authhero 4.70.0 → 4.71.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authhero.cjs +3 -2
- package/dist/authhero.mjs +4 -1
- package/dist/stats.html +1 -1
- package/package.json +1 -1
package/dist/authhero.cjs
CHANGED
|
@@ -83,7 +83,7 @@ ${t}`):e.set("log",t)}const bN=r.z.object({grant_type:r.z.literal("refresh_token
|
|
|
83
83
|
In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function DN(e,t){if(e){if(typeof e=="string")return Sb(e,t);var n={}.toString.call(e).slice(8,-1);return n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set"?Array.from(e):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Sb(e,t):void 0}}function Sb(e,t){(t==null||t>e.length)&&(t=e.length);for(var n=0,i=Array(t);n<t;n++)i[n]=e[n];return i}var LN=["MOBILE","PREMIUM_RATE","TOLL_FREE","SHARED_COST","VOIP","PERSONAL_NUMBER","PAGER","UAN","VOICEMAIL"];function t0(e,t,n){if(t=t||{},!(!e.country&&!e.countryCallingCode)){n=new vt(n),n.selectNumberingPlan(e.country,e.countryCallingCode);var i=t.v2?e.nationalNumber:e.phone;if(di(i,n.nationalNumberPattern())){if(Ep(i,"FIXED_LINE",n))return n.type("MOBILE")&&n.type("MOBILE").pattern()===""||!n.type("MOBILE")||Ep(i,"MOBILE",n)?"FIXED_LINE_OR_MOBILE":"FIXED_LINE";for(var o=BN(LN),a;!(a=o()).done;){var s=a.value;if(Ep(i,s,n))return s}}}}function Ep(e,t,n){var i=n.type(t);return!i||!i.pattern()||i.possibleLengths()&&i.possibleLengths().indexOf(e.length)<0?!1:di(e,i.pattern())}function UN(e,t,n){if(t=t||{},n=new vt(n),n.selectNumberingPlan(e.country,e.countryCallingCode),n.hasTypes())return t0(e,t,n.metadata)!==void 0;var i=t.v2?e.nationalNumber:e.phone;return di(i,n.nationalNumberPattern())}function MN(e,t,n){var i=new vt(n),o=i.getCountryCodesForCallingCode(e);return o?o.filter(function(a){return FN(t,a,n)}):[]}function FN(e,t,n){var i=new vt(n);return i.selectNumberingPlan(t),i.numberingPlan.possibleLengths().indexOf(e.length)>=0}var n0=2,qN=17,HN=3,Sn="0-90-9٠-٩۰-۹",VN="-‐-―−ー-",KN="//",WN="..",GN=" ",JN="()()[]\\[\\]",ZN="~⁓∼~",Ad="".concat(VN).concat(KN).concat(WN).concat(GN).concat(JN).concat(ZN),i0="++",YN=new RegExp("(["+Sn+"])");function QN(e,t,n,i){if(t){var o=new vt(i);o.selectNumberingPlan(t,n);var a=new RegExp(o.IDDPrefix());if(e.search(a)===0){e=e.slice(e.match(a)[0].length);var s=e.match(YN);if(!(s&&s[1]!=null&&s[1].length>0&&s[1]==="0"))return e}}}function XN(e,t){if(e&&t.numberingPlan.nationalPrefixForParsing()){var n=new RegExp("^(?:"+t.numberingPlan.nationalPrefixForParsing()+")"),i=n.exec(e);if(i){var o,a,s=i.length-1,l=s>0&&i[s];if(t.nationalPrefixTransformRule()&&l)o=e.replace(n,t.nationalPrefixTransformRule()),s>1&&(a=i[1]);else{var c=i[0];o=e.slice(c.length),l&&(a=i[1])}var d;if(l){var u=e.indexOf(i[1]),p=e.slice(0,u);p===t.numberingPlan.nationalPrefix()&&(d=t.numberingPlan.nationalPrefix())}else d=i[0];return{nationalNumber:o,nationalPrefix:d,carrierCode:a}}}return{nationalNumber:e}}function eP(e,t){var n=typeof Symbol<"u"&&e[Symbol.iterator]||e["@@iterator"];if(n)return(n=n.call(e)).next.bind(n);if(Array.isArray(e)||(n=tP(e))||t){n&&(e=n);var i=0;return function(){return i>=e.length?{done:!0}:{done:!1,value:e[i++]}}}throw new TypeError(`Invalid attempt to iterate non-iterable instance.
|
|
84
84
|
In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function tP(e,t){if(e){if(typeof e=="string")return $b(e,t);var n={}.toString.call(e).slice(8,-1);return n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set"?Array.from(e):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?$b(e,t):void 0}}function $b(e,t){(t==null||t>e.length)&&(t=e.length);for(var n=0,i=Array(t);n<t;n++)i[n]=e[n];return i}function nP(e,t){var n=t.countries,i=t.metadata;i=new vt(i);for(var o=eP(n),a;!(a=o()).done;){var s=a.value;if(i.selectNumberingPlan(s),i.leadingDigits()){if(e&&e.search(i.leadingDigits())===0)return s}else if(t0({phone:e,country:s},void 0,i.metadata))return s}}function B4(e,t){var n=t.nationalNumber,i=t.metadata,o=i.getCountryCodesForCallingCode(e);if(o)return o.length===1?o[0]:nP(n,{countries:o,metadata:i.metadata})}function dm(e,t,n){var i=XN(e,n),o=i.carrierCode,a=i.nationalNumber;if(a!==e){if(!iP(e,a,n))return{nationalNumber:e};if(n.numberingPlan.possibleLengths()&&(t||(t=B4(n.numberingPlan.callingCode(),{nationalNumber:a,metadata:n})),!oP(a,t,n)))return{nationalNumber:e}}return{nationalNumber:a,carrierCode:o}}function iP(e,t,n){return!(di(e,n.nationalNumberPattern())&&!di(t,n.nationalNumberPattern()))}function oP(e,t,n){switch(e0(e,t,n)){case"TOO_SHORT":case"INVALID_LENGTH":return!1;default:return!0}}function rP(e,t,n,i,o){var a=n?Xg(n,o):i;if(e.indexOf(a)===0){o=new vt(o),o.selectNumberingPlan(n,a);var s=e.slice(a.length),l=dm(s,t,o),c=l.nationalNumber,d=dm(e,t,o),u=d.nationalNumber;if(!di(u,o.nationalNumberPattern())&&di(c,o.nationalNumberPattern())||e0(u,t,o)==="TOO_LONG")return{countryCallingCode:a,number:s}}return{number:e}}function D4(e,t,n,i,o){if(!e)return{};var a;if(e[0]!=="+"){var s=QN(e,n,i,o);if(s&&s!==e)a=!0,e="+"+s;else{if(n||i){var l=rP(e,t,n,i,o),c=l.countryCallingCode,d=l.number;if(c)return{countryCallingCodeSource:"FROM_NUMBER_WITHOUT_PLUS_SIGN",countryCallingCode:c,number:d}}return{number:e}}}if(e[1]==="0")return{};o=new vt(o);for(var u=2;u-1<=HN&&u<=e.length;){var p=e.slice(1,u);if(o.hasCallingCode(p))return o.selectNumberingPlan(p),{countryCallingCodeSource:a?"FROM_NUMBER_WITH_IDD":"FROM_NUMBER_WITH_PLUS_SIGN",countryCallingCode:p,number:e.slice(u)};u++}return{}}function aP(e){return e.replace(new RegExp("[".concat(Ad,"]+"),"g")," ").trim()}var sP=/(\$\d)/;function lP(e,t,n){var i=n.useInternationalFormat,o=n.withNationalPrefix,a=e.replace(new RegExp(t.pattern()),i?t.internationalFormat():o&&t.nationalPrefixFormattingRule()?t.format().replace(sP,t.nationalPrefixFormattingRule()):t.format());return i?aP(a):a}var cP=/^[\d]+(?:[~\u2053\u223C\uFF5E][\d]+)?$/;function dP(e,t,n){var i=new vt(n);if(i.selectNumberingPlan(e,t),i.defaultIDDPrefix())return i.defaultIDDPrefix();if(cP.test(i.IDDPrefix()))return i.IDDPrefix()}var uP=";ext=",nr=function(t){return"([".concat(Sn,"]{1,").concat(t,"})")};function L4(e){var t="20",n="15",i="9",o="6",a="[ \\t,]*",s="[:\\..]?[ \\t,-]*",l="#?",c="(?:e?xt(?:ensi(?:ó?|ó))?n?|e?xtn?|доб|anexo)",d="(?:[xx##~~]|int|int)",u="[- ]+",p="[ \\t]*",f="(?:,{2}|;)",h=uP+nr(t),m=a+c+s+nr(t)+l,g=a+d+s+nr(i)+l,A=u+nr(o)+"#",y=p+f+s+nr(n)+l,_=p+"(?:,)+"+s+nr(i)+l;return h+"|"+m+"|"+g+"|"+A+"|"+y+"|"+_}var pP="["+Sn+"]{"+n0+"}",fP="["+i0+"]{0,1}(?:["+Ad+"]*["+Sn+"]){3,}["+Ad+Sn+"]*",hP=new RegExp("^["+i0+"]{0,1}(?:["+Ad+"]*["+Sn+"]){1,2}$","i"),mP=fP+"(?:"+L4()+")?",gP=new RegExp("^"+pP+"$|^"+mP+"$","i");function yP(e){return e.length>=n0&&gP.test(e)}function _P(e){return hP.test(e)}function bP(e){var t=e.number,n=e.ext;if(!t)return"";if(t[0]!=="+")throw new Error('"formatRFC3966()" expects "number" to be in E.164 format.');return"tel:".concat(t).concat(n?";ext="+n:"")}var Eb={formatExtension:function(t,n,i){return"".concat(t).concat(i.ext()).concat(n)}};function vP(e,t,n,i){if(n?n=kP({},Eb,n):n=Eb,i=new vt(i),e.country&&e.country!=="001"){if(!i.hasCountry(e.country))throw new Error("Unknown country: ".concat(e.country));i.selectNumberingPlan(e.country)}else if(e.countryCallingCode)i.selectNumberingPlan(e.countryCallingCode);else return e.phone||"";var o=i.countryCallingCode(),a=n.v2?e.nationalNumber:e.phone,s;switch(t){case"NATIONAL":return a?(s=kd(a,e.carrierCode,"NATIONAL",i,n),zp(s,e.ext,i,n.formatExtension)):"";case"INTERNATIONAL":return a?(s=kd(a,null,"INTERNATIONAL",i,n),s="+".concat(o," ").concat(s),zp(s,e.ext,i,n.formatExtension)):"+".concat(o);case"E.164":return"+".concat(o).concat(a);case"RFC3966":return bP({number:"+".concat(o).concat(a),ext:e.ext});case"IDD":if(!n.fromCountry)return;var l=AP(a,e.carrierCode,o,n.fromCountry,i);return l?zp(l,e.ext,i,n.formatExtension):void 0;default:throw new Error('Unknown "format" argument passed to "formatNumber()": "'.concat(t,'"'))}}function kd(e,t,n,i,o){var a=wP(i.formats(),e);return a?lP(e,a,{useInternationalFormat:n==="INTERNATIONAL",withNationalPrefix:!(a.nationalPrefixIsOptionalWhenFormattingInNationalFormat()&&o&&o.nationalPrefix===!1)}):e}function wP(e,t){return xP(e,function(n){if(n.leadingDigitsPatterns().length>0){var i=n.leadingDigitsPatterns()[n.leadingDigitsPatterns().length-1];if(t.search(i)!==0)return!1}return di(t,n.pattern())})}function zp(e,t,n,i){return t?i(e,t,n):e}function AP(e,t,n,i,o){var a=Xg(i,o.metadata);if(a===n){var s=kd(e,t,"NATIONAL",o);return n==="1"?n+" "+s:s}var l=dP(i,void 0,o.metadata);if(l)return"".concat(l," ").concat(n," ").concat(kd(e,null,"INTERNATIONAL",o))}function kP(){for(var e=1,t=arguments.length,n=new Array(t),i=0;i<t;i++)n[i]=arguments[i];for(;e<n.length;){if(n[e])for(var o in n[e])n[0][o]=n[e][o];e++}return n[0]}function xP(e,t){for(var n=0;n<e.length;){if(t(e[n]))return e[n];n++}}function Is(e){"@babel/helpers - typeof";return Is=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},Is(e)}function zb(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable})),n.push.apply(n,i)}return n}function Cb(e){for(var t=1;t<arguments.length;t++){var n=arguments[t]!=null?arguments[t]:{};t%2?zb(Object(n),!0).forEach(function(i){SP(e,i,n[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):zb(Object(n)).forEach(function(i){Object.defineProperty(e,i,Object.getOwnPropertyDescriptor(n,i))})}return e}function SP(e,t,n){return(t=U4(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function $P(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function EP(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,U4(i.key),i)}}function zP(e,t,n){return t&&EP(e.prototype,t),Object.defineProperty(e,"prototype",{writable:!1}),e}function U4(e){var t=CP(e,"string");return Is(t)=="symbol"?t:t+""}function CP(e,t){if(Is(e)!="object"||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var i=n.call(e,t);if(Is(i)!="object")return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(e)}var TP=(function(){function e(t,n,i){if($P(this,e),!t)throw new TypeError("First argument is required");if(typeof t!="string")throw new TypeError("First argument must be a string");if(t[0]==="+"&&!n)throw new TypeError("`metadata` argument not passed");if(Er(n)&&Er(n.countries)){i=n;var o=t;if(!PP.test(o))throw new Error('Invalid `number` argument passed: must consist of a "+" followed by digits');var a=D4(o,void 0,void 0,void 0,i),s=a.countryCallingCode,l=a.number;if(n=l,t=s,!n)throw new Error("Invalid `number` argument passed: too short")}if(!n)throw new TypeError("`nationalNumber` argument is required");if(typeof n!="string")throw new TypeError("`nationalNumber` argument must be a string");j4(i);var c=NP(t,i),d=c.country,u=c.countryCallingCode;this.country=d,this.countryCallingCode=u,this.nationalNumber=n,this.number="+"+this.countryCallingCode+this.nationalNumber,this.getMetadata=function(){return i}}return zP(e,[{key:"setExt",value:function(n){this.ext=n}},{key:"getPossibleCountries",value:function(){return this.country?[this.country]:MN(this.countryCallingCode,this.nationalNumber,this.getMetadata())}},{key:"isPossible",value:function(){return RN(this,{v2:!0},this.getMetadata())}},{key:"isValid",value:function(){return UN(this,{v2:!0},this.getMetadata())}},{key:"isNonGeographic",value:function(){var n=new vt(this.getMetadata());return n.isNonGeographicCallingCode(this.countryCallingCode)}},{key:"isEqual",value:function(n){return this.number===n.number&&this.ext===n.ext}},{key:"getType",value:function(){return t0(this,{v2:!0},this.getMetadata())}},{key:"format",value:function(n,i){return vP(this,n,i?Cb(Cb({},i),{},{v2:!0}):{v2:!0},this.getMetadata())}},{key:"formatNational",value:function(n){return this.format("NATIONAL",n)}},{key:"formatInternational",value:function(n){return this.format("INTERNATIONAL",n)}},{key:"getURI",value:function(n){return this.format("RFC3966",n)}}])})(),IP=function(t){return/^[A-Z]{2}$/.test(t)};function NP(e,t){var n,i,o=new vt(t);return IP(e)?(n=e,o.selectNumberingPlan(n),i=o.countryCallingCode()):i=e,{country:n,countryCallingCode:i}}var PP=/^\+\d+$/;function um(e){"@babel/helpers - typeof";return um=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},um(e)}function jP(e,t,n){return Object.defineProperty(e,"prototype",{writable:!1}),e}function OP(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function RP(e,t,n){return t=Ps(t),BP(e,o0()?Reflect.construct(t,n||[],Ps(e).constructor):t.apply(e,n))}function BP(e,t){if(t&&(um(t)=="object"||typeof t=="function"))return t;if(t!==void 0)throw new TypeError("Derived constructors may only return object or undefined");return DP(e)}function DP(e){if(e===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return e}function LP(e,t){if(typeof t!="function"&&t!==null)throw new TypeError("Super expression must either be null or a function");e.prototype=Object.create(t&&t.prototype,{constructor:{value:e,writable:!0,configurable:!0}}),Object.defineProperty(e,"prototype",{writable:!1}),t&&Ns(e,t)}function pm(e){var t=typeof Map=="function"?new Map:void 0;return pm=function(i){if(i===null||!MP(i))return i;if(typeof i!="function")throw new TypeError("Super expression must either be null or a function");if(t!==void 0){if(t.has(i))return t.get(i);t.set(i,o)}function o(){return UP(i,arguments,Ps(this).constructor)}return o.prototype=Object.create(i.prototype,{constructor:{value:o,enumerable:!1,writable:!0,configurable:!0}}),Ns(o,i)},pm(e)}function UP(e,t,n){if(o0())return Reflect.construct.apply(null,arguments);var i=[null];i.push.apply(i,t);var o=new(e.bind.apply(e,i));return n&&Ns(o,n.prototype),o}function o0(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch{}return(o0=function(){return!!e})()}function MP(e){try{return Function.toString.call(e).indexOf("[native code]")!==-1}catch{return typeof e=="function"}}function Ns(e,t){return Ns=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(n,i){return n.__proto__=i,n},Ns(e,t)}function Ps(e){return Ps=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(t){return t.__proto__||Object.getPrototypeOf(t)},Ps(e)}var ei=(function(e){function t(n){var i;return OP(this,t),i=RP(this,t,[n]),Object.setPrototypeOf(i,t.prototype),i.name=i.constructor.name,i}return LP(t,e),jP(t)})(pm(Error)),Tb=new RegExp("(?:"+L4()+")$","i");function FP(e){var t=e.search(Tb);if(t<0)return{};for(var n=e.slice(0,t),i=e.match(Tb),o=1;o<i.length;){if(i[o])return{number:n,ext:i[o]};o++}}var qP={0:"0",1:"1",2:"2",3:"3",4:"4",5:"5",6:"6",7:"7",8:"8",9:"9","0":"0","1":"1","2":"2","3":"3","4":"4","5":"5","6":"6","7":"7","8":"8","9":"9","٠":"0","١":"1","٢":"2","٣":"3","٤":"4","٥":"5","٦":"6","٧":"7","٨":"8","٩":"9","۰":"0","۱":"1","۲":"2","۳":"3","۴":"4","۵":"5","۶":"6","۷":"7","۸":"8","۹":"9"};function HP(e){return qP[e]}function VP(e,t){var n=typeof Symbol<"u"&&e[Symbol.iterator]||e["@@iterator"];if(n)return(n=n.call(e)).next.bind(n);if(Array.isArray(e)||(n=KP(e))||t){n&&(e=n);var i=0;return function(){return i>=e.length?{done:!0}:{done:!1,value:e[i++]}}}throw new TypeError(`Invalid attempt to iterate non-iterable instance.
|
|
85
85
|
In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function KP(e,t){if(e){if(typeof e=="string")return Ib(e,t);var n={}.toString.call(e).slice(8,-1);return n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set"?Array.from(e):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Ib(e,t):void 0}}function Ib(e,t){(t==null||t>e.length)&&(t=e.length);for(var n=0,i=Array(t);n<t;n++)i[n]=e[n];return i}function Nb(e){for(var t="",n=VP(e.split("")),i;!(i=n()).done;){var o=i.value;t+=WP(o,t)||""}return t}function WP(e,t,n){return e==="+"?t?void 0:"+":HP(e)}var M4="+",GP="[\\-\\.\\(\\)]?",Pb="(["+Sn+"]|"+GP+")",JP="^\\"+M4+Pb+"*["+Sn+"]"+Pb+"*$",ZP=new RegExp(JP,"g"),fm=Sn,YP="["+fm+"]+((\\-)*["+fm+"])*",QP="a-zA-Z",XP="["+QP+"]+((\\-)*["+fm+"])*",e7="^("+YP+"\\.)*"+XP+"\\.?$",t7=new RegExp(e7,"g"),jb="tel:",hm=";phone-context=",n7=";isub=";function i7(e){var t=e.indexOf(hm);if(t<0)return null;var n=t+hm.length;if(n>=e.length)return"";var i=e.indexOf(";",n);return i>=0?e.substring(n,i):e.substring(n)}function o7(e){return e===null?!0:e.length===0?!1:ZP.test(e)||t7.test(e)}function r7(e,t){var n=t.extractFormattedPhoneNumber,i=i7(e);if(!o7(i))throw new ei("NOT_A_NUMBER");var o;if(i===null)o=n(e)||"";else{o="",i.charAt(0)===M4&&(o+=i);var a=e.indexOf(jb),s;a>=0?s=a+jb.length:s=0;var l=e.indexOf(hm);o+=e.substring(s,l)}var c=o.indexOf(n7);if(c>0&&(o=o.substring(0,c)),o!=="")return o}var a7=250,s7=new RegExp("["+i0+Sn+"]"),l7=new RegExp("[^"+Sn+"#]+$");function c7(e,t,n){if(t=t||{},n=new vt(n),t.defaultCountry&&!n.hasCountry(t.defaultCountry))throw t.v2?new ei("INVALID_COUNTRY"):new Error("Unknown country: ".concat(t.defaultCountry));var i=u7(e,t.v2,t.extract),o=i.number,a=i.ext,s=i.error;if(!o){if(t.v2)throw s==="TOO_SHORT"?new ei("TOO_SHORT"):new ei("NOT_A_NUMBER");return{}}var l=f7(o,t.defaultCountry,t.defaultCallingCode,n),c=l.country,d=l.nationalNumber,u=l.countryCallingCode,p=l.countryCallingCodeSource,f=l.carrierCode;if(!n.hasSelectedNumberingPlan()){if(t.v2)throw new ei("INVALID_COUNTRY");return{}}if(!d||d.length<n0){if(t.v2)throw new ei("TOO_SHORT");return{}}if(d.length>qN){if(t.v2)throw new ei("TOO_LONG");return{}}if(t.v2){var h=new TP(u,d,n.metadata);return c&&(h.country=c),f&&(h.carrierCode=f),a&&(h.ext=a),h.__countryCallingCodeSource=p,h}var m=(t.extended?n.hasSelectedNumberingPlan():c)?di(d,n.nationalNumberPattern()):!1;return t.extended?{country:c,countryCallingCode:u,carrierCode:f,valid:m,possible:m?!0:!!(t.extended===!0&&n.possibleLengths()&&R4(d,c,n)),phone:d,ext:a}:m?p7(c,d,a):{}}function d7(e,t,n){if(e){if(e.length>a7){if(n)throw new ei("TOO_LONG");return}if(t===!1)return e;var i=e.search(s7);if(!(i<0))return e.slice(i).replace(l7,"")}}function u7(e,t,n){var i=r7(e,{extractFormattedPhoneNumber:function(s){return d7(s,n,t)}});if(!i)return{};if(!yP(i))return _P(i)?{error:"TOO_SHORT"}:{};var o=FP(i);return o.ext?o:{number:i}}function p7(e,t,n){var i={country:e,phone:t};return n&&(i.ext=n),i}function f7(e,t,n,i){var o=D4(Nb(e),void 0,t,n,i.metadata),a=o.countryCallingCodeSource,s=o.countryCallingCode,l=o.number,c;if(s)i.selectNumberingPlan(s);else if(l&&(t||n))i.selectNumberingPlan(t,n),t&&(c=t),s=n||Xg(t,i.metadata);else return{};if(!l)return{countryCallingCodeSource:a,countryCallingCode:s};var d=dm(Nb(l),c,i),u=d.nationalNumber,p=d.carrierCode,f=B4(s,{nationalNumber:u,metadata:i});return f&&(c=f,f==="001"||i.selectNumberingPlan(c)),{country:c,countryCallingCode:s,countryCallingCodeSource:a,nationalNumber:u,carrierCode:p}}function js(e){"@babel/helpers - typeof";return js=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},js(e)}function Ob(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable})),n.push.apply(n,i)}return n}function Rb(e){for(var t=1;t<arguments.length;t++){var n=arguments[t]!=null?arguments[t]:{};t%2?Ob(Object(n),!0).forEach(function(i){h7(e,i,n[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):Ob(Object(n)).forEach(function(i){Object.defineProperty(e,i,Object.getOwnPropertyDescriptor(n,i))})}return e}function h7(e,t,n){return(t=m7(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function m7(e){var t=g7(e,"string");return js(t)=="symbol"?t:t+""}function g7(e,t){if(js(e)!="object"||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var i=n.call(e,t);if(js(i)!="object")return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return(t==="string"?String:Number)(e)}function y7(e,t,n){return c7(e,Rb(Rb({},t),{},{v2:!0}),n)}function Os(e){"@babel/helpers - typeof";return Os=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},Os(e)}function Bb(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable})),n.push.apply(n,i)}return n}function _7(e){for(var t=1;t<arguments.length;t++){var n=arguments[t]!=null?arguments[t]:{};t%2?Bb(Object(n),!0).forEach(function(i){b7(e,i,n[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):Bb(Object(n)).forEach(function(i){Object.defineProperty(e,i,Object.getOwnPropertyDescriptor(n,i))})}return e}function b7(e,t,n){return(t=v7(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function v7(e){var t=w7(e,"string");return Os(t)=="symbol"?t:t+""}function w7(e,t){if(Os(e)!="object"||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var i=n.call(e,t);if(Os(i)!="object")return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return(t==="string"?String:Number)(e)}function A7(e,t){return $7(e)||S7(e,t)||x7(e,t)||k7()}function k7(){throw new TypeError(`Invalid attempt to destructure non-iterable instance.
|
|
86
|
-
In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function x7(e,t){if(e){if(typeof e=="string")return Db(e,t);var n={}.toString.call(e).slice(8,-1);return n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set"?Array.from(e):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Db(e,t):void 0}}function Db(e,t){(t==null||t>e.length)&&(t=e.length);for(var n=0,i=Array(t);n<t;n++)i[n]=e[n];return i}function S7(e,t){var n=e==null?null:typeof Symbol<"u"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var i,o,a,s,l=[],c=!0,d=!1;try{if(a=(n=n.call(e)).next,t!==0)for(;!(c=(i=a.call(n)).done)&&(l.push(i.value),l.length!==t);c=!0);}catch(u){d=!0,o=u}finally{try{if(!c&&n.return!=null&&(s=n.return(),Object(s)!==s))return}finally{if(d)throw o}}return l}}function $7(e){if(Array.isArray(e))return e}function E7(e){var t=Array.prototype.slice.call(e),n=A7(t,4),i=n[0],o=n[1],a=n[2],s=n[3],l,c,d;if(typeof i=="string")l=i;else throw new TypeError("A text for parsing must be a string.");if(!o||typeof o=="string")s?(c=a,d=s):(c=void 0,d=a),o&&(c=_7({defaultCountry:o},c));else if(Er(o))a?(c=o,d=a):d=o;else throw new Error("Invalid second argument: ".concat(o));return{text:l,options:c,metadata:d}}function Rs(e){"@babel/helpers - typeof";return Rs=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},Rs(e)}function Lb(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable})),n.push.apply(n,i)}return n}function Ub(e){for(var t=1;t<arguments.length;t++){var n=arguments[t]!=null?arguments[t]:{};t%2?Lb(Object(n),!0).forEach(function(i){z7(e,i,n[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):Lb(Object(n)).forEach(function(i){Object.defineProperty(e,i,Object.getOwnPropertyDescriptor(n,i))})}return e}function z7(e,t,n){return(t=C7(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function C7(e){var t=T7(e,"string");return Rs(t)=="symbol"?t:t+""}function T7(e,t){if(Rs(e)!="object"||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var i=n.call(e,t);if(Rs(i)!="object")return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return(t==="string"?String:Number)(e)}function I7(e,t,n){t&&t.defaultCountry&&!jN(t.defaultCountry,n)&&(t=Ub(Ub({},t),{},{defaultCountry:void 0}));try{return y7(e,t,n)}catch(i){if(!(i instanceof ei))throw i}}function N7(){var e=E7(arguments),t=e.text,n=e.options,i=e.metadata;return I7(t,n,i)}function P7(){return AN(N7,arguments)}function Wo(e,t="US"){const n=e.trim();if(n.includes("@")){const i=n.toLowerCase(),o=/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(i);return{connectionType:"email",normalized:o?i:null,isValid:o,provider:"email"}}else if(/^\+?\d[\d\s\-().]*$/.test(n)){const i=P7(n,{defaultCountry:t});return i&&i.isValid()?{connectionType:"sms",normalized:i.number,isValid:!0,provider:"sms"}:{connectionType:"sms",normalized:null,isValid:!1,provider:"sms"}}else return{connectionType:"username",normalized:n,isValid:!0,provider:Oe}}function r0(e){let t=e.trim();t.startsWith("[")&&t.endsWith("]")&&(t=t.slice(1,-1));const n=t.indexOf("%");return n!==-1&&(t=t.slice(0,n)),t}function j7(e){const n=r0(e).split(".");return n.length!==4?!1:n.every(i=>/^\d+$/.test(i)&&Number(i)>=0&&Number(i)<=255)}function O7(e){const t=r0(e);if(t.length<2||t.indexOf(":")===-1||!/^[0-9a-fA-F:.]+$/.test(t))return!1;const n=t.split(":");return t.includes("::")?n.length<=8:n.length===8}function R7(e){let t=e.trim();const n=/^\[([^\]]+)\](?::\d+)?$/,i=t.match(n);if(i&&i[1])return i[1];const o=t.lastIndexOf(":");if(o!==-1){const a=t.slice(0,o),s=t.slice(o+1);/^[0-9.]+$/.test(a)&&/^\d+$/.test(s)&&(t=a)}return t}function Mb(e){if(!e)return null;const t=r0(R7(e));return j7(t)?{family:4,normalized:t}:O7(t)?{family:6,normalized:t.toLowerCase()}:null}function Fb(e){if(e.includes("::")){let[t,n]=e.split("::"),i=t?t.split(":").filter(Boolean):[],o=n?n.split(":").filter(Boolean):[],a=8-(i.length+o.length);return[...i.map(s=>s.toLowerCase()||"0"),...Array(a).fill("0"),...o.map(s=>s.toLowerCase()||"0")]}else return e.split(":").map(t=>t.toLowerCase()||"0")}function B7(e,t,n=!0){const i=Mb(e),o=Mb(t);if(!i||!o||i.family!==o.family)return!1;if(i.family===4)return i.normalized===o.normalized;const a=Fb(i.normalized),s=Fb(o.normalized);return n?a.length===8&&s.length===8&&a.join(":")===s.join(":"):a.slice(0,4).join(":")===s.slice(0,4).join(":")}class _n extends Error{location;status;constructor(t,n=302){super(`Redirect to ${t}`),this.name=_n.name,this.location=t,this.status=n}}const D7=r.z.object({client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),otp:r.z.string(),authParams:ls.optional(),enforceIpCheck:r.z.boolean().optional().default(!1)});async function F4(e,{client_id:t,username:n,otp:i,authParams:o,enforceIpCheck:a=!1}){const s=e.get("ip"),l=e.get("countryCode"),{connectionType:c,normalized:d}=Wo(n,l);if(!d)throw new X(400,{message:"Invalid username format"});e.set("connection",c);const u=await He(e.env,t,e.var.tenant_id),{env:p}=e,f=await p.data.codes.get(u.tenant.id,i,"otp");if(!f)throw new X(400,{message:me("code_invalid"),userSafe:!0});if(f.expires_at<new Date().toISOString())throw new X(400,{message:me("code_expired"),userSafe:!0});if(f.used_at)throw new X(400,{message:me("code_used"),userSafe:!0});const h=await p.data.loginSessions.get(u.tenant.id,f.login_id);if(!h||h.authParams.username!==n)throw new X(400,{message:"Code not found or expired",userSafe:!0});if(a&&h.ip&&s&&!B7(h.ip,s))throw new _n(`${Et(e.env)}invalid-session?state=${h.id}`);const m=await jd(e,{client:u,username:d,provider:c,connection:c,isSocial:!1,ip:e.var.ip});return await p.data.codes.used(u.tenant.id,i),{user:m,client:u,loginSession:h,connectionType:c,authConnection:c,session_id:h.session_id,authParams:{...h.authParams,...o||{}}}}async function hl(e,t){const n=await F4(e,t);return at(e,{authParams:n.authParams,client:n.client,user:n.user,loginSession:n.loginSession,authConnection:n.connectionType,authStrategy:{strategy:n.connectionType==="sms"?V.SMS:V.EMAIL,strategy_type:Zt.PASSWORDLESS}})}const qb=r.z.object({client_id:r.z.string().optional(),client_secret:r.z.string().optional()}),Hb=r.z.union([P4.extend(qb.shape),r.z.object({grant_type:r.z.literal("authorization_code"),client_id:r.z.string(),code:r.z.string(),redirect_uri:r.z.string(),code_verifier:r.z.string().min(43).max(128),organization:r.z.string().optional()}),r.z.object({grant_type:r.z.literal("authorization_code"),code:r.z.string(),redirect_uri:r.z.string().optional(),organization:r.z.string().optional(),...qb.shape}),r.z.object({grant_type:r.z.literal("refresh_token"),client_id:r.z.string().optional(),refresh_token:r.z.string(),redirect_uri:r.z.string().optional(),client_secret:r.z.string().optional()}),r.z.object({grant_type:r.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:r.z.string(),username:r.z.string(),otp:r.z.string(),realm:r.z.enum(["email","sms"])})]);function L7(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()==="basic"&&n){const[i,o]=atob(n).split(":");return{client_id:i,client_secret:o}}return{}}const U7=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Hb},"application/json":{schema:Hb}}}},responses:{200:{content:{"application/json":{schema:Um}},description:"Tokens"},302:{description:"Redirect for further user interaction (e.g., MFA, consent).",headers:r.z.object({Location:r.z.string().url()}).openapi({})},400:{description:"Bad Request - The request was malformed or invalid.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},401:{description:"Unauthorized - Client authentication failed.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},403:{description:"Forbidden - User is not a member of the required organization.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}}}}),async e=>{const n=(e.req.header("Content-Type")||"").includes("application/json")?e.req.valid("json"):e.req.valid("form"),i=L7(e.req.header("Authorization")),o={...n,...i};if(!o.client_id)throw new T(400,{message:"client_id is required"});e.set("client_id",o.client_id);let a;switch(n.grant_type){case hn.AuthorizationCode:a=await _N(e,yN.parse(o));break;case hn.ClientCredential:a=await gN(e,P4.parse(o));break;case hn.RefreshToken:a=await vN(e,bN.parse(o));break;case hn.OTP:a=await F4(e,D7.parse(o));break;default:return e.json({error:"unsupported_grant_type",error_description:"Grant type not implemented"},400)}Qt(e,a.client.tenant.id);const s=new Headers;a.session_id&&pd(a.client.tenant.id,a.session_id,e.var.host||"").forEach(u=>{s.append("Set-Cookie",u)});let l=[];if(a.authParams.audience)try{let d;if(n.grant_type===hn.ClientCredential)d=await zs(e,{grantType:hn.ClientCredential,tenantId:a.client.tenant.id,clientId:a.client.client_id,audience:a.authParams.audience,requestedScopes:a.authParams.scope?.split(" ")||[],organizationId:a.organization?.id});else{if(!a.user?.user_id)throw new X(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});d=await zs(e,{grantType:n.grant_type,tenantId:a.client.tenant.id,userId:a.user.user_id,clientId:a.client.client_id,audience:a.authParams.audience,requestedScopes:a.authParams.scope?.split(" ")||[],organizationId:a.organization?.id})}a.authParams.scope=d.scopes.join(" "),l=d.permissions}catch(d){if(d instanceof T)throw d;console.error("Error calculating scopes and permissions:",d)}const c=await Ru(e,{...a,grantType:n.grant_type,permissions:l.length>0?l:void 0});return e.json(c,{headers:s})});async function ml(e,t){const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new T(500,{message:"Email provider not found"});const i=e.env.emailProviders?.[n.name];if(!i)throw new T(500,{message:"Email provider not found"});await i({emailProvider:n,...t,from:n.default_from_address||`login@${e.env.ISSUER}`})}async function q4(e,t){if(!e.var.client_id)throw new T(500,{message:"Client not found"});const n=await He(e.env,e.var.client_id),i=n.connections.find(s=>s.strategy===V.SMS);if(!i)throw new T(500,{message:"SMS provider not found"});const o=i.options?.provider||"twilio",a=e.env.smsProviders?.[o];if(!a)throw new T(500,{message:"SMS provider not found"});await a({options:i.options,to:t.to,from:t.from,text:t.text,template:"auth-code",data:{code:t.code,tenantName:n.tenant.friendly_name,tenantId:n.tenant.id}})}async function H4(e,t,n,i,o){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});const s=`${Et(e.env)}reset-password?state=${i}&code=${n}`,l=await e.env.data.branding.get(e.var.tenant_id),c=l?.logo_url||"",d=l?.colors?.primary||"#7d68f4",u={vendorName:a.friendly_name,lng:"en"};await ml(e,{to:t,subject:me("reset_password_title",u),html:`Click here to reset your password: ${Et(e.env)}reset-password?state=${i}&code=${n}`,template:"auth-password-reset",data:{vendorName:a.friendly_name,logo:c,passwordResetUrl:s,supportUrl:a.support_url||"https://support.sesamy.com",buttonColor:d,passwordResetTitle:me("password_reset_title",u),resetPasswordEmailClickToReset:me("reset_password_email_click_to_reset",u),resetPasswordEmailReset:me("reset_password_email_reset",u),supportInfo:me("support_info",u),contactUs:me("contact_us",u),copyright:me("copyright",u),tenantName:a.friendly_name,tenantId:a.id}}),ae(e,a.id,{type:oe.SUCCESS_CHANGE_PASSWORD_REQUEST,description:t})}async function gl(e,{to:t,code:n,language:i}){const o=await e.env.data.tenants.get(e.var.tenant_id);if(!o)throw new T(500,{message:"Tenant not found"});const{connectionType:a}=Wo(t),s=await e.env.data.branding.get(e.var.tenant_id),l=s?.logo_url||"",c=s?.colors?.primary||"#7d68f4",d=new URL(Et(e.env)),u={vendorName:o.friendly_name,vendorId:o.id,loginDomain:d.hostname,code:n,lng:i||"en"};a==="email"?await ml(e,{to:t,subject:me("code_email_subject",u),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:o.friendly_name,logo:l,supportUrl:o.support_url||"",buttonColor:c,welcomeToYourAccount:me("welcome_to_your_account",u),linkEmailClickToLogin:me("link_email_click_to_login",u),linkEmailLogin:me("link_email_login",u),linkEmailOrEnterCode:me("link_email_or_enter_code",u),codeValid30Mins:me("code_valid_30_minutes",u),supportInfo:me("support_info",u),contactUs:me("contact_us",u),copyright:me("copyright",u)}}):a==="sms"&&await q4(e,{to:t,text:me("sms_code_text",u),code:n,from:o.friendly_name}),ae(e,o.id,{type:oe.CODE_LINK_SENT,description:t})}async function yl(e,{to:t,code:n,authParams:i,language:o}){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});if(!i.redirect_uri)throw new T(400,{message:"redirect_uri is required"});const{connectionType:s}=Wo(t),l=await e.env.data.branding.get(e.var.tenant_id),c=l?.logo_url||"",d=l?.colors?.primary||"",u=new URL(Le(e.env));u.pathname="passwordless/verify_redirect",u.searchParams.set("verification_code",n),u.searchParams.set("connection",s),u.searchParams.set("client_id",i.client_id),u.searchParams.set("redirect_uri",i.redirect_uri),u.searchParams.set("email",t),i.response_type&&u.searchParams.set("response_type",i.response_type),i.scope&&u.searchParams.set("scope",i.scope),i.state&&u.searchParams.set("state",i.state),i.nonce&&u.searchParams.set("nonce",i.nonce),i.code_challenge&&u.searchParams.set("code_challenge",i.code_challenge),i.code_challenge_method&&u.searchParams.set("code_challenge_method",i.code_challenge_method),i.audience&&u.searchParams.set("audience",i.audience);const p={vendorName:a.friendly_name,code:n,lng:o||"en"};if(s==="email")await ml(e,{to:t,subject:me("code_email_subject",p),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:a.friendly_name,logo:c,supportUrl:a.support_url||"",magicLink:u.toString(),buttonColor:d,welcomeToYourAccount:me("welcome_to_your_account",p),linkEmailClickToLogin:me("link_email_click_to_login",p),linkEmailLogin:me("link_email_login",p),linkEmailOrEnterCode:me("link_email_or_enter_code",p),codeValid30Mins:me("code_valid_30_minutes",p),supportInfo:me("support_info",p),contactUs:me("contact_us",p),copyright:me("copyright",p)}});else if(s==="sms")await q4(e,{to:t,text:`${me("link_sms_login",p)}: ${u.toString()}`,code:n,from:a.friendly_name});else throw new T(400,{message:"Only email and SMS connections are supported for magic links"});ae(e,a.id,{type:oe.CODE_LINK_SENT,description:t})}async function Vu(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new T(500,{message:"Tenant not found"});if(!t.email)throw new T(400,{message:"User has no email"});const o=await e.env.data.branding.get(e.var.tenant_id),a=o?.logo_url||"",s=o?.colors?.primary||"#7d68f4",l={vendorName:i.friendly_name,lng:n||"en"};await ml(e,{to:t.email,subject:me("welcome_to_your_account",l),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-verify-email",data:{vendorName:i.friendly_name,logo:a,emailValidationUrl:`${Et(e.env)}validate-email`,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:s,welcomeToYourAccount:me("welcome_to_your_account",l),verifyEmailVerify:me("verify_email_verify",l),supportInfo:me("support_info",l),contactUs:me("contact_us",l),copyright:me("copyright",l)}})}async function M7(e,t,n,i,o){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});const s=await e.env.data.branding.get(e.var.tenant_id),l=s?.logo_url||"",c=s?.colors?.primary||"#7d68f4",d={vendorName:a.friendly_name,lng:"en"},u=`${Et(e.env)}signup?state=${i}&code=${n}`;await ml(e,{to:t,subject:me("register_password_account",d),html:`Click here to register: ${u}`,template:"auth-pre-signup-verification",data:{vendorName:a.friendly_name,logo:l,signupUrl:u,setPassword:me("set_password",d),registerPasswordAccount:me("register_password_account",d),clickToSignUpDescription:me("click_to_sign_up_description",d),supportUrl:a.support_url||"https://support.sesamy.com",buttonColor:c,welcomeToYourAccount:me("welcome_to_your_account",d),verifyEmailVerify:me("verify_email_verify",d),supportInfo:me("support_info",d),contactUs:me("contact_us",d),copyright:me("copyright",d)}})}const F7=new r.OpenAPIHono().openapi(r.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:r.z.object({client_id:r.z.string(),connection:r.z.literal(V.USERNAME_PASSWORD),email:r.z.string().transform(e=>e.toLowerCase()),password:r.z.string()})}}}},responses:{200:{content:{"application/json":{schema:r.z.object({_id:r.z.string(),email:r.z.string().optional(),email_verified:r.z.boolean(),app_metadata:r.z.object({}),user_metadata:r.z.object({})})}},description:"Created user"}}}),async e=>{const{email:t,password:n,client_id:i}=e.req.valid("json"),o=await He(e.env,i);e.set("client_id",o.client_id),Qt(e,o.tenant.id);const s=o.connections.find(f=>f.strategy===V.USERNAME_PASSWORD)?.name||V.USERNAME_PASSWORD,l=await Fs(e.env.data,o.tenant.id,s);try{await Ms(l,{tenantId:o.tenant.id,userId:"",newPassword:n,data:e.env.data})}catch(f){throw new T(400,{message:f?.message||"Password does not meet the requirements"})}if(await xn({userAdapter:e.env.data.users,tenant_id:o.tenant.id,username:t,provider:Oe}))throw new T(400,{message:"Invalid sign up"});const{hash:d,algorithm:u}=await fs(n),p=await e.env.data.users.create(o.tenant.id,{user_id:`${Oe}|${Uo()}`,email:t,email_verified:!1,provider:Oe,connection:V.USERNAME_PASSWORD,is_social:!1,password:{hash:d,algorithm:u}});e.set("user_id",p.user_id),e.set("username",p.email),e.set("connection",p.connection);try{await Vu(e,p)}catch(f){console.error("Failed to send verification email:",f)}return ae(e,o.tenant.id,{type:oe.SUCCESS_SIGNUP,description:"Successful signup"}),e.json({_id:p.user_id,email:p.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(r.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:r.z.object({client_id:r.z.string(),connection:r.z.literal(V.USERNAME_PASSWORD),email:r.z.string().transform(e=>e.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async e=>{const{email:t,client_id:n}=e.req.valid("json"),i=await He(e.env,n);if(e.set("client_id",i.client_id),Qt(e,i.tenant.id),!await Ui({userAdapter:e.env.data.users,tenant_id:i.tenant.id,username:t,provider:Oe}))return e.html("If an account with that email exists, we've sent instructions to reset your password.");const a={client_id:n,username:t},s=await e.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:a,csrf_token:Be(),ip:e.get("ip"),useragent:e.get("useragent"),auth0Client:ci(e.get("auth0_client"))});return await H4(e,t,s.id,s.authParams.state),e.html("If an account with that email exists, we've sent instructions to reset your password.")});function qt(){const e=new Uint8Array(6);crypto.getRandomValues(e);let t="";for(let n=0;n<6;n+=1)t+=(e[n]%10).toString();return t}const q7=new r.OpenAPIHono().openapi(r.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:r.z.union([r.z.object({connection:r.z.literal("email"),client_id:r.z.string(),email:r.z.string().transform(e=>e.toLowerCase()),send:r.z.enum(["link","code"]),authParams:ls.omit({client_id:!0})}),r.z.object({client_id:r.z.string(),connection:r.z.literal("sms"),phone_number:r.z.string(),send:r.z.enum(["link","code"]),authParams:ls.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async e=>{const t=e.req.valid("json"),{env:n}=e,{client_id:i,send:o,authParams:a,connection:s}=t,l=await He(e.env,i);e.set("client_id",l.client_id),Qt(e,l.tenant.id);const c=s==="email"?t.email:t.phone_number,d=e.get("ip"),u=e.get("useragent"),p=e.get("auth0_client"),f=ci(p),h=await n.data.loginSessions.create(l.tenant.id,{authParams:{...a,client_id:i,username:c},expires_at:new Date(Date.now()+Sr).toISOString(),csrf_token:Be(),ip:d,useragent:u,auth0Client:f}),m=await n.data.codes.create(l.tenant.id,{code_id:qt(),code_type:"otp",login_id:h.id,expires_at:new Date(Date.now()+Sr).toISOString(),redirect_uri:a.redirect_uri}),g=a?.ui_locales?.split(" ")?.map(A=>A.split("-")[0])[0];return o==="link"?await yl(e,{to:c,code:m.code_id,authParams:{...a,client_id:i},language:g}):await gl(e,{to:c,code:m.code_id,language:g}),e.html("OK")}).openapi(r.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:r.z.object({scope:r.z.string(),response_type:r.z.nativeEnum(lt),redirect_uri:r.z.string(),state:r.z.string(),nonce:r.z.string().optional(),verification_code:r.z.string(),connection:r.z.string(),client_id:r.z.string(),email:r.z.string().transform(e=>e.toLowerCase()),audience:r.z.string().optional()})},responses:{302:{description:"Successful verification, redirecting to continue flow.",headers:r.z.object({Location:r.z.string().url()}).openapi({})},400:{description:"Bad Request (e.g., invalid client, invalid code, missing parameters).",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},500:{description:"Internal Server Error.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}}}}),async e=>{const{env:t}=e,{client_id:n,email:i,verification_code:o,redirect_uri:a,state:s,scope:l,audience:c,response_type:d,nonce:u}=e.req.valid("query"),p=await He(t,n);e.set("client_id",p.client_id),Qt(e,p.tenant.id),e.set("connection","email");const f={client_id:n,redirect_uri:a,state:s,nonce:u,scope:l,audience:c,response_type:d};let h="Something went wrong. Please try again later.";try{const w=await hl(e,{client_id:n,username:i,otp:o,authParams:f,enforceIpCheck:!0});if(w instanceof Response)return w;if(w&&typeof w=="object"&&"access_token"in w)return e.json(w)}catch(w){const k=w;"message"in k&&typeof k.message=="string"&&(h=k.message)}const m=e.get("ip"),g=e.get("useragent"),A=e.get("auth0_client"),y=ci(A),_=await t.data.loginSessions.create(p.tenant.id,{authParams:{...f,username:i},expires_at:new Date(Date.now()+Sr).toISOString(),csrf_token:Be(),ip:m,useragent:g,auth0Client:y});return e.redirect(`${Et(e.env)}invalid-session?state=${_.id}&error=${encodeURIComponent(h)}`,302)});class dr extends T{_code;constructor(t,n){super(t,n),this._code=n?.code}get code(){return this._code}}async function H7(e,t,n){const i=n.app_metadata||{},o=i.failed_logins||[],a=Date.now(),s=[...o.filter(l=>a-l<1e3*60*5),a];i.failed_logins=s,await e.users.update(t,n.user_id,{app_metadata:i})}function V7(e){const n=(e.app_metadata||{}).failed_logins||[],i=Date.now();return n.filter(o=>i-o<1e3*60*5)}async function V4(e,t,n,i){const{data:o}=e.env,{username:a}=n;if(e.set("username",a),!a)throw new X(400,{message:"Username is required"});const s=await Ui({userAdapter:e.env.data.users,tenant_id:t.tenant.id,username:a,provider:Oe});if(!s)throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new dr(403,{message:"User not found",code:"USER_NOT_FOUND"});const l=s.linked_to?await o.users.get(t.tenant.id,s.linked_to):s;if(!l)throw new dr(403,{message:"User not found",code:"USER_NOT_FOUND"});if(e.set("connection",s.connection),e.set("user_id",l.user_id),V7(l).length>=3)throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN,description:"Too many failed login attempts"}),new dr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});const d=await o.passwords.get(t.tenant.id,s.user_id);if(!(d&&await Xr.compare(n.password,d.password)))throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),H7(o,t.tenant.id,l),new dr(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(!s.email_verified&&t.client_metadata?.email_validation==="enforced"){const f=i?.authParams?.ui_locales?.split(" ")?.map(h=>h.split("-")[0])[0];throw await Vu(e,s,f),ae(e,t.tenant.id,{type:oe.FAILED_LOGIN,description:"Email not verified"}),i&&await l9(e,t.tenant.id,i,"Email not verified"),new dr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const p=l.app_metadata||{};return p.failed_logins&&p.failed_logins.length>0&&(p.failed_logins=[],o.users.update(t.tenant.id,l.user_id,{app_metadata:p})),{client:t,authParams:n,user:l,loginSession:i}}async function _l(e,t,n,i,o){const a=await V4(e,t,n,i);return at(e,{...a,ticketAuth:o,authConnection:e.get("connection")||V.USERNAME_PASSWORD,authStrategy:{strategy:V.USERNAME_PASSWORD,strategy_type:Zt.DATABASE}})}async function K7(e,t,n,i){await jd(e,{client:t,username:n,provider:Oe,connection:V.USERNAME_PASSWORD,isSocial:!1,ip:e.var.ip});let o=qt(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");for(;a;)o=qt(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");const s=e.get("ip"),l=e.get("useragent"),c=e.get("auth0_client"),d=ci(c),u=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+iT).toISOString(),authParams:{client_id:t.client_id,username:n},csrf_token:Be(),ip:s,useragent:l,auth0Client:d}),p=await e.env.data.codes.create(t.tenant.id,{code_id:o,code_type:"password_reset",login_id:u.id,expires_at:new Date(Date.now()+nT).toISOString()});await H4(e,n,p.code_id,i)}const W7=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:r.z.union([r.z.object({credential_type:r.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:r.z.string(),client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),realm:r.z.enum([V.EMAIL]),scope:r.z.string().optional()}),r.z.object({credential_type:r.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),password:r.z.string(),realm:r.z.enum([V.USERNAME_PASSWORD]),scope:r.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async e=>{const t=e.req.valid("json"),{client_id:n,username:i}=t;e.set("username",i);const o=await He(e.env,n);e.set("client_id",n),Qt(e,o.tenant.id);const a=i.toLocaleLowerCase(),s=e.get("ip"),l=e.get("useragent"),c=e.get("auth0_client");let d;if("otp"in t)d=await hl(e,{client_id:n,username:a,otp:t.otp});else if("password"in t){const u=await e.env.data.loginSessions.create(o.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:{client_id:n,username:a},csrf_token:Be(),ip:s,useragent:l,auth0Client:ci(c)});d=await _l(e,o,{username:a,password:t.password,client_id:n},u,!0)}else throw new T(400,{message:"Code or password required"});return d});function K4(e,t){if(!e||t.length===0)return!1;const n=Cp(e)?.host??null;if(!n)return!1;for(const i of t){let o;if(i.startsWith("http://")||i.startsWith("https://")?o=Cp(i)?.host??null:o=Cp("https://"+i)?.host??null,n===o)return!0}return!1}function Cp(e){try{return new URL(e)}catch{return null}}function G7(e,t){if(!e||t===void 0)return!1;const n=new Date(e.authenticated_at).getTime(),i=t*1e3;return Date.now()-n>i}async function J7({ctx:e,session:t,client:n,authParams:i,connection:o,login_hint:a}){const s=new URL(e.req.url);e.var.custom_domain&&(s.hostname=e.var.custom_domain);const{ip:l,auth0_client:c,useragent:d}=e.var,u=ci(c);G7(t,i.max_age)&&(t=void 0);const p=await e.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:i,csrf_token:Be(),authorization_url:s.toString(),ip:l,useragent:d,auth0Client:u}),f=n.client_metadata?.universal_login_version==="2"?"/u2":"/u";if(t&&a){const h=await e.env.data.users.get(n.tenant.id,t.user_id);if(h?.email===a)return at(e,{client:n,loginSession:p,authParams:i,user:h,existingSessionIdToLink:t.id})}if(o===V.EMAIL&&a){const h=qt();return await e.env.data.codes.create(n.tenant.id,{code_id:h,code_type:"otp",login_id:p.id,expires_at:new Date(Date.now()+No*1e3).toISOString(),redirect_uri:i.redirect_uri}),await yl(e,{code:h,to:a,authParams:i}),e.redirect(`${f}/login/email-otp-challenge?state=${p.id}`)}if(t)return e.redirect(`${f}/check-account?state=${p.id}`);if(f==="/u2"){const h=await e.env.data.promptSettings.get(n.tenant.id),m=ho.parse(h||{}),g=n.connections.some(A=>A.strategy===V.USERNAME_PASSWORD);if(m.identifier_first===!1&&g)return e.redirect(`${f}/login?state=${p.id}`)}return e.redirect(`${f}/login/identifier?state=${p.id}`)}function Z7(e){if(e===V.USERNAME_PASSWORD)return Oe;if(e===V.EMAIL)return V.EMAIL;throw new X(403,{message:"Invalid realm"})}async function Y7(e,t,n,i,o){const{env:a}=e;e.set("connection",o);const s=await a.data.codes.get(t,n,"ticket");if(!s||s.used_at)throw new X(403,{message:"Ticket not found"});const l=await a.data.loginSessions.get(t,s.login_id);if(!l||!l.authParams.username)throw new X(403,{message:"Session not found"});const c=await He(a,l.authParams.client_id,t);e.set("client_id",l.authParams.client_id),await a.data.codes.used(t,n);const d=Z7(o),p=c.connections.find(m=>m.name===o)?.strategy||(d===Oe?V.USERNAME_PASSWORD:V.EMAIL),f=p===V.USERNAME_PASSWORD?Zt.DATABASE:Zt.PASSWORDLESS;let h=await jd(e,{username:l.authParams.username,provider:d,client:c,connection:o,isSocial:!1,ip:e.var.ip});return e.set("username",h.email||h.phone_number),e.set("user_id",h.user_id),at(e,{authParams:{scope:l.authParams?.scope,...i},loginSession:l,user:h,client:c,authConnection:o,authStrategy:{strategy:p,strategy_type:f}})}async function Q7({ctx:e,client:t,session:n,redirect_uri:i,state:o,nonce:a,code_challenge_method:s,code_challenge:l,audience:c,scope:d,response_type:u,response_mode:p,organization:f,max_age:h}){const{env:m}=e,g=new URL(i),A=`${g.protocol}//${g.host}`,y=p===vn.WEB_MESSAGE;async function _(ue="Login required"){const $e=new Headers;if(n&&(ae(e,t.tenant.id,{type:oe.FAILED_SILENT_AUTH,description:ue}),Z3(t.tenant.id,e.req.header("host")).forEach(Vi=>{$e.append("set-cookie",Vi)})),y)return Xh(e,A,JSON.stringify({error:"login_required",error_description:ue,state:o}),$e);const q=new URL(i);if(u===lt.TOKEN||u===lt.TOKEN_ID_TOKEN){const Qe=new URLSearchParams;Qe.set("error","login_required"),Qe.set("error_description",ue),o&&Qe.set("state",o),q.hash=Qe.toString()}else q.searchParams.set("error","login_required"),q.searchParams.set("error_description",ue),o&&q.searchParams.set("state",o);const Tt={Location:q.toString()},pe=$e.get("set-cookie");return pe&&(Tt["set-cookie"]=pe),new Response(null,{status:302,headers:Tt})}const w=!n||n?.expires_at&&new Date(n.expires_at)<new Date||n?.idle_expires_at&&new Date(n.idle_expires_at)<new Date,k=n&&h!==void 0&&Date.now()-new Date(n.authenticated_at).getTime()>h*1e3;if(w||k)return _();e.set("user_id",n.user_id);const b=await m.data.users.get(t.tenant.id,n.user_id);if(!b)return console.error("User not found",n.user_id),_("User not found");e.set("username",b.email),e.set("connection",b.connection);let S;if(f&&(S=await m.data.organizations.get(t.tenant.id,f),!S))return _("Organization not found");const E=c||t.tenant.audience;let C=d||"",I=[];if(E)try{const ue=await zs(e,{tenantId:t.tenant.id,clientId:t.client_id,audience:E,requestedScopes:d?.split(" ")||[],organizationId:S?.id,userId:b.user_id});C=ue.scopes.join(" "),I=ue.permissions}catch(ue){if(ue?.statusCode===403||ue?.status===403){const $e=ue?.body?.error_description||ue?.message||"Access denied";return _($e)}throw ue}else if(S&&!(await m.data.userOrganizations.list(t.tenant.id,{q:`user_id:${b.user_id}`,per_page:1e3})).userOrganizations.some(q=>q.organization_id===S.id))return _("User is not a member of the specified organization");const N=await m.data.loginSessions.create(t.tenant.id,{csrf_token:Be(),authParams:{client_id:t.client_id,audience:c,scope:d,state:o,nonce:a,response_type:u,redirect_uri:i,organization:f,max_age:h},expires_at:new Date(Date.now()+300*1e3).toISOString(),session_id:n.id,ip:e.var.ip,useragent:e.var.useragent}),z=h!==void 0?Math.floor(new Date(n.authenticated_at).getTime()/1e3):void 0,P={client:t,authParams:{client_id:t.client_id,audience:c,code_challenge_method:s,code_challenge:l,scope:C,state:o,nonce:a,response_type:u,redirect_uri:i,max_age:h},user:b,session_id:n.id,auth_time:z,permissions:I,organization:S},j=u===lt.CODE?await z4(e,{user:b,client:t,authParams:P.authParams,login_id:N.id}):await Ru(e,P),U=n.idle_expires_at?new Date(Date.now()+Iu*1e3).toISOString():void 0;await m.data.sessions.update(t.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),login_session_id:N.id,device:{...n.device,last_ip:e.var.ip||"",last_user_agent:e.var.useragent||""},idle_expires_at:U}),U&&await m.data.loginSessions.update(t.tenant.id,N.id,{expires_at:U}),ae(e,t.tenant.id,{type:oe.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});const B=new Headers;if(pd(t.tenant.id,n.id,e.req.header("host")).forEach(ue=>{B.append("set-cookie",ue)}),y)return Xh(e,A,JSON.stringify({...j,state:o}),B);const te=new URL(i);if(u===lt.TOKEN||u===lt.TOKEN_ID_TOKEN){const ue=new URLSearchParams;Object.entries(j).forEach(([$e,q])=>{q!==void 0&&ue.set($e,String(q))}),o&&ue.set("state",o),te.hash=ue.toString()}else Object.entries(j).forEach(([ue,$e])=>{$e!==void 0&&te.searchParams.set(ue,String($e))}),o&&te.searchParams.set("state",o);const he={Location:te.toString()},Se=B.get("set-cookie");return Se&&(he["set-cookie"]=Se),new Response(null,{status:302,headers:he})}const X7=[V.EMAIL,V.SMS,V.USERNAME_PASSWORD],Vb=r.z.object({client_id:r.z.string().optional(),vendor_id:r.z.string().optional(),redirect_uri:r.z.string().optional(),scope:r.z.string().optional(),state:r.z.string().optional(),prompt:r.z.string().optional(),response_mode:r.z.nativeEnum(vn).optional(),response_type:r.z.nativeEnum(lt).optional(),audience:r.z.string().optional(),connection:r.z.string().optional(),nonce:r.z.string().optional(),max_age:r.z.string().optional(),acr_values:r.z.string().optional(),login_ticket:r.z.string().optional(),code_challenge_method:r.z.nativeEnum(Nd).optional(),code_challenge:r.z.string().optional(),realm:r.z.string().optional(),auth0Client:r.z.string().optional(),organization:r.z.string().optional(),login_hint:r.z.string().optional(),screen_hint:r.z.string().optional(),ui_locales:r.z.string().optional()});function ej(e){try{const t=e.split(".");if(t.length<2||!t[1])return null;const n=new TextDecoder().decode(Ci.decode(t[1],{strict:!1})),i=JSON.parse(n);return typeof i!="object"||i===null?null:i}catch{return null}}const tj=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:Vb.extend({client_id:r.z.string(),screen_hint:r.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),request:r.z.string().openapi({description:"JWT containing authorization request parameters (OpenID Connect Core Section 6.1)"}).optional()}).passthrough()},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:r.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:Um}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:r.z.object({Location:r.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}}}}),async e=>{const{env:t}=e,n=e.req.valid("query");let i={};if(n.request){const B=ej(n.request);if(B){const K=Vb.safeParse(B);K.success&&(i=K.data)}}const{client_id:o,vendor_id:a,redirect_uri:s,scope:l,state:c,audience:d,nonce:u,connection:p,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:g,prompt:A,max_age:y,acr_values:_,login_ticket:w,realm:k,login_hint:b,ui_locales:S,organization:E}={...i,...n};e.set("log","authorize");const C=await He(t,o);e.set("client_id",C.client_id),Qt(e,C.tenant.id);let I=s;typeof s=="string"&&(I=s.split("#")[0]);const N=e.req.header("origin");if(N&&!K4(N,C.web_origins||[]))throw new T(403,{message:`Origin ${N} not allowed`});if(!f){if(I){const B=new URL(I);return B.searchParams.set("error","invalid_request"),B.searchParams.set("error_description","Missing required parameter: response_type"),c&&B.searchParams.set("state",c),e.redirect(B.toString())}throw new T(400,{message:"Missing required parameter: response_type"})}const z={redirect_uri:I,scope:l,state:c,client_id:o,vendor_id:a,audience:d,nonce:u,prompt:A,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:g,username:b,ui_locales:S,organization:E,max_age:y?parseInt(y,10):void 0,acr_values:_};if(z.redirect_uri){const B=C.callbacks||[];if(e.var.host&&(B.push(`${qo(e.env)}/*`),B.push(`${Et(e.env)}/*`)),!Qg(z.redirect_uri,B,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new T(400,{message:`Invalid redirect URI - ${z.redirect_uri}`})}let P;const j=rT(C.tenant.id,e.req.header("cookie"));for(const B of j){const K=await t.data.sessions.get(C.tenant.id,B);if(K&&!K.revoked_at){P=K;break}}if(A=="none"){if(!I||!c||!f)throw new T(400,{message:"Missing required parameters for silent auth: redirect_uri, state, and response_type"});return Q7({ctx:e,session:P||void 0,redirect_uri:I,state:c,response_type:f,response_mode:h,client:C,nonce:u,code_challenge_method:g,code_challenge:m,audience:d,scope:l,organization:E,max_age:y?parseInt(y,10):void 0})}if(C.connections.length===1&&C.connections[0]&&!X7.includes(C.connections[0].strategy||""))return gb(e,C,C.connections[0].name,z);if(p&&p!==V.EMAIL)return gb(e,C,p,z);if(w){const B=await Y7(e,C.tenant.id,w,z,k);return B instanceof Response?B:e.json(B)}const U=await J7({ctx:e,client:C,authParams:z,session:P||void 0,connection:p,login_hint:b});return U instanceof Response?U:e.json(U)}),nj=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:r.z.object({client_id:r.z.string(),redirect_url:r.z.string().optional(),login_hint:r.z.string().toLowerCase().optional(),screen_hint:r.z.enum(["account","change-email","change-phone","change-password"]).optional().default("account")})},responses:{302:{description:"Redirect to the account page with login session state or login page",headers:r.z.object({Location:r.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}}}}),async e=>{const{env:t}=e,{client_id:n,redirect_url:i,login_hint:o,screen_hint:a}=e.req.valid("query");e.set("log","account");const s=await He(t,n);e.set("client_id",s.client_id),Qt(e,s.tenant.id);const l={redirect_uri:i||e.req.url,client_id:n,username:o},c=e.req.header("origin");if(c&&!K4(c,s.web_origins||[]))throw new T(403,{message:`Origin ${c} not allowed`});if(l.redirect_uri){const _=s.callbacks||[];if(e.var.host&&(_.push(`${qo(e.env)}/*`),_.push(`${Et(e.env)}/*`)),!Qg(l.redirect_uri,_,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new T(400,{message:`Invalid redirect URI - ${l.redirect_uri}`})}const d=Po(s.tenant.id,e.req.header("cookie")),u=d?await t.data.sessions.get(s.tenant.id,d):void 0,p=u&&!u.revoked_at?u:void 0,f=new URL(e.req.url);e.var.custom_domain&&(f.hostname=e.var.custom_domain);const{ip:h,auth0_client:m,useragent:g}=e.var,A=ci(m),y=await t.data.loginSessions.create(s.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:l,csrf_token:Be(),authorization_url:f.toString(),ip:h,useragent:g,auth0Client:A});if(p){if(o&&(await t.data.users.get(s.tenant.id,p.user_id))?.email!==o)return e.redirect(`${Et(e.env)}login/identifier?state=${encodeURIComponent(y.id)}`);if(await t.data.loginSessions.update(s.tenant.id,y.id,{session_id:p.id}),a==="change-email"){const w=new URL("/u/account/change-email",e.req.url);return w.searchParams.set("state",y.id),e.redirect(w.toString())}const _=new URL("/u/account",e.req.url);return _.searchParams.set("state",y.id),e.redirect(_.toString())}return e.redirect(`${Et(e.env)}login/identifier?state=${encodeURIComponent(y.id)}`)});function ij(e){const t=new r.OpenAPIHono;t.use(async(i,o)=>{const a=ul(i,e.dataAdapter),s=e.dataAdapter.cache||ha({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),l=e.dataAdapter.cache?300:0,c=fl(a,{defaultTtl:l,cacheEntities:["tenants","connections","clientConnections","customDomains","clients","branding","themes","promptSettings","forms","resourceServers","roles","organizations","userRoles","userPermissions","hooks"],cache:s});return i.env.data=pl(i,c),o()}),t.use("/oauth/token",N4({origin:i=>i||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),t.use(fa).use(pa).use(Tu(t));const n=t.route("/v2/logout",uN).route("/userinfo",hN).route("/.well-known",mN).route("/oauth/token",U7).route("/dbconnections",F7).route("/passwordless",q7).route("/co/authenticate",W7).route("/authorize",tj).route("/account",nj).route("/callback",cN);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Bg(n),n}var a0=Symbol("RENDERER"),mm=Symbol("ERROR_HANDLER"),Ve=Symbol("STASH"),W4=Symbol("INTERNAL"),oj=Symbol("MEMO"),xd=Symbol("PERMALINK"),Kb=e=>(e[W4]=!0,e),G4=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:Kb(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:Kb(()=>{e.pop()}),props:{}});const o={tag:"",props:i,type:""};return o[mm]=a=>{throw e.pop(),a},o},J4=e=>{const t=[e],n=G4(t);return n.values=t,n.Provider=n,Wr.push(n),n},Wr=[],Z4=e=>{const t=[e],n=(i=>{t.push(i.value);let o;try{o=i.children?(Array.isArray(i.children)?new nx("",{},i.children):i.children).toString():""}catch(a){throw t.pop(),a}return o instanceof Promise?o.finally(()=>t.pop()).then(a=>Oi(a,a.callbacks)):(t.pop(),Oi(o))});return n.values=t,n.Provider=n,n[a0]=G4(t),Wr.push(n),n},ma=e=>e.values.at(-1),Sd={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},gm={},io="data-precedence",Y4=e=>e.rel==="stylesheet"&&"precedence"in e,Q4=(e,t)=>e==="link"?t:Sd[e].length>0,bl=e=>Array.isArray(e)?e:[e],Wb=new WeakMap,Gb=(e,t,n,i)=>({buffer:o,context:a})=>{if(!o)return;const s=Wb.get(a)||{};Wb.set(a,s);const l=s[e]||=[];let c=!1;const d=Sd[e],u=Q4(e,i!==void 0);if(u){e:for(const[,p]of l)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[io]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){c=!0;break e}}}if(c?o[0]=o[0].replaceAll(t,""):u||e==="link"?l.push([t,n,i]):l.unshift([t,n,i]),o[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=l.map(([h,,m],g)=>{if(m===void 0)return[h,Number.MAX_SAFE_INTEGER,g];let A=f.indexOf(m);return A===-1&&(f.push(m),A=f.length-1),[h,A,g]}).sort((h,m)=>h[1]-m[1]||h[2]-m[2]).map(([h])=>h)}else p=l.map(([f])=>f);p.forEach(f=>{o[0]=o[0].replaceAll(f,"")}),o[0]=o[0].replace(/(?=<\/head>)/,p.join(""))}},vl=(e,t,n)=>Oi(new kn(e,n,bl(t??[])).toString()),wl=(e,t,n,i)=>{if("itemProp"in n)return vl(e,t,n);let{precedence:o,blocking:a,...s}=n;o=i?o??"":void 0,i&&(s[io]=o);const l=new kn(e,s,bl(t||[])).toString();return l instanceof Promise?l.then(c=>Oi(l,[...c.callbacks||[],Gb(e,c,s,o)])):Oi(l,[Gb(e,l,s,o)])},rj=({children:e,...t})=>{const n=s0();if(n){const i=ma(n);if(i==="svg"||i==="head")return new kn("title",t,bl(e??[]))}return wl("title",e,t,!1)},aj=({children:e,...t})=>{const n=s0();return["src","async"].some(i=>!t[i])||n&&ma(n)==="head"?vl("script",e,t):wl("script",e,t,!1)},sj=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,wl("style",e,t,!0)):vl("style",e,t),lj=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?vl("link",e,t):wl("link",e,t,Y4(t)),cj=({children:e,...t})=>{const n=s0();return n&&ma(n)==="head"?vl("meta",e,t):wl("meta",e,t,!1)},X4=(e,{children:t,...n})=>new kn(e,n,bl(t??[])),dj=e=>(typeof e.action=="function"&&(e.action=xd in e.action?e.action[xd]:void 0),X4("form",e)),ex=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=xd in t.formAction?t.formAction[xd]:void 0),X4(e,t)),uj=e=>ex("input",e),pj=e=>ex("button",e);const Tp=Object.freeze(Object.defineProperty({__proto__:null,button:pj,form:dj,input:uj,link:lj,meta:cj,script:aj,style:sj,title:rj},Symbol.toStringTag,{value:"Module"}));var fj=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),$d=e=>fj.get(e)||e,tx=(e,t)=>{for(const[n,i]of Object.entries(e)){const o=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);t(o,i==null?null:typeof i=="number"?o.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`:i)}},Bs=void 0,s0=()=>Bs,hj=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,mj=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],gj=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],l0=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const o=e[n];if(typeof o=="string")xr(o,t);else{if(typeof o=="boolean"||o===null||o===void 0)continue;o instanceof kn?o.toStringToBuffer(t):typeof o=="number"||o.isEscaped?t[0]+=o:o instanceof Promise?t.unshift("",o):l0(o,t)}}},kn=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?TC(Oi(e[0],e.callbacks)).toString():e[0]:CC(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const o=Bs&&ma(Bs)==="svg"?a=>hj($d(a)):a=>$d(a);for(let[a,s]of Object.entries(n))if(a=o(a),a!=="children"){if(a==="style"&&typeof s=="object"){let l="";tx(s,(c,d)=>{d!=null&&(l+=`${l?";":""}${c}:${d}`)}),e[0]+=' style="',xr(l,e),e[0]+='"'}else if(typeof s=="string")e[0]+=` ${a}="`,xr(s,e),e[0]+='"';else if(s!=null)if(typeof s=="number"||s.isEscaped)e[0]+=` ${a}="${s}"`;else if(typeof s=="boolean"&&gj.includes(a))s&&(e[0]+=` ${a}=""`);else if(a==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[Oi(s.__html)]}else if(s instanceof Promise)e[0]+=` ${a}="`,e.unshift('"',s);else if(typeof s=="function"){if(!a.startsWith("on")&&a!=="ref")throw new Error(`Invalid prop '${a}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${a}="`,xr(s.toString(),e),e[0]+='"'}if(mj.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",l0(i,e),e[0]+=`</${t}>`}},Ip=class extends kn{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(Wr.length===0)e.unshift("",i);else{const o=Wr.map(a=>[a,a.values.at(-1)]);e.unshift("",i.then(a=>(a instanceof kn&&(a.localContexts=o),a)))}else i instanceof kn?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):xr(i,e)}},nx=class extends kn{toStringToBuffer(e){l0(this.children,e)}},yj=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const o=rc(e,t,n);return o.key=i,o},Jb=!1,rc=(e,t,n)=>{if(!Jb){for(const i in gm)Tp[i][a0]=gm[i];Jb=!0}return typeof e=="function"?new Ip(e,t,n):Tp[e]?new Ip(Tp[e],t,n):e==="svg"||e==="head"?(Bs||=Z4(""),new kn(e,t,[new Ip(Bs,{value:e},n)])):new kn(e,t,n)},Gr=({children:e})=>new nx("",{children:e},Array.isArray(e)?e:e?[e]:[]),_j=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const o=e.props.children;i=Array.isArray(o)?o:[o]}return yj(e.tag,{...e.props,...t},...i)};function v(e,t,n){let i;if(!t||!("children"in t))i=rc(e,t,[]);else{const o=t.children;i=Array.isArray(o)?rc(e,t,o):rc(e,t,[o])}return i.key=n,i}async function Ce(e,t,n=!1){const{env:i}=e,o=await i.data.loginSessions.get(e.var.tenant_id||"",t);if(!o)throw new T(400,{message:"Login session not found"});e.set("loginSession",o);const a=await He(i,o.authParams.client_id);e.set("client_id",a.client_id),Qt(e,a.tenant.id);const s=a.tenant;if(o.session_id&&!n){if(!o.authParams.redirect_uri)throw new T(400,{message:"Login session closed and no redirect URI available"});const f=new URL(o.authParams.redirect_uri);throw f.searchParams.set("error","access_denied"),f.searchParams.set("error_description","Login session closed"),o.authParams.state&&f.searchParams.set("state",o.authParams.state),new _n(f.toString(),302)}const[l,c]=await Promise.all([i.data.themes.get(s.id,"default"),i.data.branding.get(s.id)]),d=l??ds,u=c?{...c,favicon_url:e.var.custom_domain?c.favicon_url:void 0}:null,p=o.authParams?.ui_locales?.split(" ")?.map(f=>f.split("-")[0])?.find(f=>{if(Array.isArray(R.options.supportedLngs))return R.options.supportedLngs.includes(f)});return await R.changeLanguage(p||"en"),{theme:d,branding:u,client:a,tenant:s,loginSession:o}}async function Ro(e,t,n){const{theme:i,branding:o,client:a,tenant:s,loginSession:l}=await Ce(e,t,!0),c=Po(a.tenant.id,e.req.header("cookie")),d=c?await e.env.data.sessions.get(a.tenant.id,c):null;if(n?.continuationScope&&u9(l,n.continuationScope)){if(!l.user_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const h=await e.env.data.users.get(a.tenant.id,l.user_id);if(!h)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const m=l.session_id?await e.env.data.sessions.get(a.tenant.id,l.session_id):null;return{theme:i,branding:o,client:a,user:h,tenant:s,loginSession:l,session:m,isContinuation:!0}}if(!d||d.revoked_at||!l.session_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const p=await e.env.data.sessions.get(a.tenant.id,l.session_id),f=await e.env.data.users.get(a.tenant.id,d.user_id);if(!f||p?.user_id!==d.user_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);return{theme:i,branding:o,client:a,user:f,tenant:s,loginSession:l,session:p,isContinuation:!1}}const Np={[V.USERNAME_PASSWORD]:"password",[V.EMAIL]:"email",[V.SMS]:"sms"};async function ix(e,t,n,i,o){if(i==="username"||o==="password")return"password";if(o==="code")return i==="sms"?"sms":"email";const s=(i==="email"?await Mo({userAdapter:e.env.data.users,tenant_id:t.tenant.id,email:n}):await xn({userAdapter:e.env.data.users,tenant_id:t.tenant.id,username:n,provider:i==="sms"?"sms":Oe}))?.app_metadata?.strategy;if(s&&Np[s])return Np[s];const l=t.connections.map(d=>Np[d.strategy]).filter(d=>d!==void 0);return l.length===1&&l[0]?l[0]:(await e.env.data.promptSettings.get(t.tenant.id)).password_first&&l.includes("password")?"password":i==="sms"?"sms":"email"}const c0=({theme:e,branding:t})=>{const n=e?.widget?.logo_url||t?.logo_url;return n?v("div",{className:"inline-flex h-9 items-center",children:v("img",{src:n,className:"h-full w-auto",alt:"Logo"})}):v(Gr,{})},ox=e=>v("div",{className:"mt-8",children:e.client?.client_metadata?.termsAndConditionsUrl&&v("div",{className:"text-xs text-gray-300",children:[R.t("agree_to")," ",v("a",{href:e.client.client_metadata.termsAndConditionsUrl,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:R.t("terms")})]})});var Pp={exports:{}};var Zb;function bj(){return Zb||(Zb=1,(function(e){(function(){var t={}.hasOwnProperty;function n(){for(var a="",s=0;s<arguments.length;s++){var l=arguments[s];l&&(a=o(a,i(l)))}return a}function i(a){if(typeof a=="string"||typeof a=="number")return a;if(typeof a!="object")return"";if(Array.isArray(a))return n.apply(null,a);if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]"))return a.toString();var s="";for(var l in a)t.call(a,l)&&a[l]&&(s=o(s,l));return s}function o(a,s){return s?a?a+" "+s:a+s:a}e.exports?(n.default=n,e.exports=n):window.classNames=n})()})(Pp)),Pp.exports}var vj=bj();const Fe=q2(vj),wj=e=>e==="small"?"text-base":e==="medium"?"text-2xl":e==="large"?"text-3xl":"",Ye=({name:e,size:t,className:n=""})=>{const i=wj(t);return v("span",{className:Fe(`uicon-${e}`,n,i)})};function rx(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function Aj(e,t,n){return`#${(e<<16|t<<8|n).toString(16).padStart(6,"0")}`}const kj=(e,t)=>{const[n,i,o]=rx(e);return Aj(Math.min(255,Math.round(n+(255-n)*t)),Math.min(255,Math.round(i+(255-i)*t)),Math.min(255,Math.round(o+(255-o)*t)))};function Yb(e){const[t,n,i]=rx(e).map(o=>{const a=o/255;return a<=.04045?a/12.92:Math.pow((a+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function ym(e,t){const n=Yb(e),i=Yb(t),o=Math.max(n,i),a=Math.min(n,i);return(o+.05)/(a+.05)}function Qb(e,t="light"){const n=ym(e,"#ffffff"),i=ym(e,"#000000"),o=1.35;return t==="light"?i>n*o?"#000000":"#ffffff":i*o>n?"#000000":"#ffffff"}const Jr="mn37485s",xj=(e,t)=>{const n=e?.colors?.primary_button||t?.colors?.primary||"#000000",i=e?.colors?.base_hover_color||kj(n,.2),o=e?.colors?.primary_button_label,a=o&&ym(o,n)>=4.5,s=a?o:Qb(n,"light"),l=a?o:Qb(n,"dark"),c=s!==l?`
|
|
86
|
+
In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function x7(e,t){if(e){if(typeof e=="string")return Db(e,t);var n={}.toString.call(e).slice(8,-1);return n==="Object"&&e.constructor&&(n=e.constructor.name),n==="Map"||n==="Set"?Array.from(e):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Db(e,t):void 0}}function Db(e,t){(t==null||t>e.length)&&(t=e.length);for(var n=0,i=Array(t);n<t;n++)i[n]=e[n];return i}function S7(e,t){var n=e==null?null:typeof Symbol<"u"&&e[Symbol.iterator]||e["@@iterator"];if(n!=null){var i,o,a,s,l=[],c=!0,d=!1;try{if(a=(n=n.call(e)).next,t!==0)for(;!(c=(i=a.call(n)).done)&&(l.push(i.value),l.length!==t);c=!0);}catch(u){d=!0,o=u}finally{try{if(!c&&n.return!=null&&(s=n.return(),Object(s)!==s))return}finally{if(d)throw o}}return l}}function $7(e){if(Array.isArray(e))return e}function E7(e){var t=Array.prototype.slice.call(e),n=A7(t,4),i=n[0],o=n[1],a=n[2],s=n[3],l,c,d;if(typeof i=="string")l=i;else throw new TypeError("A text for parsing must be a string.");if(!o||typeof o=="string")s?(c=a,d=s):(c=void 0,d=a),o&&(c=_7({defaultCountry:o},c));else if(Er(o))a?(c=o,d=a):d=o;else throw new Error("Invalid second argument: ".concat(o));return{text:l,options:c,metadata:d}}function Rs(e){"@babel/helpers - typeof";return Rs=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},Rs(e)}function Lb(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);t&&(i=i.filter(function(o){return Object.getOwnPropertyDescriptor(e,o).enumerable})),n.push.apply(n,i)}return n}function Ub(e){for(var t=1;t<arguments.length;t++){var n=arguments[t]!=null?arguments[t]:{};t%2?Lb(Object(n),!0).forEach(function(i){z7(e,i,n[i])}):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):Lb(Object(n)).forEach(function(i){Object.defineProperty(e,i,Object.getOwnPropertyDescriptor(n,i))})}return e}function z7(e,t,n){return(t=C7(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function C7(e){var t=T7(e,"string");return Rs(t)=="symbol"?t:t+""}function T7(e,t){if(Rs(e)!="object"||!e)return e;var n=e[Symbol.toPrimitive];if(n!==void 0){var i=n.call(e,t);if(Rs(i)!="object")return i;throw new TypeError("@@toPrimitive must return a primitive value.")}return(t==="string"?String:Number)(e)}function I7(e,t,n){t&&t.defaultCountry&&!jN(t.defaultCountry,n)&&(t=Ub(Ub({},t),{},{defaultCountry:void 0}));try{return y7(e,t,n)}catch(i){if(!(i instanceof ei))throw i}}function N7(){var e=E7(arguments),t=e.text,n=e.options,i=e.metadata;return I7(t,n,i)}function P7(){return AN(N7,arguments)}function Wo(e,t="US"){const n=e.trim();if(n.includes("@")){const i=n.toLowerCase(),o=/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(i);return{connectionType:"email",normalized:o?i:null,isValid:o,provider:"email"}}else if(/^\+?\d[\d\s\-().]*$/.test(n)){const i=P7(n,{defaultCountry:t});return i&&i.isValid()?{connectionType:"sms",normalized:i.number,isValid:!0,provider:"sms"}:{connectionType:"sms",normalized:null,isValid:!1,provider:"sms"}}else return{connectionType:"username",normalized:n,isValid:!0,provider:Oe}}function r0(e){let t=e.trim();t.startsWith("[")&&t.endsWith("]")&&(t=t.slice(1,-1));const n=t.indexOf("%");return n!==-1&&(t=t.slice(0,n)),t}function j7(e){const n=r0(e).split(".");return n.length!==4?!1:n.every(i=>/^\d+$/.test(i)&&Number(i)>=0&&Number(i)<=255)}function O7(e){const t=r0(e);if(t.length<2||t.indexOf(":")===-1||!/^[0-9a-fA-F:.]+$/.test(t))return!1;const n=t.split(":");return t.includes("::")?n.length<=8:n.length===8}function R7(e){let t=e.trim();const n=/^\[([^\]]+)\](?::\d+)?$/,i=t.match(n);if(i&&i[1])return i[1];const o=t.lastIndexOf(":");if(o!==-1){const a=t.slice(0,o),s=t.slice(o+1);/^[0-9.]+$/.test(a)&&/^\d+$/.test(s)&&(t=a)}return t}function Mb(e){if(!e)return null;const t=r0(R7(e));return j7(t)?{family:4,normalized:t}:O7(t)?{family:6,normalized:t.toLowerCase()}:null}function Fb(e){if(e.includes("::")){let[t,n]=e.split("::"),i=t?t.split(":").filter(Boolean):[],o=n?n.split(":").filter(Boolean):[],a=8-(i.length+o.length);return[...i.map(s=>s.toLowerCase()||"0"),...Array(a).fill("0"),...o.map(s=>s.toLowerCase()||"0")]}else return e.split(":").map(t=>t.toLowerCase()||"0")}function B7(e,t,n=!0){const i=Mb(e),o=Mb(t);if(!i||!o||i.family!==o.family)return!1;if(i.family===4)return i.normalized===o.normalized;const a=Fb(i.normalized),s=Fb(o.normalized);return n?a.length===8&&s.length===8&&a.join(":")===s.join(":"):a.slice(0,4).join(":")===s.slice(0,4).join(":")}class _n extends Error{location;status;constructor(t,n=302){super(`Redirect to ${t}`),this.name=_n.name,this.location=t,this.status=n}}const D7=r.z.object({client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),otp:r.z.string(),authParams:ls.optional(),enforceIpCheck:r.z.boolean().optional().default(!1)});async function F4(e,{client_id:t,username:n,otp:i,authParams:o,enforceIpCheck:a=!1}){const s=e.get("ip"),l=e.get("countryCode"),{connectionType:c,normalized:d}=Wo(n,l);if(!d)throw new X(400,{message:"Invalid username format"});e.set("connection",c);const u=await He(e.env,t,e.var.tenant_id),{env:p}=e,f=await p.data.codes.get(u.tenant.id,i,"otp");if(!f)throw new X(400,{message:me("code_invalid"),userSafe:!0});if(f.expires_at<new Date().toISOString())throw new X(400,{message:me("code_expired"),userSafe:!0});if(f.used_at)throw new X(400,{message:me("code_used"),userSafe:!0});const h=await p.data.loginSessions.get(u.tenant.id,f.login_id);if(!h||h.authParams.username!==n)throw new X(400,{message:"Code not found or expired",userSafe:!0});if(a&&h.ip&&s&&!B7(h.ip,s))throw new _n(`${Et(e.env)}invalid-session?state=${h.id}`);const m=await jd(e,{client:u,username:d,provider:c,connection:c,isSocial:!1,ip:e.var.ip});return await p.data.codes.used(u.tenant.id,i),{user:m,client:u,loginSession:h,connectionType:c,authConnection:c,session_id:h.session_id,authParams:{...h.authParams,...o||{}}}}async function hl(e,t){const n=await F4(e,t);return at(e,{authParams:n.authParams,client:n.client,user:n.user,loginSession:n.loginSession,authConnection:n.connectionType,authStrategy:{strategy:n.connectionType==="sms"?V.SMS:V.EMAIL,strategy_type:Zt.PASSWORDLESS}})}const qb=r.z.object({client_id:r.z.string().optional(),client_secret:r.z.string().optional()}),Hb=r.z.union([P4.extend(qb.shape),r.z.object({grant_type:r.z.literal("authorization_code"),client_id:r.z.string(),code:r.z.string(),redirect_uri:r.z.string(),code_verifier:r.z.string().min(43).max(128),organization:r.z.string().optional()}),r.z.object({grant_type:r.z.literal("authorization_code"),code:r.z.string(),redirect_uri:r.z.string().optional(),organization:r.z.string().optional(),...qb.shape}),r.z.object({grant_type:r.z.literal("refresh_token"),client_id:r.z.string().optional(),refresh_token:r.z.string(),redirect_uri:r.z.string().optional(),client_secret:r.z.string().optional()}),r.z.object({grant_type:r.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:r.z.string(),username:r.z.string(),otp:r.z.string(),realm:r.z.enum(["email","sms"])})]);function L7(e){if(!e)return{};const[t,n]=e.split(" ");if(t?.toLowerCase()==="basic"&&n){const[i,o]=atob(n).split(":");return{client_id:i,client_secret:o}}return{}}const U7=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Hb},"application/json":{schema:Hb}}}},responses:{200:{content:{"application/json":{schema:Um}},description:"Tokens"},302:{description:"Redirect for further user interaction (e.g., MFA, consent).",headers:r.z.object({Location:r.z.string().url()}).openapi({})},400:{description:"Bad Request - The request was malformed or invalid.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},401:{description:"Unauthorized - Client authentication failed.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},403:{description:"Forbidden - User is not a member of the required organization.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}}}}),async e=>{const n=(e.req.header("Content-Type")||"").includes("application/json")?e.req.valid("json"):e.req.valid("form"),i=L7(e.req.header("Authorization")),o={...n,...i};if(!o.client_id)throw new T(400,{message:"client_id is required"});e.set("client_id",o.client_id);let a;switch(n.grant_type){case hn.AuthorizationCode:a=await _N(e,yN.parse(o));break;case hn.ClientCredential:a=await gN(e,P4.parse(o));break;case hn.RefreshToken:a=await vN(e,bN.parse(o));break;case hn.OTP:a=await F4(e,D7.parse(o));break;default:return e.json({error:"unsupported_grant_type",error_description:"Grant type not implemented"},400)}Qt(e,a.client.tenant.id);const s=new Headers;a.session_id&&pd(a.client.tenant.id,a.session_id,e.var.host||"").forEach(u=>{s.append("Set-Cookie",u)});let l=[];if(a.authParams.audience)try{let d;if(n.grant_type===hn.ClientCredential)d=await zs(e,{grantType:hn.ClientCredential,tenantId:a.client.tenant.id,clientId:a.client.client_id,audience:a.authParams.audience,requestedScopes:a.authParams.scope?.split(" ")||[],organizationId:a.organization?.id});else{if(!a.user?.user_id)throw new X(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});d=await zs(e,{grantType:n.grant_type,tenantId:a.client.tenant.id,userId:a.user.user_id,clientId:a.client.client_id,audience:a.authParams.audience,requestedScopes:a.authParams.scope?.split(" ")||[],organizationId:a.organization?.id})}a.authParams.scope=d.scopes.join(" "),l=d.permissions}catch(d){if(d instanceof T)throw d;console.error("Error calculating scopes and permissions:",d)}const c=await Ru(e,{...a,grantType:n.grant_type,permissions:l.length>0?l:void 0});return e.json(c,{headers:s})});async function ml(e,t){const n=await e.env.data.emailProviders.get(e.var.tenant_id);if(!n)throw new T(500,{message:"Email provider not found"});const i=e.env.emailProviders?.[n.name];if(!i)throw new T(500,{message:"Email provider not found"});await i({emailProvider:n,...t,from:n.default_from_address||`login@${e.env.ISSUER}`})}async function q4(e,t){if(!e.var.client_id)throw new T(500,{message:"Client not found"});const n=await He(e.env,e.var.client_id),i=n.connections.find(s=>s.strategy===V.SMS);if(!i)throw new T(500,{message:"SMS provider not found"});const o=i.options?.provider||"twilio",a=e.env.smsProviders?.[o];if(!a)throw new T(500,{message:"SMS provider not found"});await a({options:i.options,to:t.to,from:t.from,text:t.text,template:"auth-code",data:{code:t.code,tenantName:n.tenant.friendly_name,tenantId:n.tenant.id}})}async function H4(e,t,n,i,o){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});const s=`${Et(e.env)}reset-password?state=${i}&code=${n}`,l=await e.env.data.branding.get(e.var.tenant_id),c=l?.logo_url||"",d=l?.colors?.primary||"#7d68f4",u={vendorName:a.friendly_name,lng:"en"};await ml(e,{to:t,subject:me("reset_password_title",u),html:`Click here to reset your password: ${Et(e.env)}reset-password?state=${i}&code=${n}`,template:"auth-password-reset",data:{vendorName:a.friendly_name,logo:c,passwordResetUrl:s,supportUrl:a.support_url||"https://support.sesamy.com",buttonColor:d,passwordResetTitle:me("password_reset_title",u),resetPasswordEmailClickToReset:me("reset_password_email_click_to_reset",u),resetPasswordEmailReset:me("reset_password_email_reset",u),supportInfo:me("support_info",u),contactUs:me("contact_us",u),copyright:me("copyright",u),tenantName:a.friendly_name,tenantId:a.id}}),ae(e,a.id,{type:oe.SUCCESS_CHANGE_PASSWORD_REQUEST,description:t})}async function gl(e,{to:t,code:n,language:i}){const o=await e.env.data.tenants.get(e.var.tenant_id);if(!o)throw new T(500,{message:"Tenant not found"});const{connectionType:a}=Wo(t),s=await e.env.data.branding.get(e.var.tenant_id),l=s?.logo_url||"",c=s?.colors?.primary||"#7d68f4",d=new URL(Et(e.env)),u={vendorName:o.friendly_name,vendorId:o.id,loginDomain:d.hostname,code:n,lng:i||"en"};a==="email"?await ml(e,{to:t,subject:me("code_email_subject",u),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:o.friendly_name,logo:l,supportUrl:o.support_url||"",buttonColor:c,welcomeToYourAccount:me("welcome_to_your_account",u),linkEmailClickToLogin:me("link_email_click_to_login",u),linkEmailLogin:me("link_email_login",u),linkEmailOrEnterCode:me("link_email_or_enter_code",u),codeValid30Mins:me("code_valid_30_minutes",u),supportInfo:me("support_info",u),contactUs:me("contact_us",u),copyright:me("copyright",u)}}):a==="sms"&&await q4(e,{to:t,text:me("sms_code_text",u),code:n,from:o.friendly_name}),ae(e,o.id,{type:oe.CODE_LINK_SENT,description:t})}async function yl(e,{to:t,code:n,authParams:i,language:o}){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});if(!i.redirect_uri)throw new T(400,{message:"redirect_uri is required"});const{connectionType:s}=Wo(t),l=await e.env.data.branding.get(e.var.tenant_id),c=l?.logo_url||"",d=l?.colors?.primary||"",u=new URL(Le(e.env));u.pathname="passwordless/verify_redirect",u.searchParams.set("verification_code",n),u.searchParams.set("connection",s),u.searchParams.set("client_id",i.client_id),u.searchParams.set("redirect_uri",i.redirect_uri),u.searchParams.set("email",t),i.response_type&&u.searchParams.set("response_type",i.response_type),i.scope&&u.searchParams.set("scope",i.scope),i.state&&u.searchParams.set("state",i.state),i.nonce&&u.searchParams.set("nonce",i.nonce),i.code_challenge&&u.searchParams.set("code_challenge",i.code_challenge),i.code_challenge_method&&u.searchParams.set("code_challenge_method",i.code_challenge_method),i.audience&&u.searchParams.set("audience",i.audience);const p={vendorName:a.friendly_name,code:n,lng:o||"en"};if(s==="email")await ml(e,{to:t,subject:me("code_email_subject",p),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:a.friendly_name,logo:c,supportUrl:a.support_url||"",magicLink:u.toString(),buttonColor:d,welcomeToYourAccount:me("welcome_to_your_account",p),linkEmailClickToLogin:me("link_email_click_to_login",p),linkEmailLogin:me("link_email_login",p),linkEmailOrEnterCode:me("link_email_or_enter_code",p),codeValid30Mins:me("code_valid_30_minutes",p),supportInfo:me("support_info",p),contactUs:me("contact_us",p),copyright:me("copyright",p)}});else if(s==="sms")await q4(e,{to:t,text:`${me("link_sms_login",p)}: ${u.toString()}`,code:n,from:a.friendly_name});else throw new T(400,{message:"Only email and SMS connections are supported for magic links"});ae(e,a.id,{type:oe.CODE_LINK_SENT,description:t})}async function Vu(e,t,n){const i=await e.env.data.tenants.get(e.var.tenant_id);if(!i)throw new T(500,{message:"Tenant not found"});if(!t.email)throw new T(400,{message:"User has no email"});const o=await e.env.data.branding.get(e.var.tenant_id),a=o?.logo_url||"",s=o?.colors?.primary||"#7d68f4",l={vendorName:i.friendly_name,lng:n||"en"};await ml(e,{to:t.email,subject:me("welcome_to_your_account",l),html:`Click here to validate your email: ${Et(e.env)}validate-email`,template:"auth-verify-email",data:{vendorName:i.friendly_name,logo:a,emailValidationUrl:`${Et(e.env)}validate-email`,supportUrl:i.support_url||"https://support.sesamy.com",buttonColor:s,welcomeToYourAccount:me("welcome_to_your_account",l),verifyEmailVerify:me("verify_email_verify",l),supportInfo:me("support_info",l),contactUs:me("contact_us",l),copyright:me("copyright",l)}})}async function M7(e,t,n,i,o){const a=await e.env.data.tenants.get(e.var.tenant_id);if(!a)throw new T(500,{message:"Tenant not found"});const s=await e.env.data.branding.get(e.var.tenant_id),l=s?.logo_url||"",c=s?.colors?.primary||"#7d68f4",d={vendorName:a.friendly_name,lng:"en"},u=`${Et(e.env)}signup?state=${i}&code=${n}`;await ml(e,{to:t,subject:me("register_password_account",d),html:`Click here to register: ${u}`,template:"auth-pre-signup-verification",data:{vendorName:a.friendly_name,logo:l,signupUrl:u,setPassword:me("set_password",d),registerPasswordAccount:me("register_password_account",d),clickToSignUpDescription:me("click_to_sign_up_description",d),supportUrl:a.support_url||"https://support.sesamy.com",buttonColor:c,welcomeToYourAccount:me("welcome_to_your_account",d),verifyEmailVerify:me("verify_email_verify",d),supportInfo:me("support_info",d),contactUs:me("contact_us",d),copyright:me("copyright",d)}})}const F7=new r.OpenAPIHono().openapi(r.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:r.z.object({client_id:r.z.string(),connection:r.z.literal(V.USERNAME_PASSWORD),email:r.z.string().transform(e=>e.toLowerCase()),password:r.z.string()})}}}},responses:{200:{content:{"application/json":{schema:r.z.object({_id:r.z.string(),email:r.z.string().optional(),email_verified:r.z.boolean(),app_metadata:r.z.object({}),user_metadata:r.z.object({})})}},description:"Created user"}}}),async e=>{const{email:t,password:n,client_id:i}=e.req.valid("json"),o=await He(e.env,i);e.set("client_id",o.client_id),Qt(e,o.tenant.id);const s=o.connections.find(f=>f.strategy===V.USERNAME_PASSWORD)?.name||V.USERNAME_PASSWORD,l=await Fs(e.env.data,o.tenant.id,s);try{await Ms(l,{tenantId:o.tenant.id,userId:"",newPassword:n,data:e.env.data})}catch(f){throw new T(400,{message:f?.message||"Password does not meet the requirements"})}if(await xn({userAdapter:e.env.data.users,tenant_id:o.tenant.id,username:t,provider:Oe}))throw new T(400,{message:"Invalid sign up"});const{hash:d,algorithm:u}=await fs(n),p=await e.env.data.users.create(o.tenant.id,{user_id:`${Oe}|${Uo()}`,email:t,email_verified:!1,provider:Oe,connection:V.USERNAME_PASSWORD,is_social:!1,password:{hash:d,algorithm:u}});e.set("user_id",p.user_id),e.set("username",p.email),e.set("connection",p.connection);try{await Vu(e,p)}catch(f){console.error("Failed to send verification email:",f)}return ae(e,o.tenant.id,{type:oe.SUCCESS_SIGNUP,description:"Successful signup"}),e.json({_id:p.user_id,email:p.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(r.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:r.z.object({client_id:r.z.string(),connection:r.z.literal(V.USERNAME_PASSWORD),email:r.z.string().transform(e=>e.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async e=>{const{email:t,client_id:n}=e.req.valid("json"),i=await He(e.env,n);if(e.set("client_id",i.client_id),Qt(e,i.tenant.id),!await Ui({userAdapter:e.env.data.users,tenant_id:i.tenant.id,username:t,provider:Oe}))return e.html("If an account with that email exists, we've sent instructions to reset your password.");const a={client_id:n,username:t},s=await e.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:a,csrf_token:Be(),ip:e.get("ip"),useragent:e.get("useragent"),auth0Client:ci(e.get("auth0_client"))});return await H4(e,t,s.id,s.authParams.state),e.html("If an account with that email exists, we've sent instructions to reset your password.")});function qt(){const e=new Uint8Array(6);crypto.getRandomValues(e);let t="";for(let n=0;n<6;n+=1)t+=(e[n]%10).toString();return t}const q7=new r.OpenAPIHono().openapi(r.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:r.z.union([r.z.object({connection:r.z.literal("email"),client_id:r.z.string(),email:r.z.string().transform(e=>e.toLowerCase()),send:r.z.enum(["link","code"]),authParams:ls.omit({client_id:!0})}),r.z.object({client_id:r.z.string(),connection:r.z.literal("sms"),phone_number:r.z.string(),send:r.z.enum(["link","code"]),authParams:ls.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async e=>{const t=e.req.valid("json"),{env:n}=e,{client_id:i,send:o,authParams:a,connection:s}=t,l=await He(e.env,i);e.set("client_id",l.client_id),Qt(e,l.tenant.id);const c=s==="email"?t.email:t.phone_number,d=e.get("ip"),u=e.get("useragent"),p=e.get("auth0_client"),f=ci(p),h=await n.data.loginSessions.create(l.tenant.id,{authParams:{...a,client_id:i,username:c},expires_at:new Date(Date.now()+Sr).toISOString(),csrf_token:Be(),ip:d,useragent:u,auth0Client:f}),m=await n.data.codes.create(l.tenant.id,{code_id:qt(),code_type:"otp",login_id:h.id,expires_at:new Date(Date.now()+Sr).toISOString(),redirect_uri:a.redirect_uri}),g=a?.ui_locales?.split(" ")?.map(A=>A.split("-")[0])[0];return o==="link"?await yl(e,{to:c,code:m.code_id,authParams:{...a,client_id:i},language:g}):await gl(e,{to:c,code:m.code_id,language:g}),e.html("OK")}).openapi(r.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:r.z.object({scope:r.z.string(),response_type:r.z.nativeEnum(lt),redirect_uri:r.z.string(),state:r.z.string(),nonce:r.z.string().optional(),verification_code:r.z.string(),connection:r.z.string(),client_id:r.z.string(),email:r.z.string().transform(e=>e.toLowerCase()),audience:r.z.string().optional()})},responses:{302:{description:"Successful verification, redirecting to continue flow.",headers:r.z.object({Location:r.z.string().url()}).openapi({})},400:{description:"Bad Request (e.g., invalid client, invalid code, missing parameters).",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}},500:{description:"Internal Server Error.",content:{"application/json":{schema:r.z.object({error:r.z.string(),error_description:r.z.string().optional()})}}}}}),async e=>{const{env:t}=e,{client_id:n,email:i,verification_code:o,redirect_uri:a,state:s,scope:l,audience:c,response_type:d,nonce:u}=e.req.valid("query"),p=await He(t,n);e.set("client_id",p.client_id),Qt(e,p.tenant.id),e.set("connection","email");const f={client_id:n,redirect_uri:a,state:s,nonce:u,scope:l,audience:c,response_type:d};let h="Something went wrong. Please try again later.";try{const w=await hl(e,{client_id:n,username:i,otp:o,authParams:f,enforceIpCheck:!0});if(w instanceof Response)return w;if(w&&typeof w=="object"&&"access_token"in w)return e.json(w)}catch(w){const k=w;"message"in k&&typeof k.message=="string"&&(h=k.message)}const m=e.get("ip"),g=e.get("useragent"),A=e.get("auth0_client"),y=ci(A),_=await t.data.loginSessions.create(p.tenant.id,{authParams:{...f,username:i},expires_at:new Date(Date.now()+Sr).toISOString(),csrf_token:Be(),ip:m,useragent:g,auth0Client:y});return e.redirect(`${Et(e.env)}invalid-session?state=${_.id}&error=${encodeURIComponent(h)}`,302)});class dr extends T{_code;constructor(t,n){super(t,n),this._code=n?.code}get code(){return this._code}}async function H7(e,t,n){const i=n.app_metadata||{},o=i.failed_logins||[],a=Date.now(),s=[...o.filter(l=>a-l<1e3*60*5),a];i.failed_logins=s,await e.users.update(t,n.user_id,{app_metadata:i})}function V7(e){const n=(e.app_metadata||{}).failed_logins||[],i=Date.now();return n.filter(o=>i-o<1e3*60*5)}async function V4(e,t,n,i){const{data:o}=e.env,{username:a}=n;if(e.set("username",a),!a)throw new X(400,{message:"Username is required"});const s=await Ui({userAdapter:e.env.data.users,tenant_id:t.tenant.id,username:a,provider:Oe});if(!s)throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new dr(403,{message:"User not found",code:"USER_NOT_FOUND"});const l=s.linked_to?await o.users.get(t.tenant.id,s.linked_to):s;if(!l)throw new dr(403,{message:"User not found",code:"USER_NOT_FOUND"});if(e.set("connection",s.connection),e.set("user_id",l.user_id),V7(l).length>=3)throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN,description:"Too many failed login attempts"}),new dr(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});const d=await o.passwords.get(t.tenant.id,s.user_id);if(!(d&&await Xr.compare(n.password,d.password)))throw ae(e,t.tenant.id,{type:oe.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),H7(o,t.tenant.id,l),new dr(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(!s.email_verified&&t.client_metadata?.email_validation==="enforced"){const f=i?.authParams?.ui_locales?.split(" ")?.map(h=>h.split("-")[0])[0];throw await Vu(e,s,f),ae(e,t.tenant.id,{type:oe.FAILED_LOGIN,description:"Email not verified"}),i&&await l9(e,t.tenant.id,i,"Email not verified"),new dr(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const p=l.app_metadata||{};return p.failed_logins&&p.failed_logins.length>0&&(p.failed_logins=[],o.users.update(t.tenant.id,l.user_id,{app_metadata:p})),{client:t,authParams:n,user:l,loginSession:i}}async function _l(e,t,n,i,o){const a=await V4(e,t,n,i);return at(e,{...a,ticketAuth:o,authConnection:e.get("connection")||V.USERNAME_PASSWORD,authStrategy:{strategy:V.USERNAME_PASSWORD,strategy_type:Zt.DATABASE}})}async function K7(e,t,n,i){await jd(e,{client:t,username:n,provider:Oe,connection:V.USERNAME_PASSWORD,isSocial:!1,ip:e.var.ip});let o=qt(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");for(;a;)o=qt(),a=await e.env.data.codes.get(t.tenant.id,o,"password_reset");const s=e.get("ip"),l=e.get("useragent"),c=e.get("auth0_client"),d=ci(c),u=await e.env.data.loginSessions.create(t.tenant.id,{expires_at:new Date(Date.now()+iT).toISOString(),authParams:{client_id:t.client_id,username:n},csrf_token:Be(),ip:s,useragent:l,auth0Client:d}),p=await e.env.data.codes.create(t.tenant.id,{code_id:o,code_type:"password_reset",login_id:u.id,expires_at:new Date(Date.now()+nT).toISOString()});await H4(e,n,p.code_id,i)}const W7=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:r.z.union([r.z.object({credential_type:r.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:r.z.string(),client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),realm:r.z.enum([V.EMAIL]),scope:r.z.string().optional()}),r.z.object({credential_type:r.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:r.z.string(),username:r.z.string().transform(e=>e.toLowerCase()),password:r.z.string(),realm:r.z.enum([V.USERNAME_PASSWORD]),scope:r.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async e=>{const t=e.req.valid("json"),{client_id:n,username:i}=t;e.set("username",i);const o=await He(e.env,n);e.set("client_id",n),Qt(e,o.tenant.id);const a=i.toLocaleLowerCase(),s=e.get("ip"),l=e.get("useragent"),c=e.get("auth0_client");let d;if("otp"in t)d=await hl(e,{client_id:n,username:a,otp:t.otp});else if("password"in t){const u=await e.env.data.loginSessions.create(o.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:{client_id:n,username:a},csrf_token:Be(),ip:s,useragent:l,auth0Client:ci(c)});d=await _l(e,o,{username:a,password:t.password,client_id:n},u,!0)}else throw new T(400,{message:"Code or password required"});return d});function K4(e,t){if(!e||t.length===0)return!1;const n=Cp(e)?.host??null;if(!n)return!1;for(const i of t){let o;if(i.startsWith("http://")||i.startsWith("https://")?o=Cp(i)?.host??null:o=Cp("https://"+i)?.host??null,n===o)return!0}return!1}function Cp(e){try{return new URL(e)}catch{return null}}function G7(e,t){if(!e||t===void 0)return!1;const n=new Date(e.authenticated_at).getTime(),i=t*1e3;return Date.now()-n>i}async function J7({ctx:e,session:t,client:n,authParams:i,connection:o,login_hint:a}){const s=new URL(e.req.url);e.var.custom_domain&&(s.hostname=e.var.custom_domain);const{ip:l,auth0_client:c,useragent:d}=e.var,u=ci(c);G7(t,i.max_age)&&(t=void 0);const p=await e.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:i,csrf_token:Be(),authorization_url:s.toString(),ip:l,useragent:d,auth0Client:u}),f=n.client_metadata?.universal_login_version==="2"?"/u2":"/u";if(t&&a){const h=await e.env.data.users.get(n.tenant.id,t.user_id);if(h?.email===a)return at(e,{client:n,loginSession:p,authParams:i,user:h,existingSessionIdToLink:t.id})}if(o===V.EMAIL&&a){const h=qt();return await e.env.data.codes.create(n.tenant.id,{code_id:h,code_type:"otp",login_id:p.id,expires_at:new Date(Date.now()+No*1e3).toISOString(),redirect_uri:i.redirect_uri}),await yl(e,{code:h,to:a,authParams:i}),e.redirect(`${f}/login/email-otp-challenge?state=${p.id}`)}if(t)return e.redirect(`${f}/check-account?state=${p.id}`);if(f==="/u2"){const h=await e.env.data.promptSettings.get(n.tenant.id),m=ho.parse(h||{}),g=n.connections.some(A=>A.strategy===V.USERNAME_PASSWORD);if(m.identifier_first===!1&&g)return e.redirect(`${f}/login?state=${p.id}`)}return e.redirect(`${f}/login/identifier?state=${p.id}`)}function Z7(e){if(e===V.USERNAME_PASSWORD)return Oe;if(e===V.EMAIL)return V.EMAIL;throw new X(403,{message:"Invalid realm"})}async function Y7(e,t,n,i,o){const{env:a}=e;e.set("connection",o);const s=await a.data.codes.get(t,n,"ticket");if(!s||s.used_at)throw new X(403,{message:"Ticket not found"});const l=await a.data.loginSessions.get(t,s.login_id);if(!l||!l.authParams.username)throw new X(403,{message:"Session not found"});const c=await He(a,l.authParams.client_id,t);e.set("client_id",l.authParams.client_id),await a.data.codes.used(t,n);const d=Z7(o),p=c.connections.find(m=>m.name===o)?.strategy||(d===Oe?V.USERNAME_PASSWORD:V.EMAIL),f=p===V.USERNAME_PASSWORD?Zt.DATABASE:Zt.PASSWORDLESS;let h=await jd(e,{username:l.authParams.username,provider:d,client:c,connection:o,isSocial:!1,ip:e.var.ip});return e.set("username",h.email||h.phone_number),e.set("user_id",h.user_id),at(e,{authParams:{scope:l.authParams?.scope,...i},loginSession:l,user:h,client:c,authConnection:o,authStrategy:{strategy:p,strategy_type:f}})}async function Q7({ctx:e,client:t,session:n,redirect_uri:i,state:o,nonce:a,code_challenge_method:s,code_challenge:l,audience:c,scope:d,response_type:u,response_mode:p,organization:f,max_age:h}){const{env:m}=e,g=new URL(i),A=`${g.protocol}//${g.host}`,y=p===vn.WEB_MESSAGE;async function _(ue="Login required"){const $e=new Headers;if(n&&(ae(e,t.tenant.id,{type:oe.FAILED_SILENT_AUTH,description:ue}),Z3(t.tenant.id,e.req.header("host")).forEach(Vi=>{$e.append("set-cookie",Vi)})),y)return Xh(e,A,JSON.stringify({error:"login_required",error_description:ue,state:o}),$e);const q=new URL(i);if(u===lt.TOKEN||u===lt.TOKEN_ID_TOKEN){const Qe=new URLSearchParams;Qe.set("error","login_required"),Qe.set("error_description",ue),o&&Qe.set("state",o),q.hash=Qe.toString()}else q.searchParams.set("error","login_required"),q.searchParams.set("error_description",ue),o&&q.searchParams.set("state",o);const Tt={Location:q.toString()},pe=$e.get("set-cookie");return pe&&(Tt["set-cookie"]=pe),new Response(null,{status:302,headers:Tt})}const w=!n||n?.expires_at&&new Date(n.expires_at)<new Date||n?.idle_expires_at&&new Date(n.idle_expires_at)<new Date,k=n&&h!==void 0&&Date.now()-new Date(n.authenticated_at).getTime()>h*1e3;if(w||k)return _();e.set("user_id",n.user_id);const b=await m.data.users.get(t.tenant.id,n.user_id);if(!b)return console.error("User not found",n.user_id),_("User not found");e.set("username",b.email),e.set("connection",b.connection);let S;if(f&&(S=await m.data.organizations.get(t.tenant.id,f),!S))return _("Organization not found");const E=c||t.tenant.audience;let C=d||"",I=[];if(E)try{const ue=await zs(e,{tenantId:t.tenant.id,clientId:t.client_id,audience:E,requestedScopes:d?.split(" ")||[],organizationId:S?.id,userId:b.user_id});C=ue.scopes.join(" "),I=ue.permissions}catch(ue){if(ue?.statusCode===403||ue?.status===403){const $e=ue?.body?.error_description||ue?.message||"Access denied";return _($e)}throw ue}else if(S&&!(await m.data.userOrganizations.list(t.tenant.id,{q:`user_id:${b.user_id}`,per_page:1e3})).userOrganizations.some(q=>q.organization_id===S.id))return _("User is not a member of the specified organization");const N=await m.data.loginSessions.create(t.tenant.id,{csrf_token:Be(),authParams:{client_id:t.client_id,audience:c,scope:d,state:o,nonce:a,response_type:u,redirect_uri:i,organization:f,max_age:h},expires_at:new Date(Date.now()+300*1e3).toISOString(),session_id:n.id,ip:e.var.ip,useragent:e.var.useragent}),z=h!==void 0?Math.floor(new Date(n.authenticated_at).getTime()/1e3):void 0,P={client:t,authParams:{client_id:t.client_id,audience:c,code_challenge_method:s,code_challenge:l,scope:C,state:o,nonce:a,response_type:u,redirect_uri:i,max_age:h},user:b,session_id:n.id,auth_time:z,permissions:I,organization:S},j=u===lt.CODE?await z4(e,{user:b,client:t,authParams:P.authParams,login_id:N.id}):await Ru(e,P),U=n.idle_expires_at?new Date(Date.now()+Iu*1e3).toISOString():void 0;await m.data.sessions.update(t.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),login_session_id:N.id,device:{...n.device,last_ip:e.var.ip||"",last_user_agent:e.var.useragent||""},idle_expires_at:U}),U&&await m.data.loginSessions.update(t.tenant.id,N.id,{expires_at:U}),ae(e,t.tenant.id,{type:oe.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});const B=new Headers;if(pd(t.tenant.id,n.id,e.req.header("host")).forEach(ue=>{B.append("set-cookie",ue)}),y)return Xh(e,A,JSON.stringify({...j,state:o}),B);const te=new URL(i);if(u===lt.TOKEN||u===lt.TOKEN_ID_TOKEN){const ue=new URLSearchParams;Object.entries(j).forEach(([$e,q])=>{q!==void 0&&ue.set($e,String(q))}),o&&ue.set("state",o),te.hash=ue.toString()}else Object.entries(j).forEach(([ue,$e])=>{$e!==void 0&&te.searchParams.set(ue,String($e))}),o&&te.searchParams.set("state",o);const he={Location:te.toString()},Se=B.get("set-cookie");return Se&&(he["set-cookie"]=Se),new Response(null,{status:302,headers:he})}const X7=[V.EMAIL,V.SMS,V.USERNAME_PASSWORD],Vb=r.z.object({client_id:r.z.string().optional(),vendor_id:r.z.string().optional(),redirect_uri:r.z.string().optional(),scope:r.z.string().optional(),state:r.z.string().optional(),prompt:r.z.string().optional(),response_mode:r.z.nativeEnum(vn).optional(),response_type:r.z.nativeEnum(lt).optional(),audience:r.z.string().optional(),connection:r.z.string().optional(),nonce:r.z.string().optional(),max_age:r.z.string().optional(),acr_values:r.z.string().optional(),login_ticket:r.z.string().optional(),code_challenge_method:r.z.nativeEnum(Nd).optional(),code_challenge:r.z.string().optional(),realm:r.z.string().optional(),auth0Client:r.z.string().optional(),organization:r.z.string().optional(),login_hint:r.z.string().optional(),screen_hint:r.z.string().optional(),ui_locales:r.z.string().optional()});function ej(e){try{const t=e.split(".");if(t.length<2||!t[1])return null;const n=new TextDecoder().decode(Ci.decode(t[1],{strict:!1})),i=JSON.parse(n);return typeof i!="object"||i===null?null:i}catch{return null}}const tj=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:Vb.extend({client_id:r.z.string(),screen_hint:r.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),request:r.z.string().openapi({description:"JWT containing authorization request parameters (OpenID Connect Core Section 6.1)"}).optional()}).passthrough()},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:r.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:Um}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:r.z.object({Location:r.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}}}}),async e=>{const{env:t}=e,n=e.req.valid("query");let i={};if(n.request){const B=ej(n.request);if(B){const K=Vb.safeParse(B);K.success&&(i=K.data)}}const{client_id:o,vendor_id:a,redirect_uri:s,scope:l,state:c,audience:d,nonce:u,connection:p,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:g,prompt:A,max_age:y,acr_values:_,login_ticket:w,realm:k,login_hint:b,ui_locales:S,organization:E}={...i,...n};e.set("log","authorize");const C=await He(t,o);e.set("client_id",C.client_id),Qt(e,C.tenant.id);let I=s;typeof s=="string"&&(I=s.split("#")[0]);const N=e.req.header("origin");if(N&&!K4(N,C.web_origins||[]))throw new T(403,{message:`Origin ${N} not allowed`});if(!f){if(I){const B=new URL(I);return B.searchParams.set("error","invalid_request"),B.searchParams.set("error_description","Missing required parameter: response_type"),c&&B.searchParams.set("state",c),e.redirect(B.toString())}throw new T(400,{message:"Missing required parameter: response_type"})}const z={redirect_uri:I,scope:l,state:c,client_id:o,vendor_id:a,audience:d,nonce:u,prompt:A,response_type:f,response_mode:h,code_challenge:m,code_challenge_method:g,username:b,ui_locales:S,organization:E,max_age:y?parseInt(y,10):void 0,acr_values:_};if(z.redirect_uri){const B=C.callbacks||[];if(e.var.host&&(B.push(`${qo(e.env)}/*`),B.push(`${Et(e.env)}/*`)),!Qg(z.redirect_uri,B,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new T(400,{message:`Invalid redirect URI - ${z.redirect_uri}`})}let P;const j=rT(C.tenant.id,e.req.header("cookie"));for(const B of j){const K=await t.data.sessions.get(C.tenant.id,B);if(K&&!K.revoked_at){P=K;break}}if(A=="none"){if(!I||!c||!f)throw new T(400,{message:"Missing required parameters for silent auth: redirect_uri, state, and response_type"});return Q7({ctx:e,session:P||void 0,redirect_uri:I,state:c,response_type:f,response_mode:h,client:C,nonce:u,code_challenge_method:g,code_challenge:m,audience:d,scope:l,organization:E,max_age:y?parseInt(y,10):void 0})}if(C.connections.length===1&&C.connections[0]&&!X7.includes(C.connections[0].strategy||""))return gb(e,C,C.connections[0].name,z);if(p&&p!==V.EMAIL)return gb(e,C,p,z);if(w){const B=await Y7(e,C.tenant.id,w,z,k);return B instanceof Response?B:e.json(B)}const U=await J7({ctx:e,client:C,authParams:z,session:P||void 0,connection:p,login_hint:b});return U instanceof Response?U:e.json(U)}),nj=new r.OpenAPIHono().openapi(r.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:r.z.object({client_id:r.z.string(),redirect_url:r.z.string().optional(),login_hint:r.z.string().toLowerCase().optional(),screen_hint:r.z.enum(["account","change-email","change-phone","change-password"]).optional().default("account")})},responses:{302:{description:"Redirect to the account page with login session state or login page",headers:r.z.object({Location:r.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:r.z.object({message:r.z.string()})}}}}}),async e=>{const{env:t}=e,{client_id:n,redirect_url:i,login_hint:o,screen_hint:a}=e.req.valid("query");e.set("log","account");const s=await He(t,n);e.set("client_id",s.client_id),Qt(e,s.tenant.id);const l={redirect_uri:i||e.req.url,client_id:n,username:o},c=e.req.header("origin");if(c&&!K4(c,s.web_origins||[]))throw new T(403,{message:`Origin ${c} not allowed`});if(l.redirect_uri){const _=s.callbacks||[];if(e.var.host&&(_.push(`${qo(e.env)}/*`),_.push(`${Et(e.env)}/*`)),!Qg(l.redirect_uri,_,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new T(400,{message:`Invalid redirect URI - ${l.redirect_uri}`})}const d=Po(s.tenant.id,e.req.header("cookie")),u=d?await t.data.sessions.get(s.tenant.id,d):void 0,p=u&&!u.revoked_at?u:void 0,f=new URL(e.req.url);e.var.custom_domain&&(f.hostname=e.var.custom_domain);const{ip:h,auth0_client:m,useragent:g}=e.var,A=ci(m),y=await t.data.loginSessions.create(s.tenant.id,{expires_at:new Date(Date.now()+No*1e3).toISOString(),authParams:l,csrf_token:Be(),authorization_url:f.toString(),ip:h,useragent:g,auth0Client:A});if(p){if(o&&(await t.data.users.get(s.tenant.id,p.user_id))?.email!==o)return e.redirect(`${Et(e.env)}login/identifier?state=${encodeURIComponent(y.id)}`);if(await t.data.loginSessions.update(s.tenant.id,y.id,{session_id:p.id}),a==="change-email"){const w=new URL("/u/account/change-email",e.req.url);return w.searchParams.set("state",y.id),e.redirect(w.toString())}const _=new URL("/u/account",e.req.url);return _.searchParams.set("state",y.id),e.redirect(_.toString())}return e.redirect(`${Et(e.env)}login/identifier?state=${encodeURIComponent(y.id)}`)});function ij(e){const t=new r.OpenAPIHono;t.use(async(i,o)=>{const a=ul(i,e.dataAdapter),s=e.dataAdapter.cache||ha({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),l=e.dataAdapter.cache?300:0,c=fl(a,{defaultTtl:l,cacheEntities:["tenants","connections","clientConnections","customDomains","clients","branding","themes","promptSettings","forms","resourceServers","roles","organizations","userRoles","userPermissions","hooks"],cache:s});return i.env.data=pl(i,c),o()}),t.use("/oauth/token",N4({origin:i=>i||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),t.use(fa).use(pa).use(Tu(t));const n=t.route("/v2/logout",uN).route("/userinfo",hN).route("/.well-known",mN).route("/oauth/token",U7).route("/dbconnections",F7).route("/passwordless",q7).route("/co/authenticate",W7).route("/authorize",tj).route("/account",nj).route("/callback",cN);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),Bg(n),n}var a0=Symbol("RENDERER"),mm=Symbol("ERROR_HANDLER"),Ve=Symbol("STASH"),W4=Symbol("INTERNAL"),oj=Symbol("MEMO"),xd=Symbol("PERMALINK"),Kb=e=>(e[W4]=!0,e),G4=e=>({value:t,children:n})=>{if(!n)return;const i={children:[{tag:Kb(()=>{e.push(t)}),props:{}}]};Array.isArray(n)?i.children.push(...n.flat()):i.children.push(n),i.children.push({tag:Kb(()=>{e.pop()}),props:{}});const o={tag:"",props:i,type:""};return o[mm]=a=>{throw e.pop(),a},o},J4=e=>{const t=[e],n=G4(t);return n.values=t,n.Provider=n,Wr.push(n),n},Wr=[],Z4=e=>{const t=[e],n=(i=>{t.push(i.value);let o;try{o=i.children?(Array.isArray(i.children)?new nx("",{},i.children):i.children).toString():""}catch(a){throw t.pop(),a}return o instanceof Promise?o.finally(()=>t.pop()).then(a=>Oi(a,a.callbacks)):(t.pop(),Oi(o))});return n.values=t,n.Provider=n,n[a0]=G4(t),Wr.push(n),n},ma=e=>e.values.at(-1),Sd={title:[],script:["src"],style:["data-href"],link:["href"],meta:["name","httpEquiv","charset","itemProp"]},gm={},io="data-precedence",Y4=e=>e.rel==="stylesheet"&&"precedence"in e,Q4=(e,t)=>e==="link"?t:Sd[e].length>0,bl=e=>Array.isArray(e)?e:[e],Wb=new WeakMap,Gb=(e,t,n,i)=>({buffer:o,context:a})=>{if(!o)return;const s=Wb.get(a)||{};Wb.set(a,s);const l=s[e]||=[];let c=!1;const d=Sd[e],u=Q4(e,i!==void 0);if(u){e:for(const[,p]of l)if(!(e==="link"&&!(p.rel==="stylesheet"&&p[io]!==void 0))){for(const f of d)if((p?.[f]??null)===n?.[f]){c=!0;break e}}}if(c?o[0]=o[0].replaceAll(t,""):u||e==="link"?l.push([t,n,i]):l.unshift([t,n,i]),o[0].indexOf("</head>")!==-1){let p;if(e==="link"||i!==void 0){const f=[];p=l.map(([h,,m],g)=>{if(m===void 0)return[h,Number.MAX_SAFE_INTEGER,g];let A=f.indexOf(m);return A===-1&&(f.push(m),A=f.length-1),[h,A,g]}).sort((h,m)=>h[1]-m[1]||h[2]-m[2]).map(([h])=>h)}else p=l.map(([f])=>f);p.forEach(f=>{o[0]=o[0].replaceAll(f,"")}),o[0]=o[0].replace(/(?=<\/head>)/,p.join(""))}},vl=(e,t,n)=>Oi(new kn(e,n,bl(t??[])).toString()),wl=(e,t,n,i)=>{if("itemProp"in n)return vl(e,t,n);let{precedence:o,blocking:a,...s}=n;o=i?o??"":void 0,i&&(s[io]=o);const l=new kn(e,s,bl(t||[])).toString();return l instanceof Promise?l.then(c=>Oi(l,[...c.callbacks||[],Gb(e,c,s,o)])):Oi(l,[Gb(e,l,s,o)])},rj=({children:e,...t})=>{const n=s0();if(n){const i=ma(n);if(i==="svg"||i==="head")return new kn("title",t,bl(e??[]))}return wl("title",e,t,!1)},aj=({children:e,...t})=>{const n=s0();return["src","async"].some(i=>!t[i])||n&&ma(n)==="head"?vl("script",e,t):wl("script",e,t,!1)},sj=({children:e,...t})=>["href","precedence"].every(n=>n in t)?(t["data-href"]=t.href,delete t.href,wl("style",e,t,!0)):vl("style",e,t),lj=({children:e,...t})=>["onLoad","onError"].some(n=>n in t)||t.rel==="stylesheet"&&(!("precedence"in t)||"disabled"in t)?vl("link",e,t):wl("link",e,t,Y4(t)),cj=({children:e,...t})=>{const n=s0();return n&&ma(n)==="head"?vl("meta",e,t):wl("meta",e,t,!1)},X4=(e,{children:t,...n})=>new kn(e,n,bl(t??[])),dj=e=>(typeof e.action=="function"&&(e.action=xd in e.action?e.action[xd]:void 0),X4("form",e)),ex=(e,t)=>(typeof t.formAction=="function"&&(t.formAction=xd in t.formAction?t.formAction[xd]:void 0),X4(e,t)),uj=e=>ex("input",e),pj=e=>ex("button",e);const Tp=Object.freeze(Object.defineProperty({__proto__:null,button:pj,form:dj,input:uj,link:lj,meta:cj,script:aj,style:sj,title:rj},Symbol.toStringTag,{value:"Module"}));var fj=new Map([["className","class"],["htmlFor","for"],["crossOrigin","crossorigin"],["httpEquiv","http-equiv"],["itemProp","itemprop"],["fetchPriority","fetchpriority"],["noModule","nomodule"],["formAction","formaction"]]),$d=e=>fj.get(e)||e,tx=(e,t)=>{for(const[n,i]of Object.entries(e)){const o=n[0]==="-"||!/[A-Z]/.test(n)?n:n.replace(/[A-Z]/g,a=>`-${a.toLowerCase()}`);t(o,i==null?null:typeof i=="number"?o.match(/^(?:a|border-im|column(?:-c|s)|flex(?:$|-[^b])|grid-(?:ar|[^a])|font-w|li|or|sca|st|ta|wido|z)|ty$/)?`${i}`:`${i}px`:i)}},Bs=void 0,s0=()=>Bs,hj=e=>/[A-Z]/.test(e)&&e.match(/^(?:al|basel|clip(?:Path|Rule)$|co|do|fill|fl|fo|gl|let|lig|i|marker[EMS]|o|pai|pointe|sh|st[or]|text[^L]|tr|u|ve|w)/)?e.replace(/([A-Z])/g,"-$1").toLowerCase():e,mj=["area","base","br","col","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"],gj=["allowfullscreen","async","autofocus","autoplay","checked","controls","default","defer","disabled","download","formnovalidate","hidden","inert","ismap","itemscope","loop","multiple","muted","nomodule","novalidate","open","playsinline","readonly","required","reversed","selected"],l0=(e,t)=>{for(let n=0,i=e.length;n<i;n++){const o=e[n];if(typeof o=="string")xr(o,t);else{if(typeof o=="boolean"||o===null||o===void 0)continue;o instanceof kn?o.toStringToBuffer(t):typeof o=="number"||o.isEscaped?t[0]+=o:o instanceof Promise?t.unshift("",o):l0(o,t)}}},kn=class{tag;props;key;children;isEscaped=!0;localContexts;constructor(e,t,n){this.tag=e,this.props=t,this.children=n}get type(){return this.tag}get ref(){return this.props.ref||null}toString(){const e=[""];this.localContexts?.forEach(([t,n])=>{t.values.push(n)});try{this.toStringToBuffer(e)}finally{this.localContexts?.forEach(([t])=>{t.values.pop()})}return e.length===1?"callbacks"in e?TC(Oi(e[0],e.callbacks)).toString():e[0]:CC(e,e.callbacks)}toStringToBuffer(e){const t=this.tag,n=this.props;let{children:i}=this;e[0]+=`<${t}`;const o=Bs&&ma(Bs)==="svg"?a=>hj($d(a)):a=>$d(a);for(let[a,s]of Object.entries(n))if(a=o(a),a!=="children"){if(a==="style"&&typeof s=="object"){let l="";tx(s,(c,d)=>{d!=null&&(l+=`${l?";":""}${c}:${d}`)}),e[0]+=' style="',xr(l,e),e[0]+='"'}else if(typeof s=="string")e[0]+=` ${a}="`,xr(s,e),e[0]+='"';else if(s!=null)if(typeof s=="number"||s.isEscaped)e[0]+=` ${a}="${s}"`;else if(typeof s=="boolean"&&gj.includes(a))s&&(e[0]+=` ${a}=""`);else if(a==="dangerouslySetInnerHTML"){if(i.length>0)throw new Error("Can only set one of `children` or `props.dangerouslySetInnerHTML`.");i=[Oi(s.__html)]}else if(s instanceof Promise)e[0]+=` ${a}="`,e.unshift('"',s);else if(typeof s=="function"){if(!a.startsWith("on")&&a!=="ref")throw new Error(`Invalid prop '${a}' of type 'function' supplied to '${t}'.`)}else e[0]+=` ${a}="`,xr(s.toString(),e),e[0]+='"'}if(mj.includes(t)&&i.length===0){e[0]+="/>";return}e[0]+=">",l0(i,e),e[0]+=`</${t}>`}},Ip=class extends kn{toStringToBuffer(e){const{children:t}=this,n={...this.props};t.length&&(n.children=t.length===1?t[0]:t);const i=this.tag.call(null,n);if(!(typeof i=="boolean"||i==null))if(i instanceof Promise)if(Wr.length===0)e.unshift("",i);else{const o=Wr.map(a=>[a,a.values.at(-1)]);e.unshift("",i.then(a=>(a instanceof kn&&(a.localContexts=o),a)))}else i instanceof kn?i.toStringToBuffer(e):typeof i=="number"||i.isEscaped?(e[0]+=i,i.callbacks&&(e.callbacks||=[],e.callbacks.push(...i.callbacks))):xr(i,e)}},nx=class extends kn{toStringToBuffer(e){l0(this.children,e)}},yj=(e,t,...n)=>{t??={},n.length&&(t.children=n.length===1?n[0]:n);const i=t.key;delete t.key;const o=rc(e,t,n);return o.key=i,o},Jb=!1,rc=(e,t,n)=>{if(!Jb){for(const i in gm)Tp[i][a0]=gm[i];Jb=!0}return typeof e=="function"?new Ip(e,t,n):Tp[e]?new Ip(Tp[e],t,n):e==="svg"||e==="head"?(Bs||=Z4(""),new kn(e,t,[new Ip(Bs,{value:e},n)])):new kn(e,t,n)},Gr=({children:e})=>new nx("",{children:e},Array.isArray(e)?e:e?[e]:[]),_j=(e,t,...n)=>{let i;if(n.length>0)i=n;else{const o=e.props.children;i=Array.isArray(o)?o:[o]}return yj(e.tag,{...e.props,...t},...i)};function v(e,t,n){let i;if(!t||!("children"in t))i=rc(e,t,[]);else{const o=t.children;i=Array.isArray(o)?rc(e,t,o):rc(e,t,[o])}return i.key=n,i}async function Ce(e,t,n=!1){const{env:i}=e,o=await i.data.loginSessions.get(e.var.tenant_id||"",t);if(!o)throw new T(400,{message:"Login session not found"});e.set("loginSession",o);const a=await He(i,o.authParams.client_id);e.set("client_id",a.client_id),Qt(e,a.tenant.id);const s=a.tenant;if(o.session_id&&!n){if(!o.authParams.redirect_uri)throw new T(400,{message:"Login session closed and no redirect URI available"});const f=new URL(o.authParams.redirect_uri);throw f.searchParams.set("error","access_denied"),f.searchParams.set("error_description","Login session closed"),o.authParams.state&&f.searchParams.set("state",o.authParams.state),new _n(f.toString(),302)}const[l,c]=await Promise.all([i.data.themes.get(s.id,"default"),i.data.branding.get(s.id)]),d=l??ds,u=c?{...c,favicon_url:e.var.custom_domain?c.favicon_url:void 0}:null,p=o.authParams?.ui_locales?.split(" ")?.map(f=>f.split("-")[0])?.find(f=>{if(Array.isArray(R.options.supportedLngs))return R.options.supportedLngs.includes(f)});return await R.changeLanguage(p||"en"),{theme:d,branding:u,client:a,tenant:s,loginSession:o}}async function Ro(e,t,n){const{theme:i,branding:o,client:a,tenant:s,loginSession:l}=await Ce(e,t,!0),c=Po(a.tenant.id,e.req.header("cookie")),d=c?await e.env.data.sessions.get(a.tenant.id,c):null;if(n?.continuationScope&&u9(l,n.continuationScope)){if(!l.user_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const h=await e.env.data.users.get(a.tenant.id,l.user_id);if(!h)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const m=l.session_id?await e.env.data.sessions.get(a.tenant.id,l.session_id):null;return{theme:i,branding:o,client:a,user:h,tenant:s,loginSession:l,session:m,isContinuation:!0}}if(!d||d.revoked_at||!l.session_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);const p=await e.env.data.sessions.get(a.tenant.id,l.session_id),f=await e.env.data.users.get(a.tenant.id,d.user_id);if(!f||p?.user_id!==d.user_id)throw new _n(`/u/login/identifier?state=${encodeURIComponent(t)}`);return{theme:i,branding:o,client:a,user:f,tenant:s,loginSession:l,session:p,isContinuation:!1}}const Np={[V.USERNAME_PASSWORD]:"password",[V.EMAIL]:"email",[V.SMS]:"sms"};async function ix(e,t,n,i,o){if(i==="username"||o==="password")return"password";if(o==="code")return i==="sms"?"sms":"email";const s=(i==="email"?await Mo({userAdapter:e.env.data.users,tenant_id:t.tenant.id,email:n}):await xn({userAdapter:e.env.data.users,tenant_id:t.tenant.id,username:n,provider:i==="sms"?"sms":Oe}))?.app_metadata?.strategy;if(s&&Np[s])return Np[s];const l=t.connections.map(d=>Np[d.strategy]).filter(d=>d!==void 0);return l.length===1&&l[0]?l[0]:(await e.env.data.promptSettings.get(t.tenant.id)).password_first&&l.includes("password")?"password":i==="sms"?"sms":"email"}const c0=({theme:e,branding:t})=>{const n=e?.widget?.logo_url||t?.logo_url;return n?v("div",{className:"inline-flex h-9 items-center",children:v("img",{src:n,className:"h-full w-auto",alt:"Logo"})}):v(Gr,{})},ox=e=>v("div",{className:"mt-8",children:e.client?.client_metadata?.termsAndConditionsUrl&&v("div",{className:"text-xs text-gray-300",children:[R.t("agree_to")," ",v("a",{href:e.client.client_metadata.termsAndConditionsUrl,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:R.t("terms")})]})});var Pp={exports:{}};var Zb;function bj(){return Zb||(Zb=1,(function(e){(function(){var t={}.hasOwnProperty;function n(){for(var a="",s=0;s<arguments.length;s++){var l=arguments[s];l&&(a=o(a,i(l)))}return a}function i(a){if(typeof a=="string"||typeof a=="number")return a;if(typeof a!="object")return"";if(Array.isArray(a))return n.apply(null,a);if(a.toString!==Object.prototype.toString&&!a.toString.toString().includes("[native code]"))return a.toString();var s="";for(var l in a)t.call(a,l)&&a[l]&&(s=o(s,l));return s}function o(a,s){return s?a?a+" "+s:a+s:a}e.exports?(n.default=n,e.exports=n):window.classNames=n})()})(Pp)),Pp.exports}var vj=bj();const Fe=q2(vj),wj=e=>e==="small"?"text-base":e==="medium"?"text-2xl":e==="large"?"text-3xl":"",Ye=({name:e,size:t,className:n=""})=>{const i=wj(t);return v("span",{className:Fe(`uicon-${e}`,n,i)})};function rx(e){const t=e.replace("#",""),n=parseInt(t,16);return[n>>16&255,n>>8&255,n&255]}function Aj(e,t,n){return`#${(e<<16|t<<8|n).toString(16).padStart(6,"0")}`}const kj=(e,t)=>{const[n,i,o]=rx(e);return Aj(Math.min(255,Math.round(n+(255-n)*t)),Math.min(255,Math.round(i+(255-i)*t)),Math.min(255,Math.round(o+(255-o)*t)))};function Yb(e){const[t,n,i]=rx(e).map(o=>{const a=o/255;return a<=.04045?a/12.92:Math.pow((a+.055)/1.055,2.4)});return .2126*t+.7152*n+.0722*i}function ym(e,t){const n=Yb(e),i=Yb(t),o=Math.max(n,i),a=Math.min(n,i);return(o+.05)/(a+.05)}function Qb(e,t="light"){const n=ym(e,"#ffffff"),i=ym(e,"#000000"),o=1.35;return t==="light"?i>n*o?"#000000":"#ffffff":i*o>n?"#000000":"#ffffff"}const Jr="mn3ck6ys",xj=(e,t)=>{const n=e?.colors?.primary_button||t?.colors?.primary||"#000000",i=e?.colors?.base_hover_color||kj(n,.2),o=e?.colors?.primary_button_label,a=o&&ym(o,n)>=4.5,s=a?o:Qb(n,"light"),l=a?o:Qb(n,"dark"),c=s!==l?`
|
|
87
87
|
@media (prefers-color-scheme: dark) {
|
|
88
88
|
body { --text-on-primary: ${l}; }
|
|
89
89
|
}`:"";return`
|
|
@@ -545,4 +545,5 @@ Varmista, että avaat kirjautumislinkin samalla selaimella, jolla aloitit kirjau
|
|
|
545
545
|
Voit aloittaa uuden kirjautumisen klikkaamalla alla olevaa linkkiä.`,gre="Virheellinen linkki",yre="Linkitetyt tilit",_re="Kirjaudu sisään napsauttamalla painiketta",bre="Kirjaudu sisään",vre="Tai kirjoita koodi osoitteessa {{vendorName}} kirjautumisen loppuun saattamiseksi.",wre="Kirjoita sähköpostiosoitteesi avataksesi tämän ohjelman osoitteessa {{service}}",Are="Yhdistä tilisi {{service}}",kre="Olet kirjautunut sisään nimellä",xre="Kirjaudu sisään",Sre="Kirjoita sähköpostiosoitteesi kirjautuaksesi sisään.",$re="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumiskoodin.",Ere="Kirjoita sähköpostiosoitteesi tai puhelinnumerosi kirjautuaksesi sisään",zre="Anna sähköpostiosoitteesi, niin lähetämme sinulle kirjautumislinkin.",Cre="Anna puhelinnumerosi kirjautuaksesi sisään",Tre="Kirjoita {{authMethod}} kirjautuaksesi sisään.",Ire="Kirjaudu ulos",Nre="Uusi sähköpostiosoite",Pre="Yksi kertainen koodi lähetetään uuteen sähköpostiosoitteeseesi, syötä koodi seuraavassa vaiheessa.",jre="Ei sähköpostiosoitetta asetettu",Ore="Ei, haluan käyttää toista tiliä",Rre="tai",Bre="Salasana",Dre="Salasana sisältää kielletyn sanan",Lre="Salasana ei saa sisältää henkilötietoja, kuten nimeäsi tai sähköpostiosoitettasi",Ure="Salasana on nollattu",Mre="Menestys",Fre="Salasanan on sisällettävä vähintään yksi pieni kirjain",qre="Salasanan on sisällettävä vähintään yksi numero",Hre="Salasanan on sisällettävä vähintään yksi erikoismerkki",Vre="Salasanan on sisällettävä vähintään yksi iso kirjain",Kre="Koodia ei löytynyt tai se on vanhentunut",Wre="Salasanaa ei voitu nollata",Gre="Salasanaa on käytetty äskettäin, eikä sitä voi käyttää uudelleen",Jre="Salasanan on oltava vähintään {{minLength}} merkkiä",Zre="Vaihda salasana tilillesi {{vendorName}} ",Yre="Vaihda salasana tilillesi {{vendorName}} ",Qre="Puhelinnumero",Xre="Tietosuojakäytäntö",eae="Uudelleenohjaus",tae="Vahvista salasana",nae="Rekisteröi uusi salasana",iae="Lähetä koodi uudelleen",oae="Vaihda salasana",rae="Kirjoita alla oleva uusi salasanasi sähköpostitiliä varten: ",aae="Napsauta painiketta salasanasi palauttamiseksi",sae="Napsauta painiketta salasanasi palauttamiseksi",lae="Nollaa salasanasi",cae="Vaihda salasana tilillesi {{vendorName}} ",dae="Nollaa salasana",uae="Lähetä",pae="Lähetä minulle uusi maaginen linkki",fae="Muista tarkistaa roskapostikansiosi, jos sähköposti ei ole saapunut.",hae="Aseta salasana",mae="Näytä salasana",gae="Kirjaudu sisään",yae="Rekisteröityminen",_ae="Rekisteröidy onnistuneesti",bae="{{code}} on kirjautumiskoodisi {{vendorName}}",vae="Näyttää siltä, että Spotify-tilisi on tällä hetkellä yhdistetty toiseen Sesamy-tiliin. Mutta älä pelkää, me opastamme sinua prosessin läpi, jotta saat tämän korjattua.",wae="Siirry Spotifyn Content Access -sivulle",Aae='Aloitetaan poistamalla Spotify-tilisi linkitys. Klikkaa alla olevaa painiketta siirtyäksesi Spotifyn Content Access -sivulle. Kun olet kirjautunut sisään Spotify-tilillesi, etsi Sesamy yhdistettyjen alustojen luettelosta. Napsauta "Unlink" Sesamyn logon vieressä.',kae="Vaihe 1: Poista Spotify-tilisi linkitys",xae="Kun olet onnistuneesti irrottanut Spotify-tilisi, voit yhdistää sen uudelleen Sesamyn kanssa. Toista vain aiemmin tekemäsi vaiheet, jotka johtivat sinut tälle sivulle.",Sae="Vaihe 2: Yhdistä Spotify-tilisi uudelleen Sesamyn kanssa",$ae="Hups! Spotify-tilisi on jo linkitetty",Eae="Valmis",zae="Jos sinulla on kysyttävää tai tarvitset apua, voit ottaa yhteyttä tukitiimiimme.",Cae="Ehdot ja edellytykset",Tae="Jokin meni pieleen. Yritä uudelleen.",Iae="Irrota",Nae="Sähköpostiosoitteesi on vahvistettava. Olemme lähettäneet uuden sähköpostiviestin sähköpostiisi.",Pae="Päivitä sähköposti",jae="Käyttäjätiliä ei ole olemassa",Oae="Käyttäjätiliä ei ole olemassa",Rae="Emme löytäneet käyttäjää, jolla on annettu sähköpostiosoite. Yritä uudelleen.",Bae="Yritä uudelleen.",Dae="Validoi koodi",Lae="Tarkista sähköpostin vahvistusohjeet postilaatikostasi.",Uae="Rekisteröitynyt",Mae="Vahvista sähköpostiosoitteesi napsauttamalla painiketta",Fae="Vahvista sähköpostiosoitteesi",qae="Vahvista sähköpostiosoitteesi",Hae="Vahvista tili",Vae="Vahvista sähköpostiosoitteesi",Kae="Tervetuloa",Wae="Tervetuloa tilillesi {{vendorName}}!",Gae="Tarkista sähköpostisi osoitteesta <0>{{email}}</0> ja syötä lähettämämme kuusinumeroinen koodi.",Jae="Jatka tällä tilillä",Zae="Kyllä, jatka {{text}}",Yae="Kyllä, jatka olemassa olevalla tilillä",Qae={account_detected:qie,account_page_description:Hie,account_title:Vie,account_with_sso_provider:Kie,agree_to:Wie,and:Gie,auth_method_email:Jie,auth_method_email_or_phone:Zie,auth_method_phone:Yie,callback_url_mismatch:Qie,callback_url_not_allowed:Xie,change_email:eoe,check_email_title:toe,click_to_sign_up_description:noe,code_email_enter_code:ioe,code_email_subject:ooe,code_email_title:roe,code_expired:aoe,code_invalid:soe,code_sent_template:loe,code_used:coe,code_valid_30_minutes:doe,configuration_error_message:uoe,confirm_password:poe,confirm_unlink:foe,contact_support:hoe,contact_us:moe,continue:"Jatka",continue_social_login:goe,continue_with:yoe,continue_with_sso_provider_headline:_oe,copyright:boe,copyright_sesamy:voe,create_account_description:woe,create_account_email_invalid:Aoe,create_account_passwords_didnt_match:koe,create_account_title:xoe,create_account_weak_password:Soe,create_new_account_link:$oe,create_password_account_title:Eoe,dont_have_account:zoe,current_email:Coe,currently_logged_in_as:Toe,edit:Ioe,email:Noe,email_already_taken:Poe,email_changed_to_template:joe,email_or_phone_placeholder:Ooe,email_placeholder:Roe,email_validated:Boe,email_validated_cta:Doe,email_verification_for_signup_sent_description:Loe,email_verification_for_signup_sent_title:Uoe,embedded_browser_detected:Moe,embedded_browser_warning:Foe,enter_a_code_btn:qoe,enter_code_description:Hoe,enter_code_label:Voe,enter_code_placeholder:Koe,enter_code_title:Woe,enter_email_for_verification_description:Goe,enter_new_email:Joe,enter_new_password_placeholder:Zoe,enter_password:Yoe,enter_password_description:Qoe,enter_password_signing_in_as:Xoe,enter_your_password_btn:ere,error_page_title:tre,expired_code:nre,fokus_info_message:ire,forgot_password_cta:ore,forgot_password_description:rre,forgot_password_email_sent:are,forgot_password_link:sre,forgot_password_title:lre,go_back:cre,hide_password:dre,incognito_mode_detected:ure,incognito_mode_warning:pre,"invalid-email":"Virheellinen sähköpostiosoite",invalid_identifier:fre,invalid_password:hre,invalid_session_body:mre,invalid_session_title:gre,linked_accounts:yre,link_email_click_to_login:_re,link_email_login:bre,link_email_or_enter_code:vre,link_page_body:wre,link_page_headline:Are,logged_in_as:kre,login:xre,login_description:Sre,login_description_code:$re,login_description_combined:Ere,login_description_link:zre,login_description_phone:Cre,login_description_template:Tre,logout:Ire,new_email:Nre,new_email_code_info:Pre,no_email_address:jre,no_use_another:Ore,or:Rre,password:Bre,password_contains_forbidden_word:Dre,password_contains_personal_info:Lre,password_has_been_reset:Ure,password_has_been_reset_title:Mre,password_missing_lowercase:Fre,password_missing_number:qre,password_missing_special:Hre,password_missing_uppercase:Vre,password_reset_code_expired:Kre,password_reset_failed:Wre,password_reused:Gre,password_too_short:Jre,password_reset_subject:Zre,password_reset_title:Yre,phone_placeholder:Qre,privacy_policy:Xre,redirecting:eae,reenter_new_password_placeholder:tae,register_password_account:nae,resend_code:iae,reset_password_cta:oae,reset_password_description:rae,reset_password_email_click_to_reset:aae,reset_password_email_cta:sae,reset_password_email_reset:lae,reset_password_subject:cae,reset_password_title:dae,send:uae,send_me_a_new_magic_link:pae,sent_code_spam:fae,"Server error: Invalid code":"Virheellinen koodi",set_password:hae,show_password:mae,sign_in:gae,signup:yae,signup_success:_ae,sms_code_text:bae,spotify_already_linked_body:vae,spotify_already_linked_cta:wae,spotify_already_linked_step1_body:Aae,spotify_already_linked_step1_title:kae,spotify_already_linked_step2_body:xae,spotify_already_linked_step2_title:Sae,spotify_already_linked_title:$ae,success:Eae,support_info:zae,terms:Cae,unexpected_error_try_again:Tae,unlink:Iae,unverified_email:Nae,update_email:Pae,user_account_does_not_exist:jae,user_not_found:Oae,user_not_found_body:Rae,user_not_found_cta:Bae,validate_code:Dae,validate_email_body:Lae,validate_email_title:Uae,verify_email_click_to_verify:Mae,verify_email_subject:Fae,verify_email_title:qae,verify_email_verify:Hae,verify_your_email:Vae,welcome:Kae,welcome_to_your_account:Wae,we_sent_a_code_to:Gae,yes_continue:Jae,yes_continue_with:Zae,yes_continue_with_existing_account:Yae},Xae="Konto opdaget",ese="Administrer dine kontooplysninger",tse="Konto",nse="Vi har opdaget, at du allerede har oprettet en konto gennem",ise="Når du logger ind, accepterer du vores",ose="og",rse="e-mail-adresse",ase="e-mail eller telefonnummer",sse="Telefonnummer",lse="Uoverensstemmelse mellem URL og tilbagekald",cse="Den angivne redirect_uri er ikke på listen over tilladte tilbagekalds-URL'er.",dse="Ændre e-mailadresse",use="Fortsæt med brugeren",pse="Klik på knappen for at oprette en ny adgangskodekonto.",fse="Indtast koden på {{vendorName}} for at gennemføre login.",hse="Velkommen til {{vendorName}}! {{code}} er login-koden",mse="Velkommen til {{vendorName}}! {{code}} er login-koden",gse="Koden er udløbet",yse="Ugyldig kode",_se="Tjek venligst <0>{{username}}</0> og indtast den sekscifrede kode, som vi har sendt til dig.",bse="Koden er allerede brugt",vse="Koden er gyldig i 30 minutter",wse="Der opstod en konfigurationsfejl.",Ase="Bekræft adgangskode",kse="Er du sikker på, at du vil fjerne forbindelsen til denne konto?",xse="Har du brug for hjælp?",Sse="Kontakt os",$se="eller fortsæt med social konto",Ese="Fortsæt med {{provider}}",zse="Vil du gerne fortsætte med din eksisterende konto?",Cse="Ophavsret © 2023 SESAMY. Alle rettigheder forbeholdes.",Tse="©2023 Sesamy",Ise="Vælg en adgangskode med en blanding af store og små bogstaver, tal og symboler.",Nse="Indtast venligst en gyldig e-mailadresse.",Pse="Adgangskoderne stemte ikke overens. Prøv igen.",jse="Vælg adgangskode",Ose="Adgangskoden skal være mindst 8 tegn lang og indeholde mindst et lille bogstav, et stort bogstav, et tal og et symbol.",Rse="Tilmeld dig",Bse="Tilmeld dig med adgangskode",Dse="Har du ikke en konto?",Lse="Nuværende e-mailadresse",Use="Du er i øjeblikket logget ind som <0>{{email}}</0>",Mse="Rediger",Fse="E-mail",qse="E-mailen er allerede optaget",Hse="E-mail ændret til <0>{{email}}</0> ",Vse="E-mail eller telefonnummer",Kse="E-mail-adresse",Wse="Din e-mailadresse er blevet valideret",Gse="Indtast nu din adgangskode for at logge ind igen",Jse="Der er sendt en e-mail til <0>{{email}}</0> med et bekræftelseslink. Klik på linket for at bekræfte din e-mailadresse og angive en adgangskode.",Zse="E-mail-bekræftelse sendt",Yse="Skal man blive ved med at logge ind?",Qse="Du er i øjeblikket inde på {{browserName}}. Denne browser logger dig ofte ud, så vi anbefaler, at du bruger din telefons standardbrowser i stedet.",Xse="Indtast en kode",ele="Indtast bekræftelseskoden",tle="Bekræftelseskode",nle="Indtast kode",ile="Tjek din e-mail",ole="Vi sender dig et bekræftelseslink for at sikre, at du ejer denne e-mailadresse.",rle="Indtast ny e-mail",ale="Indtast ny adgangskode",sle="Indtast adgangskode",lle="Indtast din e-mailadresse og adgangskode for at logge ind.",cle="Logger ind som {{email}}",dle="Indtast din adgangskode",ule="Noget gik galt",ple="Det magiske link er udløbet. Klik på knappen nedenfor for at modtage et nyt link i din indbakke.",fle="Hej! Vi har opdateret vores login-oplevelse. <0>Klik her for at lære mere om det.</0>",hle="Send e-mail til nulstilling af adgangskode",mle="Klik på knappen nedenfor, så sender vi instruktioner om, hvordan du nulstiller din adgangskode.",gle="E-mail til nulstilling af adgangskode sendt",yle="Har du glemt din adgangskode?",_le="Har du glemt din adgangskode?",ble="Gå tilbage",vle="Skjul adgangskode",wle="Inkognitotilstand opdaget",Ale="Du er i inkognito/privat tilstand. Sessionsdata fortsætter muligvis ikke på tværs af sideopdateringer. Nogle funktioner fungerer måske ikke som forventet.",kle="Ugyldig identifikator",xle="Ugyldig adgangskode",Sle="Linket er ikke længere gyldigt. Sørg for at åbne login-linket i den samme browser, som du startede login med. Du kan klikke på linket nedenfor for at starte et nyt login.",$le="Ugyldigt link",Ele="Koblede konti",zle="Klik på knappen for at logge ind",Cle="Login",Tle="Eller indtast koden på {{vendorName}} for at gennemføre login.",Ile="Indtast din e-mailadresse for at låse op for dette show på {{service}}",Nle="Forbind din konto med {{service}}",Ple="Du er logget ind som",jle="Login",Ole="Indtast din e-mailadresse for at logge ind.",Rle="Indtast din e-mailadresse, så sender vi dig en login-kode.",Ble="Indtast din e-mail eller dit telefonnummer for at logge ind",Dle="Indtast din e-mailadresse, så sender vi dig et login-link.",Lle="Indtast dit telefonnummer for at logge ind",Ule="Indtast din {{authMethod}} for at logge ind.",Mle="Log ud",Fle="Ny emailadresse",qle="En engangskode vil blive sendt til din nye e-mailadresse, indtast koden i næste trin.",Hle="Ingen e-mailadresse er angivet",Vle="Nej, jeg vil bruge en anden konto",Kle="eller",Wle="Adgangskode",Gle="Adgangskoden indeholder et forbudt ord",Jle="Adgangskoden må ikke indeholde personlige oplysninger som dit navn eller e-mail",Zle="Adgangskoden er blevet nulstillet",Yle="Succes",Qle="Adgangskoden skal indeholde mindst ét lille bogstav",Xle="Adgangskoden skal indeholde mindst ét tal",ece="Adgangskoden skal indeholde mindst ét specialtegn",tce="Adgangskoden skal indeholde mindst ét stort bogstav",nce="Koden blev ikke fundet eller er udløbet",ice="Adgangskoden kunne ikke nulstilles",oce="Adgangskoden er blevet brugt for nylig og kan ikke genbruges",rce="Adgangskoden skal være mindst {{minLength}} tegn",ace="Skift adgangskode til din {{vendorName}} konto",sce="Skift adgangskode til din {{vendorName}} -konto",lce="Telefonnummer",cce="Politik for beskyttelse af personlige oplysninger",dce="Omdirigering",uce="Bekræft adgangskode",pce="Registrer en ny adgangskode",fce="Send koden igen",hce="Skift adgangskode",mce="Indtast din nye adgangskode til e-mailkontoen nedenfor: ",gce="Klik på knappen for at nulstille din adgangskode",yce="Klik på knappen for at nulstille din adgangskode",_ce="Nulstil din adgangskode",bce="Skift adgangskode til din {{vendorName}} -konto",vce="Nulstil adgangskode",wce="Send",Ace="Send mig et nyt magisk link",kce="Husk at tjekke din spam-mappe, hvis e-mailen ikke er kommet frem.",xce="Indstil adgangskode",Sce="Vis adgangskode",$ce="Log ind",Ece="Tilmelding",zce="Tilmeld dig med succes",Cce="{{code}} er din login-kode til {{vendorName}}",Tce="Det ser ud til, at din Spotify-konto i øjeblikket er knyttet til en anden Sesamy-konto. Men frygt ikke, vi er her for at guide dig gennem processen med at få det løst.",Ice="Gå til Spotifys side for adgang til indhold",Nce='Lad os starte med at fjerne forbindelsen til din Spotify-konto. Klik på knappen nedenfor for at gå til Spotifys Content Access-side. Når du har logget ind på din Spotify-konto, skal du finde Sesamy på listen over tilsluttede platforme. Klik på "Unlink" ved siden af Sesamy-logoet.',Pce="Trin 1: Fjern forbindelsen til din Spotify-konto",jce="Når du har afkoblet din Spotify-konto, kan du koble den til Sesamy igen. Du skal blot gentage de trin, du tidligere har taget, og som førte dig til denne side.",Oce="Trin 2: Relink din Spotify-konto til Sesamy",Rce="Ups! Din Spotify-konto er allerede forbundet",Bce="Færdig",Dce="Hvis du har spørgsmål eller brug for hjælp, kan du kontakte vores supportteam",Lce="Vilkår og betingelser",Uce="Noget gik galt. Prøv venligst igen.",Mce="Frakobl",Fce="Din e-mailadresse skal valideres. Vi har sendt en ny e-mail til din indbakke",qce="Opdatering af e-mail",Hce="Brugerkontoen findes ikke",Vce="Brugerkontoen findes ikke",Kce="Vi kunne ikke finde en bruger med den angivne e-mailadresse. Prøv venligst igen.",Wce="Prøv igen.",Gce="Valider koden",Jce="Tjek din indbakke for instruktioner om validering af e-mail.",Zce="Tilmeldte sig",Yce="Klik på knappen for at bekræfte din e-mailadresse",Qce="Bekræft din e-mailadresse",Xce="Bekræft din e-mailadresse",ede="Bekræft konto",tde="Bekræft din e-mail",nde="Velkommen",ide="Velkommen til din {{vendorName}} konto!",ode="Tjek venligst din e-mail på <0>{{email}}</0> og indtast den sekscifrede kode, vi har sendt dig.",rde="Fortsæt med denne konto",ade="Ja, fortsæt med {{text}}",sde="Ja, fortsæt med eksisterende konto",lde={account_detected:Xae,account_page_description:ese,account_title:tse,account_with_sso_provider:nse,agree_to:ise,and:ose,auth_method_email:rse,auth_method_email_or_phone:ase,auth_method_phone:sse,callback_url_mismatch:lse,callback_url_not_allowed:cse,change_email:dse,check_email_title:use,click_to_sign_up_description:pse,code_email_enter_code:fse,code_email_subject:hse,code_email_title:mse,code_expired:gse,code_invalid:yse,code_sent_template:_se,code_used:bse,code_valid_30_minutes:vse,configuration_error_message:wse,confirm_password:Ase,confirm_unlink:kse,contact_support:xse,contact_us:Sse,continue:"Fortsæt",continue_social_login:$se,continue_with:Ese,continue_with_sso_provider_headline:zse,copyright:Cse,copyright_sesamy:Tse,create_account_description:Ise,create_account_email_invalid:Nse,create_account_passwords_didnt_match:Pse,create_account_title:jse,create_account_weak_password:Ose,create_new_account_link:Rse,create_password_account_title:Bse,dont_have_account:Dse,current_email:Lse,currently_logged_in_as:Use,edit:Mse,email:Fse,email_already_taken:qse,email_changed_to_template:Hse,email_or_phone_placeholder:Vse,email_placeholder:Kse,email_validated:Wse,email_validated_cta:Gse,email_verification_for_signup_sent_description:Jse,email_verification_for_signup_sent_title:Zse,embedded_browser_detected:Yse,embedded_browser_warning:Qse,enter_a_code_btn:Xse,enter_code_description:ele,enter_code_label:tle,enter_code_placeholder:nle,enter_code_title:ile,enter_email_for_verification_description:ole,enter_new_email:rle,enter_new_password_placeholder:ale,enter_password:sle,enter_password_description:lle,enter_password_signing_in_as:cle,enter_your_password_btn:dle,error_page_title:ule,expired_code:ple,fokus_info_message:fle,forgot_password_cta:hle,forgot_password_description:mle,forgot_password_email_sent:gle,forgot_password_link:yle,forgot_password_title:_le,go_back:ble,hide_password:vle,incognito_mode_detected:wle,incognito_mode_warning:Ale,"invalid-email":"Ugyldig e-mail",invalid_identifier:kle,invalid_password:xle,invalid_session_body:Sle,invalid_session_title:$le,linked_accounts:Ele,link_email_click_to_login:zle,link_email_login:Cle,link_email_or_enter_code:Tle,link_page_body:Ile,link_page_headline:Nle,logged_in_as:Ple,login:jle,login_description:Ole,login_description_code:Rle,login_description_combined:Ble,login_description_link:Dle,login_description_phone:Lle,login_description_template:Ule,logout:Mle,new_email:Fle,new_email_code_info:qle,no_email_address:Hle,no_use_another:Vle,or:Kle,password:Wle,password_contains_forbidden_word:Gle,password_contains_personal_info:Jle,password_has_been_reset:Zle,password_has_been_reset_title:Yle,password_missing_lowercase:Qle,password_missing_number:Xle,password_missing_special:ece,password_missing_uppercase:tce,password_reset_code_expired:nce,password_reset_failed:ice,password_reused:oce,password_too_short:rce,password_reset_subject:ace,password_reset_title:sce,phone_placeholder:lce,privacy_policy:cce,redirecting:dce,reenter_new_password_placeholder:uce,register_password_account:pce,resend_code:fce,reset_password_cta:hce,reset_password_description:mce,reset_password_email_click_to_reset:gce,reset_password_email_cta:yce,reset_password_email_reset:_ce,reset_password_subject:bce,reset_password_title:vce,send:wce,send_me_a_new_magic_link:Ace,sent_code_spam:kce,"Server error: Invalid code":"Ugyldig kode",set_password:xce,show_password:Sce,sign_in:$ce,signup:Ece,signup_success:zce,sms_code_text:Cce,spotify_already_linked_body:Tce,spotify_already_linked_cta:Ice,spotify_already_linked_step1_body:Nce,spotify_already_linked_step1_title:Pce,spotify_already_linked_step2_body:jce,spotify_already_linked_step2_title:Oce,spotify_already_linked_title:Rce,success:Bce,support_info:Dce,terms:Lce,unexpected_error_try_again:Uce,unlink:Mce,unverified_email:Fce,update_email:qce,user_account_does_not_exist:Hce,user_not_found:Vce,user_not_found_body:Kce,user_not_found_cta:Wce,validate_code:Gce,validate_email_body:Jce,validate_email_title:Zce,verify_email_click_to_verify:Yce,verify_email_subject:Qce,verify_email_title:Xce,verify_email_verify:ede,verify_your_email:tde,welcome:nde,welcome_to_your_account:ide,we_sent_a_code_to:ode,yes_continue:rde,yes_continue_with:ade,yes_continue_with_existing_account:sde},cde="https://assets.sesamy.com/images/login-bg.jpg",dde=({title:e,children:t,theme:n,branding:i})=>{const o=n?.page_background?.page_layout||"center",a=n?.page_background?.background_color||"#ffffff",s=n?.page_background?.background_image_url,l=s??cde,c=l?.startsWith("linear-gradient")||l?.startsWith("radial-gradient")||l?.startsWith("conic-gradient"),d=l?c?l:`url(${l})`:void 0;let u="justify-center",p="p-6 md:p-10";o==="left"?(u="justify-start",p="pl-12 pr-6 py-6 md:pl-20 md:pr-10 md:py-10"):o==="right"&&(u="justify-end",p="pr-12 pl-6 py-6 md:pr-20 md:pl-10 md:py-10");const f=Fe("min-h-screen w-full flex bg-cover bg-center",u,p),h={...d&&{backgroundImage:d},backgroundColor:a,display:"flex",alignItems:"stretch",justifyContent:o==="left"?"flex-start":o==="right"?"flex-end":"center",minHeight:"100vh",width:"100%"},m=Fe("w-full max-w-sm","flex flex-col justify-center");return v("html",{lang:R.language||"en",children:[v("head",{children:[v("title",{children:e}),v("meta",{charset:"UTF-8"}),v("meta",{name:"robots",content:"noindex, follow"}),v("link",{rel:"stylesheet",href:`/u/css/tailwind.css?v=${Jr}`}),v("meta",{name:"viewport",content:"width=device-width, initial-scale=1, maximum-scale=1"}),v("meta",{name:"theme-color",content:"#000000"}),i?.favicon_url&&v("link",{rel:"icon",type:"image/x-icon",href:i.favicon_url}),n?.fonts?.font_url&&v("link",{rel:"stylesheet",href:n.fonts.font_url})]}),v("body",{children:[v("div",{className:f,style:h,children:v("div",{className:m,children:[t,i?.powered_by_logo_url&&v("div",{className:"mt-5 text-left",children:v("a",{href:"https://authhero.com",target:"_blank",rel:"noopener noreferrer",className:"inline-block",children:v("img",{src:i.powered_by_logo_url,alt:"Powered by",className:"h-9 opacity-60 hover:opacity-100 transition-opacity"})})})]})}),v("div",{id:"client-root"}),v("script",{type:"module",src:`/u/js/client.js?v=${Jr}`})]})]})},vS=({children:e,className:t,style:n})=>v("div",{className:Fe("rounded-lg border border-gray-200 bg-white shadow-sm dark:border-gray-700 dark:bg-gray-800",t),style:n,children:e}),wS=({children:e,className:t})=>v("div",{className:Fe("flex flex-col space-y-1.5 p-6",t),children:e}),AS=({children:e,className:t,style:n})=>v("h3",{className:Fe("text-2xl font-semibold leading-none tracking-tight",t),style:n,children:e}),kS=({children:e,className:t,style:n})=>v("p",{className:Fe("text-sm text-gray-500 dark:text-gray-400",t),style:n,children:e}),xS=({children:e,className:t})=>v("div",{className:Fe("p-6 pt-0",t),children:e}),ude=({children:e,className:t})=>v("div",{className:Fe("flex items-center p-6 pt-0",t),children:e}),SS=({id:e,type:t="text",name:n,placeholder:i,className:o,required:a=!1,value:s,disabled:l=!1,error:c=!1,style:d})=>v("input",{id:e,type:t,name:n,placeholder:i,required:a,value:s,disabled:l,className:Fe("flex h-10 w-full rounded-md border border-gray-300 bg-white px-3 py-2 text-sm ring-offset-white transition-colors file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-gray-500 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 dark:border-gray-600 dark:bg-gray-800 dark:ring-offset-gray-900 dark:placeholder:text-gray-400",c&&"border-red-500 focus-visible:ring-red-500",o),style:d}),$S=({children:e,className:t,variant:n="default",size:i="default",type:o="button",disabled:a=!1,style:s})=>{const l={default:"bg-blue-600 text-white hover:bg-blue-700 dark:bg-blue-700 dark:hover:bg-blue-800",outline:"border border-gray-300 bg-transparent hover:bg-gray-100 dark:border-gray-600 dark:hover:bg-gray-800",ghost:"hover:bg-gray-100 dark:hover:bg-gray-800"},c={default:"h-10 px-4 py-2",sm:"h-9 px-3 text-sm",lg:"h-11 px-8"};return v("button",{type:o,disabled:a,className:Fe("inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50",l[n],c[i],t),style:s,children:e})},ES=({htmlFor:e,className:t,style:n,children:i})=>v("label",{for:e,className:Fe("text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70",t),style:n,children:i}),pde=({error:e,theme:t,branding:n,loginSession:i,email:o,client:a,className:s,isEmbedded:l,browserName:c})=>{const d=a.connections.map(({strategy:pe})=>pe),u=d.includes(V.EMAIL)||d.includes(V.USERNAME_PASSWORD),p=d.includes(V.SMS),f=new Set([V.EMAIL,V.SMS,V.USERNAME_PASSWORD,"auth0"]),h=a.connections.filter(pe=>!f.has(pe.strategy)).filter(pe=>pe.show_as_button!==!1).map(pe=>{const Qe=Bd[pe.strategy];return Qe?{...Qe,connectionName:pe.name,displayName:pe.display_name||Qe.displayName||pe.name,iconUrl:pe.options.icon_url}:null}).filter(pe=>pe!==null).filter(pe=>!(l&&pe.disableEmbeddedBrowsers)),m=u||p,g=u&&p?"email_or_phone_placeholder":u?"email_placeholder":p?"phone_placeholder":null,A=g?R.t(g,u&&p?"Email or Phone Number":u?"Email Address":"Phone Number"):"",y=t?.colors?.primary_button||n?.colors?.primary||"#0066cc",_=t?.colors?.primary_button_label||"#ffffff",w=t?.colors?.body_text||"#333333",k=t?.colors?.input_background||"#ffffff",b=t?.colors?.input_border||"#d1d5db",S=t?.colors?.input_filled_text||"#111827",E=t?.colors?.error||"#dc2626",C=t?.colors?.widget_background||"#ffffff",I=t?.colors?.widget_border||"#e5e7eb",N=t?.borders?.widget_corner_radius||8,z=t?.borders?.input_border_radius||4,P=t?.borders?.button_border_radius||4,j=t?.borders?.show_widget_shadow??!0,U=t?.fonts?.title?.size||24,B=t?.fonts?.title?.bold??!0,K=t?.fonts?.body_text?.size||14,te={backgroundColor:C,borderColor:I,borderRadius:`${N}px`,boxShadow:j?"0 1px 3px 0 rgba(0, 0, 0, 0.1)":"none",color:w},J={fontSize:`${U}px`,fontWeight:B?"700":"400",color:t?.colors?.header||w},he={fontSize:`${K}px`,color:t?.colors?.input_labels_placeholders||"#6b7280"},Se={backgroundColor:k,borderColor:e?E:b,borderRadius:`${z}px`,color:S},ue={backgroundColor:y,color:_,borderRadius:`${P}px`},$e=t?.widget?.logo_position||"center",q=$e==="left"?"text-left":$e==="right"?"text-right":"text-center",Re=t?.widget?.logo_url||n?.logo_url,Tt=$e!=="none"&ℜreturn v("div",{className:Fe("flex flex-col gap-6 w-full max-w-sm",s),children:[v("div",{id:"incognito-warning-container",className:"mb-4 hidden rounded-md border border-yellow-200 bg-yellow-50 p-4 text-sm text-yellow-800 dark:border-yellow-900 dark:bg-yellow-900/20 dark:text-yellow-100",role:"alert",children:v("div",{className:"flex items-start gap-3",children:[v("span",{className:"text-lg leading-none",children:"⚠️"}),v("div",{children:[v("strong",{children:R.t("incognito_mode_detected")}),v("p",{className:"mt-1 text-xs opacity-90",children:R.t("incognito_mode_warning")})]})]})}),l&&v("div",{className:"mb-4 rounded-md border border-orange-200 bg-orange-50 p-4 text-sm text-orange-800 dark:border-orange-900 dark:bg-orange-900/20 dark:text-orange-100",role:"alert",children:v("div",{className:"flex items-start gap-3",children:[v("span",{className:"text-lg leading-none",children:"⚠️"}),v("div",{children:[v("strong",{children:R.t("embedded_browser_detected")}),v("p",{className:"mt-1 text-xs opacity-90",children:R.t("embedded_browser_warning",{browserName:c||"the app"})})]})]})}),v(vS,{style:te,className:"border",children:[v(wS,{children:[Tt&&v("div",{className:Fe("mb-4",q),children:v(c0,{theme:t,branding:n})}),v(AS,{style:J,children:R.t("welcome","Login")}),v(kS,{style:he,children:m?R.t("login_description_template",{authMethod:R.t(g,{defaultValue:u&&p?"email or phone number":u?"email address":"phone number"}).toLocaleLowerCase(),defaultValue:"Enter your {{authMethod}} below to login to your account"}):R.t("login_description_social_only","Choose how to login")})]}),v(xS,{children:v("form",{method:"post",children:v("div",{className:"grid gap-6",children:[m&&v(Gr,{children:[v("div",{className:"grid gap-2",children:[v(ES,{htmlFor:"username",style:he,children:R.t(g,u&&p?"Email or Phone Number":u?"Email":"Phone Number")}),v(SS,{id:"username",name:"username",type:"text",placeholder:A,required:!0,value:o||"",error:!!e,className:"border lowercase",style:Se}),e&&v(nn,{children:e})]}),v($S,{type:"submit",className:"w-full transition-colors hover:brightness-90",style:ue,children:R.t("continue","Continue")})]}),h.length>0&&v(Gr,{children:[m&&v("div",{className:"relative text-center",style:{color:t?.colors?.input_labels_placeholders||"#6b7280",fontSize:`${K}px`},children:[v("div",{className:"absolute left-0 right-0 top-1/2 border-b",style:{borderColor:I}}),v("div",{className:"relative inline-block px-2",style:{backgroundColor:C},children:R.t("or","Or")})]}),v("div",{className:"flex gap-4 sm:flex-col short:flex-row",children:h.map(pe=>{const Qe=pe.iconUrl||pe.logoDataUri;return v("a",{href:`/authorize/redirect?state=${i.id}&connection=${pe.connectionName}`,className:"inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50 border bg-transparent hover:bg-gray-100 dark:hover:bg-gray-800 h-10 px-4 py-2 w-full sm:w-full short:flex-1",style:{borderColor:b,borderRadius:`${P}px`,color:w},children:[Qe&&v("img",{src:Qe,alt:pe.displayName,className:"h-5 w-5"}),v("span",{className:"sm:inline short:hidden",children:R.t("continue_with","Login with {{provider}}",{provider:pe.displayName})}),v("span",{className:"hidden short:inline",children:pe.displayName})]},pe.connectionName)})})]})]})})})]})]})},fde=({...e})=>v("svg",{width:"45",height:"45",viewBox:"0 0 45 45",xmlns:"http://www.w3.org/2000/svg",...e,children:[v("path",{d:"M44.1035 23.0123C44.1054 21.4791 43.9758 19.9486 43.716 18.4375H22.498V27.1028H34.6507C34.4021 28.4868 33.8757 29.8061 33.1034 30.9812C32.3311 32.1562 31.3289 33.1628 30.1571 33.9401V39.5649H37.41C41.6567 35.6494 44.1035 29.859 44.1035 23.0123Z",fill:"#4285F4"}),v("path",{d:"M22.4982 44.9997C28.5698 44.9997 33.6821 43.0061 37.4101 39.5687L30.1573 33.9439C28.1386 35.3126 25.5387 36.0938 22.4982 36.0938C16.6296 36.0938 11.6485 32.1377 9.86736 26.8066H2.39575V32.6033C4.26839 36.3297 7.13989 39.4622 10.6896 41.6512C14.2394 43.8402 18.3277 44.9995 22.4982 44.9997Z",fill:"#34A853"}),v("path",{d:"M9.86737 26.8073C8.92572 24.0138 8.92572 20.9886 9.86737 18.1951V12.3984H2.39576C0.820432 15.5332 0 18.9929 0 22.5012C0 26.0095 0.820432 29.4692 2.39576 32.604L9.86737 26.8073Z",fill:"#FBBC04"}),v("path",{d:"M22.4982 8.90741C25.7068 8.85499 28.8071 10.0673 31.1291 12.2823L37.5507 5.86064C33.4788 2.03602 28.0843 -0.0637686 22.4982 0.00147616C18.3277 0.00166623 14.2394 1.16098 10.6896 3.34999C7.13989 5.539 4.26839 8.67155 2.39575 12.3979L9.86736 18.1946C11.6485 12.8635 16.6296 8.90741 22.4982 8.90741Z",fill:"#EA4335"})]}),hde=e=>{const{theme:t,branding:n,client:i,authParams:o}=e,s=`/authorize?${new URLSearchParams(Object.entries(o).filter(([,l])=>l!==void 0).map(([l,c])=>[l,String(c)]))}`;return v(We,{theme:t,branding:n,client:i,title:R.t("user_not_found"),children:v("div",{className:"flex flex-1 flex-col justify-center",children:[v("p",{className:"mb-8 text-gray-300 text-lg",children:R.t("user_not_found_body")}),v(Ke,{Component:"a",href:s,children:R.t("user_not_found_cta")})]})})},mde=({...e})=>v("svg",{version:"1.1",id:"Layer_1",xmlns:"http://www.w3.org/2000/svg",x:"0px",y:"0px",viewBox:"0 0 48 48",enableBackground:"new 0 0 48 48",width:"45",height:"45",...e,children:[v("path",{fill:"#FF5B24",d:"M3.5,8h41c1.9,0,3.5,1.6,3.5,3.5v25c0,1.9-1.6,3.5-3.5,3.5h-41C1.6,40,0,38.4,0,36.5v-25C0,9.6,1.6,8,3.5,8z"}),v("path",{fillRule:"evenodd",clipRule:"evenodd",fill:"#FFFFFF",d:`M27.9,20.3c1.4,0,2.6-1,2.6-2.5h0c0-1.5-1.2-2.5-2.6-2.5c-1.4,0-2.6,1-2.6,2.5C25.3,19.2,26.5,20.3,27.9,20.3z
|
|
546
546
|
M31.2,24.4c-1.7,2.2-3.5,3.8-6.7,3.8h0c-3.2,0-5.8-2-7.7-4.8c-0.8-1.2-2-1.4-2.9-0.8c-0.8,0.6-1,1.8-0.3,2.9
|
|
547
547
|
c2.7,4.1,6.5,6.6,10.9,6.6c4,0,7.2-2,9.6-5.2c0.9-1.2,0.9-2.5,0-3.1C33.3,22.9,32.1,23.2,31.2,24.4z`})]});async function gde(e,t){const{tenantId:n,userId:i}=t,{data:o}=e.env;o.sessionCleanup&&await o.sessionCleanup({tenant_id:n,user_id:i})}const Wa=[{description:"Read Client Grants",value:"read:client_grants"},{description:"Create Client Grants",value:"create:client_grants"},{description:"Delete Client Grants",value:"delete:client_grants"},{description:"Update Client Grants",value:"update:client_grants"},{description:"Read Users",value:"read:users"},{description:"Update Users",value:"update:users"},{description:"Delete Users",value:"delete:users"},{description:"Create Users",value:"create:users"},{description:"Read Users App Metadata",value:"read:users_app_metadata"},{description:"Update Users App Metadata",value:"update:users_app_metadata"},{description:"Delete Users App Metadata",value:"delete:users_app_metadata"},{description:"Create Users App Metadata",value:"create:users_app_metadata"},{description:"Read Custom User Blocks",value:"read:user_custom_blocks"},{description:"Create Custom User Blocks",value:"create:user_custom_blocks"},{description:"Delete Custom User Blocks",value:"delete:user_custom_blocks"},{description:"Create User Tickets",value:"create:user_tickets"},{description:"Read Clients",value:"read:clients"},{description:"Update Clients",value:"update:clients"},{description:"Delete Clients",value:"delete:clients"},{description:"Create Clients",value:"create:clients"},{description:"Read Client Keys",value:"read:client_keys"},{description:"Update Client Keys",value:"update:client_keys"},{description:"Delete Client Keys",value:"delete:client_keys"},{description:"Create Client Keys",value:"create:client_keys"},{description:"Read Client Credentials",value:"read:client_credentials"},{description:"Update Client Credentials",value:"update:client_credentials"},{description:"Delete Client Credentials",value:"delete:client_credentials"},{description:"Create Client Credentials",value:"create:client_credentials"},{description:"Read Connections",value:"read:connections"},{description:"Update Connections",value:"update:connections"},{description:"Delete Connections",value:"delete:connections"},{description:"Create Connections",value:"create:connections"},{description:"Read Resource Servers",value:"read:resource_servers"},{description:"Update Resource Servers",value:"update:resource_servers"},{description:"Delete Resource Servers",value:"delete:resource_servers"},{description:"Create Resource Servers",value:"create:resource_servers"},{description:"Read Device Credentials",value:"read:device_credentials"},{description:"Update Device Credentials",value:"update:device_credentials"},{description:"Delete Device Credentials",value:"delete:device_credentials"},{description:"Create Device Credentials",value:"create:device_credentials"},{description:"Read Rules",value:"read:rules"},{description:"Update Rules",value:"update:rules"},{description:"Delete Rules",value:"delete:rules"},{description:"Create Rules",value:"create:rules"},{description:"Read Rules Configs",value:"read:rules_configs"},{description:"Update Rules Configs",value:"update:rules_configs"},{description:"Delete Rules Configs",value:"delete:rules_configs"},{description:"Read Hooks",value:"read:hooks"},{description:"Update Hooks",value:"update:hooks"},{description:"Delete Hooks",value:"delete:hooks"},{description:"Create Hooks",value:"create:hooks"},{description:"Read Actions",value:"read:actions"},{description:"Update Actions",value:"update:actions"},{description:"Delete Actions",value:"delete:actions"},{description:"Create Actions",value:"create:actions"},{description:"Read Email Provider",value:"read:email_provider"},{description:"Update Email Provider",value:"update:email_provider"},{description:"Delete Email Provider",value:"delete:email_provider"},{description:"Create Email Provider",value:"create:email_provider"},{description:"Blacklist Tokens",value:"blacklist:tokens"},{description:"Read Stats",value:"read:stats"},{description:"Read Insights",value:"read:insights"},{description:"Read Tenant Settings",value:"read:tenant_settings"},{description:"Update Tenant Settings",value:"update:tenant_settings"},{description:"Read Logs",value:"read:logs"},{description:"Read logs relating to users",value:"read:logs_users"},{description:"Read Shields",value:"read:shields"},{description:"Create Shields",value:"create:shields"},{description:"Update Shields",value:"update:shields"},{description:"Delete Shields",value:"delete:shields"},{description:"Read Anomaly Detection Blocks",value:"read:anomaly_blocks"},{description:"Delete Anomaly Detection Blocks",value:"delete:anomaly_blocks"},{description:"Update Triggers",value:"update:triggers"},{description:"Read Triggers",value:"read:triggers"},{description:"Read User Grants",value:"read:grants"},{description:"Delete User Grants",value:"delete:grants"},{description:"Read Guardian factors configuration",value:"read:guardian_factors"},{description:"Update Guardian factors",value:"update:guardian_factors"},{description:"Read Guardian enrollments",value:"read:guardian_enrollments"},{description:"Delete Guardian enrollments",value:"delete:guardian_enrollments"},{description:"Create enrollment tickets for Guardian",value:"create:guardian_enrollment_tickets"},{description:"Read Users IDP tokens",value:"read:user_idp_tokens"},{description:"Create password checking jobs",value:"create:passwords_checking_job"},{description:"Deletes password checking job and all its resources",value:"delete:passwords_checking_job"},{description:"Read custom domains configurations",value:"read:custom_domains"},{description:"Delete custom domains configurations",value:"delete:custom_domains"},{description:"Configure new custom domains",value:"create:custom_domains"},{description:"Update custom domain configurations",value:"update:custom_domains"},{description:"Read email templates",value:"read:email_templates"},{description:"Create email templates",value:"create:email_templates"},{description:"Update email templates",value:"update:email_templates"},{description:"Read Multifactor Authentication policies",value:"read:mfa_policies"},{description:"Update Multifactor Authentication policies",value:"update:mfa_policies"},{description:"Read roles",value:"read:roles"},{description:"Create roles",value:"create:roles"},{description:"Delete roles",value:"delete:roles"},{description:"Update roles",value:"update:roles"},{description:"Read prompts settings",value:"read:prompts"},{description:"Update prompts settings",value:"update:prompts"},{description:"Read branding settings",value:"read:branding"},{description:"Update branding settings",value:"update:branding"},{description:"Delete branding settings",value:"delete:branding"},{description:"Read log_streams",value:"read:log_streams"},{description:"Create log_streams",value:"create:log_streams"},{description:"Delete log_streams",value:"delete:log_streams"},{description:"Update log_streams",value:"update:log_streams"},{description:"Create signing keys",value:"create:signing_keys"},{description:"Read signing keys",value:"read:signing_keys"},{description:"Update signing keys",value:"update:signing_keys"},{description:"Read entity limits",value:"read:limits"},{description:"Update entity limits",value:"update:limits"},{description:"Create role members",value:"create:role_members"},{description:"Read role members",value:"read:role_members"},{description:"Update role members",value:"delete:role_members"},{description:"Read entitlements",value:"read:entitlements"},{description:"Read attack protection",value:"read:attack_protection"},{description:"Update attack protection",value:"update:attack_protection"},{description:"Read organization summary",value:"read:organizations_summary"},{description:"Create Authentication Methods",value:"create:authentication_methods"},{description:"Read Authentication Methods",value:"read:authentication_methods"},{description:"Update Authentication Methods",value:"update:authentication_methods"},{description:"Delete Authentication Methods",value:"delete:authentication_methods"},{description:"Read Organizations",value:"read:organizations"},{description:"Update Organizations",value:"update:organizations"},{description:"Create Organizations",value:"create:organizations"},{description:"Delete Organizations",value:"delete:organizations"},{description:"Administer Organizations",value:"admin:organizations"},{description:"Read Organization Discovery Domains",value:"read:organization_discovery_domains"},{description:"Update Organization Discovery Domains",value:"update:organization_discovery_domains"},{description:"Create Organization Discovery Domains",value:"create:organization_discovery_domains"},{description:"Delete Organization Discovery Domains",value:"delete:organization_discovery_domains"},{description:"Create organization members",value:"create:organization_members"},{description:"Read organization members",value:"read:organization_members"},{description:"Delete organization members",value:"delete:organization_members"},{description:"Create organization connections",value:"create:organization_connections"},{description:"Read organization connections",value:"read:organization_connections"},{description:"Update organization connections",value:"update:organization_connections"},{description:"Delete organization connections",value:"delete:organization_connections"},{description:"Create organization member roles",value:"create:organization_member_roles"},{description:"Read organization member roles",value:"read:organization_member_roles"},{description:"Delete organization member roles",value:"delete:organization_member_roles"},{description:"Create organization invitations",value:"create:organization_invitations"},{description:"Read organization invitations",value:"read:organization_invitations"},{description:"Delete organization invitations",value:"delete:organization_invitations"},{description:"Read SCIM configuration",value:"read:scim_config"},{description:"Create SCIM configuration",value:"create:scim_config"},{description:"Update SCIM configuration",value:"update:scim_config"},{description:"Delete SCIM configuration",value:"delete:scim_config"},{description:"Create SCIM token",value:"create:scim_token"},{description:"Read SCIM token",value:"read:scim_token"},{description:"Delete SCIM token",value:"delete:scim_token"},{description:"Delete a Phone Notification Provider",value:"delete:phone_providers"},{description:"Create a Phone Notification Provider",value:"create:phone_providers"},{description:"Read a Phone Notification Provider",value:"read:phone_providers"},{description:"Update a Phone Notification Provider",value:"update:phone_providers"},{description:"Delete a Phone Notification Template",value:"delete:phone_templates"},{description:"Create a Phone Notification Template",value:"create:phone_templates"},{description:"Read a Phone Notification Template",value:"read:phone_templates"},{description:"Update a Phone Notification Template",value:"update:phone_templates"},{description:"Create encryption keys",value:"create:encryption_keys"},{description:"Read encryption keys",value:"read:encryption_keys"},{description:"Update encryption keys",value:"update:encryption_keys"},{description:"Delete encryption keys",value:"delete:encryption_keys"},{description:"Read Sessions",value:"read:sessions"},{description:"Update Sessions",value:"update:sessions"},{description:"Delete Sessions",value:"delete:sessions"},{description:"Read Refresh Tokens",value:"read:refresh_tokens"},{description:"Update Refresh Tokens",value:"update:refresh_tokens"},{description:"Delete Refresh Tokens",value:"delete:refresh_tokens"},{description:"Create Self Service Profiles",value:"create:self_service_profiles"},{description:"Read Self Service Profiles",value:"read:self_service_profiles"},{description:"Update Self Service Profiles",value:"update:self_service_profiles"},{description:"Delete Self Service Profiles",value:"delete:self_service_profiles"},{description:"Create SSO Access Tickets",value:"create:sso_access_tickets"},{description:"Delete SSO Access Tickets",value:"delete:sso_access_tickets"},{description:"Read Forms",value:"read:forms"},{description:"Update Forms",value:"update:forms"},{description:"Delete Forms",value:"delete:forms"},{description:"Create Forms",value:"create:forms"},{description:"Read Flows",value:"read:flows"},{description:"Update Flows",value:"update:flows"},{description:"Delete Flows",value:"delete:flows"},{description:"Create Flows",value:"create:flows"},{description:"Read Flows Vault items",value:"read:flows_vault"},{description:"Read Flows Vault connections",value:"read:flows_vault_connections"},{description:"Update Flows Vault connections",value:"update:flows_vault_connections"},{description:"Delete Flows Vault connections",value:"delete:flows_vault_connections"},{description:"Create Flows Vault connections",value:"create:flows_vault_connections"},{description:"Read Flows Executions",value:"read:flows_executions"},{description:"Delete Flows Executions",value:"delete:flows_executions"},{description:"Read Connections Options",value:"read:connections_options"},{description:"Update Connections Options",value:"update:connections_options"},{description:"Read Self Service Profile Custom Texts",value:"read:self_service_profile_custom_texts"},{description:"Update Self Service Profile Custom Texts",value:"update:self_service_profile_custom_texts"},{description:"Create Network ACLs",value:"create:network_acls"},{description:"Update Network ACLs",value:"update:network_acls"},{description:"Read Network ACLs",value:"read:network_acls"},{description:"Delete Network ACLs",value:"delete:network_acls"},{description:"Delete Verifiable Digital Credential Templates",value:"delete:vdcs_templates"},{description:"Read Verifiable Digital Credential Templates",value:"read:vdcs_templates"},{description:"Create Verifiable Digital Credential Templates",value:"create:vdcs_templates"},{description:"Update Verifiable Digital Credential Templates",value:"update:vdcs_templates"},{description:"Create Customer Provided Public Signing Keys",value:"create:custom_signing_keys"},{description:"Read Customer Provided Public Signing Keys",value:"read:custom_signing_keys"},{description:"Update Customer Provided Public Signing Keys",value:"update:custom_signing_keys"},{description:"Delete Customer Provided Public Signing Keys",value:"delete:custom_signing_keys"},{description:"List Federated Connections Tokensets belonging to a user",value:"read:federated_connections_tokens"},{description:"Delete Federated Connections Tokensets belonging to a user",value:"delete:federated_connections_tokens"},{description:"Create User Attribute Profiles",value:"create:user_attribute_profiles"},{description:"Read User Attribute Profiles",value:"read:user_attribute_profiles"},{description:"Update User Attribute Profiles",value:"update:user_attribute_profiles"},{description:"Delete User Attribute Profiles",value:"delete:user_attribute_profiles"},{description:"Read event streams",value:"read:event_streams"},{description:"Create event streams",value:"create:event_streams"},{description:"Delete event streams",value:"delete:event_streams"},{description:"Update event streams",value:"update:event_streams"},{description:"Read event stream deliveries",value:"read:event_deliveries"},{description:"Redeliver event(s) to an event stream",value:"update:event_deliveries"},{description:"Create Connection Profiles",value:"create:connection_profiles"},{description:"Read Connection Profiles",value:"read:connection_profiles"},{description:"Update Connection Profiles",value:"update:connection_profiles"},{description:"Delete Connection Profiles",value:"delete:connection_profiles"},{description:"Read Organization Client Grants",value:"read:organization_client_grants"},{description:"Create Organization Client Grants",value:"create:organization_client_grants"},{description:"Delete Organization Client Grants",value:"delete:organization_client_grants"},{description:"Create Token Exchange Profile",value:"create:token_exchange_profiles"},{description:"Read Token Exchange Profiles",value:"read:token_exchange_profiles"},{description:"Update Token Exchange Profile",value:"update:token_exchange_profiles"},{description:"Delete Token Exchange Profile",value:"delete:token_exchange_profiles"},{description:"Read connection keys",value:"read:connections_keys"},{description:"Update connection keys",value:"update:connections_keys"},{description:"Create connection keys",value:"create:connections_keys"},{description:"Read Tenants",value:"read:tenants"},{description:"Create Tenants",value:"create:tenants"},{description:"Update Tenants",value:"update:tenants"},{description:"Delete Tenants",value:"delete:tenants"},{description:"Read access to authentication resources",value:"auth:read"},{description:"Write access to authentication resources",value:"auth:write"}];async function yde(e,t){const{adminUsername:n,adminPassword:i,tenantId:o="control_plane",tenantName:a="Control Plane",isControlPlane:s=!0,clientId:l="default",callbacks:c=["https://manage.authhero.net/auth-callback","https://local.authhero.net/auth-callback","https://localhost:5173/auth-callback","https://localhost:3000/auth-callback"],allowedLogoutUrls:d=["https://manage.authhero.net","https://local.authhero.net","https://localhost:5173","https://localhost:3000"],debug:u=!0}=t,p=t.audience||(s?"urn:authhero:management":`urn:authhero:tenant:${o}`);await e.tenants.get(o)?u&&console.log(`Tenant "${o}" already exists, skipping...`):(u&&console.log(`Creating tenant "${o}"...`),await e.tenants.create({id:o,friendly_name:a,audience:p,sender_email:"noreply@example.com",sender_name:"AuthHero"}),s&&await e.tenants.update(o,{allow_organization_name_in_authentication_api:!0,flags:{inherit_global_permissions_in_organizations:!0}}),u&&console.log("✅ Tenant created"));const{signingKeys:h}=await e.keys.list({q:"type:jwt_signing"});if(h.length===0){u&&console.log("Creating signing key...");const J=await cd({name:`CN=${o}`});await e.keys.create(J),u&&console.log("✅ Signing key created")}else u&&console.log("Signing key already exists, skipping...");const m=await e.users.list(o,{q:`username:${n}`});let g;if(m.users.length===0){u&&console.log(`Creating admin user "${n}"...`);const{hash:J,algorithm:he}=await fs(i);g=`${Oe}|${Uo()}`,await e.users.create(o,{user_id:g,username:n,email_verified:!1,connection:V.USERNAME_PASSWORD,provider:Oe,password:{hash:J,algorithm:he}}),u&&(console.log("✅ Admin user created"),console.log(` Username: ${n}`))}else g=m.users[0].user_id,u&&console.log(`Admin user "${n}" already exists, skipping...`);(await e.connections.list(o)).connections.some(J=>J.name===V.USERNAME_PASSWORD)?u&&console.log("Password connection already exists, skipping..."):(u&&console.log("Creating password connection..."),await e.connections.create(o,{name:V.USERNAME_PASSWORD,strategy:V.USERNAME_PASSWORD,options:{attributes:{username:{identifier:{active:!0}},email:{identifier:{active:!1}}}}}),u&&console.log("✅ Password connection created"));const _=await e.clients.get(o,l);let w;_?(w=_.client_secret||"",u&&console.log("Default client already exists, skipping...")):(u&&console.log("Creating default client..."),w=Be(),await e.clients.create(o,{client_id:l,client_secret:w,name:"Default Application",callbacks:c,allowed_logout_urls:d,connections:[V.USERNAME_PASSWORD],client_metadata:{universal_login_version:"2"}}),u&&(console.log("✅ Default client created"),console.log(` Client ID: ${l}`),console.log(` Callback URLs: ${c.join(", ")}`),console.log(` Allowed Logout URLs: ${d.join(", ")}`)));const k="urn:authhero:management";(await e.resourceServers.list(o,{})).resource_servers.some(J=>J.identifier===k)?u&&console.log("Management API resource server already exists, skipping..."):(u&&console.log("Creating Management API resource server..."),await e.resourceServers.create(o,{name:"Authhero Management API",identifier:k,allow_offline_access:!0,skip_consent_for_verifiable_first_party_clients:!1,token_lifetime:86400,token_lifetime_for_web:7200,signing_alg:"RS256",scopes:Wa,options:{enforce_policies:!0,token_dialect:"access_token_authz"}}),u&&(console.log("✅ Management API resource server created"),console.log(` Identifier: ${k}`),console.log(` Scopes: ${Wa.length} permissions`)));const{organizations:E}=await e.organizations.list(o,{q:`name:${o}`});let C=E[0];C?u&&console.log(`Organization "${o}" already exists, skipping...`):(u&&console.log(`Creating organization "${o}"...`),C=await e.organizations.create(o,{id:`org_${Be()}`,name:o,display_name:a}),u&&console.log("✅ Organization created"));const I="Tenant Admin";let z=(await e.roles.list(o,{})).roles.find(J=>J.name===I);if(z)u&&console.log(`Admin role "${I}" already exists, skipping...`);else{u&&console.log(`Creating admin role "${I}"...`),z=await e.roles.create(o,{name:I,description:"Full access to tenant management operations"});const J=Wa.map(he=>({role_id:z.id,resource_server_identifier:k,permission_name:he.value}));await e.rolePermissions.assign(o,z.id,J),u&&console.log(`✅ Admin role created with ${Wa.length} permissions`)}return(await e.userOrganizations.listUserOrganizations(o,g,{})).organizations.some(J=>J.id===C.id)?u&&console.log("Admin user already in organization, skipping..."):(u&&console.log(`Adding admin user to organization "${C.name}"...`),await e.userOrganizations.create(o,{user_id:g,organization_id:C.id}),u&&console.log("✅ Admin user added to organization")),(await e.userRoles.list(o,g,void 0,C.id)).some(J=>J.id===z.id)?u&&console.log("Admin user already has admin role, skipping..."):(u&&console.log(`Assigning admin role to user in organization "${C.name}"...`),await e.userRoles.create(o,g,z.id,C.id),u&&console.log("✅ Admin role assigned to user")),(await e.userRoles.list(o,g,void 0,"")).some(J=>J.id===z.id)?u&&console.log("Admin user already has global admin role, skipping..."):(u&&console.log("Assigning global admin role to user..."),await e.userRoles.create(o,g,z.id,""),u&&console.log("✅ Global admin role assigned to user")),u&&console.log(`
|
|
548
|
-
🎉 Seeding complete!`),{tenantId:o,userId:g,username:n,clientId:l,clientSecret:w}}async function _de(e,t,n={}){const{cursorField:i="id",sortOrder:o="asc",pageSize:a=100,maxItems:s=1e4,q:l}=n,c=[];let d,u=!0;for(;u;){let p=l||"";if(d){const A=`${i}:${o==="asc"?">":"<"}${d}`;p=p?`(${p}) AND ${A}`:A}const f={per_page:a,page:0,sort:{sort_by:i,sort_order:o},...p&&{q:p}},m=(await e(f))[t]||[];if(m.length===0)u=!1;else{c.push(...m);const g=m[m.length-1];if(g&&typeof g=="object"){const A=g[i];A!=null&&(d=String(A))}m.length<a&&(u=!1),s!==-1&&c.length>=s&&(console.warn(`fetchAll: Reached maxItems limit (${s}). There may be more items.`),u=!1)}}return c}R.init({supportedLngs:["en","it","nb","sv","pl","cs","fi","da"],fallbackLng:"en",resources:{en:{translation:KM},it:{translation:nV},nb:{translation:pG},sv:{translation:AY},pl:{translation:Nee},cs:{translation:Fie},fi:{translation:Qae},da:{translation:lde}}});function bde(e){const t=new r.OpenAPIHono;t.onError((l,c)=>l instanceof T?l.getResponse():(console.error(l),c.json({message:"Internal Server Error"},500))),t.use("*",async(l,c)=>{e.hooks&&(l.env.hooks={...e.hooks,...l.env.hooks||{}}),e.samlSigner&&(l.env.samlSigner=e.samlSigner),e.poweredByLogo&&(l.env.poweredByLogo=e.poweredByLogo),e.webhookInvoker&&(l.env.webhookInvoker=e.webhookInvoker),await c()}),t.get("/",l=>l.json({name:"authhero"}))
|
|
548
|
+
🎉 Seeding complete!`),{tenantId:o,userId:g,username:n,clientId:l,clientSecret:w}}async function _de(e,t,n={}){const{cursorField:i="id",sortOrder:o="asc",pageSize:a=100,maxItems:s=1e4,q:l}=n,c=[];let d,u=!0;for(;u;){let p=l||"";if(d){const A=`${i}:${o==="asc"?">":"<"}${d}`;p=p?`(${p}) AND ${A}`:A}const f={per_page:a,page:0,sort:{sort_by:i,sort_order:o},...p&&{q:p}},m=(await e(f))[t]||[];if(m.length===0)u=!1;else{c.push(...m);const g=m[m.length-1];if(g&&typeof g=="object"){const A=g[i];A!=null&&(d=String(A))}m.length<a&&(u=!1),s!==-1&&c.length>=s&&(console.warn(`fetchAll: Reached maxItems limit (${s}). There may be more items.`),u=!1)}}return c}R.init({supportedLngs:["en","it","nb","sv","pl","cs","fi","da"],fallbackLng:"en",resources:{en:{translation:KM},it:{translation:nV},nb:{translation:pG},sv:{translation:AY},pl:{translation:Nee},cs:{translation:Fie},fi:{translation:Qae},da:{translation:lde}}});function bde(e){const t=new r.OpenAPIHono;t.onError((l,c)=>l instanceof T?l.getResponse():(console.error(l),c.json({message:"Internal Server Error"},500))),t.use("*",async(l,c)=>{e.hooks&&(l.env.hooks={...e.hooks,...l.env.hooks||{}}),e.samlSigner&&(l.env.samlSigner=e.samlSigner),e.poweredByLogo&&(l.env.poweredByLogo=e.poweredByLogo),e.webhookInvoker&&(l.env.webhookInvoker=e.webhookInvoker),await c()}),t.get("/",l=>l.json({name:"authhero"})),t.get("/robots.txt",l=>l.text(`User-agent: *
|
|
549
|
+
Disallow: /`,200,{"content-type":"text/plain; charset=utf-8"}));const n=lN(e);t.route("/api/v2",n);const i=gR(e);t.route("/u",i);const o=cB(e);t.route("/u2",o);const a=jD(e);t.route("/samlp",a);const s=ij(e);return t.route("/",s),{app:t,managementApp:n,oauthApp:s,samlApp:a,universalApp:i,u2App:o,createX509Certificate:cd}}exports.AppLogo=c0;exports.Auth0ActionEnum=s6;exports.Auth0Client=Dw;exports.AuthLayout=dde;exports.AuthorizationResponseMode=vn;exports.AuthorizationResponseType=lt;exports.Button=Ke;exports.ButtonUI=$S;exports.CardContent=xS;exports.CardDescription=kS;exports.CardFooter=ude;exports.CardHeader=wS;exports.CardTitle=AS;exports.CardUI=vS;exports.CheckEmailPage=bx;exports.CodeChallengeMethod=Nd;exports.ComponentCategory=Tm;exports.ComponentType=Cm;exports.EmailActionEnum=l6;exports.EmailValidatedPage=Ax;exports.EnterCodePage=vm;exports.EnterPasswordPage=lc;exports.ErrorMessage=nn;exports.FORM_FIELD_TYPES=Om;exports.FlowActionTypeEnum=a6;exports.Footer=ox;exports.ForgotPasswordPage=yx;exports.ForgotPasswordSentPage=_x;exports.FormComponent=zn;exports.GoBack=Xt;exports.GoogleLogo=fde;exports.GrantType=hn;exports.HttpSamlSigner=t4;exports.Icon=Ye;exports.IdentifierForm=pde;exports.IdentifierPage=Ha;exports.InputUI=SS;exports.InvalidSession=wx;exports.LabelUI=ES;exports.Layout=We;exports.LocationInfo=Lw;exports.LogTypes=oe;exports.LoginSessionState=Pe;exports.MANAGEMENT_API_AUDIENCE=OC;exports.MANAGEMENT_API_SCOPES=Wa;exports.Message=en;exports.NodeType=uw;exports.PreSignUpConfirmationPage=kx;exports.PreSignUpPage=vx;exports.RedirectTargetEnum=ew;exports.ResetPasswordPage=ur;exports.SignUpPage=to;exports.SocialButton=sx;exports.Spinner=ax;exports.Strategy=V;exports.StrategyType=Zt;exports.Trans=Yr;exports.USERNAME_PASSWORD_PROVIDER=Oe;exports.UnverifiedEmailPage=gx;exports.UserNotFoundPage=hde;exports.VippsLogo=mde;exports.actionNodeSchema=hw;exports.activeUsersResponseSchema=y$;exports.addEntityHooks=I4;exports.addressSchema=ow;exports.auth0FlowInsertSchema=h6;exports.auth0FlowSchema=bw;exports.auth0QuerySchema=c6;exports.auth0UpdateUserActionSchema=Q1;exports.auth0UserResponseSchema=On;exports.authParamsSchema=ls;exports.baseUserSchema=Td;exports.blockComponentSchema=xw;exports.bordersSchema=Hw;exports.brandingSchema=Gl;exports.buttonComponentSchema=aw;exports.cleanupUserSessions=gde;exports.clientGrantInsertSchema=_c;exports.clientGrantListSchema=f6;exports.clientGrantSchema=so;exports.clientInfoMiddleware=fa;exports.clientInsertSchema=yc;exports.clientSchema=ao;exports.codeInsertSchema=ww;exports.codeSchema=m6;exports.codeTypeSchema=vw;exports.colorsSchema=Vw;exports.componentMessageSchema=zw;exports.componentSchema=dw;exports.connectionInsertSchema=bc;exports.connectionOptionsSchema=Aw;exports.connectionSchema=Ai;exports.coordinatesSchema=Do;exports.createAuthMiddleware=Tu;exports.createInMemoryCache=ha;exports.createPassthroughAdapter=A$;exports.createWriteOnlyAdapter=k$;exports.customDomainInsertSchema=Im;exports.customDomainSchema=vi;exports.customDomainWithTenantIdSchema=g6;exports.customTextEntrySchema=_$;exports.customTextSchema=gr;exports.dailyStatsSchema=u2;exports.emailProviderSchema=Zl;exports.emailVerificationRulesSchema=Y1;exports.emailVerifyActionSchema=X1;exports.endingSchema=_w;exports.fetchAll=_de;exports.fieldComponentSchema=$w;exports.flowActionStepSchema=nw;exports.flowInsertSchema=hc;exports.flowSchema=pr;exports.flowsFieldComponentSchema=lw;exports.flowsFlowNodeSchema=fw;exports.flowsStepNodeSchema=pw;exports.fontDetailsSchema=eo;exports.fontsSchema=Kw;exports.formControlSchema=V6;exports.formInsertSchema=vc;exports.formNodeComponentDefinition=jm;exports.formNodeSchema=Ew;exports.formSchema=fr;exports.genericComponentSchema=cw;exports.genericNodeSchema=mw;exports.getConnectionIdentifierConfig=Lo;exports.hookInsertSchema=xf;exports.hookSchema=hr;exports.hookTemplateId=Rm;exports.hookTemplates=X6;exports.identitySchema=mc;exports.init=bde;exports.injectTailwindCSS=bO;exports.inviteInsertSchema=Bm;exports.inviteSchema=Za;exports.inviteeSchema=jw;exports.inviterSchema=Pw;exports.isBlockComponent=Z6;exports.isFieldComponent=Q6;exports.isWidgetComponent=Y6;exports.jwksKeySchema=Ow;exports.jwksSchema=Dm;exports.legalComponentSchema=sw;exports.logInsertSchema=Uw;exports.logSchema=wc;exports.loginSessionInsertSchema=Bw;exports.loginSessionSchema=a$;exports.loginSessionStateSchema=Rw;exports.mfaEnrollmentInsertSchema=b$;exports.mfaEnrollmentSchema=v$;exports.mfaEnrollmentTypeSchema=p2;exports.nodeSchema=gw;exports.openIDConfigurationSchema=Sf;exports.organizationBrandingSchema=s2;exports.organizationEnabledConnectionSchema=l2;exports.organizationInsertSchema=$c;exports.organizationSchema=ki;exports.organizationTokenQuotaSchema=c2;exports.pageBackgroundSchema=Ww;exports.parseUserId=w$;exports.passwordInsertSchema=Mw;exports.passwordSchema=l$;exports.preDefinedHooks=RT;exports.profileDataSchema=iw;exports.promptScreenSchema=mr;exports.promptSettingSchema=ho;exports.redirectActionSchema=tw;exports.refreshTokenInsertSchema=Mm;exports.refreshTokenSchema=c$;exports.resourceServerInsertSchema=kc;exports.resourceServerListSchema=p$;exports.resourceServerOptionsSchema=Yw;exports.resourceServerSchema=lo;exports.resourceServerScopeSchema=Zw;exports.richTextComponentSchema=rw;exports.roleInsertSchema=xc;exports.roleListSchema=Sc;exports.rolePermissionInsertSchema=Qw;exports.rolePermissionListSchema=e2;exports.rolePermissionSchema=Xw;exports.roleSchema=co;exports.screenLinkSchema=Cw;exports.seed=yde;exports.sessionInsertSchema=qw;exports.sessionSchema=Pd;exports.signingKeySchema=$f;exports.smsProviderSchema=u$;exports.smsSendParamsSchema=d$;exports.startSchema=yw;exports.tailwindCss=p0;exports.tenantInsertSchema=Lm;exports.tenantMiddleware=pa;exports.tenantSchema=Ac;exports.tenantSettingsSchema=g$;exports.themeInsertSchema=Jw;exports.themeSchema=Jl;exports.tokenResponseSchema=Um;exports.totalsSchema=Bt;exports.uiScreenSchema=J6;exports.userInsertSchema=gc;exports.userOrganizationInsertSchema=d2;exports.userOrganizationSchema=m$;exports.userPermissionInsertSchema=t2;exports.userPermissionListSchema=f$;exports.userPermissionSchema=n2;exports.userPermissionWithDetailsListSchema=o2;exports.userPermissionWithDetailsSchema=i2;exports.userResponseSchema=d6;exports.userRoleInsertSchema=r2;exports.userRoleListSchema=h$;exports.userRoleSchema=a2;exports.userSchema=zm;exports.verificationMethodsSchema=kw;exports.waitUntil=_2;exports.widgetComponentSchema=Sw;exports.widgetSchema=Gw;
|
package/dist/authhero.mjs
CHANGED
|
@@ -35641,7 +35641,7 @@ function Lb(e, t = "light") {
|
|
|
35641
35641
|
const n = pm(e, "#ffffff"), i = pm(e, "#000000"), r = 1.35;
|
|
35642
35642
|
return t === "light" ? i > n * r ? "#000000" : "#ffffff" : i * r > n ? "#000000" : "#ffffff";
|
|
35643
35643
|
}
|
|
35644
|
-
const qo = "
|
|
35644
|
+
const qo = "mn3ck6ys", vj = (e, t) => {
|
|
35645
35645
|
const n = e?.colors?.primary_button || t?.colors?.primary || "#000000", i = e?.colors?.base_hover_color || bj(n, 0.2), r = e?.colors?.primary_button_label, o = r && pm(r, n) >= 4.5, s = o ? r : Lb(n, "light"), l = o ? r : Lb(n, "dark"), c = s !== l ? `
|
|
35646
35646
|
@media (prefers-color-scheme: dark) {
|
|
35647
35647
|
body { --text-on-primary: ${l}; }
|
|
@@ -57183,6 +57183,9 @@ function bpe(e) {
|
|
|
57183
57183
|
}), e.samlSigner && (l.env.samlSigner = e.samlSigner), e.poweredByLogo && (l.env.poweredByLogo = e.poweredByLogo), e.webhookInvoker && (l.env.webhookInvoker = e.webhookInvoker), await c();
|
|
57184
57184
|
}), t.get("/", (l) => l.json({
|
|
57185
57185
|
name: "authhero"
|
|
57186
|
+
})), t.get("/robots.txt", (l) => l.text(`User-agent: *
|
|
57187
|
+
Disallow: /`, 200, {
|
|
57188
|
+
"content-type": "text/plain; charset=utf-8"
|
|
57186
57189
|
}));
|
|
57187
57190
|
const n = iN(e);
|
|
57188
57191
|
t.route("/api/v2", n);
|