npm - authhero - Versions diffs - 0.79.0 → 0.80.0 - Mend

authhero 0.79.0 → 0.80.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/authhero.cjs CHANGED Viewed

@@ -146,7 +146,7 @@ PERFORMANCE OF THIS SOFTWARE.
 `,i=0;for(;i<n.length;)i+64<=n.length?r+=n.substr(i,64)+`\r
 `:r+=n.substr(i)+`\r
 `,i+=64;return r+=`-----END ${t} KEY-----\r
-`,r}async function rw(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return Ia(await xf(s))}const iw=1e3*60*60*24,sw=new a.OpenAPIHono().openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(Ea)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ea}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new N(404,{message:"Key not found"});return t.json(r)}).openapi(a.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+iw).toISOString()});const n=await Gc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(a.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Key not found"});const r=await Gc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),ow=new a.OpenAPIHono().openapi(a.createRoute({tags:["users"],method:"get",path:"/",request:{query:a.z.object({email:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.array(Qc)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await Lf(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),aw=nn.extend({clients:a.z.array(pn)}),cw=new a.OpenAPIHono().openapi(a.createRoute({tags:["clients"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([aw,a.z.array(pn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:o}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(a.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:pn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new N(404);return t.json(i)}).openapi(a.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new N(404,{message:"Application not found"});return t.text("OK")}).openapi(a.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(ts.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:pn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new N(404,{message:"Application not found"});return t.json(s)}).openapi(a.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(ts.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:a.z.object(pn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||qe(),client_secret:n.client_secret||qe()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});a.z.object({start:a.z.number(),limit:a.z.number(),length:a.z.number()});Gs.extend({email:a.z.string(),login_count:a.z.number(),multifactor:a.z.array(a.z.string()).optional(),last_ip:a.z.string().optional(),last_login:a.z.string().optional(),user_id:a.z.string()}).catchall(a.z.any());const lw=nn.extend({tenants:a.z.array(Hn)}),uw=new a.OpenAPIHono().openapi(a.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:Yt},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.union([a.z.array(Hn),lw])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),o=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:cr(i),q:s});return r?t.json(o):t.json(o.tenants)}).openapi(a.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Hn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new N(404);return t.json(n)}).openapi(a.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(rs.shape).partial()}}},params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(rs.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Hn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),dw=nn.extend({logs:a.z.array(ss)}),pw=new a.OpenAPIHono().openapi(a.createRoute({tags:["logs"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(ss),dw])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":o}=t.req.valid("header"),c=await t.env.data.logs.list(o,{page:e,per_page:n,include_totals:r,sort:cr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(a.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:ss}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new N(404);return t.json(r)}),fw=nn.extend({hooks:a.z.array(qn)}),hw=new a.OpenAPIHono().openapi(a.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(qn),fw])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:o}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o});return i?t.json(c):t.json(c.hooks)}).openapi(a.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(is.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:qn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(a.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()}),body:{content:{"application/json":{schema:a.z.object(is.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:qn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new N(404,{message:"Hook not found"});return t.json(i)}).openapi(a.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:qn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new N(404,{message:"Hook not found"});return t.json(r)}).openapi(a.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new N(404,{message:"Hook not found"});return t.text("OK")}),gw=nn.extend({connections:a.z.array(Dt)}),mw=new a.OpenAPIHono().openapi(a.createRoute({tags:["connections"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(Dt),gw])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:o}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o});return i?t.json(c):t.json(c.connections)}).openapi(a.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Dt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new N(404,{message:"Connection not found"});return t.text("OK")}).openapi(a.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(ns.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Dt}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new N(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new N(404,{message:"Connection not found"});return t.json(s)}).openapi(a.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(ns.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Dt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),_w=new a.OpenAPIHono().openapi(a.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ri}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Ri.parse({}))}).openapi(a.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Ri.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let wp=!1;function Cg(t){t.use(async(e,n)=>(wp||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),wp=!0),await n()))}a.z.object({alg:a.z.literal("RS256"),kty:a.z.literal("RSA"),use:a.z.literal("sig"),n:a.z.string(),e:a.z.string(),kid:a.z.string(),x5t:a.z.string(),x5c:a.z.array(a.z.string())});async function yw(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new N(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function vw(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),o=(await yw(t.env)).find(l=>l.kid===e.header.kid);if(!o)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",o,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function ww(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),o=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:o,raw:{header:e,payload:n,signature:r}}}function Ng(t){return async(e,n)=>{var i,s,o;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new N(401,{message:"Missing bearer token"});const h=ww(p);if(!h||!await vw(e,h))throw new N(403,{message:"Invalid JWT signature"});e.set("user_id",h.payload.sub),e.set("user",h.payload);const m=h.payload.permissions||[],v=((o=h.payload.scope)==null?void 0:o.split(" "))||[];if(c.length&&!(c.some(f=>m.includes(f))||c.some(f=>v.includes(f))))throw new N(403,{message:"Unauthorized"})}return await n()}}const bw=new a.OpenAPIHono().openapi(a.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new N(404,{message:"Email provider not found"});return t.json(n)}).openapi(a.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Li.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(a.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),kw=new a.OpenAPIHono().openapi(a.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Zs}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new N(404,{message:"Session not found"});return t.text("OK")}).openapi(a.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new N(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),xw=new a.OpenAPIHono().openapi(a.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:rl}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new N(404,{message:"Session not found"});return t.text("OK")}),Sw=new a.OpenAPIHono().openapi(a.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(Mn)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(a.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Mn}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new N(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(a.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(Mn.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Mn}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new N(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new N(404);return t.json(s)}).openapi(a.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(tl.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Mn}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})});function Aw(){const t=new a.OpenAPIHono;Cg(t),t.use(Ng(t));const e=t.route("/branding",Qm).route("/custom-domains",Sw).route("/email/providers",bw).route("/users",ay).route("/keys",sw).route("/users-by-email",ow).route("/clients",cw).route("/tenants",uw).route("/logs",pw).route("/hooks",hw).route("/connections",mw).route("/prompts",_w).route("/sessions",kw).route("/refresh_tokens",xw);return e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),e}function Ew(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}function Bn(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}var bp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(bp||(bp={}));var kp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(kp||(kp={}));function Iw(t){return $g(t,zw,Xr.Include)}function jg(t){return $g(t,Cw,Xr.None)}function $g(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,o=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],o+=8;for(let c=0;c<4;c++)o>=6?(r+=e[s>>o-6&63],o-=6):o>0?(r+=e[s<<6-o&63],o=0):n===Xr.Include&&(r+="=")}return r}const zw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Cw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Xr;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Xr||(Xr={}));var xp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(xp||(xp={}));class Nw{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const Sp=new Nw;function wt(t,e){return(t<<32-e|t>>>e)>>>0}function jw(t){const e=new $w;return e.update(t),e.digest()}class $w{constructor(){ee(this,"blockSize",64);ee(this,"size",32);ee(this,"blocks",new Uint8Array(64));ee(this,"currentBlockSize",0);ee(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));ee(this,"l",0n);ee(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),Sp.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)Sp.putUint32(e,this.H[n],n*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(wt(this.w[u-2],17)^wt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,h=(wt(this.w[u-15],7)^wt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+h+this.w[u-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],o=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(wt(s,6)^wt(s,11)^wt(s,25))>>>0,h=(s&o^~s&c)>>>0,m=l+p+h+Ow[u]+this.w[u]|0,v=(wt(e,2)^wt(e,13)^wt(e,22))>>>0,f=(e&n^e&r^n&r)>>>0,_=v+f|0;l=c,c=o,o=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=o+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const Ow=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class Bw{constructor(e){ee(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function Tw(t){const e=jw(new TextEncoder().encode(t));return jg(e)}function Pw(){const t=new Uint8Array(32);return crypto.getRandomValues(t),jg(t)}function Pr(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function fa(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Iw(n)}async function Ds(t){let e;try{e=await fetch(t)}catch(n){throw new Bg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Di(e.status)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);let r;try{r=Og(n)}catch{throw new Wn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Di(e.status)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);return new Bw(n)}throw e.body!==null&&await e.body.cancel(),new Di(e.status)}async function Rw(t){let e;try{e=await fetch(t)}catch(n){throw new Bg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Wn(e.status,null)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);let r;try{r=Og(n)}catch{throw new Wn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Di(e.status)}function Og(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new Lw(e,n,r,i)}class Bg extends Error{constructor(e){super("Failed to send request",{cause:e})}}class Lw extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);ee(this,"code");ee(this,"description");ee(this,"uri");ee(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Di extends Error{constructor(n){super("Unexpected error response");ee(this,"status");this.status=n}}class Wn extends Error{constructor(n,r){super("Unexpected error response body");ee(this,"status");ee(this,"data");this.status=n,this.data=r}}class eu{constructor(e,n,r){ee(this,"clientId");ee(this,"clientPassword");ee(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const o=new URL(e);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&o.searchParams.set("redirect_uri",this.redirectURI),o.searchParams.set("state",n),r===Qr.S256){const c=Tw(i);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",c)}else r===Qr.Plain&&(o.searchParams.set("code_challenge_method","plain"),o.searchParams.set("code_challenge",i));return s.length>0&&o.searchParams.set("scope",s.join(" ")),o}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Pr(e,i);if(this.clientPassword!==null){const c=fa(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Ds(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Pr(e,i);if(this.clientPassword!==null){const c=fa(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Ds(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Pr(e,r);if(this.clientPassword!==null){const s=fa(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await Rw(i)}}var Qr;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(Qr||(Qr={}));var Ap;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ap||(Ap={}));var Ep;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ep||(Ep={}));function Rr(t){return Uw(t,Vw,Hs.None)}function Uw(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,o=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],o+=8;for(let c=0;c<4;c++)o>=6?(r+=e[s>>o-6&63],o-=6):o>0?(r+=e[s<<6-o&63],o=0):n===Hs.Include&&(r+="=")}return r}const Vw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Hs;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Hs||(Hs={}));var Ip;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ip||(Ip={}));function Mw(t,e,n){const r=Rr(new TextEncoder().encode(t)),i=Rr(new TextEncoder().encode(e)),s=Rr(n);return r+"."+i+"."+s}function qw(t,e){const n=Rr(new TextEncoder().encode(t)),r=Rr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const Dw="https://appleid.apple.com/auth/authorize",Hw="https://appleid.apple.com/auth/token";class Tg{constructor(e,n,r,i,s){ee(this,"clientId");ee(this,"teamId");ee(this,"keyId");ee(this,"pkcs8PrivateKey");ee(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(Dw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Pr(Hw,n);return await Ds(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,qw(r,i)));return Mw(r,i,s)}}const Fw="https://www.facebook.com/v16.0/dialog/oauth",Kw="https://graph.facebook.com/v16.0/oauth/access_token";class Pg{constructor(e,n,r){ee(this,"clientId");ee(this,"clientSecret");ee(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(Fw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Pr(Kw,n);return await Ds(r)}}const Ww="https://accounts.google.com/o/oauth2/v2/auth",zp="https://oauth2.googleapis.com/token",Gw="https://oauth2.googleapis.com/revoke";let Rg=class{constructor(e,n,r){ee(this,"client");this.client=new eu(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(Ww,e,Qr.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(zp,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(zp,e,[])}async revokeToken(e){await this.client.revokeToken(Gw,e)}};const Wo=a.z.object({iss:a.z.string().url(),sub:a.z.string(),aud:a.z.string(),exp:a.z.number(),email:a.z.string().optional(),given_name:a.z.string().optional(),family_name:a.z.string().optional(),name:a.z.string().optional(),iat:a.z.number(),auth_time:a.z.number().optional(),nonce:a.z.string().optional(),acr:a.z.string().optional(),amr:a.z.array(a.z.string()).optional(),azp:a.z.string().optional(),at_hash:a.z.string().optional(),c_hash:a.z.string().optional()}).passthrough();Wo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function Jw(t){return t.ISSUER}function At(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function Ce(t){return t.OAUTH_API_URL||t.ISSUER}function Lg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function Zw(t,e){var l,u;const{options:n,keyArray:r}=Lg(e),i=new Tg(n.client_id,n.team_id,n.kid,r,`${Ce(t.env)}callback`),s=qe(),o=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=n.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&o.searchParams.set("response_mode","form_post"),{redirectUrl:o.href,code:s}}async function Yw(t,e,n){const{options:r,keyArray:i}=Lg(e),o=await new Tg(r.client_id,r.team_id,r.kid,i,`${Ce(t.env)}callback`).validateAuthorizationCode(n),c=sl(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Wo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Xw=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Zw,validateAuthorizationCodeAndGetUser:Yw},Symbol.toStringTag,{value:"Module"}));async function Qw(t,e){var o;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new Pg(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe();return{redirectUrl:r.createAuthorizationURL(i,((o=n.scope)==null?void 0:o.split(" "))||["email"]).href,code:i}}async function eb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new Pg(r.client_id,r.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode(n),o=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!o.ok)throw new Error("Failed to fetch user info");const c=await o.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const tb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Qw,validateAuthorizationCodeAndGetUser:eb},Symbol.toStringTag,{value:"Module"}));async function nb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Rg(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe(),s=Pw();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function rb(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const o=await new Rg(i.client_id,i.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode(n,r),c=sl(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Wo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:nb,validateAuthorizationCodeAndGetUser:rb},Symbol.toStringTag,{value:"Module"}));async function sb(t,e){var o;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new eu(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((o=n.scope)==null?void 0:o.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function ob(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new eu(r.client_id,r.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),o=sl(s.idToken());if(!o)throw new Error("Invalid ID token");const c=Wo.parse(o.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new N(400,{message:"Failed to get user from vipps"});return await l.json()}const ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:sb,validateAuthorizationCodeAndGetUser:ob},Symbol.toStringTag,{value:"Module"}));function Ug(t,e){const n=t.env.STRATEGIES||{},i={apple:Xw,facebook:tb,"google-oauth2":ib,vipps:ab,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Go(t,e){const n=await t.data.clients.get(e);if(!n)throw new N(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},o=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(h=>h.name===c.name);return l!=null&&l.options?Dt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${At(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${At(t)}info`],connections:o,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Jo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return cb(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function cb(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function lb(t,e,n,r){if(!r.state)throw new N(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=be(t,{type:me.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new N(403,{message:"Connection Not Found"})}let s=await t.env.data.logins.get(e.tenant.id,r.state);s||(s=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:r,...Bn(t.req)}));const c=await Ug(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.login_id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+x_*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Cp(t,{code:e,state:n}){var f;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new N(403,{message:"State not found"});const s=await r.data.logins.get(t.var.tenant_id||"",i.login_id);if(!s)throw new N(403,{message:"Session not found"});const o=await Go(r,s.authParams.client_id);t.set("client_id",o.id),t.set("tenant_id",o.tenant.id);const c=o.connections.find(_=>_.id===i.connection_id);if(!c){const _=be(t,{type:me.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(o.tenant.id,_),new N(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=be(t,{type:me.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(o.tenant.id,_),new N(403,{message:"Redirect URI not defined"})}if(!Jo(s.authParams.redirect_uri,o.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,w=be(t,{type:me.FAILED_LOGIN,description:_});throw await r.data.logs.create(o.tenant.id,w),new N(403,{message:_})}const u=await Ug(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...h}=u;t.set("user_id",p);const m=((f=u.email)==null?void 0:f.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const v=await no(t,{client:o,email:m,provider:c.strategy,connection:c.name,userId:p,profileData:h,isSocial:!0,ip:t.req.header("x-real-ip")});return sn(t,{client:o,authParams:s.authParams,loginSession:s,user:v})}async function Np(t,e,n,r,i,s){const o=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!o)throw new N(400,{message:"State not found"});const c=await t.env.data.logins.get(t.var.tenant_id,o.login_id);if(!c)throw new N(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new N(400,{message:"Redirect uri not found"});const u=be(t,{type:me.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});Qe(t,t.env.data.logs.create(t.var.tenant_id,u));const p=new URL(l);return Ew(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${At(t.env)}enter-email?state=${c.login_id}&error=${n}`)}const ub=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string(),code:a.z.string().optional(),scope:a.z.string().optional(),hd:a.z.string().optional(),error:a.z.string().optional(),error_description:a.z.string().optional(),error_code:a.z.string().optional(),error_reason:a.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:o}=t.req.valid("query");if(r)return Np(t,e,r,i,s,o);if(!n)throw new N(400,{message:"Code is required"});return Cp(t,{code:n,state:e})}).openapi(a.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({state:a.z.string(),code:a.z.string().optional(),scope:a.z.string().optional(),hd:a.z.string().optional(),error:a.z.string().optional(),error_description:a.z.string().optional(),error_code:a.z.string().optional(),error_reason:a.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:o}=t.req.valid("form");if(r)return Np(t,e,r,i,s,o);if(!n)throw new N(400,{message:"Code is required"});return Cp(t,{code:n,state:e})}),db=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:a.z.object({client_id:a.z.string(),returnTo:a.z.string().optional()}),header:a.z.object({cookie:a.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Jo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new N(400,{message:"Invalid redirect uri"});const o=t.req.header("cookie");if(o){const l=as(r.tenant.id,o);if(l){const u=await t.env.data.sessions.get(r.tenant.id,l);if(u){const p=await t.env.data.users.get(r.tenant.id,u.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection))}await t.env.data.sessions.remove(r.tenant.id,l)}}const c=be(t,{type:me.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":z_(r.tenant.id),location:s}})}),jp=a.z.object({sub:a.z.string(),email:a.z.string().optional(),family_name:a.z.string().optional(),given_name:a.z.string().optional(),email_verified:a.z.boolean()}),pb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:jp}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new N(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new N(404,{message:"User not found"});return t.json(jp.parse({...e,sub:e.user_id}))}),fb=new a.OpenAPIHono().openapi(a.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:cf}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new Ql(r.cert).publicKey.export(),o=await crypto.subtle.exportKey("jwk",s);return nl.parse({...o,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${Ni}, stale-while-revalidate=${Ni*2}, stale-if-error=86400`}})}).openapi(a.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Aa}},description:"List of tenants"}}}),async t=>{const e=Aa.parse({issuer:Jw(t.env),authorization_endpoint:`${Ce(t.env)}authorize`,token_endpoint:`${Ce(t.env)}oauth/token`,device_authorization_endpoint:`${Ce(t.env)}oauth/device/code`,userinfo_endpoint:`${Ce(t.env)}userinfo`,mfa_challenge_endpoint:`${Ce(t.env)}mfa/challenge`,jwks_uri:`${Ce(t.env)}.well-known/jwks.json`,registration_endpoint:`${Ce(t.env)}oidc/register`,revocation_endpoint:`${Ce(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${Ni}, stale-while-revalidate=${Ni*2}, stale-if-error=86400`}})});function Hi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Vg=a.z.object({grant_type:a.z.literal("client_credentials"),scope:a.z.string().optional(),client_secret:a.z.string(),client_id:a.z.string(),audience:a.z.string().optional()});async function hb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Invalid client credentials"});if(n.client_secret&&!Hi(n.client_secret,e.client_secret))throw new N(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await eo(t,{authParams:r,client:n});return t.json(i)}const gb=a.z.object({grant_type:a.z.literal("authorization_code"),client_id:a.z.string(),code:a.z.string(),redirect_uri:a.z.string().optional(),client_secret:a.z.string().optional(),code_verifier:a.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function mb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new N(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new N(403,{message:"Code expired"});if(r.used_at)throw new N(403,{message:"Code already used"});const i=await t.env.data.logins.get(n.tenant.id,r.login_id);if(!i)throw new N(403,{message:"Invalid login"});if("client_secret"in e){const o=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Hi(n.client_secret,e.client_secret)&&!Hi(o==null?void 0:o.client_secret,e.client_secret))throw new N(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const o=await w_(e.code_verifier,i.authParams.code_challenge_method);if(!Hi(o,i.authParams.code_challenge||""))throw new N(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new N(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new N(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),sn(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Zt.WEB_MESSAGE}})}const _b=a.z.object({grant_type:a.z.literal("refresh_token"),client_id:a.z.string(),redirect_uri:a.z.string().optional(),refresh_token:a.z.string()});async function yb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new N(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new N(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new N(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const o=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:o.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return sn(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Zt.WEB_MESSAGE}})}const $p=a.z.object({client_id:a.z.string().optional(),client_secret:a.z.string().optional()}),vb=a.z.union([Vg.extend($p.shape),a.z.object({grant_type:a.z.literal("authorization_code"),client_id:a.z.string(),code:a.z.string(),redirect_uri:a.z.string(),code_verifier:a.z.string().min(43).max(128)}),a.z.object({grant_type:a.z.literal("authorization_code"),code:a.z.string(),redirect_uri:a.z.string().optional(),...$p.shape}),a.z.object({grant_type:a.z.literal("refresh_token"),client_id:a.z.string(),refresh_token:a.z.string(),redirect_uri:a.z.string().optional()})]);function wb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const bb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:vb}}}},responses:{200:{content:{"application/json":{schema:hf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=wb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new N(400,{message:"client_id is required"});switch(e.grant_type){case jr.AuthorizationCode:return mb(t,gb.parse(r));case jr.ClientCredential:return hb(t,Vg.parse(r));case jr.RefreshToken:return yb(t,_b.parse(r));default:throw new N(400,{message:"Not implemented"})}});var tu={exports:{}};const nu=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Mg=(t,e=nu,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let o=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,o[0]),s};tu.exports={passwordStrength:Mg,defaultOptions:nu};var kb=tu.exports.passwordStrength=Mg;tu.exports.defaultOptions=nu;function ru(t){return kb(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Zo(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new N(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new N(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function qg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new N(500,{message:"Tenant not found"});const s=`${At(t.env)}reset-password?state=${r}&code=${n}`,o={vendorName:i.name,lng:i.language||"en"};await Zo(t,{to:e,subject:"Reset your password",html:`Click here to reset your password: ${At(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:de("password_reset_title",o),resetPasswordEmailClickToReset:de("reset_password_email_click_to_reset",o),resetPasswordEmailReset:de("reset_password_email_reset",o),supportInfo:de("support_info",o),contactUs:de("contact_us",o),copyright:de("copyright",o)}})}async function Dg(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new N(500,{message:"Tenant not found"});const i={vendorName:r.name,code:n,lng:r.language||"en"};await Zo(t,{to:e,subject:de("code_email_subject",i),html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",magicLink:`${Ce(t.env)}passwordless/verify_redirect?ticket=${n}`,buttonColor:r.primary_color||"",welcomeToYourAccount:de("welcome_to_your_account",i),linkEmailClickToLogin:de("link_email_click_to_login",i),linkEmailLogin:de("link_email_login",i),linkEmailOrEnterCode:de("link_email_or_enter_code",i),codeValid30Mins:de("code_valid_30_minutes",i),supportInfo:de("support_info",i),contactUs:de("contact_us",i),copyright:de("copyright",i)}});const s=be(t,{type:me.CODE_LINK_SENT,description:e});Qe(t,t.env.data.logs.create(r.id,s))}async function iu(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new N(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new N(400,{message:"redirect_uri is required"});const s=new URL(Ce(t.env));s.pathname="passwordless/verify_redirect",s.searchParams.set("verification_code",n),s.searchParams.set("connection","email"),s.searchParams.set("client_id",r.client_id),s.searchParams.set("redirect_uri",r.redirect_uri),s.searchParams.set("email",e),r.response_type&&s.searchParams.set("response_type",r.response_type),r.scope&&s.searchParams.set("scope",r.scope),r.state&&s.searchParams.set("state",r.state),r.nonce&&s.searchParams.set("nonce",r.nonce),r.code_challenge&&s.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&s.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&s.searchParams.set("audience",r.audience);const o={vendorName:i.name,code:n,lng:i.language||"en"};await Zo(t,{to:e,subject:de("code_email_subject",o),html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:s.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:de("welcome_to_your_account",o),linkEmailClickToLogin:de("link_email_click_to_login",o),linkEmailLogin:de("link_email_login",o),linkEmailOrEnterCode:de("link_email_or_enter_code",o),codeValid30Mins:de("code_valid_30_minutes",o),supportInfo:de("support_info",o),contactUs:de("contact_us",o),copyright:de("copyright",o)}});const c=be(t,{type:me.CODE_LINK_SENT,description:e});Qe(t,t.env.data.logs.create(i.id,c))}async function su(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new N(500,{message:"Tenant not found"});const r={vendorName:n.name,lng:n.language||"en"};await Zo(t,{to:e.email,subject:"Validate your email address",html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${At(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:de("welcome_to_your_account",r),verifyEmailVerify:de("verify_email_verify",r),supportInfo:de("support_info",r),contactUs:de("contact_us",r),copyright:de("copyright",r)}})}const xb=new a.OpenAPIHono().openapi(a.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.literal("Username-Password-Authentication"),email:a.z.string().transform(t=>t.toLowerCase()),password:a.z.string()})}}}},responses:{200:{content:{"application/json":{schema:a.z.object({_id:a.z.string(),email:a.z.string(),email_verified:a.z.boolean(),app_metadata:a.z.object({}),user_metadata:a.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new N(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!ru(n))throw new N(400,{message:"Password does not meet the requirements"});if(await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))throw new N(400,{message:"Invalid sign up"});const o=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Ys()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",o.user_id),t.set("username",o.email),t.set("connection",o.connection);const c=await ii.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:o.user_id,password:c,algorithm:"bcrypt"}),await su(t,o);const l=be(t,{type:me.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:o.user_id,email:o.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(a.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.literal("Username-Password-Authentication"),email:a.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new N(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await si({userAdapter:t.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},o=await t.env.data.logins.create(r.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:s,...Bn(t.req)});return await qg(t,e,o.login_id,o.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function sr(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}async function ou(t,e,n,r,i,s,o){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new N(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new N(400,{message:"Code expired"});if(l.used_at)throw new N(400,{message:"Code already used"});const u=await c.data.logins.get(e.tenant.id,l.login_id);if(!u||u.authParams.username!==r)throw new N(400,{message:"Code not found or expired"});const p=Bn(t.req);if(o&&u.ip!==p.ip)return t.redirect(`${At(t.env)}invalid-session?state=${u.login_id}`);if(n.redirect_uri&&!Jo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new N(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const h=await no(t,{client:e,email:r,provider:"email",connection:"email",isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),sn(t,{user:h,client:e,loginSession:u,authParams:n,ticketAuth:s})}const Sb=new a.OpenAPIHono().openapi(a.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.string(),email:a.z.string().transform(t=>t.toLowerCase()),send:a.z.enum(["link","code"]),authParams:el.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,email:i,send:s,authParams:o}=e,c=await t.env.data.clients.get(r);if(!c)throw new N(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=await n.data.logins.create(c.tenant.id,{authParams:{...o,client_id:r,username:i},expires_at:new Date(Date.now()+za).toISOString(),...Bn(t.req)}),u=await n.data.codes.create(c.tenant.id,{code_id:sr(),code_type:"otp",login_id:l.login_id,expires_at:new Date(Date.now()+za).toISOString()});return s==="link"?await iu(t,i,u.code_id,{...o,client_id:r}):await Dg(t,i,u.code_id),t.html("OK")}).openapi(a.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:a.z.object({scope:a.z.string(),response_type:a.z.nativeEnum(Jt),redirect_uri:a.z.string(),state:a.z.string(),nonce:a.z.string().optional(),verification_code:a.z.string(),connection:a.z.string(),client_id:a.z.string(),email:a.z.string().transform(t=>t.toLowerCase()),audience:a.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:o,scope:c,audience:l,response_type:u,nonce:p}=t.req.valid("query"),h=await Go(e,n);return t.set("client_id",h.id),t.set("tenant_id",h.tenant.id),t.set("connection","email"),ou(t,h,{client_id:n,redirect_uri:s,state:o,nonce:p,scope:c,audience:l,response_type:u},r,i,!1,!0)});class Er extends N{constructor(n,r){super(n,r);ee(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function au(t,e,n,r,i){const{env:s}=t,o=n.username;if(t.set("username",o),!o)throw new N(400,{message:"Username is required"});const c=await si({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:o,provider:"auth2"});if(!c){const f=be(t,{type:me.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new Er(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const u=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(u&&await ii.compare(n.password,u.password))){const f=be(t,{type:me.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(f=>f.type===me.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(f.date)>new Date(Date.now()-1e3*60*5)).length>=3){const f=be(t,{type:me.FAILED_LOGIN,description:"Too many failed login attempts"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await su(t,c);const f=be(t,{type:me.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,f),new Er(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const v=be(t,{type:me.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return Qe(t,t.env.data.logs.create(e.tenant.id,v)),sn(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Ab(t,e,n,r){await no(t,{client:e,email:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=sr(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=sr(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const o=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+E_).toISOString(),authParams:{client_id:e.id,username:n},...Bn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:o.login_id,expires_at:new Date(Date.now()+A_).toISOString()});await qg(t,n,c.code_id,r)}const Eb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.union([a.z.object({credential_type:a.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:a.z.string(),client_id:a.z.string(),username:a.z.string().transform(t=>t.toLowerCase()),realm:a.z.enum(["email"]),scope:a.z.string().optional()}),a.z.object({credential_type:a.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:a.z.string(),username:a.z.string().transform(t=>t.toLowerCase()),password:a.z.string(),realm:a.z.enum(["Username-Password-Authentication"]),scope:a.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new N(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return ou(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const o=await t.env.data.logins.create(i.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:{client_id:n,username:s},...Bn(t.req)});return au(t,i,{username:s,password:e.password,client_id:n},o,!0)}else throw new N(400,{message:"Code or password required"})});function Ib(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ha(t))==null?void 0:r.host)??null;if(!n)return!1;for(const o of e){let c;if(o.startsWith("http://")||o.startsWith("https://")?c=((i=ha(o))==null?void 0:i.host)??null:c=((s=ha("https://"+o))==null?void 0:s.host)??null,n===c)return!0}return!1}function ha(t){try{return new URL(t)}catch{return null}}async function zb({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const o=await t.env.data.logins.create(n.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:r,...Bn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return sn(t,{client:n,loginSession:o,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=sr();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:o.login_id,expires_at:new Date(Date.now()+Ur*1e3).toISOString()}),await iu(t,s,c,r),t.redirect(`/u/enter-code?state=${o.login_id}`)}return e?t.redirect(`/u/check-account?state=${o.login_id}`):t.redirect(`/u/enter-email?state=${o.login_id}`)}function Cb(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new N(403,{message:"Invalid realm"})}async function Nb(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const o=await s.data.codes.get(e,n,"ticket");if(!o||o.used_at)throw new N(403,{message:"Ticket not found"});const c=await s.data.logins.get(e,o.login_id);if(!c||!c.authParams.username)throw new N(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new N(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const u=Cb(i);let p=await no(t,{email:c.authParams.username,provider:u,client:l,connection:u==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email),t.set("user_id",p.user_id);const h=await Tf(t,{user:p,client:l,scope:r.scope,audience:r.audience});return sn(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:h.id,user:p,client:l})}async function Op(t,e){return`<!DOCTYPE html>
+`,r}async function rw(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return Ia(await xf(s))}const iw=1e3*60*60*24,sw=new a.OpenAPIHono().openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(Ea)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(a.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ea}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new N(404,{message:"Key not found"});return t.json(r)}).openapi(a.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+iw).toISOString()});const n=await Gc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(a.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({kid:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new N(404,{message:"Key not found"});const r=await Gc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),ow=new a.OpenAPIHono().openapi(a.createRoute({tags:["users"],method:"get",path:"/",request:{query:a.z.object({email:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.array(Qc)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await Lf(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),aw=nn.extend({clients:a.z.array(pn)}),cw=new a.OpenAPIHono().openapi(a.createRoute({tags:["clients"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([aw,a.z.array(pn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:o}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(a.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:pn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new N(404);return t.json(i)}).openapi(a.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new N(404,{message:"Application not found"});return t.text("OK")}).openapi(a.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(ts.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:pn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new N(404,{message:"Application not found"});return t.json(s)}).openapi(a.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(ts.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:a.z.object(pn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||qe(),client_secret:n.client_secret||qe()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});a.z.object({start:a.z.number(),limit:a.z.number(),length:a.z.number()});Gs.extend({email:a.z.string(),login_count:a.z.number(),multifactor:a.z.array(a.z.string()).optional(),last_ip:a.z.string().optional(),last_login:a.z.string().optional(),user_id:a.z.string()}).catchall(a.z.any());const lw=nn.extend({tenants:a.z.array(Hn)}),uw=new a.OpenAPIHono().openapi(a.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:Yt},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:a.z.union([a.z.array(Hn),lw])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),o=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:cr(i),q:s});return r?t.json(o):t.json(o.tenants)}).openapi(a.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Hn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new N(404);return t.json(n)}).openapi(a.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(rs.shape).partial()}}},params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(a.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(rs.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Hn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),dw=nn.extend({logs:a.z.array(ss)}),pw=new a.OpenAPIHono().openapi(a.createRoute({tags:["logs"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(ss),dw])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":o}=t.req.valid("header"),c=await t.env.data.logs.list(o,{page:e,per_page:n,include_totals:r,sort:cr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(a.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:ss}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new N(404);return t.json(r)}),fw=nn.extend({hooks:a.z.array(qn)}),hw=new a.OpenAPIHono().openapi(a.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(qn),fw])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:o}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o});return i?t.json(c):t.json(c.hooks)}).openapi(a.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(is.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:qn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(a.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()}),body:{content:{"application/json":{schema:a.z.object(is.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:qn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new N(404,{message:"Hook not found"});return t.json(i)}).openapi(a.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:qn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new N(404,{message:"Hook not found"});return t.json(r)}).openapi(a.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:a.z.object({"tenant-id":a.z.string()}),params:a.z.object({hook_id:a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new N(404,{message:"Hook not found"});return t.text("OK")}),gw=nn.extend({connections:a.z.array(Dt)}),mw=new a.OpenAPIHono().openapi(a.createRoute({tags:["connections"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.union([a.z.array(Dt),gw])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:o}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:cr(s),q:o});return i?t.json(c):t.json(c.connections)}).openapi(a.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Dt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new N(404,{message:"Connection not found"});return t.text("OK")}).openapi(a.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(ns.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Dt}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new N(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new N(404,{message:"Connection not found"});return t.json(s)}).openapi(a.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(ns.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Dt}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),_w=new a.OpenAPIHono().openapi(a.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ri}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Ri.parse({}))}).openapi(a.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Ri.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let wp=!1;function Cg(t){t.use(async(e,n)=>(wp||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),wp=!0),await n()))}a.z.object({alg:a.z.literal("RS256"),kty:a.z.literal("RSA"),use:a.z.literal("sig"),n:a.z.string(),e:a.z.string(),kid:a.z.string(),x5t:a.z.string(),x5c:a.z.array(a.z.string())});async function yw(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new N(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function vw(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),o=(await yw(t.env)).find(l=>l.kid===e.header.kid);if(!o)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",o,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function ww(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),o=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:o,raw:{header:e,payload:n,signature:r}}}function Ng(t){return async(e,n)=>{var i,s,o;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new N(401,{message:"Missing bearer token"});const h=ww(p);if(!h||!await vw(e,h))throw new N(403,{message:"Invalid JWT signature"});e.set("user_id",h.payload.sub),e.set("user",h.payload);const m=h.payload.permissions||[],v=((o=h.payload.scope)==null?void 0:o.split(" "))||[];if(c.length&&!(c.some(f=>m.includes(f))||c.some(f=>v.includes(f))))throw new N(403,{message:"Unauthorized"})}return await n()}}const bw=new a.OpenAPIHono().openapi(a.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new N(404,{message:"Email provider not found"});return t.json(n)}).openapi(a.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Li.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(a.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:a.z.object({"tenant-id":a.z.string()}),body:{content:{"application/json":{schema:a.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),kw=new a.OpenAPIHono().openapi(a.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Zs}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new N(404,{message:"Session not found"});return t.text("OK")}).openapi(a.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new N(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),xw=new a.OpenAPIHono().openapi(a.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:rl}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new N(404,{message:"Session not found"});return t.text("OK")}),Sw=new a.OpenAPIHono().openapi(a.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:Yt,headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:a.z.array(Mn)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(a.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Mn}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new N(404);return t.json(r)}).openapi(a.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new N(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(a.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:a.z.object(Mn.shape).partial()}}},params:a.z.object({id:a.z.string()}),headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Mn}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new N(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new N(404);return t.json(s)}).openapi(a.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.object(tl.shape)}}},headers:a.z.object({"tenant-id":a.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Mn}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})});function Aw(){const t=new a.OpenAPIHono;Cg(t),t.use(Ng(t));const e=t.route("/branding",Qm).route("/custom-domains",Sw).route("/email/providers",bw).route("/users",ay).route("/keys",sw).route("/users-by-email",ow).route("/clients",cw).route("/tenants",uw).route("/logs",pw).route("/hooks",hw).route("/connections",mw).route("/prompts",_w).route("/sessions",kw).route("/refresh_tokens",xw);return e.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),e}function Ew(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}function Bn(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}var bp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(bp||(bp={}));var kp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(kp||(kp={}));function Iw(t){return $g(t,zw,Xr.Include)}function jg(t){return $g(t,Cw,Xr.None)}function $g(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,o=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],o+=8;for(let c=0;c<4;c++)o>=6?(r+=e[s>>o-6&63],o-=6):o>0?(r+=e[s<<6-o&63],o=0):n===Xr.Include&&(r+="=")}return r}const zw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",Cw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Xr;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Xr||(Xr={}));var xp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(xp||(xp={}));class Nw{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const Sp=new Nw;function wt(t,e){return(t<<32-e|t>>>e)>>>0}function jw(t){const e=new $w;return e.update(t),e.digest()}class $w{constructor(){ee(this,"blockSize",64);ee(this,"size",32);ee(this,"blocks",new Uint8Array(64));ee(this,"currentBlockSize",0);ee(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));ee(this,"l",0n);ee(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),Sp.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)Sp.putUint32(e,this.H[n],n*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(wt(this.w[u-2],17)^wt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,h=(wt(this.w[u-15],7)^wt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+h+this.w[u-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],o=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(wt(s,6)^wt(s,11)^wt(s,25))>>>0,h=(s&o^~s&c)>>>0,m=l+p+h+Ow[u]+this.w[u]|0,v=(wt(e,2)^wt(e,13)^wt(e,22))>>>0,f=(e&n^e&r^n&r)>>>0,_=v+f|0;l=c,c=o,o=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=o+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const Ow=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class Bw{constructor(e){ee(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function Tw(t){const e=jw(new TextEncoder().encode(t));return jg(e)}function Pw(){const t=new Uint8Array(32);return crypto.getRandomValues(t),jg(t)}function Pr(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function fa(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Iw(n)}async function Ds(t){let e;try{e=await fetch(t)}catch(n){throw new Bg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Di(e.status)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);let r;try{r=Og(n)}catch{throw new Wn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Di(e.status)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);return new Bw(n)}throw e.body!==null&&await e.body.cancel(),new Di(e.status)}async function Rw(t){let e;try{e=await fetch(t)}catch(n){throw new Bg(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Wn(e.status,null)}if(typeof n!="object"||n===null)throw new Wn(e.status,n);let r;try{r=Og(n)}catch{throw new Wn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Di(e.status)}function Og(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new Lw(e,n,r,i)}class Bg extends Error{constructor(e){super("Failed to send request",{cause:e})}}class Lw extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);ee(this,"code");ee(this,"description");ee(this,"uri");ee(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Di extends Error{constructor(n){super("Unexpected error response");ee(this,"status");this.status=n}}class Wn extends Error{constructor(n,r){super("Unexpected error response body");ee(this,"status");ee(this,"data");this.status=n,this.data=r}}class eu{constructor(e,n,r){ee(this,"clientId");ee(this,"clientPassword");ee(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const o=new URL(e);if(o.searchParams.set("response_type","code"),o.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&o.searchParams.set("redirect_uri",this.redirectURI),o.searchParams.set("state",n),r===Qr.S256){const c=Tw(i);o.searchParams.set("code_challenge_method","S256"),o.searchParams.set("code_challenge",c)}else r===Qr.Plain&&(o.searchParams.set("code_challenge_method","plain"),o.searchParams.set("code_challenge",i));return s.length>0&&o.searchParams.set("scope",s.join(" ")),o}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Pr(e,i);if(this.clientPassword!==null){const c=fa(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Ds(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Pr(e,i);if(this.clientPassword!==null){const c=fa(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Ds(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Pr(e,r);if(this.clientPassword!==null){const s=fa(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await Rw(i)}}var Qr;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(Qr||(Qr={}));var Ap;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ap||(Ap={}));var Ep;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ep||(Ep={}));function Rr(t){return Uw(t,Vw,Hs.None)}function Uw(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,o=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],o+=8;for(let c=0;c<4;c++)o>=6?(r+=e[s>>o-6&63],o-=6):o>0?(r+=e[s<<6-o&63],o=0):n===Hs.Include&&(r+="=")}return r}const Vw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Hs;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Hs||(Hs={}));var Ip;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ip||(Ip={}));function Mw(t,e,n){const r=Rr(new TextEncoder().encode(t)),i=Rr(new TextEncoder().encode(e)),s=Rr(n);return r+"."+i+"."+s}function qw(t,e){const n=Rr(new TextEncoder().encode(t)),r=Rr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const Dw="https://appleid.apple.com/auth/authorize",Hw="https://appleid.apple.com/auth/token";class Tg{constructor(e,n,r,i,s){ee(this,"clientId");ee(this,"teamId");ee(this,"keyId");ee(this,"pkcs8PrivateKey");ee(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(Dw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Pr(Hw,n);return await Ds(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,qw(r,i)));return Mw(r,i,s)}}const Fw="https://www.facebook.com/v16.0/dialog/oauth",Kw="https://graph.facebook.com/v16.0/oauth/access_token";class Pg{constructor(e,n,r){ee(this,"clientId");ee(this,"clientSecret");ee(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(Fw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Pr(Kw,n);return await Ds(r)}}const Ww="https://accounts.google.com/o/oauth2/v2/auth",zp="https://oauth2.googleapis.com/token",Gw="https://oauth2.googleapis.com/revoke";let Rg=class{constructor(e,n,r){ee(this,"client");this.client=new eu(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(Ww,e,Qr.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(zp,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(zp,e,[])}async revokeToken(e){await this.client.revokeToken(Gw,e)}};const Wo=a.z.object({iss:a.z.string().url(),sub:a.z.string(),aud:a.z.string(),exp:a.z.number(),email:a.z.string().optional(),given_name:a.z.string().optional(),family_name:a.z.string().optional(),name:a.z.string().optional(),iat:a.z.number(),auth_time:a.z.number().optional(),nonce:a.z.string().optional(),acr:a.z.string().optional(),amr:a.z.array(a.z.string()).optional(),azp:a.z.string().optional(),at_hash:a.z.string().optional(),c_hash:a.z.string().optional()}).passthrough();Wo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function Jw(t){return t.ISSUER}function At(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function Ce(t){return t.OAUTH_API_URL||t.ISSUER}function Lg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function Zw(t,e){var l,u;const{options:n,keyArray:r}=Lg(e),i=new Tg(n.client_id,n.team_id,n.kid,r,`${Ce(t.env)}callback`),s=qe(),o=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=n.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&o.searchParams.set("response_mode","form_post"),{redirectUrl:o.href,code:s}}async function Yw(t,e,n){const{options:r,keyArray:i}=Lg(e),o=await new Tg(r.client_id,r.team_id,r.kid,i,`${Ce(t.env)}callback`).validateAuthorizationCode(n),c=sl(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Wo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const Xw=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Zw,validateAuthorizationCodeAndGetUser:Yw},Symbol.toStringTag,{value:"Module"}));async function Qw(t,e){var o;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new Pg(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe();return{redirectUrl:r.createAuthorizationURL(i,((o=n.scope)==null?void 0:o.split(" "))||["email"]).href,code:i}}async function eb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new Pg(r.client_id,r.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode(n),o=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!o.ok)throw new Error("Failed to fetch user info");const c=await o.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const tb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Qw,validateAuthorizationCodeAndGetUser:eb},Symbol.toStringTag,{value:"Module"}));async function nb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Rg(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe(),s=Pw();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function rb(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const o=await new Rg(i.client_id,i.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode(n,r),c=sl(o.idToken());if(!c)throw new Error("Invalid ID token");const l=Wo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:nb,validateAuthorizationCodeAndGetUser:rb},Symbol.toStringTag,{value:"Module"}));async function sb(t,e){var o;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new eu(n.client_id,n.client_secret,`${Ce(t.env)}callback`),i=qe(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((o=n.scope)==null?void 0:o.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function ob(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new eu(r.client_id,r.client_secret,`${Ce(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),o=sl(s.idToken());if(!o)throw new Error("Invalid ID token");const c=Wo.parse(o.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new N(400,{message:"Failed to get user from vipps"});return await l.json()}const ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:sb,validateAuthorizationCodeAndGetUser:ob},Symbol.toStringTag,{value:"Module"}));function Ug(t,e){const n=t.env.STRATEGIES||{},i={apple:Xw,facebook:tb,"google-oauth2":ib,vipps:ab,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Go(t,e){const n=await t.data.clients.get(e);if(!n)throw new N(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},o=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(h=>h.name===c.name);return l!=null&&l.options?Dt.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${At(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${At(t)}info`],connections:o,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Jo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return cb(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function cb(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function lb(t,e,n,r){if(!r.state)throw new N(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=be(t,{type:me.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new N(403,{message:"Connection Not Found"})}let s=await t.env.data.logins.get(e.tenant.id,r.state);s||(s=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:r,...Bn(t.req)}));const c=await Ug(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.login_id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+x_*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Cp(t,{code:e,state:n}){var f;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new N(403,{message:"State not found"});const s=await r.data.logins.get(t.var.tenant_id||"",i.login_id);if(!s)throw new N(403,{message:"Session not found"});const o=await Go(r,s.authParams.client_id);t.set("client_id",o.id),t.set("tenant_id",o.tenant.id);const c=o.connections.find(_=>_.id===i.connection_id);if(!c){const _=be(t,{type:me.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(o.tenant.id,_),new N(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=be(t,{type:me.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(o.tenant.id,_),new N(403,{message:"Redirect URI not defined"})}if(!Jo(s.authParams.redirect_uri,o.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,w=be(t,{type:me.FAILED_LOGIN,description:_});throw await r.data.logs.create(o.tenant.id,w),new N(403,{message:_})}const u=await Ug(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...h}=u;t.set("user_id",p);const m=((f=u.email)==null?void 0:f.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const v=await no(t,{client:o,email:m,provider:c.strategy,connection:c.name,userId:p,profileData:h,isSocial:!0,ip:t.req.header("x-real-ip")});return sn(t,{client:o,authParams:s.authParams,loginSession:s,user:v})}async function Np(t,e,n,r,i,s){const o=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!o)throw new N(400,{message:"State not found"});const c=await t.env.data.logins.get(t.var.tenant_id,o.login_id);if(!c)throw new N(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new N(400,{message:"Redirect uri not found"});const u=be(t,{type:me.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});Qe(t,t.env.data.logs.create(t.var.tenant_id,u));const p=new URL(l);return Ew(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${At(t.env)}enter-email?state=${c.login_id}&error=${n}`)}const ub=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string(),code:a.z.string().optional(),scope:a.z.string().optional(),hd:a.z.string().optional(),error:a.z.string().optional(),error_description:a.z.string().optional(),error_code:a.z.string().optional(),error_reason:a.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:o}=t.req.valid("query");if(r)return Np(t,e,r,i,s,o);if(!n)throw new N(400,{message:"Code is required"});return Cp(t,{code:n,state:e})}).openapi(a.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({state:a.z.string(),code:a.z.string().optional(),scope:a.z.string().optional(),hd:a.z.string().optional(),error:a.z.string().optional(),error_description:a.z.string().optional(),error_code:a.z.string().optional(),error_reason:a.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:o}=t.req.valid("form");if(r)return Np(t,e,r,i,s,o);if(!n)throw new N(400,{message:"Code is required"});return Cp(t,{code:n,state:e})}),db=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:a.z.object({client_id:a.z.string(),returnTo:a.z.string().optional()}),header:a.z.object({cookie:a.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Jo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new N(400,{message:"Invalid redirect uri"});const o=t.req.header("cookie");if(o){const l=as(r.tenant.id,o);if(l){const u=await t.env.data.sessions.get(r.tenant.id,l);if(u){const p=await t.env.data.users.get(r.tenant.id,u.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection))}await t.env.data.sessions.remove(r.tenant.id,l)}}const c=be(t,{type:me.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":z_(r.tenant.id),location:s}})}),jp=a.z.object({sub:a.z.string(),email:a.z.string().optional(),family_name:a.z.string().optional(),given_name:a.z.string().optional(),email_verified:a.z.boolean()}),pb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:jp}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new N(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new N(404,{message:"User not found"});return t.json(jp.parse({...e,sub:e.user_id}))}),fb=new a.OpenAPIHono().openapi(a.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:cf}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new Ql(r.cert).publicKey.export(),o=await crypto.subtle.exportKey("jwk",s);return nl.parse({...o,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${Ni}, stale-while-revalidate=${Ni*2}, stale-if-error=86400`}})}).openapi(a.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Aa}},description:"List of tenants"}}}),async t=>{const e=Aa.parse({issuer:Jw(t.env),authorization_endpoint:`${Ce(t.env)}authorize`,token_endpoint:`${Ce(t.env)}oauth/token`,device_authorization_endpoint:`${Ce(t.env)}oauth/device/code`,userinfo_endpoint:`${Ce(t.env)}userinfo`,mfa_challenge_endpoint:`${Ce(t.env)}mfa/challenge`,jwks_uri:`${Ce(t.env)}.well-known/jwks.json`,registration_endpoint:`${Ce(t.env)}oidc/register`,revocation_endpoint:`${Ce(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${Ni}, stale-while-revalidate=${Ni*2}, stale-if-error=86400`}})});function Hi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Vg=a.z.object({grant_type:a.z.literal("client_credentials"),scope:a.z.string().optional(),client_secret:a.z.string(),client_id:a.z.string(),audience:a.z.string().optional()});async function hb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Invalid client credentials"});if(n.client_secret&&!Hi(n.client_secret,e.client_secret))throw new N(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await eo(t,{authParams:r,client:n});return t.json(i)}const gb=a.z.object({grant_type:a.z.literal("authorization_code"),client_id:a.z.string(),code:a.z.string(),redirect_uri:a.z.string().optional(),client_secret:a.z.string().optional(),code_verifier:a.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function mb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new N(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new N(403,{message:"Code expired"});if(r.used_at)throw new N(403,{message:"Code already used"});const i=await t.env.data.logins.get(n.tenant.id,r.login_id);if(!i)throw new N(403,{message:"Invalid login"});if("client_secret"in e){const o=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Hi(n.client_secret,e.client_secret)&&!Hi(o==null?void 0:o.client_secret,e.client_secret))throw new N(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const o=await w_(e.code_verifier,i.authParams.code_challenge_method);if(!Hi(o,i.authParams.code_challenge||""))throw new N(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new N(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new N(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),sn(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Zt.WEB_MESSAGE}})}const _b=a.z.object({grant_type:a.z.literal("refresh_token"),client_id:a.z.string(),redirect_uri:a.z.string().optional(),refresh_token:a.z.string()});async function yb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new N(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new N(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new N(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new N(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const o=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:o.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return sn(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Zt.WEB_MESSAGE}})}const $p=a.z.object({client_id:a.z.string().optional(),client_secret:a.z.string().optional()}),vb=a.z.union([Vg.extend($p.shape),a.z.object({grant_type:a.z.literal("authorization_code"),client_id:a.z.string(),code:a.z.string(),redirect_uri:a.z.string(),code_verifier:a.z.string().min(43).max(128)}),a.z.object({grant_type:a.z.literal("authorization_code"),code:a.z.string(),redirect_uri:a.z.string().optional(),...$p.shape}),a.z.object({grant_type:a.z.literal("refresh_token"),client_id:a.z.string(),refresh_token:a.z.string(),redirect_uri:a.z.string().optional()})]);function wb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const bb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:vb}}}},responses:{200:{content:{"application/json":{schema:hf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=wb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new N(400,{message:"client_id is required"});switch(e.grant_type){case jr.AuthorizationCode:return mb(t,gb.parse(r));case jr.ClientCredential:return hb(t,Vg.parse(r));case jr.RefreshToken:return yb(t,_b.parse(r));default:throw new N(400,{message:"Not implemented"})}});var tu={exports:{}};const nu=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Mg=(t,e=nu,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let o=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,o[0]),s};tu.exports={passwordStrength:Mg,defaultOptions:nu};var kb=tu.exports.passwordStrength=Mg;tu.exports.defaultOptions=nu;function ru(t){return kb(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Zo(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new N(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new N(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function qg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new N(500,{message:"Tenant not found"});const s=`${At(t.env)}reset-password?state=${r}&code=${n}`,o={vendorName:i.name,lng:i.language||"en"};await Zo(t,{to:e,subject:"Reset your password",html:`Click here to reset your password: ${At(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:de("password_reset_title",o),resetPasswordEmailClickToReset:de("reset_password_email_click_to_reset",o),resetPasswordEmailReset:de("reset_password_email_reset",o),supportInfo:de("support_info",o),contactUs:de("contact_us",o),copyright:de("copyright",o)}})}async function Dg(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new N(500,{message:"Tenant not found"});const i={vendorName:r.name,code:n,lng:r.language||"en"};await Zo(t,{to:e,subject:de("code_email_subject",i),html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",buttonColor:r.primary_color||"",welcomeToYourAccount:de("welcome_to_your_account",i),linkEmailClickToLogin:de("link_email_click_to_login",i),linkEmailLogin:de("link_email_login",i),linkEmailOrEnterCode:de("link_email_or_enter_code",i),codeValid30Mins:de("code_valid_30_minutes",i),supportInfo:de("support_info",i),contactUs:de("contact_us",i),copyright:de("copyright",i)}});const s=be(t,{type:me.CODE_LINK_SENT,description:e});Qe(t,t.env.data.logs.create(r.id,s))}async function iu(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new N(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new N(400,{message:"redirect_uri is required"});const s=new URL(Ce(t.env));s.pathname="passwordless/verify_redirect",s.searchParams.set("verification_code",n),s.searchParams.set("connection","email"),s.searchParams.set("client_id",r.client_id),s.searchParams.set("redirect_uri",r.redirect_uri),s.searchParams.set("email",e),r.response_type&&s.searchParams.set("response_type",r.response_type),r.scope&&s.searchParams.set("scope",r.scope),r.state&&s.searchParams.set("state",r.state),r.nonce&&s.searchParams.set("nonce",r.nonce),r.code_challenge&&s.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&s.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&s.searchParams.set("audience",r.audience);const o={vendorName:i.name,code:n,lng:i.language||"en"};await Zo(t,{to:e,subject:de("code_email_subject",o),html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:s.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:de("welcome_to_your_account",o),linkEmailClickToLogin:de("link_email_click_to_login",o),linkEmailLogin:de("link_email_login",o),linkEmailOrEnterCode:de("link_email_or_enter_code",o),codeValid30Mins:de("code_valid_30_minutes",o),supportInfo:de("support_info",o),contactUs:de("contact_us",o),copyright:de("copyright",o)}});const c=be(t,{type:me.CODE_LINK_SENT,description:e});Qe(t,t.env.data.logs.create(i.id,c))}async function su(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new N(500,{message:"Tenant not found"});const r={vendorName:n.name,lng:n.language||"en"};await Zo(t,{to:e.email,subject:"Validate your email address",html:`Click here to validate your email: ${At(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${At(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:de("welcome_to_your_account",r),verifyEmailVerify:de("verify_email_verify",r),supportInfo:de("support_info",r),contactUs:de("contact_us",r),copyright:de("copyright",r)}})}const xb=new a.OpenAPIHono().openapi(a.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.literal("Username-Password-Authentication"),email:a.z.string().transform(t=>t.toLowerCase()),password:a.z.string()})}}}},responses:{200:{content:{"application/json":{schema:a.z.object({_id:a.z.string(),email:a.z.string(),email_verified:a.z.boolean(),app_metadata:a.z.object({}),user_metadata:a.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new N(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!ru(n))throw new N(400,{message:"Password does not meet the requirements"});if(await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))throw new N(400,{message:"Invalid sign up"});const o=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Ys()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",o.user_id),t.set("username",o.email),t.set("connection",o.connection);const c=await ii.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:o.user_id,password:c,algorithm:"bcrypt"}),await su(t,o);const l=be(t,{type:me.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:o.user_id,email:o.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(a.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.literal("Username-Password-Authentication"),email:a.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new N(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await si({userAdapter:t.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},o=await t.env.data.logins.create(r.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:s,...Bn(t.req)});return await qg(t,e,o.login_id,o.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function sr(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}async function ou(t,e,n,r,i,s,o){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new N(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new N(400,{message:"Code expired"});if(l.used_at)throw new N(400,{message:"Code already used"});const u=await c.data.logins.get(e.tenant.id,l.login_id);if(!u||u.authParams.username!==r)throw new N(400,{message:"Code not found or expired"});const p=Bn(t.req);if(o&&u.ip!==p.ip)return t.redirect(`${At(t.env)}invalid-session?state=${u.login_id}`);if(n.redirect_uri&&!Jo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new N(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const h=await no(t,{client:e,email:r,provider:"email",connection:"email",isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),sn(t,{user:h,client:e,loginSession:u,authParams:n,ticketAuth:s})}const Sb=new a.OpenAPIHono().openapi(a.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:a.z.object({client_id:a.z.string(),connection:a.z.string(),email:a.z.string().transform(t=>t.toLowerCase()),send:a.z.enum(["link","code"]),authParams:el.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,email:i,send:s,authParams:o}=e,c=await t.env.data.clients.get(r);if(!c)throw new N(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=await n.data.logins.create(c.tenant.id,{authParams:{...o,client_id:r,username:i},expires_at:new Date(Date.now()+za).toISOString(),...Bn(t.req)}),u=await n.data.codes.create(c.tenant.id,{code_id:sr(),code_type:"otp",login_id:l.login_id,expires_at:new Date(Date.now()+za).toISOString()});return s==="link"?await iu(t,i,u.code_id,{...o,client_id:r}):await Dg(t,i,u.code_id),t.html("OK")}).openapi(a.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:a.z.object({scope:a.z.string(),response_type:a.z.nativeEnum(Jt),redirect_uri:a.z.string(),state:a.z.string(),nonce:a.z.string().optional(),verification_code:a.z.string(),connection:a.z.string(),client_id:a.z.string(),email:a.z.string().transform(t=>t.toLowerCase()),audience:a.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:o,scope:c,audience:l,response_type:u,nonce:p}=t.req.valid("query"),h=await Go(e,n);return t.set("client_id",h.id),t.set("tenant_id",h.tenant.id),t.set("connection","email"),ou(t,h,{client_id:n,redirect_uri:s,state:o,nonce:p,scope:c,audience:l,response_type:u},r,i,!1,!0)});class Er extends N{constructor(n,r){super(n,r);ee(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function au(t,e,n,r,i){const{env:s}=t,o=n.username;if(t.set("username",o),!o)throw new N(400,{message:"Username is required"});const c=await si({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:o,provider:"auth2"});if(!c){const f=be(t,{type:me.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new Er(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const u=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(u&&await ii.compare(n.password,u.password))){const f=be(t,{type:me.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(f=>f.type===me.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(f.date)>new Date(Date.now()-1e3*60*5)).length>=3){const f=be(t,{type:me.FAILED_LOGIN,description:"Too many failed login attempts"});throw Qe(t,t.env.data.logs.create(e.tenant.id,f)),new Er(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await su(t,c);const f=be(t,{type:me.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,f),new Er(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const v=be(t,{type:me.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return Qe(t,t.env.data.logs.create(e.tenant.id,v)),sn(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Ab(t,e,n,r){await no(t,{client:e,email:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=sr(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=sr(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const o=await t.env.data.logins.create(e.tenant.id,{expires_at:new Date(Date.now()+E_).toISOString(),authParams:{client_id:e.id,username:n},...Bn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:o.login_id,expires_at:new Date(Date.now()+A_).toISOString()});await qg(t,n,c.code_id,r)}const Eb=new a.OpenAPIHono().openapi(a.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:a.z.union([a.z.object({credential_type:a.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:a.z.string(),client_id:a.z.string(),username:a.z.string().transform(t=>t.toLowerCase()),realm:a.z.enum(["email"]),scope:a.z.string().optional()}),a.z.object({credential_type:a.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:a.z.string(),username:a.z.string().transform(t=>t.toLowerCase()),password:a.z.string(),realm:a.z.enum(["Username-Password-Authentication"]),scope:a.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new N(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return ou(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const o=await t.env.data.logins.create(i.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:{client_id:n,username:s},...Bn(t.req)});return au(t,i,{username:s,password:e.password,client_id:n},o,!0)}else throw new N(400,{message:"Code or password required"})});function Ib(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ha(t))==null?void 0:r.host)??null;if(!n)return!1;for(const o of e){let c;if(o.startsWith("http://")||o.startsWith("https://")?c=((i=ha(o))==null?void 0:i.host)??null:c=((s=ha("https://"+o))==null?void 0:s.host)??null,n===c)return!0}return!1}function ha(t){try{return new URL(t)}catch{return null}}async function zb({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const o=await t.env.data.logins.create(n.tenant.id,{expires_at:new Date(Date.now()+Ur*1e3).toISOString(),authParams:r,...Bn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return sn(t,{client:n,loginSession:o,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=sr();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:o.login_id,expires_at:new Date(Date.now()+Ur*1e3).toISOString()}),await iu(t,s,c,r),t.redirect(`/u/enter-code?state=${o.login_id}`)}return e?t.redirect(`/u/check-account?state=${o.login_id}`):t.redirect(`/u/enter-email?state=${o.login_id}`)}function Cb(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new N(403,{message:"Invalid realm"})}async function Nb(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const o=await s.data.codes.get(e,n,"ticket");if(!o||o.used_at)throw new N(403,{message:"Ticket not found"});const c=await s.data.logins.get(e,o.login_id);if(!c||!c.authParams.username)throw new N(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new N(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const u=Cb(i);let p=await no(t,{email:c.authParams.username,provider:u,client:l,connection:u==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email),t.set("user_id",p.user_id);const h=await Tf(t,{user:p,client:l,scope:r.scope,audience:r.audience});return sn(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:h.id,user:p,client:l})}async function Op(t,e){return`<!DOCTYPE html>
   <html>
   <head>
@@ -219,7 +219,7 @@ PERFORMANCE OF THIS SOFTWARE.
     ${o?"invisible h-0":"visible h-auto"}
   `,children:t}),o&&y("div",{className:"absolute left-0 top-0 flex h-full w-full items-center justify-center",children:y(l1,{size:"medium"})})]})},Ti=({connection:t,text:e,icon:n=null,canResize:r=!1,session:i})=>{const s=new URLSearchParams({client_id:i.authParams.client_id,connection:t});i.authParams.response_type&&s.set("response_type",i.authParams.response_type),i.authParams.redirect_uri&&s.set("redirect_uri",i.authParams.redirect_uri),i.authParams.scope&&s.set("scope",i.authParams.scope),i.authParams.nonce&&s.set("nonce",i.authParams.nonce),i.authParams.response_type&&s.set("response_type",i.authParams.response_type),i.authParams.state&&s.set("state",i.login_id);const o=`/authorize?${s.toString()}`;return y(ti,{className:Et("border border-gray-200 bg-white hover:bg-gray-100 dark:border-gray-400 dark:bg-black dark:hover:bg-black/90",{"px-0 py-3 sm:px-10 sm:py-4 short:px-0 short:py-3":r,"px-10 py-3":!r}),variant:"custom","aria-label":e,Component:"a",href:o,children:[n||"",y("div",{className:Et("text-left text-black dark:text-white sm:text-base",{"hidden sm:inline short:hidden":r}),children:e})]})},u1=({...t})=>y("svg",{width:"45",height:"45",viewBox:"0 0 45 45",xmlns:"http://www.w3.org/2000/svg",...t,children:[y("path",{d:"M44.1035 23.0123C44.1054 21.4791 43.9758 19.9486 43.716 18.4375H22.498V27.1028H34.6507C34.4021 28.4868 33.8757 29.8061 33.1034 30.9812C32.3311 32.1562 31.3289 33.1628 30.1571 33.9401V39.5649H37.41C41.6567 35.6494 44.1035 29.859 44.1035 23.0123Z",fill:"#4285F4"}),y("path",{d:"M22.4982 44.9997C28.5698 44.9997 33.6821 43.0061 37.4101 39.5687L30.1573 33.9439C28.1386 35.3126 25.5387 36.0938 22.4982 36.0938C16.6296 36.0938 11.6485 32.1377 9.86736 26.8066H2.39575V32.6033C4.26839 36.3297 7.13989 39.4622 10.6896 41.6512C14.2394 43.8402 18.3277 44.9995 22.4982 44.9997Z",fill:"#34A853"}),y("path",{d:"M9.86737 26.8073C8.92572 24.0138 8.92572 20.9886 9.86737 18.1951V12.3984H2.39576C0.820432 15.5332 0 18.9929 0 22.5012C0 26.0095 0.820432 29.4692 2.39576 32.604L9.86737 26.8073Z",fill:"#FBBC04"}),y("path",{d:"M22.4982 8.90741C25.7068 8.85499 28.8071 10.0673 31.1291 12.2823L37.5507 5.86064C33.4788 2.03602 28.0843 -0.0637686 22.4982 0.00147616C18.3277 0.00166623 14.2394 1.16098 10.6896 3.34999C7.13989 5.539 4.26839 8.67155 2.39575 12.3979L9.86736 18.1946C11.6485 12.8635 16.6296 8.90741 22.4982 8.90741Z",fill:"#EA4335"})]}),Tn=({children:t,className:e})=>y(du,{children:[y(ti,{className:e,id:"initial-btn",children:t}),y(ti,{className:Et(e,"hidden"),isLoading:!0,id:"loading-btn",disabled:!0,children:" "})]}),Pn=({children:t,className:e})=>y("form",{id:"form",method:"post",className:e,children:t}),d1=({...t})=>y("svg",{version:"1.1",id:"Layer_1",xmlns:"http://www.w3.org/2000/svg",x:"0px",y:"0px",viewBox:"0 0 48 48",enableBackground:"new 0 0 48 48",width:"45",height:"45",...t,children:[y("path",{fill:"#FF5B24",d:"M3.5,8h41c1.9,0,3.5,1.6,3.5,3.5v25c0,1.9-1.6,3.5-3.5,3.5h-41C1.6,40,0,38.4,0,36.5v-25C0,9.6,1.6,8,3.5,8z"}),y("path",{fillRule:"evenodd",clipRule:"evenodd",fill:"#FFFFFF",d:`M27.9,20.3c1.4,0,2.6-1,2.6-2.5h0c0-1.5-1.2-2.5-2.6-2.5c-1.4,0-2.6,1-2.6,2.5C25.3,19.2,26.5,20.3,27.9,20.3z
     M31.2,24.4c-1.7,2.2-3.5,3.8-6.7,3.8h0c-3.2,0-5.8-2-7.7-4.8c-0.8-1.2-2-1.4-2.9-0.8c-0.8,0.6-1,1.8-0.3,2.9
-   c2.7,4.1,6.5,6.6,10.9,6.6c4,0,7.2-2,9.6-5.2c0.9-1.2,0.9-2.5,0-3.1C33.3,22.9,32.1,23.2,31.2,24.4z`})]}),Mp=({error:t,vendorSettings:e,session:n,email:r,client:i,impersonation:s})=>{const o=i.connections.map(({name:m})=>m),c=o.includes("facebook"),l=o.includes("google-oauth2"),u=o.includes("apple"),p=o.includes("vipps"),h=c||l||u||p;return y(Nt,{title:U.t("welcome"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("welcome")}),y("div",{className:"mb-8 text-gray-300",children:U.t("login_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"mb-7",children:[y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:r||""}),s&&y("input",{type:"email",name:"act_as",placeholder:"Impersonate as",className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:""}),t&&y(wr,{children:t}),y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("continue")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})]}),h&&y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("continue_social_login")})]}),y("div",{className:"flex space-x-4 sm:flex-col sm:space-x-0 sm:space-y-4 short:flex-row short:space-x-4 short:space-y-0",children:[c&&y(Ti,{connection:"facebook",text:U.t("continue_with",{provider:"Facebook"}),canResize:!0,icon:y(gt,{className:"text-xl text-[#1196F5] sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"facebook"}),session:n}),l&&y(Ti,{connection:"google-oauth2",text:U.t("continue_with",{provider:"Google"}),canResize:!0,icon:y(u1,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),session:n}),u&&y(Ti,{connection:"apple",text:U.t("continue_with",{provider:"Apple"}),canResize:!0,icon:y(gt,{className:"text-xl text-black dark:text-white sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"apple"}),session:n}),p&&y(Ti,{connection:"vipps",text:U.t("continue_with",{provider:"Vipps"}),canResize:!0,icon:y(d1,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),session:n})]})]})]})},p1=["Auth0.swift"];function f1(t){if(!t)return"link";const e=atob(t),n=JSON.parse(e);return p1.includes(n.name)?"code":"link"}const h1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),impersonation:a.z.string().optional()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,impersonation:n}=t.req.valid("query"),{vendorSettings:r,session:i,client:s}=await Fe(t,e);return t.html(y(Mp,{vendorSettings:r,session:i,client:s,email:i.authParams.username,impersonation:n==="true"}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({username:a.z.string().transform(t=>t.toLowerCase()),act_as:a.z.string().transform(t=>t.toLowerCase()).optional(),login_selection:a.z.enum(["code","password"]).optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),r=t.req.valid("form");t.set("body",r),t.set("username",r.username);const{client:i,session:s,vendorSettings:o}=await Fe(t,n);t.set("client_id",i.id);const c=r.username,l=await to({userAdapter:e.data.users,tenant_id:i.tenant.id,email:c});if(l&&t.set("user_id",l.user_id),!l)try{await sy(t,i,t.env.data,r.username)}catch{const v=be(t,{type:me.FAILED_SIGNUP,description:"Public signup is disabled"});return await t.env.data.logs.create(i.tenant.id,v),t.html(y(Mp,{vendorSettings:o,session:s,error:U.t("user_account_does_not_exist"),email:r.username,client:i}),400)}if(s.authParams.username=r.username,s.authParams.act_as=r.act_as,await e.data.logins.update(i.tenant.id,s.login_id,s),await Qb(t,i,r.username,r.login_selection))return t.redirect(`/u/enter-password?state=${n}`);let u=sr(),p=await e.data.codes.get(i.tenant.id,u,"otp");for(;p;)u=sr(),p=await e.data.codes.get(i.tenant.id,u,"otp");const h=await t.env.data.codes.create(i.tenant.id,{code_id:u,code_type:"otp",login_id:s.login_id,expires_at:new Date(Date.now()+za).toISOString()});return f1(s.auth0Client)==="link"&&!r.username.includes("online.no")?Qe(t,iu(t,r.username,h.code_id,s.authParams)):Qe(t,Dg(t,r.username,h.code_id)),t.redirect(`/u/enter-code?state=${n}`)}),tn=t=>y("a",{className:"block text-primary hover:text-primaryHover text-center",href:`/u/enter-email?state=${t.state}`,children:U.t("go_back")});var ni="_hp",g1={Change:"Input",DoubleClick:"DblClick"},m1={svg:"2000/svg",math:"1998/Math/MathML"},ri=[],Yc=new WeakMap,ar=void 0,_1=()=>ar,jt=t=>"t"in t,_a={onClick:["click",!1]},qp=t=>{if(!t.startsWith("on"))return;if(_a[t])return _a[t];const e=t.match(/^on([A-Z][a-zA-Z]+?(?:PointerCapture)?)(Capture)?$/);if(e){const[,n,r]=e;return _a[t]=[(g1[n]||n).toLowerCase(),!!r]}},Dp=(t,e)=>ar&&t instanceof SVGElement&&/[A-Z]/.test(e)&&(e in t.style||e.match(/^(?:o|pai|str|u|ve)/))?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,y1=(t,e,n)=>{var r;e||(e={});for(let i in e){const s=e[i];if(i!=="children"&&(!n||n[i]!==s)){i=Ks(i);const o=qp(i);if(o){if((n==null?void 0:n[i])!==s&&(n&&t.removeEventListener(o[0],n[i],o[1]),s!=null)){if(typeof s!="function")throw new Error(`Event handler for "${i}" is not a function`);t.addEventListener(o[0],s,o[1])}}else if(i==="dangerouslySetInnerHTML"&&s)t.innerHTML=s.__html;else if(i==="ref"){let c;typeof s=="function"?c=s(t)||(()=>s(null)):s&&"current"in s&&(s.current=t,c=()=>s.current=null),Yc.set(t,c)}else if(i==="style"){const c=t.style;typeof s=="string"?c.cssText=s:(c.cssText="",s!=null&&Yg(s,c.setProperty.bind(c)))}else{if(i==="value"){const l=t.nodeName;if(l==="INPUT"||l==="TEXTAREA"||l==="SELECT"){if(t.value=s==null||s===!1?null:s,l==="TEXTAREA"){t.textContent=s;continue}else if(l==="SELECT"){t.selectedIndex===-1&&(t.selectedIndex=0);continue}}}else(i==="checked"&&t.nodeName==="INPUT"||i==="selected"&&t.nodeName==="OPTION")&&(t[i]=s);const c=Dp(t,i);s==null||s===!1?t.removeAttribute(c):s===!0?t.setAttribute(c,""):typeof s=="string"||typeof s=="number"?t.setAttribute(c,s):t.setAttribute(c,s.toString())}}}if(n)for(let i in n){const s=n[i];if(i!=="children"&&!(i in e)){i=Ks(i);const o=qp(i);o?t.removeEventListener(o[0],s,o[1]):i==="ref"?(r=Yc.get(t))==null||r():t.removeAttribute(Dp(t,i))}}},v1=(t,e)=>{e[Se][0]=0,ri.push([t,e]);const n=e.tag[cu]||e.tag,r=n.defaultProps?{...n.defaultProps,...e.props}:e.props;try{return[n.call(null,r)]}finally{ri.pop()}},tm=(t,e,n,r,i)=>{var s,o;(s=t.vR)!=null&&s.length&&(r.push(...t.vR),delete t.vR),typeof t.tag=="function"&&((o=t[Se][1][sm])==null||o.forEach(c=>i.push(c))),t.vC.forEach(c=>{var l;if(jt(c))n.push(c);else if(typeof c.tag=="function"||c.tag===""){c.c=e;const u=n.length;if(tm(c,e,n,r,i),c.s){for(let p=u;p<n.length;p++)n[p].s=!0;c.s=!1}}else n.push(c),(l=c.vR)!=null&&l.length&&(r.push(...c.vR),delete c.vR)})},w1=t=>{for(;;t=t.tag===ni||!t.vC||!t.pP?t.nN:t.vC[0]){if(!t)return null;if(t.tag!==ni&&t.e)return t.e}},nm=t=>{var e,n,r,i,s,o;jt(t)||((n=(e=t[Se])==null?void 0:e[1][sm])==null||n.forEach(c=>{var l;return(l=c[2])==null?void 0:l.call(c)}),(r=Yc.get(t.e))==null||r(),t.p===2&&((i=t.vC)==null||i.forEach(c=>c.p=2)),(s=t.vC)==null||s.forEach(nm)),t.p||((o=t.e)==null||o.remove(),delete t.e),typeof t.tag=="function"&&(Cr.delete(t),Gi.delete(t),delete t[Se][3],t.a=!0)},rm=(t,e,n)=>{t.c=e,im(t,e,n)},Hp=(t,e)=>{if(e){for(let n=0,r=t.length;n<r;n++)if(t[n]===e)return n}},Fp=Symbol(),im=(t,e,n)=>{var u;const r=[],i=[],s=[];tm(t,e,r,i,s),i.forEach(nm);const o=n?void 0:e.childNodes;let c,l=null;if(n)c=-1;else if(!o.length)c=0;else{const p=Hp(o,w1(t.nN));p!==void 0?(l=o[p],c=p):c=Hp(o,(u=r.find(h=>h.tag!==ni&&h.e))==null?void 0:u.e)??-1,c===-1&&(n=!0)}for(let p=0,h=r.length;p<h;p++,c++){const m=r[p];let v;if(m.s&&m.e)v=m.e,m.s=!1;else{const f=n||!m.e;jt(m)?(m.e&&m.d&&(m.e.textContent=m.t),m.d=!1,v=m.e||(m.e=document.createTextNode(m.t))):(v=m.e||(m.e=m.n?document.createElementNS(m.n,m.tag):document.createElement(m.tag)),y1(v,m.props,m.pP),im(m,v,f))}m.tag===ni?c--:n?v.parentNode||e.appendChild(v):o[c]!==v&&o[c-1]!==v&&(o[c+1]===v?e.appendChild(o[c]):e.insertBefore(v,l||o[c]||null))}if(t.pP&&delete t.pP,s.length){const p=[],h=[];s.forEach(([,m,,v,f])=>{m&&p.push(m),v&&h.push(v),f==null||f()}),p.forEach(m=>m()),h.length&&requestAnimationFrame(()=>{h.forEach(m=>m())})}},Gi=new WeakMap,Xc=(t,e,n)=>{var s,o,c,l,u,p;const r=!n&&e.pC;n&&(e.pC||(e.pC=e.vC));let i;try{n||(n=typeof e.tag=="function"?v1(t,e):Si(e.props.children)),((s=n[0])==null?void 0:s.tag)===""&&n[0][Jc]&&(i=n[0][Jc],t[5].push([t,i,e]));const h=r?[...e.pC]:e.vC?[...e.vC]:void 0,m=[];let v;for(let f=0;f<n.length;f++){Array.isArray(n[f])&&n.splice(f,1,...n[f].flat());let _=b1(n[f]);if(_){typeof _.tag=="function"&&!_.tag[Kg]&&(or.length>0&&(_[Se][2]=or.map(S=>[S,S.values.at(-1)])),(o=t[5])!=null&&o.length&&(_[Se][3]=t[5].at(-1)));let w;if(h&&h.length){const S=h.findIndex(jt(_)?C=>jt(C):_.key!==void 0?C=>C.key===_.key&&C.tag===_.tag:C=>C.tag===_.tag);S!==-1&&(w=h[S],h.splice(S,1))}if(w)if(jt(_))w.t!==_.t&&(w.t=_.t,w.d=!0),_=w;else{const S=w.pP=w.props;w.props=_.props,w.f||(w.f=_.f||e.f),typeof _.tag=="function"&&(w[Se][2]=_[Se][2]||[],w[Se][3]=_[Se][3],!w.f&&((w.o||w)===_.o||(l=(c=w.tag)[Rb])!=null&&l.call(c,S,w.props))&&(w.s=!0)),_=w}else if(!jt(_)&&ar){const S=vr(ar);S&&(_.n=S)}if(!jt(_)&&!_.s&&(Xc(t,_),delete _.f),m.push(_),v&&!v.s&&!_.s)for(let S=v;S&&!jt(S);S=(u=S.vC)==null?void 0:u.at(-1))S.nN=_;v=_}}e.vR=r?[...e.vC,...h||[]]:h||[],e.vC=m,r&&delete e.pC}catch(h){if(e.f=!0,h===Fp){if(i)return;throw h}const[m,v,f]=((p=e[Se])==null?void 0:p[3])||[];if(v){const _=()=>Ji([0,!1,t[2]],f),w=Gi.get(f)||[];w.push(_),Gi.set(f,w);const S=v(h,()=>{const C=Gi.get(f);if(C){const B=C.indexOf(_);if(B!==-1)return C.splice(B,1),_()}});if(S){if(t[0]===1)t[1]=!0;else if(Xc(t,f,[S]),(v.length===1||t!==m)&&f.c){rm(f,f.c,!1);return}throw Fp}}throw h}finally{i&&t[5].pop()}},b1=t=>{if(!(t==null||typeof t=="boolean")){if(typeof t=="string"||typeof t=="number")return{t:t.toString(),d:!0};if("vR"in t&&(t={tag:t.tag,props:t.props,key:t.key,f:t.f,type:t.tag,ref:t.props.ref,o:t.o||t}),typeof t.tag=="function")t[Se]=[0,[]];else{const e=m1[t.tag];e&&(ar||(ar=Gg("")),t.props.children=[{tag:ar,props:{value:t.n=`http://www.w3.org/${e}`,children:t.props.children}}])}return t}},Kp=(t,e)=>{var n,r;(n=e[Se][2])==null||n.forEach(([i,s])=>{i.values.push(s)});try{Xc(t,e,void 0)}catch{return}if(e.a){delete e.a;return}(r=e[Se][2])==null||r.forEach(([i])=>{i.values.pop()}),(t[0]!==1||!t[1])&&rm(e,e.c,!1)},Cr=new WeakMap,Wp=[],Ji=async(t,e)=>{t[5]||(t[5]=[]);const n=Cr.get(e);n&&n[0](void 0);let r;const i=new Promise(s=>r=s);if(Cr.set(e,[r,()=>{t[2]?t[2](t,e,s=>{Kp(s,e)}).then(()=>r(e)):(Kp(t,e),r(e))}]),Wp.length)Wp.at(-1).add(e);else{await Promise.resolve();const s=Cr.get(e);s&&(Cr.delete(e),s[1]())}return i},k1=(t,e,n)=>({tag:ni,props:{children:t},key:n,e,p:1}),ya=0,sm=1,va=2,wa=3,ba=new WeakMap,om=(t,e)=>!t||!e||t.length!==e.length||e.some((n,r)=>n!==t[r]),x1=void 0,Gp=[],S1=t=>{var o;const e=()=>typeof t=="function"?t():t,n=ri.at(-1);if(!n)return[e(),()=>{}];const[,r]=n,i=(o=r[Se][1])[ya]||(o[ya]=[]),s=r[Se][0]++;return i[s]||(i[s]=[e(),c=>{const l=x1,u=i[s];if(typeof c=="function"&&(c=c(u[0])),!Object.is(c,u[0]))if(u[0]=c,Gp.length){const[p,h]=Gp.at(-1);Promise.all([p===3?r:Ji([p,!1,l],r),h]).then(([m])=>{if(!m||!(p===2||p===3))return;const v=m.vC;requestAnimationFrame(()=>{setTimeout(()=>{v===m.vC&&Ji([p===3?1:0,!1,l],m)})})})}else Ji([0,!1,l],r)}])},pu=(t,e)=>{var c;const n=ri.at(-1);if(!n)return t;const[,r]=n,i=(c=r[Se][1])[va]||(c[va]=[]),s=r[Se][0]++,o=i[s];return om(o==null?void 0:o[1],e)?i[s]=[t,e]:t=i[s][0],t},A1=t=>{const e=ba.get(t);if(e){if(e.length===2)throw e[1];return e[0]}throw t.then(n=>ba.set(t,[n]),n=>ba.set(t,[void 0,n])),t},E1=(t,e)=>{var c;const n=ri.at(-1);if(!n)return t();const[,r]=n,i=(c=r[Se][1])[wa]||(c[wa]=[]),s=r[Se][0]++,o=i[s];return om(o==null?void 0:o[1],e)&&(i[s]=[t(),e]),i[s][0]},I1=Gg({pending:!1,data:null,method:null,action:null}),Jp=new Set,z1=t=>{Jp.add(t),t.finally(()=>Jp.delete(t))},fu=(t,e)=>E1(()=>n=>{let r;t&&(typeof t=="function"?r=t(n)||(()=>{t(null)}):t&&"current"in t&&(t.current=n,r=()=>{t.current=null}));const i=e(n);return()=>{i==null||i(),r==null||r()}},[t]),Vn=Object.create(null),Pi=Object.create(null),Ii=(t,e,n,r,i)=>{if(e!=null&&e.itemProp)return{tag:t,props:e,type:t,ref:e.ref};const s=document.head;let{onLoad:o,onError:c,precedence:l,blocking:u,...p}=e,h=null,m=!1;const v=Fi[t];let f;if(v.length>0){const C=s.querySelectorAll(t);e:for(const B of C)for(const R of Fi[t])if(B.getAttribute(R)===e[R]){h=B;break e}if(!h){const B=v.reduce((R,te)=>e[te]===void 0?R:`${R}-${te}-${e[te]}`,t);m=!Pi[B],h=Pi[B]||(Pi[B]=(()=>{const R=document.createElement(t);for(const te of v)e[te]!==void 0&&R.setAttribute(te,e[te]),e.rel&&R.setAttribute("rel",e.rel);return R})())}}else f=s.querySelectorAll(t);l=r?l??"":void 0,r&&(p[Ki]=l);const _=pu(C=>{if(v.length>0){let B=!1;for(const R of s.querySelectorAll(t)){if(B&&R.getAttribute(Ki)!==l){s.insertBefore(C,R);return}R.getAttribute(Ki)===l&&(B=!0)}s.appendChild(C)}else if(f){let B=!1;for(const R of f)if(R===C){B=!0;break}B||s.insertBefore(C,s.contains(f[0])?f[0]:s.querySelector(t)),f=void 0}},[l]),w=fu(e.ref,C=>{var te;const B=v[0];if(n===2&&(C.innerHTML=""),(m||f)&&_(C),!c&&!o)return;let R=Vn[te=C.getAttribute(B)]||(Vn[te]=new Promise((fe,le)=>{C.addEventListener("load",fe),C.addEventListener("error",le)}));o&&(R=R.then(o)),c&&(R=R.catch(c)),R.catch(()=>{})});if(i&&u==="render"){const C=Fi[t][0];if(e[C]){const B=e[C],R=Vn[B]||(Vn[B]=new Promise((te,fe)=>{_(h),h.addEventListener("load",te),h.addEventListener("error",fe)}));A1(R)}}const S={tag:t,type:t,props:{...p,ref:w},ref:w};return S.p=n,h&&(S.e=h),k1(S,s)},C1=t=>{const e=_1(),n=e&&vr(e);return n!=null&&n.endsWith("svg")?{tag:"title",props:t,type:"title",ref:t.ref}:Ii("title",t,void 0,!1,!1)},N1=t=>!t||["src","async"].some(e=>!t[e])?{tag:"script",props:t,type:"script",ref:t.ref}:Ii("script",t,1,!1,!0),j1=t=>!t||!["href","precedence"].every(e=>e in t)?{tag:"style",props:t,type:"style",ref:t.ref}:(t["data-href"]=t.href,delete t.href,Ii("style",t,2,!0,!0)),$1=t=>!t||["onLoad","onError"].some(e=>e in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?{tag:"link",props:t,type:"link",ref:t.ref}:Ii("link",t,1,"precedence"in t,!0),O1=t=>Ii("meta",t,void 0,!1,!1),am=Symbol(),B1=t=>{const{action:e,...n}=t;typeof e!="function"&&(n.action=e);const[r,i]=S1([null,!1]),s=pu(async u=>{const p=u.isTrusted?e:u.detail[am];if(typeof p!="function")return;u.preventDefault();const h=new FormData(u.target);i([h,!0]);const m=p(h);m instanceof Promise&&(z1(m),await m),i([null,!0])},[]),o=fu(t.ref,u=>(u.addEventListener("submit",s),()=>{u.removeEventListener("submit",s)})),[c,l]=r;return r[1]=!1,{tag:I1,props:{value:{pending:c!==null,data:c,method:c?"post":null,action:c?e:null},children:{tag:"form",props:{...n,ref:o},type:"form",ref:o}},f:l}},cm=(t,{formAction:e,...n})=>{if(typeof e=="function"){const r=pu(i=>{i.preventDefault(),i.currentTarget.form.dispatchEvent(new CustomEvent("submit",{detail:{[am]:e}}))},[]);n.ref=fu(n.ref,i=>(i.addEventListener("click",r),()=>{i.removeEventListener("click",r)}))}return{tag:t,props:n,type:t,ref:n.ref}},T1=t=>cm("input",t),P1=t=>cm("button",t);Object.assign(Zc,{title:C1,script:N1,style:j1,link:$1,meta:O1,form:B1,input:T1,button:P1});new TextEncoder;const lm=t=>{const{i18nKey:e,values:n,components:r}=t,i=U.t(e,n),s=/<(\d+)>(.*?)<\/\d+>/g,o=[];let c=0,l;for(;(l=s.exec(i))!==null;){const[,u,p]=l,h=i.substring(c,l.index);h&&o.push(h);const m=parseInt(u,10);o.push(Xb(r[m],{},p)),c=s.lastIndex}return c<i.length&&o.push(i.substring(c)),y(du,{children:o})},Zp=6,Yp=({error:t,vendorSettings:e,email:n,state:r,client:i,hasPasswordLogin:s})=>{const o=new URLSearchParams({state:r}),l=i.connections.map(({name:u})=>u).includes("auth2");return y(Nt,{title:U.t("verify_your_email"),vendorSettings:e,children:[y("div",{className:"mb-4 text-2xl font-medium",children:U.t("verify_your_email")}),y("div",{className:"mb-8 text-gray-300",children:y(lm,{i18nKey:"we_sent_a_code_to",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"pt-2",children:[y("input",{autoFocus:!0,type:"text",pattern:"[0-9]*",maxLength:Zp,inputMode:"numeric",name:"code",placeholder:"******",className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 pb-2 pt-2.5 text-center indent-[5px] font-mono text-3xl placeholder:text-gray-300 dark:bg-gray-600 md:text-3xl",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),minLength:Zp,required:!0,id:"code-input"}),t&&y(wr,{children:t}),y("div",{className:"text-center sm:mt-2",children:y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("login")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]}),l&&y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("or")})]}),y(ti,{Component:"a",href:`/u/${s?"enter-password":"pre-signup"}?${o.toString()}`,variant:"secondary",className:"block",children:U.t("enter_your_password_btn")})]})]}),y(tn,{state:r})]})]})},R1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r,client:i}=await Fe(t,e);if(!r.authParams.username)throw new N(400,{message:"Username not found in state"});const s=await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:r.authParams.username,provider:"auth2"});return t.html(y(Yp,{vendorSettings:n,email:r.authParams.username,state:e,client:i,hasPasswordLogin:!!s}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({code:a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{code:n}=t.req.valid("form"),{session:r,client:i,vendorSettings:s}=await Fe(t,e);if(t.set("client_id",i.id),!r.authParams.username)throw new N(400,{message:"Username not found in state"});try{return await ou(t,i,r.authParams,r.authParams.username,n)}catch(o){const c=o,l=await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:r.authParams.username,provider:"auth2"});return t.html(y(Yp,{vendorSettings:s,email:r.authParams.username,state:e,client:i,error:c.message,hasPasswordLogin:!!l}),400)}}),L1=t=>{const{vendorSettings:e,state:n}=t;return y(Nt,{title:U.t("unverified_email"),vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:U.t("unverified_email")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]}),y(tn,{state:n})]}),y(tn,{state:n})]})},ka=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t,s=new URLSearchParams({state:i});return y(Nt,{title:U.t("enter_password"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("enter_password")}),y("div",{className:"mb-6 text-gray-300",children:U.t("enter_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"mb-7",children:[y("input",{type:"text",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r}),y("input",{type:"password",name:"password",placeholder:U.t("password")||"",className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0}),e&&y(wr,{children:e}),y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("login")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})]}),y("a",{href:`/u/forgot-password?${s.toString()}`,className:"text-primary hover:underline mb-4",children:U.t("forgot_password_link")}),y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("or")})]}),y("form",{method:"post",action:`/u/enter-email?${s.toString()}`,children:[y("input",{type:"hidden",name:"login_selection",value:"code"}),y("input",{type:"hidden",name:"username",value:r}),y(ti,{variant:"secondary",className:"block",children:U.t("enter_a_code_btn")})]})]}),y(tn,{state:i})]})]})},U1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,session:i}=await Fe(t,e);if(!i.authParams.username)throw new N(400,{message:"Username required"});return t.html(y(ka,{vendorSettings:n,email:i.authParams.username,state:e,client:r}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{password:r}=n,{vendorSettings:i,client:s,session:o}=await Fe(t,e),{username:c}=o.authParams;if(!c)throw new N(400,{message:"Username required"});try{return await au(t,s,{...o.authParams,password:r},o)}catch(l){const u=l;return u.code==="INVALID_PASSWORD"||u.code==="USER_NOT_FOUND"?t.html(y(ka,{vendorSettings:i,email:c,error:U.t("invalid_password"),state:e,client:s}),400):u.code==="EMAIL_NOT_VERIFIED"?t.html(y(L1,{vendorSettings:i,state:e}),400):t.html(y(ka,{vendorSettings:i,email:c,error:u.message,state:e,client:s}),400)}}),Ir=t=>{const{state:e,error:n,vendorSettings:r,email:i,code:s}=t;return y(Nt,{title:U.t("create_account_title"),vendorSettings:r,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("create_account_title")}),y("div",{className:"mb-6 text-gray-300",children:U.t("create_account_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{children:[y("input",{type:"hidden",name:"code",value:s}),y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:i,disabled:!!i}),y("input",{type:"password",name:"password",placeholder:U.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:U.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),n&&y(wr,{children:n}),y(Tn,{className:"text-base sm:mt-2 md:text-base",children:U.t("continue")})]}),y(tn,{state:e})]})]})},um=t=>{const{message:e,vendorSettings:n,pageTitle:r,state:i}=t;return y(Nt,{title:"Login",vendorSettings:n,children:[r?y("div",{className:"mb-6 text-gray-300",children:r}):"",y("div",{className:"flex flex-1 flex-col justify-center",children:e}),i?y(tn,{state:i}):""]})},V1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().optional().openapi({description:"The code parameter from an email verification link"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{vendorSettings:r,session:i}=await Fe(t,e),{username:s}=i.authParams;if(!s)throw new N(400,{message:"Username required"});return n?t.html(y(Ir,{state:e,vendorSettings:r,email:s,code:n})):t.html(y(Ir,{state:e,vendorSettings:r,email:s}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string(),"re-enter-password":a.z.string(),code:a.z.string().optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{env:r}=t,{vendorSettings:i,client:s,session:o}=await Fe(t,e),c="Username-Password-Authentication";t.set("client_id",s.id),t.set("connection",c);const l=o.authParams.username;if(!l)throw new N(400,{message:"Username required"});if(n.password!==n["re-enter-password"])return t.html(y(Ir,{state:e,code:n.code,vendorSettings:i,error:U.t("create_account_passwords_didnt_match"),email:o.authParams.username}),400);if(!ru(n.password))return t.html(y(Ir,{state:e,code:n.code,vendorSettings:i,error:U.t("create_account_weak_password"),email:o.authParams.username}),400);const u=n.code?await r.data.codes.get(s.tenant.id,n.code,"email_verification"):void 0,p=u?await r.data.logins.get(s.tenant.id,u.login_id):void 0;try{if(await si({userAdapter:t.env.data.users,tenant_id:s.tenant.id,email:l,provider:"auth2"}))throw new N(400,{message:"Invalid sign up"});const m=(p==null?void 0:p.authParams.username)===l,v=await Rf(t).users.create(s.tenant.id,{user_id:`auth2|${Ys()}`,email:l,email_verified:m,provider:"auth2",connection:c,is_social:!1});return await r.data.passwords.create(s.tenant.id,{user_id:v.user_id,password:await ii.hash(n.password,10),algorithm:"bcrypt"}),m?await au(t,s,{...o.authParams,password:n.password},o):(await su(t,v),t.html(y(um,{message:U.t("validate_email_body"),pageTitle:U.t("validate_email_title"),vendorSettings:i,state:e})))}catch(h){const m=await Qg(r,s.id,o.authParams.vendor_id),v=h;return t.html(y(Ir,{state:e,vendorSettings:m,error:v.message,email:l}),400)}}),zr=t=>{const{error:e,vendorSettings:n,email:r}=t;return y(Nt,{title:U.t("reset_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("reset_password_title")}),y("div",{className:"mb-6 text-gray-300",children:`${U.t("reset_password_description")} ${r}`}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Pn,{children:[y("input",{type:"password",name:"password",placeholder:U.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:U.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),e&&y(wr,{children:e}),y(Tn,{className:"text-base sm:mt-2 md:text-base",children:U.t("reset_password_cta")})]})})]})},M1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r}=await Fe(t,e);if(!r.authParams.username)throw new N(400,{message:"Username required"});return t.html(y(zr,{vendorSettings:n,email:r.authParams.username}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().openapi({description:"The code parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string(),"re-enter-password":a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{password:r,"re-enter-password":i}=t.req.valid("form"),{env:s}=t,{vendorSettings:o,client:c,session:l}=await Fe(t,e);if(!l.authParams.username)throw new N(400,{message:"Username required"});if(r!==i)return t.html(y(zr,{error:U.t("create_account_passwords_didnt_match"),vendorSettings:o,email:l.authParams.username}),400);if(!ru(r))return t.html(y(zr,{error:U.t("create_account_weak_password"),vendorSettings:o,email:l.authParams.username}),400);const u=await si({userAdapter:s.data.users,tenant_id:c.tenant.id,email:l.authParams.username,provider:"auth2"});if(!u)throw new N(400,{message:"User not found"});try{if(!await s.data.codes.get(c.tenant.id,n,"password_reset"))return t.html(y(zr,{error:"Code not found or expired",vendorSettings:o,email:l.authParams.username}),400);const h={user_id:u.user_id,password:await ii.hash(r,10),algorithm:"bcrypt"};await s.data.passwords.get(c.tenant.id,u.user_id)?await s.data.passwords.update(c.tenant.id,h):await s.data.passwords.create(c.tenant.id,h),u.email_verified||await s.data.users.update(c.tenant.id,u.user_id,{email_verified:!0})}catch{return t.html(y(zr,{error:"The password could not be reset",vendorSettings:o,email:l.authParams.username}),400)}return t.html(y(um,{message:U.t("password_has_been_reset"),vendorSettings:o,state:e}))}),q1=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t;return y(Nt,{title:U.t("forgot_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("forgot_password_title")}),y("div",{className:"mb-6 text-gray-300",children:U.t("forgot_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r,disabled:!!r}),e&&y(wr,{children:e}),y(Tn,{className:"sm:mt-4",children:U.t("forgot_password_cta")})]}),y(tn,{state:i})]})]})},D1=t=>{const{vendorSettings:e,state:n}=t;return y(Nt,{title:"Login",vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{children:U.t("forgot_password_email_sent")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]})]}),y(tn,{state:n})]})},H1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r}=await Fe(t,e);return t.html(y(q1,{vendorSettings:n,state:e,email:r.authParams.username}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,session:i}=await Fe(t,e);return await Ab(t,r,i.authParams.username,i.login_id),t.html(y(D1,{vendorSettings:n,state:e}))}),F1=({vendorSettings:t,state:e,user:n})=>y(Nt,{title:de("check_email_title"),vendorSettings:t,children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-8 text-gray-700 dark:text-gray-300",children:[y(lm,{i18nKey:"currently_logged_in_as",components:[y("span",{className:"font-semibold text-gray-900 dark:text-white"},"span")],values:{email:n.email}}),y("br",{}),de("continue_with_sso_provider_headline")]}),y("div",{className:"space-y-6",children:[y(Pn,{children:y(Tn,{className:"w-full text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center justify-center space-x-2",children:y("span",{children:U.t("yes_continue_with_existing_account")})})})}),y("a",{className:"block text-center text-primary hover:text-primaryHover focus:outline-none focus:ring-2 focus:ring-primary focus:ring-offset-2 dark:focus:ring-offset-gray-900",href:`/u/enter-email?state=${encodeURIComponent(e)}`,children:U.t("no_use_another")})]})]})}),K1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{vendorSettings:r,client:i}=await Fe(t,n),s=as(i.tenant.id,t.req.header("cookie")),o=s?await e.data.sessions.get(i.tenant.id,s):null;if(!o)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,o.user_id);return c?t.html(y(F1,{vendorSettings:r,state:n,user:c})):t.redirect(`/u/enter-email?state=${n}`)}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{302:{description:"Redirect"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{session:r,client:i}=await Fe(t,n),s=as(i.tenant.id,t.req.header("cookie")),o=s?await e.data.sessions.get(i.tenant.id,s):null;if(!o)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,o.user_id);return c?sn(t,{user:c,authParams:r.authParams,client:i,loginSession:r}):t.redirect(`/u/enter-email?state=${n}`)});function W1(){const e=new a.OpenAPIHono().route("/check-account",K1).route("/enter-email",h1).route("/enter-code",R1).route("/enter-password",U1).route("/reset-password",M1).route("/forgot-password",H1).route("/signup",V1);return e.doc("/u/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Universal login"}}),e}const G1="Account detected",J1="We have detected that you have already created an account through",Z1="By signing in, you agree to our",Y1="and",X1="Callback URL mismatch",Q1="The provided redirect_uri is not in the list of allowed callback URLs.",ek="continue with user",tk="Please click the button to create a new password account.",nk="Enter the code at {{vendorName}} to complete the login",rk="Welcome to {{vendorName}}! {{code}} is the login code",ik="Welcome to {{vendorName}}! {{code}} is the login code",sk="The code is valid for 30 minutes",ok="Confirm password",ak="Need Help?",ck="Contact us",lk="or continue with social account",uk="Continue with {{provider}}",dk="Would you like to continue with your existing account?",pk="Copyright © 2023 SESAMY. All rights reserved.",fk="©2023 Sesamy",hk="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",gk="Please enter a valid email address.",mk="The passwords didn't match. Try again.",_k="Choose password",yk="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",vk="Create new account",wk="Sign up with password",bk="You are currently logged in as <0>{{email}}</0>",kk="Email",xk="Email address",Sk="Your email address has been validated",Ak="Now enter your password to login again",Ek="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",Ik="Email verification sent",zk="Enter a code",Ck="We'll send you a verification link to ensure you own this email address.",Nk="Enter new password",jk="Enter password",$k="Enter your email address and password to login.",Ok="Enter your password",Bk="The magic link has expired. Please click on the button below to receive a new link in your inbox.",Tk="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",Pk="Send password reset email",Rk="Click the button below and we’ll send instructions on how to reset your password.",Lk="Password reset email sent",Uk="Forgot password?",Vk="Forgot password?",Mk="Go back",qk="Invalid password",Dk=`The link is no longer valid.
+   c2.7,4.1,6.5,6.6,10.9,6.6c4,0,7.2-2,9.6-5.2c0.9-1.2,0.9-2.5,0-3.1C33.3,22.9,32.1,23.2,31.2,24.4z`})]}),Mp=({error:t,vendorSettings:e,session:n,email:r,client:i,impersonation:s})=>{const o=i.connections.map(({name:m})=>m),c=o.includes("facebook"),l=o.includes("google-oauth2"),u=o.includes("apple"),p=o.includes("vipps"),h=c||l||u||p;return y(Nt,{title:U.t("welcome"),vendorSettings:e,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("welcome")}),y("div",{className:"mb-8 text-gray-300",children:U.t("login_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"mb-7",children:[y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:r||""}),s&&y("input",{type:"email",name:"act_as",placeholder:"Impersonate as",className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),required:!0,value:""}),t&&y(wr,{children:t}),y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("continue")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})]}),h&&y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("continue_social_login")})]}),y("div",{className:"flex space-x-4 sm:flex-col sm:space-x-0 sm:space-y-4 short:flex-row short:space-x-4 short:space-y-0",children:[c&&y(Ti,{connection:"facebook",text:U.t("continue_with",{provider:"Facebook"}),canResize:!0,icon:y(gt,{className:"text-xl text-[#1196F5] sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"facebook"}),session:n}),l&&y(Ti,{connection:"google-oauth2",text:U.t("continue_with",{provider:"Google"}),canResize:!0,icon:y(u1,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),session:n}),u&&y(Ti,{connection:"apple",text:U.t("continue_with",{provider:"Apple"}),canResize:!0,icon:y(gt,{className:"text-xl text-black dark:text-white sm:absolute sm:left-4 sm:top-1/2 sm:-translate-y-1/2 sm:text-2xl short:static short:left-auto short:top-auto short:translate-y-0 short:text-xl",name:"apple"}),session:n}),p&&y(Ti,{connection:"vipps",text:U.t("continue_with",{provider:"Vipps"}),canResize:!0,icon:y(d1,{className:"h-5 w-5 sm:absolute sm:left-4 sm:top-1/2 sm:h-6 sm:w-6 sm:-translate-y-1/2 short:static short:left-auto short:top-auto short:h-5 short:w-5 short:translate-y-0"}),session:n})]})]})]})},p1=["Auth0.swift"];function f1(t){if(!t)return"code";const e=atob(t),n=JSON.parse(e);return p1.includes(n.name)?"code":"link"}const h1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),impersonation:a.z.string().optional()})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,impersonation:n}=t.req.valid("query"),{vendorSettings:r,session:i,client:s}=await Fe(t,e);return t.html(y(Mp,{vendorSettings:r,session:i,client:s,email:i.authParams.username,impersonation:n==="true"}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({username:a.z.string().transform(t=>t.toLowerCase()),act_as:a.z.string().transform(t=>t.toLowerCase()).optional(),login_selection:a.z.enum(["code","password"]).optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),r=t.req.valid("form");t.set("body",r),t.set("username",r.username);const{client:i,session:s,vendorSettings:o}=await Fe(t,n);t.set("client_id",i.id);const c=r.username,l=await to({userAdapter:e.data.users,tenant_id:i.tenant.id,email:c});if(l&&t.set("user_id",l.user_id),!l)try{await sy(t,i,t.env.data,r.username)}catch{const v=be(t,{type:me.FAILED_SIGNUP,description:"Public signup is disabled"});return await t.env.data.logs.create(i.tenant.id,v),t.html(y(Mp,{vendorSettings:o,session:s,error:U.t("user_account_does_not_exist"),email:r.username,client:i}),400)}if(s.authParams.username=r.username,s.authParams.act_as=r.act_as,await e.data.logins.update(i.tenant.id,s.login_id,s),await Qb(t,i,r.username,r.login_selection))return t.redirect(`/u/enter-password?state=${n}`);let u=sr(),p=await e.data.codes.get(i.tenant.id,u,"otp");for(;p;)u=sr(),p=await e.data.codes.get(i.tenant.id,u,"otp");const h=await t.env.data.codes.create(i.tenant.id,{code_id:u,code_type:"otp",login_id:s.login_id,expires_at:new Date(Date.now()+za).toISOString()});return f1(s.auth0Client)==="link"&&!r.username.includes("online.no")?Qe(t,iu(t,r.username,h.code_id,s.authParams)):Qe(t,Dg(t,r.username,h.code_id)),t.redirect(`/u/enter-code?state=${n}`)}),tn=t=>y("a",{className:"block text-primary hover:text-primaryHover text-center",href:`/u/enter-email?state=${t.state}`,children:U.t("go_back")});var ni="_hp",g1={Change:"Input",DoubleClick:"DblClick"},m1={svg:"2000/svg",math:"1998/Math/MathML"},ri=[],Yc=new WeakMap,ar=void 0,_1=()=>ar,jt=t=>"t"in t,_a={onClick:["click",!1]},qp=t=>{if(!t.startsWith("on"))return;if(_a[t])return _a[t];const e=t.match(/^on([A-Z][a-zA-Z]+?(?:PointerCapture)?)(Capture)?$/);if(e){const[,n,r]=e;return _a[t]=[(g1[n]||n).toLowerCase(),!!r]}},Dp=(t,e)=>ar&&t instanceof SVGElement&&/[A-Z]/.test(e)&&(e in t.style||e.match(/^(?:o|pai|str|u|ve)/))?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,y1=(t,e,n)=>{var r;e||(e={});for(let i in e){const s=e[i];if(i!=="children"&&(!n||n[i]!==s)){i=Ks(i);const o=qp(i);if(o){if((n==null?void 0:n[i])!==s&&(n&&t.removeEventListener(o[0],n[i],o[1]),s!=null)){if(typeof s!="function")throw new Error(`Event handler for "${i}" is not a function`);t.addEventListener(o[0],s,o[1])}}else if(i==="dangerouslySetInnerHTML"&&s)t.innerHTML=s.__html;else if(i==="ref"){let c;typeof s=="function"?c=s(t)||(()=>s(null)):s&&"current"in s&&(s.current=t,c=()=>s.current=null),Yc.set(t,c)}else if(i==="style"){const c=t.style;typeof s=="string"?c.cssText=s:(c.cssText="",s!=null&&Yg(s,c.setProperty.bind(c)))}else{if(i==="value"){const l=t.nodeName;if(l==="INPUT"||l==="TEXTAREA"||l==="SELECT"){if(t.value=s==null||s===!1?null:s,l==="TEXTAREA"){t.textContent=s;continue}else if(l==="SELECT"){t.selectedIndex===-1&&(t.selectedIndex=0);continue}}}else(i==="checked"&&t.nodeName==="INPUT"||i==="selected"&&t.nodeName==="OPTION")&&(t[i]=s);const c=Dp(t,i);s==null||s===!1?t.removeAttribute(c):s===!0?t.setAttribute(c,""):typeof s=="string"||typeof s=="number"?t.setAttribute(c,s):t.setAttribute(c,s.toString())}}}if(n)for(let i in n){const s=n[i];if(i!=="children"&&!(i in e)){i=Ks(i);const o=qp(i);o?t.removeEventListener(o[0],s,o[1]):i==="ref"?(r=Yc.get(t))==null||r():t.removeAttribute(Dp(t,i))}}},v1=(t,e)=>{e[Se][0]=0,ri.push([t,e]);const n=e.tag[cu]||e.tag,r=n.defaultProps?{...n.defaultProps,...e.props}:e.props;try{return[n.call(null,r)]}finally{ri.pop()}},tm=(t,e,n,r,i)=>{var s,o;(s=t.vR)!=null&&s.length&&(r.push(...t.vR),delete t.vR),typeof t.tag=="function"&&((o=t[Se][1][sm])==null||o.forEach(c=>i.push(c))),t.vC.forEach(c=>{var l;if(jt(c))n.push(c);else if(typeof c.tag=="function"||c.tag===""){c.c=e;const u=n.length;if(tm(c,e,n,r,i),c.s){for(let p=u;p<n.length;p++)n[p].s=!0;c.s=!1}}else n.push(c),(l=c.vR)!=null&&l.length&&(r.push(...c.vR),delete c.vR)})},w1=t=>{for(;;t=t.tag===ni||!t.vC||!t.pP?t.nN:t.vC[0]){if(!t)return null;if(t.tag!==ni&&t.e)return t.e}},nm=t=>{var e,n,r,i,s,o;jt(t)||((n=(e=t[Se])==null?void 0:e[1][sm])==null||n.forEach(c=>{var l;return(l=c[2])==null?void 0:l.call(c)}),(r=Yc.get(t.e))==null||r(),t.p===2&&((i=t.vC)==null||i.forEach(c=>c.p=2)),(s=t.vC)==null||s.forEach(nm)),t.p||((o=t.e)==null||o.remove(),delete t.e),typeof t.tag=="function"&&(Cr.delete(t),Gi.delete(t),delete t[Se][3],t.a=!0)},rm=(t,e,n)=>{t.c=e,im(t,e,n)},Hp=(t,e)=>{if(e){for(let n=0,r=t.length;n<r;n++)if(t[n]===e)return n}},Fp=Symbol(),im=(t,e,n)=>{var u;const r=[],i=[],s=[];tm(t,e,r,i,s),i.forEach(nm);const o=n?void 0:e.childNodes;let c,l=null;if(n)c=-1;else if(!o.length)c=0;else{const p=Hp(o,w1(t.nN));p!==void 0?(l=o[p],c=p):c=Hp(o,(u=r.find(h=>h.tag!==ni&&h.e))==null?void 0:u.e)??-1,c===-1&&(n=!0)}for(let p=0,h=r.length;p<h;p++,c++){const m=r[p];let v;if(m.s&&m.e)v=m.e,m.s=!1;else{const f=n||!m.e;jt(m)?(m.e&&m.d&&(m.e.textContent=m.t),m.d=!1,v=m.e||(m.e=document.createTextNode(m.t))):(v=m.e||(m.e=m.n?document.createElementNS(m.n,m.tag):document.createElement(m.tag)),y1(v,m.props,m.pP),im(m,v,f))}m.tag===ni?c--:n?v.parentNode||e.appendChild(v):o[c]!==v&&o[c-1]!==v&&(o[c+1]===v?e.appendChild(o[c]):e.insertBefore(v,l||o[c]||null))}if(t.pP&&delete t.pP,s.length){const p=[],h=[];s.forEach(([,m,,v,f])=>{m&&p.push(m),v&&h.push(v),f==null||f()}),p.forEach(m=>m()),h.length&&requestAnimationFrame(()=>{h.forEach(m=>m())})}},Gi=new WeakMap,Xc=(t,e,n)=>{var s,o,c,l,u,p;const r=!n&&e.pC;n&&(e.pC||(e.pC=e.vC));let i;try{n||(n=typeof e.tag=="function"?v1(t,e):Si(e.props.children)),((s=n[0])==null?void 0:s.tag)===""&&n[0][Jc]&&(i=n[0][Jc],t[5].push([t,i,e]));const h=r?[...e.pC]:e.vC?[...e.vC]:void 0,m=[];let v;for(let f=0;f<n.length;f++){Array.isArray(n[f])&&n.splice(f,1,...n[f].flat());let _=b1(n[f]);if(_){typeof _.tag=="function"&&!_.tag[Kg]&&(or.length>0&&(_[Se][2]=or.map(S=>[S,S.values.at(-1)])),(o=t[5])!=null&&o.length&&(_[Se][3]=t[5].at(-1)));let w;if(h&&h.length){const S=h.findIndex(jt(_)?C=>jt(C):_.key!==void 0?C=>C.key===_.key&&C.tag===_.tag:C=>C.tag===_.tag);S!==-1&&(w=h[S],h.splice(S,1))}if(w)if(jt(_))w.t!==_.t&&(w.t=_.t,w.d=!0),_=w;else{const S=w.pP=w.props;w.props=_.props,w.f||(w.f=_.f||e.f),typeof _.tag=="function"&&(w[Se][2]=_[Se][2]||[],w[Se][3]=_[Se][3],!w.f&&((w.o||w)===_.o||(l=(c=w.tag)[Rb])!=null&&l.call(c,S,w.props))&&(w.s=!0)),_=w}else if(!jt(_)&&ar){const S=vr(ar);S&&(_.n=S)}if(!jt(_)&&!_.s&&(Xc(t,_),delete _.f),m.push(_),v&&!v.s&&!_.s)for(let S=v;S&&!jt(S);S=(u=S.vC)==null?void 0:u.at(-1))S.nN=_;v=_}}e.vR=r?[...e.vC,...h||[]]:h||[],e.vC=m,r&&delete e.pC}catch(h){if(e.f=!0,h===Fp){if(i)return;throw h}const[m,v,f]=((p=e[Se])==null?void 0:p[3])||[];if(v){const _=()=>Ji([0,!1,t[2]],f),w=Gi.get(f)||[];w.push(_),Gi.set(f,w);const S=v(h,()=>{const C=Gi.get(f);if(C){const B=C.indexOf(_);if(B!==-1)return C.splice(B,1),_()}});if(S){if(t[0]===1)t[1]=!0;else if(Xc(t,f,[S]),(v.length===1||t!==m)&&f.c){rm(f,f.c,!1);return}throw Fp}}throw h}finally{i&&t[5].pop()}},b1=t=>{if(!(t==null||typeof t=="boolean")){if(typeof t=="string"||typeof t=="number")return{t:t.toString(),d:!0};if("vR"in t&&(t={tag:t.tag,props:t.props,key:t.key,f:t.f,type:t.tag,ref:t.props.ref,o:t.o||t}),typeof t.tag=="function")t[Se]=[0,[]];else{const e=m1[t.tag];e&&(ar||(ar=Gg("")),t.props.children=[{tag:ar,props:{value:t.n=`http://www.w3.org/${e}`,children:t.props.children}}])}return t}},Kp=(t,e)=>{var n,r;(n=e[Se][2])==null||n.forEach(([i,s])=>{i.values.push(s)});try{Xc(t,e,void 0)}catch{return}if(e.a){delete e.a;return}(r=e[Se][2])==null||r.forEach(([i])=>{i.values.pop()}),(t[0]!==1||!t[1])&&rm(e,e.c,!1)},Cr=new WeakMap,Wp=[],Ji=async(t,e)=>{t[5]||(t[5]=[]);const n=Cr.get(e);n&&n[0](void 0);let r;const i=new Promise(s=>r=s);if(Cr.set(e,[r,()=>{t[2]?t[2](t,e,s=>{Kp(s,e)}).then(()=>r(e)):(Kp(t,e),r(e))}]),Wp.length)Wp.at(-1).add(e);else{await Promise.resolve();const s=Cr.get(e);s&&(Cr.delete(e),s[1]())}return i},k1=(t,e,n)=>({tag:ni,props:{children:t},key:n,e,p:1}),ya=0,sm=1,va=2,wa=3,ba=new WeakMap,om=(t,e)=>!t||!e||t.length!==e.length||e.some((n,r)=>n!==t[r]),x1=void 0,Gp=[],S1=t=>{var o;const e=()=>typeof t=="function"?t():t,n=ri.at(-1);if(!n)return[e(),()=>{}];const[,r]=n,i=(o=r[Se][1])[ya]||(o[ya]=[]),s=r[Se][0]++;return i[s]||(i[s]=[e(),c=>{const l=x1,u=i[s];if(typeof c=="function"&&(c=c(u[0])),!Object.is(c,u[0]))if(u[0]=c,Gp.length){const[p,h]=Gp.at(-1);Promise.all([p===3?r:Ji([p,!1,l],r),h]).then(([m])=>{if(!m||!(p===2||p===3))return;const v=m.vC;requestAnimationFrame(()=>{setTimeout(()=>{v===m.vC&&Ji([p===3?1:0,!1,l],m)})})})}else Ji([0,!1,l],r)}])},pu=(t,e)=>{var c;const n=ri.at(-1);if(!n)return t;const[,r]=n,i=(c=r[Se][1])[va]||(c[va]=[]),s=r[Se][0]++,o=i[s];return om(o==null?void 0:o[1],e)?i[s]=[t,e]:t=i[s][0],t},A1=t=>{const e=ba.get(t);if(e){if(e.length===2)throw e[1];return e[0]}throw t.then(n=>ba.set(t,[n]),n=>ba.set(t,[void 0,n])),t},E1=(t,e)=>{var c;const n=ri.at(-1);if(!n)return t();const[,r]=n,i=(c=r[Se][1])[wa]||(c[wa]=[]),s=r[Se][0]++,o=i[s];return om(o==null?void 0:o[1],e)&&(i[s]=[t(),e]),i[s][0]},I1=Gg({pending:!1,data:null,method:null,action:null}),Jp=new Set,z1=t=>{Jp.add(t),t.finally(()=>Jp.delete(t))},fu=(t,e)=>E1(()=>n=>{let r;t&&(typeof t=="function"?r=t(n)||(()=>{t(null)}):t&&"current"in t&&(t.current=n,r=()=>{t.current=null}));const i=e(n);return()=>{i==null||i(),r==null||r()}},[t]),Vn=Object.create(null),Pi=Object.create(null),Ii=(t,e,n,r,i)=>{if(e!=null&&e.itemProp)return{tag:t,props:e,type:t,ref:e.ref};const s=document.head;let{onLoad:o,onError:c,precedence:l,blocking:u,...p}=e,h=null,m=!1;const v=Fi[t];let f;if(v.length>0){const C=s.querySelectorAll(t);e:for(const B of C)for(const R of Fi[t])if(B.getAttribute(R)===e[R]){h=B;break e}if(!h){const B=v.reduce((R,te)=>e[te]===void 0?R:`${R}-${te}-${e[te]}`,t);m=!Pi[B],h=Pi[B]||(Pi[B]=(()=>{const R=document.createElement(t);for(const te of v)e[te]!==void 0&&R.setAttribute(te,e[te]),e.rel&&R.setAttribute("rel",e.rel);return R})())}}else f=s.querySelectorAll(t);l=r?l??"":void 0,r&&(p[Ki]=l);const _=pu(C=>{if(v.length>0){let B=!1;for(const R of s.querySelectorAll(t)){if(B&&R.getAttribute(Ki)!==l){s.insertBefore(C,R);return}R.getAttribute(Ki)===l&&(B=!0)}s.appendChild(C)}else if(f){let B=!1;for(const R of f)if(R===C){B=!0;break}B||s.insertBefore(C,s.contains(f[0])?f[0]:s.querySelector(t)),f=void 0}},[l]),w=fu(e.ref,C=>{var te;const B=v[0];if(n===2&&(C.innerHTML=""),(m||f)&&_(C),!c&&!o)return;let R=Vn[te=C.getAttribute(B)]||(Vn[te]=new Promise((fe,le)=>{C.addEventListener("load",fe),C.addEventListener("error",le)}));o&&(R=R.then(o)),c&&(R=R.catch(c)),R.catch(()=>{})});if(i&&u==="render"){const C=Fi[t][0];if(e[C]){const B=e[C],R=Vn[B]||(Vn[B]=new Promise((te,fe)=>{_(h),h.addEventListener("load",te),h.addEventListener("error",fe)}));A1(R)}}const S={tag:t,type:t,props:{...p,ref:w},ref:w};return S.p=n,h&&(S.e=h),k1(S,s)},C1=t=>{const e=_1(),n=e&&vr(e);return n!=null&&n.endsWith("svg")?{tag:"title",props:t,type:"title",ref:t.ref}:Ii("title",t,void 0,!1,!1)},N1=t=>!t||["src","async"].some(e=>!t[e])?{tag:"script",props:t,type:"script",ref:t.ref}:Ii("script",t,1,!1,!0),j1=t=>!t||!["href","precedence"].every(e=>e in t)?{tag:"style",props:t,type:"style",ref:t.ref}:(t["data-href"]=t.href,delete t.href,Ii("style",t,2,!0,!0)),$1=t=>!t||["onLoad","onError"].some(e=>e in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?{tag:"link",props:t,type:"link",ref:t.ref}:Ii("link",t,1,"precedence"in t,!0),O1=t=>Ii("meta",t,void 0,!1,!1),am=Symbol(),B1=t=>{const{action:e,...n}=t;typeof e!="function"&&(n.action=e);const[r,i]=S1([null,!1]),s=pu(async u=>{const p=u.isTrusted?e:u.detail[am];if(typeof p!="function")return;u.preventDefault();const h=new FormData(u.target);i([h,!0]);const m=p(h);m instanceof Promise&&(z1(m),await m),i([null,!0])},[]),o=fu(t.ref,u=>(u.addEventListener("submit",s),()=>{u.removeEventListener("submit",s)})),[c,l]=r;return r[1]=!1,{tag:I1,props:{value:{pending:c!==null,data:c,method:c?"post":null,action:c?e:null},children:{tag:"form",props:{...n,ref:o},type:"form",ref:o}},f:l}},cm=(t,{formAction:e,...n})=>{if(typeof e=="function"){const r=pu(i=>{i.preventDefault(),i.currentTarget.form.dispatchEvent(new CustomEvent("submit",{detail:{[am]:e}}))},[]);n.ref=fu(n.ref,i=>(i.addEventListener("click",r),()=>{i.removeEventListener("click",r)}))}return{tag:t,props:n,type:t,ref:n.ref}},T1=t=>cm("input",t),P1=t=>cm("button",t);Object.assign(Zc,{title:C1,script:N1,style:j1,link:$1,meta:O1,form:B1,input:T1,button:P1});new TextEncoder;const lm=t=>{const{i18nKey:e,values:n,components:r}=t,i=U.t(e,n),s=/<(\d+)>(.*?)<\/\d+>/g,o=[];let c=0,l;for(;(l=s.exec(i))!==null;){const[,u,p]=l,h=i.substring(c,l.index);h&&o.push(h);const m=parseInt(u,10);o.push(Xb(r[m],{},p)),c=s.lastIndex}return c<i.length&&o.push(i.substring(c)),y(du,{children:o})},Zp=6,Yp=({error:t,vendorSettings:e,email:n,state:r,client:i,hasPasswordLogin:s})=>{const o=new URLSearchParams({state:r}),l=i.connections.map(({name:u})=>u).includes("auth2");return y(Nt,{title:U.t("verify_your_email"),vendorSettings:e,children:[y("div",{className:"mb-4 text-2xl font-medium",children:U.t("verify_your_email")}),y("div",{className:"mb-8 text-gray-300",children:y(lm,{i18nKey:"we_sent_a_code_to",components:[y("span",{className:"text-black dark:text-white"},"span")],values:{email:n}})}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"pt-2",children:[y("input",{autoFocus:!0,type:"text",pattern:"[0-9]*",maxLength:Zp,inputMode:"numeric",name:"code",placeholder:"******",className:Et("mb-2 w-full rounded-lg border bg-gray-100 px-4 pb-2 pt-2.5 text-center indent-[5px] font-mono text-3xl placeholder:text-gray-300 dark:bg-gray-600 md:text-3xl",{"border-red":t,"border-gray-100 dark:border-gray-500":!t}),minLength:Zp,required:!0,id:"code-input"}),t&&y(wr,{children:t}),y("div",{className:"text-center sm:mt-2",children:y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("login")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]}),l&&y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("or")})]}),y(ti,{Component:"a",href:`/u/${s?"enter-password":"pre-signup"}?${o.toString()}`,variant:"secondary",className:"block",children:U.t("enter_your_password_btn")})]})]}),y(tn,{state:r})]})]})},R1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r,client:i}=await Fe(t,e);if(!r.authParams.username)throw new N(400,{message:"Username not found in state"});const s=await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:r.authParams.username,provider:"auth2"});return t.html(y(Yp,{vendorSettings:n,email:r.authParams.username,state:e,client:i,hasPasswordLogin:!!s}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({code:a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{code:n}=t.req.valid("form"),{session:r,client:i,vendorSettings:s}=await Fe(t,e);if(t.set("client_id",i.id),!r.authParams.username)throw new N(400,{message:"Username not found in state"});try{return await ou(t,i,r.authParams,r.authParams.username,n)}catch(o){const c=o,l=await cs({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:r.authParams.username,provider:"auth2"});return t.html(y(Yp,{vendorSettings:s,email:r.authParams.username,state:e,client:i,error:c.message,hasPasswordLogin:!!l}),400)}}),L1=t=>{const{vendorSettings:e,state:n}=t;return y(Nt,{title:U.t("unverified_email"),vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("p",{className:"mb-8 text-gray-300 text-lg",children:U.t("unverified_email")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]}),y(tn,{state:n})]}),y(tn,{state:n})]})},ka=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t,s=new URLSearchParams({state:i});return y(Nt,{title:U.t("enter_password"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("enter_password")}),y("div",{className:"mb-6 text-gray-300",children:U.t("enter_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"mb-7",children:[y("input",{type:"text",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r}),y("input",{type:"password",name:"password",placeholder:U.t("password")||"",className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0}),e&&y(wr,{children:e}),y(Tn,{className:"text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center space-x-2",children:[y("span",{children:U.t("login")}),y(gt,{className:"text-xs",name:"arrow-right"})]})})]}),y("a",{href:`/u/forgot-password?${s.toString()}`,className:"text-primary hover:underline mb-4",children:U.t("forgot_password_link")}),y("div",{className:"text-center mb-12",children:[y("div",{className:"relative mb-5 block text-center text-gray-300 dark:text-gray-300",children:[y("div",{className:"absolute left-0 right-0 top-1/2 border-b border-gray-200 dark:border-gray-600"}),y("div",{className:"relative inline-block bg-white px-2 dark:bg-gray-800",children:U.t("or")})]}),y("form",{method:"post",action:`/u/enter-email?${s.toString()}`,children:[y("input",{type:"hidden",name:"login_selection",value:"code"}),y("input",{type:"hidden",name:"username",value:r}),y(ti,{variant:"secondary",className:"block",children:U.t("enter_a_code_btn")})]})]}),y(tn,{state:i})]})]})},U1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,session:i}=await Fe(t,e);if(!i.authParams.username)throw new N(400,{message:"Username required"});return t.html(y(ka,{vendorSettings:n,email:i.authParams.username,state:e,client:r}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{password:r}=n,{vendorSettings:i,client:s,session:o}=await Fe(t,e),{username:c}=o.authParams;if(!c)throw new N(400,{message:"Username required"});try{return await au(t,s,{...o.authParams,password:r},o)}catch(l){const u=l;return u.code==="INVALID_PASSWORD"||u.code==="USER_NOT_FOUND"?t.html(y(ka,{vendorSettings:i,email:c,error:U.t("invalid_password"),state:e,client:s}),400):u.code==="EMAIL_NOT_VERIFIED"?t.html(y(L1,{vendorSettings:i,state:e}),400):t.html(y(ka,{vendorSettings:i,email:c,error:u.message,state:e,client:s}),400)}}),Ir=t=>{const{state:e,error:n,vendorSettings:r,email:i,code:s}=t;return y(Nt,{title:U.t("create_account_title"),vendorSettings:r,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("create_account_title")}),y("div",{className:"mb-6 text-gray-300",children:U.t("create_account_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{children:[y("input",{type:"hidden",name:"code",value:s}),y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",required:!0,value:i,disabled:!!i}),y("input",{type:"password",name:"password",placeholder:U.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:U.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),n&&y(wr,{children:n}),y(Tn,{className:"text-base sm:mt-2 md:text-base",children:U.t("continue")})]}),y(tn,{state:e})]})]})},um=t=>{const{message:e,vendorSettings:n,pageTitle:r,state:i}=t;return y(Nt,{title:"Login",vendorSettings:n,children:[r?y("div",{className:"mb-6 text-gray-300",children:r}):"",y("div",{className:"flex flex-1 flex-col justify-center",children:e}),i?y(tn,{state:i}):""]})},V1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().optional().openapi({description:"The code parameter from an email verification link"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{vendorSettings:r,session:i}=await Fe(t,e),{username:s}=i.authParams;if(!s)throw new N(400,{message:"Username required"});return n?t.html(y(Ir,{state:e,vendorSettings:r,email:s,code:n})):t.html(y(Ir,{state:e,vendorSettings:r,email:s}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string(),"re-enter-password":a.z.string(),code:a.z.string().optional()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),n=t.req.valid("form"),{env:r}=t,{vendorSettings:i,client:s,session:o}=await Fe(t,e),c="Username-Password-Authentication";t.set("client_id",s.id),t.set("connection",c);const l=o.authParams.username;if(!l)throw new N(400,{message:"Username required"});if(n.password!==n["re-enter-password"])return t.html(y(Ir,{state:e,code:n.code,vendorSettings:i,error:U.t("create_account_passwords_didnt_match"),email:o.authParams.username}),400);if(!ru(n.password))return t.html(y(Ir,{state:e,code:n.code,vendorSettings:i,error:U.t("create_account_weak_password"),email:o.authParams.username}),400);const u=n.code?await r.data.codes.get(s.tenant.id,n.code,"email_verification"):void 0,p=u?await r.data.logins.get(s.tenant.id,u.login_id):void 0;try{if(await si({userAdapter:t.env.data.users,tenant_id:s.tenant.id,email:l,provider:"auth2"}))throw new N(400,{message:"Invalid sign up"});const m=(p==null?void 0:p.authParams.username)===l,v=await Rf(t).users.create(s.tenant.id,{user_id:`auth2|${Ys()}`,email:l,email_verified:m,provider:"auth2",connection:c,is_social:!1});return await r.data.passwords.create(s.tenant.id,{user_id:v.user_id,password:await ii.hash(n.password,10),algorithm:"bcrypt"}),m?await au(t,s,{...o.authParams,password:n.password},o):(await su(t,v),t.html(y(um,{message:U.t("validate_email_body"),pageTitle:U.t("validate_email_title"),vendorSettings:i,state:e})))}catch(h){const m=await Qg(r,s.id,o.authParams.vendor_id),v=h;return t.html(y(Ir,{state:e,vendorSettings:m,error:v.message,email:l}),400)}}),zr=t=>{const{error:e,vendorSettings:n,email:r}=t;return y(Nt,{title:U.t("reset_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("reset_password_title")}),y("div",{className:"mb-6 text-gray-300",children:`${U.t("reset_password_description")} ${r}`}),y("div",{className:"flex flex-1 flex-col justify-center",children:y(Pn,{children:[y("input",{type:"password",name:"password",placeholder:U.t("enter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),y("input",{type:"password",name:"re-enter-password",placeholder:U.t("reenter_new_password_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base"}),e&&y(wr,{children:e}),y(Tn,{className:"text-base sm:mt-2 md:text-base",children:U.t("reset_password_cta")})]})})]})},M1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().openapi({description:"The code parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r}=await Fe(t,e);if(!r.authParams.username)throw new N(400,{message:"Username required"});return t.html(y(zr,{vendorSettings:n,email:r.authParams.username}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"}),code:a.z.string().openapi({description:"The code parameter from the authorization request"})}),body:{content:{"application/x-www-form-urlencoded":{schema:a.z.object({password:a.z.string(),"re-enter-password":a.z.string()})}}}},responses:{200:{description:"Response"}}}),async t=>{const{state:e,code:n}=t.req.valid("query"),{password:r,"re-enter-password":i}=t.req.valid("form"),{env:s}=t,{vendorSettings:o,client:c,session:l}=await Fe(t,e);if(!l.authParams.username)throw new N(400,{message:"Username required"});if(r!==i)return t.html(y(zr,{error:U.t("create_account_passwords_didnt_match"),vendorSettings:o,email:l.authParams.username}),400);if(!ru(r))return t.html(y(zr,{error:U.t("create_account_weak_password"),vendorSettings:o,email:l.authParams.username}),400);const u=await si({userAdapter:s.data.users,tenant_id:c.tenant.id,email:l.authParams.username,provider:"auth2"});if(!u)throw new N(400,{message:"User not found"});try{if(!await s.data.codes.get(c.tenant.id,n,"password_reset"))return t.html(y(zr,{error:"Code not found or expired",vendorSettings:o,email:l.authParams.username}),400);const h={user_id:u.user_id,password:await ii.hash(r,10),algorithm:"bcrypt"};await s.data.passwords.get(c.tenant.id,u.user_id)?await s.data.passwords.update(c.tenant.id,h):await s.data.passwords.create(c.tenant.id,h),u.email_verified||await s.data.users.update(c.tenant.id,u.user_id,{email_verified:!0})}catch{return t.html(y(zr,{error:"The password could not be reset",vendorSettings:o,email:l.authParams.username}),400)}return t.html(y(um,{message:U.t("password_has_been_reset"),vendorSettings:o,state:e}))}),q1=t=>{const{error:e,vendorSettings:n,email:r,state:i}=t;return y(Nt,{title:U.t("forgot_password_title"),vendorSettings:n,children:[y("div",{className:"mb-4 text-lg font-medium sm:text-2xl",children:U.t("forgot_password_title")}),y("div",{className:"mb-6 text-gray-300",children:U.t("forgot_password_description")}),y("div",{className:"flex flex-1 flex-col justify-center",children:[y(Pn,{className:"pt-2",children:[y("input",{type:"email",name:"username",placeholder:U.t("email_placeholder"),className:"mb-2 w-full rounded-lg bg-gray-100 px-4 py-5 text-base placeholder:text-gray-300 dark:bg-gray-600 md:text-base",value:r,disabled:!!r}),e&&y(wr,{children:e}),y(Tn,{className:"sm:mt-4",children:U.t("forgot_password_cta")})]}),y(tn,{state:i})]})]})},D1=t=>{const{vendorSettings:e,state:n}=t;return y(Nt,{title:"Login",vendorSettings:e,children:[y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{children:U.t("forgot_password_email_sent")}),y("div",{className:"my-4 flex space-x-2 text-sm text-[#B2B2B2]",children:[y(gt,{className:"text-base",name:"info-bubble"}),y("div",{className:"text-sm text-gray-300 md:text-sm",children:U.t("sent_code_spam")})]})]}),y(tn,{state:n})]})},H1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,session:r}=await Fe(t,e);return t.html(y(q1,{vendorSettings:n,state:e,email:r.authParams.username}))}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{state:e}=t.req.valid("query"),{vendorSettings:n,client:r,session:i}=await Fe(t,e);return await Ab(t,r,i.authParams.username,i.login_id),t.html(y(D1,{vendorSettings:n,state:e}))}),F1=({vendorSettings:t,state:e,user:n})=>y(Nt,{title:de("check_email_title"),vendorSettings:t,children:y("div",{className:"flex flex-1 flex-col justify-center",children:[y("div",{className:"mb-8 text-gray-700 dark:text-gray-300",children:[y(lm,{i18nKey:"currently_logged_in_as",components:[y("span",{className:"font-semibold text-gray-900 dark:text-white"},"span")],values:{email:n.email}}),y("br",{}),de("continue_with_sso_provider_headline")]}),y("div",{className:"space-y-6",children:[y(Pn,{children:y(Tn,{className:"w-full text-base sm:mt-4 md:text-base",children:y("div",{className:"flex items-center justify-center space-x-2",children:y("span",{children:U.t("yes_continue_with_existing_account")})})})}),y("a",{className:"block text-center text-primary hover:text-primaryHover focus:outline-none focus:ring-2 focus:ring-primary focus:ring-offset-2 dark:focus:ring-offset-gray-900",href:`/u/enter-email?state=${encodeURIComponent(e)}`,children:U.t("no_use_another")})]})]})}),K1=new a.OpenAPIHono().openapi(a.createRoute({tags:["login"],method:"get",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{200:{description:"Response"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{vendorSettings:r,client:i}=await Fe(t,n),s=as(i.tenant.id,t.req.header("cookie")),o=s?await e.data.sessions.get(i.tenant.id,s):null;if(!o)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,o.user_id);return c?t.html(y(F1,{vendorSettings:r,state:n,user:c})):t.redirect(`/u/enter-email?state=${n}`)}).openapi(a.createRoute({tags:["login"],method:"post",path:"/",request:{query:a.z.object({state:a.z.string().openapi({description:"The state parameter from the authorization request"})})},responses:{302:{description:"Redirect"}}}),async t=>{const{env:e}=t,{state:n}=t.req.valid("query"),{session:r,client:i}=await Fe(t,n),s=as(i.tenant.id,t.req.header("cookie")),o=s?await e.data.sessions.get(i.tenant.id,s):null;if(!o)return t.redirect(`/u/enter-email?state=${n}`);const c=await e.data.users.get(i.tenant.id,o.user_id);return c?sn(t,{user:c,authParams:r.authParams,client:i,loginSession:r}):t.redirect(`/u/enter-email?state=${n}`)});function W1(){const e=new a.OpenAPIHono().route("/check-account",K1).route("/enter-email",h1).route("/enter-code",R1).route("/enter-password",U1).route("/reset-password",M1).route("/forgot-password",H1).route("/signup",V1);return e.doc("/u/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Universal login"}}),e}const G1="Account detected",J1="We have detected that you have already created an account through",Z1="By signing in, you agree to our",Y1="and",X1="Callback URL mismatch",Q1="The provided redirect_uri is not in the list of allowed callback URLs.",ek="continue with user",tk="Please click the button to create a new password account.",nk="Enter the code at {{vendorName}} to complete the login",rk="Welcome to {{vendorName}}! {{code}} is the login code",ik="Welcome to {{vendorName}}! {{code}} is the login code",sk="The code is valid for 30 minutes",ok="Confirm password",ak="Need Help?",ck="Contact us",lk="or continue with social account",uk="Continue with {{provider}}",dk="Would you like to continue with your existing account?",pk="Copyright © 2023 SESAMY. All rights reserved.",fk="©2023 Sesamy",hk="Choose a password with a mix of uppercase and lowercase letters, numbers, and symbols.",gk="Please enter a valid email address.",mk="The passwords didn't match. Try again.",_k="Choose password",yk="Password must be at least 8 characters long and contain at least one lowercase letter, one uppercase letter, one number and one symbol.",vk="Create new account",wk="Sign up with password",bk="You are currently logged in as <0>{{email}}</0>",kk="Email",xk="Email address",Sk="Your email address has been validated",Ak="Now enter your password to login again",Ek="An email has been sent to <0>{{email}}</0> with a verification link. Please click the link to verify your email address and set a password.",Ik="Email verification sent",zk="Enter a code",Ck="We'll send you a verification link to ensure you own this email address.",Nk="Enter new password",jk="Enter password",$k="Enter your email address and password to login.",Ok="Enter your password",Bk="The magic link has expired. Please click on the button below to receive a new link in your inbox.",Tk="Hey! We updated our login experience. <0>Click here to learn more about it.</0>",Pk="Send password reset email",Rk="Click the button below and we’ll send instructions on how to reset your password.",Lk="Password reset email sent",Uk="Forgot password?",Vk="Forgot password?",Mk="Go back",qk="Invalid password",Dk=`The link is no longer valid.
 Please make sure to open the login link in the same browser you started the login with.

package/dist/authhero.mjs CHANGED Viewed

@@ -19006,13 +19006,12 @@ async function Ig(t, e, n) {
     to: e,
     subject: fe("code_email_subject", i),
     html: `Click here to validate your email: ${Et(t.env)}validate-email`,
-    template: "auth-link",
+    template: "auth-code",
     data: {
       code: n,
       vendorName: r.name,
       logo: r.logo || "",
       supportUrl: r.support_url || "",
-      magicLink: `${$e(t.env)}passwordless/verify_redirect?ticket=${n}`,
       buttonColor: r.primary_color || "",
       welcomeToYourAccount: fe("welcome_to_your_account", i),
       linkEmailClickToLogin: fe("link_email_click_to_login", i),
@@ -20999,7 +20998,8 @@ const t1 = (t) => {
   ] });
 }, a1 = ["Auth0.swift"];
 function c1(t) {
-  if (!t) return "link";
+  if (!t)
+    return "code";
   const e = atob(t), n = JSON.parse(e);
   return a1.includes(n.name) ? "code" : "link";
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "authhero",
-  "version": "0.79.0",
+  "version": "0.80.0",
   "files": [
     "dist"
   ],