(),email_verified:o.z.boolean().optional(),name:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),phone_number:o.z.string().optional(),phone_verified:o.z.boolean().optional(),family_name:o.z.string().optional()}).catchall(o.z.any()),Ad=o.z.object({connection:o.z.string(),user_id:o.z.string(),provider:o.z.string(),isSocial:o.z.boolean(),access_token:o.z.string().optional(),access_token_secret:o.z.string().optional(),refresh_token:o.z.string().optional(),profileData:Sd.optional()}),rs=o.z.object({email:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),nickname:o.z.string().optional(),name:o.z.string().optional(),picture:o.z.string().optional(),locale:o.z.string().optional(),linked_to:o.z.string().optional(),profileData:o.z.string().optional(),user_id:o.z.string().optional(),app_metadata:o.z.any().default({}).optional(),user_metadata:o.z.any().default({}).optional()}),fr=rs.extend({email_verified:o.z.boolean().default(!1),verify_email:o.z.boolean().optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string().optional(),provider:o.z.string().default("email"),connection:o.z.string().default("email"),is_social:o.z.boolean().optional()}),Ka=o.z.object({...fr.shape,...Fa.shape,user_id:o.z.string(),is_social:o.z.boolean(),email:o.z.string(),login_count:o.z.number(),identities:o.z.array(Ad).optional()}),ht=Ka,Wh=rs.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any()),Gh="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";let Jh=(n=21)=>{let e="",t=crypto.getRandomValues(new Uint8Array(n));for(;n--;)e+=Gh[t[n]&63];return e};const Id=o.z.object({audience:o.z.string().optional(),recipient:o.z.string().optional(),createUpnClaim:o.z.boolean().optional(),mapUnknownClaimsAsIs:o.z.boolean().optional(),passthroughClaimsWithNoMapping:o.z.boolean().optional(),mapIdentities:o.z.boolean().optional(),signatureAlgorithm:o.z.string().optional(),digestAlgorithm:o.z.string().optional(),issuer:o.z.string().optional(),destination:o.z.string().optional(),lifetimeInSeconds:o.z.number().optional(),signResponse:o.z.boolean().optional(),nameIdentifierFormat:o.z.string().optional(),nameIdentifierProbes:o.z.array(o.z.string()).optional(),authnContextClassRef:o.z.string().optional(),mappings:o.z.record(o.z.string()).optional()}),hr=o.z.object({id:o.z.string(),name:o.z.string(),callbacks:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted to use as a callback to the client after authentication."}),allowed_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level. Query strings and hash information are not taken into account when validating these URLs."}),web_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),allowed_logout_urls:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),allowed_clients:o.z.array(o.z.string()).default([]).optional().openapi({description:"Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients"}),addons:o.z.object({samlp:Id.optional()}).default({}).optional().openapi({description:"Addons associated with the client. The key is the addon's package name and the value is an object with the configuration for the addon."}),email_validation:o.z.enum(["enabled","disabled","enforced"]).default("enforced").optional().openapi({description:"Defines if it possible to sign in with an unverified email and if verification emails will be sent. This is not available in auth0"}),client_secret:o.z.string().default(()=>Jh()).optional(),disable_sign_ups:o.z.boolean().optional().default(!1).openapi({description:"Prevents users from signing up using the hosted login page. This is not available in auth0"})}),Xt=o.z.object({created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n),...hr.shape});var Ut=(n=>(n.TOKEN="token",n.TOKEN_ID_TOKEN="token id_token",n.CODE="code",n))(Ut||{}),Vt=(n=>(n.QUERY="query",n.FRAGMENT="fragment",n.FORM_POST="form_post",n.WEB_MESSAGE="web_message",n.SAML_POST="saml_post",n))(Vt||{}),ss=(n=>(n.S256="S256",n.Plain="plain",n))(ss||{});const Wa=o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),act_as:o.z.string().optional(),response_type:o.z.nativeEnum(Ut).optional(),response_mode:o.z.nativeEnum(Vt).optional(),redirect_uri:o.z.string().optional(),audience:o.z.string().optional(),state:o.z.string().optional(),nonce:o.z.string().optional(),scope:o.z.string().optional(),prompt:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(ss).optional(),code_challenge:o.z.string().optional(),username:o.z.string().optional(),ui_locales:o.z.string().optional()}),bo=o.z.object({colors:o.z.object({primary:o.z.string(),page_background:o.z.object({type:o.z.string().optional(),start:o.z.string().optional(),end:o.z.string().optional(),angle_deg:o.z.number().optional()}).optional()}).optional(),logo_url:o.z.string().optional(),favicon_url:o.z.string().optional(),font:o.z.object({url:o.z.string()}).optional()}),gr=o.z.object({id:o.z.string().optional(),name:o.z.string(),strategy:o.z.string(),options:o.z.object({kid:o.z.string().optional(),team_id:o.z.string().optional(),realms:o.z.string().optional(),client_id:o.z.string().optional(),client_secret:o.z.string().optional(),app_secret:o.z.string().optional(),scope:o.z.string().optional(),authorization_endpoint:o.z.string().default("").optional(),token_endpoint:o.z.string().default("").optional(),userinfo_endpoint:o.z.string().default("").optional(),jwks_uri:o.z.string().default("").optional(),discovery_url:o.z.string().default("").optional(),issuer:o.z.string().default("").optional()}).default({}).optional(),enabled_clients:o.z.array(o.z.string()).default([]).optional(),response_type:o.z.custom().optional(),response_mode:o.z.custom().optional()}),Bt=o.z.object({id:o.z.string(),created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n)}).extend(gr.shape),_r=o.z.object({name:o.z.string(),audience:o.z.string(),sender_email:o.z.string().email(),sender_name:o.z.string(),support_url:o.z.string().url().optional(),logo:o.z.string().url().optional(),primary_color:o.z.string().optional(),secondary_color:o.z.string().optional(),language:o.z.string().optional(),id:o.z.string().optional()}),En=o.z.object({created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n),..._r.shape,id:o.z.string()}),Zh=o.z.object({logoUrl:o.z.string(),loginBackgroundImage:o.z.string().nullish(),style:o.z.object({primaryColor:o.z.string(),buttonTextColor:o.z.string(),primaryHoverColor:o.z.string()}),supportEmail:o.z.string().nullable(),supportUrl:o.z.string().nullable(),name:o.z.string(),showGreyishBackground:o.z.boolean().optional(),termsAndConditionsUrl:o.z.string().nullable(),companyName:o.z.string().optional(),checkoutHideSocial:o.z.boolean().optional(),siteUrl:o.z.string().nullable(),manageSubscriptionsUrl:o.z.string().optional()}),Yh=o.z.object({domain:o.z.string(),dkim_private_key:o.z.string().optional(),dkim_public_key:o.z.string().optional(),email_api_key:o.z.string().optional(),email_service:o.z.string().optional()});o.z.object({...Xt.shape,domains:o.z.array(Yh),tenant:En,connections:o.z.array(Bt)});const Ed=o.z.enum(["password_reset","email_verification","otp","authorization_code","oauth2_state","ticket"]),zd=o.z.object({code_id:o.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:o.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:o.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:Ed,code_verifier:o.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),expires_at:o.z.string(),used_at:o.z.string().optional(),user_id:o.z.string().optional()}),Xh=o.z.object({...zd.shape,created_at:o.z.string()}),$d=o.z.object({domain:o.z.string(),dkim_private_key:o.z.string().optional(),dkim_public_key:o.z.string().optional(),email_api_key:o.z.string().optional(),email_service:o.z.string().optional()}),Qh=Fa.extend({...$d.shape,id:o.z.string()}),mr=o.z.object({trigger_id:o.z.enum(["pre-user-signup","post-user-registration","post-user-login"]),enabled:o.z.boolean().default(!1),url:o.z.string(),hook_id:o.z.string().optional(),synchronous:o.z.boolean().default(!1),priority:o.z.number().optional()}),An=mr.extend({...Fa.shape,hook_id:o.z.string()}),Ga=o.z.object({alg:o.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),e:o.z.string(),kid:o.z.string(),kty:o.z.enum(["RSA","EC","oct"]),n:o.z.string(),x5t:o.z.string().optional(),x5c:o.z.array(o.z.string()).optional(),use:o.z.enum(["sig","enc"]).optional()}),Cd=o.z.object({keys:o.z.array(Ga)}),ko=o.z.object({issuer:o.z.string(),authorization_endpoint:o.z.string(),token_endpoint:o.z.string(),device_authorization_endpoint:o.z.string(),userinfo_endpoint:o.z.string(),mfa_challenge_endpoint:o.z.string(),jwks_uri:o.z.string(),registration_endpoint:o.z.string(),revocation_endpoint:o.z.string(),scopes_supported:o.z.array(o.z.string()),response_types_supported:o.z.array(o.z.string()),code_challenge_methods_supported:o.z.array(o.z.string()),response_modes_supported:o.z.array(o.z.string()),subject_types_supported:o.z.array(o.z.string()),id_token_signing_alg_values_supported:o.z.array(o.z.string()),token_endpoint_auth_methods_supported:o.z.array(o.z.string()),claims_supported:o.z.array(o.z.string()),request_uri_parameter_supported:o.z.boolean(),request_parameter_supported:o.z.boolean(),token_endpoint_auth_signing_alg_values_supported:o.z.array(o.z.string())}),jd=o.z.object({auth0Client:o.z.string().optional(),authParams:Wa,expires_at:o.z.string(),deleted_at:o.z.string().optional(),ip:o.z.string().optional(),useragent:o.z.string().optional()}).openapi({description:"This represents a login sesion"}),eg=o.z.object({...jd.shape,login_id:o.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:o.z.string(),updated_at:o.z.string()});var _e=(n=>(n.FAILED_SILENT_AUTH="fsa",n.FAILED_SIGNUP="fs",n.FAILED_LOGIN="f",n.FAILED_LOGIN_INCORRECT_PASSWORD="fp",n.FAILED_CHANGE_PASSWORD="fcp",n.FAILED_BY_CONNECTOR="fc",n.FAILED_LOGIN_INVALID_EMAIL_USERNAME="fu",n.FAILED_HOOK="fh",n.FAILED_CROSS_ORIGIN_AUTHENTICATION="fcoa",n.SUCCESS_API_OPERATION="sapi",n.SUCCESS_CHANGE_PASSWORD="scp",n.SUCCESS_CHANGE_PASSWORD_REQUEST="scpr",n.SUCCESS_CHANGE_USERNAME="scu",n.SUCCESS_CROSS_ORIGIN_AUTHENTICATION="scoa",n.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN="seacft",n.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN="serft",n.SUCCESS_LOGIN="s",n.SUCCESS_LOGOUT="slo",n.SUCCESS_SIGNUP="ss",n.SUCCESS_SILENT_AUTH="ssa",n.SUCCESS_VERIFICATION_EMAIL="sv",n.SUCCESS_VERIFICATION_EMAIL_REQUEST="svr",n.CODE_LINK_SENT="cls",n.BLOCKED_ACCOUNT_EMAIL="limit_wc",n.BLOCKED_ACCOUNT_IP="limit_sul",n.BLOCKED_IP_ADDRESS="limit_mu",n))(_e||{});const tg=o.z.enum(["cls","fsa","fs","f","fc","fcoa","fcp","fh","fp","fs","fu","s","sapi","scoa","scp","scpr","scu","seacft","serft","slo","ss","ssa","sv","svr"]),Nd=o.z.object({name:o.z.string(),version:o.z.string(),env:o.z.object({node:o.z.string().optional()}).optional()}),yr=o.z.object({type:tg,date:o.z.string(),description:o.z.string().optional(),log_id:o.z.string().optional(),_id:o.z.string().optional(),ip:o.z.string(),user_agent:o.z.string(),details:o.z.any().optional(),isMobile:o.z.boolean(),user_id:o.z.string().optional(),user_name:o.z.string().optional(),connection:o.z.string().optional(),connection_id:o.z.string().optional(),client_id:o.z.string().optional(),client_name:o.z.string().optional(),audience:o.z.string().optional(),scope:o.z.array(o.z.string()).optional(),strategy:o.z.string().optional(),strategy_type:o.z.string().optional(),hostname:o.z.string().optional(),auth0_client:Nd.optional()}),Od=o.z.object({user_id:o.z.string(),password:o.z.string(),algorithm:o.z.enum(["bcrypt","argon2id"]).default("argon2id")}),ng=o.z.object({...Od.shape,created_at:o.z.string(),updated_at:o.z.string()}),Bd=o.z.object({initial_user_agent:o.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:o.z.string().describe("First IP address associated with this session"),initial_asn:o.z.string().describe("First autonomous system number associated with this session"),last_user_agent:o.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:o.z.string().describe("Last IP address from which this user logged in"),last_asn:o.z.string().describe("Last autonomous system number from which this user logged in")}),Td=o.z.object({id:o.z.string(),client_id:o.z.string(),revoked_at:o.z.string().optional(),used_at:o.z.string(),user_id:o.z.string().describe("The user ID associated with the session"),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),device:Bd.describe("Metadata related to the device used in the session"),clients:o.z.array(o.z.string()).describe("List of client details for the session")}),os=o.z.object({created_at:o.z.string(),updated_at:o.z.string(),authenticated_at:o.z.string(),last_interaction_at:o.z.string(),...Td.shape}),xo=o.z.object({kid:o.z.string().openapi({description:"The key id of the signing key"}),cert:o.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:o.z.string().openapi({description:"The cert fingerprint"}),thumbprint:o.z.string().openapi({description:"The cert thumbprint"}),pkcs7:o.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:o.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:o.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:o.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:o.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:o.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:o.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:o.z.string().optional().openapi({description:"The date and time when the key was revoked"})});var ci=(n=>(n.RefreshToken="refresh_token",n.AuthorizationCode="authorization_code",n.ClientCredential="client_credentials",n.Passwordless="passwordless",n.Password="password",n))(ci||{});const Rd=o.z.object({access_token:o.z.string(),id_token:o.z.string().optional(),scope:o.z.string().optional(),state:o.z.string().optional(),refresh_token:o.z.string().optional(),token_type:o.z.string(),expires_in:o.z.number()});o.z.object({code:o.z.string(),state:o.z.string().optional()});const Pd=o.z.object({button_border_radius:o.z.number(),button_border_weight:o.z.number(),buttons_style:o.z.enum(["pill"]),input_border_radius:o.z.number(),input_border_weight:o.z.number(),inputs_style:o.z.enum(["pill"]),show_widget_shadow:o.z.boolean(),widget_border_weight:o.z.number(),widget_corner_radius:o.z.number()}),Ld=o.z.object({base_focus_color:o.z.string(),base_hover_color:o.z.string(),body_text:o.z.string(),captcha_widget_theme:o.z.enum(["auto"]),error:o.z.string(),header:o.z.string(),icons:o.z.string(),input_background:o.z.string(),input_border:o.z.string(),input_filled_text:o.z.string(),input_labels_placeholders:o.z.string(),links_focused_components:o.z.string(),primary_button:o.z.string(),primary_button_label:o.z.string(),secondary_button_border:o.z.string(),secondary_button_label:o.z.string(),success:o.z.string(),widget_background:o.z.string(),widget_border:o.z.string()}),Zt=o.z.object({bold:o.z.boolean(),size:o.z.number()}),Ud=o.z.object({body_text:Zt,buttons_text:Zt,font_url:o.z.string(),input_labels:Zt,links:Zt,links_style:o.z.enum(["normal"]),reference_text_size:o.z.number(),subtitle:Zt,title:Zt}),Vd=o.z.object({background_color:o.z.string(),background_image_url:o.z.string(),page_layout:o.z.enum(["center"])}),Md=o.z.object({header_text_alignment:o.z.enum(["center"]),logo_height:o.z.number(),logo_position:o.z.enum(["center"]),logo_url:o.z.string(),social_buttons_layout:o.z.enum(["bottom"])}),Hd=o.z.object({borders:Pd,colors:Ld,displayName:o.z.string(),fonts:Ud,page_background:Vd,widget:Md}),ig=Hd.extend({themeId:o.z.string()}),tr=o.z.object({universal_login_experience:o.z.enum(["new","classic"]).default("new"),identifier_first:o.z.boolean().default(!0),password_first:o.z.boolean().default(!1),webauthn_platform_first_factor:o.z.boolean()}),nr=o.z.object({name:o.z.string(),enabled:o.z.boolean().optional().default(!0),default_from_address:o.z.string().optional(),credentials:o.z.union([o.z.object({accessKeyId:o.z.string(),secretAccessKey:o.z.string(),region:o.z.string()}),o.z.object({smtp_host:o.z.array(o.z.string()),smtp_port:o.z.number(),smtp_user:o.z.string(),smtp_pass:o.z.string()}),o.z.object({api_key:o.z.string(),domain:o.z.string().optional()}),o.z.object({connectionString:o.z.string()}),o.z.object({tenantId:o.z.string(),clientId:o.z.string(),clientSecret:o.z.string()})]),settings:o.z.object({}).optional()}),Dd=o.z.object({token:o.z.string(),session_id:o.z.string(),user_id:o.z.string(),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),last_exchanged_at:o.z.string().optional(),device:Bd.optional(),resource_servers:o.z.array(o.z.object({audience:o.z.string(),scopes:o.z.string()})),rotating:o.z.boolean()}),rg=o.z.object({created_at:o.z.string(),...Dd.shape});function sg(n){const[e,t]=n.split("|");if(!e||!t)throw new Error(`Invalid user_id: ${n}`);return{connection:e,id:t}}const og=new o.OpenAPIHono().openapi(o.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:bo}},description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.branding.get(e);return t?n.json(t):n.json({})}).openapi(o.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(bo.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.branding.set(e,t),n.text("OK")});var j=class extends Error{constructor(e=500,t){super(t==null?void 0:t.message,{cause:t==null?void 0:t.cause});te(this,"res");te(this,"status");this.res=t==null?void 0:t.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}},vr=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function ag(n){return n&&n.__esModule&&Object.prototype.hasOwnProperty.call(n,"default")?n.default:n}function cg(n){if(n.__esModule)return n;var e=n.default;if(typeof e=="function"){var t=function i(){return this instanceof i?Reflect.construct(e,arguments,this.constructor):e.apply(this,arguments)};t.prototype=e.prototype}else t={};return Object.defineProperty(t,"__esModule",{value:!0}),Object.keys(n).forEach(function(i){var r=Object.getOwnPropertyDescriptor(n,i);Object.defineProperty(t,i,r.get?r:{enumerable:!0,get:function(){return n[i]}})}),t}function lg(n){throw new Error('Could not dynamically require "'+n+'". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.')}var qd={exports:{}};const ug={},dg=Object.freeze(Object.defineProperty({__proto__:null,default:ug},Symbol.toStringTag,{value:"Module"})),pg=cg(dg);(function(n){/**
+"use strict";var Eh=Object.defineProperty;var zh=(n,e,t)=>e in n?Eh(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t;var te=(n,e,t)=>zh(n,typeof e!="symbol"?e+"":e,t);Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("@hono/zod-openapi"),X=n=>typeof n=="string",ni=()=>{let n,e;const t=new Promise((i,r)=>{n=i,e=r});return t.resolve=n,t.reject=e,t},cl=n=>n==null?"":""+n,$h=(n,e,t)=>{n.forEach(i=>{e[i]&&(t[i]=e[i])})},Ch=/###/g,ll=n=>n&&n.indexOf("###")>-1?n.replace(Ch,"."):n,ul=n=>!n||X(n),ai=(n,e,t)=>{const i=X(e)?e.split("."):e;let r=0;for(;r<i.length-1;){if(ul(n))return{};const s=ll(i[r]);!n[s]&&t&&(n[s]=new t),Object.prototype.hasOwnProperty.call(n,s)?n=n[s]:n={},++r}return ul(n)?{}:{obj:n,k:ll(i[r])}},dl=(n,e,t)=>{const{obj:i,k:r}=ai(n,e,Object);if(i!==void 0||e.length===1){i[r]=t;return}let s=e[e.length-1],a=e.slice(0,e.length-1),c=ai(n,a,Object);for(;c.obj===void 0&&a.length;)s=`${a[a.length-1]}.${s}`,a=a.slice(0,a.length-1),c=ai(n,a,Object),c!=null&&c.obj&&typeof c.obj[`${c.k}.${s}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${s}`]=t},jh=(n,e,t,i)=>{const{obj:r,k:s}=ai(n,e,Object);r[s]=r[s]||[],r[s].push(t)},lr=(n,e)=>{const{obj:t,k:i}=ai(n,e);if(t&&Object.prototype.hasOwnProperty.call(t,i))return t[i]},Nh=(n,e,t)=>{const i=lr(n,t);return i!==void 0?i:lr(e,t)},kd=(n,e,t)=>{for(const i in e)i!=="__proto__"&&i!=="constructor"&&(i in n?X(n[i])||n[i]instanceof String||X(e[i])||e[i]instanceof String?t&&(n[i]=e[i]):kd(n[i],e[i],t):n[i]=e[i]);return n},kn=n=>n.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var Oh={"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#x2F;"};const Bh=n=>X(n)?n.replace(/[&<>"'\/]/g,e=>Oh[e]):n;class Th{constructor(e){this.capacity=e,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(e){const t=this.regExpMap.get(e);if(t!==void 0)return t;const i=new RegExp(e);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(e,i),this.regExpQueue.push(e),i}}const Rh=[" ",",","?","!",";"],Ph=new Th(20),Lh=(n,e,t)=>{e=e||"",t=t||"";const i=Rh.filter(a=>e.indexOf(a)<0&&t.indexOf(a)<0);if(i.length===0)return!0;const r=Ph.getRegExp(`(${i.map(a=>a==="?"?"\\?":a).join("|")})`);let s=!r.test(n);if(!s){const a=n.indexOf(t);a>0&&!r.test(n.substring(0,a))&&(s=!0)}return s},wo=function(n,e){let t=arguments.length>2&&arguments[2]!==void 0?arguments[2]:".";if(!n)return;if(n[e])return Object.prototype.hasOwnProperty.call(n,e)?n[e]:void 0;const i=e.split(t);let r=n;for(let s=0;s<i.length;){if(!r||typeof r!="object")return;let a,c="";for(let l=s;l<i.length;++l)if(l!==s&&(c+=t),c+=i[l],a=r[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<i.length-1)continue;s+=l-s+1;break}r=a}return r},ur=n=>n==null?void 0:n.replace("_","-"),Uh={type:"logger",log(n){this.output("log",n)},warn(n){this.output("warn",n)},error(n){this.output("error",n)},output(n,e){var t,i;(i=(t=console==null?void 0:console[n])==null?void 0:t.apply)==null||i.call(t,console,e)}};class dr{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.init(e,t)}init(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.prefix=t.prefix||"i18next:",this.logger=e||Uh,this.options=t,this.debug=t.debug}log(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"log","",!0)}warn(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"warn","",!0)}error(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"error","")}deprecate(){for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return this.forward(t,"warn","WARNING DEPRECATED: ",!0)}forward(e,t,i,r){return r&&!this.debug?null:(X(e[0])&&(e[0]=`${i}${this.prefix} ${e[0]}`),this.logger[t](e))}create(e){return new dr(this.logger,{prefix:`${this.prefix}:${e}:`,...this.options})}clone(e){return e=e||this.options,e.prefix=e.prefix||this.prefix,new dr(this.logger,e)}}var gt=new dr;class is{constructor(){this.observers={}}on(e,t){return e.split(" ").forEach(i=>{this.observers[i]||(this.observers[i]=new Map);const r=this.observers[i].get(t)||0;this.observers[i].set(t,r+1)}),this}off(e,t){if(this.observers[e]){if(!t){delete this.observers[e];return}this.observers[e].delete(t)}}emit(e){for(var t=arguments.length,i=new Array(t>1?t-1:0),r=1;r<t;r++)i[r-1]=arguments[r];this.observers[e]&&Array.from(this.observers[e].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c(...i)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c.apply(c,[e,...i])})}}class pl extends is{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{ns:["translation"],defaultNS:"translation"};super(),this.data=e||{},this.options=t,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(e){this.options.ns.indexOf(e)<0&&this.options.ns.push(e)}removeNamespaces(e){const t=this.options.ns.indexOf(e);t>-1&&this.options.ns.splice(t,1)}getResource(e,t,i){var u,p;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=r.keySeparator!==void 0?r.keySeparator:this.options.keySeparator,a=r.ignoreJSONStructure!==void 0?r.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;e.indexOf(".")>-1?c=e.split("."):(c=[e,t],i&&(Array.isArray(i)?c.push(...i):X(i)&&s?c.push(...i.split(s)):c.push(i)));const l=lr(this.data,c);return!l&&!t&&!i&&e.indexOf(".")>-1&&(e=c[0],t=c[1],i=c.slice(2).join(".")),l||!a||!X(i)?l:wo((p=(u=this.data)==null?void 0:u[e])==null?void 0:p[t],i,s)}addResource(e,t,i,r){let s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:{silent:!1};const a=s.keySeparator!==void 0?s.keySeparator:this.options.keySeparator;let c=[e,t];i&&(c=c.concat(a?i.split(a):i)),e.indexOf(".")>-1&&(c=e.split("."),r=t,t=c[1]),this.addNamespaces(t),dl(this.data,c,r),s.silent||this.emit("added",e,t,i,r)}addResources(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{silent:!1};for(const s in i)(X(i[s])||Array.isArray(i[s]))&&this.addResource(e,t,s,i[s],{silent:!0});r.silent||this.emit("added",e,t,i)}addResourceBundle(e,t,i,r,s){let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{silent:!1,skipCopy:!1},c=[e,t];e.indexOf(".")>-1&&(c=e.split("."),r=i,i=t,t=c[1]),this.addNamespaces(t);let l=lr(this.data,c)||{};a.skipCopy||(i=JSON.parse(JSON.stringify(i))),r?kd(l,i,s):l={...l,...i},dl(this.data,c,l),a.silent||this.emit("added",e,t,i)}removeResourceBundle(e,t){this.hasResourceBundle(e,t)&&delete this.data[e][t],this.removeNamespaces(t),this.emit("removed",e,t)}hasResourceBundle(e,t){return this.getResource(e,t)!==void 0}getResourceBundle(e,t){return t||(t=this.options.defaultNS),this.getResource(e,t)}getDataByLanguage(e){return this.data[e]}hasLanguageSomeTranslations(e){const t=this.getDataByLanguage(e);return!!(t&&Object.keys(t)||[]).find(r=>t[r]&&Object.keys(t[r]).length>0)}toJSON(){return this.data}}var xd={processors:{},addPostProcessor(n){this.processors[n.name]=n},handle(n,e,t,i,r){return n.forEach(s=>{var a;e=((a=this.processors[s])==null?void 0:a.process(e,t,i,r))??e}),e}};const fl={};class pr extends is{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};super(),$h(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],e,this),this.options=t,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=gt.create("translator")}changeLanguage(e){e&&(this.language=e)}exists(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};if(e==null)return!1;const i=this.resolve(e,t);return(i==null?void 0:i.res)!==void 0}extractFromKey(e,t){let i=t.nsSeparator!==void 0?t.nsSeparator:this.options.nsSeparator;i===void 0&&(i=":");const r=t.keySeparator!==void 0?t.keySeparator:this.options.keySeparator;let s=t.ns||this.options.defaultNS||[];const a=i&&e.indexOf(i)>-1,c=!this.options.userDefinedKeySeparator&&!t.keySeparator&&!this.options.userDefinedNsSeparator&&!t.nsSeparator&&!Lh(e,i,r);if(a&&!c){const l=e.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:e,namespaces:X(s)?[s]:s};const u=e.split(i);(i!==r||i===r&&this.options.ns.indexOf(u[0])>-1)&&(s=u.shift()),e=u.join(r)}return{key:e,namespaces:X(s)?[s]:s}}translate(e,t,i){if(typeof t!="object"&&this.options.overloadTranslationOptionHandler&&(t=this.options.overloadTranslationOptionHandler(arguments)),typeof t=="object"&&(t={...t}),t||(t={}),e==null)return"";Array.isArray(e)||(e=[String(e)]);const r=t.returnDetails!==void 0?t.returnDetails:this.options.returnDetails,s=t.keySeparator!==void 0?t.keySeparator:this.options.keySeparator,{key:a,namespaces:c}=this.extractFromKey(e[e.length-1],t),l=c[c.length-1],u=t.lng||this.language,p=t.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if((u==null?void 0:u.toLowerCase())==="cimode"){if(p){const F=t.nsSeparator||this.options.nsSeparator;return r?{res:`${l}${F}${a}`,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(t)}:`${l}${F}${a}`}return r?{res:a,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(t)}:a}const g=this.resolve(e,t);let _=g==null?void 0:g.res;const x=(g==null?void 0:g.usedKey)||a,h=(g==null?void 0:g.exactUsedKey)||a,m=Object.prototype.toString.apply(_),b=["[object Number]","[object Function]","[object RegExp]"],S=t.joinArrays!==void 0?t.joinArrays:this.options.joinArrays,O=!this.i18nFormat||this.i18nFormat.handleAsObject,T=!X(_)&&typeof _!="boolean"&&typeof _!="number";if(O&&_&&T&&b.indexOf(m)<0&&!(X(S)&&Array.isArray(_))){if(!t.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const F=this.options.returnedObjectHandler?this.options.returnedObjectHandler(x,_,{...t,ns:c}):`key '${a} (${this.language})' returned an object instead of string.`;return r?(g.res=F,g.usedParams=this.getUsedParamsDetails(t),g):F}if(s){const F=Array.isArray(_),oe=F?[]:{},pe=F?h:x;for(const ce in _)if(Object.prototype.hasOwnProperty.call(_,ce)){const Pe=`${pe}${s}${ce}`;oe[ce]=this.translate(Pe,{...t,joinArrays:!1,ns:c}),oe[ce]===Pe&&(oe[ce]=_[ce])}_=oe}}else if(O&&X(S)&&Array.isArray(_))_=_.join(S),_&&(_=this.extendTranslation(_,e,t,i));else{let F=!1,oe=!1;const pe=t.count!==void 0&&!X(t.count),ce=pr.hasDefaultValue(t),Pe=pe?this.pluralResolver.getSuffix(u,t.count,t):"",it=t.ordinal&&pe?this.pluralResolver.getSuffix(u,t.count,{ordinal:!1}):"",Fe=pe&&!t.ordinal&&t.count===0,z=Fe&&t[`defaultValue${this.options.pluralSeparator}zero`]||t[`defaultValue${Pe}`]||t[`defaultValue${it}`]||t.defaultValue;!this.isValidLookup(_)&&ce&&(F=!0,_=z),this.isValidLookup(_)||(oe=!0,_=a);const A=(t.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&oe?void 0:_,w=ce&&z!==_&&this.options.updateMissing;if(oe||F||w){if(this.logger.log(w?"updateKey":"missingKey",u,l,a,w?z:_),s){const Z=this.resolve(a,{...t,keySeparator:!1});Z&&Z.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let v=[];const $=this.languageUtils.getFallbackCodes(this.options.fallbackLng,t.lng||this.language);if(this.options.saveMissingTo==="fallback"&&$&&$[0])for(let Z=0;Z<$.length;Z++)v.push($[Z]);else this.options.saveMissingTo==="all"?v=this.languageUtils.toResolveHierarchy(t.lng||this.language):v.push(t.lng||this.language);const R=(Z,K,ee)=>{var M;const se=ce&&ee!==_?ee:A;this.options.missingKeyHandler?this.options.missingKeyHandler(Z,l,K,se,w,t):(M=this.backendConnector)!=null&&M.saveMissing&&this.backendConnector.saveMissing(Z,l,K,se,w,t),this.emit("missingKey",Z,l,K,_)};this.options.saveMissing&&(this.options.saveMissingPlurals&&pe?v.forEach(Z=>{const K=this.pluralResolver.getSuffixes(Z,t);Fe&&t[`defaultValue${this.options.pluralSeparator}zero`]&&K.indexOf(`${this.options.pluralSeparator}zero`)<0&&K.push(`${this.options.pluralSeparator}zero`),K.forEach(ee=>{R([Z],a+ee,t[`defaultValue${ee}`]||z)})}):R(v,a,z))}_=this.extendTranslation(_,e,t,g,i),oe&&_===a&&this.options.appendNamespaceToMissingKey&&(_=`${l}:${a}`),(oe||F)&&this.options.parseMissingKeyHandler&&(_=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${l}:${a}`:a,F?_:void 0))}return r?(g.res=_,g.usedParams=this.getUsedParamsDetails(t),g):_}extendTranslation(e,t,i,r,s){var u,p;var a=this;if((u=this.i18nFormat)!=null&&u.parse)e=this.i18nFormat.parse(e,{...this.options.interpolation.defaultVariables,...i},i.lng||this.language||r.usedLng,r.usedNS,r.usedKey,{resolved:r});else if(!i.skipInterpolation){i.interpolation&&this.interpolator.init({...i,interpolation:{...this.options.interpolation,...i.interpolation}});const g=X(e)&&(((p=i==null?void 0:i.interpolation)==null?void 0:p.skipOnVariables)!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let _;if(g){const h=e.match(this.interpolator.nestingRegexp);_=h&&h.length}let x=i.replace&&!X(i.replace)?i.replace:i;if(this.options.interpolation.defaultVariables&&(x={...this.options.interpolation.defaultVariables,...x}),e=this.interpolator.interpolate(e,x,i.lng||this.language||r.usedLng,i),g){const h=e.match(this.interpolator.nestingRegexp),m=h&&h.length;_<m&&(i.nest=!1)}!i.lng&&r&&r.res&&(i.lng=this.language||r.usedLng),i.nest!==!1&&(e=this.interpolator.nest(e,function(){for(var h=arguments.length,m=new Array(h),b=0;b<h;b++)m[b]=arguments[b];return(s==null?void 0:s[0])===m[0]&&!i.context?(a.logger.warn(`It seems you are nesting recursively key: ${m[0]} in key: ${t[0]}`),null):a.translate(...m,t)},i)),i.interpolation&&this.interpolator.reset()}const c=i.postProcess||this.options.postProcess,l=X(c)?[c]:c;return e!=null&&(l!=null&&l.length)&&i.applyPostProcessor!==!1&&(e=xd.handle(l,e,t,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...r,usedParams:this.getUsedParamsDetails(i)},...i}:i,this)),e}resolve(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i,r,s,a,c;return X(e)&&(e=[e]),e.forEach(l=>{if(this.isValidLookup(i))return;const u=this.extractFromKey(l,t),p=u.key;r=p;let g=u.namespaces;this.options.fallbackNS&&(g=g.concat(this.options.fallbackNS));const _=t.count!==void 0&&!X(t.count),x=_&&!t.ordinal&&t.count===0,h=t.context!==void 0&&(X(t.context)||typeof t.context=="number")&&t.context!=="",m=t.lngs?t.lngs:this.languageUtils.toResolveHierarchy(t.lng||this.language,t.fallbackLng);g.forEach(b=>{var S,O;this.isValidLookup(i)||(c=b,!fl[`${m[0]}-${b}`]&&((S=this.utils)!=null&&S.hasLoadedNamespace)&&!((O=this.utils)!=null&&O.hasLoadedNamespace(c))&&(fl[`${m[0]}-${b}`]=!0,this.logger.warn(`key "${r}" for languages "${m.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),m.forEach(T=>{var pe;if(this.isValidLookup(i))return;a=T;const F=[p];if((pe=this.i18nFormat)!=null&&pe.addLookupKeys)this.i18nFormat.addLookupKeys(F,p,T,b,t);else{let ce;_&&(ce=this.pluralResolver.getSuffix(T,t.count,t));const Pe=`${this.options.pluralSeparator}zero`,it=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(_&&(F.push(p+ce),t.ordinal&&ce.indexOf(it)===0&&F.push(p+ce.replace(it,this.options.pluralSeparator)),x&&F.push(p+Pe)),h){const Fe=`${p}${this.options.contextSeparator}${t.context}`;F.push(Fe),_&&(F.push(Fe+ce),t.ordinal&&ce.indexOf(it)===0&&F.push(Fe+ce.replace(it,this.options.pluralSeparator)),x&&F.push(Fe+Pe))}}let oe;for(;oe=F.pop();)this.isValidLookup(i)||(s=oe,i=this.getResource(T,b,oe,t))}))})}),{res:i,usedKey:r,exactUsedKey:s,usedLng:a,usedNS:c}}isValidLookup(e){return e!==void 0&&!(!this.options.returnNull&&e===null)&&!(!this.options.returnEmptyString&&e==="")}getResource(e,t,i){var s;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};return(s=this.i18nFormat)!=null&&s.getResource?this.i18nFormat.getResource(e,t,i,r):this.resourceStore.getResource(e,t,i,r)}getUsedParamsDetails(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};const t=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],i=e.replace&&!X(e.replace);let r=i?e.replace:e;if(i&&typeof e.count<"u"&&(r.count=e.count),this.options.interpolation.defaultVariables&&(r={...this.options.interpolation.defaultVariables,...r}),!i){r={...r};for(const s of t)delete r[s]}return r}static hasDefaultValue(e){const t="defaultValue";for(const i in e)if(Object.prototype.hasOwnProperty.call(e,i)&&t===i.substring(0,t.length)&&e[i]!==void 0)return!0;return!1}}class hl{constructor(e){this.options=e,this.supportedLngs=this.options.supportedLngs||!1,this.logger=gt.create("languageUtils")}getScriptPartFromCode(e){if(e=ur(e),!e||e.indexOf("-")<0)return null;const t=e.split("-");return t.length===2||(t.pop(),t[t.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(t.join("-"))}getLanguagePartFromCode(e){if(e=ur(e),!e||e.indexOf("-")<0)return e;const t=e.split("-");return this.formatLanguageCode(t[0])}formatLanguageCode(e){if(X(e)&&e.indexOf("-")>-1){let t;try{t=Intl.getCanonicalLocales(e)[0]}catch{}return t&&this.options.lowerCaseLng&&(t=t.toLowerCase()),t||(this.options.lowerCaseLng?e.toLowerCase():e)}return this.options.cleanCode||this.options.lowerCaseLng?e.toLowerCase():e}isSupportedCode(e){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(e=this.getLanguagePartFromCode(e)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(e)>-1}getBestMatchFromCodes(e){if(!e)return null;let t;return e.forEach(i=>{if(t)return;const r=this.formatLanguageCode(i);(!this.options.supportedLngs||this.isSupportedCode(r))&&(t=r)}),!t&&this.options.supportedLngs&&e.forEach(i=>{if(t)return;const r=this.getLanguagePartFromCode(i);if(this.isSupportedCode(r))return t=r;t=this.options.supportedLngs.find(s=>{if(s===r)return s;if(!(s.indexOf("-")<0&&r.indexOf("-")<0)&&(s.indexOf("-")>0&&r.indexOf("-")<0&&s.substring(0,s.indexOf("-"))===r||s.indexOf(r)===0&&r.length>1))return s})}),t||(t=this.getFallbackCodes(this.options.fallbackLng)[0]),t}getFallbackCodes(e,t){if(!e)return[];if(typeof e=="function"&&(e=e(t)),X(e)&&(e=[e]),Array.isArray(e))return e;if(!t)return e.default||[];let i=e[t];return i||(i=e[this.getScriptPartFromCode(t)]),i||(i=e[this.formatLanguageCode(t)]),i||(i=e[this.getLanguagePartFromCode(t)]),i||(i=e.default),i||[]}toResolveHierarchy(e,t){const i=this.getFallbackCodes(t||this.options.fallbackLng||[],e),r=[],s=a=>{a&&(this.isSupportedCode(a)?r.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return X(e)&&(e.indexOf("-")>-1||e.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&s(this.formatLanguageCode(e)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&s(this.getScriptPartFromCode(e)),this.options.load!=="currentOnly"&&s(this.getLanguagePartFromCode(e))):X(e)&&s(this.formatLanguageCode(e)),i.forEach(a=>{r.indexOf(a)<0&&s(this.formatLanguageCode(a))}),r}}const gl={zero:0,one:1,two:2,few:3,many:4,other:5},_l={select:n=>n===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class Vh{constructor(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.languageUtils=e,this.options=t,this.logger=gt.create("pluralResolver"),this.pluralRulesCache={}}addRule(e,t){this.rules[e]=t}clearCache(){this.pluralRulesCache={}}getRule(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};const i=ur(e==="dev"?"en":e),r=t.ordinal?"ordinal":"cardinal",s=JSON.stringify({cleanedCode:i,type:r});if(s in this.pluralRulesCache)return this.pluralRulesCache[s];let a;try{a=new Intl.PluralRules(i,{type:r})}catch{if(!Intl)return this.logger.error("No Intl support, please use an Intl polyfill!"),_l;if(!e.match(/-|_/))return _l;const l=this.languageUtils.getLanguagePartFromCode(e);a=this.getRule(l,t)}return this.pluralRulesCache[s]=a,a}needsPlural(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i=this.getRule(e,t);return i||(i=this.getRule("dev",t)),(i==null?void 0:i.resolvedOptions().pluralCategories.length)>1}getPluralFormsOfKey(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this.getSuffixes(e,i).map(r=>`${t}${r}`)}getSuffixes(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},i=this.getRule(e,t);return i||(i=this.getRule("dev",t)),i?i.resolvedOptions().pluralCategories.sort((r,s)=>gl[r]-gl[s]).map(r=>`${this.options.prepend}${t.ordinal?`ordinal${this.options.prepend}`:""}${r}`):[]}getSuffix(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};const r=this.getRule(e,i);return r?`${this.options.prepend}${i.ordinal?`ordinal${this.options.prepend}`:""}${r.select(t)}`:(this.logger.warn(`no plural rule found for: ${e}`),this.getSuffix("dev",t,i))}}const ml=function(n,e,t){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:".",r=arguments.length>4&&arguments[4]!==void 0?arguments[4]:!0,s=Nh(n,e,t);return!s&&r&&X(t)&&(s=wo(n,t,i),s===void 0&&(s=wo(e,t,i))),s},ro=n=>n.replace(/\$/g,"$$$$");class Mh{constructor(){var t;let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=gt.create("interpolator"),this.options=e,this.format=((t=e==null?void 0:e.interpolation)==null?void 0:t.format)||(i=>i),this.init(e)}init(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};e.interpolation||(e.interpolation={escapeValue:!0});const{escape:t,escapeValue:i,useRawValueToEscape:r,prefix:s,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:u,unescapeSuffix:p,unescapePrefix:g,nestingPrefix:_,nestingPrefixEscaped:x,nestingSuffix:h,nestingSuffixEscaped:m,nestingOptionsSeparator:b,maxReplaces:S,alwaysFormat:O}=e.interpolation;this.escape=t!==void 0?t:Bh,this.escapeValue=i!==void 0?i:!0,this.useRawValueToEscape=r!==void 0?r:!1,this.prefix=s?kn(s):a||"{{",this.suffix=c?kn(c):l||"}}",this.formatSeparator=u||",",this.unescapePrefix=p?"":g||"-",this.unescapeSuffix=this.unescapePrefix?"":p||"",this.nestingPrefix=_?kn(_):x||kn("$t("),this.nestingSuffix=h?kn(h):m||kn(")"),this.nestingOptionsSeparator=b||",",this.maxReplaces=S||1e3,this.alwaysFormat=O!==void 0?O:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const e=(t,i)=>(t==null?void 0:t.source)===i?(t.lastIndex=0,t):new RegExp(i,"g");this.regexp=e(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=e(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=e(this.nestingRegexp,`${this.nestingPrefix}(.+?)${this.nestingSuffix}`)}interpolate(e,t,i,r){var x;let s,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},u=h=>{if(h.indexOf(this.formatSeparator)<0){const O=ml(t,l,h,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(O,void 0,i,{...r,...t,interpolationkey:h}):O}const m=h.split(this.formatSeparator),b=m.shift().trim(),S=m.join(this.formatSeparator).trim();return this.format(ml(t,l,b,this.options.keySeparator,this.options.ignoreJSONStructure),S,i,{...r,...t,interpolationkey:b})};this.resetRegExp();const p=(r==null?void 0:r.missingInterpolationHandler)||this.options.missingInterpolationHandler,g=((x=r==null?void 0:r.interpolation)==null?void 0:x.skipOnVariables)!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:h=>ro(h)},{regex:this.regexp,safeValue:h=>this.escapeValue?ro(this.escape(h)):ro(h)}].forEach(h=>{for(c=0;s=h.regex.exec(e);){const m=s[1].trim();if(a=u(m),a===void 0)if(typeof p=="function"){const S=p(e,s,r);a=X(S)?S:""}else if(r&&Object.prototype.hasOwnProperty.call(r,m))a="";else if(g){a=s[0];continue}else this.logger.warn(`missed to pass in variable ${m} for interpolating ${e}`),a="";else!X(a)&&!this.useRawValueToEscape&&(a=cl(a));const b=h.safeValue(a);if(e=e.replace(s[0],b),g?(h.regex.lastIndex+=a.length,h.regex.lastIndex-=s[0].length):h.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),e}nest(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},r,s,a;const c=(l,u)=>{const p=this.nestingOptionsSeparator;if(l.indexOf(p)<0)return l;const g=l.split(new RegExp(`${p}[ ]*{`));let _=`{${g[1]}`;l=g[0],_=this.interpolate(_,a);const x=_.match(/'/g),h=_.match(/"/g);(((x==null?void 0:x.length)??0)%2===0&&!h||h.length%2!==0)&&(_=_.replace(/'/g,'"'));try{a=JSON.parse(_),u&&(a={...u,...a})}catch(m){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,m),`${l}${p}${_}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;r=this.nestingRegexp.exec(e);){let l=[];a={...i},a=a.replace&&!X(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;let u=!1;if(r[0].indexOf(this.formatSeparator)!==-1&&!/{.*}/.test(r[1])){const p=r[1].split(this.formatSeparator).map(g=>g.trim());r[1]=p.shift(),l=p,u=!0}if(s=t(c.call(this,r[1].trim(),a),a),s&&r[0]===e&&!X(s))return s;X(s)||(s=cl(s)),s||(this.logger.warn(`missed to resolve ${r[1]} for nesting ${e}`),s=""),u&&(s=l.reduce((p,g)=>this.format(p,g,i.lng,{...i,interpolationkey:r[1].trim()}),s.trim())),e=e.replace(r[0],s),this.regexp.lastIndex=0}return e}}const Hh=n=>{let e=n.toLowerCase().trim();const t={};if(n.indexOf("(")>-1){const i=n.split("(");e=i[0].toLowerCase().trim();const r=i[1].substring(0,i[1].length-1);e==="currency"&&r.indexOf(":")<0?t.currency||(t.currency=r.trim()):e==="relativetime"&&r.indexOf(":")<0?t.range||(t.range=r.trim()):r.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),u=l.join(":").trim().replace(/^'+|'+$/g,""),p=c.trim();t[p]||(t[p]=u),u==="false"&&(t[p]=!1),u==="true"&&(t[p]=!0),isNaN(u)||(t[p]=parseInt(u,10))}})}return{formatName:e,formatOptions:t}},xn=n=>{const e={};return(t,i,r)=>{let s=r;r&&r.interpolationkey&&r.formatParams&&r.formatParams[r.interpolationkey]&&r[r.interpolationkey]&&(s={...s,[r.interpolationkey]:void 0});const a=i+JSON.stringify(s);let c=e[a];return c||(c=n(ur(i),r),e[a]=c),c(t)}};class Dh{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=gt.create("formatter"),this.options=e,this.formats={number:xn((t,i)=>{const r=new Intl.NumberFormat(t,{...i});return s=>r.format(s)}),currency:xn((t,i)=>{const r=new Intl.NumberFormat(t,{...i,style:"currency"});return s=>r.format(s)}),datetime:xn((t,i)=>{const r=new Intl.DateTimeFormat(t,{...i});return s=>r.format(s)}),relativetime:xn((t,i)=>{const r=new Intl.RelativeTimeFormat(t,{...i});return s=>r.format(s,i.range||"day")}),list:xn((t,i)=>{const r=new Intl.ListFormat(t,{...i});return s=>r.format(s)})},this.init(e)}init(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};this.formatSeparator=t.interpolation.formatSeparator||","}add(e,t){this.formats[e.toLowerCase().trim()]=t}addCached(e,t){this.formats[e.toLowerCase().trim()]=xn(t)}format(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=t.split(this.formatSeparator);if(s.length>1&&s[0].indexOf("(")>1&&s[0].indexOf(")")<0&&s.find(c=>c.indexOf(")")>-1)){const c=s.findIndex(l=>l.indexOf(")")>-1);s[0]=[s[0],...s.splice(1,c)].join(this.formatSeparator)}return s.reduce((c,l)=>{var g;const{formatName:u,formatOptions:p}=Hh(l);if(this.formats[u]){let _=c;try{const x=((g=r==null?void 0:r.formatParams)==null?void 0:g[r.interpolationkey])||{},h=x.locale||x.lng||r.locale||r.lng||i;_=this.formats[u](c,h,{...p,...r,...x})}catch(x){this.logger.warn(x)}return _}else this.logger.warn(`there was no format function for ${u}`);return c},e)}}const qh=(n,e)=>{n.pending[e]!==void 0&&(delete n.pending[e],n.pendingCount--)};class Fh extends is{constructor(e,t,i){var s,a;let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};super(),this.backend=e,this.store=t,this.services=i,this.languageUtils=i.languageUtils,this.options=r,this.logger=gt.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=r.maxParallelReads||10,this.readingCalls=0,this.maxRetries=r.maxRetries>=0?r.maxRetries:5,this.retryTimeout=r.retryTimeout>=1?r.retryTimeout:350,this.state={},this.queue=[],(a=(s=this.backend)==null?void 0:s.init)==null||a.call(s,i,r.backend,r)}queueLoad(e,t,i,r){const s={},a={},c={},l={};return e.forEach(u=>{let p=!0;t.forEach(g=>{const _=`${u}|${g}`;!i.reload&&this.store.hasResourceBundle(u,g)?this.state[_]=2:this.state[_]<0||(this.state[_]===1?a[_]===void 0&&(a[_]=!0):(this.state[_]=1,p=!1,a[_]===void 0&&(a[_]=!0),s[_]===void 0&&(s[_]=!0),l[g]===void 0&&(l[g]=!0)))}),p||(c[u]=!0)}),(Object.keys(s).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:r}),{toLoad:Object.keys(s),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(e,t,i){const r=e.split("|"),s=r[0],a=r[1];t&&this.emit("failedLoading",s,a,t),!t&&i&&this.store.addResourceBundle(s,a,i,void 0,void 0,{skipCopy:!0}),this.state[e]=t?-1:2,t&&i&&(this.state[e]=0);const c={};this.queue.forEach(l=>{jh(l.loaded,[s],a),qh(l,e),t&&l.errors.push(t),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(u=>{c[u]||(c[u]={});const p=l.loaded[u];p.length&&p.forEach(g=>{c[u][g]===void 0&&(c[u][g]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(e,t,i){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:0,s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:this.retryTimeout,a=arguments.length>5?arguments[5]:void 0;if(!e.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:e,ns:t,fcName:i,tried:r,wait:s,callback:a});return}this.readingCalls++;const c=(u,p)=>{if(this.readingCalls--,this.waitingReads.length>0){const g=this.waitingReads.shift();this.read(g.lng,g.ns,g.fcName,g.tried,g.wait,g.callback)}if(u&&p&&r<this.maxRetries){setTimeout(()=>{this.read.call(this,e,t,i,r+1,s*2,a)},s);return}a(u,p)},l=this.backend[i].bind(this.backend);if(l.length===2){try{const u=l(e,t);u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}return}return l(e,t,c)}prepareLoading(e,t){let i=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},r=arguments.length>3?arguments[3]:void 0;if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),r&&r();X(e)&&(e=this.languageUtils.toResolveHierarchy(e)),X(t)&&(t=[t]);const s=this.queueLoad(e,t,i,r);if(!s.toLoad.length)return s.pending.length||r(),null;s.toLoad.forEach(a=>{this.loadOne(a)})}load(e,t,i){this.prepareLoading(e,t,{},i)}reload(e,t,i){this.prepareLoading(e,t,{reload:!0},i)}loadOne(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"";const i=e.split("|"),r=i[0],s=i[1];this.read(r,s,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${t}loading namespace ${s} for language ${r} failed`,a),!a&&c&&this.logger.log(`${t}loaded namespace ${s} for language ${r}`,c),this.loaded(e,a,c)})}saveMissing(e,t,i,r,s){var l,u,p,g,_;let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{},c=arguments.length>6&&arguments[6]!==void 0?arguments[6]:()=>{};if((u=(l=this.services)==null?void 0:l.utils)!=null&&u.hasLoadedNamespace&&!((g=(p=this.services)==null?void 0:p.utils)!=null&&g.hasLoadedNamespace(t))){this.logger.warn(`did not save key "${i}" as the namespace "${t}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(i==null||i==="")){if((_=this.backend)!=null&&_.create){const x={...a,isUpdate:s},h=this.backend.create.bind(this.backend);if(h.length<6)try{let m;h.length===5?m=h(e,t,i,r,x):m=h(e,t,i,r),m&&typeof m.then=="function"?m.then(b=>c(null,b)).catch(c):c(null,m)}catch(m){c(m)}else h(e,t,i,r,c,x)}!e||!e[0]||this.store.addResource(e[0],t,i,r)}}}const yl=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:n=>{let e={};if(typeof n[1]=="object"&&(e=n[1]),X(n[1])&&(e.defaultValue=n[1]),X(n[2])&&(e.tDescription=n[2]),typeof n[2]=="object"||typeof n[3]=="object"){const t=n[3]||n[2];Object.keys(t).forEach(i=>{e[i]=t[i]})}return e},interpolation:{escapeValue:!0,format:n=>n,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0}}),vl=n=>{var e,t;return X(n.ns)&&(n.ns=[n.ns]),X(n.fallbackLng)&&(n.fallbackLng=[n.fallbackLng]),X(n.fallbackNS)&&(n.fallbackNS=[n.fallbackNS]),((t=(e=n.supportedLngs)==null?void 0:e.indexOf)==null?void 0:t.call(e,"cimode"))<0&&(n.supportedLngs=n.supportedLngs.concat(["cimode"])),typeof n.initImmediate=="boolean"&&(n.initAsync=n.initImmediate),n},Ji=()=>{},Kh=n=>{Object.getOwnPropertyNames(Object.getPrototypeOf(n)).forEach(t=>{typeof n[t]=="function"&&(n[t]=n[t].bind(n))})};class gi extends is{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1?arguments[1]:void 0;if(super(),this.options=vl(e),this.services={},this.logger=gt,this.modules={external:[]},Kh(this),t&&!this.isInitialized&&!e.isClone){if(!this.options.initAsync)return this.init(e,t),this;setTimeout(()=>{this.init(e,t)},0)}}init(){var e=this;let t=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},i=arguments.length>1?arguments[1]:void 0;this.isInitializing=!0,typeof t=="function"&&(i=t,t={}),!t.defaultNS&&t.defaultNS!==!1&&t.ns&&(X(t.ns)?t.defaultNS=t.ns:t.ns.indexOf("translation")<0&&(t.defaultNS=t.ns[0]));const r=yl();this.options={...r,...this.options,...vl(t)},this.options.interpolation={...r.interpolation,...this.options.interpolation},t.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=t.keySeparator),t.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=t.nsSeparator);const s=p=>p?typeof p=="function"?new p:p:null;if(!this.options.isClone){this.modules.logger?gt.init(s(this.modules.logger),this.options):gt.init(null,this.options);let p;this.modules.formatter?p=this.modules.formatter:p=Dh;const g=new hl(this.options);this.store=new pl(this.options.resources,this.options);const _=this.services;_.logger=gt,_.resourceStore=this.store,_.languageUtils=g,_.pluralResolver=new Vh(g,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),p&&(!this.options.interpolation.format||this.options.interpolation.format===r.interpolation.format)&&(_.formatter=s(p),_.formatter.init(_,this.options),this.options.interpolation.format=_.formatter.format.bind(_.formatter)),_.interpolator=new Mh(this.options),_.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},_.backendConnector=new Fh(s(this.modules.backend),_.resourceStore,_,this.options),_.backendConnector.on("*",function(x){for(var h=arguments.length,m=new Array(h>1?h-1:0),b=1;b<h;b++)m[b-1]=arguments[b];e.emit(x,...m)}),this.modules.languageDetector&&(_.languageDetector=s(this.modules.languageDetector),_.languageDetector.init&&_.languageDetector.init(_,this.options.detection,this.options)),this.modules.i18nFormat&&(_.i18nFormat=s(this.modules.i18nFormat),_.i18nFormat.init&&_.i18nFormat.init(this)),this.translator=new pr(this.services,this.options),this.translator.on("*",function(x){for(var h=arguments.length,m=new Array(h>1?h-1:0),b=1;b<h;b++)m[b-1]=arguments[b];e.emit(x,...m)}),this.modules.external.forEach(x=>{x.init&&x.init(this)})}if(this.format=this.options.interpolation.format,i||(i=Ji),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const p=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);p.length>0&&p[0]!=="dev"&&(this.options.lng=p[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(p=>{this[p]=function(){return e.store[p](...arguments)}}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(p=>{this[p]=function(){return e.store[p](...arguments),e}});const l=ni(),u=()=>{const p=(g,_)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),l.resolve(_),i(g,_)};if(this.languages&&!this.isInitialized)return p(null,this.t.bind(this));this.changeLanguage(this.options.lng,p)};return this.options.resources||!this.options.initAsync?u():setTimeout(u,0),l}loadResources(e){var s,a;let i=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ji;const r=X(e)?e:this.language;if(typeof e=="function"&&(i=e),!this.options.resources||this.options.partialBundledLanguages){if((r==null?void 0:r.toLowerCase())==="cimode"&&(!this.options.preload||this.options.preload.length===0))return i();const c=[],l=u=>{if(!u||u==="cimode")return;this.services.languageUtils.toResolveHierarchy(u).forEach(g=>{g!=="cimode"&&c.indexOf(g)<0&&c.push(g)})};r?l(r):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(p=>l(p)),(a=(s=this.options.preload)==null?void 0:s.forEach)==null||a.call(s,u=>l(u)),this.services.backendConnector.load(c,this.options.ns,u=>{!u&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),i(u)})}else i(null)}reloadResources(e,t,i){const r=ni();return typeof e=="function"&&(i=e,e=void 0),typeof t=="function"&&(i=t,t=void 0),e||(e=this.languages),t||(t=this.options.ns),i||(i=Ji),this.services.backendConnector.reload(e,t,s=>{r.resolve(),i(s)}),r}use(e){if(!e)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!e.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return e.type==="backend"&&(this.modules.backend=e),(e.type==="logger"||e.log&&e.warn&&e.error)&&(this.modules.logger=e),e.type==="languageDetector"&&(this.modules.languageDetector=e),e.type==="i18nFormat"&&(this.modules.i18nFormat=e),e.type==="postProcessor"&&xd.addPostProcessor(e),e.type==="formatter"&&(this.modules.formatter=e),e.type==="3rdParty"&&this.modules.external.push(e),this}setResolvedLanguage(e){if(!(!e||!this.languages)&&!(["cimode","dev"].indexOf(e)>-1))for(let t=0;t<this.languages.length;t++){const i=this.languages[t];if(!(["cimode","dev"].indexOf(i)>-1)&&this.store.hasLanguageSomeTranslations(i)){this.resolvedLanguage=i;break}}}changeLanguage(e,t){var i=this;this.isLanguageChangingTo=e;const r=ni();this.emit("languageChanging",e);const s=l=>{this.language=l,this.languages=this.services.languageUtils.toResolveHierarchy(l),this.resolvedLanguage=void 0,this.setResolvedLanguage(l)},a=(l,u)=>{u?(s(u),this.translator.changeLanguage(u),this.isLanguageChangingTo=void 0,this.emit("languageChanged",u),this.logger.log("languageChanged",u)):this.isLanguageChangingTo=void 0,r.resolve(function(){return i.t(...arguments)}),t&&t(l,function(){return i.t(...arguments)})},c=l=>{var p,g;!e&&!l&&this.services.languageDetector&&(l=[]);const u=X(l)?l:this.services.languageUtils.getBestMatchFromCodes(l);u&&(this.language||s(u),this.translator.language||this.translator.changeLanguage(u),(g=(p=this.services.languageDetector)==null?void 0:p.cacheUserLanguage)==null||g.call(p,u)),this.loadResources(u,_=>{a(_,u)})};return!e&&this.services.languageDetector&&!this.services.languageDetector.async?c(this.services.languageDetector.detect()):!e&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(c):this.services.languageDetector.detect(c):c(e),r}getFixedT(e,t,i){var r=this;const s=function(a,c){let l;if(typeof c!="object"){for(var u=arguments.length,p=new Array(u>2?u-2:0),g=2;g<u;g++)p[g-2]=arguments[g];l=r.options.overloadTranslationOptionHandler([a,c].concat(p))}else l={...c};l.lng=l.lng||s.lng,l.lngs=l.lngs||s.lngs,l.ns=l.ns||s.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||i||s.keyPrefix);const _=r.options.keySeparator||".";let x;return l.keyPrefix&&Array.isArray(a)?x=a.map(h=>`${l.keyPrefix}${_}${h}`):x=l.keyPrefix?`${l.keyPrefix}${_}${a}`:a,r.t(x,l)};return X(e)?s.lng=e:s.lngs=e,s.ns=t,s.keyPrefix=i,s}t(){var r;for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return(r=this.translator)==null?void 0:r.translate(...t)}exists(){var r;for(var e=arguments.length,t=new Array(e),i=0;i<e;i++)t[i]=arguments[i];return(r=this.translator)==null?void 0:r.exists(...t)}setDefaultNamespace(e){this.options.defaultNS=e}hasLoadedNamespace(e){let t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const i=t.lng||this.resolvedLanguage||this.languages[0],r=this.options?this.options.fallbackLng:!1,s=this.languages[this.languages.length-1];if(i.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const u=this.services.backendConnector.state[`${c}|${l}`];return u===-1||u===0||u===2};if(t.precheck){const c=t.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(i,e)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(i,e)&&(!r||a(s,e)))}loadNamespaces(e,t){const i=ni();return this.options.ns?(X(e)&&(e=[e]),e.forEach(r=>{this.options.ns.indexOf(r)<0&&this.options.ns.push(r)}),this.loadResources(r=>{i.resolve(),t&&t(r)}),i):(t&&t(),Promise.resolve())}loadLanguages(e,t){const i=ni();X(e)&&(e=[e]);const r=this.options.preload||[],s=e.filter(a=>r.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return s.length?(this.options.preload=r.concat(s),this.loadResources(a=>{i.resolve(),t&&t(a)}),i):(t&&t(),Promise.resolve())}dir(e){var r,s;if(e||(e=this.resolvedLanguage||(((r=this.languages)==null?void 0:r.length)>0?this.languages[0]:this.language)),!e)return"rtl";const t=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],i=((s=this.services)==null?void 0:s.languageUtils)||new hl(yl());return t.indexOf(i.getLanguagePartFromCode(e))>-1||e.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1?arguments[1]:void 0;return new gi(e,t)}cloneInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},t=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ji;const i=e.forkResourceStore;i&&delete e.forkResourceStore;const r={...this.options,...e,isClone:!0},s=new gi(r);if((e.debug!==void 0||e.prefix!==void 0)&&(s.logger=s.logger.clone(e)),["store","services","language"].forEach(c=>{s[c]=this[c]}),s.services={...this.services},s.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},i){const c=Object.keys(this.store.data).reduce((l,u)=>(l[u]={...this.store.data[u]},Object.keys(l[u]).reduce((p,g)=>(p[g]={...l[u][g]},p),{})),{});s.store=new pl(c,r),s.services.resourceStore=s.store}return s.translator=new pr(s.services,r),s.translator.on("*",function(c){for(var l=arguments.length,u=new Array(l>1?l-1:0),p=1;p<l;p++)u[p-1]=arguments[p];s.emit(c,...u)}),s.init(r,t),s.translator.options=r,s.translator.backendConnector.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},s}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const Oe=gi.createInstance();Oe.createInstance=gi.createInstance;Oe.createInstance;Oe.dir;Oe.init;Oe.loadResources;Oe.reloadResources;Oe.use;Oe.changeLanguage;Oe.getFixedT;const ue=Oe.t;Oe.exists;Oe.setDefaultNamespace;Oe.hasLoadedNamespace;Oe.loadNamespaces;Oe.loadLanguages;const qt=o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()}),Fa=o.z.object({created_at:o.z.string(),updated_at:o.z.string()}),Sd=o.z.object({email:o.z.string().optional(),email_verified:o.z.boolean().optional(),name:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),phone_number:o.z.string().optional(),phone_verified:o.z.boolean().optional(),family_name:o.z.string().optional()}).catchall(o.z.any()),Ad=o.z.object({connection:o.z.string(),user_id:o.z.string(),provider:o.z.string(),isSocial:o.z.boolean(),access_token:o.z.string().optional(),access_token_secret:o.z.string().optional(),refresh_token:o.z.string().optional(),profileData:Sd.optional()}),rs=o.z.object({email:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),nickname:o.z.string().optional(),name:o.z.string().optional(),picture:o.z.string().optional(),locale:o.z.string().optional(),linked_to:o.z.string().optional(),profileData:o.z.string().optional(),user_id:o.z.string().optional(),app_metadata:o.z.any().default({}).optional(),user_metadata:o.z.any().default({}).optional()}),fr=rs.extend({email_verified:o.z.boolean().default(!1),verify_email:o.z.boolean().optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string().optional(),provider:o.z.string().default("email"),connection:o.z.string().default("email"),is_social:o.z.boolean().optional()}),Ka=o.z.object({...fr.shape,...Fa.shape,user_id:o.z.string(),is_social:o.z.boolean(),email:o.z.string(),login_count:o.z.number(),identities:o.z.array(Ad).optional()}),ht=Ka,Wh=rs.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any()),Gh="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";let Jh=(n=21)=>{let e="",t=crypto.getRandomValues(new Uint8Array(n));for(;n--;)e+=Gh[t[n]&63];return e};const Id=o.z.object({audience:o.z.string().optional(),recipient:o.z.string().optional(),createUpnClaim:o.z.boolean().optional(),mapUnknownClaimsAsIs:o.z.boolean().optional(),passthroughClaimsWithNoMapping:o.z.boolean().optional(),mapIdentities:o.z.boolean().optional(),signatureAlgorithm:o.z.string().optional(),digestAlgorithm:o.z.string().optional(),issuer:o.z.string().optional(),destination:o.z.string().optional(),lifetimeInSeconds:o.z.number().optional(),signResponse:o.z.boolean().optional(),nameIdentifierFormat:o.z.string().optional(),nameIdentifierProbes:o.z.array(o.z.string()).optional(),authnContextClassRef:o.z.string().optional(),mappings:o.z.record(o.z.string()).optional()}),hr=o.z.object({id:o.z.string(),name:o.z.string(),callbacks:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted to use as a callback to the client after authentication."}),allowed_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level. Query strings and hash information are not taken into account when validating these URLs."}),web_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),allowed_logout_urls:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),allowed_clients:o.z.array(o.z.string()).default([]).optional().openapi({description:"Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients"}),addons:o.z.object({samlp:Id.optional()}).default({}).optional().openapi({description:"Addons associated with the client. The key is the addon's package name and the value is an object with the configuration for the addon."}),email_validation:o.z.enum(["enabled","disabled","enforced"]).default("enforced").optional().openapi({description:"Defines if it possible to sign in with an unverified email and if verification emails will be sent. This is not available in auth0"}),client_secret:o.z.string().default(()=>Jh()).optional(),disable_sign_ups:o.z.boolean().optional().default(!1).openapi({description:"Prevents users from signing up using the hosted login page. This is not available in auth0"})}),Xt=o.z.object({created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n),...hr.shape});var Ut=(n=>(n.TOKEN="token",n.TOKEN_ID_TOKEN="token id_token",n.CODE="code",n))(Ut||{}),Vt=(n=>(n.QUERY="query",n.FRAGMENT="fragment",n.FORM_POST="form_post",n.WEB_MESSAGE="web_message",n.SAML_POST="saml_post",n))(Vt||{}),ss=(n=>(n.S256="S256",n.Plain="plain",n))(ss||{});const Wa=o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),act_as:o.z.string().optional(),response_type:o.z.nativeEnum(Ut).optional(),response_mode:o.z.nativeEnum(Vt).optional(),redirect_uri:o.z.string().optional(),audience:o.z.string().optional(),state:o.z.string().optional(),nonce:o.z.string().optional(),scope:o.z.string().optional(),prompt:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(ss).optional(),code_challenge:o.z.string().optional(),username:o.z.string().optional(),ui_locales:o.z.string().optional()}),bo=o.z.object({colors:o.z.object({primary:o.z.string(),page_background:o.z.object({type:o.z.string().optional(),start:o.z.string().optional(),end:o.z.string().optional(),angle_deg:o.z.number().optional()}).optional()}).optional(),logo_url:o.z.string().optional(),favicon_url:o.z.string().optional(),font:o.z.object({url:o.z.string()}).optional()}),gr=o.z.object({id:o.z.string().optional(),name:o.z.string(),strategy:o.z.string(),options:o.z.object({kid:o.z.string().optional(),team_id:o.z.string().optional(),realms:o.z.string().optional(),client_id:o.z.string().optional(),client_secret:o.z.string().optional(),app_secret:o.z.string().optional(),scope:o.z.string().optional(),authorization_endpoint:o.z.string().default("").optional(),token_endpoint:o.z.string().default("").optional(),userinfo_endpoint:o.z.string().default("").optional(),jwks_uri:o.z.string().default("").optional(),discovery_url:o.z.string().default("").optional(),issuer:o.z.string().default("").optional()}).default({}).optional(),enabled_clients:o.z.array(o.z.string()).default([]).optional(),response_type:o.z.custom().optional(),response_mode:o.z.custom().optional()}),Bt=o.z.object({id:o.z.string(),created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n)}).extend(gr.shape),_r=o.z.object({name:o.z.string(),audience:o.z.string(),sender_email:o.z.string().email(),sender_name:o.z.string(),support_url:o.z.string().url().optional(),logo:o.z.string().url().optional(),primary_color:o.z.string().optional(),secondary_color:o.z.string().optional(),language:o.z.string().optional(),id:o.z.string().optional()}),En=o.z.object({created_at:o.z.string().transform(n=>n===null?"":n),updated_at:o.z.string().transform(n=>n===null?"":n),..._r.shape,id:o.z.string()}),Zh=o.z.object({logoUrl:o.z.string(),loginBackgroundImage:o.z.string().nullish(),style:o.z.object({primaryColor:o.z.string(),buttonTextColor:o.z.string(),primaryHoverColor:o.z.string()}),supportEmail:o.z.string().nullable(),supportUrl:o.z.string().nullable(),name:o.z.string(),showGreyishBackground:o.z.boolean().optional(),termsAndConditionsUrl:o.z.string().nullable(),companyName:o.z.string().optional(),checkoutHideSocial:o.z.boolean().optional(),siteUrl:o.z.string().nullable(),manageSubscriptionsUrl:o.z.string().optional()}),Yh=o.z.object({domain:o.z.string(),dkim_private_key:o.z.string().optional(),dkim_public_key:o.z.string().optional(),email_api_key:o.z.string().optional(),email_service:o.z.string().optional()});o.z.object({...Xt.shape,domains:o.z.array(Yh),tenant:En,connections:o.z.array(Bt)});const Ed=o.z.enum(["password_reset","email_verification","otp","authorization_code","oauth2_state","ticket"]),zd=o.z.object({code_id:o.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:o.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:o.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:Ed,code_verifier:o.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),expires_at:o.z.string(),used_at:o.z.string().optional(),user_id:o.z.string().optional()}),Xh=o.z.object({...zd.shape,created_at:o.z.string()}),$d=o.z.object({domain:o.z.string(),dkim_private_key:o.z.string().optional(),dkim_public_key:o.z.string().optional(),email_api_key:o.z.string().optional(),email_service:o.z.string().optional()}),Qh=Fa.extend({...$d.shape,id:o.z.string()}),mr=o.z.object({trigger_id:o.z.enum(["pre-user-signup","post-user-registration","post-user-login"]),enabled:o.z.boolean().default(!1),url:o.z.string(),hook_id:o.z.string().optional(),synchronous:o.z.boolean().default(!1),priority:o.z.number().optional()}),An=mr.extend({...Fa.shape,hook_id:o.z.string()}),Ga=o.z.object({alg:o.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),e:o.z.string(),kid:o.z.string(),kty:o.z.enum(["RSA","EC","oct"]),n:o.z.string(),x5t:o.z.string().optional(),x5c:o.z.array(o.z.string()).optional(),use:o.z.enum(["sig","enc"]).optional()}),Cd=o.z.object({keys:o.z.array(Ga)}),ko=o.z.object({issuer:o.z.string(),authorization_endpoint:o.z.string(),token_endpoint:o.z.string(),device_authorization_endpoint:o.z.string(),userinfo_endpoint:o.z.string(),mfa_challenge_endpoint:o.z.string(),jwks_uri:o.z.string(),registration_endpoint:o.z.string(),revocation_endpoint:o.z.string(),scopes_supported:o.z.array(o.z.string()),response_types_supported:o.z.array(o.z.string()),code_challenge_methods_supported:o.z.array(o.z.string()),response_modes_supported:o.z.array(o.z.string()),subject_types_supported:o.z.array(o.z.string()),id_token_signing_alg_values_supported:o.z.array(o.z.string()),token_endpoint_auth_methods_supported:o.z.array(o.z.string()),claims_supported:o.z.array(o.z.string()),request_uri_parameter_supported:o.z.boolean(),request_parameter_supported:o.z.boolean(),token_endpoint_auth_signing_alg_values_supported:o.z.array(o.z.string())}),jd=o.z.object({auth0Client:o.z.string().optional(),authParams:Wa,expires_at:o.z.string(),deleted_at:o.z.string().optional(),ip:o.z.string().optional(),useragent:o.z.string().optional()}).openapi({description:"This represents a login sesion"}),eg=o.z.object({...jd.shape,login_id:o.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:o.z.string(),updated_at:o.z.string()});var _e=(n=>(n.FAILED_SILENT_AUTH="fsa",n.FAILED_SIGNUP="fs",n.FAILED_LOGIN="f",n.FAILED_LOGIN_INCORRECT_PASSWORD="fp",n.FAILED_CHANGE_PASSWORD="fcp",n.FAILED_BY_CONNECTOR="fc",n.FAILED_LOGIN_INVALID_EMAIL_USERNAME="fu",n.FAILED_HOOK="fh",n.FAILED_CROSS_ORIGIN_AUTHENTICATION="fcoa",n.SUCCESS_API_OPERATION="sapi",n.SUCCESS_CHANGE_PASSWORD="scp",n.SUCCESS_CHANGE_PASSWORD_REQUEST="scpr",n.SUCCESS_CHANGE_USERNAME="scu",n.SUCCESS_CROSS_ORIGIN_AUTHENTICATION="scoa",n.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN="seacft",n.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN="serft",n.SUCCESS_LOGIN="s",n.SUCCESS_LOGOUT="slo",n.SUCCESS_SIGNUP="ss",n.SUCCESS_SILENT_AUTH="ssa",n.SUCCESS_VERIFICATION_EMAIL="sv",n.SUCCESS_VERIFICATION_EMAIL_REQUEST="svr",n.CODE_LINK_SENT="cls",n.BLOCKED_ACCOUNT_EMAIL="limit_wc",n.BLOCKED_ACCOUNT_IP="limit_sul",n.BLOCKED_IP_ADDRESS="limit_mu",n))(_e||{});const tg=o.z.enum(["cls","fsa","fs","f","fc","fcoa","fcp","fh","fp","fs","fu","s","sapi","scoa","scp","scpr","scu","seacft","serft","slo","ss","ssa","sv","svr"]),Nd=o.z.object({name:o.z.string(),version:o.z.string(),env:o.z.object({node:o.z.string().optional()}).optional()}),yr=o.z.object({type:tg,date:o.z.string(),description:o.z.string().optional(),log_id:o.z.string().optional(),_id:o.z.string().optional(),ip:o.z.string(),user_agent:o.z.string(),details:o.z.any().optional(),isMobile:o.z.boolean(),user_id:o.z.string().optional(),user_name:o.z.string().optional(),connection:o.z.string().optional(),connection_id:o.z.string().optional(),client_id:o.z.string().optional(),client_name:o.z.string().optional(),audience:o.z.string().optional(),scope:o.z.array(o.z.string()).optional(),strategy:o.z.string().optional(),strategy_type:o.z.string().optional(),hostname:o.z.string().optional(),auth0_client:Nd.optional()}),Od=o.z.object({user_id:o.z.string(),password:o.z.string(),algorithm:o.z.enum(["bcrypt","argon2id"]).default("argon2id")}),ng=o.z.object({...Od.shape,created_at:o.z.string(),updated_at:o.z.string()}),Bd=o.z.object({initial_user_agent:o.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:o.z.string().describe("First IP address associated with this session"),initial_asn:o.z.string().describe("First autonomous system number associated with this session"),last_user_agent:o.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:o.z.string().describe("Last IP address from which this user logged in"),last_asn:o.z.string().describe("Last autonomous system number from which this user logged in")}),Td=o.z.object({id:o.z.string(),revoked_at:o.z.string().optional(),used_at:o.z.string(),user_id:o.z.string().describe("The user ID associated with the session"),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),device:Bd.describe("Metadata related to the device used in the session"),clients:o.z.array(o.z.string()).describe("List of client details for the session")}),os=o.z.object({created_at:o.z.string(),updated_at:o.z.string(),authenticated_at:o.z.string(),last_interaction_at:o.z.string(),...Td.shape}),xo=o.z.object({kid:o.z.string().openapi({description:"The key id of the signing key"}),cert:o.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:o.z.string().openapi({description:"The cert fingerprint"}),thumbprint:o.z.string().openapi({description:"The cert thumbprint"}),pkcs7:o.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:o.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:o.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:o.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:o.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:o.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:o.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:o.z.string().optional().openapi({description:"The date and time when the key was revoked"})});var ci=(n=>(n.RefreshToken="refresh_token",n.AuthorizationCode="authorization_code",n.ClientCredential="client_credentials",n.Passwordless="passwordless",n.Password="password",n))(ci||{});const Rd=o.z.object({access_token:o.z.string(),id_token:o.z.string().optional(),scope:o.z.string().optional(),state:o.z.string().optional(),refresh_token:o.z.string().optional(),token_type:o.z.string(),expires_in:o.z.number()});o.z.object({code:o.z.string(),state:o.z.string().optional()});const Pd=o.z.object({button_border_radius:o.z.number(),button_border_weight:o.z.number(),buttons_style:o.z.enum(["pill"]),input_border_radius:o.z.number(),input_border_weight:o.z.number(),inputs_style:o.z.enum(["pill"]),show_widget_shadow:o.z.boolean(),widget_border_weight:o.z.number(),widget_corner_radius:o.z.number()}),Ld=o.z.object({base_focus_color:o.z.string(),base_hover_color:o.z.string(),body_text:o.z.string(),captcha_widget_theme:o.z.enum(["auto"]),error:o.z.string(),header:o.z.string(),icons:o.z.string(),input_background:o.z.string(),input_border:o.z.string(),input_filled_text:o.z.string(),input_labels_placeholders:o.z.string(),links_focused_components:o.z.string(),primary_button:o.z.string(),primary_button_label:o.z.string(),secondary_button_border:o.z.string(),secondary_button_label:o.z.string(),success:o.z.string(),widget_background:o.z.string(),widget_border:o.z.string()}),Zt=o.z.object({bold:o.z.boolean(),size:o.z.number()}),Ud=o.z.object({body_text:Zt,buttons_text:Zt,font_url:o.z.string(),input_labels:Zt,links:Zt,links_style:o.z.enum(["normal"]),reference_text_size:o.z.number(),subtitle:Zt,title:Zt}),Vd=o.z.object({background_color:o.z.string(),background_image_url:o.z.string(),page_layout:o.z.enum(["center"])}),Md=o.z.object({header_text_alignment:o.z.enum(["center"]),logo_height:o.z.number(),logo_position:o.z.enum(["center"]),logo_url:o.z.string(),social_buttons_layout:o.z.enum(["bottom"])}),Hd=o.z.object({borders:Pd,colors:Ld,displayName:o.z.string(),fonts:Ud,page_background:Vd,widget:Md}),ig=Hd.extend({themeId:o.z.string()}),tr=o.z.object({universal_login_experience:o.z.enum(["new","classic"]).default("new"),identifier_first:o.z.boolean().default(!0),password_first:o.z.boolean().default(!1),webauthn_platform_first_factor:o.z.boolean()}),nr=o.z.object({name:o.z.string(),enabled:o.z.boolean().optional().default(!0),default_from_address:o.z.string().optional(),credentials:o.z.union([o.z.object({accessKeyId:o.z.string(),secretAccessKey:o.z.string(),region:o.z.string()}),o.z.object({smtp_host:o.z.array(o.z.string()),smtp_port:o.z.number(),smtp_user:o.z.string(),smtp_pass:o.z.string()}),o.z.object({api_key:o.z.string(),domain:o.z.string().optional()}),o.z.object({connectionString:o.z.string()}),o.z.object({tenantId:o.z.string(),clientId:o.z.string(),clientSecret:o.z.string()})]),settings:o.z.object({}).optional()}),Dd=o.z.object({id:o.z.string(),session_id:o.z.string(),user_id:o.z.string(),client_id:o.z.string(),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),last_exchanged_at:o.z.string().optional(),device:Bd,resource_servers:o.z.array(o.z.object({audience:o.z.string(),scopes:o.z.string()})),rotating:o.z.boolean()}),rg=o.z.object({created_at:o.z.string(),...Dd.shape});function sg(n){const[e,t]=n.split("|");if(!e||!t)throw new Error(`Invalid user_id: ${n}`);return{connection:e,id:t}}const og=new o.OpenAPIHono().openapi(o.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:bo}},description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=await n.env.data.branding.get(e);return t?n.json(t):n.json({})}).openapi(o.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(bo.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async n=>{const{"tenant-id":e}=n.req.valid("header"),t=n.req.valid("json");return await n.env.data.branding.set(e,t),n.text("OK")});var j=class extends Error{constructor(e=500,t){super(t==null?void 0:t.message,{cause:t==null?void 0:t.cause});te(this,"res");te(this,"status");this.res=t==null?void 0:t.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}},vr=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function ag(n){return n&&n.__esModule&&Object.prototype.hasOwnProperty.call(n,"default")?n.default:n}function cg(n){if(n.__esModule)return n;var e=n.default;if(typeof e=="function"){var t=function i(){return this instanceof i?Reflect.construct(e,arguments,this.constructor):e.apply(this,arguments)};t.prototype=e.prototype}else t={};return Object.defineProperty(t,"__esModule",{value:!0}),Object.keys(n).forEach(function(i){var r=Object.getOwnPropertyDescriptor(n,i);Object.defineProperty(t,i,r.get?r:{enumerable:!0,get:function(){return n[i]}})}),t}function lg(n){throw new Error('Could not dynamically require "'+n+'". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.')}var qd={exports:{}};const ug={},dg=Object.freeze(Object.defineProperty({__proto__:null,default:ug},Symbol.toStringTag,{value:"Module"})),pg=cg(dg);(function(n){/**
  * @license bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
  * Released under the Apache License, Version 2.0
  * see: https://github.com/dcodeIO/bcrypt.js for details
@@ -146,7 +146,7 @@ PERFORMANCE OF THIS SOFTWARE.
       }};
       <\/script>
   </body>
-  </html>`;return new Response(r,{headers:{"Content-Type":"text/html"}})}async function tv(n,e,t,i,r){var _,x,h;if(!t.redirect_uri)throw new j(400,{message:"Missing redirect_uri in authParams"});const[s]=await n.env.data.keys.list();if(!s)throw new j(500,{message:"No signing key found"});if(!((_=e.addons)!=null&&_.samlp))throw new j(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=t.state||"";if(!a||!l||!i||!t.state)throw new j(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(t.state),p=new URL(t.redirect_uri),g=await nv(n,{issuer:n.env.ISSUER,audience:c||t.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((h=(x=i.app_metadata)==null?void 0:x.vimeo)==null?void 0:h.user_id)||i.user_id,email:i.email,sessionIndex:r,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return ev(p.toString(),g,u.relayState)}async function nv(n,e){const t=e.notBefore||new Date().toISOString(),i=e.notAfter||new Date(new Date(t).getTime()+10*60*1e3).toISOString(),r=e.issueInstant||t,s=e.sessionNotOnOrAfter||i,a=e.responseId||`_${Me()}`,c=e.assertionId||`_${Me()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":i,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":t,"@_NotOnOrAfter":i}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":r,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":r,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":r,"@_Version":"2.0"}}];let p=new Qy.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const _=await fetch(n.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!_.ok)throw new Error(`Failed to sign SAML response: ${_.status}`);p=await _.text()}return e.encode===!1?p:btoa(p)}const hd=["sub","iss","aud","exp","nbf","iat","jti"];async function Zc(n,e){var m,b;const{authParams:t,user:i,client:r,session_id:s}=e,c=(await n.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new j(500,{message:"No signing key available"});const u=Nm(l.pkcs7),p={aud:t.audience||"default",scope:t.scope||"",sub:(i==null?void 0:i.user_id)||t.client_id,iss:n.env.ISSUER,tenant_id:n.var.tenant_id,sid:s},g=i&&((m=t.scope)!=null&&m.split(" ").includes("openid"))?{aud:t.client_id,sub:i.user_id,iss:n.env.ISSUER,sid:s,nonce:t.nonce,given_name:i.given_name,family_name:i.family_name,nickname:i.nickname,picture:i.picture,locale:i.locale,name:i.name,email:i.email,email_verified:i.email_verified}:void 0;(b=n.env.hooks)!=null&&b.onExecuteCredentialsExchange&&await n.env.hooks.onExecuteCredentialsExchange({client:r,user:i,scope:t.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,O)=>{if(hd.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=O}},idToken:{setCustomClaim:(S,O)=>{if(hd.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);g&&(g[S]=O)}},access:{deny:S=>{throw new j(400,{message:`Access denied: ${S}`})}}});const _={includeIssuedTimestamp:!0,expiresIn:new Dc(1,"d"),headers:{kid:l.kid}},x=await cd("RS256",u,p,_),h=g?await cd("RS256",u,g,_):void 0;return{access_token:x,refresh_token:e.refresh_token,id_token:h,token_type:"Bearer",expires_in:86400}}async function iv(n,e){const{client:t,scope:i,audience:r=t.tenant.audience,session_id:s}=e;return await n.env.data.refreshTokens.create(t.tenant.id,{token:Me(),session_id:s,expires_at:new Date(Date.now()+Mc*1e3).toISOString(),user_id:e.user.user_id,resource_servers:[{audience:r,scopes:i}],rotating:!1})}async function ch(n,e){const{user:t,client:i,scope:r,audience:s}=e,a=await n.env.data.sessions.create(i.tenant.id,{id:Me(),user_id:t.user_id,client_id:i.id,expires_at:new Date(Date.now()+Mc*1e3).toISOString(),used_at:new Date().toISOString(),device:{last_ip:n.req.header("x-real-ip")||"",initial_ip:n.req.header("x-real-ip")||"",last_user_agent:n.req.header("user-agent")||"",initial_user_agent:n.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[i.id]}),c=r!=null&&r.split(" ").includes("offline_access")?await iv(n,{...e,session_id:a.id,scope:r,audience:s}):void 0;return{...a,refresh_token:c}}async function ei(n,e){var g;const{authParams:t,user:i,client:r}=e,s=be(n,{type:_e.SUCCESS_LOGIN,description:`Successful login for ${i.user_id}`,userId:i.user_id});_t(n,n.env.data.logs.create(r.tenant.id,s)),_t(n,n.env.data.users.update(r.tenant.id,i.user_id,{last_login:new Date().toISOString(),last_ip:n.req.header("x-real-ip")||"",login_count:i.login_count+1}));let a=e.refreshToken,c=e.sessionId;if(!c){const _=await ch(n,{user:i,client:r,scope:t.scope,audience:t.audience});c=_.id,a=(g=_.refresh_token)==null?void 0:g.token}if(e.authParams.response_mode===Vt.SAML_POST)return tv(n,e.client,e.authParams,i,c);const l=await Zc(n,{authParams:t,user:i,client:r,session_id:c,refresh_token:a}),u=new Headers({"set-cookie":eh(r.tenant.id,c)});if(t.response_mode===Vt.WEB_MESSAGE)return n.json(l,{headers:u});if((t.response_type||Ut.CODE)===Ut.CODE){if(!e.loginSession)throw new j(500,{message:"Login session not found"});const _=await n.env.data.codes.create(r.tenant.id,{code_id:Me(),user_id:i.user_id,code_type:"authorization_code",login_id:e.loginSession.login_id,expires_at:new Date(Date.now()+q0*1e3).toISOString()});u.set("location",`${t.redirect_uri}?state=${e.authParams.state}&code=${_.code_id}`)}return new Response("Redirecting",{status:302,headers:u})}function rv(n){return async(e,t)=>{if(!t.email||!t.email_verified)return n.users.create(e,t);const i=await Kd({userAdapter:n.users,tenant_id:e,email:t.email});return i?(await n.users.create(e,{...t,linked_to:i.user_id}),i):n.users.create(e,t)}}async function lh(n,e,t){for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)})).ok){const s=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});await t.logs.create(n.var.tenant_id,s)}}function sv(n,e){return async(t,i)=>{const{hooks:r}=await e.hooks.list(t);return await lh(n,r,{tenant_id:t,user:i,trigger_id:"post-user-registration"}),i}}function ov(n,e){return async(t,i)=>{const{hooks:r}=await e.hooks.list(t,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await lh(n,r,{tenant_id:t,email:i,trigger_id:"pre-user-signup"})}}function av(n,e){return async(t,i)=>{let r=await rv(e)(t,i);return await sv(n,e)(t,r),r}}async function cv(n,e,t,i){if(e.disable_sign_ups&&!await Kd({userAdapter:n.env.data.users,tenant_id:e.tenant.id,email:i})){const s=be(n,{type:_e.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.env.data.logs.create(e.tenant.id,s),new j(400,{message:"Signups are disabled for this client"})}await ov(n,t)(n.var.tenant_id||"",i)}function lv(n,e){return{...e,users:{...e.users,create:av(n,e)}}}async function uv(n,e,t,i){if(!i.state)throw new j(400,{message:"State not found"});const r=e.connections.find(l=>l.name===t);if(!r){n.set("client_id",e.id);const l=be(n,{type:_e.FAILED_LOGIN,description:"Connection not found"});throw await n.env.data.logs.create(e.tenant.id,l),new j(403,{message:"Connection Not Found"})}let s=await n.env.data.logins.get(e.tenant.id,i.state);s||(s=await n.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:i,...Hn(n.req)}));const c=await Yf(n,r.strategy).getRedirect(n,r);return await n.env.data.codes.create(e.tenant.id,{login_id:s.login_id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+F0*1e3).toISOString()}),n.redirect(c.redirectUrl)}async function gd(n,{code:e,state:t}){var h;const{env:i}=n,r=await i.data.codes.get(n.var.tenant_id||"",t,"oauth2_state");if(!r||!r.connection_id)throw new j(403,{message:"State not found"});const s=await i.data.logins.get(n.var.tenant_id||"",r.login_id);if(!s)throw new j(403,{message:"Session not found"});const a=await Fc(i,s.authParams.client_id);n.set("client_id",a.id),n.set("tenant_id",a.tenant.id);const c=a.connections.find(m=>m.id===r.connection_id);if(!c){const m=be(n,{type:_e.FAILED_LOGIN,description:"Connection not found"});throw await i.data.logs.create(a.tenant.id,m),new j(403,{message:"Connection not found"})}if(n.set("connection",c.name),!s.authParams.redirect_uri){const m=be(n,{type:_e.FAILED_LOGIN,description:"Redirect URI not defined"});throw await i.data.logs.create(a.tenant.id,m),new j(403,{message:"Redirect URI not defined"})}if(!Xs(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const m=`Invalid redirect URI - ${s.authParams.redirect_uri}`,b=be(n,{type:_e.FAILED_LOGIN,description:m});throw await i.data.logs.create(a.tenant.id,b),new j(403,{message:m})}const u=await Yf(n,c.strategy).validateAuthorizationCodeAndGetUser(n,c,e,r.code_verifier),{sub:p,...g}=u;n.set("user_id",p);const _=((h=u.email)==null?void 0:h.toLocaleLowerCase())||`${c.name}.${p}@${new URL(n.env.ISSUER).hostname}`;n.set("username",_);let x=await as({userAdapter:i.data.users,tenant_id:a.tenant.id,email:_,provider:c.name});if(!x){try{await cv(n,a,n.env.data,_)}catch(m){const b=m;throw new j(500,{message:`Failed to run preUserSignupHook: ${b.message}`})}x=await i.data.users.create(a.tenant.id,{user_id:`${c.name}|${p}`,email:_,name:_,provider:c.name,connection:c.name,email_verified:!0,last_ip:"",is_social:!0,last_login:new Date().toISOString(),profileData:JSON.stringify(g)}),n.set("user_id",x.user_id)}return ei(n,{client:a,authParams:s.authParams,loginSession:s,user:x})}async function _d(n,e,t,i,r,s){const a=await n.env.data.codes.get(n.var.tenant_id||"",e,"oauth2_state");if(!a)throw new j(400,{message:"State not found"});const c=await n.env.data.logins.get(n.var.tenant_id,a.login_id);if(!c)throw new j(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new j(400,{message:"Redirect uri not found"});const u=be(n,{type:_e.FAILED_LOGIN,description:`Failed connection login: ${r} ${t}, ${i}`});_t(n,n.env.data.logs.create(n.var.tenant_id,u));const p=new URL(l);return H0(p,{error:t,error_description:i,error_reason:s,error_code:r,state:c.authParams.state}),n.redirect(`${vt(n.env)}enter-email?state=${c.login_id}&error=${t}`)}const dv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{state:e,code:t,error:i,error_description:r,error_code:s,error_reason:a}=n.req.valid("query");if(i)return _d(n,e,i,r,s,a);if(!t)throw new j(400,{message:"Code is required"});return gd(n,{code:t,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{state:e,code:t,error:i,error_description:r,error_code:s,error_reason:a}=n.req.valid("form");if(i)return _d(n,e,i,r,s,a);if(!t)throw new j(400,{message:"Code is required"});return gd(n,{code:t,state:e})}),pv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async n=>{const{client_id:e,returnTo:t}=n.req.valid("query"),i=await n.env.data.clients.get(e);if(!i)return n.text("OK");const r=await n.env.data.clients.get("DEFAULT_CLIENT");n.set("client_id",e),n.set("tenant_id",i.tenant.id);const s=t||n.req.header("referer");if(!s)return n.text("OK");if(!Xs(s,[...i.allowed_logout_urls||[],...(r==null?void 0:r.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new j(400,{message:"Invalid redirect uri"});const a=n.req.header("cookie");if(a){const l=Qf(i.tenant.id,a);if(l){const u=await n.env.data.sessions.get(i.tenant.id,l);if(u){const p=await n.env.data.users.get(i.tenant.id,u.user_id);p&&(n.set("user_id",p.user_id),n.set("connection",p.connection))}await n.env.data.sessions.remove(i.tenant.id,l)}}const c=be(n,{type:_e.SUCCESS_LOGOUT,description:"User successfully logged out"});return await n.env.data.logs.create(i.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":Tm(i.tenant.id),location:s}})}),md=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),fv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:md}},description:"Userinfo"}}}),async n=>{if(!n.var.user)throw new j(404,{message:"User not found"});const e=await n.env.data.users.get(n.var.user.tenant_id,n.var.user.sub);if(!e)throw new j(404,{message:"User not found"});return n.json(md.parse({...e,sub:e.user_id}))}),hv=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:Cd}},description:"List of tenants"}}}),async n=>{const e=await n.env.data.keys.list(),t=await Promise.all(e.map(async i=>{const s=await new Vc(i.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return Ga.parse({...a,kid:i.kid})}));return n.json({keys:t},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${er}, stale-while-revalidate=${er*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:ko}},description:"List of tenants"}}}),async n=>{const e=ko.parse({issuer:ym(n.env),authorization_endpoint:`${Ie(n.env)}authorize`,token_endpoint:`${Ie(n.env)}oauth/token`,device_authorization_endpoint:`${Ie(n.env)}oauth/device/code`,userinfo_endpoint:`${Ie(n.env)}userinfo`,mfa_challenge_endpoint:`${Ie(n.env)}mfa/challenge`,jwks_uri:`${Ie(n.env)}.well-known/jwks.json`,registration_endpoint:`${Ie(n.env)}oidc/register`,revocation_endpoint:`${Ie(n.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return n.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${er}, stale-while-revalidate=${er*2}, stale-if-error=86400`}})});function cr(n,e){if(!n||!e||n.length!==e.length)return!1;let t=0;for(let i=0;i<n.length;i++)t|=n.charCodeAt(i)^e.charCodeAt(i);return t===0}const uh=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function gv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Invalid client credentials"});if(t.client_secret&&!cr(t.client_secret,e.client_secret))throw new j(403,{message:"Invalid client credentials"});const i={client_id:t.id,scope:e.scope,audience:e.audience},r=await Zc(n,{authParams:i,client:t});return n.json(r)}const _v=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(n=>"client_secret"in n&&!("code_verifier"in n)||!("client_secret"in n)&&"code_verifier"in n,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function mv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Client not found"});const i=await n.env.data.codes.get(t.tenant.id,e.code,"authorization_code");if(!i||!i.user_id)throw new j(403,{message:"Invalid client credentials"});if(new Date(i.expires_at)<new Date)throw new j(403,{message:"Code expired"});if(i.used_at)throw new j(403,{message:"Code already used"});const r=await n.env.data.logins.get(t.tenant.id,i.login_id);if(!r)throw new j(403,{message:"Invalid login"});if("client_secret"in e){const a=await n.env.data.clients.get("DEFAULT_CLIENT");if(!cr(t.client_secret,e.client_secret)&&!cr(a==null?void 0:a.client_secret,e.client_secret))throw new j(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in r.authParams&&typeof r.authParams.code_challenge_method=="string"){const a=await Om(e.code_verifier,r.authParams.code_challenge_method);if(!cr(a,r.authParams.code_challenge||""))throw new j(403,{message:"Invalid client credentials"})}if(r.authParams.redirect_uri&&r.authParams.redirect_uri!==e.redirect_uri)throw new j(403,{message:"Invalid redirect uri"});const s=await n.env.data.users.get(t.tenant.id,i.user_id);if(!s)throw new j(403,{message:"User not found"});return await n.env.data.codes.used(t.tenant.id,e.code),ei(n,{user:s,client:t,loginSession:r,authParams:{...r.authParams,response_mode:Vt.WEB_MESSAGE}})}const yv=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function vv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Client not found"});const i=await n.env.data.refreshTokens.get(t.tenant.id,e.refresh_token);if(i){if(i.expires_at&&new Date(i.expires_at)<new Date)throw new j(403,{message:"Refresh token expired"})}else throw new j(403,{message:"Invalid refresh token"});const r=await n.env.data.sessions.get(t.tenant.id,i.session_id);if(!r)throw new j(403,{message:"Session not found"});const s=await n.env.data.users.get(t.tenant.id,r.user_id);if(!s)throw new j(403,{message:"User not found"});const a=i.resource_servers[0];return ei(n,{user:s,client:t,refreshToken:i.token,sessionId:r.id,authParams:{client_id:t.id,audience:a==null?void 0:a.audience,scope:a==null?void 0:a.scopes,response_mode:Vt.WEB_MESSAGE}})}const yd=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),wv=o.z.union([uh.extend(yd.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...yd.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()})]);function bv(n){if(!n)return{};const[e,t]=n.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&t){const[i,r]=atob(t).split(":");return{client_id:i,client_secret:r}}return{}}const kv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:wv}}}},responses:{200:{content:{"application/json":{schema:Rd}},description:"Tokens"}}}),async n=>{const e=n.req.valid("form"),t=bv(n.req.header("Authorization")),i={...e,...t};if(!i.client_id)throw new j(400,{message:"client_id is required"});switch(e.grant_type){case ci.AuthorizationCode:return mv(n,_v.parse(i));case ci.ClientCredential:return gv(n,uh.parse(i));case ci.RefreshToken:return vv(n,yv.parse(i));default:throw new j(400,{message:"Not implemented"})}});var Yc={exports:{}};const Xc=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],dh=(n,e=Xc,t="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let i=n||"";e[0].minDiversity=0,e[0].minLength=0;const r=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];t&&r.push({regex:`[${t}]`,message:"symbol"});let s={};s.contains=r.filter(c=>new RegExp(`${c.regex}`).test(i)).map(c=>c.message),s.length=i.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};Yc.exports={passwordStrength:dh,defaultOptions:Xc};var xv=Yc.exports.passwordStrength=dh;Yc.exports.defaultOptions=Xc;function Sv(n){return xv(n).id<2?!1:n.length>=8&&/[a-z]/.test(n)&&/[A-Z]/.test(n)&&/[0-9]/.test(n)&&/[^A-Za-z0-9]/.test(n)}async function eo(n,e){var r;const t=await n.env.data.emailProviders.get(n.var.tenant_id)||(n.env.DEFAULT_TENANT_ID?await n.env.data.emailProviders.get(n.env.DEFAULT_TENANT_ID):null);if(!t)throw new j(500,{message:"Email provider not found"});const i=(r=n.env.emailProviders)==null?void 0:r[t.name];if(!i)throw new j(500,{message:"Email provider not found"});await i({emailProvider:t,...e,from:t.default_from_address||`login@${n.env.ISSUER}`})}async function Av(n,e,t,i){const r=await n.env.data.tenants.get(n.var.tenant_id);if(!r)throw new j(500,{message:"Tenant not found"});const s=`${vt(n.env)}reset-password?state=${i}&code=${t}`,a={vendorName:r.name,lng:r.language||"en"};await eo(n,{to:e,subject:"Reset your password",html:`Click here to reset your password: ${vt(n.env)}reset-password?state=${i}&code=${t}`,template:"auth-password-reset",data:{vendorName:r.name,logo:r.logo||"",passwordResetUrl:s,supportUrl:r.support_url||"https://support.sesamy.com",buttonColor:r.primary_color||"#7d68f4",passwordResetTitle:ue("password_reset_title",a),resetPasswordEmailClickToReset:ue("reset_password_email_click_to_reset",a),resetPasswordEmailReset:ue("reset_password_email_reset",a),supportInfo:ue("support_info",a),contactUs:ue("contact_us",a),copyright:ue("copyright",a)}})}async function Iv(n,e,t){const i=await n.env.data.tenants.get(n.var.tenant_id);if(!i)throw new j(500,{message:"Tenant not found"});const r={vendorName:i.name,code:t,lng:i.language||"en"};await eo(n,{to:e,subject:ue("code_email_subject",r),html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-link",data:{code:t,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:`${Ie(n.env)}passwordless/verify_redirect?ticket=${t}`,buttonColor:i.primary_color||"",welcomeToYourAccount:ue("welcome_to_your_account",r),linkEmailClickToLogin:ue("link_email_click_to_login",r),linkEmailLogin:ue("link_email_login",r),linkEmailOrEnterCode:ue("link_email_or_enter_code",r),codeValid30Mins:ue("code_valid_30_minutes",r),supportInfo:ue("support_info",r),contactUs:ue("contact_us",r),copyright:ue("copyright",r)}});const s=be(n,{type:_e.CODE_LINK_SENT,description:e});_t(n,n.env.data.logs.create(i.id,s))}async function ph(n,e,t){const i=await n.env.data.tenants.get(n.var.tenant_id);if(!i)throw new j(500,{message:"Tenant not found"});const r={vendorName:i.name,code:t,lng:i.language||"en"};await eo(n,{to:e,subject:ue("code_email_subject",r),html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-link",data:{code:t,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:`${Ie(n.env)}passwordless/verify_redirect?ticket=${t}`,buttonColor:i.primary_color||"",welcomeToYourAccount:ue("welcome_to_your_account",r),linkEmailClickToLogin:ue("link_email_click_to_login",r),linkEmailLogin:ue("link_email_login",r),linkEmailOrEnterCode:ue("link_email_or_enter_code",r),codeValid30Mins:ue("code_valid_30_minutes",r),supportInfo:ue("support_info",r),contactUs:ue("contact_us",r),copyright:ue("copyright",r)}});const s=be(n,{type:_e.CODE_LINK_SENT,description:e});_t(n,n.env.data.logs.create(i.id,s))}async function fh(n,e){const t=await n.env.data.tenants.get(n.var.tenant_id);if(!t)throw new j(500,{message:"Tenant not found"});const i={vendorName:t.name,lng:t.language||"en"};await eo(n,{to:e.email,subject:"Validate your email address",html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-verify-email",data:{vendorName:t.name,logo:t.logo||"",emailValidationUrl:`${vt(n.env)}validate-email`,supportUrl:t.support_url||"https://support.sesamy.com",buttonColor:t.primary_color||"#7d68f4",welcomeToYourAccount:ue("welcome_to_your_account",i),verifyEmailVerify:ue("verify_email_verify",i),supportInfo:ue("support_info",i),contactUs:ue("contact_us",i),copyright:ue("copyright",i)}})}const Ev=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(n=>n.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async n=>{const{email:e,password:t,client_id:i}=n.req.valid("json"),r=await n.env.data.clients.get(i);if(!r)throw new j(400,{message:"Client not found"});if(n.set("client_id",r.id),n.set("tenant_id",r.tenant.id),!Sv(t))throw new j(400,{message:"Password does not meet the requirements"});if(await as({userAdapter:n.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))throw new j(400,{message:"Invalid sign up"});const a=await n.env.data.users.create(r.tenant.id,{user_id:`auth2|${Za()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});n.set("user_id",a.user_id),n.set("username",a.email),n.set("connection",a.connection);const c=await Ja.hash(t,10);await n.env.data.passwords.create(r.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await fh(n,a);const l=be(n,{type:_e.SUCCESS_SIGNUP,description:"Successful signup"});return await n.env.data.logs.create(r.tenant.id,l),n.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(n=>n.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{email:e,client_id:t}=n.req.valid("json"),i=await n.env.data.clients.get(t);if(!i)throw new j(400,{message:"Client not found"});if(n.set("client_id",i.id),n.set("tenant_id",i.tenant.id),!await Ya({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))return n.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:t,username:e},a=await n.env.data.logins.create(i.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:s,...Hn(n.req)});return await Av(n,e,a.login_id,a.authParams.state),n.html("If an account with that email exists, we've sent instructions to reset your password.")});function hh(){const n="1234567890";let e="";for(let t=0;t<6;t+=1)e+=n[Math.floor(Math.random()*10)];return e.toString()}const zv=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.string(),email:o.z.string().transform(n=>n.toLowerCase()),send:o.z.enum(["link","code"]),authParams:Wa.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async n=>{const e=n.req.valid("json"),{env:t}=n,{client_id:i,email:r,send:s,authParams:a}=e,c=await n.env.data.clients.get(i);if(!c)throw new j(400,{message:"Client not found"});n.set("client_id",c.id),n.set("tenant_id",c.tenant.id);const l=await t.data.logins.create(c.tenant.id,{authParams:{...a,client_id:i,username:r},expires_at:new Date(Date.now()+Qu).toISOString(),...Hn(n.req)}),u=await t.data.codes.create(c.tenant.id,{code_id:hh(),code_type:"otp",login_id:l.login_id,expires_at:new Date(Date.now()+Qu).toISOString()});return s==="link"?await ph(n,r,u.code_id):await Iv(n,r,u.code_id),n.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(Ut),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(n=>n.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async n=>{const{env:e}=n,{client_id:t,email:i,verification_code:r,redirect_uri:s,state:a,scope:c,audience:l,response_type:u,nonce:p}=n.req.valid("query"),g=await Fc(e,t);n.set("client_id",g.id),n.set("tenant_id",g.tenant.id),n.set("connection","email");const _=await e.data.codes.get(g.tenant.id,r,"otp");if(!_)throw new j(400,{message:"Code not found or expired"});if(_.expires_at<new Date().toISOString())throw new j(400,{message:"Code expired"});const x=await e.data.logins.get(g.tenant.id,_.login_id);if(!x||x.authParams.username!==i)throw new j(400,{message:"Code not found or expired"});const h=Hn(n.req);if(x.ip!==h.ip)return n.redirect(`${vt(n.env)}invalid-session?state=${x.login_id}`);if(!Xs(s,g.callbacks,{allowPathWildcards:!0}))throw new j(400,{message:`Invalid redirect URI - ${s}`});const m={client_id:t,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:u},b=await as({userAdapter:e.data.users,tenant_id:g.tenant.id,email:i,provider:"email"});if(!b)throw new j(400,{message:"User not found"});return ei(n,{user:b,client:g,loginSession:x,authParams:m})});class oi extends j{constructor(t,i){super(t,i);te(this,"_code");this._code=i==null?void 0:i.code}get code(){return this._code}}async function $v(n,e,t){const{env:i}=n,r=t.username;if(n.set("username",r),!r)throw new j(400,{message:"Username is required"});const s=await Ya({userAdapter:n.env.data.users,tenant_id:e.tenant.id,email:r,provider:"auth2"});if(!s){const _=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"User not found",code:"USER_NOT_FOUND"})}const a=s.linked_to?await i.data.users.get(e.tenant.id,s.linked_to):s;if(!a)throw new oi(403,{message:"User not found",code:"USER_NOT_FOUND"});n.set("connection",s.connection),n.set("user_id",a.user_id);const{password:c}=await i.data.passwords.get(e.tenant.id,s.user_id);if(!await Ja.compare(t.password,c)){const _=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await i.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${a.user_id}`})).logs.filter(_=>_.type===_e.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(_.date)>new Date(Date.now()-1e3*60*5)).length>=3){const _=be(n,{type:_e.FAILED_LOGIN,description:"Too many failed login attempts"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!s.email_verified&&e.email_validation==="enforced"){await fh(n,s);const _=be(n,{type:_e.FAILED_LOGIN,description:"Email not verified"});throw await n.env.data.logs.create(e.tenant.id,_),new oi(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const g=be(n,{type:_e.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return _t(n,n.env.data.logs.create(e.tenant.id,g)),a}function Cv(){const n=new Uint8Array(32);return crypto.getRandomValues(n),sn.encode(n,{includePadding:!1})}function vd(){return new j(403,{res:new Response(JSON.stringify({error:"access_denied",error_description:"Wrong email or verification code."}),{status:403,headers:{"Content-Type":"application/json"}}),message:"Wrong email or verification code."})}const wd=30*60*1e3,jv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(n=>n.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(n=>n.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async n=>{const e=n.req.valid("json"),{client_id:t,username:i}=e;n.set("username",i);const r=await n.env.data.clients.get(t);if(!r)throw new j(400,{message:"Client not found"});n.set("client_id",t),n.set("tenant_id",r.tenant.id);const s=i.toLocaleLowerCase();let a;if("otp"in e){const p=await n.env.data.codes.get(r.tenant.id,e.otp,"otp");if(!p)throw vd();const g=await n.env.data.logins.get(r.tenant.id,p.login_id);if(!g||g.authParams.username!==s)throw vd();a=g}else if("password"in e)await $v(n,r,{username:i,password:e.password,client_id:t}),a=await n.env.data.logins.create(r.tenant.id,{expires_at:new Date(Date.now()+wd).toISOString(),authParams:{client_id:r.id,username:s},...Hn(n.req)});else throw new j(400,{message:"Code or password required"});const c=Cv(),l=Me(12),u=await n.env.data.codes.create(r.tenant.id,{code_id:Me(),code_type:"ticket",login_id:a.login_id,expires_at:new Date(Date.now()+wd).toISOString(),code_verifier:[l,c].join("|")});return n.json({login_ticket:u.code_id,co_verifier:c,co_id:l})});function Nv(n,e){var i,r,s;if(!n||e.length===0)return!1;const t=((i=vo(n))==null?void 0:i.host)??null;if(!t)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((r=vo(a))==null?void 0:r.host)??null:c=((s=vo("https://"+a))==null?void 0:s.host)??null,t===c)return!0}return!1}function vo(n){try{return new URL(n)}catch{return null}}async function Ov({ctx:n,session:e,client:t,authParams:i,connection:r,login_hint:s}){const a=await n.env.data.logins.create(t.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:i,...Hn(n.req)});if(e&&s){const c=await n.env.data.users.get(t.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return ei(n,{client:t,loginSession:a,authParams:i,user:c,sessionId:e.id})}if(r==="email"&&s){const c=hh();return await n.env.data.codes.create(t.tenant.id,{code_id:c,code_type:"otp",login_id:a.login_id,expires_at:new Date(Date.now()+es*1e3).toISOString()}),await ph(n,s,c),n.redirect(`/u/enter-code?state=${a.login_id}`)}return e?n.redirect(`/u/check-account?state=${a.login_id}`):n.redirect(`/u/enter-email?state=${a.login_id}`)}function Bv(n){if(n==="Username-Password-Authentication")return"auth2";if(n==="email")return"email";throw new j(403,{message:"Invalid realm"})}async function Tv(n,e,t,i,r){var _;const{env:s}=n;n.set("connection",r);const a=await s.data.codes.get(e,t,"ticket");if(!a||a.used_at)throw new j(403,{message:"Ticket not found"});const c=await s.data.logins.get(e,a.login_id);if(!c||!c.authParams.username)throw new j(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new j(403,{message:"Client not found"});n.set("client_id",c.authParams.client_id),await s.data.codes.used(e,t);const u=Bv(r);let p=await as({userAdapter:s.data.users,tenant_id:e,email:c.authParams.username,provider:u});p||(p=await s.data.users.create(e,{user_id:`email|${Za()}`,email:c.authParams.username,name:c.authParams.username,provider:"email",connection:"email",email_verified:!0,is_social:!1,last_ip:"",last_login:new Date().toISOString()})),n.set("username",p.email),n.set("user_id",p.user_id);const g=await ch(n,{user:p,client:l,scope:i.scope,audience:i.audience});return ei(n,{authParams:{scope:(_=c.authParams)==null?void 0:_.scope,...i},loginSession:c,sessionId:g.id,user:p,client:l})}async function bd(n,e){return`<!DOCTYPE html>
+  </html>`;return new Response(r,{headers:{"Content-Type":"text/html"}})}async function tv(n,e,t,i,r){var _,x,h;if(!t.redirect_uri)throw new j(400,{message:"Missing redirect_uri in authParams"});const[s]=await n.env.data.keys.list();if(!s)throw new j(500,{message:"No signing key found"});if(!((_=e.addons)!=null&&_.samlp))throw new j(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=t.state||"";if(!a||!l||!i||!t.state)throw new j(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(t.state),p=new URL(t.redirect_uri),g=await nv(n,{issuer:n.env.ISSUER,audience:c||t.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((h=(x=i.app_metadata)==null?void 0:x.vimeo)==null?void 0:h.user_id)||i.user_id,email:i.email,sessionIndex:r,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return ev(p.toString(),g,u.relayState)}async function nv(n,e){const t=e.notBefore||new Date().toISOString(),i=e.notAfter||new Date(new Date(t).getTime()+10*60*1e3).toISOString(),r=e.issueInstant||t,s=e.sessionNotOnOrAfter||i,a=e.responseId||`_${Me()}`,c=e.assertionId||`_${Me()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":i,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":t,"@_NotOnOrAfter":i}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":r,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":r,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":r,"@_Version":"2.0"}}];let p=new Qy.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const _=await fetch(n.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!_.ok)throw new Error(`Failed to sign SAML response: ${_.status}`);p=await _.text()}return e.encode===!1?p:btoa(p)}const hd=["sub","iss","aud","exp","nbf","iat","jti"];async function Zc(n,e){var m,b;const{authParams:t,user:i,client:r,session_id:s}=e,c=(await n.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new j(500,{message:"No signing key available"});const u=Nm(l.pkcs7),p={aud:t.audience||"default",scope:t.scope||"",sub:(i==null?void 0:i.user_id)||t.client_id,iss:n.env.ISSUER,tenant_id:n.var.tenant_id,sid:s},g=i&&((m=t.scope)!=null&&m.split(" ").includes("openid"))?{aud:t.client_id,sub:i.user_id,iss:n.env.ISSUER,sid:s,nonce:t.nonce,given_name:i.given_name,family_name:i.family_name,nickname:i.nickname,picture:i.picture,locale:i.locale,name:i.name,email:i.email,email_verified:i.email_verified}:void 0;(b=n.env.hooks)!=null&&b.onExecuteCredentialsExchange&&await n.env.hooks.onExecuteCredentialsExchange({client:r,user:i,scope:t.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,O)=>{if(hd.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=O}},idToken:{setCustomClaim:(S,O)=>{if(hd.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);g&&(g[S]=O)}},access:{deny:S=>{throw new j(400,{message:`Access denied: ${S}`})}}});const _={includeIssuedTimestamp:!0,expiresIn:new Dc(1,"d"),headers:{kid:l.kid}},x=await cd("RS256",u,p,_),h=g?await cd("RS256",u,g,_):void 0;return{access_token:x,refresh_token:e.refresh_token,id_token:h,token_type:"Bearer",expires_in:86400}}async function iv(n,e){const{client:t,scope:i,audience:r=t.tenant.audience,session_id:s}=e;return await n.env.data.refreshTokens.create(t.tenant.id,{id:Me(),session_id:s,client_id:t.id,expires_at:new Date(Date.now()+Mc*1e3).toISOString(),user_id:e.user.user_id,device:{last_ip:"",initial_ip:"",last_user_agent:"",initial_user_agent:"",initial_asn:"",last_asn:""},resource_servers:[{audience:r,scopes:i}],rotating:!1})}async function ch(n,e){const{user:t,client:i,scope:r,audience:s}=e,a=await n.env.data.sessions.create(i.tenant.id,{id:Me(),user_id:t.user_id,expires_at:new Date(Date.now()+Mc*1e3).toISOString(),used_at:new Date().toISOString(),device:{last_ip:n.req.header("x-real-ip")||"",initial_ip:n.req.header("x-real-ip")||"",last_user_agent:n.req.header("user-agent")||"",initial_user_agent:n.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[i.id]}),c=r!=null&&r.split(" ").includes("offline_access")?await iv(n,{...e,session_id:a.id,scope:r,audience:s}):void 0;return{...a,refresh_token:c}}async function ei(n,e){var g;const{authParams:t,user:i,client:r}=e,s=be(n,{type:_e.SUCCESS_LOGIN,description:`Successful login for ${i.user_id}`,userId:i.user_id});_t(n,n.env.data.logs.create(r.tenant.id,s)),_t(n,n.env.data.users.update(r.tenant.id,i.user_id,{last_login:new Date().toISOString(),last_ip:n.req.header("x-real-ip")||"",login_count:i.login_count+1}));let a=e.refreshToken,c=e.sessionId;if(!c){const _=await ch(n,{user:i,client:r,scope:t.scope,audience:t.audience});c=_.id,a=(g=_.refresh_token)==null?void 0:g.id}if(e.authParams.response_mode===Vt.SAML_POST)return tv(n,e.client,e.authParams,i,c);const l=await Zc(n,{authParams:t,user:i,client:r,session_id:c,refresh_token:a}),u=new Headers({"set-cookie":eh(r.tenant.id,c)});if(t.response_mode===Vt.WEB_MESSAGE)return n.json(l,{headers:u});if((t.response_type||Ut.CODE)===Ut.CODE){if(!e.loginSession)throw new j(500,{message:"Login session not found"});const _=await n.env.data.codes.create(r.tenant.id,{code_id:Me(),user_id:i.user_id,code_type:"authorization_code",login_id:e.loginSession.login_id,expires_at:new Date(Date.now()+q0*1e3).toISOString()});u.set("location",`${t.redirect_uri}?state=${e.authParams.state}&code=${_.code_id}`)}return new Response("Redirecting",{status:302,headers:u})}function rv(n){return async(e,t)=>{if(!t.email||!t.email_verified)return n.users.create(e,t);const i=await Kd({userAdapter:n.users,tenant_id:e,email:t.email});return i?(await n.users.create(e,{...t,linked_to:i.user_id}),i):n.users.create(e,t)}}async function lh(n,e,t){for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify(t)})).ok){const s=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});await t.logs.create(n.var.tenant_id,s)}}function sv(n,e){return async(t,i)=>{const{hooks:r}=await e.hooks.list(t);return await lh(n,r,{tenant_id:t,user:i,trigger_id:"post-user-registration"}),i}}function ov(n,e){return async(t,i)=>{const{hooks:r}=await e.hooks.list(t,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await lh(n,r,{tenant_id:t,email:i,trigger_id:"pre-user-signup"})}}function av(n,e){return async(t,i)=>{let r=await rv(e)(t,i);return await sv(n,e)(t,r),r}}async function cv(n,e,t,i){if(e.disable_sign_ups&&!await Kd({userAdapter:n.env.data.users,tenant_id:e.tenant.id,email:i})){const s=be(n,{type:_e.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.env.data.logs.create(e.tenant.id,s),new j(400,{message:"Signups are disabled for this client"})}await ov(n,t)(n.var.tenant_id||"",i)}function lv(n,e){return{...e,users:{...e.users,create:av(n,e)}}}async function uv(n,e,t,i){if(!i.state)throw new j(400,{message:"State not found"});const r=e.connections.find(l=>l.name===t);if(!r){n.set("client_id",e.id);const l=be(n,{type:_e.FAILED_LOGIN,description:"Connection not found"});throw await n.env.data.logs.create(e.tenant.id,l),new j(403,{message:"Connection Not Found"})}let s=await n.env.data.logins.get(e.tenant.id,i.state);s||(s=await n.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:i,...Hn(n.req)}));const c=await Yf(n,r.strategy).getRedirect(n,r);return await n.env.data.codes.create(e.tenant.id,{login_id:s.login_id,code_id:c.code,code_type:"oauth2_state",connection_id:r.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+F0*1e3).toISOString()}),n.redirect(c.redirectUrl)}async function gd(n,{code:e,state:t}){var h;const{env:i}=n,r=await i.data.codes.get(n.var.tenant_id||"",t,"oauth2_state");if(!r||!r.connection_id)throw new j(403,{message:"State not found"});const s=await i.data.logins.get(n.var.tenant_id||"",r.login_id);if(!s)throw new j(403,{message:"Session not found"});const a=await Fc(i,s.authParams.client_id);n.set("client_id",a.id),n.set("tenant_id",a.tenant.id);const c=a.connections.find(m=>m.id===r.connection_id);if(!c){const m=be(n,{type:_e.FAILED_LOGIN,description:"Connection not found"});throw await i.data.logs.create(a.tenant.id,m),new j(403,{message:"Connection not found"})}if(n.set("connection",c.name),!s.authParams.redirect_uri){const m=be(n,{type:_e.FAILED_LOGIN,description:"Redirect URI not defined"});throw await i.data.logs.create(a.tenant.id,m),new j(403,{message:"Redirect URI not defined"})}if(!Xs(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const m=`Invalid redirect URI - ${s.authParams.redirect_uri}`,b=be(n,{type:_e.FAILED_LOGIN,description:m});throw await i.data.logs.create(a.tenant.id,b),new j(403,{message:m})}const u=await Yf(n,c.strategy).validateAuthorizationCodeAndGetUser(n,c,e,r.code_verifier),{sub:p,...g}=u;n.set("user_id",p);const _=((h=u.email)==null?void 0:h.toLocaleLowerCase())||`${c.name}.${p}@${new URL(n.env.ISSUER).hostname}`;n.set("username",_);let x=await as({userAdapter:i.data.users,tenant_id:a.tenant.id,email:_,provider:c.name});if(!x){try{await cv(n,a,n.env.data,_)}catch(m){const b=m;throw new j(500,{message:`Failed to run preUserSignupHook: ${b.message}`})}x=await i.data.users.create(a.tenant.id,{user_id:`${c.name}|${p}`,email:_,name:_,provider:c.name,connection:c.name,email_verified:!0,last_ip:"",is_social:!0,last_login:new Date().toISOString(),profileData:JSON.stringify(g)}),n.set("user_id",x.user_id)}return ei(n,{client:a,authParams:s.authParams,loginSession:s,user:x})}async function _d(n,e,t,i,r,s){const a=await n.env.data.codes.get(n.var.tenant_id||"",e,"oauth2_state");if(!a)throw new j(400,{message:"State not found"});const c=await n.env.data.logins.get(n.var.tenant_id,a.login_id);if(!c)throw new j(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new j(400,{message:"Redirect uri not found"});const u=be(n,{type:_e.FAILED_LOGIN,description:`Failed connection login: ${r} ${t}, ${i}`});_t(n,n.env.data.logs.create(n.var.tenant_id,u));const p=new URL(l);return H0(p,{error:t,error_description:i,error_reason:s,error_code:r,state:c.authParams.state}),n.redirect(`${vt(n.env)}enter-email?state=${c.login_id}&error=${t}`)}const dv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{state:e,code:t,error:i,error_description:r,error_code:s,error_reason:a}=n.req.valid("query");if(i)return _d(n,e,i,r,s,a);if(!t)throw new j(400,{message:"Code is required"});return gd(n,{code:t,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{state:e,code:t,error:i,error_description:r,error_code:s,error_reason:a}=n.req.valid("form");if(i)return _d(n,e,i,r,s,a);if(!t)throw new j(400,{message:"Code is required"});return gd(n,{code:t,state:e})}),pv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async n=>{const{client_id:e,returnTo:t}=n.req.valid("query"),i=await n.env.data.clients.get(e);if(!i)return n.text("OK");const r=await n.env.data.clients.get("DEFAULT_CLIENT");n.set("client_id",e),n.set("tenant_id",i.tenant.id);const s=t||n.req.header("referer");if(!s)return n.text("OK");if(!Xs(s,[...i.allowed_logout_urls||[],...(r==null?void 0:r.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new j(400,{message:"Invalid redirect uri"});const a=n.req.header("cookie");if(a){const l=Qf(i.tenant.id,a);if(l){const u=await n.env.data.sessions.get(i.tenant.id,l);if(u){const p=await n.env.data.users.get(i.tenant.id,u.user_id);p&&(n.set("user_id",p.user_id),n.set("connection",p.connection))}await n.env.data.sessions.remove(i.tenant.id,l)}}const c=be(n,{type:_e.SUCCESS_LOGOUT,description:"User successfully logged out"});return await n.env.data.logs.create(i.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":Tm(i.tenant.id),location:s}})}),md=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),fv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:md}},description:"Userinfo"}}}),async n=>{if(!n.var.user)throw new j(404,{message:"User not found"});const e=await n.env.data.users.get(n.var.user.tenant_id,n.var.user.sub);if(!e)throw new j(404,{message:"User not found"});return n.json(md.parse({...e,sub:e.user_id}))}),hv=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:Cd}},description:"List of tenants"}}}),async n=>{const e=await n.env.data.keys.list(),t=await Promise.all(e.map(async i=>{const s=await new Vc(i.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return Ga.parse({...a,kid:i.kid})}));return n.json({keys:t},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${er}, stale-while-revalidate=${er*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:ko}},description:"List of tenants"}}}),async n=>{const e=ko.parse({issuer:ym(n.env),authorization_endpoint:`${Ie(n.env)}authorize`,token_endpoint:`${Ie(n.env)}oauth/token`,device_authorization_endpoint:`${Ie(n.env)}oauth/device/code`,userinfo_endpoint:`${Ie(n.env)}userinfo`,mfa_challenge_endpoint:`${Ie(n.env)}mfa/challenge`,jwks_uri:`${Ie(n.env)}.well-known/jwks.json`,registration_endpoint:`${Ie(n.env)}oidc/register`,revocation_endpoint:`${Ie(n.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return n.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${er}, stale-while-revalidate=${er*2}, stale-if-error=86400`}})});function cr(n,e){if(!n||!e||n.length!==e.length)return!1;let t=0;for(let i=0;i<n.length;i++)t|=n.charCodeAt(i)^e.charCodeAt(i);return t===0}const uh=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function gv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Invalid client credentials"});if(t.client_secret&&!cr(t.client_secret,e.client_secret))throw new j(403,{message:"Invalid client credentials"});const i={client_id:t.id,scope:e.scope,audience:e.audience},r=await Zc(n,{authParams:i,client:t});return n.json(r)}const _v=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(n=>"client_secret"in n&&!("code_verifier"in n)||!("client_secret"in n)&&"code_verifier"in n,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function mv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Client not found"});const i=await n.env.data.codes.get(t.tenant.id,e.code,"authorization_code");if(!i||!i.user_id)throw new j(403,{message:"Invalid client credentials"});if(new Date(i.expires_at)<new Date)throw new j(403,{message:"Code expired"});if(i.used_at)throw new j(403,{message:"Code already used"});const r=await n.env.data.logins.get(t.tenant.id,i.login_id);if(!r)throw new j(403,{message:"Invalid login"});if("client_secret"in e){const a=await n.env.data.clients.get("DEFAULT_CLIENT");if(!cr(t.client_secret,e.client_secret)&&!cr(a==null?void 0:a.client_secret,e.client_secret))throw new j(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in r.authParams&&typeof r.authParams.code_challenge_method=="string"){const a=await Om(e.code_verifier,r.authParams.code_challenge_method);if(!cr(a,r.authParams.code_challenge||""))throw new j(403,{message:"Invalid client credentials"})}if(r.authParams.redirect_uri&&r.authParams.redirect_uri!==e.redirect_uri)throw new j(403,{message:"Invalid redirect uri"});const s=await n.env.data.users.get(t.tenant.id,i.user_id);if(!s)throw new j(403,{message:"User not found"});return await n.env.data.codes.used(t.tenant.id,e.code),ei(n,{user:s,client:t,loginSession:r,authParams:{...r.authParams,response_mode:Vt.WEB_MESSAGE}})}const yv=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function vv(n,e){const t=await n.env.data.clients.get(e.client_id);if(!t)throw new j(403,{message:"Client not found"});const i=await n.env.data.refreshTokens.get(t.tenant.id,e.refresh_token);if(i){if(i.expires_at&&new Date(i.expires_at)<new Date)throw new j(403,{message:"Refresh token expired"})}else throw new j(403,{message:"Invalid refresh token"});const r=await n.env.data.sessions.get(t.tenant.id,i.session_id);if(!r)throw new j(403,{message:"Session not found"});const s=await n.env.data.users.get(t.tenant.id,r.user_id);if(!s)throw new j(403,{message:"User not found"});const a=i.resource_servers[0];return ei(n,{user:s,client:t,refreshToken:i.id,sessionId:r.id,authParams:{client_id:t.id,audience:a==null?void 0:a.audience,scope:a==null?void 0:a.scopes,response_mode:Vt.WEB_MESSAGE}})}const yd=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),wv=o.z.union([uh.extend(yd.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...yd.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()})]);function bv(n){if(!n)return{};const[e,t]=n.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&t){const[i,r]=atob(t).split(":");return{client_id:i,client_secret:r}}return{}}const kv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:wv}}}},responses:{200:{content:{"application/json":{schema:Rd}},description:"Tokens"}}}),async n=>{const e=n.req.valid("form"),t=bv(n.req.header("Authorization")),i={...e,...t};if(!i.client_id)throw new j(400,{message:"client_id is required"});switch(e.grant_type){case ci.AuthorizationCode:return mv(n,_v.parse(i));case ci.ClientCredential:return gv(n,uh.parse(i));case ci.RefreshToken:return vv(n,yv.parse(i));default:throw new j(400,{message:"Not implemented"})}});var Yc={exports:{}};const Xc=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],dh=(n,e=Xc,t="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let i=n||"";e[0].minDiversity=0,e[0].minLength=0;const r=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];t&&r.push({regex:`[${t}]`,message:"symbol"});let s={};s.contains=r.filter(c=>new RegExp(`${c.regex}`).test(i)).map(c=>c.message),s.length=i.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};Yc.exports={passwordStrength:dh,defaultOptions:Xc};var xv=Yc.exports.passwordStrength=dh;Yc.exports.defaultOptions=Xc;function Sv(n){return xv(n).id<2?!1:n.length>=8&&/[a-z]/.test(n)&&/[A-Z]/.test(n)&&/[0-9]/.test(n)&&/[^A-Za-z0-9]/.test(n)}async function eo(n,e){var r;const t=await n.env.data.emailProviders.get(n.var.tenant_id)||(n.env.DEFAULT_TENANT_ID?await n.env.data.emailProviders.get(n.env.DEFAULT_TENANT_ID):null);if(!t)throw new j(500,{message:"Email provider not found"});const i=(r=n.env.emailProviders)==null?void 0:r[t.name];if(!i)throw new j(500,{message:"Email provider not found"});await i({emailProvider:t,...e,from:t.default_from_address||`login@${n.env.ISSUER}`})}async function Av(n,e,t,i){const r=await n.env.data.tenants.get(n.var.tenant_id);if(!r)throw new j(500,{message:"Tenant not found"});const s=`${vt(n.env)}reset-password?state=${i}&code=${t}`,a={vendorName:r.name,lng:r.language||"en"};await eo(n,{to:e,subject:"Reset your password",html:`Click here to reset your password: ${vt(n.env)}reset-password?state=${i}&code=${t}`,template:"auth-password-reset",data:{vendorName:r.name,logo:r.logo||"",passwordResetUrl:s,supportUrl:r.support_url||"https://support.sesamy.com",buttonColor:r.primary_color||"#7d68f4",passwordResetTitle:ue("password_reset_title",a),resetPasswordEmailClickToReset:ue("reset_password_email_click_to_reset",a),resetPasswordEmailReset:ue("reset_password_email_reset",a),supportInfo:ue("support_info",a),contactUs:ue("contact_us",a),copyright:ue("copyright",a)}})}async function Iv(n,e,t){const i=await n.env.data.tenants.get(n.var.tenant_id);if(!i)throw new j(500,{message:"Tenant not found"});const r={vendorName:i.name,code:t,lng:i.language||"en"};await eo(n,{to:e,subject:ue("code_email_subject",r),html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-link",data:{code:t,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:`${Ie(n.env)}passwordless/verify_redirect?ticket=${t}`,buttonColor:i.primary_color||"",welcomeToYourAccount:ue("welcome_to_your_account",r),linkEmailClickToLogin:ue("link_email_click_to_login",r),linkEmailLogin:ue("link_email_login",r),linkEmailOrEnterCode:ue("link_email_or_enter_code",r),codeValid30Mins:ue("code_valid_30_minutes",r),supportInfo:ue("support_info",r),contactUs:ue("contact_us",r),copyright:ue("copyright",r)}});const s=be(n,{type:_e.CODE_LINK_SENT,description:e});_t(n,n.env.data.logs.create(i.id,s))}async function ph(n,e,t){const i=await n.env.data.tenants.get(n.var.tenant_id);if(!i)throw new j(500,{message:"Tenant not found"});const r={vendorName:i.name,code:t,lng:i.language||"en"};await eo(n,{to:e,subject:ue("code_email_subject",r),html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-link",data:{code:t,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:`${Ie(n.env)}passwordless/verify_redirect?ticket=${t}`,buttonColor:i.primary_color||"",welcomeToYourAccount:ue("welcome_to_your_account",r),linkEmailClickToLogin:ue("link_email_click_to_login",r),linkEmailLogin:ue("link_email_login",r),linkEmailOrEnterCode:ue("link_email_or_enter_code",r),codeValid30Mins:ue("code_valid_30_minutes",r),supportInfo:ue("support_info",r),contactUs:ue("contact_us",r),copyright:ue("copyright",r)}});const s=be(n,{type:_e.CODE_LINK_SENT,description:e});_t(n,n.env.data.logs.create(i.id,s))}async function fh(n,e){const t=await n.env.data.tenants.get(n.var.tenant_id);if(!t)throw new j(500,{message:"Tenant not found"});const i={vendorName:t.name,lng:t.language||"en"};await eo(n,{to:e.email,subject:"Validate your email address",html:`Click here to validate your email: ${vt(n.env)}validate-email`,template:"auth-verify-email",data:{vendorName:t.name,logo:t.logo||"",emailValidationUrl:`${vt(n.env)}validate-email`,supportUrl:t.support_url||"https://support.sesamy.com",buttonColor:t.primary_color||"#7d68f4",welcomeToYourAccount:ue("welcome_to_your_account",i),verifyEmailVerify:ue("verify_email_verify",i),supportInfo:ue("support_info",i),contactUs:ue("contact_us",i),copyright:ue("copyright",i)}})}const Ev=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(n=>n.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async n=>{const{email:e,password:t,client_id:i}=n.req.valid("json"),r=await n.env.data.clients.get(i);if(!r)throw new j(400,{message:"Client not found"});if(n.set("client_id",r.id),n.set("tenant_id",r.tenant.id),!Sv(t))throw new j(400,{message:"Password does not meet the requirements"});if(await as({userAdapter:n.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))throw new j(400,{message:"Invalid sign up"});const a=await n.env.data.users.create(r.tenant.id,{user_id:`auth2|${Za()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});n.set("user_id",a.user_id),n.set("username",a.email),n.set("connection",a.connection);const c=await Ja.hash(t,10);await n.env.data.passwords.create(r.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await fh(n,a);const l=be(n,{type:_e.SUCCESS_SIGNUP,description:"Successful signup"});return await n.env.data.logs.create(r.tenant.id,l),n.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(n=>n.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async n=>{const{email:e,client_id:t}=n.req.valid("json"),i=await n.env.data.clients.get(t);if(!i)throw new j(400,{message:"Client not found"});if(n.set("client_id",i.id),n.set("tenant_id",i.tenant.id),!await Ya({userAdapter:n.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))return n.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:t,username:e},a=await n.env.data.logins.create(i.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:s,...Hn(n.req)});return await Av(n,e,a.login_id,a.authParams.state),n.html("If an account with that email exists, we've sent instructions to reset your password.")});function hh(){const n="1234567890";let e="";for(let t=0;t<6;t+=1)e+=n[Math.floor(Math.random()*10)];return e.toString()}const zv=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.string(),email:o.z.string().transform(n=>n.toLowerCase()),send:o.z.enum(["link","code"]),authParams:Wa.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async n=>{const e=n.req.valid("json"),{env:t}=n,{client_id:i,email:r,send:s,authParams:a}=e,c=await n.env.data.clients.get(i);if(!c)throw new j(400,{message:"Client not found"});n.set("client_id",c.id),n.set("tenant_id",c.tenant.id);const l=await t.data.logins.create(c.tenant.id,{authParams:{...a,client_id:i,username:r},expires_at:new Date(Date.now()+Qu).toISOString(),...Hn(n.req)}),u=await t.data.codes.create(c.tenant.id,{code_id:hh(),code_type:"otp",login_id:l.login_id,expires_at:new Date(Date.now()+Qu).toISOString()});return s==="link"?await ph(n,r,u.code_id):await Iv(n,r,u.code_id),n.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(Ut),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(n=>n.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async n=>{const{env:e}=n,{client_id:t,email:i,verification_code:r,redirect_uri:s,state:a,scope:c,audience:l,response_type:u,nonce:p}=n.req.valid("query"),g=await Fc(e,t);n.set("client_id",g.id),n.set("tenant_id",g.tenant.id),n.set("connection","email");const _=await e.data.codes.get(g.tenant.id,r,"otp");if(!_)throw new j(400,{message:"Code not found or expired"});if(_.expires_at<new Date().toISOString())throw new j(400,{message:"Code expired"});const x=await e.data.logins.get(g.tenant.id,_.login_id);if(!x||x.authParams.username!==i)throw new j(400,{message:"Code not found or expired"});const h=Hn(n.req);if(x.ip!==h.ip)return n.redirect(`${vt(n.env)}invalid-session?state=${x.login_id}`);if(!Xs(s,g.callbacks,{allowPathWildcards:!0}))throw new j(400,{message:`Invalid redirect URI - ${s}`});const m={client_id:t,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:u},b=await as({userAdapter:e.data.users,tenant_id:g.tenant.id,email:i,provider:"email"});if(!b)throw new j(400,{message:"User not found"});return ei(n,{user:b,client:g,loginSession:x,authParams:m})});class oi extends j{constructor(t,i){super(t,i);te(this,"_code");this._code=i==null?void 0:i.code}get code(){return this._code}}async function $v(n,e,t){const{env:i}=n,r=t.username;if(n.set("username",r),!r)throw new j(400,{message:"Username is required"});const s=await Ya({userAdapter:n.env.data.users,tenant_id:e.tenant.id,email:r,provider:"auth2"});if(!s){const _=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"User not found",code:"USER_NOT_FOUND"})}const a=s.linked_to?await i.data.users.get(e.tenant.id,s.linked_to):s;if(!a)throw new oi(403,{message:"User not found",code:"USER_NOT_FOUND"});n.set("connection",s.connection),n.set("user_id",a.user_id);const{password:c}=await i.data.passwords.get(e.tenant.id,s.user_id);if(!await Ja.compare(t.password,c)){const _=be(n,{type:_e.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await i.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${a.user_id}`})).logs.filter(_=>_.type===_e.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(_.date)>new Date(Date.now()-1e3*60*5)).length>=3){const _=be(n,{type:_e.FAILED_LOGIN,description:"Too many failed login attempts"});throw _t(n,n.env.data.logs.create(e.tenant.id,_)),new oi(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!s.email_verified&&e.email_validation==="enforced"){await fh(n,s);const _=be(n,{type:_e.FAILED_LOGIN,description:"Email not verified"});throw await n.env.data.logs.create(e.tenant.id,_),new oi(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const g=be(n,{type:_e.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return _t(n,n.env.data.logs.create(e.tenant.id,g)),a}function Cv(){const n=new Uint8Array(32);return crypto.getRandomValues(n),sn.encode(n,{includePadding:!1})}function vd(){return new j(403,{res:new Response(JSON.stringify({error:"access_denied",error_description:"Wrong email or verification code."}),{status:403,headers:{"Content-Type":"application/json"}}),message:"Wrong email or verification code."})}const wd=30*60*1e3,jv=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(n=>n.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(n=>n.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async n=>{const e=n.req.valid("json"),{client_id:t,username:i}=e;n.set("username",i);const r=await n.env.data.clients.get(t);if(!r)throw new j(400,{message:"Client not found"});n.set("client_id",t),n.set("tenant_id",r.tenant.id);const s=i.toLocaleLowerCase();let a;if("otp"in e){const p=await n.env.data.codes.get(r.tenant.id,e.otp,"otp");if(!p)throw vd();const g=await n.env.data.logins.get(r.tenant.id,p.login_id);if(!g||g.authParams.username!==s)throw vd();a=g}else if("password"in e)await $v(n,r,{username:i,password:e.password,client_id:t}),a=await n.env.data.logins.create(r.tenant.id,{expires_at:new Date(Date.now()+wd).toISOString(),authParams:{client_id:r.id,username:s},...Hn(n.req)});else throw new j(400,{message:"Code or password required"});const c=Cv(),l=Me(12),u=await n.env.data.codes.create(r.tenant.id,{code_id:Me(),code_type:"ticket",login_id:a.login_id,expires_at:new Date(Date.now()+wd).toISOString(),code_verifier:[l,c].join("|")});return n.json({login_ticket:u.code_id,co_verifier:c,co_id:l})});function Nv(n,e){var i,r,s;if(!n||e.length===0)return!1;const t=((i=vo(n))==null?void 0:i.host)??null;if(!t)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((r=vo(a))==null?void 0:r.host)??null:c=((s=vo("https://"+a))==null?void 0:s.host)??null,t===c)return!0}return!1}function vo(n){try{return new URL(n)}catch{return null}}async function Ov({ctx:n,session:e,client:t,authParams:i,connection:r,login_hint:s}){const a=await n.env.data.logins.create(t.tenant.id,{expires_at:new Date(Date.now()+es*1e3).toISOString(),authParams:i,...Hn(n.req)});if(e&&s){const c=await n.env.data.users.get(t.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return ei(n,{client:t,loginSession:a,authParams:i,user:c,sessionId:e.id})}if(r==="email"&&s){const c=hh();return await n.env.data.codes.create(t.tenant.id,{code_id:c,code_type:"otp",login_id:a.login_id,expires_at:new Date(Date.now()+es*1e3).toISOString()}),await ph(n,s,c),n.redirect(`/u/enter-code?state=${a.login_id}`)}return e?n.redirect(`/u/check-account?state=${a.login_id}`):n.redirect(`/u/enter-email?state=${a.login_id}`)}function Bv(n){if(n==="Username-Password-Authentication")return"auth2";if(n==="email")return"email";throw new j(403,{message:"Invalid realm"})}async function Tv(n,e,t,i,r){var _;const{env:s}=n;n.set("connection",r);const a=await s.data.codes.get(e,t,"ticket");if(!a||a.used_at)throw new j(403,{message:"Ticket not found"});const c=await s.data.logins.get(e,a.login_id);if(!c||!c.authParams.username)throw new j(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new j(403,{message:"Client not found"});n.set("client_id",c.authParams.client_id),await s.data.codes.used(e,t);const u=Bv(r);let p=await as({userAdapter:s.data.users,tenant_id:e,email:c.authParams.username,provider:u});p||(p=await s.data.users.create(e,{user_id:`email|${Za()}`,email:c.authParams.username,name:c.authParams.username,provider:"email",connection:"email",email_verified:!0,is_social:!1,last_ip:"",last_login:new Date().toISOString()})),n.set("username",p.email),n.set("user_id",p.user_id);const g=await ch(n,{user:p,client:l,scope:i.scope,audience:i.audience});return ei(n,{authParams:{scope:(_=c.authParams)==null?void 0:_.scope,...i},loginSession:c,sessionId:g.id,user:p,client:l})}async function bd(n,e){return`<!DOCTYPE html>
   <html>
   <head>

package/dist/authhero.d.ts CHANGED Viewed

@@ -2712,7 +2712,6 @@ export declare const passwordSchema: z.ZodObject<{
 export type Password = z.infer<typeof passwordSchema>;
 export declare const sessionInsertSchema: z.ZodObject<{
 	id: z.ZodString;
-	client_id: z.ZodString;
 	revoked_at: z.ZodOptional<z.ZodString>;
 	used_at: z.ZodString;
 	user_id: z.ZodString;
@@ -2744,7 +2743,6 @@ export declare const sessionInsertSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
 	user_id: string;
 	id: string;
-	client_id: string;
 	used_at: string;
 	device: {
 		last_ip: string;
@@ -2761,7 +2759,6 @@ export declare const sessionInsertSchema: z.ZodObject<{
 }, {
 	user_id: string;
 	id: string;
-	client_id: string;
 	used_at: string;
 	device: {
 		last_ip: string;
@@ -2779,7 +2776,6 @@ export declare const sessionInsertSchema: z.ZodObject<{
 export type SessionInsert = z.infer<typeof sessionInsertSchema>;
 export declare const sessionSchema: z.ZodObject<{
 	id: z.ZodString;
-	client_id: z.ZodString;
 	revoked_at: z.ZodOptional<z.ZodString>;
 	used_at: z.ZodString;
 	user_id: z.ZodString;
@@ -2817,7 +2813,6 @@ export declare const sessionSchema: z.ZodObject<{
 	updated_at: string;
 	user_id: string;
 	id: string;
-	client_id: string;
 	used_at: string;
 	device: {
 		last_ip: string;
@@ -2838,7 +2833,6 @@ export declare const sessionSchema: z.ZodObject<{
 	updated_at: string;
 	user_id: string;
 	id: string;
-	client_id: string;
 	used_at: string;
 	device: {
 		last_ip: string;
@@ -4319,13 +4313,14 @@ export declare const emailProviderSchema: z.ZodObject<{
 }>;
 export type EmailProvider = z.infer<typeof emailProviderSchema>;
 export declare const refreshTokenInsertSchema: z.ZodObject<{
-	token: z.ZodString;
+	id: z.ZodString;
 	session_id: z.ZodString;
 	user_id: z.ZodString;
+	client_id: z.ZodString;
 	expires_at: z.ZodOptional<z.ZodString>;
 	idle_expires_at: z.ZodOptional<z.ZodString>;
 	last_exchanged_at: z.ZodOptional<z.ZodString>;
-	device: z.ZodOptional<z.ZodObject<{
+	device: z.ZodObject<{
 		initial_user_agent: z.ZodString;
 		initial_ip: z.ZodString;
 		initial_asn: z.ZodString;
@@ -4346,7 +4341,7 @@ export declare const refreshTokenInsertSchema: z.ZodObject<{
 		initial_asn: string;
 		last_user_agent: string;
 		last_asn: string;
-	}>>;
+	}>;
 	resource_servers: z.ZodArray<z.ZodObject<{
 		audience: z.ZodString;
 		scopes: z.ZodString;
@@ -4360,7 +4355,16 @@ export declare const refreshTokenInsertSchema: z.ZodObject<{
 	rotating: z.ZodBoolean;
 }, "strip", z.ZodTypeAny, {
 	user_id: string;
-	token: string;
+	id: string;
+	client_id: string;
+	device: {
+		last_ip: string;
+		initial_user_agent: string;
+		initial_ip: string;
+		initial_asn: string;
+		last_user_agent: string;
+		last_asn: string;
+	};
 	session_id: string;
 	resource_servers: {
 		audience: string;
@@ -4369,18 +4373,19 @@ export declare const refreshTokenInsertSchema: z.ZodObject<{
 	rotating: boolean;
 	expires_at?: string | undefined;
 	idle_expires_at?: string | undefined;
-	device?: {
+	last_exchanged_at?: string | undefined;
+}, {
+	user_id: string;
+	id: string;
+	client_id: string;
+	device: {
 		last_ip: string;
 		initial_user_agent: string;
 		initial_ip: string;
 		initial_asn: string;
 		last_user_agent: string;
 		last_asn: string;
-	} | undefined;
-	last_exchanged_at?: string | undefined;
-}, {
-	user_id: string;
-	token: string;
+	};
 	session_id: string;
 	resource_servers: {
 		audience: string;
@@ -4389,25 +4394,18 @@ export declare const refreshTokenInsertSchema: z.ZodObject<{
 	rotating: boolean;
 	expires_at?: string | undefined;
 	idle_expires_at?: string | undefined;
-	device?: {
-		last_ip: string;
-		initial_user_agent: string;
-		initial_ip: string;
-		initial_asn: string;
-		last_user_agent: string;
-		last_asn: string;
-	} | undefined;
 	last_exchanged_at?: string | undefined;
 }>;
 export type RefreshTokenInsert = z.infer<typeof refreshTokenInsertSchema>;
 export declare const refreshTokenSchema: z.ZodObject<{
-	token: z.ZodString;
+	id: z.ZodString;
 	session_id: z.ZodString;
 	user_id: z.ZodString;
+	client_id: z.ZodString;
 	expires_at: z.ZodOptional<z.ZodString>;
 	idle_expires_at: z.ZodOptional<z.ZodString>;
 	last_exchanged_at: z.ZodOptional<z.ZodString>;
-	device: z.ZodOptional<z.ZodObject<{
+	device: z.ZodObject<{
 		initial_user_agent: z.ZodString;
 		initial_ip: z.ZodString;
 		initial_asn: z.ZodString;
@@ -4428,7 +4426,7 @@ export declare const refreshTokenSchema: z.ZodObject<{
 		initial_asn: string;
 		last_user_agent: string;
 		last_asn: string;
-	}>>;
+	}>;
 	resource_servers: z.ZodArray<z.ZodObject<{
 		audience: z.ZodString;
 		scopes: z.ZodString;
@@ -4444,7 +4442,16 @@ export declare const refreshTokenSchema: z.ZodObject<{
 }, "strip", z.ZodTypeAny, {
 	created_at: string;
 	user_id: string;
-	token: string;
+	id: string;
+	client_id: string;
+	device: {
+		last_ip: string;
+		initial_user_agent: string;
+		initial_ip: string;
+		initial_asn: string;
+		last_user_agent: string;
+		last_asn: string;
+	};
 	session_id: string;
 	resource_servers: {
 		audience: string;
@@ -4453,19 +4460,20 @@ export declare const refreshTokenSchema: z.ZodObject<{
 	rotating: boolean;
 	expires_at?: string | undefined;
 	idle_expires_at?: string | undefined;
-	device?: {
+	last_exchanged_at?: string | undefined;
+}, {
+	created_at: string;
+	user_id: string;
+	id: string;
+	client_id: string;
+	device: {
 		last_ip: string;
 		initial_user_agent: string;
 		initial_ip: string;
 		initial_asn: string;
 		last_user_agent: string;
 		last_asn: string;
-	} | undefined;
-	last_exchanged_at?: string | undefined;
-}, {
-	created_at: string;
-	user_id: string;
-	token: string;
+	};
 	session_id: string;
 	resource_servers: {
 		audience: string;
@@ -4474,14 +4482,6 @@ export declare const refreshTokenSchema: z.ZodObject<{
 	rotating: boolean;
 	expires_at?: string | undefined;
 	idle_expires_at?: string | undefined;
-	device?: {
-		last_ip: string;
-		initial_user_agent: string;
-		initial_ip: string;
-		initial_asn: string;
-		last_user_agent: string;
-		last_asn: string;
-	} | undefined;
 	last_exchanged_at?: string | undefined;
 }>;
 export type RefreshToken = z.infer<typeof refreshTokenSchema>;
@@ -4762,7 +4762,6 @@ export declare function init(config: AuthHeroConfig): {
 					updated_at: string;
 					user_id: string;
 					id: string;
-					client_id: string;
 					used_at: string;
 					device: {
 						last_ip: string;
@@ -6373,7 +6372,6 @@ export declare function init(config: AuthHeroConfig): {
 					updated_at: string;
 					user_id: string;
 					id: string;
-					client_id: string;
 					used_at: string;
 					device: {
 						last_ip: string;
@@ -6398,7 +6396,6 @@ export declare function init(config: AuthHeroConfig): {
 						updated_at: string;
 						user_id: string;
 						id: string;
-						client_id: string;
 						used_at: string;
 						device: {
 							last_ip: string;

package/dist/authhero.mjs CHANGED Viewed

@@ -1817,7 +1817,6 @@ const zh = a.enum([
   last_asn: a.string().describe("Last autonomous system number from which this user logged in")
 }), Fh = a.object({
   id: a.string(),
-  client_id: a.string(),
   revoked_at: a.string().optional(),
   used_at: a.string(),
   user_id: a.string().describe("The user ID associated with the session"),
@@ -1966,17 +1965,18 @@ const Kh = a.object({
   settings: a.object({}).optional()
 }), Xh = a.object({
   // The actual refresh token value (primary key).
-  token: a.string(),
+  id: a.string(),
   // Link to the session record
   session_id: a.string(),
   // Link to user (foreign key)
   user_id: a.string(),
+  client_id: a.string(),
   // When the refresh token expires.
   expires_at: a.string().optional(),
   idle_expires_at: a.string().optional(),
   // When the token was last used.
   last_exchanged_at: a.string().optional(),
-  device: Id.optional(),
+  device: Id,
   resource_servers: a.array(
     a.object({
       audience: a.string(),
@@ -17580,12 +17580,21 @@ async function Zy(n, e) {
   return await n.env.data.refreshTokens.create(
     t.tenant.id,
     {
-      token: qe(),
+      id: qe(),
       session_id: s,
+      client_id: t.id,
       expires_at: new Date(
         Date.now() + Lc * 1e3
       ).toISOString(),
       user_id: e.user.user_id,
+      device: {
+        last_ip: "",
+        initial_ip: "",
+        last_user_agent: "",
+        initial_user_agent: "",
+        initial_asn: "",
+        last_asn: ""
+      },
       resource_servers: [
         {
           audience: r,
@@ -17600,7 +17609,6 @@ async function Hf(n, e) {
   const { user: t, client: i, scope: r, audience: s } = e, o = await n.env.data.sessions.create(i.tenant.id, {
     id: qe(),
     user_id: t.user_id,
-    client_id: i.id,
     expires_at: new Date(Date.now() + Lc * 1e3).toISOString(),
     used_at: (/* @__PURE__ */ new Date()).toISOString(),
     device: {
@@ -17644,7 +17652,7 @@ async function ei(n, e) {
       scope: t.scope,
       audience: t.audience
     });
-    c = _.id, o = (g = _.refresh_token) == null ? void 0 : g.token;
+    c = _.id, o = (g = _.refresh_token) == null ? void 0 : g.id;
   }
   if (e.authParams.response_mode === rn.SAML_POST)
     return Gy(
@@ -18407,7 +18415,7 @@ async function pv(n, e) {
   return ei(n, {
     user: s,
     client: t,
-    refreshToken: i.token,
+    refreshToken: i.id,
     sessionId: r.id,
     authParams: {
       client_id: t.id,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.56.0",
+  "version": "0.57.0",
   "files": [
     "dist"
   ],
@@ -25,7 +25,7 @@
     "vite": "^5.4.11",
     "vite-plugin-dts": "^4.3.0",
     "vitest": "^2.1.5",
-    "@authhero/kysely-adapter": "^8.0.0"
+    "@authhero/kysely-adapter": "^8.1.0"
   },
   "dependencies": {
     "@peculiar/x509": "^1.12.3",
@@ -37,7 +37,7 @@
     "i18next": "^24.2.0",
     "nanoid": "^5.0.8",
     "oslo": "^1.2.1",
-    "@authhero/adapter-interfaces": "^0.44.0"
+    "@authhero/adapter-interfaces": "^0.45.0"
   },
   "peerDependencies": {
     "@hono/zod-openapi": "^0.18.0",