authhero 0.96.0 → 0.98.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authhero.cjs +4 -4
- package/dist/authhero.d.ts +11 -11
- package/dist/authhero.mjs +54 -41
- package/package.json +3 -3
package/dist/authhero.cjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
"use strict";var Am=Object.defineProperty;var Em=(t,e,n)=>e in t?Am(t,e,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[e]=n;var te=(t,e,n)=>Em(t,typeof e!="symbol"?e+"":e,n);Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("@hono/zod-openapi"),ne=t=>typeof t=="string",Ar=()=>{let t,e;const n=new Promise((r,i)=>{t=r,e=i});return n.resolve=t,n.reject=e,n},zu=t=>t==null?"":""+t,Im=(t,e,n)=>{t.forEach(r=>{e[r]&&(n[r]=e[r])})},zm=/###/g,Nu=t=>t&&t.indexOf("###")>-1?t.replace(zm,"."):t,Cu=t=>!t||ne(t),Or=(t,e,n)=>{const r=ne(e)?e.split("."):e;let i=0;for(;i<r.length-1;){if(Cu(t))return{};const s=Nu(r[i]);!t[s]&&n&&(t[s]=new n),Object.prototype.hasOwnProperty.call(t,s)?t=t[s]:t={},++i}return Cu(t)?{}:{obj:t,k:Nu(r[i])}},ju=(t,e,n)=>{const{obj:r,k:i}=Or(t,e,Object);if(r!==void 0||e.length===1){r[i]=n;return}let s=e[e.length-1],a=e.slice(0,e.length-1),c=Or(t,a,Object);for(;c.obj===void 0&&a.length;)s=`${a[a.length-1]}.${s}`,a=a.slice(0,a.length-1),c=Or(t,a,Object),c!=null&&c.obj&&typeof c.obj[`${c.k}.${s}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${s}`]=n},Nm=(t,e,n,r)=>{const{obj:i,k:s}=Or(t,e,Object);i[s]=i[s]||[],i[s].push(n)},Yi=(t,e)=>{const{obj:n,k:r}=Or(t,e);if(n&&Object.prototype.hasOwnProperty.call(n,r))return n[r]},Cm=(t,e,n)=>{const r=Yi(t,n);return r!==void 0?r:Yi(e,n)},rf=(t,e,n)=>{for(const r in e)r!=="__proto__"&&r!=="constructor"&&(r in t?ne(t[r])||t[r]instanceof String||ne(e[r])||e[r]instanceof String?n&&(t[r]=e[r]):rf(t[r],e[r],n):t[r]=e[r]);return t},Un=t=>t.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var jm={"&":"&","<":"<",">":">",'"':""","'":"'","/":"/"};const $m=t=>ne(t)?t.replace(/[&<>"'\/]/g,e=>jm[e]):t;class Om{constructor(e){this.capacity=e,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(e){const n=this.regExpMap.get(e);if(n!==void 0)return n;const r=new RegExp(e);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(e,r),this.regExpQueue.push(e),r}}const Bm=[" ",",","?","!",";"],Tm=new Om(20),Pm=(t,e,n)=>{e=e||"",n=n||"";const r=Bm.filter(a=>e.indexOf(a)<0&&n.indexOf(a)<0);if(r.length===0)return!0;const i=Tm.getRegExp(`(${r.map(a=>a==="?"?"\\?":a).join("|")})`);let s=!i.test(t);if(!s){const a=t.indexOf(n);a>0&&!i.test(t.substring(0,a))&&(s=!0)}return s},Sa=function(t,e){let n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:".";if(!t)return;if(t[e])return Object.prototype.hasOwnProperty.call(t,e)?t[e]:void 0;const r=e.split(n);let i=t;for(let s=0;s<r.length;){if(!i||typeof i!="object")return;let a,c="";for(let l=s;l<r.length;++l)if(l!==s&&(c+=n),c+=r[l],a=i[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<r.length-1)continue;s+=l-s+1;break}i=a}return i},Xi=t=>t==null?void 0:t.replace("_","-"),Rm={type:"logger",log(t){this.output("log",t)},warn(t){this.output("warn",t)},error(t){this.output("error",t)},output(t,e){var n,r;(r=(n=console==null?void 0:console[t])==null?void 0:n.apply)==null||r.call(n,console,e)}};class Qi{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.init(e,n)}init(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.prefix=n.prefix||"i18next:",this.logger=e||Rm,this.options=n,this.debug=n.debug}log(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"log","",!0)}warn(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"warn","",!0)}error(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"error","")}deprecate(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"warn","WARNING DEPRECATED: ",!0)}forward(e,n,r,i){return i&&!this.debug?null:(ne(e[0])&&(e[0]=`${r}${this.prefix} ${e[0]}`),this.logger[n](e))}create(e){return new Qi(this.logger,{prefix:`${this.prefix}:${e}:`,...this.options})}clone(e){return e=e||this.options,e.prefix=e.prefix||this.prefix,new Qi(this.logger,e)}}var St=new Qi;class Gs{constructor(){this.observers={}}on(e,n){return e.split(" ").forEach(r=>{this.observers[r]||(this.observers[r]=new Map);const i=this.observers[r].get(n)||0;this.observers[r].set(n,i+1)}),this}off(e,n){if(this.observers[e]){if(!n){delete this.observers[e];return}this.observers[e].delete(n)}}emit(e){for(var n=arguments.length,r=new Array(n>1?n-1:0),i=1;i<n;i++)r[i-1]=arguments[i];this.observers[e]&&Array.from(this.observers[e].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c(...r)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c.apply(c,[e,...r])})}}class $u extends Gs{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{ns:["translation"],defaultNS:"translation"};super(),this.data=e||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(e){this.options.ns.indexOf(e)<0&&this.options.ns.push(e)}removeNamespaces(e){const n=this.options.ns.indexOf(e);n>-1&&this.options.ns.splice(n,1)}getResource(e,n,r){var u,p;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=i.keySeparator!==void 0?i.keySeparator:this.options.keySeparator,a=i.ignoreJSONStructure!==void 0?i.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;e.indexOf(".")>-1?c=e.split("."):(c=[e,n],r&&(Array.isArray(r)?c.push(...r):ne(r)&&s?c.push(...r.split(s)):c.push(r)));const l=Yi(this.data,c);return!l&&!n&&!r&&e.indexOf(".")>-1&&(e=c[0],n=c[1],r=c.slice(2).join(".")),l||!a||!ne(r)?l:Sa((p=(u=this.data)==null?void 0:u[e])==null?void 0:p[n],r,s)}addResource(e,n,r,i){let s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:{silent:!1};const a=s.keySeparator!==void 0?s.keySeparator:this.options.keySeparator;let c=[e,n];r&&(c=c.concat(a?r.split(a):r)),e.indexOf(".")>-1&&(c=e.split("."),i=n,n=c[1]),this.addNamespaces(n),ju(this.data,c,i),s.silent||this.emit("added",e,n,r,i)}addResources(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{silent:!1};for(const s in r)(ne(r[s])||Array.isArray(r[s]))&&this.addResource(e,n,s,r[s],{silent:!0});i.silent||this.emit("added",e,n,r)}addResourceBundle(e,n,r,i,s){let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{silent:!1,skipCopy:!1},c=[e,n];e.indexOf(".")>-1&&(c=e.split("."),i=r,r=n,n=c[1]),this.addNamespaces(n);let l=Yi(this.data,c)||{};a.skipCopy||(r=JSON.parse(JSON.stringify(r))),i?rf(l,r,s):l={...l,...r},ju(this.data,c,l),a.silent||this.emit("added",e,n,r)}removeResourceBundle(e,n){this.hasResourceBundle(e,n)&&delete this.data[e][n],this.removeNamespaces(n),this.emit("removed",e,n)}hasResourceBundle(e,n){return this.getResource(e,n)!==void 0}getResourceBundle(e,n){return n||(n=this.options.defaultNS),this.getResource(e,n)}getDataByLanguage(e){return this.data[e]}hasLanguageSomeTranslations(e){const n=this.getDataByLanguage(e);return!!(n&&Object.keys(n)||[]).find(i=>n[i]&&Object.keys(n[i]).length>0)}toJSON(){return this.data}}var sf={processors:{},addPostProcessor(t){this.processors[t.name]=t},handle(t,e,n,r,i){return t.forEach(s=>{var a;e=((a=this.processors[s])==null?void 0:a.process(e,n,r,i))??e}),e}};const Ou={};class es extends Gs{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};super(),Im(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],e,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=St.create("translator")}changeLanguage(e){e&&(this.language=e)}exists(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};if(e==null)return!1;const r=this.resolve(e,n);return(r==null?void 0:r.res)!==void 0}extractFromKey(e,n){let r=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;r===void 0&&(r=":");const i=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let s=n.ns||this.options.defaultNS||[];const a=r&&e.indexOf(r)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!Pm(e,r,i);if(a&&!c){const l=e.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:e,namespaces:ne(s)?[s]:s};const u=e.split(r);(r!==i||r===i&&this.options.ns.indexOf(u[0])>-1)&&(s=u.shift()),e=u.join(i)}return{key:e,namespaces:ne(s)?[s]:s}}translate(e,n,r){if(typeof n!="object"&&this.options.overloadTranslationOptionHandler&&(n=this.options.overloadTranslationOptionHandler(arguments)),typeof n=="object"&&(n={...n}),n||(n={}),e==null)return"";Array.isArray(e)||(e=[String(e)]);const i=n.returnDetails!==void 0?n.returnDetails:this.options.returnDetails,s=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator,{key:a,namespaces:c}=this.extractFromKey(e[e.length-1],n),l=c[c.length-1],u=n.lng||this.language,p=n.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if((u==null?void 0:u.toLowerCase())==="cimode"){if(p){const L=n.nsSeparator||this.options.nsSeparator;return i?{res:`${l}${L}${a}`,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(n)}:`${l}${L}${a}`}return i?{res:a,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(n)}:a}const h=this.resolve(e,n);let m=h==null?void 0:h.res;const v=(h==null?void 0:h.usedKey)||a,f=(h==null?void 0:h.exactUsedKey)||a,_=Object.prototype.toString.apply(m),w=["[object Number]","[object Function]","[object RegExp]"],S=n.joinArrays!==void 0?n.joinArrays:this.options.joinArrays,C=!this.i18nFormat||this.i18nFormat.handleAsObject,B=!ne(m)&&typeof m!="boolean"&&typeof m!="number";if(C&&m&&B&&w.indexOf(_)<0&&!(ne(S)&&Array.isArray(m))){if(!n.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const L=this.options.returnedObjectHandler?this.options.returnedObjectHandler(v,m,{...n,ns:c}):`key '${a} (${this.language})' returned an object instead of string.`;return i?(h.res=L,h.usedParams=this.getUsedParamsDetails(n),h):L}if(s){const L=Array.isArray(m),Q=L?[]:{},ce=L?f:v;for(const le in m)if(Object.prototype.hasOwnProperty.call(m,le)){const qe=`${ce}${s}${le}`;Q[le]=this.translate(qe,{...n,joinArrays:!1,ns:c}),Q[le]===qe&&(Q[le]=m[le])}m=Q}}else if(C&&ne(S)&&Array.isArray(m))m=m.join(S),m&&(m=this.extendTranslation(m,e,n,r));else{let L=!1,Q=!1;const ce=n.count!==void 0&&!ne(n.count),le=es.hasDefaultValue(n),qe=ce?this.pluralResolver.getSuffix(u,n.count,n):"",Me=n.ordinal&&ce?this.pluralResolver.getSuffix(u,n.count,{ordinal:!1}):"",Ze=ce&&!n.ordinal&&n.count===0,j=Ze&&n[`defaultValue${this.options.pluralSeparator}zero`]||n[`defaultValue${qe}`]||n[`defaultValue${Me}`]||n.defaultValue;!this.isValidLookup(m)&&le&&(L=!0,m=j),this.isValidLookup(m)||(Q=!0,m=a);const E=(n.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&Q?void 0:m,x=le&&j!==m&&this.options.updateMissing;if(Q||L||x){if(this.logger.log(x?"updateKey":"missingKey",u,l,a,x?j:m),s){const X=this.resolve(a,{...n,keySeparator:!1});X&&X.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let k=[];const $=this.languageUtils.getFallbackCodes(this.options.fallbackLng,n.lng||this.language);if(this.options.saveMissingTo==="fallback"&&$&&$[0])for(let X=0;X<$.length;X++)k.push($[X]);else this.options.saveMissingTo==="all"?k=this.languageUtils.toResolveHierarchy(n.lng||this.language):k.push(n.lng||this.language);const U=(X,G,ie)=>{var H;const de=le&&ie!==m?ie:E;this.options.missingKeyHandler?this.options.missingKeyHandler(X,l,G,de,x,n):(H=this.backendConnector)!=null&&H.saveMissing&&this.backendConnector.saveMissing(X,l,G,de,x,n),this.emit("missingKey",X,l,G,m)};this.options.saveMissing&&(this.options.saveMissingPlurals&&ce?k.forEach(X=>{const G=this.pluralResolver.getSuffixes(X,n);Ze&&n[`defaultValue${this.options.pluralSeparator}zero`]&&G.indexOf(`${this.options.pluralSeparator}zero`)<0&&G.push(`${this.options.pluralSeparator}zero`),G.forEach(ie=>{U([X],a+ie,n[`defaultValue${ie}`]||j)})}):U(k,a,j))}m=this.extendTranslation(m,e,n,h,r),Q&&m===a&&this.options.appendNamespaceToMissingKey&&(m=`${l}:${a}`),(Q||L)&&this.options.parseMissingKeyHandler&&(m=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${l}:${a}`:a,L?m:void 0))}return i?(h.res=m,h.usedParams=this.getUsedParamsDetails(n),h):m}extendTranslation(e,n,r,i,s){var u,p;var a=this;if((u=this.i18nFormat)!=null&&u.parse)e=this.i18nFormat.parse(e,{...this.options.interpolation.defaultVariables,...r},r.lng||this.language||i.usedLng,i.usedNS,i.usedKey,{resolved:i});else if(!r.skipInterpolation){r.interpolation&&this.interpolator.init({...r,interpolation:{...this.options.interpolation,...r.interpolation}});const h=ne(e)&&(((p=r==null?void 0:r.interpolation)==null?void 0:p.skipOnVariables)!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let m;if(h){const f=e.match(this.interpolator.nestingRegexp);m=f&&f.length}let v=r.replace&&!ne(r.replace)?r.replace:r;if(this.options.interpolation.defaultVariables&&(v={...this.options.interpolation.defaultVariables,...v}),e=this.interpolator.interpolate(e,v,r.lng||this.language||i.usedLng,r),h){const f=e.match(this.interpolator.nestingRegexp),_=f&&f.length;m<_&&(r.nest=!1)}!r.lng&&i&&i.res&&(r.lng=this.language||i.usedLng),r.nest!==!1&&(e=this.interpolator.nest(e,function(){for(var f=arguments.length,_=new Array(f),w=0;w<f;w++)_[w]=arguments[w];return(s==null?void 0:s[0])===_[0]&&!r.context?(a.logger.warn(`It seems you are nesting recursively key: ${_[0]} in key: ${n[0]}`),null):a.translate(..._,n)},r)),r.interpolation&&this.interpolator.reset()}const c=r.postProcess||this.options.postProcess,l=ne(c)?[c]:c;return e!=null&&(l!=null&&l.length)&&r.applyPostProcessor!==!1&&(e=sf.handle(l,e,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...i,usedParams:this.getUsedParamsDetails(r)},...r}:r,this)),e}resolve(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r,i,s,a,c;return ne(e)&&(e=[e]),e.forEach(l=>{if(this.isValidLookup(r))return;const u=this.extractFromKey(l,n),p=u.key;i=p;let h=u.namespaces;this.options.fallbackNS&&(h=h.concat(this.options.fallbackNS));const m=n.count!==void 0&&!ne(n.count),v=m&&!n.ordinal&&n.count===0,f=n.context!==void 0&&(ne(n.context)||typeof n.context=="number")&&n.context!=="",_=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);h.forEach(w=>{var S,C;this.isValidLookup(r)||(c=w,!Ou[`${_[0]}-${w}`]&&((S=this.utils)!=null&&S.hasLoadedNamespace)&&!((C=this.utils)!=null&&C.hasLoadedNamespace(c))&&(Ou[`${_[0]}-${w}`]=!0,this.logger.warn(`key "${i}" for languages "${_.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),_.forEach(B=>{var ce;if(this.isValidLookup(r))return;a=B;const L=[p];if((ce=this.i18nFormat)!=null&&ce.addLookupKeys)this.i18nFormat.addLookupKeys(L,p,B,w,n);else{let le;m&&(le=this.pluralResolver.getSuffix(B,n.count,n));const qe=`${this.options.pluralSeparator}zero`,Me=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(m&&(L.push(p+le),n.ordinal&&le.indexOf(Me)===0&&L.push(p+le.replace(Me,this.options.pluralSeparator)),v&&L.push(p+qe)),f){const Ze=`${p}${this.options.contextSeparator}${n.context}`;L.push(Ze),m&&(L.push(Ze+le),n.ordinal&&le.indexOf(Me)===0&&L.push(Ze+le.replace(Me,this.options.pluralSeparator)),v&&L.push(Ze+qe))}}let Q;for(;Q=L.pop();)this.isValidLookup(r)||(s=Q,r=this.getResource(B,w,Q,n))}))})}),{res:r,usedKey:i,exactUsedKey:s,usedLng:a,usedNS:c}}isValidLookup(e){return e!==void 0&&!(!this.options.returnNull&&e===null)&&!(!this.options.returnEmptyString&&e==="")}getResource(e,n,r){var s;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};return(s=this.i18nFormat)!=null&&s.getResource?this.i18nFormat.getResource(e,n,r,i):this.resourceStore.getResource(e,n,r,i)}getUsedParamsDetails(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],r=e.replace&&!ne(e.replace);let i=r?e.replace:e;if(r&&typeof e.count<"u"&&(i.count=e.count),this.options.interpolation.defaultVariables&&(i={...this.options.interpolation.defaultVariables,...i}),!r){i={...i};for(const s of n)delete i[s]}return i}static hasDefaultValue(e){const n="defaultValue";for(const r in e)if(Object.prototype.hasOwnProperty.call(e,r)&&n===r.substring(0,n.length)&&e[r]!==void 0)return!0;return!1}}class Bu{constructor(e){this.options=e,this.supportedLngs=this.options.supportedLngs||!1,this.logger=St.create("languageUtils")}getScriptPartFromCode(e){if(e=Xi(e),!e||e.indexOf("-")<0)return null;const n=e.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(e){if(e=Xi(e),!e||e.indexOf("-")<0)return e;const n=e.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(e){if(ne(e)&&e.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(e)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?e.toLowerCase():e)}return this.options.cleanCode||this.options.lowerCaseLng?e.toLowerCase():e}isSupportedCode(e){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(e=this.getLanguagePartFromCode(e)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(e)>-1}getBestMatchFromCodes(e){if(!e)return null;let n;return e.forEach(r=>{if(n)return;const i=this.formatLanguageCode(r);(!this.options.supportedLngs||this.isSupportedCode(i))&&(n=i)}),!n&&this.options.supportedLngs&&e.forEach(r=>{if(n)return;const i=this.getLanguagePartFromCode(r);if(this.isSupportedCode(i))return n=i;n=this.options.supportedLngs.find(s=>{if(s===i)return s;if(!(s.indexOf("-")<0&&i.indexOf("-")<0)&&(s.indexOf("-")>0&&i.indexOf("-")<0&&s.substring(0,s.indexOf("-"))===i||s.indexOf(i)===0&&i.length>1))return s})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(e,n){if(!e)return[];if(typeof e=="function"&&(e=e(n)),ne(e)&&(e=[e]),Array.isArray(e))return e;if(!n)return e.default||[];let r=e[n];return r||(r=e[this.getScriptPartFromCode(n)]),r||(r=e[this.formatLanguageCode(n)]),r||(r=e[this.getLanguagePartFromCode(n)]),r||(r=e.default),r||[]}toResolveHierarchy(e,n){const r=this.getFallbackCodes(n||this.options.fallbackLng||[],e),i=[],s=a=>{a&&(this.isSupportedCode(a)?i.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return ne(e)&&(e.indexOf("-")>-1||e.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&s(this.formatLanguageCode(e)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&s(this.getScriptPartFromCode(e)),this.options.load!=="currentOnly"&&s(this.getLanguagePartFromCode(e))):ne(e)&&s(this.formatLanguageCode(e)),r.forEach(a=>{i.indexOf(a)<0&&s(this.formatLanguageCode(a))}),i}}const Tu={zero:0,one:1,two:2,few:3,many:4,other:5},Pu={select:t=>t===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class Lm{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.languageUtils=e,this.options=n,this.logger=St.create("pluralResolver"),this.pluralRulesCache={}}addRule(e,n){this.rules[e]=n}clearCache(){this.pluralRulesCache={}}getRule(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};const r=Xi(e==="dev"?"en":e),i=n.ordinal?"ordinal":"cardinal",s=JSON.stringify({cleanedCode:r,type:i});if(s in this.pluralRulesCache)return this.pluralRulesCache[s];let a;try{a=new Intl.PluralRules(r,{type:i})}catch{if(!Intl)return this.logger.error("No Intl support, please use an Intl polyfill!"),Pu;if(!e.match(/-|_/))return Pu;const l=this.languageUtils.getLanguagePartFromCode(e);a=this.getRule(l,n)}return this.pluralRulesCache[s]=a,a}needsPlural(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r=this.getRule(e,n);return r||(r=this.getRule("dev",n)),(r==null?void 0:r.resolvedOptions().pluralCategories.length)>1}getPluralFormsOfKey(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this.getSuffixes(e,r).map(i=>`${n}${i}`)}getSuffixes(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r=this.getRule(e,n);return r||(r=this.getRule("dev",n)),r?r.resolvedOptions().pluralCategories.sort((i,s)=>Tu[i]-Tu[s]).map(i=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${i}`):[]}getSuffix(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};const i=this.getRule(e,r);return i?`${this.options.prepend}${r.ordinal?`ordinal${this.options.prepend}`:""}${i.select(n)}`:(this.logger.warn(`no plural rule found for: ${e}`),this.getSuffix("dev",n,r))}}const Ru=function(t,e,n){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:".",i=arguments.length>4&&arguments[4]!==void 0?arguments[4]:!0,s=Cm(t,e,n);return!s&&i&&ne(n)&&(s=Sa(t,n,r),s===void 0&&(s=Sa(e,n,r))),s},ta=t=>t.replace(/\$/g,"$$$$");class Um{constructor(){var n;let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=St.create("interpolator"),this.options=e,this.format=((n=e==null?void 0:e.interpolation)==null?void 0:n.format)||(r=>r),this.init(e)}init(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};e.interpolation||(e.interpolation={escapeValue:!0});const{escape:n,escapeValue:r,useRawValueToEscape:i,prefix:s,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:u,unescapeSuffix:p,unescapePrefix:h,nestingPrefix:m,nestingPrefixEscaped:v,nestingSuffix:f,nestingSuffixEscaped:_,nestingOptionsSeparator:w,maxReplaces:S,alwaysFormat:C}=e.interpolation;this.escape=n!==void 0?n:$m,this.escapeValue=r!==void 0?r:!0,this.useRawValueToEscape=i!==void 0?i:!1,this.prefix=s?Un(s):a||"{{",this.suffix=c?Un(c):l||"}}",this.formatSeparator=u||",",this.unescapePrefix=p?"":h||"-",this.unescapeSuffix=this.unescapePrefix?"":p||"",this.nestingPrefix=m?Un(m):v||Un("$t("),this.nestingSuffix=f?Un(f):_||Un(")"),this.nestingOptionsSeparator=w||",",this.maxReplaces=S||1e3,this.alwaysFormat=C!==void 0?C:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const e=(n,r)=>(n==null?void 0:n.source)===r?(n.lastIndex=0,n):new RegExp(r,"g");this.regexp=e(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=e(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=e(this.nestingRegexp,`${this.nestingPrefix}(.+?)${this.nestingSuffix}`)}interpolate(e,n,r,i){var v;let s,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},u=f=>{if(f.indexOf(this.formatSeparator)<0){const C=Ru(n,l,f,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(C,void 0,r,{...i,...n,interpolationkey:f}):C}const _=f.split(this.formatSeparator),w=_.shift().trim(),S=_.join(this.formatSeparator).trim();return this.format(Ru(n,l,w,this.options.keySeparator,this.options.ignoreJSONStructure),S,r,{...i,...n,interpolationkey:w})};this.resetRegExp();const p=(i==null?void 0:i.missingInterpolationHandler)||this.options.missingInterpolationHandler,h=((v=i==null?void 0:i.interpolation)==null?void 0:v.skipOnVariables)!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:f=>ta(f)},{regex:this.regexp,safeValue:f=>this.escapeValue?ta(this.escape(f)):ta(f)}].forEach(f=>{for(c=0;s=f.regex.exec(e);){const _=s[1].trim();if(a=u(_),a===void 0)if(typeof p=="function"){const S=p(e,s,i);a=ne(S)?S:""}else if(i&&Object.prototype.hasOwnProperty.call(i,_))a="";else if(h){a=s[0];continue}else this.logger.warn(`missed to pass in variable ${_} for interpolating ${e}`),a="";else!ne(a)&&!this.useRawValueToEscape&&(a=zu(a));const w=f.safeValue(a);if(e=e.replace(s[0],w),h?(f.regex.lastIndex+=a.length,f.regex.lastIndex-=s[0].length):f.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),e}nest(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},i,s,a;const c=(l,u)=>{const p=this.nestingOptionsSeparator;if(l.indexOf(p)<0)return l;const h=l.split(new RegExp(`${p}[ ]*{`));let m=`{${h[1]}`;l=h[0],m=this.interpolate(m,a);const v=m.match(/'/g),f=m.match(/"/g);(((v==null?void 0:v.length)??0)%2===0&&!f||f.length%2!==0)&&(m=m.replace(/'/g,'"'));try{a=JSON.parse(m),u&&(a={...u,...a})}catch(_){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,_),`${l}${p}${m}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;i=this.nestingRegexp.exec(e);){let l=[];a={...r},a=a.replace&&!ne(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;let u=!1;if(i[0].indexOf(this.formatSeparator)!==-1&&!/{.*}/.test(i[1])){const p=i[1].split(this.formatSeparator).map(h=>h.trim());i[1]=p.shift(),l=p,u=!0}if(s=n(c.call(this,i[1].trim(),a),a),s&&i[0]===e&&!ne(s))return s;ne(s)||(s=zu(s)),s||(this.logger.warn(`missed to resolve ${i[1]} for nesting ${e}`),s=""),u&&(s=l.reduce((p,h)=>this.format(p,h,r.lng,{...r,interpolationkey:i[1].trim()}),s.trim())),e=e.replace(i[0],s),this.regexp.lastIndex=0}return e}}const Vm=t=>{let e=t.toLowerCase().trim();const n={};if(t.indexOf("(")>-1){const r=t.split("(");e=r[0].toLowerCase().trim();const i=r[1].substring(0,r[1].length-1);e==="currency"&&i.indexOf(":")<0?n.currency||(n.currency=i.trim()):e==="relativetime"&&i.indexOf(":")<0?n.range||(n.range=i.trim()):i.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),u=l.join(":").trim().replace(/^'+|'+$/g,""),p=c.trim();n[p]||(n[p]=u),u==="false"&&(n[p]=!1),u==="true"&&(n[p]=!0),isNaN(u)||(n[p]=parseInt(u,10))}})}return{formatName:e,formatOptions:n}},Vn=t=>{const e={};return(n,r,i)=>{let s=i;i&&i.interpolationkey&&i.formatParams&&i.formatParams[i.interpolationkey]&&i[i.interpolationkey]&&(s={...s,[i.interpolationkey]:void 0});const a=r+JSON.stringify(s);let c=e[a];return c||(c=t(Xi(r),i),e[a]=c),c(n)}};class qm{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=St.create("formatter"),this.options=e,this.formats={number:Vn((n,r)=>{const i=new Intl.NumberFormat(n,{...r});return s=>i.format(s)}),currency:Vn((n,r)=>{const i=new Intl.NumberFormat(n,{...r,style:"currency"});return s=>i.format(s)}),datetime:Vn((n,r)=>{const i=new Intl.DateTimeFormat(n,{...r});return s=>i.format(s)}),relativetime:Vn((n,r)=>{const i=new Intl.RelativeTimeFormat(n,{...r});return s=>i.format(s,r.range||"day")}),list:Vn((n,r)=>{const i=new Intl.ListFormat(n,{...r});return s=>i.format(s)})},this.init(e)}init(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};this.formatSeparator=n.interpolation.formatSeparator||","}add(e,n){this.formats[e.toLowerCase().trim()]=n}addCached(e,n){this.formats[e.toLowerCase().trim()]=Vn(n)}format(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=n.split(this.formatSeparator);if(s.length>1&&s[0].indexOf("(")>1&&s[0].indexOf(")")<0&&s.find(c=>c.indexOf(")")>-1)){const c=s.findIndex(l=>l.indexOf(")")>-1);s[0]=[s[0],...s.splice(1,c)].join(this.formatSeparator)}return s.reduce((c,l)=>{var h;const{formatName:u,formatOptions:p}=Vm(l);if(this.formats[u]){let m=c;try{const v=((h=i==null?void 0:i.formatParams)==null?void 0:h[i.interpolationkey])||{},f=v.locale||v.lng||i.locale||i.lng||r;m=this.formats[u](c,f,{...p,...i,...v})}catch(v){this.logger.warn(v)}return m}else this.logger.warn(`there was no format function for ${u}`);return c},e)}}const Mm=(t,e)=>{t.pending[e]!==void 0&&(delete t.pending[e],t.pendingCount--)};class Dm extends Gs{constructor(e,n,r){var s,a;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};super(),this.backend=e,this.store=n,this.services=r,this.languageUtils=r.languageUtils,this.options=i,this.logger=St.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=i.maxParallelReads||10,this.readingCalls=0,this.maxRetries=i.maxRetries>=0?i.maxRetries:5,this.retryTimeout=i.retryTimeout>=1?i.retryTimeout:350,this.state={},this.queue=[],(a=(s=this.backend)==null?void 0:s.init)==null||a.call(s,r,i.backend,i)}queueLoad(e,n,r,i){const s={},a={},c={},l={};return e.forEach(u=>{let p=!0;n.forEach(h=>{const m=`${u}|${h}`;!r.reload&&this.store.hasResourceBundle(u,h)?this.state[m]=2:this.state[m]<0||(this.state[m]===1?a[m]===void 0&&(a[m]=!0):(this.state[m]=1,p=!1,a[m]===void 0&&(a[m]=!0),s[m]===void 0&&(s[m]=!0),l[h]===void 0&&(l[h]=!0)))}),p||(c[u]=!0)}),(Object.keys(s).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:i}),{toLoad:Object.keys(s),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(e,n,r){const i=e.split("|"),s=i[0],a=i[1];n&&this.emit("failedLoading",s,a,n),!n&&r&&this.store.addResourceBundle(s,a,r,void 0,void 0,{skipCopy:!0}),this.state[e]=n?-1:2,n&&r&&(this.state[e]=0);const c={};this.queue.forEach(l=>{Nm(l.loaded,[s],a),Mm(l,e),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(u=>{c[u]||(c[u]={});const p=l.loaded[u];p.length&&p.forEach(h=>{c[u][h]===void 0&&(c[u][h]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:0,s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:this.retryTimeout,a=arguments.length>5?arguments[5]:void 0;if(!e.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:e,ns:n,fcName:r,tried:i,wait:s,callback:a});return}this.readingCalls++;const c=(u,p)=>{if(this.readingCalls--,this.waitingReads.length>0){const h=this.waitingReads.shift();this.read(h.lng,h.ns,h.fcName,h.tried,h.wait,h.callback)}if(u&&p&&i<this.maxRetries){setTimeout(()=>{this.read.call(this,e,n,r,i+1,s*2,a)},s);return}a(u,p)},l=this.backend[r].bind(this.backend);if(l.length===2){try{const u=l(e,n);u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}return}return l(e,n,c)}prepareLoading(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},i=arguments.length>3?arguments[3]:void 0;if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),i&&i();ne(e)&&(e=this.languageUtils.toResolveHierarchy(e)),ne(n)&&(n=[n]);const s=this.queueLoad(e,n,r,i);if(!s.toLoad.length)return s.pending.length||i(),null;s.toLoad.forEach(a=>{this.loadOne(a)})}load(e,n,r){this.prepareLoading(e,n,{},r)}reload(e,n,r){this.prepareLoading(e,n,{reload:!0},r)}loadOne(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"";const r=e.split("|"),i=r[0],s=r[1];this.read(i,s,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${s} for language ${i} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${s} for language ${i}`,c),this.loaded(e,a,c)})}saveMissing(e,n,r,i,s){var l,u,p,h,m;let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{},c=arguments.length>6&&arguments[6]!==void 0?arguments[6]:()=>{};if((u=(l=this.services)==null?void 0:l.utils)!=null&&u.hasLoadedNamespace&&!((h=(p=this.services)==null?void 0:p.utils)!=null&&h.hasLoadedNamespace(n))){this.logger.warn(`did not save key "${r}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(r==null||r==="")){if((m=this.backend)!=null&&m.create){const v={...a,isUpdate:s},f=this.backend.create.bind(this.backend);if(f.length<6)try{let _;f.length===5?_=f(e,n,r,i,v):_=f(e,n,r,i),_&&typeof _.then=="function"?_.then(w=>c(null,w)).catch(c):c(null,_)}catch(_){c(_)}else f(e,n,r,i,c,v)}!e||!e[0]||this.store.addResource(e[0],n,r,i)}}}const Lu=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:t=>{let e={};if(typeof t[1]=="object"&&(e=t[1]),ne(t[1])&&(e.defaultValue=t[1]),ne(t[2])&&(e.tDescription=t[2]),typeof t[2]=="object"||typeof t[3]=="object"){const n=t[3]||t[2];Object.keys(n).forEach(r=>{e[r]=n[r]})}return e},interpolation:{escapeValue:!0,format:t=>t,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0}}),Uu=t=>{var e,n;return ne(t.ns)&&(t.ns=[t.ns]),ne(t.fallbackLng)&&(t.fallbackLng=[t.fallbackLng]),ne(t.fallbackNS)&&(t.fallbackNS=[t.fallbackNS]),((n=(e=t.supportedLngs)==null?void 0:e.indexOf)==null?void 0:n.call(e,"cimode"))<0&&(t.supportedLngs=t.supportedLngs.concat(["cimode"])),typeof t.initImmediate=="boolean"&&(t.initAsync=t.initImmediate),t},Ci=()=>{},Hm=t=>{Object.getOwnPropertyNames(Object.getPrototypeOf(t)).forEach(n=>{typeof t[n]=="function"&&(t[n]=t[n].bind(t))})};class qr extends Gs{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1?arguments[1]:void 0;if(super(),this.options=Uu(e),this.services={},this.logger=St,this.modules={external:[]},Hm(this),n&&!this.isInitialized&&!e.isClone){if(!this.options.initAsync)return this.init(e,n),this;setTimeout(()=>{this.init(e,n)},0)}}init(){var e=this;let n=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},r=arguments.length>1?arguments[1]:void 0;this.isInitializing=!0,typeof n=="function"&&(r=n,n={}),!n.defaultNS&&n.defaultNS!==!1&&n.ns&&(ne(n.ns)?n.defaultNS=n.ns:n.ns.indexOf("translation")<0&&(n.defaultNS=n.ns[0]));const i=Lu();this.options={...i,...this.options,...Uu(n)},this.options.interpolation={...i.interpolation,...this.options.interpolation},n.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=n.keySeparator),n.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=n.nsSeparator);const s=p=>p?typeof p=="function"?new p:p:null;if(!this.options.isClone){this.modules.logger?St.init(s(this.modules.logger),this.options):St.init(null,this.options);let p;this.modules.formatter?p=this.modules.formatter:p=qm;const h=new Bu(this.options);this.store=new $u(this.options.resources,this.options);const m=this.services;m.logger=St,m.resourceStore=this.store,m.languageUtils=h,m.pluralResolver=new Lm(h,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),p&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(m.formatter=s(p),m.formatter.init(m,this.options),this.options.interpolation.format=m.formatter.format.bind(m.formatter)),m.interpolator=new Um(this.options),m.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},m.backendConnector=new Dm(s(this.modules.backend),m.resourceStore,m,this.options),m.backendConnector.on("*",function(v){for(var f=arguments.length,_=new Array(f>1?f-1:0),w=1;w<f;w++)_[w-1]=arguments[w];e.emit(v,..._)}),this.modules.languageDetector&&(m.languageDetector=s(this.modules.languageDetector),m.languageDetector.init&&m.languageDetector.init(m,this.options.detection,this.options)),this.modules.i18nFormat&&(m.i18nFormat=s(this.modules.i18nFormat),m.i18nFormat.init&&m.i18nFormat.init(this)),this.translator=new es(this.services,this.options),this.translator.on("*",function(v){for(var f=arguments.length,_=new Array(f>1?f-1:0),w=1;w<f;w++)_[w-1]=arguments[w];e.emit(v,..._)}),this.modules.external.forEach(v=>{v.init&&v.init(this)})}if(this.format=this.options.interpolation.format,r||(r=Ci),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const p=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);p.length>0&&p[0]!=="dev"&&(this.options.lng=p[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(p=>{this[p]=function(){return e.store[p](...arguments)}}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(p=>{this[p]=function(){return e.store[p](...arguments),e}});const l=Ar(),u=()=>{const p=(h,m)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),l.resolve(m),r(h,m)};if(this.languages&&!this.isInitialized)return p(null,this.t.bind(this));this.changeLanguage(this.options.lng,p)};return this.options.resources||!this.options.initAsync?u():setTimeout(u,0),l}loadResources(e){var s,a;let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ci;const i=ne(e)?e:this.language;if(typeof e=="function"&&(r=e),!this.options.resources||this.options.partialBundledLanguages){if((i==null?void 0:i.toLowerCase())==="cimode"&&(!this.options.preload||this.options.preload.length===0))return r();const c=[],l=u=>{if(!u||u==="cimode")return;this.services.languageUtils.toResolveHierarchy(u).forEach(h=>{h!=="cimode"&&c.indexOf(h)<0&&c.push(h)})};i?l(i):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(p=>l(p)),(a=(s=this.options.preload)==null?void 0:s.forEach)==null||a.call(s,u=>l(u)),this.services.backendConnector.load(c,this.options.ns,u=>{!u&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),r(u)})}else r(null)}reloadResources(e,n,r){const i=Ar();return typeof e=="function"&&(r=e,e=void 0),typeof n=="function"&&(r=n,n=void 0),e||(e=this.languages),n||(n=this.options.ns),r||(r=Ci),this.services.backendConnector.reload(e,n,s=>{i.resolve(),r(s)}),i}use(e){if(!e)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!e.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return e.type==="backend"&&(this.modules.backend=e),(e.type==="logger"||e.log&&e.warn&&e.error)&&(this.modules.logger=e),e.type==="languageDetector"&&(this.modules.languageDetector=e),e.type==="i18nFormat"&&(this.modules.i18nFormat=e),e.type==="postProcessor"&&sf.addPostProcessor(e),e.type==="formatter"&&(this.modules.formatter=e),e.type==="3rdParty"&&this.modules.external.push(e),this}setResolvedLanguage(e){if(!(!e||!this.languages)&&!(["cimode","dev"].indexOf(e)>-1))for(let n=0;n<this.languages.length;n++){const r=this.languages[n];if(!(["cimode","dev"].indexOf(r)>-1)&&this.store.hasLanguageSomeTranslations(r)){this.resolvedLanguage=r;break}}}changeLanguage(e,n){var r=this;this.isLanguageChangingTo=e;const i=Ar();this.emit("languageChanging",e);const s=l=>{this.language=l,this.languages=this.services.languageUtils.toResolveHierarchy(l),this.resolvedLanguage=void 0,this.setResolvedLanguage(l)},a=(l,u)=>{u?(s(u),this.translator.changeLanguage(u),this.isLanguageChangingTo=void 0,this.emit("languageChanged",u),this.logger.log("languageChanged",u)):this.isLanguageChangingTo=void 0,i.resolve(function(){return r.t(...arguments)}),n&&n(l,function(){return r.t(...arguments)})},c=l=>{var p,h;!e&&!l&&this.services.languageDetector&&(l=[]);const u=ne(l)?l:this.services.languageUtils.getBestMatchFromCodes(l);u&&(this.language||s(u),this.translator.language||this.translator.changeLanguage(u),(h=(p=this.services.languageDetector)==null?void 0:p.cacheUserLanguage)==null||h.call(p,u)),this.loadResources(u,m=>{a(m,u)})};return!e&&this.services.languageDetector&&!this.services.languageDetector.async?c(this.services.languageDetector.detect()):!e&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(c):this.services.languageDetector.detect(c):c(e),i}getFixedT(e,n,r){var i=this;const s=function(a,c){let l;if(typeof c!="object"){for(var u=arguments.length,p=new Array(u>2?u-2:0),h=2;h<u;h++)p[h-2]=arguments[h];l=i.options.overloadTranslationOptionHandler([a,c].concat(p))}else l={...c};l.lng=l.lng||s.lng,l.lngs=l.lngs||s.lngs,l.ns=l.ns||s.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||r||s.keyPrefix);const m=i.options.keySeparator||".";let v;return l.keyPrefix&&Array.isArray(a)?v=a.map(f=>`${l.keyPrefix}${m}${f}`):v=l.keyPrefix?`${l.keyPrefix}${m}${a}`:a,i.t(v,l)};return ne(e)?s.lng=e:s.lngs=e,s.ns=n,s.keyPrefix=r,s}t(){var i;for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return(i=this.translator)==null?void 0:i.translate(...n)}exists(){var i;for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return(i=this.translator)==null?void 0:i.exists(...n)}setDefaultNamespace(e){this.options.defaultNS=e}hasLoadedNamespace(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const r=n.lng||this.resolvedLanguage||this.languages[0],i=this.options?this.options.fallbackLng:!1,s=this.languages[this.languages.length-1];if(r.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const u=this.services.backendConnector.state[`${c}|${l}`];return u===-1||u===0||u===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(r,e)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(r,e)&&(!i||a(s,e)))}loadNamespaces(e,n){const r=Ar();return this.options.ns?(ne(e)&&(e=[e]),e.forEach(i=>{this.options.ns.indexOf(i)<0&&this.options.ns.push(i)}),this.loadResources(i=>{r.resolve(),n&&n(i)}),r):(n&&n(),Promise.resolve())}loadLanguages(e,n){const r=Ar();ne(e)&&(e=[e]);const i=this.options.preload||[],s=e.filter(a=>i.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return s.length?(this.options.preload=i.concat(s),this.loadResources(a=>{r.resolve(),n&&n(a)}),r):(n&&n(),Promise.resolve())}dir(e){var i,s;if(e||(e=this.resolvedLanguage||(((i=this.languages)==null?void 0:i.length)>0?this.languages[0]:this.language)),!e)return"rtl";const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],r=((s=this.services)==null?void 0:s.languageUtils)||new Bu(Lu());return n.indexOf(r.getLanguagePartFromCode(e))>-1||e.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1?arguments[1]:void 0;return new qr(e,n)}cloneInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ci;const r=e.forkResourceStore;r&&delete e.forkResourceStore;const i={...this.options,...e,isClone:!0},s=new qr(i);if((e.debug!==void 0||e.prefix!==void 0)&&(s.logger=s.logger.clone(e)),["store","services","language"].forEach(c=>{s[c]=this[c]}),s.services={...this.services},s.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},r){const c=Object.keys(this.store.data).reduce((l,u)=>(l[u]={...this.store.data[u]},Object.keys(l[u]).reduce((p,h)=>(p[h]={...l[u][h]},p),{})),{});s.store=new $u(c,i),s.services.resourceStore=s.store}return s.translator=new es(s.services,i),s.translator.on("*",function(c){for(var l=arguments.length,u=new Array(l>1?l-1:0),p=1;p<l;p++)u[p-1]=arguments[p];s.emit(c,...u)}),s.init(i,n),s.translator.options=i,s.translator.backendConnector.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},s}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const P=qr.createInstance();P.createInstance=qr.createInstance;P.createInstance;P.dir;P.init;P.loadResources;P.reloadResources;P.use;P.changeLanguage;P.getFixedT;const se=P.t;P.exists;P.setDefaultNamespace;P.hasLoadedNamespace;P.loadNamespaces;P.loadLanguages;const nn=o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()}),of=o.z.object({created_at:o.z.string(),updated_at:o.z.string()}),af=o.z.object({email:o.z.string().optional(),email_verified:o.z.boolean().optional(),name:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),phone_number:o.z.string().optional(),phone_verified:o.z.boolean().optional(),family_name:o.z.string().optional()}).catchall(o.z.any()),cf=o.z.object({connection:o.z.string(),user_id:o.z.string(),provider:o.z.string(),isSocial:o.z.boolean(),access_token:o.z.string().optional(),access_token_secret:o.z.string().optional(),refresh_token:o.z.string().optional(),profileData:af.optional()}),Js=o.z.object({email:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),nickname:o.z.string().optional(),name:o.z.string().optional(),picture:o.z.string().optional(),locale:o.z.string().optional(),linked_to:o.z.string().optional(),profileData:o.z.string().optional(),user_id:o.z.string().optional(),app_metadata:o.z.any().default({}).optional(),user_metadata:o.z.any().default({}).optional()}),ts=Js.extend({email_verified:o.z.boolean().default(!1),verify_email:o.z.boolean().optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string().optional(),provider:o.z.string().default("email"),connection:o.z.string().default("email"),is_social:o.z.boolean().optional()}),el=o.z.object({...ts.shape,...of.shape,user_id:o.z.string(),is_social:o.z.boolean(),email:o.z.string(),login_count:o.z.number(),identities:o.z.array(cf).optional()}),xt=el,Fm=Js.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any()),Km="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";let Wm=(t=21)=>{let e="",n=crypto.getRandomValues(new Uint8Array(t));for(;t--;)e+=Km[n[t]&63];return e};const lf=o.z.object({audience:o.z.string().optional(),recipient:o.z.string().optional(),createUpnClaim:o.z.boolean().optional(),mapUnknownClaimsAsIs:o.z.boolean().optional(),passthroughClaimsWithNoMapping:o.z.boolean().optional(),mapIdentities:o.z.boolean().optional(),signatureAlgorithm:o.z.string().optional(),digestAlgorithm:o.z.string().optional(),issuer:o.z.string().optional(),destination:o.z.string().optional(),lifetimeInSeconds:o.z.number().optional(),signResponse:o.z.boolean().optional(),nameIdentifierFormat:o.z.string().optional(),nameIdentifierProbes:o.z.array(o.z.string()).optional(),authnContextClassRef:o.z.string().optional(),mappings:o.z.record(o.z.string()).optional()}),ns=o.z.object({id:o.z.string(),name:o.z.string(),callbacks:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted to use as a callback to the client after authentication."}),allowed_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level. Query strings and hash information are not taken into account when validating these URLs."}),web_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),allowed_logout_urls:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),allowed_clients:o.z.array(o.z.string()).default([]).optional().openapi({description:"Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients"}),addons:o.z.object({samlp:lf.optional()}).default({}).optional().openapi({description:"Addons associated with the client. The key is the addon's package name and the value is an object with the configuration for the addon."}),email_validation:o.z.enum(["enabled","disabled","enforced"]).default("enforced").optional().openapi({description:"Defines if it possible to sign in with an unverified email and if verification emails will be sent. This is not available in auth0"}),client_secret:o.z.string().default(()=>Wm()).optional(),disable_sign_ups:o.z.boolean().optional().default(!1).openapi({description:"Prevents users from signing up using the hosted login page. This is not available in auth0"})}),mn=o.z.object({created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t),...ns.shape});var Pt=(t=>(t.TOKEN="token",t.TOKEN_ID_TOKEN="token id_token",t.CODE="code",t))(Pt||{}),Yt=(t=>(t.QUERY="query",t.FRAGMENT="fragment",t.FORM_POST="form_post",t.WEB_MESSAGE="web_message",t.SAML_POST="saml_post",t))(Yt||{}),Zs=(t=>(t.S256="S256",t.Plain="plain",t))(Zs||{});const tl=o.z.object({client_id:o.z.string(),act_as:o.z.string().optional(),response_type:o.z.nativeEnum(Pt).optional(),response_mode:o.z.nativeEnum(Yt).optional(),redirect_uri:o.z.string().optional(),audience:o.z.string().optional(),organization:o.z.string().optional(),state:o.z.string().optional(),nonce:o.z.string().optional(),scope:o.z.string().optional(),prompt:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Zs).optional(),code_challenge:o.z.string().optional(),username:o.z.string().optional(),ui_locales:o.z.string().optional(),vendor_id:o.z.string().optional()}),Aa=o.z.object({colors:o.z.object({primary:o.z.string(),page_background:o.z.object({type:o.z.string().optional(),start:o.z.string().optional(),end:o.z.string().optional(),angle_deg:o.z.number().optional()}).optional()}).optional(),logo_url:o.z.string().optional(),favicon_url:o.z.string().optional(),font:o.z.object({url:o.z.string()}).optional()}),rs=o.z.object({id:o.z.string().optional(),name:o.z.string(),strategy:o.z.string(),options:o.z.object({kid:o.z.string().optional(),team_id:o.z.string().optional(),realms:o.z.string().optional(),client_id:o.z.string().optional(),client_secret:o.z.string().optional(),app_secret:o.z.string().optional(),scope:o.z.string().optional(),authorization_endpoint:o.z.string().default("").optional(),token_endpoint:o.z.string().default("").optional(),userinfo_endpoint:o.z.string().default("").optional(),jwks_uri:o.z.string().default("").optional(),discovery_url:o.z.string().default("").optional(),issuer:o.z.string().default("").optional()}).default({}).optional(),enabled_clients:o.z.array(o.z.string()).default([]).optional(),response_type:o.z.custom().optional(),response_mode:o.z.custom().optional()}),Ft=o.z.object({id:o.z.string(),created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t)}).extend(rs.shape),is=o.z.object({name:o.z.string(),audience:o.z.string(),sender_email:o.z.string().email(),sender_name:o.z.string(),support_url:o.z.string().url().optional(),logo:o.z.string().url().optional(),primary_color:o.z.string().optional(),secondary_color:o.z.string().optional(),language:o.z.string().optional(),id:o.z.string().optional()}),Fn=o.z.object({created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t),...is.shape,id:o.z.string()}),uf=o.z.object({logoUrl:o.z.string(),loginBackgroundImage:o.z.string().nullish(),style:o.z.object({primaryColor:o.z.string(),buttonTextColor:o.z.string(),primaryHoverColor:o.z.string()}),supportEmail:o.z.string().nullable(),supportUrl:o.z.string().nullable(),name:o.z.string(),showGreyishBackground:o.z.boolean().optional(),termsAndConditionsUrl:o.z.string().nullable(),companyName:o.z.string().optional(),checkoutHideSocial:o.z.boolean().optional(),siteUrl:o.z.string().nullable(),manageSubscriptionsUrl:o.z.string().optional()});o.z.object({...mn.shape,tenant:Fn,connections:o.z.array(Ft)});const df=o.z.enum(["password_reset","email_verification","otp","authorization_code","oauth2_state","ticket"]),pf=o.z.object({code_id:o.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:o.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:o.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:df,code_verifier:o.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),expires_at:o.z.string(),used_at:o.z.string().optional(),user_id:o.z.string().optional()}),Gm=o.z.object({...pf.shape,created_at:o.z.string()}),nl=o.z.object({domain:o.z.string(),type:o.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:o.z.enum(["txt"]).optional(),tls_policy:o.z.enum(["recommended"]).optional(),custom_client_ip_header:o.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:o.z.record(o.z.string().max(255)).optional()}),fn=o.z.object({...nl.shape,custom_domain_id:o.z.string(),primary:o.z.boolean(),status:o.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:o.z.string().optional(),verification:o.z.object({}).optional(),tls_policy:o.z.string().optional()}),ss=o.z.object({trigger_id:o.z.enum(["pre-user-signup","post-user-registration","post-user-login"]),enabled:o.z.boolean().default(!1),url:o.z.string(),hook_id:o.z.string().optional(),synchronous:o.z.boolean().default(!1),priority:o.z.number().optional()}),Dn=ss.extend({...of.shape,hook_id:o.z.string()}),rl=o.z.object({alg:o.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),e:o.z.string(),kid:o.z.string(),kty:o.z.enum(["RSA","EC","oct"]),n:o.z.string(),x5t:o.z.string().optional(),x5c:o.z.array(o.z.string()).optional(),use:o.z.enum(["sig","enc"]).optional()}),ff=o.z.object({keys:o.z.array(rl)}),Ea=o.z.object({issuer:o.z.string(),authorization_endpoint:o.z.string(),token_endpoint:o.z.string(),device_authorization_endpoint:o.z.string(),userinfo_endpoint:o.z.string(),mfa_challenge_endpoint:o.z.string(),jwks_uri:o.z.string(),registration_endpoint:o.z.string(),revocation_endpoint:o.z.string(),scopes_supported:o.z.array(o.z.string()),response_types_supported:o.z.array(o.z.string()),code_challenge_methods_supported:o.z.array(o.z.string()),response_modes_supported:o.z.array(o.z.string()),subject_types_supported:o.z.array(o.z.string()),id_token_signing_alg_values_supported:o.z.array(o.z.string()),token_endpoint_auth_methods_supported:o.z.array(o.z.string()),claims_supported:o.z.array(o.z.string()),request_uri_parameter_supported:o.z.boolean(),request_parameter_supported:o.z.boolean(),token_endpoint_auth_signing_alg_values_supported:o.z.array(o.z.string())}),hf=o.z.object({csrf_token:o.z.string(),auth0Client:o.z.string().optional(),authParams:tl,expires_at:o.z.string(),deleted_at:o.z.string().optional(),ip:o.z.string().optional(),useragent:o.z.string().optional(),session:o.z.string().optional(),authorization_url:o.z.string().optional()}).openapi({description:"This represents a login sesion"}),Jm=o.z.object({...hf.shape,id:o.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:o.z.string(),updated_at:o.z.string()});var he=(t=>(t.FAILED_SILENT_AUTH="fsa",t.FAILED_SIGNUP="fs",t.FAILED_LOGIN="f",t.FAILED_LOGIN_INCORRECT_PASSWORD="fp",t.FAILED_CHANGE_PASSWORD="fcp",t.FAILED_BY_CONNECTOR="fc",t.FAILED_LOGIN_INVALID_EMAIL_USERNAME="fu",t.FAILED_HOOK="fh",t.FAILED_CROSS_ORIGIN_AUTHENTICATION="fcoa",t.SUCCESS_API_OPERATION="sapi",t.SUCCESS_CHANGE_PASSWORD="scp",t.SUCCESS_CHANGE_PASSWORD_REQUEST="scpr",t.SUCCESS_CHANGE_USERNAME="scu",t.SUCCESS_CROSS_ORIGIN_AUTHENTICATION="scoa",t.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN="seacft",t.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN="serft",t.SUCCESS_LOGIN="s",t.SUCCESS_LOGOUT="slo",t.SUCCESS_SIGNUP="ss",t.SUCCESS_SILENT_AUTH="ssa",t.SUCCESS_VERIFICATION_EMAIL="sv",t.SUCCESS_VERIFICATION_EMAIL_REQUEST="svr",t.CODE_LINK_SENT="cls",t.BLOCKED_ACCOUNT_EMAIL="limit_wc",t.BLOCKED_ACCOUNT_IP="limit_sul",t.BLOCKED_IP_ADDRESS="limit_mu",t))(he||{});const Zm=o.z.enum(["cls","fsa","fs","f","fc","fcoa","fcp","fh","fp","fs","fu","s","sapi","scoa","scp","scpr","scu","seacft","serft","slo","ss","ssa","sv","svr"]),gf=o.z.object({name:o.z.string(),version:o.z.string(),env:o.z.object({node:o.z.string().optional()}).optional()}),os=o.z.object({type:Zm,date:o.z.string(),description:o.z.string().optional(),log_id:o.z.string().optional(),_id:o.z.string().optional(),ip:o.z.string(),user_agent:o.z.string(),details:o.z.any().optional(),isMobile:o.z.boolean(),user_id:o.z.string().optional(),user_name:o.z.string().optional(),connection:o.z.string().optional(),connection_id:o.z.string().optional(),client_id:o.z.string().optional(),client_name:o.z.string().optional(),audience:o.z.string().optional(),scope:o.z.array(o.z.string()).optional(),strategy:o.z.string().optional(),strategy_type:o.z.string().optional(),hostname:o.z.string().optional(),auth0_client:gf.optional()}),mf=o.z.object({user_id:o.z.string(),password:o.z.string(),algorithm:o.z.enum(["bcrypt","argon2id"]).default("argon2id")}),Ym=o.z.object({...mf.shape,created_at:o.z.string(),updated_at:o.z.string()}),_f=o.z.object({initial_user_agent:o.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:o.z.string().describe("First IP address associated with this session"),initial_asn:o.z.string().describe("First autonomous system number associated with this session"),last_user_agent:o.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:o.z.string().describe("Last IP address from which this user logged in"),last_asn:o.z.string().describe("Last autonomous system number from which this user logged in")}),yf=o.z.object({id:o.z.string(),revoked_at:o.z.string().optional(),used_at:o.z.string().optional(),user_id:o.z.string().describe("The user ID associated with the session"),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),device:_f.describe("Metadata related to the device used in the session"),clients:o.z.array(o.z.string()).describe("List of client details for the session")}),Ys=o.z.object({created_at:o.z.string(),updated_at:o.z.string(),authenticated_at:o.z.string(),last_interaction_at:o.z.string(),...yf.shape}),Ia=o.z.object({kid:o.z.string().openapi({description:"The key id of the signing key"}),cert:o.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:o.z.string().openapi({description:"The cert fingerprint"}),thumbprint:o.z.string().openapi({description:"The cert thumbprint"}),pkcs7:o.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:o.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:o.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:o.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:o.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:o.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:o.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:o.z.string().optional().openapi({description:"The date and time when the key was revoked"})});var Br=(t=>(t.RefreshToken="refresh_token",t.AuthorizationCode="authorization_code",t.ClientCredential="client_credentials",t.Passwordless="passwordless",t.Password="password",t))(Br||{});const vf=o.z.object({access_token:o.z.string(),id_token:o.z.string().optional(),scope:o.z.string().optional(),state:o.z.string().optional(),refresh_token:o.z.string().optional(),token_type:o.z.string(),expires_in:o.z.number()});o.z.object({code:o.z.string(),state:o.z.string().optional()});const wf=o.z.object({button_border_radius:o.z.number(),button_border_weight:o.z.number(),buttons_style:o.z.enum(["pill"]),input_border_radius:o.z.number(),input_border_weight:o.z.number(),inputs_style:o.z.enum(["pill"]),show_widget_shadow:o.z.boolean(),widget_border_weight:o.z.number(),widget_corner_radius:o.z.number()}),bf=o.z.object({base_focus_color:o.z.string(),base_hover_color:o.z.string(),body_text:o.z.string(),captcha_widget_theme:o.z.enum(["auto"]),error:o.z.string(),header:o.z.string(),icons:o.z.string(),input_background:o.z.string(),input_border:o.z.string(),input_filled_text:o.z.string(),input_labels_placeholders:o.z.string(),links_focused_components:o.z.string(),primary_button:o.z.string(),primary_button_label:o.z.string(),secondary_button_border:o.z.string(),secondary_button_label:o.z.string(),success:o.z.string(),widget_background:o.z.string(),widget_border:o.z.string()}),hn=o.z.object({bold:o.z.boolean(),size:o.z.number()}),kf=o.z.object({body_text:hn,buttons_text:hn,font_url:o.z.string(),input_labels:hn,links:hn,links_style:o.z.enum(["normal"]),reference_text_size:o.z.number(),subtitle:hn,title:hn}),xf=o.z.object({background_color:o.z.string(),background_image_url:o.z.string(),page_layout:o.z.enum(["center"])}),Sf=o.z.object({header_text_alignment:o.z.enum(["center"]),logo_height:o.z.number(),logo_position:o.z.enum(["center"]),logo_url:o.z.string(),social_buttons_layout:o.z.enum(["bottom"])}),Af=o.z.object({borders:wf,colors:bf,displayName:o.z.string(),fonts:kf,page_background:xf,widget:Sf}),Xm=Af.extend({themeId:o.z.string()}),Li=o.z.object({universal_login_experience:o.z.enum(["new","classic"]).default("new"),identifier_first:o.z.boolean().default(!0),password_first:o.z.boolean().default(!1),webauthn_platform_first_factor:o.z.boolean()}),Ui=o.z.object({name:o.z.string(),enabled:o.z.boolean().optional().default(!0),default_from_address:o.z.string().optional(),credentials:o.z.union([o.z.object({accessKeyId:o.z.string(),secretAccessKey:o.z.string(),region:o.z.string()}),o.z.object({smtp_host:o.z.array(o.z.string()),smtp_port:o.z.number(),smtp_user:o.z.string(),smtp_pass:o.z.string()}),o.z.object({api_key:o.z.string(),domain:o.z.string().optional()}),o.z.object({connectionString:o.z.string()}),o.z.object({tenantId:o.z.string(),clientId:o.z.string(),clientSecret:o.z.string()})]),settings:o.z.object({}).optional()}),il=o.z.object({id:o.z.string(),session_id:o.z.string(),user_id:o.z.string(),client_id:o.z.string(),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),last_exchanged_at:o.z.string().optional(),device:_f,resource_servers:o.z.array(o.z.object({audience:o.z.string(),scopes:o.z.string()})),rotating:o.z.boolean()}),Qm=o.z.object({created_at:o.z.string(),...il.shape});function e_(t){const[e,n]=t.split("|");if(!e||!n)throw new Error(`Invalid user_id: ${t}`);return{connection:e,id:n}}const t_=new o.OpenAPIHono().openapi(o.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Aa}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.branding.get(e);return n?t.json(n):t.json({})}).openapi(o.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Aa.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.branding.set(e,n),t.text("OK")});var z=class extends Error{constructor(e=500,n){super(n==null?void 0:n.message,{cause:n==null?void 0:n.cause});te(this,"res");te(this,"status");this.res=n==null?void 0:n.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}},as=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function Ef(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}function n_(t){if(t.__esModule)return t;var e=t.default;if(typeof e=="function"){var n=function r(){return this instanceof r?Reflect.construct(e,arguments,this.constructor):e.apply(this,arguments)};n.prototype=e.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(t).forEach(function(r){var i=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(n,r,i.get?i:{enumerable:!0,get:function(){return t[r]}})}),n}function r_(t){throw new Error('Could not dynamically require "'+t+'". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.')}var If={exports:{}};const i_={},s_=Object.freeze(Object.defineProperty({__proto__:null,default:i_},Symbol.toStringTag,{value:"Module"})),o_=n_(s_);(function(t){/**
|
|
1
|
+
"use strict";var Am=Object.defineProperty;var Em=(t,e,n)=>e in t?Am(t,e,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[e]=n;var te=(t,e,n)=>Em(t,typeof e!="symbol"?e+"":e,n);Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const o=require("@hono/zod-openapi"),ne=t=>typeof t=="string",Ar=()=>{let t,e;const n=new Promise((r,i)=>{t=r,e=i});return n.resolve=t,n.reject=e,n},zu=t=>t==null?"":""+t,Im=(t,e,n)=>{t.forEach(r=>{e[r]&&(n[r]=e[r])})},zm=/###/g,Nu=t=>t&&t.indexOf("###")>-1?t.replace(zm,"."):t,Cu=t=>!t||ne(t),Or=(t,e,n)=>{const r=ne(e)?e.split("."):e;let i=0;for(;i<r.length-1;){if(Cu(t))return{};const s=Nu(r[i]);!t[s]&&n&&(t[s]=new n),Object.prototype.hasOwnProperty.call(t,s)?t=t[s]:t={},++i}return Cu(t)?{}:{obj:t,k:Nu(r[i])}},ju=(t,e,n)=>{const{obj:r,k:i}=Or(t,e,Object);if(r!==void 0||e.length===1){r[i]=n;return}let s=e[e.length-1],a=e.slice(0,e.length-1),c=Or(t,a,Object);for(;c.obj===void 0&&a.length;)s=`${a[a.length-1]}.${s}`,a=a.slice(0,a.length-1),c=Or(t,a,Object),c!=null&&c.obj&&typeof c.obj[`${c.k}.${s}`]<"u"&&(c.obj=void 0);c.obj[`${c.k}.${s}`]=n},Nm=(t,e,n,r)=>{const{obj:i,k:s}=Or(t,e,Object);i[s]=i[s]||[],i[s].push(n)},Yi=(t,e)=>{const{obj:n,k:r}=Or(t,e);if(n&&Object.prototype.hasOwnProperty.call(n,r))return n[r]},Cm=(t,e,n)=>{const r=Yi(t,n);return r!==void 0?r:Yi(e,n)},rf=(t,e,n)=>{for(const r in e)r!=="__proto__"&&r!=="constructor"&&(r in t?ne(t[r])||t[r]instanceof String||ne(e[r])||e[r]instanceof String?n&&(t[r]=e[r]):rf(t[r],e[r],n):t[r]=e[r]);return t},Un=t=>t.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g,"\\$&");var jm={"&":"&","<":"<",">":">",'"':""","'":"'","/":"/"};const $m=t=>ne(t)?t.replace(/[&<>"'\/]/g,e=>jm[e]):t;class Om{constructor(e){this.capacity=e,this.regExpMap=new Map,this.regExpQueue=[]}getRegExp(e){const n=this.regExpMap.get(e);if(n!==void 0)return n;const r=new RegExp(e);return this.regExpQueue.length===this.capacity&&this.regExpMap.delete(this.regExpQueue.shift()),this.regExpMap.set(e,r),this.regExpQueue.push(e),r}}const Bm=[" ",",","?","!",";"],Tm=new Om(20),Pm=(t,e,n)=>{e=e||"",n=n||"";const r=Bm.filter(a=>e.indexOf(a)<0&&n.indexOf(a)<0);if(r.length===0)return!0;const i=Tm.getRegExp(`(${r.map(a=>a==="?"?"\\?":a).join("|")})`);let s=!i.test(t);if(!s){const a=t.indexOf(n);a>0&&!i.test(t.substring(0,a))&&(s=!0)}return s},Sa=function(t,e){let n=arguments.length>2&&arguments[2]!==void 0?arguments[2]:".";if(!t)return;if(t[e])return Object.prototype.hasOwnProperty.call(t,e)?t[e]:void 0;const r=e.split(n);let i=t;for(let s=0;s<r.length;){if(!i||typeof i!="object")return;let a,c="";for(let l=s;l<r.length;++l)if(l!==s&&(c+=n),c+=r[l],a=i[c],a!==void 0){if(["string","number","boolean"].indexOf(typeof a)>-1&&l<r.length-1)continue;s+=l-s+1;break}i=a}return i},Xi=t=>t==null?void 0:t.replace("_","-"),Rm={type:"logger",log(t){this.output("log",t)},warn(t){this.output("warn",t)},error(t){this.output("error",t)},output(t,e){var n,r;(r=(n=console==null?void 0:console[t])==null?void 0:n.apply)==null||r.call(n,console,e)}};class Qi{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.init(e,n)}init(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.prefix=n.prefix||"i18next:",this.logger=e||Rm,this.options=n,this.debug=n.debug}log(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"log","",!0)}warn(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"warn","",!0)}error(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"error","")}deprecate(){for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return this.forward(n,"warn","WARNING DEPRECATED: ",!0)}forward(e,n,r,i){return i&&!this.debug?null:(ne(e[0])&&(e[0]=`${r}${this.prefix} ${e[0]}`),this.logger[n](e))}create(e){return new Qi(this.logger,{prefix:`${this.prefix}:${e}:`,...this.options})}clone(e){return e=e||this.options,e.prefix=e.prefix||this.prefix,new Qi(this.logger,e)}}var St=new Qi;class Gs{constructor(){this.observers={}}on(e,n){return e.split(" ").forEach(r=>{this.observers[r]||(this.observers[r]=new Map);const i=this.observers[r].get(n)||0;this.observers[r].set(n,i+1)}),this}off(e,n){if(this.observers[e]){if(!n){delete this.observers[e];return}this.observers[e].delete(n)}}emit(e){for(var n=arguments.length,r=new Array(n>1?n-1:0),i=1;i<n;i++)r[i-1]=arguments[i];this.observers[e]&&Array.from(this.observers[e].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c(...r)}),this.observers["*"]&&Array.from(this.observers["*"].entries()).forEach(a=>{let[c,l]=a;for(let u=0;u<l;u++)c.apply(c,[e,...r])})}}class $u extends Gs{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{ns:["translation"],defaultNS:"translation"};super(),this.data=e||{},this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.options.ignoreJSONStructure===void 0&&(this.options.ignoreJSONStructure=!0)}addNamespaces(e){this.options.ns.indexOf(e)<0&&this.options.ns.push(e)}removeNamespaces(e){const n=this.options.ns.indexOf(e);n>-1&&this.options.ns.splice(n,1)}getResource(e,n,r){var u,p;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=i.keySeparator!==void 0?i.keySeparator:this.options.keySeparator,a=i.ignoreJSONStructure!==void 0?i.ignoreJSONStructure:this.options.ignoreJSONStructure;let c;e.indexOf(".")>-1?c=e.split("."):(c=[e,n],r&&(Array.isArray(r)?c.push(...r):ne(r)&&s?c.push(...r.split(s)):c.push(r)));const l=Yi(this.data,c);return!l&&!n&&!r&&e.indexOf(".")>-1&&(e=c[0],n=c[1],r=c.slice(2).join(".")),l||!a||!ne(r)?l:Sa((p=(u=this.data)==null?void 0:u[e])==null?void 0:p[n],r,s)}addResource(e,n,r,i){let s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:{silent:!1};const a=s.keySeparator!==void 0?s.keySeparator:this.options.keySeparator;let c=[e,n];r&&(c=c.concat(a?r.split(a):r)),e.indexOf(".")>-1&&(c=e.split("."),i=n,n=c[1]),this.addNamespaces(n),ju(this.data,c,i),s.silent||this.emit("added",e,n,r,i)}addResources(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{silent:!1};for(const s in r)(ne(r[s])||Array.isArray(r[s]))&&this.addResource(e,n,s,r[s],{silent:!0});i.silent||this.emit("added",e,n,r)}addResourceBundle(e,n,r,i,s){let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{silent:!1,skipCopy:!1},c=[e,n];e.indexOf(".")>-1&&(c=e.split("."),i=r,r=n,n=c[1]),this.addNamespaces(n);let l=Yi(this.data,c)||{};a.skipCopy||(r=JSON.parse(JSON.stringify(r))),i?rf(l,r,s):l={...l,...r},ju(this.data,c,l),a.silent||this.emit("added",e,n,r)}removeResourceBundle(e,n){this.hasResourceBundle(e,n)&&delete this.data[e][n],this.removeNamespaces(n),this.emit("removed",e,n)}hasResourceBundle(e,n){return this.getResource(e,n)!==void 0}getResourceBundle(e,n){return n||(n=this.options.defaultNS),this.getResource(e,n)}getDataByLanguage(e){return this.data[e]}hasLanguageSomeTranslations(e){const n=this.getDataByLanguage(e);return!!(n&&Object.keys(n)||[]).find(i=>n[i]&&Object.keys(n[i]).length>0)}toJSON(){return this.data}}var sf={processors:{},addPostProcessor(t){this.processors[t.name]=t},handle(t,e,n,r,i){return t.forEach(s=>{var a;e=((a=this.processors[s])==null?void 0:a.process(e,n,r,i))??e}),e}};const Ou={};class es extends Gs{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};super(),Im(["resourceStore","languageUtils","pluralResolver","interpolator","backendConnector","i18nFormat","utils"],e,this),this.options=n,this.options.keySeparator===void 0&&(this.options.keySeparator="."),this.logger=St.create("translator")}changeLanguage(e){e&&(this.language=e)}exists(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};if(e==null)return!1;const r=this.resolve(e,n);return(r==null?void 0:r.res)!==void 0}extractFromKey(e,n){let r=n.nsSeparator!==void 0?n.nsSeparator:this.options.nsSeparator;r===void 0&&(r=":");const i=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator;let s=n.ns||this.options.defaultNS||[];const a=r&&e.indexOf(r)>-1,c=!this.options.userDefinedKeySeparator&&!n.keySeparator&&!this.options.userDefinedNsSeparator&&!n.nsSeparator&&!Pm(e,r,i);if(a&&!c){const l=e.match(this.interpolator.nestingRegexp);if(l&&l.length>0)return{key:e,namespaces:ne(s)?[s]:s};const u=e.split(r);(r!==i||r===i&&this.options.ns.indexOf(u[0])>-1)&&(s=u.shift()),e=u.join(i)}return{key:e,namespaces:ne(s)?[s]:s}}translate(e,n,r){if(typeof n!="object"&&this.options.overloadTranslationOptionHandler&&(n=this.options.overloadTranslationOptionHandler(arguments)),typeof n=="object"&&(n={...n}),n||(n={}),e==null)return"";Array.isArray(e)||(e=[String(e)]);const i=n.returnDetails!==void 0?n.returnDetails:this.options.returnDetails,s=n.keySeparator!==void 0?n.keySeparator:this.options.keySeparator,{key:a,namespaces:c}=this.extractFromKey(e[e.length-1],n),l=c[c.length-1],u=n.lng||this.language,p=n.appendNamespaceToCIMode||this.options.appendNamespaceToCIMode;if((u==null?void 0:u.toLowerCase())==="cimode"){if(p){const L=n.nsSeparator||this.options.nsSeparator;return i?{res:`${l}${L}${a}`,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(n)}:`${l}${L}${a}`}return i?{res:a,usedKey:a,exactUsedKey:a,usedLng:u,usedNS:l,usedParams:this.getUsedParamsDetails(n)}:a}const h=this.resolve(e,n);let m=h==null?void 0:h.res;const v=(h==null?void 0:h.usedKey)||a,f=(h==null?void 0:h.exactUsedKey)||a,_=Object.prototype.toString.apply(m),w=["[object Number]","[object Function]","[object RegExp]"],S=n.joinArrays!==void 0?n.joinArrays:this.options.joinArrays,C=!this.i18nFormat||this.i18nFormat.handleAsObject,B=!ne(m)&&typeof m!="boolean"&&typeof m!="number";if(C&&m&&B&&w.indexOf(_)<0&&!(ne(S)&&Array.isArray(m))){if(!n.returnObjects&&!this.options.returnObjects){this.options.returnedObjectHandler||this.logger.warn("accessing an object - but returnObjects options is not enabled!");const L=this.options.returnedObjectHandler?this.options.returnedObjectHandler(v,m,{...n,ns:c}):`key '${a} (${this.language})' returned an object instead of string.`;return i?(h.res=L,h.usedParams=this.getUsedParamsDetails(n),h):L}if(s){const L=Array.isArray(m),Q=L?[]:{},ce=L?f:v;for(const le in m)if(Object.prototype.hasOwnProperty.call(m,le)){const qe=`${ce}${s}${le}`;Q[le]=this.translate(qe,{...n,joinArrays:!1,ns:c}),Q[le]===qe&&(Q[le]=m[le])}m=Q}}else if(C&&ne(S)&&Array.isArray(m))m=m.join(S),m&&(m=this.extendTranslation(m,e,n,r));else{let L=!1,Q=!1;const ce=n.count!==void 0&&!ne(n.count),le=es.hasDefaultValue(n),qe=ce?this.pluralResolver.getSuffix(u,n.count,n):"",Me=n.ordinal&&ce?this.pluralResolver.getSuffix(u,n.count,{ordinal:!1}):"",Ze=ce&&!n.ordinal&&n.count===0,j=Ze&&n[`defaultValue${this.options.pluralSeparator}zero`]||n[`defaultValue${qe}`]||n[`defaultValue${Me}`]||n.defaultValue;!this.isValidLookup(m)&&le&&(L=!0,m=j),this.isValidLookup(m)||(Q=!0,m=a);const E=(n.missingKeyNoValueFallbackToKey||this.options.missingKeyNoValueFallbackToKey)&&Q?void 0:m,x=le&&j!==m&&this.options.updateMissing;if(Q||L||x){if(this.logger.log(x?"updateKey":"missingKey",u,l,a,x?j:m),s){const X=this.resolve(a,{...n,keySeparator:!1});X&&X.res&&this.logger.warn("Seems the loaded translations were in flat JSON format instead of nested. Either set keySeparator: false on init or make sure your translations are published in nested format.")}let k=[];const $=this.languageUtils.getFallbackCodes(this.options.fallbackLng,n.lng||this.language);if(this.options.saveMissingTo==="fallback"&&$&&$[0])for(let X=0;X<$.length;X++)k.push($[X]);else this.options.saveMissingTo==="all"?k=this.languageUtils.toResolveHierarchy(n.lng||this.language):k.push(n.lng||this.language);const U=(X,G,ie)=>{var H;const de=le&&ie!==m?ie:E;this.options.missingKeyHandler?this.options.missingKeyHandler(X,l,G,de,x,n):(H=this.backendConnector)!=null&&H.saveMissing&&this.backendConnector.saveMissing(X,l,G,de,x,n),this.emit("missingKey",X,l,G,m)};this.options.saveMissing&&(this.options.saveMissingPlurals&&ce?k.forEach(X=>{const G=this.pluralResolver.getSuffixes(X,n);Ze&&n[`defaultValue${this.options.pluralSeparator}zero`]&&G.indexOf(`${this.options.pluralSeparator}zero`)<0&&G.push(`${this.options.pluralSeparator}zero`),G.forEach(ie=>{U([X],a+ie,n[`defaultValue${ie}`]||j)})}):U(k,a,j))}m=this.extendTranslation(m,e,n,h,r),Q&&m===a&&this.options.appendNamespaceToMissingKey&&(m=`${l}:${a}`),(Q||L)&&this.options.parseMissingKeyHandler&&(m=this.options.parseMissingKeyHandler(this.options.appendNamespaceToMissingKey?`${l}:${a}`:a,L?m:void 0))}return i?(h.res=m,h.usedParams=this.getUsedParamsDetails(n),h):m}extendTranslation(e,n,r,i,s){var u,p;var a=this;if((u=this.i18nFormat)!=null&&u.parse)e=this.i18nFormat.parse(e,{...this.options.interpolation.defaultVariables,...r},r.lng||this.language||i.usedLng,i.usedNS,i.usedKey,{resolved:i});else if(!r.skipInterpolation){r.interpolation&&this.interpolator.init({...r,interpolation:{...this.options.interpolation,...r.interpolation}});const h=ne(e)&&(((p=r==null?void 0:r.interpolation)==null?void 0:p.skipOnVariables)!==void 0?r.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables);let m;if(h){const f=e.match(this.interpolator.nestingRegexp);m=f&&f.length}let v=r.replace&&!ne(r.replace)?r.replace:r;if(this.options.interpolation.defaultVariables&&(v={...this.options.interpolation.defaultVariables,...v}),e=this.interpolator.interpolate(e,v,r.lng||this.language||i.usedLng,r),h){const f=e.match(this.interpolator.nestingRegexp),_=f&&f.length;m<_&&(r.nest=!1)}!r.lng&&i&&i.res&&(r.lng=this.language||i.usedLng),r.nest!==!1&&(e=this.interpolator.nest(e,function(){for(var f=arguments.length,_=new Array(f),w=0;w<f;w++)_[w]=arguments[w];return(s==null?void 0:s[0])===_[0]&&!r.context?(a.logger.warn(`It seems you are nesting recursively key: ${_[0]} in key: ${n[0]}`),null):a.translate(..._,n)},r)),r.interpolation&&this.interpolator.reset()}const c=r.postProcess||this.options.postProcess,l=ne(c)?[c]:c;return e!=null&&(l!=null&&l.length)&&r.applyPostProcessor!==!1&&(e=sf.handle(l,e,n,this.options&&this.options.postProcessPassResolved?{i18nResolved:{...i,usedParams:this.getUsedParamsDetails(r)},...r}:r,this)),e}resolve(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r,i,s,a,c;return ne(e)&&(e=[e]),e.forEach(l=>{if(this.isValidLookup(r))return;const u=this.extractFromKey(l,n),p=u.key;i=p;let h=u.namespaces;this.options.fallbackNS&&(h=h.concat(this.options.fallbackNS));const m=n.count!==void 0&&!ne(n.count),v=m&&!n.ordinal&&n.count===0,f=n.context!==void 0&&(ne(n.context)||typeof n.context=="number")&&n.context!=="",_=n.lngs?n.lngs:this.languageUtils.toResolveHierarchy(n.lng||this.language,n.fallbackLng);h.forEach(w=>{var S,C;this.isValidLookup(r)||(c=w,!Ou[`${_[0]}-${w}`]&&((S=this.utils)!=null&&S.hasLoadedNamespace)&&!((C=this.utils)!=null&&C.hasLoadedNamespace(c))&&(Ou[`${_[0]}-${w}`]=!0,this.logger.warn(`key "${i}" for languages "${_.join(", ")}" won't get resolved as namespace "${c}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!")),_.forEach(B=>{var ce;if(this.isValidLookup(r))return;a=B;const L=[p];if((ce=this.i18nFormat)!=null&&ce.addLookupKeys)this.i18nFormat.addLookupKeys(L,p,B,w,n);else{let le;m&&(le=this.pluralResolver.getSuffix(B,n.count,n));const qe=`${this.options.pluralSeparator}zero`,Me=`${this.options.pluralSeparator}ordinal${this.options.pluralSeparator}`;if(m&&(L.push(p+le),n.ordinal&&le.indexOf(Me)===0&&L.push(p+le.replace(Me,this.options.pluralSeparator)),v&&L.push(p+qe)),f){const Ze=`${p}${this.options.contextSeparator}${n.context}`;L.push(Ze),m&&(L.push(Ze+le),n.ordinal&&le.indexOf(Me)===0&&L.push(Ze+le.replace(Me,this.options.pluralSeparator)),v&&L.push(Ze+qe))}}let Q;for(;Q=L.pop();)this.isValidLookup(r)||(s=Q,r=this.getResource(B,w,Q,n))}))})}),{res:r,usedKey:i,exactUsedKey:s,usedLng:a,usedNS:c}}isValidLookup(e){return e!==void 0&&!(!this.options.returnNull&&e===null)&&!(!this.options.returnEmptyString&&e==="")}getResource(e,n,r){var s;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};return(s=this.i18nFormat)!=null&&s.getResource?this.i18nFormat.getResource(e,n,r,i):this.resourceStore.getResource(e,n,r,i)}getUsedParamsDetails(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};const n=["defaultValue","ordinal","context","replace","lng","lngs","fallbackLng","ns","keySeparator","nsSeparator","returnObjects","returnDetails","joinArrays","postProcess","interpolation"],r=e.replace&&!ne(e.replace);let i=r?e.replace:e;if(r&&typeof e.count<"u"&&(i.count=e.count),this.options.interpolation.defaultVariables&&(i={...this.options.interpolation.defaultVariables,...i}),!r){i={...i};for(const s of n)delete i[s]}return i}static hasDefaultValue(e){const n="defaultValue";for(const r in e)if(Object.prototype.hasOwnProperty.call(e,r)&&n===r.substring(0,n.length)&&e[r]!==void 0)return!0;return!1}}class Bu{constructor(e){this.options=e,this.supportedLngs=this.options.supportedLngs||!1,this.logger=St.create("languageUtils")}getScriptPartFromCode(e){if(e=Xi(e),!e||e.indexOf("-")<0)return null;const n=e.split("-");return n.length===2||(n.pop(),n[n.length-1].toLowerCase()==="x")?null:this.formatLanguageCode(n.join("-"))}getLanguagePartFromCode(e){if(e=Xi(e),!e||e.indexOf("-")<0)return e;const n=e.split("-");return this.formatLanguageCode(n[0])}formatLanguageCode(e){if(ne(e)&&e.indexOf("-")>-1){let n;try{n=Intl.getCanonicalLocales(e)[0]}catch{}return n&&this.options.lowerCaseLng&&(n=n.toLowerCase()),n||(this.options.lowerCaseLng?e.toLowerCase():e)}return this.options.cleanCode||this.options.lowerCaseLng?e.toLowerCase():e}isSupportedCode(e){return(this.options.load==="languageOnly"||this.options.nonExplicitSupportedLngs)&&(e=this.getLanguagePartFromCode(e)),!this.supportedLngs||!this.supportedLngs.length||this.supportedLngs.indexOf(e)>-1}getBestMatchFromCodes(e){if(!e)return null;let n;return e.forEach(r=>{if(n)return;const i=this.formatLanguageCode(r);(!this.options.supportedLngs||this.isSupportedCode(i))&&(n=i)}),!n&&this.options.supportedLngs&&e.forEach(r=>{if(n)return;const i=this.getLanguagePartFromCode(r);if(this.isSupportedCode(i))return n=i;n=this.options.supportedLngs.find(s=>{if(s===i)return s;if(!(s.indexOf("-")<0&&i.indexOf("-")<0)&&(s.indexOf("-")>0&&i.indexOf("-")<0&&s.substring(0,s.indexOf("-"))===i||s.indexOf(i)===0&&i.length>1))return s})}),n||(n=this.getFallbackCodes(this.options.fallbackLng)[0]),n}getFallbackCodes(e,n){if(!e)return[];if(typeof e=="function"&&(e=e(n)),ne(e)&&(e=[e]),Array.isArray(e))return e;if(!n)return e.default||[];let r=e[n];return r||(r=e[this.getScriptPartFromCode(n)]),r||(r=e[this.formatLanguageCode(n)]),r||(r=e[this.getLanguagePartFromCode(n)]),r||(r=e.default),r||[]}toResolveHierarchy(e,n){const r=this.getFallbackCodes(n||this.options.fallbackLng||[],e),i=[],s=a=>{a&&(this.isSupportedCode(a)?i.push(a):this.logger.warn(`rejecting language code not found in supportedLngs: ${a}`))};return ne(e)&&(e.indexOf("-")>-1||e.indexOf("_")>-1)?(this.options.load!=="languageOnly"&&s(this.formatLanguageCode(e)),this.options.load!=="languageOnly"&&this.options.load!=="currentOnly"&&s(this.getScriptPartFromCode(e)),this.options.load!=="currentOnly"&&s(this.getLanguagePartFromCode(e))):ne(e)&&s(this.formatLanguageCode(e)),r.forEach(a=>{i.indexOf(a)<0&&s(this.formatLanguageCode(a))}),i}}const Tu={zero:0,one:1,two:2,few:3,many:4,other:5},Pu={select:t=>t===1?"one":"other",resolvedOptions:()=>({pluralCategories:["one","other"]})};class Lm{constructor(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};this.languageUtils=e,this.options=n,this.logger=St.create("pluralResolver"),this.pluralRulesCache={}}addRule(e,n){this.rules[e]=n}clearCache(){this.pluralRulesCache={}}getRule(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};const r=Xi(e==="dev"?"en":e),i=n.ordinal?"ordinal":"cardinal",s=JSON.stringify({cleanedCode:r,type:i});if(s in this.pluralRulesCache)return this.pluralRulesCache[s];let a;try{a=new Intl.PluralRules(r,{type:i})}catch{if(!Intl)return this.logger.error("No Intl support, please use an Intl polyfill!"),Pu;if(!e.match(/-|_/))return Pu;const l=this.languageUtils.getLanguagePartFromCode(e);a=this.getRule(l,n)}return this.pluralRulesCache[s]=a,a}needsPlural(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r=this.getRule(e,n);return r||(r=this.getRule("dev",n)),(r==null?void 0:r.resolvedOptions().pluralCategories.length)>1}getPluralFormsOfKey(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this.getSuffixes(e,r).map(i=>`${n}${i}`)}getSuffixes(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{},r=this.getRule(e,n);return r||(r=this.getRule("dev",n)),r?r.resolvedOptions().pluralCategories.sort((i,s)=>Tu[i]-Tu[s]).map(i=>`${this.options.prepend}${n.ordinal?`ordinal${this.options.prepend}`:""}${i}`):[]}getSuffix(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};const i=this.getRule(e,r);return i?`${this.options.prepend}${r.ordinal?`ordinal${this.options.prepend}`:""}${i.select(n)}`:(this.logger.warn(`no plural rule found for: ${e}`),this.getSuffix("dev",n,r))}}const Ru=function(t,e,n){let r=arguments.length>3&&arguments[3]!==void 0?arguments[3]:".",i=arguments.length>4&&arguments[4]!==void 0?arguments[4]:!0,s=Cm(t,e,n);return!s&&i&&ne(n)&&(s=Sa(t,n,r),s===void 0&&(s=Sa(e,n,r))),s},ta=t=>t.replace(/\$/g,"$$$$");class Um{constructor(){var n;let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=St.create("interpolator"),this.options=e,this.format=((n=e==null?void 0:e.interpolation)==null?void 0:n.format)||(r=>r),this.init(e)}init(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};e.interpolation||(e.interpolation={escapeValue:!0});const{escape:n,escapeValue:r,useRawValueToEscape:i,prefix:s,prefixEscaped:a,suffix:c,suffixEscaped:l,formatSeparator:u,unescapeSuffix:p,unescapePrefix:h,nestingPrefix:m,nestingPrefixEscaped:v,nestingSuffix:f,nestingSuffixEscaped:_,nestingOptionsSeparator:w,maxReplaces:S,alwaysFormat:C}=e.interpolation;this.escape=n!==void 0?n:$m,this.escapeValue=r!==void 0?r:!0,this.useRawValueToEscape=i!==void 0?i:!1,this.prefix=s?Un(s):a||"{{",this.suffix=c?Un(c):l||"}}",this.formatSeparator=u||",",this.unescapePrefix=p?"":h||"-",this.unescapeSuffix=this.unescapePrefix?"":p||"",this.nestingPrefix=m?Un(m):v||Un("$t("),this.nestingSuffix=f?Un(f):_||Un(")"),this.nestingOptionsSeparator=w||",",this.maxReplaces=S||1e3,this.alwaysFormat=C!==void 0?C:!1,this.resetRegExp()}reset(){this.options&&this.init(this.options)}resetRegExp(){const e=(n,r)=>(n==null?void 0:n.source)===r?(n.lastIndex=0,n):new RegExp(r,"g");this.regexp=e(this.regexp,`${this.prefix}(.+?)${this.suffix}`),this.regexpUnescape=e(this.regexpUnescape,`${this.prefix}${this.unescapePrefix}(.+?)${this.unescapeSuffix}${this.suffix}`),this.nestingRegexp=e(this.nestingRegexp,`${this.nestingPrefix}(.+?)${this.nestingSuffix}`)}interpolate(e,n,r,i){var v;let s,a,c;const l=this.options&&this.options.interpolation&&this.options.interpolation.defaultVariables||{},u=f=>{if(f.indexOf(this.formatSeparator)<0){const C=Ru(n,l,f,this.options.keySeparator,this.options.ignoreJSONStructure);return this.alwaysFormat?this.format(C,void 0,r,{...i,...n,interpolationkey:f}):C}const _=f.split(this.formatSeparator),w=_.shift().trim(),S=_.join(this.formatSeparator).trim();return this.format(Ru(n,l,w,this.options.keySeparator,this.options.ignoreJSONStructure),S,r,{...i,...n,interpolationkey:w})};this.resetRegExp();const p=(i==null?void 0:i.missingInterpolationHandler)||this.options.missingInterpolationHandler,h=((v=i==null?void 0:i.interpolation)==null?void 0:v.skipOnVariables)!==void 0?i.interpolation.skipOnVariables:this.options.interpolation.skipOnVariables;return[{regex:this.regexpUnescape,safeValue:f=>ta(f)},{regex:this.regexp,safeValue:f=>this.escapeValue?ta(this.escape(f)):ta(f)}].forEach(f=>{for(c=0;s=f.regex.exec(e);){const _=s[1].trim();if(a=u(_),a===void 0)if(typeof p=="function"){const S=p(e,s,i);a=ne(S)?S:""}else if(i&&Object.prototype.hasOwnProperty.call(i,_))a="";else if(h){a=s[0];continue}else this.logger.warn(`missed to pass in variable ${_} for interpolating ${e}`),a="";else!ne(a)&&!this.useRawValueToEscape&&(a=zu(a));const w=f.safeValue(a);if(e=e.replace(s[0],w),h?(f.regex.lastIndex+=a.length,f.regex.lastIndex-=s[0].length):f.regex.lastIndex=0,c++,c>=this.maxReplaces)break}}),e}nest(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},i,s,a;const c=(l,u)=>{const p=this.nestingOptionsSeparator;if(l.indexOf(p)<0)return l;const h=l.split(new RegExp(`${p}[ ]*{`));let m=`{${h[1]}`;l=h[0],m=this.interpolate(m,a);const v=m.match(/'/g),f=m.match(/"/g);(((v==null?void 0:v.length)??0)%2===0&&!f||f.length%2!==0)&&(m=m.replace(/'/g,'"'));try{a=JSON.parse(m),u&&(a={...u,...a})}catch(_){return this.logger.warn(`failed parsing options string in nesting for key ${l}`,_),`${l}${p}${m}`}return a.defaultValue&&a.defaultValue.indexOf(this.prefix)>-1&&delete a.defaultValue,l};for(;i=this.nestingRegexp.exec(e);){let l=[];a={...r},a=a.replace&&!ne(a.replace)?a.replace:a,a.applyPostProcessor=!1,delete a.defaultValue;let u=!1;if(i[0].indexOf(this.formatSeparator)!==-1&&!/{.*}/.test(i[1])){const p=i[1].split(this.formatSeparator).map(h=>h.trim());i[1]=p.shift(),l=p,u=!0}if(s=n(c.call(this,i[1].trim(),a),a),s&&i[0]===e&&!ne(s))return s;ne(s)||(s=zu(s)),s||(this.logger.warn(`missed to resolve ${i[1]} for nesting ${e}`),s=""),u&&(s=l.reduce((p,h)=>this.format(p,h,r.lng,{...r,interpolationkey:i[1].trim()}),s.trim())),e=e.replace(i[0],s),this.regexp.lastIndex=0}return e}}const Vm=t=>{let e=t.toLowerCase().trim();const n={};if(t.indexOf("(")>-1){const r=t.split("(");e=r[0].toLowerCase().trim();const i=r[1].substring(0,r[1].length-1);e==="currency"&&i.indexOf(":")<0?n.currency||(n.currency=i.trim()):e==="relativetime"&&i.indexOf(":")<0?n.range||(n.range=i.trim()):i.split(";").forEach(a=>{if(a){const[c,...l]=a.split(":"),u=l.join(":").trim().replace(/^'+|'+$/g,""),p=c.trim();n[p]||(n[p]=u),u==="false"&&(n[p]=!1),u==="true"&&(n[p]=!0),isNaN(u)||(n[p]=parseInt(u,10))}})}return{formatName:e,formatOptions:n}},Vn=t=>{const e={};return(n,r,i)=>{let s=i;i&&i.interpolationkey&&i.formatParams&&i.formatParams[i.interpolationkey]&&i[i.interpolationkey]&&(s={...s,[i.interpolationkey]:void 0});const a=r+JSON.stringify(s);let c=e[a];return c||(c=t(Xi(r),i),e[a]=c),c(n)}};class qm{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};this.logger=St.create("formatter"),this.options=e,this.formats={number:Vn((n,r)=>{const i=new Intl.NumberFormat(n,{...r});return s=>i.format(s)}),currency:Vn((n,r)=>{const i=new Intl.NumberFormat(n,{...r,style:"currency"});return s=>i.format(s)}),datetime:Vn((n,r)=>{const i=new Intl.DateTimeFormat(n,{...r});return s=>i.format(s)}),relativetime:Vn((n,r)=>{const i=new Intl.RelativeTimeFormat(n,{...r});return s=>i.format(s,r.range||"day")}),list:Vn((n,r)=>{const i=new Intl.ListFormat(n,{...r});return s=>i.format(s)})},this.init(e)}init(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{interpolation:{}};this.formatSeparator=n.interpolation.formatSeparator||","}add(e,n){this.formats[e.toLowerCase().trim()]=n}addCached(e,n){this.formats[e.toLowerCase().trim()]=Vn(n)}format(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};const s=n.split(this.formatSeparator);if(s.length>1&&s[0].indexOf("(")>1&&s[0].indexOf(")")<0&&s.find(c=>c.indexOf(")")>-1)){const c=s.findIndex(l=>l.indexOf(")")>-1);s[0]=[s[0],...s.splice(1,c)].join(this.formatSeparator)}return s.reduce((c,l)=>{var h;const{formatName:u,formatOptions:p}=Vm(l);if(this.formats[u]){let m=c;try{const v=((h=i==null?void 0:i.formatParams)==null?void 0:h[i.interpolationkey])||{},f=v.locale||v.lng||i.locale||i.lng||r;m=this.formats[u](c,f,{...p,...i,...v})}catch(v){this.logger.warn(v)}return m}else this.logger.warn(`there was no format function for ${u}`);return c},e)}}const Mm=(t,e)=>{t.pending[e]!==void 0&&(delete t.pending[e],t.pendingCount--)};class Dm extends Gs{constructor(e,n,r){var s,a;let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:{};super(),this.backend=e,this.store=n,this.services=r,this.languageUtils=r.languageUtils,this.options=i,this.logger=St.create("backendConnector"),this.waitingReads=[],this.maxParallelReads=i.maxParallelReads||10,this.readingCalls=0,this.maxRetries=i.maxRetries>=0?i.maxRetries:5,this.retryTimeout=i.retryTimeout>=1?i.retryTimeout:350,this.state={},this.queue=[],(a=(s=this.backend)==null?void 0:s.init)==null||a.call(s,r,i.backend,i)}queueLoad(e,n,r,i){const s={},a={},c={},l={};return e.forEach(u=>{let p=!0;n.forEach(h=>{const m=`${u}|${h}`;!r.reload&&this.store.hasResourceBundle(u,h)?this.state[m]=2:this.state[m]<0||(this.state[m]===1?a[m]===void 0&&(a[m]=!0):(this.state[m]=1,p=!1,a[m]===void 0&&(a[m]=!0),s[m]===void 0&&(s[m]=!0),l[h]===void 0&&(l[h]=!0)))}),p||(c[u]=!0)}),(Object.keys(s).length||Object.keys(a).length)&&this.queue.push({pending:a,pendingCount:Object.keys(a).length,loaded:{},errors:[],callback:i}),{toLoad:Object.keys(s),pending:Object.keys(a),toLoadLanguages:Object.keys(c),toLoadNamespaces:Object.keys(l)}}loaded(e,n,r){const i=e.split("|"),s=i[0],a=i[1];n&&this.emit("failedLoading",s,a,n),!n&&r&&this.store.addResourceBundle(s,a,r,void 0,void 0,{skipCopy:!0}),this.state[e]=n?-1:2,n&&r&&(this.state[e]=0);const c={};this.queue.forEach(l=>{Nm(l.loaded,[s],a),Mm(l,e),n&&l.errors.push(n),l.pendingCount===0&&!l.done&&(Object.keys(l.loaded).forEach(u=>{c[u]||(c[u]={});const p=l.loaded[u];p.length&&p.forEach(h=>{c[u][h]===void 0&&(c[u][h]=!0)})}),l.done=!0,l.errors.length?l.callback(l.errors):l.callback())}),this.emit("loaded",c),this.queue=this.queue.filter(l=>!l.done)}read(e,n,r){let i=arguments.length>3&&arguments[3]!==void 0?arguments[3]:0,s=arguments.length>4&&arguments[4]!==void 0?arguments[4]:this.retryTimeout,a=arguments.length>5?arguments[5]:void 0;if(!e.length)return a(null,{});if(this.readingCalls>=this.maxParallelReads){this.waitingReads.push({lng:e,ns:n,fcName:r,tried:i,wait:s,callback:a});return}this.readingCalls++;const c=(u,p)=>{if(this.readingCalls--,this.waitingReads.length>0){const h=this.waitingReads.shift();this.read(h.lng,h.ns,h.fcName,h.tried,h.wait,h.callback)}if(u&&p&&i<this.maxRetries){setTimeout(()=>{this.read.call(this,e,n,r,i+1,s*2,a)},s);return}a(u,p)},l=this.backend[r].bind(this.backend);if(l.length===2){try{const u=l(e,n);u&&typeof u.then=="function"?u.then(p=>c(null,p)).catch(c):c(null,u)}catch(u){c(u)}return}return l(e,n,c)}prepareLoading(e,n){let r=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{},i=arguments.length>3?arguments[3]:void 0;if(!this.backend)return this.logger.warn("No backend was added via i18next.use. Will not load resources."),i&&i();ne(e)&&(e=this.languageUtils.toResolveHierarchy(e)),ne(n)&&(n=[n]);const s=this.queueLoad(e,n,r,i);if(!s.toLoad.length)return s.pending.length||i(),null;s.toLoad.forEach(a=>{this.loadOne(a)})}load(e,n,r){this.prepareLoading(e,n,{},r)}reload(e,n,r){this.prepareLoading(e,n,{reload:!0},r)}loadOne(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"";const r=e.split("|"),i=r[0],s=r[1];this.read(i,s,"read",void 0,void 0,(a,c)=>{a&&this.logger.warn(`${n}loading namespace ${s} for language ${i} failed`,a),!a&&c&&this.logger.log(`${n}loaded namespace ${s} for language ${i}`,c),this.loaded(e,a,c)})}saveMissing(e,n,r,i,s){var l,u,p,h,m;let a=arguments.length>5&&arguments[5]!==void 0?arguments[5]:{},c=arguments.length>6&&arguments[6]!==void 0?arguments[6]:()=>{};if((u=(l=this.services)==null?void 0:l.utils)!=null&&u.hasLoadedNamespace&&!((h=(p=this.services)==null?void 0:p.utils)!=null&&h.hasLoadedNamespace(n))){this.logger.warn(`did not save key "${r}" as the namespace "${n}" was not yet loaded`,"This means something IS WRONG in your setup. You access the t function before i18next.init / i18next.loadNamespace / i18next.changeLanguage was done. Wait for the callback or Promise to resolve before accessing it!!!");return}if(!(r==null||r==="")){if((m=this.backend)!=null&&m.create){const v={...a,isUpdate:s},f=this.backend.create.bind(this.backend);if(f.length<6)try{let _;f.length===5?_=f(e,n,r,i,v):_=f(e,n,r,i),_&&typeof _.then=="function"?_.then(w=>c(null,w)).catch(c):c(null,_)}catch(_){c(_)}else f(e,n,r,i,c,v)}!e||!e[0]||this.store.addResource(e[0],n,r,i)}}}const Lu=()=>({debug:!1,initAsync:!0,ns:["translation"],defaultNS:["translation"],fallbackLng:["dev"],fallbackNS:!1,supportedLngs:!1,nonExplicitSupportedLngs:!1,load:"all",preload:!1,simplifyPluralSuffix:!0,keySeparator:".",nsSeparator:":",pluralSeparator:"_",contextSeparator:"_",partialBundledLanguages:!1,saveMissing:!1,updateMissing:!1,saveMissingTo:"fallback",saveMissingPlurals:!0,missingKeyHandler:!1,missingInterpolationHandler:!1,postProcess:!1,postProcessPassResolved:!1,returnNull:!1,returnEmptyString:!0,returnObjects:!1,joinArrays:!1,returnedObjectHandler:!1,parseMissingKeyHandler:!1,appendNamespaceToMissingKey:!1,appendNamespaceToCIMode:!1,overloadTranslationOptionHandler:t=>{let e={};if(typeof t[1]=="object"&&(e=t[1]),ne(t[1])&&(e.defaultValue=t[1]),ne(t[2])&&(e.tDescription=t[2]),typeof t[2]=="object"||typeof t[3]=="object"){const n=t[3]||t[2];Object.keys(n).forEach(r=>{e[r]=n[r]})}return e},interpolation:{escapeValue:!0,format:t=>t,prefix:"{{",suffix:"}}",formatSeparator:",",unescapePrefix:"-",nestingPrefix:"$t(",nestingSuffix:")",nestingOptionsSeparator:",",maxReplaces:1e3,skipOnVariables:!0}}),Uu=t=>{var e,n;return ne(t.ns)&&(t.ns=[t.ns]),ne(t.fallbackLng)&&(t.fallbackLng=[t.fallbackLng]),ne(t.fallbackNS)&&(t.fallbackNS=[t.fallbackNS]),((n=(e=t.supportedLngs)==null?void 0:e.indexOf)==null?void 0:n.call(e,"cimode"))<0&&(t.supportedLngs=t.supportedLngs.concat(["cimode"])),typeof t.initImmediate=="boolean"&&(t.initAsync=t.initImmediate),t},Ci=()=>{},Hm=t=>{Object.getOwnPropertyNames(Object.getPrototypeOf(t)).forEach(n=>{typeof t[n]=="function"&&(t[n]=t[n].bind(t))})};class qr extends Gs{constructor(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1?arguments[1]:void 0;if(super(),this.options=Uu(e),this.services={},this.logger=St,this.modules={external:[]},Hm(this),n&&!this.isInitialized&&!e.isClone){if(!this.options.initAsync)return this.init(e,n),this;setTimeout(()=>{this.init(e,n)},0)}}init(){var e=this;let n=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},r=arguments.length>1?arguments[1]:void 0;this.isInitializing=!0,typeof n=="function"&&(r=n,n={}),!n.defaultNS&&n.defaultNS!==!1&&n.ns&&(ne(n.ns)?n.defaultNS=n.ns:n.ns.indexOf("translation")<0&&(n.defaultNS=n.ns[0]));const i=Lu();this.options={...i,...this.options,...Uu(n)},this.options.interpolation={...i.interpolation,...this.options.interpolation},n.keySeparator!==void 0&&(this.options.userDefinedKeySeparator=n.keySeparator),n.nsSeparator!==void 0&&(this.options.userDefinedNsSeparator=n.nsSeparator);const s=p=>p?typeof p=="function"?new p:p:null;if(!this.options.isClone){this.modules.logger?St.init(s(this.modules.logger),this.options):St.init(null,this.options);let p;this.modules.formatter?p=this.modules.formatter:p=qm;const h=new Bu(this.options);this.store=new $u(this.options.resources,this.options);const m=this.services;m.logger=St,m.resourceStore=this.store,m.languageUtils=h,m.pluralResolver=new Lm(h,{prepend:this.options.pluralSeparator,simplifyPluralSuffix:this.options.simplifyPluralSuffix}),p&&(!this.options.interpolation.format||this.options.interpolation.format===i.interpolation.format)&&(m.formatter=s(p),m.formatter.init(m,this.options),this.options.interpolation.format=m.formatter.format.bind(m.formatter)),m.interpolator=new Um(this.options),m.utils={hasLoadedNamespace:this.hasLoadedNamespace.bind(this)},m.backendConnector=new Dm(s(this.modules.backend),m.resourceStore,m,this.options),m.backendConnector.on("*",function(v){for(var f=arguments.length,_=new Array(f>1?f-1:0),w=1;w<f;w++)_[w-1]=arguments[w];e.emit(v,..._)}),this.modules.languageDetector&&(m.languageDetector=s(this.modules.languageDetector),m.languageDetector.init&&m.languageDetector.init(m,this.options.detection,this.options)),this.modules.i18nFormat&&(m.i18nFormat=s(this.modules.i18nFormat),m.i18nFormat.init&&m.i18nFormat.init(this)),this.translator=new es(this.services,this.options),this.translator.on("*",function(v){for(var f=arguments.length,_=new Array(f>1?f-1:0),w=1;w<f;w++)_[w-1]=arguments[w];e.emit(v,..._)}),this.modules.external.forEach(v=>{v.init&&v.init(this)})}if(this.format=this.options.interpolation.format,r||(r=Ci),this.options.fallbackLng&&!this.services.languageDetector&&!this.options.lng){const p=this.services.languageUtils.getFallbackCodes(this.options.fallbackLng);p.length>0&&p[0]!=="dev"&&(this.options.lng=p[0])}!this.services.languageDetector&&!this.options.lng&&this.logger.warn("init: no languageDetector is used and no lng is defined"),["getResource","hasResourceBundle","getResourceBundle","getDataByLanguage"].forEach(p=>{this[p]=function(){return e.store[p](...arguments)}}),["addResource","addResources","addResourceBundle","removeResourceBundle"].forEach(p=>{this[p]=function(){return e.store[p](...arguments),e}});const l=Ar(),u=()=>{const p=(h,m)=>{this.isInitializing=!1,this.isInitialized&&!this.initializedStoreOnce&&this.logger.warn("init: i18next is already initialized. You should call init just once!"),this.isInitialized=!0,this.options.isClone||this.logger.log("initialized",this.options),this.emit("initialized",this.options),l.resolve(m),r(h,m)};if(this.languages&&!this.isInitialized)return p(null,this.t.bind(this));this.changeLanguage(this.options.lng,p)};return this.options.resources||!this.options.initAsync?u():setTimeout(u,0),l}loadResources(e){var s,a;let r=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ci;const i=ne(e)?e:this.language;if(typeof e=="function"&&(r=e),!this.options.resources||this.options.partialBundledLanguages){if((i==null?void 0:i.toLowerCase())==="cimode"&&(!this.options.preload||this.options.preload.length===0))return r();const c=[],l=u=>{if(!u||u==="cimode")return;this.services.languageUtils.toResolveHierarchy(u).forEach(h=>{h!=="cimode"&&c.indexOf(h)<0&&c.push(h)})};i?l(i):this.services.languageUtils.getFallbackCodes(this.options.fallbackLng).forEach(p=>l(p)),(a=(s=this.options.preload)==null?void 0:s.forEach)==null||a.call(s,u=>l(u)),this.services.backendConnector.load(c,this.options.ns,u=>{!u&&!this.resolvedLanguage&&this.language&&this.setResolvedLanguage(this.language),r(u)})}else r(null)}reloadResources(e,n,r){const i=Ar();return typeof e=="function"&&(r=e,e=void 0),typeof n=="function"&&(r=n,n=void 0),e||(e=this.languages),n||(n=this.options.ns),r||(r=Ci),this.services.backendConnector.reload(e,n,s=>{i.resolve(),r(s)}),i}use(e){if(!e)throw new Error("You are passing an undefined module! Please check the object you are passing to i18next.use()");if(!e.type)throw new Error("You are passing a wrong module! Please check the object you are passing to i18next.use()");return e.type==="backend"&&(this.modules.backend=e),(e.type==="logger"||e.log&&e.warn&&e.error)&&(this.modules.logger=e),e.type==="languageDetector"&&(this.modules.languageDetector=e),e.type==="i18nFormat"&&(this.modules.i18nFormat=e),e.type==="postProcessor"&&sf.addPostProcessor(e),e.type==="formatter"&&(this.modules.formatter=e),e.type==="3rdParty"&&this.modules.external.push(e),this}setResolvedLanguage(e){if(!(!e||!this.languages)&&!(["cimode","dev"].indexOf(e)>-1))for(let n=0;n<this.languages.length;n++){const r=this.languages[n];if(!(["cimode","dev"].indexOf(r)>-1)&&this.store.hasLanguageSomeTranslations(r)){this.resolvedLanguage=r;break}}}changeLanguage(e,n){var r=this;this.isLanguageChangingTo=e;const i=Ar();this.emit("languageChanging",e);const s=l=>{this.language=l,this.languages=this.services.languageUtils.toResolveHierarchy(l),this.resolvedLanguage=void 0,this.setResolvedLanguage(l)},a=(l,u)=>{u?(s(u),this.translator.changeLanguage(u),this.isLanguageChangingTo=void 0,this.emit("languageChanged",u),this.logger.log("languageChanged",u)):this.isLanguageChangingTo=void 0,i.resolve(function(){return r.t(...arguments)}),n&&n(l,function(){return r.t(...arguments)})},c=l=>{var p,h;!e&&!l&&this.services.languageDetector&&(l=[]);const u=ne(l)?l:this.services.languageUtils.getBestMatchFromCodes(l);u&&(this.language||s(u),this.translator.language||this.translator.changeLanguage(u),(h=(p=this.services.languageDetector)==null?void 0:p.cacheUserLanguage)==null||h.call(p,u)),this.loadResources(u,m=>{a(m,u)})};return!e&&this.services.languageDetector&&!this.services.languageDetector.async?c(this.services.languageDetector.detect()):!e&&this.services.languageDetector&&this.services.languageDetector.async?this.services.languageDetector.detect.length===0?this.services.languageDetector.detect().then(c):this.services.languageDetector.detect(c):c(e),i}getFixedT(e,n,r){var i=this;const s=function(a,c){let l;if(typeof c!="object"){for(var u=arguments.length,p=new Array(u>2?u-2:0),h=2;h<u;h++)p[h-2]=arguments[h];l=i.options.overloadTranslationOptionHandler([a,c].concat(p))}else l={...c};l.lng=l.lng||s.lng,l.lngs=l.lngs||s.lngs,l.ns=l.ns||s.ns,l.keyPrefix!==""&&(l.keyPrefix=l.keyPrefix||r||s.keyPrefix);const m=i.options.keySeparator||".";let v;return l.keyPrefix&&Array.isArray(a)?v=a.map(f=>`${l.keyPrefix}${m}${f}`):v=l.keyPrefix?`${l.keyPrefix}${m}${a}`:a,i.t(v,l)};return ne(e)?s.lng=e:s.lngs=e,s.ns=n,s.keyPrefix=r,s}t(){var i;for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return(i=this.translator)==null?void 0:i.translate(...n)}exists(){var i;for(var e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];return(i=this.translator)==null?void 0:i.exists(...n)}setDefaultNamespace(e){this.options.defaultNS=e}hasLoadedNamespace(e){let n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};if(!this.isInitialized)return this.logger.warn("hasLoadedNamespace: i18next was not initialized",this.languages),!1;if(!this.languages||!this.languages.length)return this.logger.warn("hasLoadedNamespace: i18n.languages were undefined or empty",this.languages),!1;const r=n.lng||this.resolvedLanguage||this.languages[0],i=this.options?this.options.fallbackLng:!1,s=this.languages[this.languages.length-1];if(r.toLowerCase()==="cimode")return!0;const a=(c,l)=>{const u=this.services.backendConnector.state[`${c}|${l}`];return u===-1||u===0||u===2};if(n.precheck){const c=n.precheck(this,a);if(c!==void 0)return c}return!!(this.hasResourceBundle(r,e)||!this.services.backendConnector.backend||this.options.resources&&!this.options.partialBundledLanguages||a(r,e)&&(!i||a(s,e)))}loadNamespaces(e,n){const r=Ar();return this.options.ns?(ne(e)&&(e=[e]),e.forEach(i=>{this.options.ns.indexOf(i)<0&&this.options.ns.push(i)}),this.loadResources(i=>{r.resolve(),n&&n(i)}),r):(n&&n(),Promise.resolve())}loadLanguages(e,n){const r=Ar();ne(e)&&(e=[e]);const i=this.options.preload||[],s=e.filter(a=>i.indexOf(a)<0&&this.services.languageUtils.isSupportedCode(a));return s.length?(this.options.preload=i.concat(s),this.loadResources(a=>{r.resolve(),n&&n(a)}),r):(n&&n(),Promise.resolve())}dir(e){var i,s;if(e||(e=this.resolvedLanguage||(((i=this.languages)==null?void 0:i.length)>0?this.languages[0]:this.language)),!e)return"rtl";const n=["ar","shu","sqr","ssh","xaa","yhd","yud","aao","abh","abv","acm","acq","acw","acx","acy","adf","ads","aeb","aec","afb","ajp","apc","apd","arb","arq","ars","ary","arz","auz","avl","ayh","ayl","ayn","ayp","bbz","pga","he","iw","ps","pbt","pbu","pst","prp","prd","ug","ur","ydd","yds","yih","ji","yi","hbo","men","xmn","fa","jpr","peo","pes","prs","dv","sam","ckb"],r=((s=this.services)==null?void 0:s.languageUtils)||new Bu(Lu());return n.indexOf(r.getLanguagePartFromCode(e))>-1||e.toLowerCase().indexOf("-arab")>1?"rtl":"ltr"}static createInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1?arguments[1]:void 0;return new qr(e,n)}cloneInstance(){let e=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},n=arguments.length>1&&arguments[1]!==void 0?arguments[1]:Ci;const r=e.forkResourceStore;r&&delete e.forkResourceStore;const i={...this.options,...e,isClone:!0},s=new qr(i);if((e.debug!==void 0||e.prefix!==void 0)&&(s.logger=s.logger.clone(e)),["store","services","language"].forEach(c=>{s[c]=this[c]}),s.services={...this.services},s.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},r){const c=Object.keys(this.store.data).reduce((l,u)=>(l[u]={...this.store.data[u]},Object.keys(l[u]).reduce((p,h)=>(p[h]={...l[u][h]},p),{})),{});s.store=new $u(c,i),s.services.resourceStore=s.store}return s.translator=new es(s.services,i),s.translator.on("*",function(c){for(var l=arguments.length,u=new Array(l>1?l-1:0),p=1;p<l;p++)u[p-1]=arguments[p];s.emit(c,...u)}),s.init(i,n),s.translator.options=i,s.translator.backendConnector.services.utils={hasLoadedNamespace:s.hasLoadedNamespace.bind(s)},s}toJSON(){return{options:this.options,store:this.store,language:this.language,languages:this.languages,resolvedLanguage:this.resolvedLanguage}}}const P=qr.createInstance();P.createInstance=qr.createInstance;P.createInstance;P.dir;P.init;P.loadResources;P.reloadResources;P.use;P.changeLanguage;P.getFixedT;const se=P.t;P.exists;P.setDefaultNamespace;P.hasLoadedNamespace;P.loadNamespaces;P.loadLanguages;const nn=o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()}),of=o.z.object({created_at:o.z.string(),updated_at:o.z.string()}),af=o.z.object({email:o.z.string().optional(),email_verified:o.z.boolean().optional(),name:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),phone_number:o.z.string().optional(),phone_verified:o.z.boolean().optional(),family_name:o.z.string().optional()}).catchall(o.z.any()),cf=o.z.object({connection:o.z.string(),user_id:o.z.string(),provider:o.z.string(),isSocial:o.z.boolean(),access_token:o.z.string().optional(),access_token_secret:o.z.string().optional(),refresh_token:o.z.string().optional(),profileData:af.optional()}),Js=o.z.object({email:o.z.string().optional(),username:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),nickname:o.z.string().optional(),name:o.z.string().optional(),picture:o.z.string().optional(),locale:o.z.string().optional(),linked_to:o.z.string().optional(),profileData:o.z.string().optional(),user_id:o.z.string().optional(),app_metadata:o.z.any().default({}).optional(),user_metadata:o.z.any().default({}).optional()}),ts=Js.extend({email_verified:o.z.boolean().default(!1),verify_email:o.z.boolean().optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string().optional(),provider:o.z.string().default("email"),connection:o.z.string().default("email"),is_social:o.z.boolean().optional()}),el=o.z.object({...ts.shape,...of.shape,user_id:o.z.string(),is_social:o.z.boolean(),email:o.z.string(),login_count:o.z.number(),identities:o.z.array(cf).optional()}),xt=el,Fm=Js.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any()),Km="useandom-26T198340PX75pxJACKVERYMINDBUSHWOLF_GQZbfghjklqvwyzrict";let Wm=(t=21)=>{let e="",n=crypto.getRandomValues(new Uint8Array(t));for(;t--;)e+=Km[n[t]&63];return e};const lf=o.z.object({audience:o.z.string().optional(),recipient:o.z.string().optional(),createUpnClaim:o.z.boolean().optional(),mapUnknownClaimsAsIs:o.z.boolean().optional(),passthroughClaimsWithNoMapping:o.z.boolean().optional(),mapIdentities:o.z.boolean().optional(),signatureAlgorithm:o.z.string().optional(),digestAlgorithm:o.z.string().optional(),issuer:o.z.string().optional(),destination:o.z.string().optional(),lifetimeInSeconds:o.z.number().optional(),signResponse:o.z.boolean().optional(),nameIdentifierFormat:o.z.string().optional(),nameIdentifierProbes:o.z.array(o.z.string()).optional(),authnContextClassRef:o.z.string().optional(),mappings:o.z.record(o.z.string()).optional()}),ns=o.z.object({id:o.z.string(),name:o.z.string(),callbacks:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs whitelisted to use as a callback to the client after authentication."}),allowed_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level. Query strings and hash information are not taken into account when validating these URLs."}),web_origins:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode."}),allowed_logout_urls:o.z.array(o.z.string()).default([]).optional().openapi({description:"Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains."}),allowed_clients:o.z.array(o.z.string()).default([]).optional().openapi({description:"Ids of clients that will be allowed to perform delegation requests. Clients that will be allowed to make delegation request. By default, all your clients will be allowed. This field allows you to specify specific clients"}),addons:o.z.object({samlp:lf.optional()}).default({}).optional().openapi({description:"Addons associated with the client. The key is the addon's package name and the value is an object with the configuration for the addon."}),email_validation:o.z.enum(["enabled","disabled","enforced"]).default("enforced").optional().openapi({description:"Defines if it possible to sign in with an unverified email and if verification emails will be sent. This is not available in auth0"}),client_secret:o.z.string().default(()=>Wm()).optional(),disable_sign_ups:o.z.boolean().optional().default(!1).openapi({description:"Prevents users from signing up using the hosted login page. This is not available in auth0"})}),mn=o.z.object({created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t),...ns.shape});var Pt=(t=>(t.TOKEN="token",t.TOKEN_ID_TOKEN="token id_token",t.CODE="code",t))(Pt||{}),Yt=(t=>(t.QUERY="query",t.FRAGMENT="fragment",t.FORM_POST="form_post",t.WEB_MESSAGE="web_message",t.SAML_POST="saml_post",t))(Yt||{}),Zs=(t=>(t.S256="S256",t.Plain="plain",t))(Zs||{});const tl=o.z.object({client_id:o.z.string(),act_as:o.z.string().optional(),response_type:o.z.nativeEnum(Pt).optional(),response_mode:o.z.nativeEnum(Yt).optional(),redirect_uri:o.z.string().optional(),audience:o.z.string().optional(),organization:o.z.string().optional(),state:o.z.string().optional(),nonce:o.z.string().optional(),scope:o.z.string().optional(),prompt:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Zs).optional(),code_challenge:o.z.string().optional(),username:o.z.string().optional(),ui_locales:o.z.string().optional(),vendor_id:o.z.string().optional()}),Aa=o.z.object({colors:o.z.object({primary:o.z.string(),page_background:o.z.object({type:o.z.string().optional(),start:o.z.string().optional(),end:o.z.string().optional(),angle_deg:o.z.number().optional()}).optional()}).optional(),logo_url:o.z.string().optional(),favicon_url:o.z.string().optional(),font:o.z.object({url:o.z.string()}).optional()}),rs=o.z.object({id:o.z.string().optional(),name:o.z.string(),strategy:o.z.string(),options:o.z.object({kid:o.z.string().optional(),team_id:o.z.string().optional(),realms:o.z.string().optional(),client_id:o.z.string().optional(),client_secret:o.z.string().optional(),app_secret:o.z.string().optional(),scope:o.z.string().optional(),authorization_endpoint:o.z.string().default("").optional(),token_endpoint:o.z.string().default("").optional(),userinfo_endpoint:o.z.string().default("").optional(),jwks_uri:o.z.string().default("").optional(),discovery_url:o.z.string().default("").optional(),issuer:o.z.string().default("").optional()}).default({}).optional(),enabled_clients:o.z.array(o.z.string()).default([]).optional(),response_type:o.z.custom().optional(),response_mode:o.z.custom().optional()}),Ft=o.z.object({id:o.z.string(),created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t)}).extend(rs.shape),is=o.z.object({name:o.z.string(),audience:o.z.string(),sender_email:o.z.string().email(),sender_name:o.z.string(),support_url:o.z.string().url().optional(),logo:o.z.string().url().optional(),primary_color:o.z.string().optional(),secondary_color:o.z.string().optional(),language:o.z.string().optional(),id:o.z.string().optional()}),Fn=o.z.object({created_at:o.z.string().transform(t=>t===null?"":t),updated_at:o.z.string().transform(t=>t===null?"":t),...is.shape,id:o.z.string()}),uf=o.z.object({logoUrl:o.z.string(),loginBackgroundImage:o.z.string().nullish(),style:o.z.object({primaryColor:o.z.string(),buttonTextColor:o.z.string(),primaryHoverColor:o.z.string()}),supportEmail:o.z.string().nullable(),supportUrl:o.z.string().nullable(),name:o.z.string(),showGreyishBackground:o.z.boolean().optional(),termsAndConditionsUrl:o.z.string().nullable(),companyName:o.z.string().optional(),checkoutHideSocial:o.z.boolean().optional(),siteUrl:o.z.string().nullable(),manageSubscriptionsUrl:o.z.string().optional()});o.z.object({...mn.shape,tenant:Fn,connections:o.z.array(Ft)});const df=o.z.enum(["password_reset","email_verification","otp","authorization_code","oauth2_state","ticket"]),pf=o.z.object({code_id:o.z.string().openapi({description:"The code that will be used in for instance an email verification flow"}),login_id:o.z.string().openapi({description:"The id of the login session that the code is connected to"}),connection_id:o.z.string().optional().openapi({description:"The connection that the code is connected to"}),code_type:df,code_verifier:o.z.string().optional().openapi({description:"The code verifier used in PKCE in outbound flows"}),expires_at:o.z.string(),used_at:o.z.string().optional(),user_id:o.z.string().optional()}),Gm=o.z.object({...pf.shape,created_at:o.z.string()}),nl=o.z.object({domain:o.z.string(),type:o.z.enum(["auth0_managed_certs","self_managed_certs"]),verification_method:o.z.enum(["txt"]).optional(),tls_policy:o.z.enum(["recommended"]).optional(),custom_client_ip_header:o.z.enum(["true-client-ip","cf-connecting-ip","x-forwarded-for","x-azure-clientip","null"]).optional(),domain_metadata:o.z.record(o.z.string().max(255)).optional()}),fn=o.z.object({...nl.shape,custom_domain_id:o.z.string(),primary:o.z.boolean(),status:o.z.enum(["disabled","pending","pending_verification","ready"]),origin_domain_name:o.z.string().optional(),verification:o.z.object({}).optional(),tls_policy:o.z.string().optional()}),ss=o.z.object({trigger_id:o.z.enum(["pre-user-signup","post-user-registration","post-user-login"]),enabled:o.z.boolean().default(!1),url:o.z.string(),hook_id:o.z.string().optional(),synchronous:o.z.boolean().default(!1),priority:o.z.number().optional()}),Dn=ss.extend({...of.shape,hook_id:o.z.string()}),rl=o.z.object({alg:o.z.enum(["RS256","RS384","RS512","ES256","ES384","ES512","HS256","HS384","HS512"]),e:o.z.string(),kid:o.z.string(),kty:o.z.enum(["RSA","EC","oct"]),n:o.z.string(),x5t:o.z.string().optional(),x5c:o.z.array(o.z.string()).optional(),use:o.z.enum(["sig","enc"]).optional()}),ff=o.z.object({keys:o.z.array(rl)}),Ea=o.z.object({issuer:o.z.string(),authorization_endpoint:o.z.string(),token_endpoint:o.z.string(),device_authorization_endpoint:o.z.string(),userinfo_endpoint:o.z.string(),mfa_challenge_endpoint:o.z.string(),jwks_uri:o.z.string(),registration_endpoint:o.z.string(),revocation_endpoint:o.z.string(),scopes_supported:o.z.array(o.z.string()),response_types_supported:o.z.array(o.z.string()),code_challenge_methods_supported:o.z.array(o.z.string()),response_modes_supported:o.z.array(o.z.string()),subject_types_supported:o.z.array(o.z.string()),id_token_signing_alg_values_supported:o.z.array(o.z.string()),token_endpoint_auth_methods_supported:o.z.array(o.z.string()),claims_supported:o.z.array(o.z.string()),request_uri_parameter_supported:o.z.boolean(),request_parameter_supported:o.z.boolean(),token_endpoint_auth_signing_alg_values_supported:o.z.array(o.z.string())}),hf=o.z.object({csrf_token:o.z.string(),auth0Client:o.z.string().optional(),authParams:tl,expires_at:o.z.string(),deleted_at:o.z.string().optional(),ip:o.z.string().optional(),useragent:o.z.string().optional(),session_id:o.z.string().optional(),authorization_url:o.z.string().optional()}).openapi({description:"This represents a login sesion"}),Jm=o.z.object({...hf.shape,id:o.z.string().openapi({description:"This is is used as the state in the universal login"}),created_at:o.z.string(),updated_at:o.z.string()});var he=(t=>(t.FAILED_SILENT_AUTH="fsa",t.FAILED_SIGNUP="fs",t.FAILED_LOGIN="f",t.FAILED_LOGIN_INCORRECT_PASSWORD="fp",t.FAILED_CHANGE_PASSWORD="fcp",t.FAILED_BY_CONNECTOR="fc",t.FAILED_LOGIN_INVALID_EMAIL_USERNAME="fu",t.FAILED_HOOK="fh",t.FAILED_CROSS_ORIGIN_AUTHENTICATION="fcoa",t.SUCCESS_API_OPERATION="sapi",t.SUCCESS_CHANGE_PASSWORD="scp",t.SUCCESS_CHANGE_PASSWORD_REQUEST="scpr",t.SUCCESS_CHANGE_USERNAME="scu",t.SUCCESS_CROSS_ORIGIN_AUTHENTICATION="scoa",t.SUCCESS_EXCHANGE_AUTHORIZATION_CODE_FOR_ACCESS_TOKEN="seacft",t.SUCCESS_EXCHANGE_REFRESH_TOKEN_FOR_ACCESS_TOKEN="serft",t.SUCCESS_LOGIN="s",t.SUCCESS_LOGOUT="slo",t.SUCCESS_SIGNUP="ss",t.SUCCESS_SILENT_AUTH="ssa",t.SUCCESS_VERIFICATION_EMAIL="sv",t.SUCCESS_VERIFICATION_EMAIL_REQUEST="svr",t.CODE_LINK_SENT="cls",t.BLOCKED_ACCOUNT_EMAIL="limit_wc",t.BLOCKED_ACCOUNT_IP="limit_sul",t.BLOCKED_IP_ADDRESS="limit_mu",t))(he||{});const Zm=o.z.enum(["cls","fsa","fs","f","fc","fcoa","fcp","fh","fp","fs","fu","s","sapi","scoa","scp","scpr","scu","seacft","serft","slo","ss","ssa","sv","svr"]),gf=o.z.object({name:o.z.string(),version:o.z.string(),env:o.z.object({node:o.z.string().optional()}).optional()}),os=o.z.object({type:Zm,date:o.z.string(),description:o.z.string().optional(),log_id:o.z.string().optional(),_id:o.z.string().optional(),ip:o.z.string(),user_agent:o.z.string(),details:o.z.any().optional(),isMobile:o.z.boolean(),user_id:o.z.string().optional(),user_name:o.z.string().optional(),connection:o.z.string().optional(),connection_id:o.z.string().optional(),client_id:o.z.string().optional(),client_name:o.z.string().optional(),audience:o.z.string().optional(),scope:o.z.array(o.z.string()).optional(),strategy:o.z.string().optional(),strategy_type:o.z.string().optional(),hostname:o.z.string().optional(),auth0_client:gf.optional()}),mf=o.z.object({user_id:o.z.string(),password:o.z.string(),algorithm:o.z.enum(["bcrypt","argon2id"]).default("argon2id")}),Ym=o.z.object({...mf.shape,created_at:o.z.string(),updated_at:o.z.string()}),_f=o.z.object({initial_user_agent:o.z.string().describe("First user agent of the device from which this user logged in"),initial_ip:o.z.string().describe("First IP address associated with this session"),initial_asn:o.z.string().describe("First autonomous system number associated with this session"),last_user_agent:o.z.string().describe("Last user agent of the device from which this user logged in"),last_ip:o.z.string().describe("Last IP address from which this user logged in"),last_asn:o.z.string().describe("Last autonomous system number from which this user logged in")}),yf=o.z.object({id:o.z.string(),revoked_at:o.z.string().optional(),used_at:o.z.string().optional(),user_id:o.z.string().describe("The user ID associated with the session"),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),device:_f.describe("Metadata related to the device used in the session"),clients:o.z.array(o.z.string()).describe("List of client details for the session")}),Ys=o.z.object({created_at:o.z.string(),updated_at:o.z.string(),authenticated_at:o.z.string(),last_interaction_at:o.z.string(),...yf.shape}),Ia=o.z.object({kid:o.z.string().openapi({description:"The key id of the signing key"}),cert:o.z.string().openapi({description:"The public certificate of the signing key"}),fingerprint:o.z.string().openapi({description:"The cert fingerprint"}),thumbprint:o.z.string().openapi({description:"The cert thumbprint"}),pkcs7:o.z.string().optional().openapi({description:"The private key in pkcs7 format"}),current:o.z.boolean().optional().openapi({description:"True if the key is the current key"}),next:o.z.boolean().optional().openapi({description:"True if the key is the next key"}),previous:o.z.boolean().optional().openapi({description:"True if the key is the previous key"}),current_since:o.z.string().optional().openapi({description:"The date and time when the key became the current key"}),current_until:o.z.string().optional().openapi({description:"The date and time when the current key was rotated"}),revoked:o.z.boolean().optional().openapi({description:"True if the key is revoked"}),revoked_at:o.z.string().optional().openapi({description:"The date and time when the key was revoked"})});var Br=(t=>(t.RefreshToken="refresh_token",t.AuthorizationCode="authorization_code",t.ClientCredential="client_credentials",t.Passwordless="passwordless",t.Password="password",t))(Br||{});const vf=o.z.object({access_token:o.z.string(),id_token:o.z.string().optional(),scope:o.z.string().optional(),state:o.z.string().optional(),refresh_token:o.z.string().optional(),token_type:o.z.string(),expires_in:o.z.number()});o.z.object({code:o.z.string(),state:o.z.string().optional()});const wf=o.z.object({button_border_radius:o.z.number(),button_border_weight:o.z.number(),buttons_style:o.z.enum(["pill"]),input_border_radius:o.z.number(),input_border_weight:o.z.number(),inputs_style:o.z.enum(["pill"]),show_widget_shadow:o.z.boolean(),widget_border_weight:o.z.number(),widget_corner_radius:o.z.number()}),bf=o.z.object({base_focus_color:o.z.string(),base_hover_color:o.z.string(),body_text:o.z.string(),captcha_widget_theme:o.z.enum(["auto"]),error:o.z.string(),header:o.z.string(),icons:o.z.string(),input_background:o.z.string(),input_border:o.z.string(),input_filled_text:o.z.string(),input_labels_placeholders:o.z.string(),links_focused_components:o.z.string(),primary_button:o.z.string(),primary_button_label:o.z.string(),secondary_button_border:o.z.string(),secondary_button_label:o.z.string(),success:o.z.string(),widget_background:o.z.string(),widget_border:o.z.string()}),hn=o.z.object({bold:o.z.boolean(),size:o.z.number()}),kf=o.z.object({body_text:hn,buttons_text:hn,font_url:o.z.string(),input_labels:hn,links:hn,links_style:o.z.enum(["normal"]),reference_text_size:o.z.number(),subtitle:hn,title:hn}),xf=o.z.object({background_color:o.z.string(),background_image_url:o.z.string(),page_layout:o.z.enum(["center"])}),Sf=o.z.object({header_text_alignment:o.z.enum(["center"]),logo_height:o.z.number(),logo_position:o.z.enum(["center"]),logo_url:o.z.string(),social_buttons_layout:o.z.enum(["bottom"])}),Af=o.z.object({borders:wf,colors:bf,displayName:o.z.string(),fonts:kf,page_background:xf,widget:Sf}),Xm=Af.extend({themeId:o.z.string()}),Li=o.z.object({universal_login_experience:o.z.enum(["new","classic"]).default("new"),identifier_first:o.z.boolean().default(!0),password_first:o.z.boolean().default(!1),webauthn_platform_first_factor:o.z.boolean()}),Ui=o.z.object({name:o.z.string(),enabled:o.z.boolean().optional().default(!0),default_from_address:o.z.string().optional(),credentials:o.z.union([o.z.object({accessKeyId:o.z.string(),secretAccessKey:o.z.string(),region:o.z.string()}),o.z.object({smtp_host:o.z.array(o.z.string()),smtp_port:o.z.number(),smtp_user:o.z.string(),smtp_pass:o.z.string()}),o.z.object({api_key:o.z.string(),domain:o.z.string().optional()}),o.z.object({connectionString:o.z.string()}),o.z.object({tenantId:o.z.string(),clientId:o.z.string(),clientSecret:o.z.string()})]),settings:o.z.object({}).optional()}),il=o.z.object({id:o.z.string(),session_id:o.z.string(),user_id:o.z.string(),client_id:o.z.string(),expires_at:o.z.string().optional(),idle_expires_at:o.z.string().optional(),last_exchanged_at:o.z.string().optional(),device:_f,resource_servers:o.z.array(o.z.object({audience:o.z.string(),scopes:o.z.string()})),rotating:o.z.boolean()}),Qm=o.z.object({created_at:o.z.string(),...il.shape});function e_(t){const[e,n]=t.split("|");if(!e||!n)throw new Error(`Invalid user_id: ${t}`);return{connection:e,id:n}}const t_=new o.OpenAPIHono().openapi(o.createRoute({tags:["branding"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Aa}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.branding.get(e);return n?t.json(n):t.json({})}).openapi(o.createRoute({tags:["branding"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Aa.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.branding.set(e,n),t.text("OK")});var z=class extends Error{constructor(e=500,n){super(n==null?void 0:n.message,{cause:n==null?void 0:n.cause});te(this,"res");te(this,"status");this.res=n==null?void 0:n.res,this.status=e}getResponse(){return this.res?new Response(this.res.body,{status:this.status,headers:this.res.headers}):new Response(this.message,{status:this.status})}},as=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function Ef(t){return t&&t.__esModule&&Object.prototype.hasOwnProperty.call(t,"default")?t.default:t}function n_(t){if(t.__esModule)return t;var e=t.default;if(typeof e=="function"){var n=function r(){return this instanceof r?Reflect.construct(e,arguments,this.constructor):e.apply(this,arguments)};n.prototype=e.prototype}else n={};return Object.defineProperty(n,"__esModule",{value:!0}),Object.keys(t).forEach(function(r){var i=Object.getOwnPropertyDescriptor(t,r);Object.defineProperty(n,r,i.get?i:{enumerable:!0,get:function(){return t[r]}})}),n}function r_(t){throw new Error('Could not dynamically require "'+t+'". Please configure the dynamicRequireTargets or/and ignoreDynamicRequires option of @rollup/plugin-commonjs appropriately for this require call to work.')}var If={exports:{}};const i_={},s_=Object.freeze(Object.defineProperty({__proto__:null,default:i_},Symbol.toStringTag,{value:"Module"})),o_=n_(s_);(function(t){/**
|
|
2
2
|
* @license bcrypt.js (c) 2013 Daniel Wirtz <dcode@dcode.io>
|
|
3
3
|
* Released under the Apache License, Version 2.0
|
|
4
4
|
* see: https://github.com/dcodeIO/bcrypt.js for details
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
}};
|
|
27
27
|
<\/script>
|
|
28
28
|
</body>
|
|
29
|
-
</html>`;return new Response(i,{headers:{"Content-Type":"text/html"}})}async function Y0(t,e,n,r,i){var m,v,f;if(!n.redirect_uri)throw new z(400,{message:"Missing redirect_uri in authParams"});const[s]=await t.env.data.keys.list();if(!s)throw new z(500,{message:"No signing key found"});if(!((m=e.addons)!=null&&m.samlp))throw new z(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=n.state||"";if(!a||!l||!r||!n.state)throw new z(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),h=await X0(t,{issuer:t.env.ISSUER,audience:c||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((f=(v=r.app_metadata)==null?void 0:v.vimeo)==null?void 0:f.user_id)||r.user_id,email:r.email,sessionIndex:i,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return Z0(p.toString(),h,u.relayState)}async function X0(t,e){const n=e.notBefore||new Date().toISOString(),r=e.notAfter||new Date(new Date(n).getTime()+10*60*1e3).toISOString(),i=e.issueInstant||n,s=e.sessionNotOnOrAfter||r,a=e.responseId||`_${xe()}`,c=e.assertionId||`_${xe()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":r,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":n,"@_NotOnOrAfter":r}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":i,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":i,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":i,"@_Version":"2.0"}}];let p=new J0.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const m=await fetch(t.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!m.ok)throw new Error(`Failed to sign SAML response: ${m.status}`);p=await m.text()}return e.encode===!1?p:btoa(p)}var Q0={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},ey=()=>{var n,r;const t=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[i,s]of Object.entries(Q0))if(ty(s))return i}return typeof(t==null?void 0:t.EdgeRuntime)=="string"?"edge-light":(t==null?void 0:t.fastly)!==void 0?"fastly":((r=(n=t==null?void 0:t.process)==null?void 0:n.release)==null?void 0:r.name)==="node"?"node":"other"},ty=t=>navigator.userAgent.startsWith(t);function nt(t,e){ey()==="workerd"&&t.executionCtx.waitUntil(e)}function sn(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}const Gu=["sub","iss","aud","exp","nbf","iat","jti"];async function to(t,e){var _,w;const{authParams:n,user:r,client:i,session_id:s}=e,c=(await t.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new z(500,{message:"No signing key available"});const u=b_(l.pkcs7),p={aud:n.audience||"default",scope:n.scope||"",sub:(r==null?void 0:r.user_id)||n.client_id,iss:t.env.ISSUER,tenant_id:t.var.tenant_id,sid:s},h=r&&((_=n.scope)!=null&&_.split(" ").includes("openid"))?{aud:n.client_id,sub:r.user_id,iss:t.env.ISSUER,sid:s,nonce:n.nonce,given_name:r.given_name,family_name:r.family_name,nickname:r.nickname,picture:r.picture,locale:r.locale,name:r.name,email:r.email,email_verified:r.email_verified}:void 0;(w=t.env.hooks)!=null&&w.onExecuteCredentialsExchange&&await t.env.hooks.onExecuteCredentialsExchange({client:i,user:r,request:{ip:t.req.header("x-real-ip")||"",user_agent:t.req.header("user-agent")||"",method:t.req.method,url:t.req.url},scope:n.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,C)=>{if(Gu.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=C}},idToken:{setCustomClaim:(S,C)=>{if(Gu.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);h&&(h[S]=C)}},access:{deny:S=>{throw new z(400,{message:`Access denied: ${S}`})}}});const m={includeIssuedTimestamp:!0,expiresIn:new sl(1,"d"),headers:{kid:l.kid}},v=await Mu("RS256",u,p,m),f=h?await Mu("RS256",u,h,m):void 0;return{access_token:v,refresh_token:e.refresh_token,id_token:f,token_type:"Bearer",expires_in:86400}}async function qf(t,e){return e.loginSession||(e.loginSession=await t.env.data.loginSessions.create(e.client.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:e.authParams,authorization_url:t.req.url,csrf_token:xe(),...sn(t.req)})),{code:(await t.env.data.codes.create(e.client.tenant.id,{code_id:xe(),user_id:e.user.user_id,code_type:"authorization_code",login_id:e.loginSession.id,expires_at:new Date(Date.now()+A_*1e3).toISOString()})).code_id,state:e.authParams.state}}async function ny(t,e){const{client:n,scope:r,audience:i=n.tenant.audience,session_id:s}=e;return await t.env.data.refreshTokens.create(n.tenant.id,{id:xe(),session_id:s,client_id:n.id,expires_at:new Date(Date.now()+Qs*1e3).toISOString(),user_id:e.user.user_id,device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},resource_servers:[{audience:i,scopes:r}],rotating:!1})}async function Mf(t,e){const{user:n,client:r,scope:i,audience:s}=e,a=await t.env.data.sessions.create(r.tenant.id,{id:xe(),user_id:n.user_id,idle_expires_at:new Date(Date.now()+Qs*1e3).toISOString(),device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[r.id]}),c=i!=null&&i.split(" ").includes("offline_access")?await ny(t,{...e,session_id:a.id,scope:i,audience:s}):void 0;return{...a,refresh_token:c}}async function on(t,e){var v;const{authParams:n,user:r,client:i,ticketAuth:s}=e,a=ve(t,{type:he.SUCCESS_LOGIN,description:`Successful login for ${r.user_id}`,userId:r.user_id});if(nt(t,t.env.data.logs.create(i.tenant.id,a)),nt(t,t.env.data.users.update(i.tenant.id,r.user_id,{last_login:new Date().toISOString(),last_ip:t.req.header("x-real-ip")||"",login_count:r.login_count+1})),s){if(!e.loginSession)throw new z(500,{message:"Login session not found"});const f=w_(),_=xe(12),w=await t.env.data.codes.create(i.tenant.id,{code_id:xe(),code_type:"ticket",login_id:e.loginSession.id,expires_at:new Date(Date.now()+I_).toISOString(),code_verifier:[_,f].join("|")});return t.json({login_ticket:w.code_id,co_verifier:f,co_id:_})}let c=e.refreshToken,l=e.sessionId,u=r;if(!l){u=await oy(t,t.env.data)(i.tenant.id,r);const f=await Mf(t,{user:r,client:i,scope:n.scope,audience:n.audience});l=f.id,c=(v=f.refresh_token)==null?void 0:v.id}if(e.authParams.response_mode===Yt.SAML_POST)return Y0(t,e.client,e.authParams,u,l);const p=await to(t,{authParams:n,user:u,client:i,session_id:l,refresh_token:c}),h=new Headers({"set-cookie":Of(i.tenant.id,l,t.req.header("host"))});if(n.response_mode===Yt.WEB_MESSAGE)return t.json(p,{headers:h});if((n.response_type||Pt.CODE)===Pt.CODE){const f=await qf(t,e);if(!n.redirect_uri)throw new z(400,{message:"Redirect uri not found"});const _=new URL(n.redirect_uri);_.searchParams.set("code",f.code),f.state&&_.searchParams.set("state",f.state),h.set("location",_.toString())}return new Response("Redirecting",{status:302,headers:h})}async function ry(t,e,n){const r=await t.env.data.tenants.get(e);if(!r)throw new Error(`Tenant not found: ${e}`);return to(t,{client:{id:t.env.ISSUER,tenant:r,created_at:new Date().toISOString(),updated_at:new Date().toISOString(),name:t.env.ISSUER,disable_sign_ups:!1,connections:[]},authParams:{client_id:t.env.ISSUER,response_type:Pt.TOKEN,scope:n}})}async function dl(t,e,n){const r=await ry(t,n.tenant_id,"webhook");for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{Authorization:`Bearer ${r.access_token}`,"Content-Type":"application/json"},body:JSON.stringify(n)})).ok){const a=ve(t,{type:he.FAILED_HOOK,description:`Failed to invoke hook ${i.hook_id}`});await t.env.data.logs.create(n.tenant_id,a)}}function iy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e);return await dl(t,r,{tenant_id:e,user:n,trigger_id:"post-user-registration"}),n}}function sy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await dl(t,r,{tenant_id:e,email:n,trigger_id:"pre-user-signup"})}}function oy(t,e){return async(n,r)=>{const{hooks:i}=await e.hooks.list(n,{q:"trigger_id:post-user-login",page:0,per_page:100,include_totals:!1});return await dl(t,i,{tenant_id:n,user:r,trigger_id:"post-user-login"}),r}}function ay(t,e){return async(n,r)=>{var a,c,l;const i={method:t.req.method,ip:t.req.query("x-real-ip")||"",user_agent:t.req.query("user-agent"),url:((a=t.var.loginSession)==null?void 0:a.authorization_url)||t.req.url};if((c=t.env.hooks)!=null&&c.onExecutePreUserRegistration)try{await t.env.hooks.onExecutePreUserRegistration({user:r,request:i},{user:{setUserMetadata:async(u,p)=>{r[u]=p}}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Pre user registration hook failed"});await e.logs.create(n,p)}let s=await f_(e)(n,r);if((l=t.env.hooks)!=null&&l.onExecutePostUserRegistration)try{await t.env.hooks.onExecutePostUserRegistration({user:r,request:i},{user:{}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Post user registration hook failed"});await t.env.data.logs.create(n,p)}return await iy(t)(n,s),s}}async function cy(t,e,n,r){if(e.disable_sign_ups&&!await ro({userAdapter:n.users,tenant_id:e.tenant.id,email:r})){const s=ve(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.logs.create(e.tenant.id,s),new z(400,{message:"Signups are disabled for this client"})}await sy(t)(t.var.tenant_id||"",r)}function no(t,e){return{...e,users:{...e.users,create:ay(t,e)}}}function Df(t){return no(t,t.env.data)}async function pl(t,e,n){return(await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function ur({userAdapter:t,tenant_id:e,email:n,provider:r}){const{users:i}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n} provider:${r}`});return i.length>1&&console.error("More than one user found for same email and provider"),i[0]||null}async function ro({userAdapter:t,tenant_id:e,email:n}){var c;const{users:r}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`}),i=r.filter(l=>!(l.provider==="auth2"&&!l.email_verified));if(i.length===0)return;const s=i.filter(l=>!l.linked_to);if(s.length>0)return s.length>1&&console.error("More than one primary user found for same email"),s[0];const a=await t.get(e,(c=i[0])==null?void 0:c.linked_to);if(!a)throw new Error("Primary account not found");return a}async function ls({userAdapter:t,tenant_id:e,email:n,provider:r}){const i=await ur({userAdapter:t,tenant_id:e,email:n,provider:r});return i?i.linked_to?t.get(e,i.linked_to):i:null}async function io(t,e){const{email:n,provider:r,connection:i,client:s,userId:a,isSocial:c,profileData:l={},ip:u=""}=e;let p=await ls({userAdapter:t.env.data.users,tenant_id:e.client.tenant.id,email:n,provider:r});if(!p){const h={user_id:`${r}|${a||Xs()}`,email:n,name:n,provider:r,connection:i,email_verified:!0,last_ip:u,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};p=await Df(t).users.create(s.tenant.id,h),t.set("user_id",p.user_id)}return p}const Xt=o.z.object({page:o.z.string().min(0).optional().default("0").transform(t=>parseInt(t,10)).openapi({description:"The page number where 0 is the first page"}),per_page:o.z.string().min(1).optional().default("10").transform(t=>parseInt(t,10)).openapi({description:"The number of items per page"}),include_totals:o.z.string().optional().default("false").transform(t=>t==="true").openapi({description:"If the total number of items should be included in the response"}),sort:o.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:o.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function dr(t){if(!t)return;const[e,n]=t.split(":"),r=n==="1"?"asc":"desc";if(!(!e||!r))return{sort_by:e,sort_order:r}}const Ju=nn.extend({users:o.z.array(xt)}),ly=nn.extend({sessions:o.z.array(Ys)}),uy=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(xt),Ju])}},description:"List of users"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header");if(s!=null&&s.includes("identities.profileData.email")){const p=s.split("=")[1],m=(await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,q:`email:${p}`})).users.filter(_=>_.linked_to),[v]=m;if(!v)return t.json([]);const f=await t.env.data.users.get(a,v.linked_to);if(!f)throw new z(500,{message:"Primary account not found"});return t.json([xt.parse(f)])}const c=["-_exists_:linked_to"];s&&c.push(s);const l=await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:c.join(" ")}),u=l.users.filter(p=>!p.linked_to);return r?t.json(Ju.parse({users:u,length:l.length,start:l.start,limit:l.limit})):t.json(o.z.array(xt).parse(u))}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"List of users"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header"),r=await t.env.data.users.get(n,e);if(!r)throw new z(404);if(r.linked_to)throw new z(404,{message:"User is linked to another user"});return t.json(r)}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header");if(!await t.env.data.users.remove(n,e))throw new z(404);return t.text("OK")}).openapi(o.createRoute({tags:["users"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape})}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");t.set("body",n);const{email:r}=n;if(!r)throw new z(400,{message:"Email is required"});const i=r.toLowerCase(),s=`${n.provider}|${n.user_id||Xs()}`;try{const a=await t.env.data.users.create(e,{email:i,user_id:s,name:n.name||i,provider:n.provider,connection:n.connection,email_verified:n.email_verified||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString()});t.set("user_id",a.user_id);const c=ve(t,{type:he.SUCCESS_API_OPERATION,description:"User created"});nt(t,t.env.data.logs.create(e,c));const l={...a,identities:[{connection:a.connection,provider:a.provider,user_id:Vu(a.user_id),isSocial:a.is_social}]};return t.json(xt.parse(l),{status:201})}catch(a){throw a.message==="User already exists"?new z(409,{message:"User already exists"}):a}}).openapi(o.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape,verify_email:o.z.boolean(),password:o.z.string()}).partial()}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{var p;const{data:e}=t.env,{"tenant-id":n}=t.req.valid("header"),r=t.req.valid("json"),{user_id:i}=t.req.valid("param"),{verify_email:s,password:a,...c}=r,l=await e.users.get(n,i);if(!l)throw new z(404);if(c.email&&c.email!==l.email){const h=await pl(t.env.data.users,n,c.email);if(h.length&&h.some(m=>m.user_id!==i))throw new z(409,{message:"Another user with the same email address already exists."})}if(l.linked_to)throw new z(404,{message:"User is linked to another user"});if(await t.env.data.users.update(n,i,c),a){const h=(p=l.identities)==null?void 0:p.find(f=>f.connection==="Username-Password-Authentication");if(!h)throw new z(400,{message:"User does not have a password identity"});const m={user_id:h.user_id,password:await si.hash(a,10),algorithm:"bcrypt"};await e.passwords.get(n,h.user_id)?await e.passwords.update(n,m):await e.passwords.create(n,m)}const u=await t.env.data.users.get(n,i);if(!u)throw new z(500);return t.json(u)}).openapi(o.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.union([o.z.object({link_with:o.z.string()}),o.z.object({user_id:o.z.string(),provider:o.z.string(),connection:o.z.string().optional()})])}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(o.z.object({connection:o.z.string(),provider:o.z.string(),user_id:o.z.string(),isSocial:o.z.boolean()}))}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),{user_id:r}=t.req.valid("param"),i="link_with"in n?n.link_with:n.user_id,s=await t.env.data.users.get(e,r);if(!s)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await t.env.data.users.update(e,i,{linked_to:r});const a=await t.env.data.users.list(e,{page:0,per_page:10,include_totals:!1,q:`linked_to:${r}`}),c=[s,...a.users].map(l=>({connection:l.connection,provider:l.provider,user_id:Vu(l.user_id),isSocial:l.is_social}));return t.json(c,{status:201})}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string(),provider:o.z.string(),linked_user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(xt)}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{user_id:n,provider:r,linked_user_id:i}=t.req.valid("param");await t.env.data.users.unlink(e,n,r,i);const s=await t.env.data.users.get(e,n);if(!s)throw new z(404);return t.json([xt.parse(s)])}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ys),ly])}},description:"List of sessions"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{include_totals:n}=t.req.valid("query"),{"tenant-id":r}=t.req.valid("header"),i=await t.env.data.sessions.list(r,{page:0,per_page:10,include_totals:!1,q:`user_id:${e}`});return n?t.json(i):t.json(i.sessions)});/*! *****************************************************************************
|
|
29
|
+
</html>`;return new Response(i,{headers:{"Content-Type":"text/html"}})}async function Y0(t,e,n,r,i){var m,v,f;if(!n.redirect_uri)throw new z(400,{message:"Missing redirect_uri in authParams"});const[s]=await t.env.data.keys.list();if(!s)throw new z(500,{message:"No signing key found"});if(!((m=e.addons)!=null&&m.samlp))throw new z(400,{message:`SAML Addon is not enabled for client ${e.id}`});const{recipient:a,audience:c}=e.addons.samlp,l=n.state||"";if(!a||!l||!r||!n.state)throw new z(400,{message:"Missing recipient or inResponseTo"});const u=JSON.parse(n.state),p=new URL(n.redirect_uri),h=await X0(t,{issuer:t.env.ISSUER,audience:c||n.client_id,destination:p.toString(),inResponseTo:u.requestId,userId:((f=(v=r.app_metadata)==null?void 0:v.vimeo)==null?void 0:f.user_id)||r.user_id,email:r.email,sessionIndex:i,signature:{privateKeyPem:s.pkcs7,cert:s.cert,kid:s.kid}});return Z0(p.toString(),h,u.relayState)}async function X0(t,e){const n=e.notBefore||new Date().toISOString(),r=e.notAfter||new Date(new Date(n).getTime()+10*60*1e3).toISOString(),i=e.issueInstant||n,s=e.sessionNotOnOrAfter||r,a=e.responseId||`_${xe()}`,c=e.assertionId||`_${xe()}`,l=[{"samlp:Response":[{"saml:Issuer":[{"#text":e.issuer}]},{"samlp:Status":[{"samlp:StatusCode":[],":@":{"@_Value":"urn:oasis:names:tc:SAML:2.0:status:Success"}}]},{"saml:Assertion":[{"saml:Issuer":[{"#text":e.issuer}]},{"saml:Subject":[{"saml:NameID":[{"#text":e.email}],":@":{"@_Format":"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"}},{"saml:SubjectConfirmation":[{"saml:SubjectConfirmationData":[],":@":{"@_InResponseTo":e.inResponseTo,"@_NotOnOrAfter":r,"@_Recipient":e.destination}}],":@":{"@_Method":"urn:oasis:names:tc:SAML:2.0:cm:bearer"}}]},{"saml:Conditions":[{"saml:AudienceRestriction":[{"saml:Audience":[{"#text":e.audience}]}]}],":@":{"@_NotBefore":n,"@_NotOnOrAfter":r}},{"saml:AuthnStatement":[{"saml:AuthnContext":[{"saml:AuthnContextClassRef":[{"#text":"urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"}]}]}],":@":{"@_AuthnInstant":i,"@_SessionIndex":e.sessionIndex,"@_SessionNotOnOrAfter":s}},{"saml:AttributeStatement":[{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.userId}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_FriendlyName":"persistent","@_Name":"id","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":e.email}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"email","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"default-roles-master"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"offline_access"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"view-profile"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"uma_authorization"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}},{"saml:Attribute":[{"saml:AttributeValue":[{"#text":"manage-account-links"}],":@":{"@_xmlns:xs":"http://www.w3.org/2001/XMLSchema","@_xmlns:xsi":"http://www.w3.org/2001/XMLSchema-instance","@_xsi:type":"xs:string"}}],":@":{"@_Name":"Role","@_NameFormat":"urn:oasis:names:tc:SAML:2.0:attrname-format:basic"}}]}],":@":{"@_xmlns":"urn:oasis:names:tc:SAML:2.0:assertion","@_ID":c,"@_IssueInstant":i,"@_Version":"2.0"}}],":@":{"@_xmlns:samlp":"urn:oasis:names:tc:SAML:2.0:protocol","@_xmlns:saml":"urn:oasis:names:tc:SAML:2.0:assertion","@_Destination":e.destination,"@_ID":a,"@_InResponseTo":e.inResponseTo,"@_IssueInstant":i,"@_Version":"2.0"}}];let p=new J0.XMLBuilder({ignoreAttributes:!1,suppressEmptyNode:!0,preserveOrder:!0}).build(l);if(e.signature){const m=await fetch(t.env.SAML_SIGN_URL,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({xmlContent:p,privateKey:e.signature.privateKeyPem,publicCert:e.signature.cert})});if(!m.ok)throw new Error(`Failed to sign SAML response: ${m.status}`);p=await m.text()}return e.encode===!1?p:btoa(p)}var Q0={deno:"Deno",bun:"Bun",workerd:"Cloudflare-Workers",node:"Node.js"},ey=()=>{var n,r;const t=globalThis;if(typeof navigator<"u"&&typeof navigator.userAgent=="string"){for(const[i,s]of Object.entries(Q0))if(ty(s))return i}return typeof(t==null?void 0:t.EdgeRuntime)=="string"?"edge-light":(t==null?void 0:t.fastly)!==void 0?"fastly":((r=(n=t==null?void 0:t.process)==null?void 0:n.release)==null?void 0:r.name)==="node"?"node":"other"},ty=t=>navigator.userAgent.startsWith(t);function nt(t,e){ey()==="workerd"&&t.executionCtx.waitUntil(e)}function sn(t){var e,n,r;return{auth0Client:(e=t.query("auth0Client"))==null?void 0:e.slice(0,255),ip:(n=t.header("x-real-ip"))==null?void 0:n.slice(0,45),useragent:(r=t.header("user-agent"))==null?void 0:r.slice(0,512)}}const Gu=["sub","iss","aud","exp","nbf","iat","jti"];async function to(t,e){var _,w;const{authParams:n,user:r,client:i,session_id:s}=e,c=(await t.env.data.keys.list()).filter(S=>!S.revoked_at||new Date(S.revoked_at)>new Date),l=c[c.length-1];if(!(l!=null&&l.pkcs7))throw new z(500,{message:"No signing key available"});const u=b_(l.pkcs7),p={aud:n.audience||"default",scope:n.scope||"",sub:(r==null?void 0:r.user_id)||n.client_id,iss:t.env.ISSUER,tenant_id:t.var.tenant_id,sid:s},h=r&&((_=n.scope)!=null&&_.split(" ").includes("openid"))?{aud:n.client_id,sub:r.user_id,iss:t.env.ISSUER,sid:s,nonce:n.nonce,given_name:r.given_name,family_name:r.family_name,nickname:r.nickname,picture:r.picture,locale:r.locale,name:r.name,email:r.email,email_verified:r.email_verified}:void 0;(w=t.env.hooks)!=null&&w.onExecuteCredentialsExchange&&await t.env.hooks.onExecuteCredentialsExchange({client:i,user:r,request:{ip:t.req.header("x-real-ip")||"",user_agent:t.req.header("user-agent")||"",method:t.req.method,url:t.req.url},scope:n.scope||"",grant_type:""},{accessToken:{setCustomClaim:(S,C)=>{if(Gu.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);p[S]=C}},idToken:{setCustomClaim:(S,C)=>{if(Gu.includes(S))throw new Error(`Cannot overwrite reserved claim '${S}'`);h&&(h[S]=C)}},access:{deny:S=>{throw new z(400,{message:`Access denied: ${S}`})}}});const m={includeIssuedTimestamp:!0,expiresIn:new sl(1,"d"),headers:{kid:l.kid}},v=await Mu("RS256",u,p,m),f=h?await Mu("RS256",u,h,m):void 0;return{access_token:v,refresh_token:e.refresh_token,id_token:f,token_type:"Bearer",expires_in:86400}}async function qf(t,e){return e.loginSession||(e.loginSession=await t.env.data.loginSessions.create(e.client.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:e.authParams,authorization_url:t.req.url,csrf_token:xe(),...sn(t.req)})),{code:(await t.env.data.codes.create(e.client.tenant.id,{code_id:xe(),user_id:e.user.user_id,code_type:"authorization_code",login_id:e.loginSession.id,expires_at:new Date(Date.now()+A_*1e3).toISOString()})).code_id,state:e.authParams.state}}async function ny(t,e){const{client:n,scope:r,audience:i=n.tenant.audience,session_id:s}=e;return await t.env.data.refreshTokens.create(n.tenant.id,{id:xe(),session_id:s,client_id:n.id,expires_at:new Date(Date.now()+Qs*1e3).toISOString(),user_id:e.user.user_id,device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},resource_servers:[{audience:i,scopes:r}],rotating:!1})}async function Mf(t,{user:e,client:n,loginSession:r}){const i=await t.env.data.sessions.create(n.tenant.id,{id:xe(),user_id:e.user_id,idle_expires_at:new Date(Date.now()+Qs*1e3).toISOString(),device:{last_ip:t.req.header("x-real-ip")||"",initial_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||"",initial_user_agent:t.req.header("user-agent")||"",initial_asn:"",last_asn:""},clients:[n.id]});await t.env.data.loginSessions.update(n.tenant.id,r.id,{session_id:i.id});const{scope:s,audience:a}=r.authParams,c=s!=null&&s.split(" ").includes("offline_access")?await ny(t,{session_id:i.id,user:e,client:n,scope:s,audience:a}):void 0;return{...i,refresh_token:c}}async function on(t,e){var v;const{authParams:n,user:r,client:i,ticketAuth:s}=e,a=ve(t,{type:he.SUCCESS_LOGIN,description:`Successful login for ${r.user_id}`,userId:r.user_id});if(nt(t,t.env.data.logs.create(i.tenant.id,a)),nt(t,t.env.data.users.update(i.tenant.id,r.user_id,{last_login:new Date().toISOString(),last_ip:t.req.header("x-real-ip")||"",login_count:r.login_count+1})),s){if(!e.loginSession)throw new z(500,{message:"Login session not found"});const f=w_(),_=xe(12),w=await t.env.data.codes.create(i.tenant.id,{code_id:xe(),code_type:"ticket",login_id:e.loginSession.id,expires_at:new Date(Date.now()+I_).toISOString(),code_verifier:[_,f].join("|")});return t.json({login_ticket:w.code_id,co_verifier:f,co_id:_})}let c=e.refreshToken,l=e.sessionId,u=r;if(!l){if(!e.loginSession)throw new z(500,{message:"Login session not found"});u=await oy(t,t.env.data)(i.tenant.id,r);const f=await Mf(t,{user:r,client:i,loginSession:e.loginSession});l=f.id,c=(v=f.refresh_token)==null?void 0:v.id}if(e.authParams.response_mode===Yt.SAML_POST)return Y0(t,e.client,e.authParams,u,l);const p=await to(t,{authParams:n,user:u,client:i,session_id:l,refresh_token:c}),h=new Headers({"set-cookie":Of(i.tenant.id,l,t.req.header("host"))});if(n.response_mode===Yt.WEB_MESSAGE)return t.json(p,{headers:h});if((n.response_type||Pt.CODE)===Pt.CODE){const f=await qf(t,e);if(!n.redirect_uri)throw new z(400,{message:"Redirect uri not found"});const _=new URL(n.redirect_uri);_.searchParams.set("code",f.code),f.state&&_.searchParams.set("state",f.state),h.set("location",_.toString())}return new Response("Redirecting",{status:302,headers:h})}async function ry(t,e,n){const r=await t.env.data.tenants.get(e);if(!r)throw new Error(`Tenant not found: ${e}`);return to(t,{client:{id:t.env.ISSUER,tenant:r,created_at:new Date().toISOString(),updated_at:new Date().toISOString(),name:t.env.ISSUER,disable_sign_ups:!1,connections:[]},authParams:{client_id:t.env.ISSUER,response_type:Pt.TOKEN,scope:n}})}async function dl(t,e,n){const r=await ry(t,n.tenant_id,"webhook");for await(const i of e)if(!(await fetch(i.url,{method:"POST",headers:{Authorization:`Bearer ${r.access_token}`,"Content-Type":"application/json"},body:JSON.stringify(n)})).ok){const a=ve(t,{type:he.FAILED_HOOK,description:`Failed to invoke hook ${i.hook_id}`});await t.env.data.logs.create(n.tenant_id,a)}}function iy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e);return await dl(t,r,{tenant_id:e,user:n,trigger_id:"post-user-registration"}),n}}function sy(t){return async(e,n)=>{const{hooks:r}=await t.env.data.hooks.list(e,{q:"trigger_id:pre-user-signup",page:0,per_page:100,include_totals:!1});await dl(t,r,{tenant_id:e,email:n,trigger_id:"pre-user-signup"})}}function oy(t,e){return async(n,r)=>{const{hooks:i}=await e.hooks.list(n,{q:"trigger_id:post-user-login",page:0,per_page:100,include_totals:!1});return await dl(t,i,{tenant_id:n,user:r,trigger_id:"post-user-login"}),r}}function ay(t,e){return async(n,r)=>{var a,c,l;const i={method:t.req.method,ip:t.req.query("x-real-ip")||"",user_agent:t.req.query("user-agent"),url:((a=t.var.loginSession)==null?void 0:a.authorization_url)||t.req.url};if((c=t.env.hooks)!=null&&c.onExecutePreUserRegistration)try{await t.env.hooks.onExecutePreUserRegistration({user:r,request:i},{user:{setUserMetadata:async(u,p)=>{r[u]=p}}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Pre user registration hook failed"});await e.logs.create(n,p)}let s=await f_(e)(n,r);if((l=t.env.hooks)!=null&&l.onExecutePostUserRegistration)try{await t.env.hooks.onExecutePostUserRegistration({user:r,request:i},{user:{}})}catch{const p=ve(t,{type:he.FAILED_SIGNUP,description:"Post user registration hook failed"});await t.env.data.logs.create(n,p)}return await iy(t)(n,s),s}}async function cy(t,e,n,r){if(e.disable_sign_ups&&!await ro({userAdapter:n.users,tenant_id:e.tenant.id,email:r})){const s=ve(t,{type:he.FAILED_SIGNUP,description:"Public signup is disabled"});throw await n.logs.create(e.tenant.id,s),new z(400,{message:"Signups are disabled for this client"})}await sy(t)(t.var.tenant_id||"",r)}function no(t,e){return{...e,users:{...e.users,create:ay(t,e)}}}function Df(t){return no(t,t.env.data)}async function pl(t,e,n){return(await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`})).users}async function ur({userAdapter:t,tenant_id:e,email:n,provider:r}){const{users:i}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n} provider:${r}`});return i.length>1&&console.error("More than one user found for same email and provider"),i[0]||null}async function ro({userAdapter:t,tenant_id:e,email:n}){var c;const{users:r}=await t.list(e,{page:0,per_page:10,include_totals:!1,q:`email:${n}`}),i=r.filter(l=>!(l.provider==="auth2"&&!l.email_verified));if(i.length===0)return;const s=i.filter(l=>!l.linked_to);if(s.length>0)return s.length>1&&console.error("More than one primary user found for same email"),s[0];const a=await t.get(e,(c=i[0])==null?void 0:c.linked_to);if(!a)throw new Error("Primary account not found");return a}async function ls({userAdapter:t,tenant_id:e,email:n,provider:r}){const i=await ur({userAdapter:t,tenant_id:e,email:n,provider:r});return i?i.linked_to?t.get(e,i.linked_to):i:null}async function io(t,e){const{email:n,provider:r,connection:i,client:s,userId:a,isSocial:c,profileData:l={},ip:u=""}=e;let p=await ls({userAdapter:t.env.data.users,tenant_id:e.client.tenant.id,email:n,provider:r});if(!p){const h={user_id:`${r}|${a||Xs()}`,email:n,name:n,provider:r,connection:i,email_verified:!0,last_ip:u,is_social:c,last_login:new Date().toISOString(),profileData:JSON.stringify(l)};p=await Df(t).users.create(s.tenant.id,h),t.set("user_id",p.user_id)}return p}const Xt=o.z.object({page:o.z.string().min(0).optional().default("0").transform(t=>parseInt(t,10)).openapi({description:"The page number where 0 is the first page"}),per_page:o.z.string().min(1).optional().default("10").transform(t=>parseInt(t,10)).openapi({description:"The number of items per page"}),include_totals:o.z.string().optional().default("false").transform(t=>t==="true").openapi({description:"If the total number of items should be included in the response"}),sort:o.z.string().regex(/^.+:(-1|1)$/).optional().openapi({description:"A property that should have the format 'string:-1' or 'string:1'"}),q:o.z.string().optional().openapi({description:"A lucene query string used to filter the results"})});function dr(t){if(!t)return;const[e,n]=t.split(":"),r=n==="1"?"asc":"desc";if(!(!e||!r))return{sort_by:e,sort_order:r}}const Ju=nn.extend({users:o.z.array(xt)}),ly=nn.extend({sessions:o.z.array(Ys)}),uy=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(xt),Ju])}},description:"List of users"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header");if(s!=null&&s.includes("identities.profileData.email")){const p=s.split("=")[1],m=(await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,q:`email:${p}`})).users.filter(_=>_.linked_to),[v]=m;if(!v)return t.json([]);const f=await t.env.data.users.get(a,v.linked_to);if(!f)throw new z(500,{message:"Primary account not found"});return t.json([xt.parse(f)])}const c=["-_exists_:linked_to"];s&&c.push(s);const l=await t.env.data.users.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:c.join(" ")}),u=l.users.filter(p=>!p.linked_to);return r?t.json(Ju.parse({users:u,length:l.length,start:l.start,limit:l.limit})):t.json(o.z.array(xt).parse(u))}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"List of users"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header"),r=await t.env.data.users.get(n,e);if(!r)throw new z(404);if(r.linked_to)throw new z(404,{message:"User is linked to another user"});return t.json(r)}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{"tenant-id":n}=t.req.valid("header");if(!await t.env.data.users.remove(n,e))throw new z(404);return t.text("OK")}).openapi(o.createRoute({tags:["users"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape})}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:xt}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");t.set("body",n);const{email:r}=n;if(!r)throw new z(400,{message:"Email is required"});const i=r.toLowerCase(),s=`${n.provider}|${n.user_id||Xs()}`;try{const a=await t.env.data.users.create(e,{email:i,user_id:s,name:n.name||i,provider:n.provider,connection:n.connection,email_verified:n.email_verified||!1,last_ip:"",is_social:!1,last_login:new Date().toISOString()});t.set("user_id",a.user_id);const c=ve(t,{type:he.SUCCESS_API_OPERATION,description:"User created"});nt(t,t.env.data.logs.create(e,c));const l={...a,identities:[{connection:a.connection,provider:a.provider,user_id:Vu(a.user_id),isSocial:a.is_social}]};return t.json(xt.parse(l),{status:201})}catch(a){throw a.message==="User already exists"?new z(409,{message:"User already exists"}):a}}).openapi(o.createRoute({tags:["users"],method:"patch",path:"/{user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object({...ts.shape,verify_email:o.z.boolean(),password:o.z.string()}).partial()}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{var p;const{data:e}=t.env,{"tenant-id":n}=t.req.valid("header"),r=t.req.valid("json"),{user_id:i}=t.req.valid("param"),{verify_email:s,password:a,...c}=r,l=await e.users.get(n,i);if(!l)throw new z(404);if(c.email&&c.email!==l.email){const h=await pl(t.env.data.users,n,c.email);if(h.length&&h.some(m=>m.user_id!==i))throw new z(409,{message:"Another user with the same email address already exists."})}if(l.linked_to)throw new z(404,{message:"User is linked to another user"});if(await t.env.data.users.update(n,i,c),a){const h=(p=l.identities)==null?void 0:p.find(f=>f.connection==="Username-Password-Authentication");if(!h)throw new z(400,{message:"User does not have a password identity"});const m={user_id:h.user_id,password:await si.hash(a,10),algorithm:"bcrypt"};await e.passwords.get(n,h.user_id)?await e.passwords.update(n,m):await e.passwords.create(n,m)}const u=await t.env.data.users.get(n,i);if(!u)throw new z(500);return t.json(u)}).openapi(o.createRoute({tags:["users"],method:"post",path:"/{user_id}/identities",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.union([o.z.object({link_with:o.z.string()}),o.z.object({user_id:o.z.string(),provider:o.z.string(),connection:o.z.string().optional()})])}}},params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(o.z.object({connection:o.z.string(),provider:o.z.string(),user_id:o.z.string(),isSocial:o.z.boolean()}))}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),{user_id:r}=t.req.valid("param"),i="link_with"in n?n.link_with:n.user_id,s=await t.env.data.users.get(e,r);if(!s)throw new z(400,{message:"Linking an inexistent identity is not allowed."});await t.env.data.users.update(e,i,{linked_to:r});const a=await t.env.data.users.list(e,{page:0,per_page:10,include_totals:!1,q:`linked_to:${r}`}),c=[s,...a.users].map(l=>({connection:l.connection,provider:l.provider,user_id:Vu(l.user_id),isSocial:l.is_social}));return t.json(c,{status:201})}).openapi(o.createRoute({tags:["users"],method:"delete",path:"/{user_id}/identities/{provider}/{linked_user_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string(),provider:o.z.string(),linked_user_id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:o.z.array(xt)}},description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{user_id:n,provider:r,linked_user_id:i}=t.req.valid("param");await t.env.data.users.unlink(e,n,r,i);const s=await t.env.data.users.get(e,n);if(!s)throw new z(404);return t.json([xt.parse(s)])}).openapi(o.createRoute({tags:["users"],method:"get",path:"/{user_id}/sessions",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({user_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ys),ly])}},description:"List of sessions"}}}),async t=>{const{user_id:e}=t.req.valid("param"),{include_totals:n}=t.req.valid("query"),{"tenant-id":r}=t.req.valid("header"),i=await t.env.data.sessions.list(r,{page:0,per_page:10,include_totals:!1,q:`user_id:${e}`});return n?t.json(i):t.json(i.sessions)});/*! *****************************************************************************
|
|
30
30
|
Copyright (C) Microsoft. All rights reserved.
|
|
31
31
|
Licensed under the Apache License, Version 2.0 (the "License"); you may not use
|
|
32
32
|
this file except in compliance with the License. You may obtain a copy of the
|
|
@@ -146,7 +146,7 @@ PERFORMANCE OF THIS SOFTWARE.
|
|
|
146
146
|
`,i=0;for(;i<n.length;)i+64<=n.length?r+=n.substr(i,64)+`\r
|
|
147
147
|
`:r+=n.substr(i)+`\r
|
|
148
148
|
`,i+=64;return r+=`-----END ${t} KEY-----\r
|
|
149
|
-
`,r}async function ow(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return za(await zf(s))}const aw=1e3*60*60*24,cw=new o.OpenAPIHono().openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Ia)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ia}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new z(404,{message:"Key not found"});return t.json(r)}).openapi(o.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+aw).toISOString()});const n=await Jc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Key not found"});const r=await Jc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),lw=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:o.z.object({email:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.array(el)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await pl(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),uw=nn.extend({clients:o.z.array(mn)}),dw=new o.OpenAPIHono().openapi(o.createRoute({tags:["clients"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([uw,o.z.array(mn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(o.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new z(404);return t.json(i)}).openapi(o.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new z(404,{message:"Application not found"});return t.text("OK")}).openapi(o.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(ns.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new z(404,{message:"Application not found"});return t.json(s)}).openapi(o.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(ns.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:o.z.object(mn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||xe(),client_secret:n.client_secret||xe()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()});Js.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any());const pw=nn.extend({tenants:o.z.array(Fn)}),fw=new o.OpenAPIHono().openapi(o.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:Xt},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.union([o.z.array(Fn),pw])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),a=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:dr(i),q:s});return r?t.json(a):t.json(a.tenants)}).openapi(o.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Fn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new z(404);return t.json(n)}).openapi(o.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(is.shape).partial()}}},params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(is.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Fn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),hw=nn.extend({logs:o.z.array(os)}),gw=new o.OpenAPIHono().openapi(o.createRoute({tags:["logs"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(os),hw])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header"),c=await t.env.data.logs.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(o.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:os}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new z(404);return t.json(r)}),mw=nn.extend({hooks:o.z.array(Dn)}),_w=new o.OpenAPIHono().openapi(o.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Dn),mw])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a});return i?t.json(c):t.json(c.hooks)}).openapi(o.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(ss.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Dn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()}),body:{content:{"application/json":{schema:o.z.object(ss.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Dn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new z(404,{message:"Hook not found"});return t.json(i)}).openapi(o.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Dn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new z(404,{message:"Hook not found"});return t.json(r)}).openapi(o.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new z(404,{message:"Hook not found"});return t.text("OK")}),yw=nn.extend({connections:o.z.array(Ft)}),vw=new o.OpenAPIHono().openapi(o.createRoute({tags:["connections"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ft),yw])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a});return i?t.json(c):t.json(c.connections)}).openapi(o.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ft}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new z(404,{message:"Connection not found"});return t.text("OK")}).openapi(o.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Ft}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new z(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new z(404,{message:"Connection not found"});return t.json(s)}).openapi(o.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Ft}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),ww=new o.OpenAPIHono().openapi(o.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Li.parse({}))}).openapi(o.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let Ap=!1;function Bg(t){t.use(async(e,n)=>(Ap||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ap=!0),await n()))}o.z.object({alg:o.z.literal("RS256"),kty:o.z.literal("RSA"),use:o.z.literal("sig"),n:o.z.string(),e:o.z.string(),kid:o.z.string(),x5t:o.z.string(),x5c:o.z.array(o.z.string())});async function bw(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new z(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function kw(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),a=(await bw(t.env)).find(l=>l.kid===e.header.kid);if(!a)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function xw(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),a=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:a,raw:{header:e,payload:n,signature:r}}}function Tg(t){return async(e,n)=>{var i,s,a;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new z(401,{message:"Missing bearer token"});const h=xw(p);if(!h||!await kw(e,h))throw new z(403,{message:"Invalid JWT signature"});e.set("user_id",h.payload.sub),e.set("user",h.payload);const m=h.payload.permissions||[],v=((a=h.payload.scope)==null?void 0:a.split(" "))||[];if(c.length&&!(c.some(f=>m.includes(f))||c.some(f=>v.includes(f))))throw new z(403,{message:"Unauthorized"})}return await n()}}const Sw=new o.OpenAPIHono().openapi(o.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ui}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new z(404,{message:"Email provider not found"});return t.json(n)}).openapi(o.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),Aw=new o.OpenAPIHono().openapi(o.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ys}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new z(404,{message:"Session not found"});return t.text("OK")}).openapi(o.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new z(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),Ew=new o.OpenAPIHono().openapi(o.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:il}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new z(404,{message:"Session not found"});return t.text("OK")}),Iw=new o.OpenAPIHono().openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(fn)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new z(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(o.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(fn.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new z(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new z(404);return t.json(s)}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(nl.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:fn}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"The custom domain"}}}),async()=>{throw new z(501,{message:"Not implemented"})});function zw(t){const e=new o.OpenAPIHono;Bg(e),e.use(async(r,i)=>(r.env.data=no(r,t.dataAdapter),i())),e.use(Tg(e));const n=e.route("/branding",t_).route("/custom-domains",Iw).route("/email/providers",Sw).route("/users",uy).route("/keys",cw).route("/users-by-email",lw).route("/clients",dw).route("/tenants",fw).route("/logs",gw).route("/hooks",_w).route("/connections",vw).route("/prompts",ww).route("/sessions",Aw).route("/refresh_tokens",Ew);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),n}function Nw(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}var Ep;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ep||(Ep={}));var Ip;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ip||(Ip={}));function Cw(t){return Rg(t,jw,ei.Include)}function Pg(t){return Rg(t,$w,ei.None)}function Rg(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===ei.Include&&(r+="=")}return r}const jw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",$w="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var ei;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(ei||(ei={}));var zp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(zp||(zp={}));class Ow{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const Np=new Ow;function kt(t,e){return(t<<32-e|t>>>e)>>>0}function Bw(t){const e=new Tw;return e.update(t),e.digest()}class Tw{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),Np.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)Np.putUint32(e,this.H[n],n*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(kt(this.w[u-2],17)^kt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,h=(kt(this.w[u-15],7)^kt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+h+this.w[u-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(kt(s,6)^kt(s,11)^kt(s,25))>>>0,h=(s&a^~s&c)>>>0,m=l+p+h+Pw[u]+this.w[u]|0,v=(kt(e,2)^kt(e,13)^kt(e,22))>>>0,f=(e&n^e&r^n&r)>>>0,_=v+f|0;l=c,c=a,a=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const Pw=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class Rw{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function Lw(t){const e=Bw(new TextEncoder().encode(t));return Pg(e)}function Uw(){const t=new Uint8Array(32);return crypto.getRandomValues(t),Pg(t)}function Ur(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function ha(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Cw(n)}async function Hs(t){let e;try{e=await fetch(t)}catch(n){throw new Ug(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);let r;try{r=Lg(n)}catch{throw new Gn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);return new Rw(n)}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}async function Vw(t){let e;try{e=await fetch(t)}catch(n){throw new Ug(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Gn(e.status,null)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);let r;try{r=Lg(n)}catch{throw new Gn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}function Lg(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new qw(e,n,r,i)}class Ug extends Error{constructor(e){super("Failed to send request",{cause:e})}}class qw extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Hi extends Error{constructor(n){super("Unexpected error response");te(this,"status");this.status=n}}class Gn extends Error{constructor(n,r){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=n,this.data=r}}class nu{constructor(e,n,r){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const a=new URL(e);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),r===ti.S256){const c=Lw(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else r===ti.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",i));return s.length>0&&a.searchParams.set("scope",s.join(" ")),a}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Ur(e,i);if(this.clientPassword!==null){const c=ha(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Hs(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Ur(e,i);if(this.clientPassword!==null){const c=ha(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Hs(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Ur(e,r);if(this.clientPassword!==null){const s=ha(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await Vw(i)}}var ti;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(ti||(ti={}));var Cp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Cp||(Cp={}));var jp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jp||(jp={}));function Vr(t){return Mw(t,Dw,Fs.None)}function Mw(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===Fs.Include&&(r+="=")}return r}const Dw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Fs;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Fs||(Fs={}));var $p;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})($p||($p={}));function Hw(t,e,n){const r=Vr(new TextEncoder().encode(t)),i=Vr(new TextEncoder().encode(e)),s=Vr(n);return r+"."+i+"."+s}function Fw(t,e){const n=Vr(new TextEncoder().encode(t)),r=Vr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const Kw="https://appleid.apple.com/auth/authorize",Ww="https://appleid.apple.com/auth/token";class Vg{constructor(e,n,r,i,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(Kw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Ur(Ww,n);return await Hs(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,Fw(r,i)));return Hw(r,i,s)}}const Gw="https://www.facebook.com/v16.0/dialog/oauth",Jw="https://graph.facebook.com/v16.0/oauth/access_token";class qg{constructor(e,n,r){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(Gw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Ur(Jw,n);return await Hs(r)}}const Zw="https://accounts.google.com/o/oauth2/v2/auth",Op="https://oauth2.googleapis.com/token",Yw="https://oauth2.googleapis.com/revoke";let Mg=class{constructor(e,n,r){te(this,"client");this.client=new nu(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(Zw,e,ti.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(Op,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(Op,e,[])}async revokeToken(e){await this.client.revokeToken(Yw,e)}};const Jo=o.z.object({iss:o.z.string().url(),sub:o.z.string(),aud:o.z.string(),exp:o.z.number(),email:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),name:o.z.string().optional(),iat:o.z.number(),auth_time:o.z.number().optional(),nonce:o.z.string().optional(),acr:o.z.string().optional(),amr:o.z.array(o.z.string()).optional(),azp:o.z.string().optional(),at_hash:o.z.string().optional(),c_hash:o.z.string().optional()}).passthrough();Jo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function Xw(t){return t.ISSUER}function _t(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function je(t){return t.OAUTH_API_URL||t.ISSUER}function Dg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function Qw(t,e){var l,u;const{options:n,keyArray:r}=Dg(e),i=new Vg(n.client_id,n.team_id,n.kid,r,`${je(t.env)}callback`),s=xe(),a=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=n.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&a.searchParams.set("response_mode","form_post"),{redirectUrl:a.href,code:s}}async function eb(t,e,n){const{options:r,keyArray:i}=Dg(e),a=await new Vg(r.client_id,r.team_id,r.kid,i,`${je(t.env)}callback`).validateAuthorizationCode(n),c=ol(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Jo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const tb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Qw,validateAuthorizationCodeAndGetUser:eb},Symbol.toStringTag,{value:"Module"}));async function nb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new qg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe();return{redirectUrl:r.createAuthorizationURL(i,((a=n.scope)==null?void 0:a.split(" "))||["email"]).href,code:i}}async function rb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new qg(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:nb,validateAuthorizationCodeAndGetUser:rb},Symbol.toStringTag,{value:"Module"}));async function sb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Mg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe(),s=Uw();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function ob(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const a=await new Mg(i.client_id,i.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n,r),c=ol(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Jo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:sb,validateAuthorizationCodeAndGetUser:ob},Symbol.toStringTag,{value:"Module"}));async function cb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new nu(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((a=n.scope)==null?void 0:a.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function lb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new nu(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=ol(s.idToken());if(!a)throw new Error("Invalid ID token");const c=Jo.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new z(400,{message:"Failed to get user from vipps"});return await l.json()}const ub=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:cb,validateAuthorizationCodeAndGetUser:lb},Symbol.toStringTag,{value:"Module"}));function Hg(t,e){const n=t.env.STRATEGIES||{},i={apple:tb,facebook:ib,"google-oauth2":ab,vipps:ub,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Zo(t,e){const n=await t.data.clients.get(e);if(!n)throw new z(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},a=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(h=>h.name===c.name);return l!=null&&l.options?Ft.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${_t(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${_t(t)}info`],connections:a,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Yo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return db(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function db(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function pb(t,e,n,r){if(!r.state)throw new z(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=ve(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new z(403,{message:"Connection Not Found"})}let s=await t.env.data.loginSessions.get(e.tenant.id,r.state);s||(s=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:r,csrf_token:xe(),...sn(t.req)}));const c=await Hg(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+E_*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Bp(t,{code:e,state:n}){var f;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new z(403,{message:"State not found"});const s=await r.data.loginSessions.get(t.var.tenant_id||"",i.login_id);if(!s)throw new z(403,{message:"Session not found"});const a=await Zo(r,s.authParams.client_id);t.set("client_id",a.id),t.set("tenant_id",a.tenant.id);const c=a.connections.find(_=>_.id===i.connection_id);if(!c){const _=ve(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(a.tenant.id,_),new z(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=ve(t,{type:he.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(a.tenant.id,_),new z(403,{message:"Redirect URI not defined"})}if(!Yo(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,w=ve(t,{type:he.FAILED_LOGIN,description:_});throw await r.data.logs.create(a.tenant.id,w),new z(403,{message:_})}const u=await Hg(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...h}=u;t.set("user_id",p);const m=((f=u.email)==null?void 0:f.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const v=await io(t,{client:a,email:m,provider:c.strategy,connection:c.name,userId:p,profileData:h,isSocial:!0,ip:t.req.header("x-real-ip")});return on(t,{client:a,authParams:s.authParams,loginSession:s,user:v})}async function Tp(t,e,n,r,i,s){const a=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!a)throw new z(400,{message:"State not found"});const c=await t.env.data.loginSessions.get(t.var.tenant_id,a.login_id);if(!c)throw new z(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new z(400,{message:"Redirect uri not found"});const u=ve(t,{type:he.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});nt(t,t.env.data.logs.create(t.var.tenant_id,u));const p=new URL(l);return Nw(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${_t(t.env)}enter-email?state=${c.id}&error=${n}`)}const fb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("query");if(r)return Tp(t,e,r,i,s,a);if(!n)throw new z(400,{message:"Code is required"});return Bp(t,{code:n,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("form");if(r)return Tp(t,e,r,i,s,a);if(!n)throw new z(400,{message:"Code is required"});return Bp(t,{code:n,state:e})}),hb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Yo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new z(400,{message:"Invalid redirect uri"});const a=t.req.header("cookie");if(a){const l=cs(r.tenant.id,a);if(l){const u=await t.env.data.sessions.get(r.tenant.id,l);if(u){const p=await t.env.data.users.get(r.tenant.id,u.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection))}await t.env.data.sessions.remove(r.tenant.id,l)}}const c=ve(t,{type:he.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":j_(r.tenant.id,t.req.header("host")),location:s}})}),Pp=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),gb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:Pp}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new z(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new z(404,{message:"User not found"});return t.json(Pp.parse({...e,sub:e.user_id}))}),mb=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:ff}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new tu(r.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return rl.parse({...a,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${ji}, stale-while-revalidate=${ji*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Ea}},description:"List of tenants"}}}),async t=>{const e=Ea.parse({issuer:Xw(t.env),authorization_endpoint:`${je(t.env)}authorize`,token_endpoint:`${je(t.env)}oauth/token`,device_authorization_endpoint:`${je(t.env)}oauth/device/code`,userinfo_endpoint:`${je(t.env)}userinfo`,mfa_challenge_endpoint:`${je(t.env)}mfa/challenge`,jwks_uri:`${je(t.env)}.well-known/jwks.json`,registration_endpoint:`${je(t.env)}oidc/register`,revocation_endpoint:`${je(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${ji}, stale-while-revalidate=${ji*2}, stale-if-error=86400`}})});function Fi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Fg=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function _b(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Invalid client credentials"});if(n.client_secret&&!Fi(n.client_secret,e.client_secret))throw new z(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await to(t,{authParams:r,client:n});return t.json(i)}const yb=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function vb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new z(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new z(403,{message:"Code expired"});if(r.used_at)throw new z(403,{message:"Code already used"});const i=await t.env.data.loginSessions.get(n.tenant.id,r.login_id);if(!i)throw new z(403,{message:"Invalid login"});if("client_secret"in e){const a=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Fi(n.client_secret,e.client_secret)&&!Fi(a==null?void 0:a.client_secret,e.client_secret))throw new z(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const a=await k_(e.code_verifier,i.authParams.code_challenge_method);if(!Fi(a,i.authParams.code_challenge||""))throw new z(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new z(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new z(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),on(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Yt.WEB_MESSAGE}})}const wb=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function bb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new z(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new z(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new z(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const a=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:a.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return on(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Yt.WEB_MESSAGE}})}const Rp=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),kb=o.z.union([Fg.extend(Rp.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...Rp.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()})]);function xb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const Sb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:kb}}}},responses:{200:{content:{"application/json":{schema:vf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=xb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new z(400,{message:"client_id is required"});switch(t.set("client_id",r.client_id),e.grant_type){case Br.AuthorizationCode:return vb(t,yb.parse(r));case Br.ClientCredential:return _b(t,Fg.parse(r));case Br.RefreshToken:return bb(t,wb.parse(r));default:throw new z(400,{message:"Not implemented"})}});var ru={exports:{}};const iu=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Kg=(t,e=iu,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};ru.exports={passwordStrength:Kg,defaultOptions:iu};var Ab=ru.exports.passwordStrength=Kg;ru.exports.defaultOptions=iu;function su(t){return Ab(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Si(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new z(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new z(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function Wg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});const s=`${_t(t.env)}reset-password?state=${r}&code=${n}`,a={vendorName:i.name,lng:i.language||"en"};await Si(t,{to:e,subject:se("reset_password_title",a),html:`Click here to reset your password: ${_t(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:se("password_reset_title",a),resetPasswordEmailClickToReset:se("reset_password_email_click_to_reset",a),resetPasswordEmailReset:se("reset_password_email_reset",a),supportInfo:se("support_info",a),contactUs:se("contact_us",a),copyright:se("copyright",a)}})}async function Gg(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new z(500,{message:"Tenant not found"});const i={vendorName:r.name,code:n,lng:r.language||"en"};await Si(t,{to:e,subject:se("code_email_subject",i),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",buttonColor:r.primary_color||"",welcomeToYourAccount:se("welcome_to_your_account",i),linkEmailClickToLogin:se("link_email_click_to_login",i),linkEmailLogin:se("link_email_login",i),linkEmailOrEnterCode:se("link_email_or_enter_code",i),codeValid30Mins:se("code_valid_30_minutes",i),supportInfo:se("support_info",i),contactUs:se("contact_us",i),copyright:se("copyright",i)}});const s=ve(t,{type:he.CODE_LINK_SENT,description:e});nt(t,t.env.data.logs.create(r.id,s))}async function ou(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new z(400,{message:"redirect_uri is required"});const s=new URL(je(t.env));s.pathname="passwordless/verify_redirect",s.searchParams.set("verification_code",n),s.searchParams.set("connection","email"),s.searchParams.set("client_id",r.client_id),s.searchParams.set("redirect_uri",r.redirect_uri),s.searchParams.set("email",e),r.response_type&&s.searchParams.set("response_type",r.response_type),r.scope&&s.searchParams.set("scope",r.scope),r.state&&s.searchParams.set("state",r.state),r.nonce&&s.searchParams.set("nonce",r.nonce),r.code_challenge&&s.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&s.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&s.searchParams.set("audience",r.audience);const a={vendorName:i.name,code:n,lng:i.language||"en"};await Si(t,{to:e,subject:se("code_email_subject",a),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:s.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:se("welcome_to_your_account",a),linkEmailClickToLogin:se("link_email_click_to_login",a),linkEmailLogin:se("link_email_login",a),linkEmailOrEnterCode:se("link_email_or_enter_code",a),codeValid30Mins:se("code_valid_30_minutes",a),supportInfo:se("support_info",a),contactUs:se("contact_us",a),copyright:se("copyright",a)}});const c=ve(t,{type:he.CODE_LINK_SENT,description:e});nt(t,t.env.data.logs.create(i.id,c))}async function au(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new z(500,{message:"Tenant not found"});const r={vendorName:n.name,lng:n.language||"en"};await Si(t,{to:e.email,subject:se("welcome_to_your_account",r),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${_t(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:se("welcome_to_your_account",r),verifyEmailVerify:se("verify_email_verify",r),supportInfo:se("support_info",r),contactUs:se("contact_us",r),copyright:se("copyright",r)}})}async function Eb(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});const s={vendorName:i.name,lng:i.language||"en"},a=`${_t(t.env)}signup?state=${r}&code=${n}`;await Si(t,{to:e,subject:se("register_password_account",s),html:`Click here to register: ${a}`,template:"auth-pre-signup-verification",data:{vendorName:i.name,logo:i.logo||"",signupUrl:a,setPassword:se("set_password",s),registerPasswordAccount:se("register_password_account",s),clickToSignUpDescription:se("click_to_sign_up_description",s),supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",welcomeToYourAccount:se("welcome_to_your_account",s),verifyEmailVerify:se("verify_email_verify",s),supportInfo:se("support_info",s),contactUs:se("contact_us",s),copyright:se("copyright",s)}})}const Ib=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new z(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!su(n))throw new z(400,{message:"Password does not meet the requirements"});if(await ls({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))throw new z(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Xs()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await si.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await au(t,a);const l=ve(t,{type:he.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new z(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await ur({userAdapter:t.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:s,csrf_token:xe(),...sn(t.req)});return await Wg(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Tn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}async function cu(t,e,n,r,i,s,a){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new z(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new z(400,{message:"Code expired"});if(l.used_at)throw new z(400,{message:"Code already used"});const u=await c.data.loginSessions.get(e.tenant.id,l.login_id);if(!u||u.authParams.username!==r)throw new z(400,{message:"Code not found or expired"});const p=sn(t.req);if(a&&u.ip!==p.ip)return t.redirect(`${_t(t.env)}invalid-session?state=${u.id}`);if(n.redirect_uri&&!Yo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new z(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const h=await io(t,{client:e,email:r,provider:"email",connection:"email",isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),on(t,{user:h,client:e,loginSession:u,authParams:n,ticketAuth:s})}const zb=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:tl.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,email:i,send:s,authParams:a}=e,c=await t.env.data.clients.get(r);if(!c)throw new z(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=await n.data.loginSessions.create(c.tenant.id,{authParams:{...a,client_id:r,username:i},expires_at:new Date(Date.now()+Na).toISOString(),csrf_token:xe(),...sn(t.req)}),u=await n.data.codes.create(c.tenant.id,{code_id:Tn(),code_type:"otp",login_id:l.id,expires_at:new Date(Date.now()+Na).toISOString()});return s==="link"?await ou(t,i,u.code_id,{...a,client_id:r}):await Gg(t,i,u.code_id),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(Pt),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:u,nonce:p}=t.req.valid("query"),h=await Zo(e,n);return t.set("client_id",h.id),t.set("tenant_id",h.tenant.id),t.set("connection","email"),cu(t,h,{client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:u},r,i,!1,!0)});class Nr extends z{constructor(n,r){super(n,r);te(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function lu(t,e,n,r,i){const{env:s}=t,a=n.username;if(t.set("username",a),!a)throw new z(400,{message:"Username is required"});const c=await ur({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:a,provider:"auth2"});if(!c){const f=ve(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new Nr(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const u=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(u&&await si.compare(n.password,u.password))){const f=ve(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(f=>f.type===he.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(f.date)>new Date(Date.now()-1e3*60*5)).length>=3){const f=ve(t,{type:he.FAILED_LOGIN,description:"Too many failed login attempts"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await au(t,c);const f=ve(t,{type:he.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,f),new Nr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const v=ve(t,{type:he.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return nt(t,t.env.data.logs.create(e.tenant.id,v)),on(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Nb(t,e,n,r){await io(t,{client:e,email:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=Tn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Tn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+N_).toISOString(),authParams:{client_id:e.id,username:n},csrf_token:xe(),...sn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:a.id,expires_at:new Date(Date.now()+z_).toISOString()});await Wg(t,n,c.code_id,r)}const Cb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new z(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return cu(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const a=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:xe(),...sn(t.req)});return lu(t,i,{username:s,password:e.password,client_id:n},a,!0)}else throw new z(400,{message:"Code or password required"})});function jb(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ga(t))==null?void 0:r.host)??null;if(!n)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((i=ga(a))==null?void 0:i.host)??null:c=((s=ga("https://"+a))==null?void 0:s.host)??null,n===c)return!0}return!1}function ga(t){try{return new URL(t)}catch{return null}}async function $b({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:r,csrf_token:xe(),authorization_url:t.req.url,...sn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return on(t,{client:n,loginSession:a,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=Tn();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:a.id,expires_at:new Date(Date.now()+Jn*1e3).toISOString()}),await ou(t,s,c,r),t.redirect(`/u/enter-code?state=${a.id}`)}return e?t.redirect(`/u/check-account?state=${a.id}`):t.redirect(`/u/enter-email?state=${a.id}`)}function Ob(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new z(403,{message:"Invalid realm"})}async function Bb(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new z(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new z(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new z(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const u=Ob(i);let p=await io(t,{email:c.authParams.username,provider:u,client:l,connection:u==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email),t.set("user_id",p.user_id);const h=await Mf(t,{user:p,client:l,scope:r.scope,audience:r.audience});return on(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:h.id,user:p,client:l})}async function Lp(t,e){return`<!DOCTYPE html>
|
|
149
|
+
`,r}async function ow(t){const e=await t.publicKey.export(),n=await crypto.subtle.exportKey("jwk",e),r=JSON.stringify(n,Object.keys(n).sort()),s=new TextEncoder().encode(r);return za(await zf(s))}const aw=1e3*60*60*24,cw=new o.OpenAPIHono().openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(Ia)}},description:"List of keys"}}}),async t=>{const n=(await t.env.data.keys.list()).filter(r=>"cert"in r).map(r=>r);return t.json(n)}).openapi(o.createRoute({tags:["keys"],method:"get",path:"/signing/{kid}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ia}},description:"The requested key"}}}),async t=>{const{kid:e}=t.req.valid("param"),r=(await t.env.data.keys.list()).find(i=>i.kid===e);if(!r)throw new z(404,{message:"Key not found"});return t.json(r)}).openapi(o.createRoute({tags:["keys"],method:"post",path:"/signing/rotate",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const e=await t.env.data.keys.list();for await(const r of e)await t.env.data.keys.update(r.kid,{revoked_at:new Date(Date.now()+aw).toISOString()});const n=await Jc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["keys"],method:"put",path:"/signing/{kid}/revoke",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({kid:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{description:"Status"}}}),async t=>{const{kid:e}=t.req.valid("param");if(!await t.env.data.keys.update(e,{revoked_at:new Date().toISOString()}))throw new z(404,{message:"Key not found"});const r=await Jc({name:`CN=${t.env.ORGANIZATION_NAME}`});return await t.env.data.keys.create(r),t.text("OK")}),lw=new o.OpenAPIHono().openapi(o.createRoute({tags:["users"],method:"get",path:"/",request:{query:o.z.object({email:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.array(el)}},description:"List of users"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{email:n}=t.req.valid("query"),i=(await pl(t.env.data.users,e,n)).filter(s=>!s.linked_to);return t.json(i)}),uw=nn.extend({clients:o.z.array(mn)}),dw=new o.OpenAPIHono().openapi(o.createRoute({tags:["clients"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([uw,o.z.array(mn)])}},description:"List of clients"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),l=(await t.env.data.applications.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a})).applications;return i?t.json({clients:l,start:0,limit:10,length:l.length}):t.json(l)}).openapi(o.createRoute({tags:["clients"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=(await t.env.data.applications.list(e,{page:1,per_page:0,include_totals:!1})).applications.find(s=>s.id===n);if(!i)throw new z(404);return t.json(i)}).openapi(o.createRoute({tags:["clients"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.applications.remove(e,n))throw new z(404,{message:"Application not found"});return t.text("OK")}).openapi(o.createRoute({tags:["clients"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(ns.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:mn}},description:"The update application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),i=t.req.valid("json");await t.env.data.applications.update(e,n,i);const s=await t.env.data.applications.get(e,n);if(!s)throw new z(404,{message:"Application not found"});return t.json(s)}).openapi(o.createRoute({tags:["clients"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(ns.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:o.z.object(mn.shape)}},description:"An application"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r={...n,id:n.id||xe(),client_secret:n.client_secret||xe()},i=await t.env.data.applications.create(e,r);return t.json(i,{status:201})});o.z.object({start:o.z.number(),limit:o.z.number(),length:o.z.number()});Js.extend({email:o.z.string(),login_count:o.z.number(),multifactor:o.z.array(o.z.string()).optional(),last_ip:o.z.string().optional(),last_login:o.z.string().optional(),user_id:o.z.string()}).catchall(o.z.any());const pw=nn.extend({tenants:o.z.array(Fn)}),fw=new o.OpenAPIHono().openapi(o.createRoute({tags:["tenants"],method:"get",path:"/",request:{query:Xt},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:o.z.union([o.z.array(Fn),pw])}},description:"List of tenants"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),a=await t.env.data.tenants.list({page:e,per_page:n,include_totals:r,sort:dr(i),q:s});return r?t.json(a):t.json(a.tenants)}).openapi(o.createRoute({tags:["tenants"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"tenant/json":{schema:Fn}},description:"A tenant"}}}),async t=>{const{id:e}=t.req.valid("param"),n=await t.env.data.tenants.get(e);if(!n)throw new z(404);return t.json(n)}).openapi(o.createRoute({tags:["tenants"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param");return await t.env.data.tenants.remove(e),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(is.shape).partial()}}},params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{id:e}=t.req.valid("param"),n=t.req.valid("json");return await t.env.data.tenants.update(e,n),t.text("OK")}).openapi(o.createRoute({tags:["tenants"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(is.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"tenant/json":{schema:Fn}},description:"An tenant"}}}),async t=>{const e=t.req.valid("json"),n=await t.env.data.tenants.create(e);return t.json(n,{status:201})}),hw=nn.extend({logs:o.z.array(os)}),gw=new o.OpenAPIHono().openapi(o.createRoute({tags:["logs"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(os),hw])}},description:"List of log rows"}}}),async t=>{const{page:e,per_page:n,include_totals:r,sort:i,q:s}=t.req.valid("query"),{"tenant-id":a}=t.req.valid("header"),c=await t.env.data.logs.list(a,{page:e,per_page:n,include_totals:r,sort:dr(i),q:s});return r?t.json(c):t.json(c.logs)}).openapi(o.createRoute({tags:["logs"],method:"get",path:"/{id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:os}},description:"A log entry"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.logs.get(e,n);if(!r)throw new z(404);return t.json(r)}),mw=nn.extend({hooks:o.z.array(Dn)}),_w=new o.OpenAPIHono().openapi(o.createRoute({tags:["hooks"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Dn),mw])}},description:"List of hooks"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.hooks.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a});return i?t.json(c):t.json(c.hooks)}).openapi(o.createRoute({tags:["hooks"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(ss.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Dn}},description:"The created hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.hooks.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["hooks"],method:"patch",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()}),body:{content:{"application/json":{schema:o.z.object(ss.shape).omit({hook_id:!0}).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Dn.shape}},description:"The updated hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=t.req.valid("json");await t.env.data.hooks.update(e,n,r);const i=await t.env.data.hooks.get(e,n);if(!i)throw new z(404,{message:"Hook not found"});return t.json(i)}).openapi(o.createRoute({tags:["hooks"],method:"get",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Dn}},description:"A hook"},404:{description:"Hook not found"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param"),r=await t.env.data.hooks.get(e,n);if(!r)throw new z(404,{message:"Hook not found"});return t.json(r)}).openapi(o.createRoute({tags:["hooks"],method:"delete",path:"/{hook_id}",request:{headers:o.z.object({"tenant-id":o.z.string()}),params:o.z.object({hook_id:o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{description:"A hook"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{hook_id:n}=t.req.valid("param");if(!await t.env.data.hooks.remove(e,n))throw new z(404,{message:"Hook not found"});return t.text("OK")}),yw=nn.extend({connections:o.z.array(Ft)}),vw=new o.OpenAPIHono().openapi(o.createRoute({tags:["connections"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.union([o.z.array(Ft),yw])}},description:"List of connectionss"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{page:n,per_page:r,include_totals:i=!1,sort:s,q:a}=t.req.valid("query"),c=await t.env.data.connections.list(e,{page:n,per_page:r,include_totals:i,sort:dr(s),q:a});return i?t.json(c):t.json(c.connections)}).openapi(o.createRoute({tags:["connections"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ft}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.connections.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["connections"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.connections.remove(e,n))throw new z(404,{message:"Connection not found"});return t.text("OK")}).openapi(o.createRoute({tags:["connections"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:Ft}},description:"The updated connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.connections.update(e,n,r))throw new z(404,{message:"Connection not found"});const s=await t.env.data.connections.get(e,n);if(!s)throw new z(404,{message:"Connection not found"});return t.json(s)}).openapi(o.createRoute({tags:["connections"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(rs.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:Ft}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.connections.create(e,n);return t.json(r,{status:201})}),ww=new o.OpenAPIHono().openapi(o.createRoute({tags:["prompts"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Li}},description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.promptSettings.get(e);return n?t.json(n):t.json(Li.parse({}))}).openapi(o.createRoute({tags:["prompts"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Li.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Prompts settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.promptSettings.get(e);return Object.assign(r,n),await t.env.data.promptSettings.set(e,r),t.json(r)});let Ap=!1;function Bg(t){t.use(async(e,n)=>(Ap||(t.openAPIRegistry.registerComponent("securitySchemes","Bearer",{type:"oauth2",scheme:"bearer",flows:{implicit:{authorizationUrl:`${e.env.AUTH_URL}/authorize`,scopes:{openid:"Basic user information",email:"User email",profile:"User profile information"}}}}),Ap=!0),await n()))}o.z.object({alg:o.z.literal("RS256"),kty:o.z.literal("RSA"),use:o.z.literal("sig"),n:o.z.string(),e:o.z.string(),kid:o.z.string(),x5t:o.z.string(),x5c:o.z.array(o.z.string())});async function bw(t){try{const e=await t.JWKS_SERVICE.fetch(t.JWKS_URL);if(!e.ok)throw new Error("Failed to fetch jwks");return(await e.json()).keys}catch(e){throw new z(500,{message:`Failed to fetch jwks: ${e.message}`})}}async function kw(t,e){const r=new TextEncoder().encode([e.raw.header,e.raw.payload].join(".")),i=new Uint8Array(Array.from(e.signature).map(l=>l.charCodeAt(0))),a=(await bw(t.env)).find(l=>l.kid===e.header.kid);if(!a)return console.log("No matching kid found"),!1;const c=await crypto.subtle.importKey("jwk",a,{name:"RSASSA-PKCS1-v1_5",hash:"SHA-256"},!1,["verify"]);return crypto.subtle.verify("RSASSA-PKCS1-v1_5",c,i,r)}function xw(t){const[e,n,r]=t.split(".");if(!e||!n||!r)return null;const i=JSON.parse(atob(e)),s=JSON.parse(atob(n)),a=atob(r.replace(/-/g,"+").replace(/_/g,"/"));return{header:i,payload:s,signature:a,raw:{header:e,payload:n,signature:r}}}function Tg(t){return async(e,n)=>{var i,s,a;const r=t.openAPIRegistry.definitions.find(c=>"route"in c&&c.route.path===e.req.path&&c.route.method.toUpperCase()===e.req.method);if(r&&"route"in r){const c=(s=(i=r.route.security)==null?void 0:i[0])==null?void 0:s.Bearer;if(!(c!=null&&c.length))return await n();const l=e.req.header("authorization")||"",[u,p]=l.split(" ");if((u==null?void 0:u.toLowerCase())!=="bearer"||!p)throw new z(401,{message:"Missing bearer token"});const h=xw(p);if(!h||!await kw(e,h))throw new z(403,{message:"Invalid JWT signature"});e.set("user_id",h.payload.sub),e.set("user",h.payload);const m=h.payload.permissions||[],v=((a=h.payload.scope)==null?void 0:a.split(" "))||[];if(c.length&&!(c.some(f=>m.includes(f))||c.some(f=>v.includes(f))))throw new z(403,{message:"Unauthorized"})}return await n()}}const Sw=new o.OpenAPIHono().openapi(o.createRoute({tags:["emails"],method:"get",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ui}},description:"Email provider"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.emailProviders.get(e);if(!n)throw new z(404,{message:"Email provider not found"});return t.json(n)}).openapi(o.createRoute({tags:["emails"],method:"post",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape)}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.create(e,n),t.text("OK",{status:201})}).openapi(o.createRoute({tags:["emails"],method:"patch",path:"/",request:{headers:o.z.object({"tenant-id":o.z.string()}),body:{content:{"application/json":{schema:o.z.object(Ui.shape).partial()}}}},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Branding settings"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json");return await t.env.data.emailProviders.update(e,n),t.text("OK")}),Aw=new o.OpenAPIHono().openapi(o.createRoute({tags:["sessions"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:Ys}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.sessions.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["sessions"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.remove(e,n))throw new z(404,{message:"Session not found"});return t.text("OK")}).openapi(o.createRoute({tags:["sessions"],method:"post",path:"/{id}/revoke",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{202:{description:"Sesssion deletion status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.sessions.update(e,n,{revoked_at:new Date().toDateString()}))throw new z(404,{message:"Session not found"});return t.text("Session deletion request accepted.",{status:202})}),Ew=new o.OpenAPIHono().openapi(o.createRoute({tags:["refresh_tokens"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:il}},description:"A session"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.refreshTokens.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["refresh_tokens"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.refreshTokens.remove(e,n))throw new z(404,{message:"Session not found"});return t.text("OK")}),Iw=new o.OpenAPIHono().openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/",request:{query:Xt,headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:o.z.array(fn)}},description:"List of custom domains"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=await t.env.data.customDomains.list(e);return t.json(n)}).openapi(o.createRoute({tags:["custom-domains"],method:"get",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:read"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"A connection"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=await t.env.data.customDomains.get(e,n);if(!r)throw new z(404);return t.json(r)}).openapi(o.createRoute({tags:["custom-domains"],method:"delete",path:"/{id}",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{description:"Status"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param");if(!await t.env.data.customDomains.remove(e,n))throw new z(404,{message:"Custom domain not found"});return t.text("OK")}).openapi(o.createRoute({tags:["custom-domains"],method:"patch",path:"/{id}",request:{body:{content:{"application/json":{schema:o.z.object(fn.shape).partial()}}},params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"The updated custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),{id:n}=t.req.valid("param"),r=t.req.valid("json");if(!await t.env.data.customDomains.update(e,n,r))throw new z(404);const s=await t.env.data.customDomains.get(e,n);if(!s)throw new z(404);return t.json(s)}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.object(nl.shape)}}},headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{201:{content:{"application/json":{schema:fn}},description:"The created custom domain"}}}),async t=>{const{"tenant-id":e}=t.req.valid("header"),n=t.req.valid("json"),r=await t.env.data.customDomains.create(e,n);return t.json(r,{status:201})}).openapi(o.createRoute({tags:["custom-domains"],method:"post",path:"/{id}/verify",request:{params:o.z.object({id:o.z.string()}),headers:o.z.object({"tenant-id":o.z.string()})},security:[{Bearer:["auth:write"]}],responses:{200:{content:{"application/json":{schema:fn}},description:"The custom domain"}}}),async()=>{throw new z(501,{message:"Not implemented"})});function zw(t){const e=new o.OpenAPIHono;Bg(e),e.use(async(r,i)=>(r.env.data=no(r,t.dataAdapter),i())),e.use(Tg(e));const n=e.route("/branding",t_).route("/custom-domains",Iw).route("/email/providers",Sw).route("/users",uy).route("/keys",cw).route("/users-by-email",lw).route("/clients",dw).route("/tenants",fw).route("/logs",gw).route("/hooks",_w).route("/connections",vw).route("/prompts",ww).route("/sessions",Aw).route("/refresh_tokens",Ew);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Management api"},security:[{oauth2:["openid","email","profile"]}]}),n}function Nw(t,e){Object.keys(e).forEach(n=>{const r=e[n];r!=null&&r.length&&t.searchParams.set(n,r)})}var Ep;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Ep||(Ep={}));var Ip;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(Ip||(Ip={}));function Cw(t){return Rg(t,jw,ei.Include)}function Pg(t){return Rg(t,$w,ei.None)}function Rg(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===ei.Include&&(r+="=")}return r}const jw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",$w="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var ei;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(ei||(ei={}));var zp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(zp||(zp={}));class Ow{uint8(e,n){if(e.byteLength<n+1)throw new TypeError("Insufficient bytes");return e[n]}uint16(e,n){if(e.byteLength<n+2)throw new TypeError("Insufficient bytes");return e[n]<<8|e[n+1]}uint32(e,n){if(e.byteLength<n+4)throw new TypeError("Insufficient bytes");let r=0;for(let i=0;i<4;i++)r|=e[n+i]<<24-i*8;return r}uint64(e,n){if(e.byteLength<n+8)throw new TypeError("Insufficient bytes");let r=0n;for(let i=0;i<8;i++)r|=BigInt(e[n+i])<<BigInt(56-i*8);return r}putUint8(e,n,r){if(e.length<r+1)throw new TypeError("Not enough space");if(n<0||n>255)throw new TypeError("Invalid uint8 value");e[r]=n}putUint16(e,n,r){if(e.length<r+2)throw new TypeError("Not enough space");if(n<0||n>65535)throw new TypeError("Invalid uint16 value");e[r]=n>>8,e[r+1]=n&255}putUint32(e,n,r){if(e.length<r+4)throw new TypeError("Not enough space");if(n<0||n>4294967295)throw new TypeError("Invalid uint32 value");for(let i=0;i<4;i++)e[r+i]=n>>(3-i)*8&255}putUint64(e,n,r){if(e.length<r+8)throw new TypeError("Not enough space");if(n<0||n>18446744073709551615n)throw new TypeError("Invalid uint64 value");for(let i=0;i<8;i++)e[r+i]=Number(n>>BigInt((7-i)*8)&0xffn)}}const Np=new Ow;function kt(t,e){return(t<<32-e|t>>>e)>>>0}function Bw(t){const e=new Tw;return e.update(t),e.digest()}class Tw{constructor(){te(this,"blockSize",64);te(this,"size",32);te(this,"blocks",new Uint8Array(64));te(this,"currentBlockSize",0);te(this,"H",new Uint32Array([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]));te(this,"l",0n);te(this,"w",new Uint32Array(64))}update(e){if(this.l+=BigInt(e.byteLength)*8n,this.currentBlockSize+e.byteLength<64){this.blocks.set(e,this.currentBlockSize),this.currentBlockSize+=e.byteLength;return}let n=0;if(this.currentBlockSize>0){const r=e.slice(0,64-this.currentBlockSize);this.blocks.set(r,this.currentBlockSize),this.process(),n+=r.byteLength,this.currentBlockSize=0}for(;n+64<=e.byteLength;){const r=e.slice(n,n+64);this.blocks.set(r),this.process(),n+=64}if(e.byteLength-n>0){const r=e.slice(n);this.blocks.set(r),this.currentBlockSize=r.byteLength}}digest(){this.blocks[this.currentBlockSize]=128,this.currentBlockSize+=1,64-this.currentBlockSize<8&&(this.blocks.fill(0,this.currentBlockSize),this.process(),this.currentBlockSize=0),this.blocks.fill(0,this.currentBlockSize),Np.putUint64(this.blocks,this.l,this.blockSize-8),this.process();const e=new Uint8Array(32);for(let n=0;n<8;n++)Np.putUint32(e,this.H[n],n*4);return e}process(){for(let u=0;u<16;u++)this.w[u]=(this.blocks[u*4]<<24|this.blocks[u*4+1]<<16|this.blocks[u*4+2]<<8|this.blocks[u*4+3])>>>0;for(let u=16;u<64;u++){const p=(kt(this.w[u-2],17)^kt(this.w[u-2],19)^this.w[u-2]>>>10)>>>0,h=(kt(this.w[u-15],7)^kt(this.w[u-15],18)^this.w[u-15]>>>3)>>>0;this.w[u]=p+this.w[u-7]+h+this.w[u-16]|0}let e=this.H[0],n=this.H[1],r=this.H[2],i=this.H[3],s=this.H[4],a=this.H[5],c=this.H[6],l=this.H[7];for(let u=0;u<64;u++){const p=(kt(s,6)^kt(s,11)^kt(s,25))>>>0,h=(s&a^~s&c)>>>0,m=l+p+h+Pw[u]+this.w[u]|0,v=(kt(e,2)^kt(e,13)^kt(e,22))>>>0,f=(e&n^e&r^n&r)>>>0,_=v+f|0;l=c,c=a,a=s,s=i+m|0,i=r,r=n,n=e,e=m+_|0}this.H[0]=e+this.H[0]|0,this.H[1]=n+this.H[1]|0,this.H[2]=r+this.H[2]|0,this.H[3]=i+this.H[3]|0,this.H[4]=s+this.H[4]|0,this.H[5]=a+this.H[5]|0,this.H[6]=c+this.H[6]|0,this.H[7]=l+this.H[7]|0}}const Pw=new Uint32Array([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]);new BigUint64Array([0x428a2f98d728ae22n,0x7137449123ef65cdn,0xb5c0fbcfec4d3b2fn,0xe9b5dba58189dbbcn,0x3956c25bf348b538n,0x59f111f1b605d019n,0x923f82a4af194f9bn,0xab1c5ed5da6d8118n,0xd807aa98a3030242n,0x12835b0145706fben,0x243185be4ee4b28cn,0x550c7dc3d5ffb4e2n,0x72be5d74f27b896fn,0x80deb1fe3b1696b1n,0x9bdc06a725c71235n,0xc19bf174cf692694n,0xe49b69c19ef14ad2n,0xefbe4786384f25e3n,0x0fc19dc68b8cd5b5n,0x240ca1cc77ac9c65n,0x2de92c6f592b0275n,0x4a7484aa6ea6e483n,0x5cb0a9dcbd41fbd4n,0x76f988da831153b5n,0x983e5152ee66dfabn,0xa831c66d2db43210n,0xb00327c898fb213fn,0xbf597fc7beef0ee4n,0xc6e00bf33da88fc2n,0xd5a79147930aa725n,0x06ca6351e003826fn,0x142929670a0e6e70n,0x27b70a8546d22ffcn,0x2e1b21385c26c926n,0x4d2c6dfc5ac42aedn,0x53380d139d95b3dfn,0x650a73548baf63den,0x766a0abb3c77b2a8n,0x81c2c92e47edaee6n,0x92722c851482353bn,0xa2bfe8a14cf10364n,0xa81a664bbc423001n,0xc24b8b70d0f89791n,0xc76c51a30654be30n,0xd192e819d6ef5218n,0xd69906245565a910n,0xf40e35855771202an,0x106aa07032bbd1b8n,0x19a4c116b8d2d0c8n,0x1e376c085141ab53n,0x2748774cdf8eeb99n,0x34b0bcb5e19b48a8n,0x391c0cb3c5c95a63n,0x4ed8aa4ae3418acbn,0x5b9cca4f7763e373n,0x682e6ff3d6b2b8a3n,0x748f82ee5defb2fcn,0x78a5636f43172f60n,0x84c87814a1f0ab72n,0x8cc702081a6439ecn,0x90befffa23631e28n,0xa4506cebde82bde9n,0xbef9a3f7b2c67915n,0xc67178f2e372532bn,0xca273eceea26619cn,0xd186b8c721c0c207n,0xeada7dd6cde0eb1en,0xf57d4f7fee6ed178n,0x06f067aa72176fban,0x0a637dc5a2c898a6n,0x113f9804bef90daen,0x1b710b35131c471bn,0x28db77f523047d84n,0x32caab7b40c72493n,0x3c9ebe0a15c9bebcn,0x431d67c49c100d4cn,0x4cc5d4becb3e42b6n,0x597f299cfc657e2an,0x5fcb6fab3ad6faecn,0x6c44198c4a475817n]);class Rw{constructor(e){te(this,"data");this.data=e}tokenType(){if("token_type"in this.data&&typeof this.data.token_type=="string")return this.data.token_type;throw new Error("Missing or invalid 'token_type' field")}accessToken(){if("access_token"in this.data&&typeof this.data.access_token=="string")return this.data.access_token;throw new Error("Missing or invalid 'access_token' field")}accessTokenExpiresInSeconds(){if("expires_in"in this.data&&typeof this.data.expires_in=="number")return this.data.expires_in;throw new Error("Missing or invalid 'expires_in' field")}accessTokenExpiresAt(){return new Date(Date.now()+this.accessTokenExpiresInSeconds()*1e3)}hasRefreshToken(){return"refresh_token"in this.data&&typeof this.data.refresh_token=="string"}refreshToken(){if("refresh_token"in this.data&&typeof this.data.refresh_token=="string")return this.data.refresh_token;throw new Error("Missing or invalid 'refresh_token' field")}hasScopes(){return"scope"in this.data&&typeof this.data.scope=="string"}scopes(){if("scope"in this.data&&typeof this.data.scope=="string")return this.data.scope.split(" ");throw new Error("Missing or invalid 'scope' field")}idToken(){if("id_token"in this.data&&typeof this.data.id_token=="string")return this.data.id_token;throw new Error("Missing or invalid field 'id_token'")}}function Lw(t){const e=Bw(new TextEncoder().encode(t));return Pg(e)}function Uw(){const t=new Uint8Array(32);return crypto.getRandomValues(t),Pg(t)}function Ur(t,e){const n=new TextEncoder().encode(e.toString()),r=new Request(t,{method:"POST",body:n});return r.headers.set("Content-Type","application/x-www-form-urlencoded"),r.headers.set("Accept","application/json"),r.headers.set("User-Agent","arctic"),r.headers.set("Content-Length",n.byteLength.toString()),r}function ha(t,e){const n=new TextEncoder().encode(`${t}:${e}`);return Cw(n)}async function Hs(t){let e;try{e=await fetch(t)}catch(n){throw new Ug(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);let r;try{r=Lg(n)}catch{throw new Gn(e.status,n)}throw r}if(e.status===200){let n;try{n=await e.json()}catch{throw new Hi(e.status)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);return new Rw(n)}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}async function Vw(t){let e;try{e=await fetch(t)}catch(n){throw new Ug(n)}if(e.status===400||e.status===401){let n;try{n=await e.json()}catch{throw new Gn(e.status,null)}if(typeof n!="object"||n===null)throw new Gn(e.status,n);let r;try{r=Lg(n)}catch{throw new Gn(e.status,n)}throw r}if(e.status===200){e.body!==null&&await e.body.cancel();return}throw e.body!==null&&await e.body.cancel(),new Hi(e.status)}function Lg(t){let e;if("error"in t&&typeof t.error=="string")e=t.error;else throw new Error("Invalid error response");let n=null,r=null,i=null;if("error_description"in t){if(typeof t.error_description!="string")throw new Error("Invalid data");n=t.error_description}if("error_uri"in t){if(typeof t.error_uri!="string")throw new Error("Invalid data");r=t.error_uri}if("state"in t){if(typeof t.state!="string")throw new Error("Invalid data");i=t.state}return new qw(e,n,r,i)}class Ug extends Error{constructor(e){super("Failed to send request",{cause:e})}}class qw extends Error{constructor(n,r,i,s){super(`OAuth request error: ${n}`);te(this,"code");te(this,"description");te(this,"uri");te(this,"state");this.code=n,this.description=r,this.uri=i,this.state=s}}class Hi extends Error{constructor(n){super("Unexpected error response");te(this,"status");this.status=n}}class Gn extends Error{constructor(n,r){super("Unexpected error response body");te(this,"status");te(this,"data");this.status=n,this.data=r}}class nu{constructor(e,n,r){te(this,"clientId");te(this,"clientPassword");te(this,"redirectURI");this.clientId=e,this.clientPassword=n,this.redirectURI=r}createAuthorizationURL(e,n,r){const i=new URL(e);return i.searchParams.set("response_type","code"),i.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&i.searchParams.set("redirect_uri",this.redirectURI),i.searchParams.set("state",n),r.length>0&&i.searchParams.set("scope",r.join(" ")),i}createAuthorizationURLWithPKCE(e,n,r,i,s){const a=new URL(e);if(a.searchParams.set("response_type","code"),a.searchParams.set("client_id",this.clientId),this.redirectURI!==null&&a.searchParams.set("redirect_uri",this.redirectURI),a.searchParams.set("state",n),r===ti.S256){const c=Lw(i);a.searchParams.set("code_challenge_method","S256"),a.searchParams.set("code_challenge",c)}else r===ti.Plain&&(a.searchParams.set("code_challenge_method","plain"),a.searchParams.set("code_challenge",i));return s.length>0&&a.searchParams.set("scope",s.join(" ")),a}async validateAuthorizationCode(e,n,r){const i=new URLSearchParams;i.set("grant_type","authorization_code"),i.set("code",n),this.redirectURI!==null&&i.set("redirect_uri",this.redirectURI),r!==null&&i.set("code_verifier",r),this.clientPassword===null&&i.set("client_id",this.clientId);const s=Ur(e,i);if(this.clientPassword!==null){const c=ha(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Hs(s)}async refreshAccessToken(e,n,r){const i=new URLSearchParams;i.set("grant_type","refresh_token"),i.set("refresh_token",n),this.clientPassword===null&&i.set("client_id",this.clientId),r.length>0&&i.set("scope",r.join(" "));const s=Ur(e,i);if(this.clientPassword!==null){const c=ha(this.clientId,this.clientPassword);s.headers.set("Authorization",`Basic ${c}`)}return await Hs(s)}async revokeToken(e,n){const r=new URLSearchParams;r.set("token",n),this.clientPassword===null&&r.set("client_id",this.clientId);const i=Ur(e,r);if(this.clientPassword!==null){const s=ha(this.clientId,this.clientPassword);i.headers.set("Authorization",`Basic ${s}`)}await Vw(i)}}var ti;(function(t){t[t.S256=0]="S256",t[t.Plain=1]="Plain"})(ti||(ti={}));var Cp;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Cp||(Cp={}));var jp;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})(jp||(jp={}));function Vr(t){return Mw(t,Dw,Fs.None)}function Mw(t,e,n){let r="";for(let i=0;i<t.byteLength;i+=3){let s=0,a=0;for(let c=0;c<3&&i+c<t.byteLength;c++)s=s<<8|t[i+c],a+=8;for(let c=0;c<4;c++)a>=6?(r+=e[s>>a-6&63],a-=6):a>0?(r+=e[s<<6-a&63],a=0):n===Fs.Include&&(r+="=")}return r}const Dw="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";var Fs;(function(t){t[t.Include=0]="Include",t[t.None=1]="None"})(Fs||(Fs={}));var $p;(function(t){t[t.Required=0]="Required",t[t.Ignore=1]="Ignore"})($p||($p={}));function Hw(t,e,n){const r=Vr(new TextEncoder().encode(t)),i=Vr(new TextEncoder().encode(e)),s=Vr(n);return r+"."+i+"."+s}function Fw(t,e){const n=Vr(new TextEncoder().encode(t)),r=Vr(new TextEncoder().encode(e)),i=n+"."+r;return new TextEncoder().encode(i)}const Kw="https://appleid.apple.com/auth/authorize",Ww="https://appleid.apple.com/auth/token";class Vg{constructor(e,n,r,i,s){te(this,"clientId");te(this,"teamId");te(this,"keyId");te(this,"pkcs8PrivateKey");te(this,"redirectURI");this.clientId=e,this.teamId=n,this.keyId=r,this.pkcs8PrivateKey=i,this.redirectURI=s}createAuthorizationURL(e,n){const r=new URL(Kw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId);const r=await this.createClientSecret();n.set("client_secret",r);const i=Ur(Ww,n);return await Hs(i)}async createClientSecret(){const e=await crypto.subtle.importKey("pkcs8",this.pkcs8PrivateKey,{name:"ECDSA",namedCurve:"P-256"},!1,["sign"]),n=Math.floor(Date.now()/1e3),r=JSON.stringify({typ:"JWT",alg:"ES256",kid:this.keyId}),i=JSON.stringify({iss:this.teamId,exp:n+5*60,aud:["https://appleid.apple.com"],sub:this.clientId,iat:n}),s=new Uint8Array(await crypto.subtle.sign({name:"ECDSA",hash:"SHA-256"},e,Fw(r,i)));return Hw(r,i,s)}}const Gw="https://www.facebook.com/v16.0/dialog/oauth",Jw="https://graph.facebook.com/v16.0/oauth/access_token";class qg{constructor(e,n,r){te(this,"clientId");te(this,"clientSecret");te(this,"redirectURI");this.clientId=e,this.clientSecret=n,this.redirectURI=r}createAuthorizationURL(e,n){const r=new URL(Gw);return r.searchParams.set("response_type","code"),r.searchParams.set("client_id",this.clientId),r.searchParams.set("state",e),n.length>0&&r.searchParams.set("scope",n.join(" ")),r.searchParams.set("redirect_uri",this.redirectURI),r}async validateAuthorizationCode(e){const n=new URLSearchParams;n.set("grant_type","authorization_code"),n.set("code",e),n.set("redirect_uri",this.redirectURI),n.set("client_id",this.clientId),n.set("client_secret",this.clientSecret);const r=Ur(Jw,n);return await Hs(r)}}const Zw="https://accounts.google.com/o/oauth2/v2/auth",Op="https://oauth2.googleapis.com/token",Yw="https://oauth2.googleapis.com/revoke";let Mg=class{constructor(e,n,r){te(this,"client");this.client=new nu(e,n,r)}createAuthorizationURL(e,n,r){return this.client.createAuthorizationURLWithPKCE(Zw,e,ti.S256,n,r)}async validateAuthorizationCode(e,n){return await this.client.validateAuthorizationCode(Op,e,n)}async refreshAccessToken(e){return await this.client.refreshAccessToken(Op,e,[])}async revokeToken(e){await this.client.revokeToken(Yw,e)}};const Jo=o.z.object({iss:o.z.string().url(),sub:o.z.string(),aud:o.z.string(),exp:o.z.number(),email:o.z.string().optional(),given_name:o.z.string().optional(),family_name:o.z.string().optional(),name:o.z.string().optional(),iat:o.z.number(),auth_time:o.z.number().optional(),nonce:o.z.string().optional(),acr:o.z.string().optional(),amr:o.z.array(o.z.string()).optional(),azp:o.z.string().optional(),at_hash:o.z.string().optional(),c_hash:o.z.string().optional()}).passthrough();Jo.omit({iat:!0,auth_time:!0,nonce:!0,acr:!0,amr:!0,azp:!0,at_hash:!0,c_hash:!0});function Xw(t){return t.ISSUER}function _t(t){return t.UNIVERSAL_LOGIN_URL||`${t.ISSUER}u/`}function je(t){return t.OAUTH_API_URL||t.ISSUER}function Dg(t){const{options:e}=t;if(!e||!e.client_id||!e.team_id||!e.kid||!e.app_secret)throw new Error("Missing required Apple authentication parameters");const n=Buffer.from(e.app_secret,"utf-8"),r=n.toString().replace(/-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----|\s/g,""),i=Uint8Array.from(Buffer.from(r,"base64"));return n.fill(0),{options:e,keyArray:i}}async function Qw(t,e){var l,u;const{options:n,keyArray:r}=Dg(e),i=new Vg(n.client_id,n.team_id,n.kid,r,`${je(t.env)}callback`),s=xe(),a=await i.createAuthorizationURL(s,((l=n.scope)==null?void 0:l.split(" "))||["name","email"]);return(((u=n.scope)==null?void 0:u.split(" "))||["name","email"]).some(p=>["email","name"].includes(p))&&a.searchParams.set("response_mode","form_post"),{redirectUrl:a.href,code:s}}async function eb(t,e,n){const{options:r,keyArray:i}=Dg(e),a=await new Vg(r.client_id,r.team_id,r.kid,i,`${je(t.env)}callback`).validateAuthorizationCode(n),c=ol(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Jo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const tb=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:Qw,validateAuthorizationCodeAndGetUser:eb},Symbol.toStringTag,{value:"Module"}));async function nb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new qg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe();return{redirectUrl:r.createAuthorizationURL(i,((a=n.scope)==null?void 0:a.split(" "))||["email"]).href,code:i}}async function rb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new qg(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n),a=await fetch("https://graph.facebook.com/v16.0/me?fields=id,email,name",{headers:{Authorization:`Bearer ${s.accessToken()}`}});if(!a.ok)throw new Error("Failed to fetch user info");const c=await a.json();return t.set("log",`Userinfo: ${JSON.stringify(c)}`),{sub:c.id,email:c.email,name:c.name}}const ib=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:nb,validateAuthorizationCodeAndGetUser:rb},Symbol.toStringTag,{value:"Module"}));async function sb(t,e){var c;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required Google authentication parameters");const r=new Mg(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe(),s=Uw();return{redirectUrl:r.createAuthorizationURL(i,s,((c=n.scope)==null?void 0:c.split(" "))??["email","profile"]).href,code:i,codeVerifier:s}}async function ob(t,e,n,r){const{options:i}=e;if(!(i!=null&&i.client_id)||!i.client_secret||!r)throw new Error("Missing required authentication parameters");const a=await new Mg(i.client_id,i.client_secret,`${je(t.env)}callback`).validateAuthorizationCode(n,r),c=ol(a.idToken());if(!c)throw new Error("Invalid ID token");const l=Jo.parse(c.payload);return{sub:l.sub,email:l.email,given_name:l.given_name,family_name:l.family_name,name:l.name,picture:l.picture,locale:l.locale}}const ab=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:sb,validateAuthorizationCodeAndGetUser:ob},Symbol.toStringTag,{value:"Module"}));async function cb(t,e){var a;const{options:n}=e;if(!(n!=null&&n.client_id)||!n.client_secret)throw new Error("Missing required authentication parameters");const r=new nu(n.client_id,n.client_secret,`${je(t.env)}callback`),i=xe(),s=r.createAuthorizationURL("https://api.vipps.no/access-management-1.0/access/oauth2/auth",i,((a=n.scope)==null?void 0:a.split(" "))||["openid","email","phoneNumber","name","address","birthDate"]);return s.searchParams.set("response_type","code"),s.searchParams.set("response_mode","query"),{redirectUrl:s.href,code:i}}async function lb(t,e,n){const{options:r}=e;if(!(r!=null&&r.client_id)||!r.client_secret)throw new Error("Missing required authentication parameters");const s=await new nu(r.client_id,r.client_secret,`${je(t.env)}callback`).validateAuthorizationCode("https://api.vipps.no/access-management-1.0/access/oauth2/token",n,null),a=ol(s.idToken());if(!a)throw new Error("Invalid ID token");const c=Jo.parse(a.payload);if(typeof c.msn!="string")throw new Error("msn not available in id token");const l=await fetch("https://api.vipps.no/vipps-userinfo-api/userinfo",{headers:{Authorization:`Bearer ${s.accessToken()}`,"Merchant-Serial-Number":c.msn}});if(!l.ok)throw new z(400,{message:"Failed to get user from vipps"});return await l.json()}const ub=Object.freeze(Object.defineProperty({__proto__:null,getRedirect:cb,validateAuthorizationCodeAndGetUser:lb},Symbol.toStringTag,{value:"Module"}));function Hg(t,e){const n=t.env.STRATEGIES||{},i={apple:tb,facebook:ib,"google-oauth2":ab,vipps:ub,...n}[e];if(!i)throw new Error(`Strategy ${e} not found`);return i}async function Zo(t,e){const n=await t.data.clients.get(e);if(!n)throw new z(403,{message:"Client not found"});const r=t.DEFAULT_CLIENT_ID?await t.data.clients.get(t.DEFAULT_CLIENT_ID):void 0,i=await t.data.connections.list(n.tenant.id),s=t.DEFAULT_TENANT_ID?await t.data.connections.list(t.DEFAULT_TENANT_ID):{connections:[]},a=i.connections.map(c=>{var p;const l=(p=s.connections)==null?void 0:p.find(h=>h.name===c.name);return l!=null&&l.options?Ft.parse({...l||{},...c,options:{...l.options||{},...c.options}}):c}).filter(c=>c);return{...n,web_origins:[...(r==null?void 0:r.web_origins)||[],...n.web_origins||[],`${_t(t)}login`],allowed_logout_urls:[...(r==null?void 0:r.allowed_logout_urls)||[],...n.allowed_logout_urls||[],t.ISSUER],callbacks:[...(r==null?void 0:r.callbacks)||[],...n.callbacks||[],`${_t(t)}info`],connections:a,tenant:{...(r==null?void 0:r.tenant)||{},...n.tenant}}}function Yo(t,e=[],n={}){try{const r=new URL(t);return e.some(i=>{try{return db(r,new URL(i),n.allowPathWildcards)}catch{return!1}})}catch{return!1}}function db(t,e,n){if(t.protocol!==e.protocol)return!1;if(n&&e.pathname.includes("*")){const r=e.pathname.replace(/\*/g,".*").replace(/\//g,"\\/");if(!new RegExp(`^${r}$`).test(t.pathname))return!1}else if(t.pathname!==e.pathname)return!1;if(e.hostname.startsWith("*.")&&e.hostname.split(".").length>2&&["http:","https:"].includes(e.protocol)){const r=e.hostname.split(".").slice(1).join(".");return t.hostname.endsWith(r)}return t.hostname===e.hostname}async function pb(t,e,n,r){if(!r.state)throw new z(400,{message:"State not found"});const i=e.connections.find(l=>l.name===n);if(!i){t.set("client_id",e.id);const l=ve(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await t.env.data.logs.create(e.tenant.id,l),new z(403,{message:"Connection Not Found"})}let s=await t.env.data.loginSessions.get(e.tenant.id,r.state);s||(s=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:r,csrf_token:xe(),...sn(t.req)}));const c=await Hg(t,i.strategy).getRedirect(t,i);return await t.env.data.codes.create(e.tenant.id,{login_id:s.id,code_id:c.code,code_type:"oauth2_state",connection_id:i.id,code_verifier:c.codeVerifier,expires_at:new Date(Date.now()+E_*1e3).toISOString()}),t.redirect(c.redirectUrl)}async function Bp(t,{code:e,state:n}){var f;const{env:r}=t,i=await r.data.codes.get(t.var.tenant_id||"",n,"oauth2_state");if(!i||!i.connection_id)throw new z(403,{message:"State not found"});const s=await r.data.loginSessions.get(t.var.tenant_id||"",i.login_id);if(!s)throw new z(403,{message:"Session not found"});const a=await Zo(r,s.authParams.client_id);t.set("client_id",a.id),t.set("tenant_id",a.tenant.id);const c=a.connections.find(_=>_.id===i.connection_id);if(!c){const _=ve(t,{type:he.FAILED_LOGIN,description:"Connection not found"});throw await r.data.logs.create(a.tenant.id,_),new z(403,{message:"Connection not found"})}if(t.set("connection",c.name),!s.authParams.redirect_uri){const _=ve(t,{type:he.FAILED_LOGIN,description:"Redirect URI not defined"});throw await r.data.logs.create(a.tenant.id,_),new z(403,{message:"Redirect URI not defined"})}if(!Yo(s.authParams.redirect_uri,a.callbacks||[],{allowPathWildcards:!0})){const _=`Invalid redirect URI - ${s.authParams.redirect_uri}`,w=ve(t,{type:he.FAILED_LOGIN,description:_});throw await r.data.logs.create(a.tenant.id,w),new z(403,{message:_})}const u=await Hg(t,c.strategy).validateAuthorizationCodeAndGetUser(t,c,e,i.code_verifier),{sub:p,...h}=u;t.set("user_id",p);const m=((f=u.email)==null?void 0:f.toLocaleLowerCase())||`${c.name}.${p}@${new URL(t.env.ISSUER).hostname}`;t.set("username",m);const v=await io(t,{client:a,email:m,provider:c.strategy,connection:c.name,userId:p,profileData:h,isSocial:!0,ip:t.req.header("x-real-ip")});return on(t,{client:a,authParams:s.authParams,loginSession:s,user:v})}async function Tp(t,e,n,r,i,s){const a=await t.env.data.codes.get(t.var.tenant_id||"",e,"oauth2_state");if(!a)throw new z(400,{message:"State not found"});const c=await t.env.data.loginSessions.get(t.var.tenant_id,a.login_id);if(!c)throw new z(400,{message:"Login not found"});const{redirect_uri:l}=c.authParams;if(!l)throw new z(400,{message:"Redirect uri not found"});const u=ve(t,{type:he.FAILED_LOGIN,description:`Failed connection login: ${i} ${n}, ${r}`});nt(t,t.env.data.logs.create(t.var.tenant_id,u));const p=new URL(l);return Nw(p,{error:n,error_description:r,error_reason:s,error_code:i,state:c.authParams.state}),t.redirect(`${_t(t.env)}enter-email?state=${c.id}&error=${n}`)}const fb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("query");if(r)return Tp(t,e,r,i,s,a);if(!n)throw new z(400,{message:"Code is required"});return Bp(t,{code:n,state:e})}).openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:o.z.object({state:o.z.string(),code:o.z.string().optional(),scope:o.z.string().optional(),hd:o.z.string().optional(),error:o.z.string().optional(),error_description:o.z.string().optional(),error_code:o.z.string().optional(),error_reason:o.z.string().optional()})}}}},responses:{302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{state:e,code:n,error:r,error_description:i,error_code:s,error_reason:a}=t.req.valid("form");if(r)return Tp(t,e,r,i,s,a);if(!n)throw new z(400,{message:"Code is required"});return Bp(t,{code:n,state:e})}),hb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),returnTo:o.z.string().optional()}),header:o.z.object({cookie:o.z.string().optional()})},responses:{302:{description:"Log the user out"}}}),async t=>{const{client_id:e,returnTo:n}=t.req.valid("query"),r=await t.env.data.clients.get(e);if(!r)return t.text("OK");const i=await t.env.data.clients.get("DEFAULT_CLIENT");t.set("client_id",e),t.set("tenant_id",r.tenant.id);const s=n||t.req.header("referer");if(!s)return t.text("OK");if(!Yo(s,[...r.allowed_logout_urls||[],...(i==null?void 0:i.allowed_logout_urls)||[]],{allowPathWildcards:!0}))throw new z(400,{message:"Invalid redirect uri"});const a=t.req.header("cookie");if(a){const l=cs(r.tenant.id,a);if(l){const u=await t.env.data.sessions.get(r.tenant.id,l);if(u){const p=await t.env.data.users.get(r.tenant.id,u.user_id);p&&(t.set("user_id",p.user_id),t.set("connection",p.connection))}await t.env.data.sessions.remove(r.tenant.id,l)}}const c=ve(t,{type:he.SUCCESS_LOGOUT,description:"User successfully logged out"});return await t.env.data.logs.create(r.tenant.id,c),new Response("Redirecting",{status:302,headers:{"set-cookie":j_(r.tenant.id,t.req.header("host")),location:s}})}),Pp=o.z.object({sub:o.z.string(),email:o.z.string().optional(),family_name:o.z.string().optional(),given_name:o.z.string().optional(),email_verified:o.z.boolean()}),gb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"get",path:"/",request:{},security:[{Bearer:["openid"]}],responses:{200:{content:{"application/json":{schema:Pp}},description:"Userinfo"}}}),async t=>{if(!t.var.user)throw new z(404,{message:"User not found"});const e=await t.env.data.users.get(t.var.user.tenant_id,t.var.user.sub);if(!e)throw new z(404,{message:"User not found"});return t.json(Pp.parse({...e,sub:e.user_id}))}),mb=new o.OpenAPIHono().openapi(o.createRoute({tags:["well known"],method:"get",path:"/jwks.json",request:{},responses:{200:{content:{"application/json":{schema:ff}},description:"List of tenants"}}}),async t=>{const e=await t.env.data.keys.list(),n=await Promise.all(e.map(async r=>{const s=await new tu(r.cert).publicKey.export(),a=await crypto.subtle.exportKey("jwk",s);return rl.parse({...a,kid:r.kid})}));return t.json({keys:n},{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${ji}, stale-while-revalidate=${ji*2}, stale-if-error=86400`}})}).openapi(o.createRoute({tags:["well known"],method:"get",path:"/openid-configuration",request:{},responses:{200:{content:{"application/json":{schema:Ea}},description:"List of tenants"}}}),async t=>{const e=Ea.parse({issuer:Xw(t.env),authorization_endpoint:`${je(t.env)}authorize`,token_endpoint:`${je(t.env)}oauth/token`,device_authorization_endpoint:`${je(t.env)}oauth/device/code`,userinfo_endpoint:`${je(t.env)}userinfo`,mfa_challenge_endpoint:`${je(t.env)}mfa/challenge`,jwks_uri:`${je(t.env)}.well-known/jwks.json`,registration_endpoint:`${je(t.env)}oidc/register`,revocation_endpoint:`${je(t.env)}oauth/revoke`,scopes_supported:["openid","profile","offline_access","name","given_name","family_name","nickname","email","email_verified","picture","created_at","identities","phone","address"],response_types_supported:["code","token","id_token","code token","code id_token","token id_token","code token id_token"],code_challenge_methods_supported:["S256","plain"],response_modes_supported:["query","fragment","form_post"],subject_types_supported:["public"],id_token_signing_alg_values_supported:["RS256"],token_endpoint_auth_methods_supported:["client_secret_basic","client_secret_post"],claims_supported:["aud","auth_time","created_at","email","email_verified","exp","family_name","given_name","iat","identities","iss","name","nickname","phone_number","picture","sub"],request_uri_parameter_supported:!1,request_parameter_supported:!1,token_endpoint_auth_signing_alg_values_supported:["RS256","RS384","PS256"]});return t.json(e,{headers:{"access-control-allow-origin":"*","access-control-allow-method":"GET","cache-control":`public, max-age=${ji}, stale-while-revalidate=${ji*2}, stale-if-error=86400`}})});function Fi(t,e){if(!t||!e||t.length!==e.length)return!1;let n=0;for(let r=0;r<t.length;r++)n|=t.charCodeAt(r)^e.charCodeAt(r);return n===0}const Fg=o.z.object({grant_type:o.z.literal("client_credentials"),scope:o.z.string().optional(),client_secret:o.z.string(),client_id:o.z.string(),audience:o.z.string().optional()});async function _b(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Invalid client credentials"});if(n.client_secret&&!Fi(n.client_secret,e.client_secret))throw new z(403,{message:"Invalid client credentials"});const r={client_id:n.id,scope:e.scope,audience:e.audience},i=await to(t,{authParams:r,client:n});return t.json(i)}const yb=o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional(),code_verifier:o.z.string().optional()}).refine(t=>"client_secret"in t&&!("code_verifier"in t)||!("client_secret"in t)&&"code_verifier"in t,{message:"Must provide either client_secret (standard flow) or code_verifier/code_verifier_mode (PKCE flow), but not both"});async function vb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Client not found"});const r=await t.env.data.codes.get(n.tenant.id,e.code,"authorization_code");if(!r||!r.user_id)throw new z(403,{message:"Invalid client credentials"});if(new Date(r.expires_at)<new Date)throw new z(403,{message:"Code expired"});if(r.used_at)throw new z(403,{message:"Code already used"});const i=await t.env.data.loginSessions.get(n.tenant.id,r.login_id);if(!i)throw new z(403,{message:"Invalid login"});if("client_secret"in e){const a=await t.env.data.clients.get("DEFAULT_CLIENT");if(!Fi(n.client_secret,e.client_secret)&&!Fi(a==null?void 0:a.client_secret,e.client_secret))throw new z(403,{message:"Invalid client credentials"})}else if("code_verifier"in e&&typeof e.code_verifier=="string"&&"code_challenge_method"in i.authParams&&typeof i.authParams.code_challenge_method=="string"){const a=await k_(e.code_verifier,i.authParams.code_challenge_method);if(!Fi(a,i.authParams.code_challenge||""))throw new z(403,{message:"Invalid client credentials"})}if(i.authParams.redirect_uri&&i.authParams.redirect_uri!==e.redirect_uri)throw new z(403,{message:"Invalid redirect uri"});const s=await t.env.data.users.get(n.tenant.id,r.user_id);if(!s)throw new z(403,{message:"User not found"});return await t.env.data.codes.used(n.tenant.id,e.code),on(t,{user:s,client:n,loginSession:i,authParams:{...i.authParams,response_mode:Yt.WEB_MESSAGE}})}const wb=o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),redirect_uri:o.z.string().optional(),refresh_token:o.z.string()});async function bb(t,e){const n=await t.env.data.clients.get(e.client_id);if(!n)throw new z(403,{message:"Client not found"});const r=await t.env.data.refreshTokens.get(n.tenant.id,e.refresh_token);if(r){if(r.expires_at&&new Date(r.expires_at)<new Date||r.idle_expires_at&&new Date(r.idle_expires_at)<new Date)throw new z(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Refresh token has expired"})})}else throw new z(403,{message:JSON.stringify({error:"invalid_grant",error_description:"Invalid refresh token"})});const i=await t.env.data.users.get(n.tenant.id,r.user_id);if(!i)throw new z(403,{message:"User not found"});const s=r.resource_servers[0];if(r.idle_expires_at){const a=new Date(Date.now()+2592e6);await t.env.data.refreshTokens.update(n.tenant.id,r.id,{idle_expires_at:a.toISOString(),last_exchanged_at:new Date().toISOString(),device:{...r.device,last_ip:t.req.header["x-real-ip"]||"",last_user_agent:t.req.header["user-agent"]||""}})}return on(t,{user:i,client:n,refreshToken:r.id,sessionId:r.session_id,authParams:{client_id:n.id,audience:s==null?void 0:s.audience,scope:s==null?void 0:s.scopes,response_mode:Yt.WEB_MESSAGE}})}const Rp=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),kb=o.z.union([Fg.extend(Rp.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128)}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),...Rp.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional()})]);function xb(t){if(!t)return{};const[e,n]=t.split(" ");if((e==null?void 0:e.toLowerCase())==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const Sb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:kb}}}},responses:{200:{content:{"application/json":{schema:vf}},description:"Tokens"}}}),async t=>{const e=t.req.valid("form"),n=xb(t.req.header("Authorization")),r={...e,...n};if(!r.client_id)throw new z(400,{message:"client_id is required"});switch(t.set("client_id",r.client_id),e.grant_type){case Br.AuthorizationCode:return vb(t,yb.parse(r));case Br.ClientCredential:return _b(t,Fg.parse(r));case Br.RefreshToken:return bb(t,wb.parse(r));default:throw new z(400,{message:"Not implemented"})}});var ru={exports:{}};const iu=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:6},{id:2,value:"Medium",minDiversity:4,minLength:8},{id:3,value:"Strong",minDiversity:4,minLength:10}],Kg=(t,e=iu,n="!\"#$%&'()*+,-./:;<=>?@[\\\\\\]^_`{|}~")=>{let r=t||"";e[0].minDiversity=0,e[0].minLength=0;const i=[{regex:"[a-z]",message:"lowercase"},{regex:"[A-Z]",message:"uppercase"},{regex:"[0-9]",message:"number"}];n&&i.push({regex:`[${n}]`,message:"symbol"});let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.message),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};ru.exports={passwordStrength:Kg,defaultOptions:iu};var Ab=ru.exports.passwordStrength=Kg;ru.exports.defaultOptions=iu;function su(t){return Ab(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function Si(t,e){var i;const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new z(500,{message:"Email provider not found"});const r=(i=t.env.emailProviders)==null?void 0:i[n.name];if(!r)throw new z(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function Wg(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});const s=`${_t(t.env)}reset-password?state=${r}&code=${n}`,a={vendorName:i.name,lng:i.language||"en"};await Si(t,{to:e,subject:se("reset_password_title",a),html:`Click here to reset your password: ${_t(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:i.name,logo:i.logo||"",passwordResetUrl:s,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",passwordResetTitle:se("password_reset_title",a),resetPasswordEmailClickToReset:se("reset_password_email_click_to_reset",a),resetPasswordEmailReset:se("reset_password_email_reset",a),supportInfo:se("support_info",a),contactUs:se("contact_us",a),copyright:se("copyright",a)}})}async function Gg(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new z(500,{message:"Tenant not found"});const i={vendorName:r.name,code:n,lng:r.language||"en"};await Si(t,{to:e,subject:se("code_email_subject",i),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:r.name,logo:r.logo||"",supportUrl:r.support_url||"",buttonColor:r.primary_color||"",welcomeToYourAccount:se("welcome_to_your_account",i),linkEmailClickToLogin:se("link_email_click_to_login",i),linkEmailLogin:se("link_email_login",i),linkEmailOrEnterCode:se("link_email_or_enter_code",i),codeValid30Mins:se("code_valid_30_minutes",i),supportInfo:se("support_info",i),contactUs:se("contact_us",i),copyright:se("copyright",i)}});const s=ve(t,{type:he.CODE_LINK_SENT,description:e});nt(t,t.env.data.logs.create(r.id,s))}async function ou(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new z(400,{message:"redirect_uri is required"});const s=new URL(je(t.env));s.pathname="passwordless/verify_redirect",s.searchParams.set("verification_code",n),s.searchParams.set("connection","email"),s.searchParams.set("client_id",r.client_id),s.searchParams.set("redirect_uri",r.redirect_uri),s.searchParams.set("email",e),r.response_type&&s.searchParams.set("response_type",r.response_type),r.scope&&s.searchParams.set("scope",r.scope),r.state&&s.searchParams.set("state",r.state),r.nonce&&s.searchParams.set("nonce",r.nonce),r.code_challenge&&s.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&s.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&s.searchParams.set("audience",r.audience);const a={vendorName:i.name,code:n,lng:i.language||"en"};await Si(t,{to:e,subject:se("code_email_subject",a),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:i.name,logo:i.logo||"",supportUrl:i.support_url||"",magicLink:s.toString(),buttonColor:i.primary_color||"",welcomeToYourAccount:se("welcome_to_your_account",a),linkEmailClickToLogin:se("link_email_click_to_login",a),linkEmailLogin:se("link_email_login",a),linkEmailOrEnterCode:se("link_email_or_enter_code",a),codeValid30Mins:se("code_valid_30_minutes",a),supportInfo:se("support_info",a),contactUs:se("contact_us",a),copyright:se("copyright",a)}});const c=ve(t,{type:he.CODE_LINK_SENT,description:e});nt(t,t.env.data.logs.create(i.id,c))}async function au(t,e){const n=await t.env.data.tenants.get(t.var.tenant_id);if(!n)throw new z(500,{message:"Tenant not found"});const r={vendorName:n.name,lng:n.language||"en"};await Si(t,{to:e.email,subject:se("welcome_to_your_account",r),html:`Click here to validate your email: ${_t(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:n.name,logo:n.logo||"",emailValidationUrl:`${_t(t.env)}validate-email`,supportUrl:n.support_url||"https://support.sesamy.com",buttonColor:n.primary_color||"#7d68f4",welcomeToYourAccount:se("welcome_to_your_account",r),verifyEmailVerify:se("verify_email_verify",r),supportInfo:se("support_info",r),contactUs:se("contact_us",r),copyright:se("copyright",r)}})}async function Eb(t,e,n,r){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new z(500,{message:"Tenant not found"});const s={vendorName:i.name,lng:i.language||"en"},a=`${_t(t.env)}signup?state=${r}&code=${n}`;await Si(t,{to:e,subject:se("register_password_account",s),html:`Click here to register: ${a}`,template:"auth-pre-signup-verification",data:{vendorName:i.name,logo:i.logo||"",signupUrl:a,setPassword:se("set_password",s),registerPasswordAccount:se("register_password_account",s),clickToSignUpDescription:se("click_to_sign_up_description",s),supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:i.primary_color||"#7d68f4",welcomeToYourAccount:se("welcome_to_your_account",s),verifyEmailVerify:se("verify_email_verify",s),supportInfo:se("support_info",s),contactUs:se("contact_us",s),copyright:se("copyright",s)}})}const Ib=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.clients.get(r);if(!i)throw new z(400,{message:"Client not found"});if(t.set("client_id",i.id),t.set("tenant_id",i.tenant.id),!su(n))throw new z(400,{message:"Password does not meet the requirements"});if(await ls({userAdapter:t.env.data.users,tenant_id:i.tenant.id,email:e,provider:"auth2"}))throw new z(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Xs()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await si.hash(n,10);await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await au(t,a);const l=ve(t,{type:he.SUCCESS_SIGNUP,description:"Successful signup"});return await t.env.data.logs.create(i.tenant.id,l),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.clients.get(n);if(!r)throw new z(400,{message:"Client not found"});if(t.set("client_id",r.id),t.set("tenant_id",r.tenant.id),!await ur({userAdapter:t.env.data.users,tenant_id:r.tenant.id,email:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:s,csrf_token:xe(),...sn(t.req)});return await Wg(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Tn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}async function cu(t,e,n,r,i,s,a){const{env:c}=t,l=await c.data.codes.get(e.tenant.id,i,"otp");if(!l)throw new z(400,{message:"Code not found or expired"});if(l.expires_at<new Date().toISOString())throw new z(400,{message:"Code expired"});if(l.used_at)throw new z(400,{message:"Code already used"});const u=await c.data.loginSessions.get(e.tenant.id,l.login_id);if(!u||u.authParams.username!==r)throw new z(400,{message:"Code not found or expired"});const p=sn(t.req);if(a&&u.ip!==p.ip)return t.redirect(`${_t(t.env)}invalid-session?state=${u.id}`);if(n.redirect_uri&&!Yo(n.redirect_uri,e.callbacks,{allowPathWildcards:!0}))throw new z(400,{message:`Invalid redirect URI - ${n.redirect_uri}`});const h=await io(t,{client:e,email:r,provider:"email",connection:"email",isSocial:!1,ip:t.req.header("x-real-ip")});return await c.data.codes.used(e.tenant.id,i),on(t,{user:h,client:e,loginSession:u,authParams:n,ticketAuth:s})}const zb=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:tl.omit({client_id:!0})})}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,email:i,send:s,authParams:a}=e,c=await t.env.data.clients.get(r);if(!c)throw new z(400,{message:"Client not found"});t.set("client_id",c.id),t.set("tenant_id",c.tenant.id);const l=await n.data.loginSessions.create(c.tenant.id,{authParams:{...a,client_id:r,username:i},expires_at:new Date(Date.now()+Na).toISOString(),csrf_token:xe(),...sn(t.req)}),u=await n.data.codes.create(c.tenant.id,{code_id:Tn(),code_type:"otp",login_id:l.id,expires_at:new Date(Date.now()+Na).toISOString()});return s==="link"?await ou(t,i,u.code_id,{...a,client_id:r}):await Gg(t,i,u.code_id),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(Pt),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Status"}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:u,nonce:p}=t.req.valid("query"),h=await Zo(e,n);return t.set("client_id",h.id),t.set("tenant_id",h.tenant.id),t.set("connection","email"),cu(t,h,{client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:u},r,i,!1,!0)});class Nr extends z{constructor(n,r){super(n,r);te(this,"_code");this._code=r==null?void 0:r.code}get code(){return this._code}}async function lu(t,e,n,r,i){const{env:s}=t,a=n.username;if(t.set("username",a),!a)throw new z(400,{message:"Username is required"});const c=await ur({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:a,provider:"auth2"});if(!c){const f=ve(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"User not found",code:"USER_NOT_FOUND"})}const l=c.linked_to?await s.data.users.get(e.tenant.id,c.linked_to):c;if(!l)throw new Nr(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",c.connection),t.set("user_id",l.user_id);const u=await s.data.passwords.get(e.tenant.id,c.user_id);if(!(u&&await si.compare(n.password,u.password))){const f=ve(t,{type:he.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"Invalid password",code:"INVALID_PASSWORD"})}if((await s.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,q:`user_id:${l.user_id}`})).logs.filter(f=>f.type===he.FAILED_LOGIN_INCORRECT_PASSWORD&&new Date(f.date)>new Date(Date.now()-1e3*60*5)).length>=3){const f=ve(t,{type:he.FAILED_LOGIN,description:"Too many failed login attempts"});throw nt(t,t.env.data.logs.create(e.tenant.id,f)),new Nr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"})}if(!c.email_verified&&e.email_validation==="enforced"){await au(t,c);const f=ve(t,{type:he.FAILED_LOGIN,description:"Email not verified"});throw await t.env.data.logs.create(e.tenant.id,f),new Nr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const v=ve(t,{type:he.SUCCESS_LOGIN,description:"Successful login",strategy_type:"Username-Password-Authentication",strategy:"Username-Password-Authentication"});return nt(t,t.env.data.logs.create(e.tenant.id,v)),on(t,{client:e,authParams:n,user:l,ticketAuth:i,loginSession:r})}async function Nb(t,e,n,r){await io(t,{client:e,email:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.req.header("x-real-ip")});let i=Tn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Tn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+N_).toISOString(),authParams:{client_id:e.id,username:n},csrf_token:xe(),...sn(t.req)}),c=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:a.id,expires_at:new Date(Date.now()+z_).toISOString()});await Wg(t,n,c.code_id,r)}const Cb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.clients.get(n);if(!i)throw new z(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase();if("otp"in e)return cu(t,i,{client_id:n,username:s},s,e.otp,!0);if("password"in e){const a=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:xe(),...sn(t.req)});return lu(t,i,{username:s,password:e.password,client_id:n},a,!0)}else throw new z(400,{message:"Code or password required"})});function jb(t,e){var r,i,s;if(!t||e.length===0)return!1;const n=((r=ga(t))==null?void 0:r.host)??null;if(!n)return!1;for(const a of e){let c;if(a.startsWith("http://")||a.startsWith("https://")?c=((i=ga(a))==null?void 0:i.host)??null:c=((s=ga("https://"+a))==null?void 0:s.host)??null,n===c)return!0}return!1}function ga(t){try{return new URL(t)}catch{return null}}async function $b({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+Jn*1e3).toISOString(),authParams:r,csrf_token:xe(),authorization_url:t.req.url,...sn(t.req)});if(e&&s){const c=await t.env.data.users.get(n.tenant.id,e.user_id);if((c==null?void 0:c.email)===s)return on(t,{client:n,loginSession:a,authParams:r,user:c,sessionId:e.id})}if(i==="email"&&s){const c=Tn();return await t.env.data.codes.create(n.tenant.id,{code_id:c,code_type:"otp",login_id:a.id,expires_at:new Date(Date.now()+Jn*1e3).toISOString()}),await ou(t,s,c,r),t.redirect(`/u/enter-code?state=${a.id}`)}return e?t.redirect(`/u/check-account?state=${a.id}`):t.redirect(`/u/enter-email?state=${a.id}`)}function Ob(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new z(403,{message:"Invalid realm"})}async function Bb(t,e,n,r,i){var m;const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new z(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new z(403,{message:"Session not found"});const l=await s.data.clients.get(c.authParams.client_id);if(!l)throw new z(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const u=Ob(i);let p=await io(t,{email:c.authParams.username,provider:u,client:l,connection:u==="auth2"?"Username-Password-Authentication":"email",isSocial:!1,ip:t.req.header("x-real-ip")});t.set("username",p.email),t.set("user_id",p.user_id);const h=await Mf(t,{user:p,client:l,loginSession:c});return on(t,{authParams:{scope:(m=c.authParams)==null?void 0:m.scope,...r},loginSession:c,sessionId:h.id,user:p,client:l})}async function Lp(t,e){return`<!DOCTYPE html>
|
|
150
150
|
<html>
|
|
151
151
|
|
|
152
152
|
<head>
|
|
@@ -189,7 +189,7 @@ PERFORMANCE OF THIS SOFTWARE.
|
|
|
189
189
|
<\/script>
|
|
190
190
|
</body>
|
|
191
191
|
|
|
192
|
-
</html>`}async function Tb({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:s,code_challenge_method:a,code_challenge:c,audience:l,scope:u,response_type:p}){const{env:h}=t,m=new URL(r),v=`${m.protocol}//${m.host}`;async function f(ce="Login required"){const le=ve(t,{type:he.FAILED_SILENT_AUTH,description:ce});return await t.env.data.logs.create(e.tenant.id,le),t.html(Lp(v,JSON.stringify({error:"login_required",error_description:ce,state:i})))}if(!n||(n==null?void 0:n.expires_at)&&new Date(n.expires_at)<new Date||(n==null?void 0:n.idle_expires_at)&&new Date(n.idle_expires_at)<new Date)return f();t.set("user_id",n.user_id);const w=await h.data.users.get(e.tenant.id,n.user_id);if(!w)return console.error("User not found",n.user_id),f("User not found");t.set("username",w.email),t.set("connection",w.connection);const S={client:e,authParams:{client_id:e.id,audience:l,code_challenge_method:a,code_challenge:c,scope:u,state:i,nonce:s,response_type:p},user:w,session_id:n.id},C=p===Pt.CODE?await qf(t,S):await to(t,S);await h.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),device:{...n.device,last_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+Qs*1e3).toISOString():void 0});const B=ve(t,{type:he.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});await t.env.data.logs.create(e.tenant.id,B);const L=new Headers;L.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const Q=Of(e.tenant.id,n.id,t.req.header("host"));return L.set("set-cookie",Q),t.html(Lp(v,JSON.stringify(C)),{headers:L})}const Pb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),redirect_uri:o.z.string(),scope:o.z.string().optional(),state:o.z.string(),prompt:o.z.string().optional(),response_mode:o.z.nativeEnum(Yt).optional(),response_type:o.z.nativeEnum(Pt).optional(),audience:o.z.string().optional(),connection:o.z.string().optional(),nonce:o.z.string().optional(),max_age:o.z.string().optional(),login_ticket:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Zs).optional(),code_challenge:o.z.string().optional(),realm:o.z.string().optional(),auth0Client:o.z.string().optional(),organization:o.z.string().optional(),login_hint:o.z.string().optional(),ui_locales:o.z.string().optional()})},responses:{200:{description:"Silent authentication page"},302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:s,state:a,audience:c,nonce:l,connection:u,response_type:p,response_mode:h,code_challenge:m,code_challenge_method:v,prompt:f,login_ticket:_,realm:w,auth0Client:S,login_hint:C,ui_locales:B,organization:L}=t.req.valid("query");t.set("log","authorize");const Q=await Zo(e,n);t.set("client_id",Q.id),t.set("tenant_id",Q.tenant.id);const ce={redirect_uri:i,scope:s,state:a,client_id:n,vendor_id:r,audience:c,nonce:l,prompt:f,response_type:p,response_mode:h,code_challenge:m,code_challenge_method:v,username:C,ui_locales:B,organization:L},le=t.req.header("origin");if(le&&!jb(le,Q.web_origins||[]))throw new z(403,{message:`Origin ${le} not allowed`});if(ce.redirect_uri&&!Yo(ce.redirect_uri,Q.callbacks||[],{allowPathWildcards:!0}))throw new z(400,{message:`Invalid redirect URI - ${ce.redirect_uri}`});const qe=cs(Q.tenant.id,t.req.header("cookie")),Me=qe?await e.data.sessions.get(Q.tenant.id,qe):void 0;if(f=="none"){if(!p)throw new z(400,{message:"Missing response_type"});return Tb({ctx:t,session:Me||void 0,redirect_uri:i,state:a,response_type:p,client:Q,nonce:l,code_challenge_method:v,code_challenge:m,audience:c,scope:s})}return u&&u!=="email"?pb(t,Q,u,ce):_?Bb(t,Q.tenant.id,_,ce,w):$b({ctx:t,client:Q,auth0Client:S,authParams:ce,session:Me||void 0,connection:u,login_hint:C})});function Rb(t){const e=new o.OpenAPIHono;e.use(async(r,i)=>(r.env.data=no(r,t.dataAdapter),i())),e.use(Tg(e));const n=e.route("/v2/logout",hb).route("/userinfo",gb).route("/.well-known",mb).route("/oauth/token",Sb).route("/dbconnections",Ib).route("/passwordless",zb).route("/co/authenticate",Cb).route("/authorize",Pb).route("/callback",fb);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Bg(n),n}var Lb={Stringify:1,BeforeStream:2,Stream:3},gt=(t,e)=>{const n=new String(t);return n.isEscaped=!0,n.callbacks=e,n},Ub=/[&<>'"]/,Jg=async(t,e)=>{let n="";e||(e=[]);const r=await Promise.all(t);for(let i=r.length-1;n+=r[i],i--,!(i<0);i--){let s=r[i];typeof s=="object"&&e.push(...s.callbacks||[]);const a=s.isEscaped;if(s=await(typeof s=="object"?s.toString():s),typeof s=="object"&&e.push(...s.callbacks||[]),s.isEscaped??a)n+=s;else{const c=[n];Zt(s,c),n=c[0]}}return gt(n,e)},Zt=(t,e)=>{const n=t.search(Ub);if(n===-1){e[0]+=t;return}let r,i,s=0;for(i=n;i<t.length;i++){switch(t.charCodeAt(i)){case 34:r=""";break;case 39:r="'";break;case 38:r="&";break;case 60:r="<";break;case 62:r=">";break;default:continue}e[0]+=t.substring(s,i)+r,s=i+1}e[0]+=t.substring(s,i)},Zg=t=>{const e=t.callbacks;if(!(e!=null&&e.length))return t;const n=[t],r={};return e.forEach(i=>i({phase:Lb.Stringify,buffer:n,context:r})),n[0]},Vb=(t,...e)=>{const n=[""];for(let r=0,i=t.length-1;r<i;r++){n[0]+=t[r];const s=Array.isArray(e[r])?e[r].flat(1/0):[e[r]];for(let a=0,c=s.length;a<c;a++){const l=s[a];if(typeof l=="string")Zt(l,n);else if(typeof l=="number")n[0]+=l;else{if(typeof l=="boolean"||l===null||l===void 0)continue;if(typeof l=="object"&&l.isEscaped)if(l.callbacks)n.unshift("",l);else{const u=l.toString();u instanceof Promise?n.unshift("",u):n[0]+=u}else l instanceof Promise?n.unshift("",l):Zt(l.toString(),n)}}}return n[0]+=t[t.length-1],n.length===1?"callbacks"in n?gt(Zg(gt(n[0],n.callbacks))):gt(n[0]):Jg(n,n.callbacks)},uu=Symbol("RENDERER"),Zc=Symbol("ERROR_HANDLER"),Ae=Symbol("STASH"),Yg=Symbol("INTERNAL"),qb=Symbol("MEMO"),Ks=Symbol("PERMALINK"),Up=t=>(t[Yg]=!0,t),Xg=t=>({value:e,children:n})=>{if(!n)return;const r={children:[{tag:Up(()=>{t.push(e)}),props:{}}]};Array.isArray(n)?r.children.push(...n.flat()):r.children.push(n),r.children.push({tag:Up(()=>{t.pop()}),props:{}});const i={tag:"",props:r,type:""};return i[Zc]=s=>{throw t.pop(),s},i},Qg=t=>{const e=[t],n=Xg(e);return n.values=e,n.Provider=n,ar.push(n),n},ar=[],Mb=t=>{const e=[t],n=r=>{e.push(r.value);let i;try{i=r.children?(Array.isArray(r.children)?new rm("",{},r.children):r.children).toString():""}finally{e.pop()}return i instanceof Promise?i.then(s=>gt(s,s.callbacks)):gt(i)};return n.values=e,n.Provider=n,n[uu]=Xg(e),ar.push(n),n},kr=t=>t.values.at(-1),Ki={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Yc={},Wi="data-precedence",Ai=t=>Array.isArray(t)?t:[t],Vp=new WeakMap,qp=(t,e,n,r)=>({buffer:i,context:s})=>{if(!i)return;const a=Vp.get(s)||{};Vp.set(s,a);const c=a[t]||(a[t]=[]);let l=!1;const u=Ki[t];if(u.length>0){e:for(const[,p]of c)for(const h of u)if(((p==null?void 0:p[h])??null)===(n==null?void 0:n[h])){l=!0;break e}}if(l?i[0]=i[0].replaceAll(e,""):u.length>0?c.push([e,n,r]):c.unshift([e,n,r]),i[0].indexOf("</head>")!==-1){let p;if(r===void 0)p=c.map(([h])=>h);else{const h=[];p=c.map(([m,,v])=>{let f=h.indexOf(v);return f===-1&&(h.push(v),f=h.length-1),[m,f]}).sort((m,v)=>m[1]-v[1]).map(([m])=>m)}p.forEach(h=>{i[0]=i[0].replaceAll(h,"")}),i[0]=i[0].replace(/(?=<\/head>)/,p.join(""))}},Ei=(t,e,n)=>gt(new mt(t,n,Ai(e??[])).toString()),Ii=(t,e,n,r)=>{if("itemProp"in n)return Ei(t,e,n);let{precedence:i,blocking:s,...a}=n;i=r?i??"":void 0,r&&(a[Wi]=i);const c=new mt(t,a,Ai(e||[])).toString();return c instanceof Promise?c.then(l=>gt(c,[...l.callbacks||[],qp(t,l,a,i)])):gt(c,[qp(t,c,a,i)])},Db=({children:t,...e})=>{const n=du();if(n){const r=kr(n);if(r==="svg"||r==="head")return new mt("title",e,Ai(t??[]))}return Ii("title",t,e,!1)},Hb=({children:t,...e})=>{const n=du();return["src","async"].some(r=>!e[r])||n&&kr(n)==="head"?Ei("script",t,e):Ii("script",t,e,!1)},Fb=({children:t,...e})=>["href","precedence"].every(n=>n in e)?(e["data-href"]=e.href,delete e.href,Ii("style",t,e,!0)):Ei("style",t,e),Kb=({children:t,...e})=>["onLoad","onError"].some(n=>n in e)||e.rel==="stylesheet"&&(!("precedence"in e)||"disabled"in e)?Ei("link",t,e):Ii("link",t,e,"precedence"in e),Wb=({children:t,...e})=>{const n=du();return n&&kr(n)==="head"?Ei("meta",t,e):Ii("meta",t,e,!1)},em=(t,{children:e,...n})=>new mt(t,n,Ai(e??[])),Gb=t=>(typeof t.action=="function"&&(t.action=Ks in t.action?t.action[Ks]:void 0),em("form",t)),tm=(t,e)=>(typeof e.formAction=="function"&&(e.formAction=Ks in e.formAction?e.formAction[Ks]:void 0),em(t,e)),Jb=t=>tm("input",t),Zb=t=>tm("button",t);const ma=Object.freeze(Object.defineProperty({__proto__:null,button:Zb,form:Gb,input:Jb,link:Kb,meta:Wb,script:Hb,style:Fb,title:Db},Symbol.toStringTag,{value:"Module"}));var Yb=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Ws=t=>Yb.get(t)||t,nm=(t,e)=>{for(const[n,r]of Object.entries(t)){const i=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,s=>`-${s.toLowerCase()}`);e(i,r==null?null:typeof r=="number"?i.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${r}`:`${r}px`:r)}},ni=void 0,du=()=>ni,Xb=t=>/[A-Z]/.test(t)&&t.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?t.replace(/([A-Z])/g,"-$1").toLowerCase():t,Qb=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],e1=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],pu=(t,e)=>{for(let n=0,r=t.length;n<r;n++){const i=t[n];if(typeof i=="string")Zt(i,e);else{if(typeof i=="boolean"||i===null||i===void 0)continue;i instanceof mt?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?e[0]+=i:i instanceof Promise?e.unshift("",i):pu(i,e)}}},mt=class{constructor(t,e,n){te(this,"tag");te(this,"props");te(this,"key");te(this,"children");te(this,"isEscaped",!0);te(this,"localContexts");this.tag=t,this.props=e,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){var e,n;const t=[""];(e=this.localContexts)==null||e.forEach(([r,i])=>{r.values.push(i)});try{this.toStringToBuffer(t)}finally{(n=this.localContexts)==null||n.forEach(([r])=>{r.values.pop()})}return t.length===1?"callbacks"in t?Zg(gt(t[0],t.callbacks)).toString():t[0]:Jg(t,t.callbacks)}toStringToBuffer(t){const e=this.tag,n=this.props;let{children:r}=this;t[0]+=`<${e}`;const i=ni&&kr(ni)==="svg"?s=>Xb(Ws(s)):s=>Ws(s);for(let[s,a]of Object.entries(n))if(s=i(s),s!=="children"){if(s==="style"&&typeof a=="object"){let c="";nm(a,(l,u)=>{u!=null&&(c+=`${c?";":""}${l}:${u}`)}),t[0]+=' style="',Zt(c,t),t[0]+='"'}else if(typeof a=="string")t[0]+=` ${s}="`,Zt(a,t),t[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)t[0]+=` ${s}="${a}"`;else if(typeof a=="boolean"&&e1.includes(s))a&&(t[0]+=` ${s}=""`);else if(s==="dangerouslySetInnerHTML"){if(r.length>0)throw"Can only set one of `children` or `props.dangerouslySetInnerHTML`.";r=[gt(a.__html)]}else if(a instanceof Promise)t[0]+=` ${s}="`,t.unshift('"',a);else if(typeof a=="function"){if(!s.startsWith("on"))throw`Invalid prop '${s}' of type 'function' supplied to '${e}'.`}else t[0]+=` ${s}="`,Zt(a.toString(),t),t[0]+='"'}if(Qb.includes(e)&&r.length===0){t[0]+="/>";return}t[0]+=">",pu(r,t),t[0]+=`</${e}>`}},_a=class extends mt{toStringToBuffer(t){const{children:e}=this,n=this.tag.call(null,{...this.props,children:e.length<=1?e[0]:e});if(!(typeof n=="boolean"||n==null))if(n instanceof Promise)if(ar.length===0)t.unshift("",n);else{const r=ar.map(i=>[i,i.values.at(-1)]);t.unshift("",n.then(i=>(i instanceof mt&&(i.localContexts=r),i)))}else n instanceof mt?n.toStringToBuffer(t):typeof n=="number"||n.isEscaped?(t[0]+=n,n.callbacks&&(t.callbacks||(t.callbacks=[]),t.callbacks.push(...n.callbacks))):Zt(n,t)}},rm=class extends mt{toStringToBuffer(t){pu(this.children,t)}},t1=(t,e,...n)=>{e??(e={}),n.length&&(e.children=n.length===1?n[0]:n);const r=e.key;delete e.key;const i=Gi(t,e,n);return i.key=r,i},Mp=!1,Gi=(t,e,n)=>{if(!Mp){for(const r in Yc)ma[r][uu]=Yc[r];Mp=!0}return typeof t=="function"?new _a(t,e,n):ma[t]?new _a(ma[t],e,n):t==="svg"||t==="head"?(ni||(ni=Mb("")),new mt(t,e,[new _a(ni,{value:t},n)])):new mt(t,e,n)},fu=({children:t})=>new rm("",{children:t},Array.isArray(t)?t:t?[t]:[]),n1=(t,e,...n)=>t1(t.tag,{...t.props,...e},...n);function y(t,e,n){let r;if(!e||!("children"in e))r=Gi(t,e,[]);else{const i=e.children;r=Array.isArray(i)?Gi(t,e,i):Gi(t,e,[i])}return r.key=n,r}const Dp={name:"sesamy",logoUrl:"https://assets.sesamy.com/static/images/email/sesamy-logo.png",style:{primaryColor:"#7D68F4",buttonTextColor:"#FFFFFF",primaryHoverColor:"#A091F2"},loginBackgroundImage:"",checkoutHideSocial:!1,supportEmail:"support@sesamy.com",supportUrl:"https://support.sesamy.com",siteUrl:"https://sesamy.com",termsAndConditionsUrl:"https://store.sesamy.com/pages/terms-of-service",manageSubscriptionsUrl:"https://account.sesamy.com/manage-subscriptions"};async function hu(t,e,n){if(!n&&!e)return Dp;const r=n||e;try{const i=await fetch(`${t.API_URL}/profile/vendors/${r}/style`);if(!i.ok)throw new Error("Failed to fetch vendor settings");const s=await i.json();return uf.parse(s)}catch(i){return console.error(i),Dp}}async function Ie(t,e){var l;const{env:n}=t,r=await n.data.loginSessions.get(t.var.tenant_id||"",e);if(!r)throw new z(400,{message:"Login session not found"});t.set("loginSession",r);const i=await Zo(n,r.authParams.client_id);t.set("client_id",i.id),t.set("tenant_id",i.tenant.id);const s=await n.data.tenants.get(i.tenant.id);if(!s)throw new z(400,{message:"Tenant not found"});const a=await hu(n,i.id,r.authParams.vendor_id),c=(l=r.authParams.ui_locales)==null?void 0:l.split(" ").map(u=>u.split("-")[0]).find(u=>{if(Array.isArray(P.options.supportedLngs))return P.options.supportedLngs.includes(u)});return await P.changeLanguage(c||s.language||"sv"),{vendorSettings:{...a,termsAndConditionsUrl:i.id==="fokus-app"?"https://www.fokus.se/kopvillkor-app/":a.termsAndConditionsUrl},client:i,tenant:s,loginSession:r}}async function r1(t,e,n,r){if(r!==void 0)return r==="password";const i=await ro({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});if(i){const a=await t.env.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,sort:{sort_by:"date",sort_order:"desc"},q:`type:${he.SUCCESS_LOGIN} user_id:${i.user_id}`}),[c]=a.logs.filter(l=>l.strategy&&["Username-Password-Authentication","passwordless","email"].includes(l.strategy));if(c)return c.strategy==="Username-Password-Authentication"}return(await t.env.data.promptSettings.get(e.tenant.id)).password_first}const i1=({vendorSettings:t})=>t!=null&&t.logoUrl?y("div",{className:"flex h-9 items-center",children:y("img",{src:t.logoUrl,className:"max-h-full",alt:"Vendor logo"})}):y(fu,{}),s1=({vendorSettings:t})=>{const{termsAndConditionsUrl:e}=t;return y("div",{className:"mt-8",children:e&&y("div",{className:"text-xs text-gray-300",children:[P.t("agree_to")," ",y("a",{href:e,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:P.t("terms")})]})})};var im={exports:{}};/*!
|
|
192
|
+
</html>`}async function Tb({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:s,code_challenge_method:a,code_challenge:c,audience:l,scope:u,response_type:p}){const{env:h}=t,m=new URL(r),v=`${m.protocol}//${m.host}`;async function f(ce="Login required"){const le=ve(t,{type:he.FAILED_SILENT_AUTH,description:ce});return await t.env.data.logs.create(e.tenant.id,le),t.html(Lp(v,JSON.stringify({error:"login_required",error_description:ce,state:i})))}if(!n||(n==null?void 0:n.expires_at)&&new Date(n.expires_at)<new Date||(n==null?void 0:n.idle_expires_at)&&new Date(n.idle_expires_at)<new Date)return f();t.set("user_id",n.user_id);const w=await h.data.users.get(e.tenant.id,n.user_id);if(!w)return console.error("User not found",n.user_id),f("User not found");t.set("username",w.email),t.set("connection",w.connection);const S={client:e,authParams:{client_id:e.id,audience:l,code_challenge_method:a,code_challenge:c,scope:u,state:i,nonce:s,response_type:p},user:w,session_id:n.id},C=p===Pt.CODE?await qf(t,S):await to(t,S);await h.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),device:{...n.device,last_ip:t.req.header("x-real-ip")||"",last_user_agent:t.req.header("user-agent")||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+Qs*1e3).toISOString():void 0});const B=ve(t,{type:he.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});await t.env.data.logs.create(e.tenant.id,B);const L=new Headers;L.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const Q=Of(e.tenant.id,n.id,t.req.header("host"));return L.set("set-cookie",Q),t.html(Lp(v,JSON.stringify(C)),{headers:L})}const Pb=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),redirect_uri:o.z.string(),scope:o.z.string().optional(),state:o.z.string(),prompt:o.z.string().optional(),response_mode:o.z.nativeEnum(Yt).optional(),response_type:o.z.nativeEnum(Pt).optional(),audience:o.z.string().optional(),connection:o.z.string().optional(),nonce:o.z.string().optional(),max_age:o.z.string().optional(),login_ticket:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Zs).optional(),code_challenge:o.z.string().optional(),realm:o.z.string().optional(),auth0Client:o.z.string().optional(),organization:o.z.string().optional(),login_hint:o.z.string().optional(),ui_locales:o.z.string().optional()})},responses:{200:{description:"Silent authentication page"},302:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:s,state:a,audience:c,nonce:l,connection:u,response_type:p,response_mode:h,code_challenge:m,code_challenge_method:v,prompt:f,login_ticket:_,realm:w,auth0Client:S,login_hint:C,ui_locales:B,organization:L}=t.req.valid("query");t.set("log","authorize");const Q=await Zo(e,n);t.set("client_id",Q.id),t.set("tenant_id",Q.tenant.id);const ce={redirect_uri:i,scope:s,state:a,client_id:n,vendor_id:r,audience:c,nonce:l,prompt:f,response_type:p,response_mode:h,code_challenge:m,code_challenge_method:v,username:C,ui_locales:B,organization:L},le=t.req.header("origin");if(le&&!jb(le,Q.web_origins||[]))throw new z(403,{message:`Origin ${le} not allowed`});if(ce.redirect_uri&&!Yo(ce.redirect_uri,Q.callbacks||[],{allowPathWildcards:!0}))throw new z(400,{message:`Invalid redirect URI - ${ce.redirect_uri}`});const qe=cs(Q.tenant.id,t.req.header("cookie")),Me=qe?await e.data.sessions.get(Q.tenant.id,qe):void 0;if(f=="none"){if(!p)throw new z(400,{message:"Missing response_type"});return Tb({ctx:t,session:Me||void 0,redirect_uri:i,state:a,response_type:p,client:Q,nonce:l,code_challenge_method:v,code_challenge:m,audience:c,scope:s})}return u&&u!=="email"?pb(t,Q,u,ce):_?Bb(t,Q.tenant.id,_,ce,w):$b({ctx:t,client:Q,auth0Client:S,authParams:ce,session:Me||void 0,connection:u,login_hint:C})});function Rb(t){const e=new o.OpenAPIHono;e.use(async(r,i)=>(r.env.data=no(r,t.dataAdapter),i())),e.use(Tg(e));const n=e.route("/v2/logout",hb).route("/userinfo",gb).route("/.well-known",mb).route("/oauth/token",Sb).route("/dbconnections",Ib).route("/passwordless",zb).route("/co/authenticate",Cb).route("/authorize",Pb).route("/callback",fb);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Bg(n),n}var Lb={Stringify:1,BeforeStream:2,Stream:3},gt=(t,e)=>{const n=new String(t);return n.isEscaped=!0,n.callbacks=e,n},Ub=/[&<>'"]/,Jg=async(t,e)=>{let n="";e||(e=[]);const r=await Promise.all(t);for(let i=r.length-1;n+=r[i],i--,!(i<0);i--){let s=r[i];typeof s=="object"&&e.push(...s.callbacks||[]);const a=s.isEscaped;if(s=await(typeof s=="object"?s.toString():s),typeof s=="object"&&e.push(...s.callbacks||[]),s.isEscaped??a)n+=s;else{const c=[n];Zt(s,c),n=c[0]}}return gt(n,e)},Zt=(t,e)=>{const n=t.search(Ub);if(n===-1){e[0]+=t;return}let r,i,s=0;for(i=n;i<t.length;i++){switch(t.charCodeAt(i)){case 34:r=""";break;case 39:r="'";break;case 38:r="&";break;case 60:r="<";break;case 62:r=">";break;default:continue}e[0]+=t.substring(s,i)+r,s=i+1}e[0]+=t.substring(s,i)},Zg=t=>{const e=t.callbacks;if(!(e!=null&&e.length))return t;const n=[t],r={};return e.forEach(i=>i({phase:Lb.Stringify,buffer:n,context:r})),n[0]},Vb=(t,...e)=>{const n=[""];for(let r=0,i=t.length-1;r<i;r++){n[0]+=t[r];const s=Array.isArray(e[r])?e[r].flat(1/0):[e[r]];for(let a=0,c=s.length;a<c;a++){const l=s[a];if(typeof l=="string")Zt(l,n);else if(typeof l=="number")n[0]+=l;else{if(typeof l=="boolean"||l===null||l===void 0)continue;if(typeof l=="object"&&l.isEscaped)if(l.callbacks)n.unshift("",l);else{const u=l.toString();u instanceof Promise?n.unshift("",u):n[0]+=u}else l instanceof Promise?n.unshift("",l):Zt(l.toString(),n)}}}return n[0]+=t[t.length-1],n.length===1?"callbacks"in n?gt(Zg(gt(n[0],n.callbacks))):gt(n[0]):Jg(n,n.callbacks)},uu=Symbol("RENDERER"),Zc=Symbol("ERROR_HANDLER"),Ae=Symbol("STASH"),Yg=Symbol("INTERNAL"),qb=Symbol("MEMO"),Ks=Symbol("PERMALINK"),Up=t=>(t[Yg]=!0,t),Xg=t=>({value:e,children:n})=>{if(!n)return;const r={children:[{tag:Up(()=>{t.push(e)}),props:{}}]};Array.isArray(n)?r.children.push(...n.flat()):r.children.push(n),r.children.push({tag:Up(()=>{t.pop()}),props:{}});const i={tag:"",props:r,type:""};return i[Zc]=s=>{throw t.pop(),s},i},Qg=t=>{const e=[t],n=Xg(e);return n.values=e,n.Provider=n,ar.push(n),n},ar=[],Mb=t=>{const e=[t],n=r=>{e.push(r.value);let i;try{i=r.children?(Array.isArray(r.children)?new rm("",{},r.children):r.children).toString():""}finally{e.pop()}return i instanceof Promise?i.then(s=>gt(s,s.callbacks)):gt(i)};return n.values=e,n.Provider=n,n[uu]=Xg(e),ar.push(n),n},kr=t=>t.values.at(-1),Ki={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},Yc={},Wi="data-precedence",Ai=t=>Array.isArray(t)?t:[t],Vp=new WeakMap,qp=(t,e,n,r)=>({buffer:i,context:s})=>{if(!i)return;const a=Vp.get(s)||{};Vp.set(s,a);const c=a[t]||(a[t]=[]);let l=!1;const u=Ki[t];if(u.length>0){e:for(const[,p]of c)for(const h of u)if(((p==null?void 0:p[h])??null)===(n==null?void 0:n[h])){l=!0;break e}}if(l?i[0]=i[0].replaceAll(e,""):u.length>0?c.push([e,n,r]):c.unshift([e,n,r]),i[0].indexOf("</head>")!==-1){let p;if(r===void 0)p=c.map(([h])=>h);else{const h=[];p=c.map(([m,,v])=>{let f=h.indexOf(v);return f===-1&&(h.push(v),f=h.length-1),[m,f]}).sort((m,v)=>m[1]-v[1]).map(([m])=>m)}p.forEach(h=>{i[0]=i[0].replaceAll(h,"")}),i[0]=i[0].replace(/(?=<\/head>)/,p.join(""))}},Ei=(t,e,n)=>gt(new mt(t,n,Ai(e??[])).toString()),Ii=(t,e,n,r)=>{if("itemProp"in n)return Ei(t,e,n);let{precedence:i,blocking:s,...a}=n;i=r?i??"":void 0,r&&(a[Wi]=i);const c=new mt(t,a,Ai(e||[])).toString();return c instanceof Promise?c.then(l=>gt(c,[...l.callbacks||[],qp(t,l,a,i)])):gt(c,[qp(t,c,a,i)])},Db=({children:t,...e})=>{const n=du();if(n){const r=kr(n);if(r==="svg"||r==="head")return new mt("title",e,Ai(t??[]))}return Ii("title",t,e,!1)},Hb=({children:t,...e})=>{const n=du();return["src","async"].some(r=>!e[r])||n&&kr(n)==="head"?Ei("script",t,e):Ii("script",t,e,!1)},Fb=({children:t,...e})=>["href","precedence"].every(n=>n in e)?(e["data-href"]=e.href,delete e.href,Ii("style",t,e,!0)):Ei("style",t,e),Kb=({children:t,...e})=>["onLoad","onError"].some(n=>n in e)||e.rel==="stylesheet"&&(!("precedence"in e)||"disabled"in e)?Ei("link",t,e):Ii("link",t,e,"precedence"in e),Wb=({children:t,...e})=>{const n=du();return n&&kr(n)==="head"?Ei("meta",t,e):Ii("meta",t,e,!1)},em=(t,{children:e,...n})=>new mt(t,n,Ai(e??[])),Gb=t=>(typeof t.action=="function"&&(t.action=Ks in t.action?t.action[Ks]:void 0),em("form",t)),tm=(t,e)=>(typeof e.formAction=="function"&&(e.formAction=Ks in e.formAction?e.formAction[Ks]:void 0),em(t,e)),Jb=t=>tm("input",t),Zb=t=>tm("button",t);const ma=Object.freeze(Object.defineProperty({__proto__:null,button:Zb,form:Gb,input:Jb,link:Kb,meta:Wb,script:Hb,style:Fb,title:Db},Symbol.toStringTag,{value:"Module"}));var Yb=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),Ws=t=>Yb.get(t)||t,nm=(t,e)=>{for(const[n,r]of Object.entries(t)){const i=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,s=>`-${s.toLowerCase()}`);e(i,r==null?null:typeof r=="number"?i.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${r}`:`${r}px`:r)}},ni=void 0,du=()=>ni,Xb=t=>/[A-Z]/.test(t)&&t.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?t.replace(/([A-Z])/g,"-$1").toLowerCase():t,Qb=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],e1=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],pu=(t,e)=>{for(let n=0,r=t.length;n<r;n++){const i=t[n];if(typeof i=="string")Zt(i,e);else{if(typeof i=="boolean"||i===null||i===void 0)continue;i instanceof mt?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?e[0]+=i:i instanceof Promise?e.unshift("",i):pu(i,e)}}},mt=class{constructor(t,e,n){te(this,"tag");te(this,"props");te(this,"key");te(this,"children");te(this,"isEscaped",!0);te(this,"localContexts");this.tag=t,this.props=e,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){var e,n;const t=[""];(e=this.localContexts)==null||e.forEach(([r,i])=>{r.values.push(i)});try{this.toStringToBuffer(t)}finally{(n=this.localContexts)==null||n.forEach(([r])=>{r.values.pop()})}return t.length===1?"callbacks"in t?Zg(gt(t[0],t.callbacks)).toString():t[0]:Jg(t,t.callbacks)}toStringToBuffer(t){const e=this.tag,n=this.props;let{children:r}=this;t[0]+=`<${e}`;const i=ni&&kr(ni)==="svg"?s=>Xb(Ws(s)):s=>Ws(s);for(let[s,a]of Object.entries(n))if(s=i(s),s!=="children"){if(s==="style"&&typeof a=="object"){let c="";nm(a,(l,u)=>{u!=null&&(c+=`${c?";":""}${l}:${u}`)}),t[0]+=' style="',Zt(c,t),t[0]+='"'}else if(typeof a=="string")t[0]+=` ${s}="`,Zt(a,t),t[0]+='"';else if(a!=null)if(typeof a=="number"||a.isEscaped)t[0]+=` ${s}="${a}"`;else if(typeof a=="boolean"&&e1.includes(s))a&&(t[0]+=` ${s}=""`);else if(s==="dangerouslySetInnerHTML"){if(r.length>0)throw"Can only set one of `children` or `props.dangerouslySetInnerHTML`.";r=[gt(a.__html)]}else if(a instanceof Promise)t[0]+=` ${s}="`,t.unshift('"',a);else if(typeof a=="function"){if(!s.startsWith("on"))throw`Invalid prop '${s}' of type 'function' supplied to '${e}'.`}else t[0]+=` ${s}="`,Zt(a.toString(),t),t[0]+='"'}if(Qb.includes(e)&&r.length===0){t[0]+="/>";return}t[0]+=">",pu(r,t),t[0]+=`</${e}>`}},_a=class extends mt{toStringToBuffer(t){const{children:e}=this,n=this.tag.call(null,{...this.props,children:e.length<=1?e[0]:e});if(!(typeof n=="boolean"||n==null))if(n instanceof Promise)if(ar.length===0)t.unshift("",n);else{const r=ar.map(i=>[i,i.values.at(-1)]);t.unshift("",n.then(i=>(i instanceof mt&&(i.localContexts=r),i)))}else n instanceof mt?n.toStringToBuffer(t):typeof n=="number"||n.isEscaped?(t[0]+=n,n.callbacks&&(t.callbacks||(t.callbacks=[]),t.callbacks.push(...n.callbacks))):Zt(n,t)}},rm=class extends mt{toStringToBuffer(t){pu(this.children,t)}},t1=(t,e,...n)=>{e??(e={}),n.length&&(e.children=n.length===1?n[0]:n);const r=e.key;delete e.key;const i=Gi(t,e,n);return i.key=r,i},Mp=!1,Gi=(t,e,n)=>{if(!Mp){for(const r in Yc)ma[r][uu]=Yc[r];Mp=!0}return typeof t=="function"?new _a(t,e,n):ma[t]?new _a(ma[t],e,n):t==="svg"||t==="head"?(ni||(ni=Mb("")),new mt(t,e,[new _a(ni,{value:t},n)])):new mt(t,e,n)},fu=({children:t})=>new rm("",{children:t},Array.isArray(t)?t:t?[t]:[]),n1=(t,e,...n)=>t1(t.tag,{...t.props,...e},...n);function y(t,e,n){let r;if(!e||!("children"in e))r=Gi(t,e,[]);else{const i=e.children;r=Array.isArray(i)?Gi(t,e,i):Gi(t,e,[i])}return r.key=n,r}const Dp={name:"sesamy",logoUrl:"https://assets.sesamy.com/static/images/email/sesamy-logo.png",style:{primaryColor:"#7D68F4",buttonTextColor:"#FFFFFF",primaryHoverColor:"#A091F2"},loginBackgroundImage:"",checkoutHideSocial:!1,supportEmail:"support@sesamy.com",supportUrl:"https://support.sesamy.com",siteUrl:"https://sesamy.com",termsAndConditionsUrl:"https://store.sesamy.com/pages/terms-of-service",manageSubscriptionsUrl:"https://account.sesamy.com/manage-subscriptions"};async function hu(t,e,n){if(!n&&!e)return Dp;const r=n||e;try{const i=await fetch(`${t.API_URL}/profile/vendors/${r}/style`);if(!i.ok)throw new Error("Failed to fetch vendor settings");const s=await i.json();return uf.parse(s)}catch(i){return console.error(i),Dp}}async function Ie(t,e,n=!1){var u;const{env:r}=t,i=await r.data.loginSessions.get(t.var.tenant_id||"",e);if(i)i.session_id;else throw new z(400,{message:"Login session not found"});t.set("loginSession",i);const s=await Zo(r,i.authParams.client_id);t.set("client_id",s.id),t.set("tenant_id",s.tenant.id);const a=await r.data.tenants.get(s.tenant.id);if(a){if(i.session_id&&!n)throw new z(400,{message:"Login session closed"})}else throw new z(400,{message:"Tenant not found"});const c=await hu(r,s.id,i.authParams.vendor_id),l=(u=i.authParams.ui_locales)==null?void 0:u.split(" ").map(p=>p.split("-")[0]).find(p=>{if(Array.isArray(P.options.supportedLngs))return P.options.supportedLngs.includes(p)});return await P.changeLanguage(l||a.language||"sv"),{vendorSettings:{...c,termsAndConditionsUrl:s.id==="fokus-app"?"https://www.fokus.se/kopvillkor-app/":c.termsAndConditionsUrl},client:s,tenant:a,loginSession:i}}async function r1(t,e,n,r){if(r!==void 0)return r==="password";const i=await ro({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});if(i){const a=await t.env.data.logs.list(e.tenant.id,{page:0,per_page:10,include_totals:!1,sort:{sort_by:"date",sort_order:"desc"},q:`type:${he.SUCCESS_LOGIN} user_id:${i.user_id}`}),[c]=a.logs.filter(l=>l.strategy&&["Username-Password-Authentication","passwordless","email"].includes(l.strategy));if(c)return c.strategy==="Username-Password-Authentication"}return(await t.env.data.promptSettings.get(e.tenant.id)).password_first}const i1=({vendorSettings:t})=>t!=null&&t.logoUrl?y("div",{className:"flex h-9 items-center",children:y("img",{src:t.logoUrl,className:"max-h-full",alt:"Vendor logo"})}):y(fu,{}),s1=({vendorSettings:t})=>{const{termsAndConditionsUrl:e}=t;return y("div",{className:"mt-8",children:e&&y("div",{className:"text-xs text-gray-300",children:[P.t("agree_to")," ",y("a",{href:e,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:P.t("terms")})]})})};var im={exports:{}};/*!
|
|
193
193
|
Copyright (c) 2018 Jed Watson.
|
|
194
194
|
Licensed under the MIT License (MIT), see
|
|
195
195
|
http://jedwatson.github.io/classnames
|