better-auth 0.0.4 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.js +805 -2
- package/dist/cli.js.map +1 -1
- package/dist/client.js +1 -4
- package/dist/client.js.map +1 -1
- package/dist/index.js +806 -6
- package/dist/index.js.map +1 -1
- package/dist/plugins.js +1 -4
- package/dist/plugins.js.map +1 -1
- package/dist/preact.js +1 -4
- package/dist/preact.js.map +1 -1
- package/dist/react.js +1 -4
- package/dist/react.js.map +1 -1
- package/dist/social.js +1 -4
- package/dist/social.js.map +1 -1
- package/dist/solid.js +1 -4
- package/dist/solid.js.map +1 -1
- package/dist/svelte.js +1 -4
- package/dist/svelte.js.map +1 -1
- package/dist/vue.js +1 -4
- package/dist/vue.js.map +1 -1
- package/package.json +1 -1
package/dist/plugins.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/plugins/organization/organization.ts","../src/api/call.ts","../src/api/routes/sign-in.ts","../src/social-providers/apple.ts","../src/error/better-auth-error.ts","../src/utils/base-url.ts","../src/social-providers/utils.ts","../src/social-providers/discord.ts","../src/social-providers/facebook.ts","../src/social-providers/github.ts","../src/social-providers/google.ts","../src/social-providers/spotify.ts","../src/social-providers/twitch.ts","../src/social-providers/twitter.ts","../src/types/provider.ts","../src/social-providers/index.ts","../src/utils/state.ts","../src/api/routes/session.ts","../src/api/routes/callback.ts","../src/adapters/schema.ts","../src/client/client-utils.ts","../src/utils/id.ts","../src/api/routes/sign-out.ts","../src/api/routes/forget-password.ts","../src/api/routes/verify-email.ts","../src/utils/shim.ts","../src/plugins/organization/access/index.ts","../src/plugins/organization/access/src/access.ts","../src/plugins/organization/access/statement.ts","../src/plugins/organization/access/utils.ts","../src/utils/date.ts","../src/plugins/organization/adapter.ts","../src/plugins/organization/call.ts","../src/api/middlewares/session.ts","../src/plugins/organization/routes/crud-invites.ts","../src/plugins/organization/schema.ts","../src/plugins/organization/routes/crud-members.ts","../src/plugins/organization/routes/crud-org.ts","../src/plugins/two-factor/index.ts","../src/crypto/index.ts","../src/plugins/two-factor/backup-codes/index.ts","../src/plugins/two-factor/verify-middleware.ts","../src/plugins/two-factor/constant.ts","../src/plugins/two-factor/otp/index.ts","../src/plugins/two-factor/totp/index.ts","../src/client/create-client-plugin.ts","../src/plugins/two-factor/client.ts","../src/plugins/passkey/index.ts","../src/plugins/passkey/client.ts","../src/plugins/username/index.ts","../src/api/routes/sign-up.ts","../src/plugins/bearer/index.ts"],"sourcesContent":["import { APIError } from \"better-call\";\nimport {\n\ttype ZodArray,\n\ttype ZodLiteral,\n\ttype ZodObject,\n\ttype ZodOptional,\n\tz,\n} from \"zod\";\nimport type { User } from \"../../adapters/schema\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport { getSessionFromCtx } from \"../../api/routes\";\nimport type { AuthContext } from \"../../init\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { shimContext } from \"../../utils/shim\";\nimport {\n\ttype AccessControl,\n\ttype Role,\n\tdefaultRoles,\n\ttype defaultStatements,\n} from \"./access\";\nimport { getOrgAdapter } from \"./adapter\";\nimport { orgSessionMiddleware } from \"./call\";\nimport {\n\tacceptInvitation,\n\tcancelInvitation,\n\tcreateInvitation,\n\tgetActiveInvitation,\n\trejectInvitation,\n} from \"./routes/crud-invites\";\nimport { removeMember, updateMember } from \"./routes/crud-members\";\nimport {\n\tcreateOrganization,\n\tgetFullOrganization,\n\tlistOrganization,\n\tsetActiveOrganization,\n\tupdateOrganization,\n} from \"./routes/crud-org\";\nimport type { Invitation } from \"./schema\";\n\nexport interface OrganizationOptions {\n\t/**\n\t * Configure whether new users are able to create new organizations.\n\t * You can also pass a function that returns a boolean.\n\t *\n\t * \t@example\n\t * ```ts\n\t * allowUserToCreateOrganization: async (user) => {\n\t * \t\tconst plan = await getUserPlan(user);\n\t * return plan.name === \"pro\";\n\t * }\n\t * ```\n\t * @default true\n\t */\n\tallowUserToCreateOrganization?:\n\t\t| boolean\n\t\t| ((user: User) => Promise<boolean> | boolean);\n\t/**\n\t *\n\t */\n\torganizationLimit?: number;\n\t/**\n\t * The role that is assigned to the creator of the organization.\n\t *\n\t * @default \"admin\"\n\t */\n\tcreatorRole?: \"admin\" | \"owner\";\n\t/**\n\t * The number of memberships a user can have in an organization.\n\t *\n\t * @default \"unlimited\"\n\t */\n\tmembershipLimit?: number;\n\t/**\n\t * Configure the roles and permissions for the organization plugin.\n\t *\n\t */\n\tac?: AccessControl;\n\t/**\n\t *\n\t */\n\troles?: {\n\t\t[key in \"admin\" | \"member\" | \"owner\"]?: Role<any>;\n\t};\n\t/**\n\t * The expiration time for the invitation link.\n\t *\n\t * @default 48 hours\n\t */\n\tinvitationExpiresIn?: number;\n\t/**\n\t * @param invitation the invitation object\n\t * @param email the email of the user to be invited\n\t *\n\t * Make sure to construct the invitation link using the invitation id.\n\t * @example\n\t * ```ts\n\t * const invitationLink = `${ctx.origin}/organization/accept-invitation?invitationId=$\n\t * {invitation.id}`\n\t *\n\t * ```\n\t */\n\tsendInvitationEmail?: (\n\t\tinvitation: Invitation,\n\t\temail: string,\n\t) => Promise<void>;\n}\n\nexport const organization = <O extends OrganizationOptions>(options?: O) => {\n\tconst endpoints = {\n\t\tcreateOrganization,\n\t\tupdateOrganization,\n\t\tsetActiveOrganization,\n\t\tgetFullOrganization,\n\t\tlistOrganization,\n\t\tcreateInvitation,\n\t\tcancelInvitation,\n\t\tacceptInvitation,\n\t\tgetActiveInvitation,\n\t\trejectInvitation,\n\t\tremoveMember,\n\t\tupdateMember,\n\t};\n\n\tconst roles = {\n\t\t...defaultRoles,\n\t\t...options?.roles,\n\t};\n\n\tconst api = shimContext(endpoints, {\n\t\torgOptions: options || {},\n\t\troles,\n\t\tgetSession: async (context: AuthContext) => {\n\t\t\t//@ts-expect-error\n\t\t\treturn await getSessionFromCtx(context);\n\t\t},\n\t});\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements = O[\"ac\"] extends AccessControl<infer S>\n\t\t? S extends Record<string, any>\n\t\t\t? S & DefaultStatements\n\t\t\t: DefaultStatements\n\t\t: DefaultStatements;\n\treturn {\n\t\tid: \"organization\",\n\t\tendpoints: {\n\t\t\t...api,\n\t\t\thasPermission: createAuthEndpoint(\n\t\t\t\t\"/organization/has-permission\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\trequireHeaders: true,\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\t\t}) as unknown as ZodObject<{\n\t\t\t\t\t\tpermission: ZodObject<{\n\t\t\t\t\t\t\t[key in keyof Statements]: ZodOptional<\n\t\t\t\t\t\t\t\t//@ts-expect-error TODO: fix this\n\t\t\t\t\t\t\t\tZodArray<ZodLiteral<Statements[key][number]>>\n\t\t\t\t\t\t\t>;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t}>,\n\t\t\t\t\tuse: [orgSessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tif (!ctx.context.session.session.activeOrganizationId) {\n\t\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\t\tmessage: \"No active organization\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst adapter = getOrgAdapter(ctx.context.adapter);\n\t\t\t\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\torganizationId:\n\t\t\t\t\t\t\tctx.context.session.session.activeOrganizationId || \"\",\n\t\t\t\t\t});\n\t\t\t\t\tif (!member) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"You are not a member of this organization\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst role = roles[member.role];\n\t\t\t\t\tconst result = role.authorize(ctx.body.permission as any);\n\t\t\t\t\tif (result.error) {\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\terror: result.error,\n\t\t\t\t\t\t\t\tsuccess: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 403,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\terror: null,\n\t\t\t\t\t\tsuccess: true,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\tschema: {\n\t\t\tsession: {\n\t\t\t\tfields: {\n\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tfields: {\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tslug: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tmember: {\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdefaultValue: \"member\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tinvitation: {\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\tstatus: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdefaultValue: \"pending\",\n\t\t\t\t\t},\n\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tinviterId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n","import {\n\ttype Endpoint,\n\ttype EndpointResponse,\n\tcreateEndpointCreator,\n\tcreateMiddleware,\n\tcreateMiddlewareCreator,\n} from \"better-call\";\nimport type { AuthContext } from \"../init\";\nimport type { BetterAuthOptions } from \"../types/options\";\n\nexport const optionsMiddleware = createMiddleware(async () => {\n\t/**\n\t * This will be passed on the instance of\n\t * the context. Used to infer the type\n\t * here.\n\t */\n\treturn {} as AuthContext;\n});\n\nexport const createAuthMiddleware = createMiddlewareCreator({\n\tuse: [optionsMiddleware],\n});\n\nexport const createAuthEndpoint = createEndpointCreator({\n\tuse: [optionsMiddleware],\n});\n\nexport type AuthEndpoint = Endpoint<\n\t(ctx: {\n\t\toptions: BetterAuthOptions;\n\t\tbody: any;\n\t\tquery: any;\n\t\theaders: Headers;\n\t}) => Promise<EndpointResponse>\n>;\n\nexport type AuthMiddleware = ReturnType<typeof createAuthMiddleware>;\n","import { APIError } from \"better-call\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { oAuthProviderList } from \"../../social-providers\";\nimport { generateState } from \"../../utils/state\";\nimport { createAuthEndpoint } from \"../call\";\nimport { getSessionFromCtx } from \"./session\";\n\nexport const signInOAuth = createAuthEndpoint(\n\t\"/sign-in/social\",\n\t{\n\t\tmethod: \"POST\",\n\t\trequireHeaders: true,\n\t\tquery: z\n\t\t\t.object({\n\t\t\t\t/**\n\t\t\t\t * Redirect to the current URL after the\n\t\t\t\t * user has signed in.\n\t\t\t\t */\n\t\t\t\tcurrentURL: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * Callback URL to redirect to after the user has signed in.\n\t\t\t */\n\t\t\tcallbackURL: z.string().optional(),\n\t\t\t/**\n\t\t\t * OAuth2 provider to use`\n\t\t\t */\n\t\t\tprovider: z.enum(oAuthProviderList),\n\t\t}),\n\t},\n\tasync (c) => {\n\t\tconst provider = c.context.options.socialProvider?.find(\n\t\t\t(p) => p.id === c.body.provider,\n\t\t);\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Provider not found. Make sure to add the provider to your auth config\",\n\t\t\t\t{\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t},\n\t\t\t);\n\t\t\tthrow new APIError(\"NOT_FOUND\");\n\t\t}\n\t\tconst cookie = c.context.authCookies;\n\t\tconst currentURL = c.query?.currentURL\n\t\t\t? new URL(c.query?.currentURL)\n\t\t\t: null;\n\t\tconst state = generateState(\n\t\t\tc.body.callbackURL || currentURL?.origin || c.context.baseURL,\n\t\t\tc.query?.currentURL,\n\t\t);\n\t\ttry {\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tcookie.state.name,\n\t\t\t\tstate.code,\n\t\t\t\tc.context.secret,\n\t\t\t\tcookie.state.options,\n\t\t\t);\n\t\t\tconst codeVerifier = generateCodeVerifier();\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tcookie.pkCodeVerifier.name,\n\t\t\t\tcodeVerifier,\n\t\t\t\tc.context.secret,\n\t\t\t\tcookie.pkCodeVerifier.options,\n\t\t\t);\n\t\t\tconst url = provider.createAuthorizationURL({\n\t\t\t\tstate: state.state,\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t\treturn {\n\t\t\t\turl: url.toString(),\n\t\t\t\tstate: state.state,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirect: true,\n\t\t\t};\n\t\t} catch (e) {\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\");\n\t\t}\n\t},\n);\n\nexport const signInEmail = createAuthEndpoint(\n\t\"/sign-in/email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\temail: z.string().email(),\n\t\t\tpassword: z.string(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t\t/**\n\t\t\t * If this is true the session will only be valid for the current browser session\n\t\t\t * @default false\n\t\t\t */\n\t\t\tdontRememberMe: z.boolean().default(false).optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options?.emailAndPassword?.enabled) {\n\t\t\tctx.context.logger.error(\"Email and password is not enabled\");\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t});\n\t\t}\n\t\tconst currentSession = await getSessionFromCtx(ctx);\n\t\tif (currentSession) {\n\t\t\treturn ctx.json({\n\t\t\t\tuser: currentSession.user,\n\t\t\t\tsession: currentSession.session,\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t});\n\t\t}\n\t\tconst { email, password } = ctx.body;\n\t\tconst argon2id = new Argon2id();\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\tif (!user) {\n\t\t\tawait argon2id.hash(password);\n\t\t\tctx.context.logger.error(\"User not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst credentialAccount = user.accounts.find(\n\t\t\t(a) => a.providerId === \"credential\",\n\t\t);\n\t\tif (!credentialAccount) {\n\t\t\tctx.context.logger.error(\"Credential account not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst currentPassword = credentialAccount?.password;\n\t\tif (!currentPassword) {\n\t\t\tctx.context.logger.error(\"Password not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Unexpected error\",\n\t\t\t});\n\t\t}\n\t\tconst validPassword = await argon2id.verify(currentPassword, password);\n\t\tif (!validPassword) {\n\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\tuser.user.id,\n\t\t\tctx.request,\n\t\t);\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tsession.id,\n\t\t\tctx.context.secret,\n\t\t\tctx.body.dontRememberMe\n\t\t\t\t? {\n\t\t\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\tmaxAge: undefined,\n\t\t\t\t\t}\n\t\t\t\t: ctx.context.authCookies.sessionToken.options,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tuser: user.user,\n\t\t\tsession,\n\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\turl: ctx.body.callbackURL,\n\t\t});\n\t},\n);\n","import { OAuth2Tokens } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\nimport { getRedirectURI } from \"./utils\";\nexport interface AppleProfile {\n\t/**\n\t * The subject registered claim identifies the principal that’s the subject\n\t * of the identity token. Because this token is for your app, the value is\n\t * the unique identifier for the user.\n\t */\n\tsub: string;\n\t/**\n\t * A String value representing the user's email address.\n\t * The email address is either the user's real email address or the proxy\n\t * address, depending on their status private email relay service.\n\t */\n\temail: string;\n\t/**\n\t * A string or Boolean value that indicates whether the service verifies\n\t * the email. The value can either be a string (\"true\" or \"false\") or a\n\t * Boolean (true or false). The system may not verify email addresses for\n\t * Sign in with Apple at Work & School users, and this claim is \"false\" or\n\t * false for those users.\n\t */\n\temail_verified: true | \"true\";\n\t/**\n\t * A string or Boolean value that indicates whether the email that the user\n\t * shares is the proxy address. The value can either be a string (\"true\" or\n\t * \"false\") or a Boolean (true or false).\n\t */\n\tis_private_email: boolean;\n\t/**\n\t * An Integer value that indicates whether the user appears to be a real\n\t * person. Use the value of this claim to mitigate fraud. The possible\n\t * values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). For\n\t * more information, see ASUserDetectionStatus. This claim is present only\n\t * in iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14\n\t * and later. The claim isn’t present or supported for web-based apps.\n\t */\n\treal_user_status: number;\n\t/**\n\t * The user’s full name in the format provided during the authorization\n\t * process.\n\t */\n\tname: string;\n}\n\nexport interface AppleOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const apple = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: AppleOptions) => {\n\tconst tokenEndpoint = \"https://appleid.apple.com/auth/token\";\n\tredirectURI = getRedirectURI(\"apple\", redirectURI);\n\treturn {\n\t\tid: \"apple\",\n\t\tname: \"Apple\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scope = scopes || [\"email\", \"name\", \"openid\"];\n\t\t\treturn new URL(\n\t\t\t\t`https://appleid.apple.com/auth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectURI}&scope=${_scope.join(\n\t\t\t\t\t\" \",\n\t\t\t\t)}&state=${state}`,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code) => {\n\t\t\tconst data = await betterFetch<OAuth2Tokens>(tokenEndpoint, {\n\t\t\t\tmethod: \"POST\",\n\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\tclient_id: clientId,\n\t\t\t\t\tclient_secret: clientSecret,\n\t\t\t\t\tgrant_type: \"authorization_code\",\n\t\t\t\t\tcode,\n\t\t\t\t}),\n\t\t\t\theaders: {\n\t\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (data.error) {\n\t\t\t\tthrow new BetterAuthError(data.error?.message || \"\");\n\t\t\t}\n\t\t\treturn data.data;\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tconst data = parseJWT(token.idToken())?.payload as AppleProfile | null;\n\t\t\tif (!data) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: data.sub,\n\t\t\t\t\tname: data.name,\n\t\t\t\t\temail: data.email,\n\t\t\t\t\temailVerified: data.email_verified === \"true\",\n\t\t\t\t},\n\t\t\t\tdata,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<AppleProfile>;\n};\n","export class BetterAuthError extends Error {\n\tconstructor(message: string) {\n\t\tsuper(message);\n\t}\n}\n","import { BetterAuthError } from \"../error/better-auth-error\";\n\nfunction checkHasPath(url: string): boolean {\n\ttry {\n\t\tconst parsedUrl = new URL(url);\n\t\treturn parsedUrl.pathname !== \"/\";\n\t} catch (error) {\n\t\tconsole.error(\"Invalid URL:\", error);\n\t\treturn false;\n\t}\n}\n\nfunction withPath(url: string, path = \"/api/auth\") {\n\tconst hasPath = checkHasPath(url);\n\tif (hasPath) {\n\t\treturn {\n\t\t\tbaseURL: new URL(url).origin,\n\t\t\twithPath: url,\n\t\t};\n\t}\n\tpath = path.startsWith(\"/\") ? path : `/${path}`;\n\treturn {\n\t\tbaseURL: url,\n\t\twithPath: `${url}${path}`,\n\t};\n}\n\nexport function getBaseURL(url?: string, path?: string) {\n\tif (url) {\n\t\treturn withPath(url, path);\n\t}\n\t//@ts-ignore\n\tconst env: any =\n\t\ttypeof process !== \"undefined\"\n\t\t\t? process.env\n\t\t\t: typeof import.meta !== \"undefined\"\n\t\t\t\t? //@ts-ignore\n\t\t\t\t\timport.meta.env\n\t\t\t\t: {};\n\tconst fromEnv =\n\t\tenv.BETTER_AUTH_URL ||\n\t\tenv.AUTH_URL ||\n\t\tenv.NEXT_PUBLIC_AUTH_URL ||\n\t\tenv.NEXT_PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.PUBLIC_AUTH_URL ||\n\t\tenv.PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.NUXT_PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.NUXT_PUBLIC_AUTH_URL;\n\tif (fromEnv) {\n\t\treturn withPath(fromEnv, path);\n\t}\n\n\tconst isDev =\n\t\t!fromEnv && (env.NODE_ENV === \"development\" || env.NODE_ENV === \"test\");\n\tif (isDev) {\n\t\treturn {\n\t\t\tbaseURL: \"http://localhost:3000\",\n\t\t\twithPath: \"http://localhost:3000/api/auth\",\n\t\t};\n\t}\n\tthrow new BetterAuthError(\n\t\t\"Could not infer baseURL from environment variables\",\n\t);\n}\n","import { getBaseURL } from \"../utils/base-url\";\n\nexport function getRedirectURI(providerId: string, redirectURI?: string) {\n\treturn redirectURI || `${getBaseURL()}/api/auth/callback/${providerId}`;\n}\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Discord } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface DiscordProfile extends Record<string, any> {\n\t/** the user's id (i.e. the numerical snowflake) */\n\tid: string;\n\t/** the user's username, not unique across the platform */\n\tusername: string;\n\t/** the user's Discord-tag */\n\tdiscriminator: string;\n\t/** the user's display name, if it is set */\n\tglobal_name: string | null;\n\t/**\n\t * the user's avatar hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tavatar: string | null;\n\t/** whether the user belongs to an OAuth2 application */\n\tbot?: boolean;\n\t/**\n\t * whether the user is an Official Discord System user (part of the urgent\n\t * message system)\n\t */\n\tsystem?: boolean;\n\t/** whether the user has two factor enabled on their account */\n\tmfa_enabled: boolean;\n\t/**\n\t * the user's banner hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tbanner: string | null;\n\n\t/** the user's banner color encoded as an integer representation of hexadecimal color code */\n\taccent_color: number | null;\n\n\t/**\n\t * the user's chosen language option:\n\t * https://discord.com/developers/docs/reference#locales\n\t */\n\tlocale: string;\n\t/** whether the email on this account has been verified */\n\tverified: boolean;\n\t/** the user's email */\n\temail: string;\n\t/**\n\t * the flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tflags: number;\n\t/**\n\t * the type of Nitro subscription on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-premium-types\n\t */\n\tpremium_type: number;\n\t/**\n\t * the public flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tpublic_flags: number;\n\t/** undocumented field; corresponds to the user's custom nickname */\n\tdisplay_name: string | null;\n\t/**\n\t * undocumented field; corresponds to the Discord feature where you can e.g.\n\t * put your avatar inside of an ice cube\n\t */\n\tavatar_decoration: string | null;\n\t/**\n\t * undocumented field; corresponds to the premium feature where you can\n\t * select a custom banner color\n\t */\n\tbanner_color: string | null;\n\t/** undocumented field; the CDN URL of their profile picture */\n\timage_url: string;\n}\n\nexport interface DiscordOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const discord = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: DiscordOptions) => {\n\tconst discordArctic = new Discord(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"discord\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"discord\",\n\t\tname: \"Discord\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scope = scopes || [\"email\"];\n\t\t\treturn discordArctic.createAuthorizationURL(state, _scope);\n\t\t},\n\t\tvalidateAuthorizationCode: discordArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<DiscordProfile>(\n\t\t\t\t\"https://discord.com/api/users/@me\",\n\t\t\t\t{\n\t\t\t\t\tauth: {\n\t\t\t\t\t\ttype: \"Bearer\",\n\t\t\t\t\t\ttoken: token.accessToken,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name || profile.username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.verified,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<DiscordProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Facebook } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface FacebookProfile {\n\tid: string;\n\tname: string;\n\temail: string;\n\temail_verified: boolean;\n\tpicture: {\n\t\tdata: {\n\t\t\theight: number;\n\t\t\tis_silhouette: boolean;\n\t\t\turl: string;\n\t\t\twidth: number;\n\t\t};\n\t};\n}\nexport interface FacebookOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\nexport const facebook = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: FacebookOptions) => {\n\tconst facebookArctic = new Facebook(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"facebook\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"facebook\",\n\t\tname: \"Facebook\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"email\", \"public_profile\"];\n\t\t\treturn facebookArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: facebookArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<FacebookProfile>(\n\t\t\t\t\"https://graph.facebook.com/me\",\n\t\t\t\t{\n\t\t\t\t\tauth: {\n\t\t\t\t\t\ttype: \"Bearer\",\n\t\t\t\t\t\ttoken: token.accessToken,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<FacebookProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { GitHub } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface GithubProfile {\n\tlogin: string;\n\tid: string;\n\tnode_id: string;\n\tavatar_url: string;\n\tgravatar_id: string;\n\turl: string;\n\thtml_url: string;\n\tfollowers_url: string;\n\tfollowing_url: string;\n\tgists_url: string;\n\tstarred_url: string;\n\tsubscriptions_url: string;\n\torganizations_url: string;\n\trepos_url: string;\n\tevents_url: string;\n\treceived_events_url: string;\n\ttype: string;\n\tsite_admin: boolean;\n\tname: string;\n\tcompany: string;\n\tblog: string;\n\tlocation: string;\n\temail: string;\n\thireable: boolean;\n\tbio: string;\n\ttwitter_username: string;\n\tpublic_repos: string;\n\tpublic_gists: string;\n\tfollowers: string;\n\tfollowing: string;\n\tcreated_at: string;\n\tupdated_at: string;\n\tprivate_gists: string;\n\ttotal_private_repos: string;\n\towned_private_repos: string;\n\tdisk_usage: string;\n\tcollaborators: string;\n\ttwo_factor_authentication: boolean;\n\tplan: {\n\t\tname: string;\n\t\tspace: string;\n\t\tprivate_repos: string;\n\t\tcollaborators: string;\n\t};\n\tfirst_name: string;\n\tlast_name: string;\n}\n\nexport interface GithubOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\nexport const github = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: GithubOptions) => {\n\tconst githubArctic = new GitHub(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"github\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"github\",\n\t\tname: \"Github\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"user:email\"];\n\t\t\treturn githubArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: githubArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<GithubProfile>(\n\t\t\t\t\"https://api.github.com/user\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tlet emailVerified = false;\n\t\t\tif (!profile.email) {\n\t\t\t\tconst { data, error } = await betterFetch<\n\t\t\t\t\t{\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tprimary: boolean;\n\t\t\t\t\t\tverified: boolean;\n\t\t\t\t\t\tvisibility: \"public\" | \"private\";\n\t\t\t\t\t}[]\n\t\t\t\t>(\"https://api.github.com/user/emails\", {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t\"User-Agent\": \"better-auth\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!error) {\n\t\t\t\t\tprofile.email = (data.find((e) => e.primary) ?? data[0])\n\t\t\t\t\t\t?.email as string;\n\t\t\t\t\temailVerified =\n\t\t\t\t\t\tdata.find((e) => e.email === profile.email)?.verified ?? false;\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified,\n\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<GithubProfile>;\n};\n","import { Google } from \"arctic\";\nimport { parseJWT } from \"oslo/jwt\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\n\nexport interface GoogleProfile {\n\taud: string;\n\tazp: string;\n\temail: string;\n\temail_verified: boolean;\n\texp: number;\n\t/**\n\t * The family name of the user, or last name in most\n\t * Western languages.\n\t */\n\tfamily_name: string;\n\t/**\n\t * The given name of the user, or first name in most\n\t * Western languages.\n\t */\n\tgiven_name: string;\n\thd?: string;\n\tiat: number;\n\tiss: string;\n\tjti?: string;\n\tlocale?: string;\n\tname: string;\n\tnbf?: number;\n\tpicture: string;\n\tsub: string;\n}\n\nexport interface GoogleOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const google = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: GoogleOptions) => {\n\tconst googleArctic = new Google(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"google\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"google\",\n\t\tname: \"Google\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier }) {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Google\");\n\t\t\t}\n\t\t\tconst _scopes = scopes || [\"email\", \"profile\"];\n\t\t\treturn googleArctic.createAuthorizationURL(state, codeVerifier, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code, codeVerifier) => {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Google\");\n\t\t\t}\n\t\t\treturn googleArctic.validateAuthorizationCode(code, codeVerifier);\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = parseJWT(token.idToken())?.payload as GoogleProfile;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified: user.email_verified,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<GoogleProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Spotify } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface SpotifyProfile {\n\tid: string;\n\tdisplay_name: string;\n\temail: string;\n\timages: {\n\t\turl: string;\n\t}[];\n}\n\nexport interface SpotifyOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const spotify = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: SpotifyOptions) => {\n\tconst spotifyArctic = new Spotify(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"spotify\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"spotify\",\n\t\tname: \"Spotify\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"user-read-email\"];\n\t\t\treturn spotifyArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: spotifyArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<SpotifyProfile>(\n\t\t\t\t\"https://api.spotify.com/v1/me\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.images[0]?.url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<SpotifyProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Twitch } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface TwitchProfile {\n\t/**\n\t * The sub of the user\n\t */\n\tsub: string;\n\t/**\n\t * The preferred username of the user\n\t */\n\tpreferred_username: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * The picture of the user\n\t */\n\tpicture: string;\n}\n\nexport interface TwitchOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const twitch = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: TwitchOptions) => {\n\tconst twitchArctic = new Twitch(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"twitch\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"twitch\",\n\t\tname: \"Twitch\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"activity:write\", \"read\"];\n\t\t\treturn twitchArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: twitchArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<TwitchProfile>(\n\t\t\t\t\"https://api.twitch.tv/helix/users\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.preferred_username,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<TwitchProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Twitter } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\n\nexport interface TwitterProfile {\n\tdata: {\n\t\t/**\n\t\t * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools\n\t\t * that cannot handle large integers.\n\t\t */\n\t\tid: string;\n\t\t/** The friendly name of this user, as shown on their profile. */\n\t\tname: string;\n\t\t/** @note Email is currently unsupported by Twitter. */\n\t\temail?: string;\n\t\t/** The Twitter handle (screen name) of this user. */\n\t\tusername: string;\n\t\t/**\n\t\t * The location specified in the user's profile, if the user provided one.\n\t\t * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.\n\t\t *\n\t\t * To return this field, add `user.fields=location` in the authorization request's query parameter.\n\t\t */\n\t\tlocation?: string;\n\t\t/**\n\t\t * This object and its children fields contain details about text that has a special meaning in the user's description.\n\t\t *\n\t\t *To return this field, add `user.fields=entities` in the authorization request's query parameter.\n\t\t */\n\t\tentities?: {\n\t\t\t/** Contains details about the user's profile website. */\n\t\t\turl: {\n\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\turls: Array<{\n\t\t\t\t\t/** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */\n\t\t\t\t\tstart: number;\n\t\t\t\t\t/** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */\n\t\t\t\t\tend: number;\n\t\t\t\t\t/** The URL in the format entered by the user. */\n\t\t\t\t\turl: string;\n\t\t\t\t\t/** The fully resolved URL. */\n\t\t\t\t\texpanded_url: string;\n\t\t\t\t\t/** The URL as displayed in the user's profile. */\n\t\t\t\t\tdisplay_url: string;\n\t\t\t\t}>;\n\t\t\t};\n\t\t\t/** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */\n\t\t\tdescription: {\n\t\t\t\thashtags: Array<{\n\t\t\t\t\tstart: number;\n\t\t\t\t\tend: number;\n\t\t\t\t\ttag: string;\n\t\t\t\t}>;\n\t\t\t};\n\t\t};\n\t\t/**\n\t\t * Indicate if this user is a verified Twitter user.\n\t\t *\n\t\t * To return this field, add `user.fields=verified` in the authorization request's query parameter.\n\t\t */\n\t\tverified?: boolean;\n\t\t/**\n\t\t * The text of this user's profile description (also known as bio), if the user provided one.\n\t\t *\n\t\t * To return this field, add `user.fields=description` in the authorization request's query parameter.\n\t\t */\n\t\tdescription?: string;\n\t\t/**\n\t\t * The URL specified in the user's profile, if present.\n\t\t *\n\t\t * To return this field, add `user.fields=url` in the authorization request's query parameter.\n\t\t */\n\t\turl?: string;\n\t\t/** The URL to the profile image for this user, as shown on the user's profile. */\n\t\tprofile_image_url?: string;\n\t\tprotected?: boolean;\n\t\t/**\n\t\t * Unique identifier of this user's pinned Tweet.\n\t\t *\n\t\t * You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.\n\t\t */\n\t\tpinned_tweet_id?: string;\n\t\tcreated_at?: string;\n\t};\n\tincludes?: {\n\t\ttweets?: Array<{\n\t\t\tid: string;\n\t\t\ttext: string;\n\t\t}>;\n\t};\n\t[claims: string]: unknown;\n}\n\nexport interface TwitterOption {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const twitter = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: TwitterOption) => {\n\tconst twitterArctic = new Twitter(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"twitter\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"twitter\",\n\t\tname: \"Twitter\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst _scopes = data.scopes || [\"account_info.read\"];\n\t\t\treturn twitterArctic.createAuthorizationURL(\n\t\t\t\tdata.state,\n\t\t\t\tdata.codeVerifier,\n\t\t\t\t_scopes,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code, codeVerifier) => {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Twitter\");\n\t\t\t}\n\t\t\treturn twitterArctic.validateAuthorizationCode(code, codeVerifier);\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<TwitterProfile>(\n\t\t\t\t\"https://api.x.com/2/users/me?user.fields=profile_image_url\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tif (!profile.data.email) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.id,\n\t\t\t\t\tname: profile.data.name,\n\t\t\t\t\temail: profile.data.email,\n\t\t\t\t\timage: profile.data.profile_image_url,\n\t\t\t\t\temailVerified: profile.data.verified || false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<TwitterProfile>;\n};\n","import type { User } from \"../adapters/schema\";\nimport type { oAuthProviderList } from \"../social-providers\";\nimport type { LiteralString } from \"./helper\";\nimport { OAuth2Tokens } from \"arctic\";\n\nexport interface OAuthProvider<\n\tT extends Record<string, any> = Record<string, any>,\n> {\n\tid: LiteralString;\n\tcreateAuthorizationURL: (data: {\n\t\tstate: string;\n\t\tcodeVerifier: string;\n\t\tscopes?: string[];\n\t}) => URL;\n\tname: string;\n\tvalidateAuthorizationCode: (\n\t\tcode: string,\n\t\tcodeVerifier?: string,\n\t) => Promise<OAuth2Tokens>;\n\tgetUserInfo: (token: OAuth2Tokens) => Promise<{\n\t\tuser: Omit<User, \"createdAt\" | \"updatedAt\">;\n\t\tdata: T;\n\t} | null>;\n\trefreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;\n\trevokeToken?: (token: string) => Promise<void>;\n}\n\nexport type OAuthProviderList = typeof oAuthProviderList;\n","import { apple } from \"./apple\";\nimport { discord } from \"./discord\";\nimport { facebook } from \"./facebook\";\nimport { github } from \"./github\";\nimport { google } from \"./google\";\nimport { spotify } from \"./spotify\";\nimport { twitch } from \"./twitch\";\nimport { twitter } from \"./twitter\";\n\nexport const oAuthProviders = {\n\tapple,\n\tdiscord,\n\tfacebook,\n\tgithub,\n\tgoogle,\n\tspotify,\n\ttwitch,\n\ttwitter,\n};\n\nexport const oAuthProviderList = Object.keys(oAuthProviders) as [\n\t\"github\",\n\t...(keyof typeof oAuthProviders)[],\n];\n\nexport * from \"./github\";\nexport * from \"./google\";\nexport * from \"./apple\";\nexport * from \"./discord\";\nexport * from \"./spotify\";\nexport * from \"./twitch\";\nexport * from \"./facebook\";\nexport * from \"./twitter\";\nexport * from \"../types/provider\";\n","import { generateState as generateStateOAuth } from \"oslo/oauth2\";\n\nexport function generateState(callbackURL?: string, currentURL?: string) {\n\tconst code = generateStateOAuth();\n\tconst state = `${code}!${callbackURL}!${currentURL}`;\n\treturn { state, code };\n}\n\nexport function parseState(state: string) {\n\tconst [code, callbackURL, currentURL] = state.split(\"!\");\n\treturn { code, callbackURL, currentURL };\n}\n","import type { Context } from \"better-call\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const getSession = createAuthEndpoint(\n\t\"/session\",\n\t{\n\t\tmethod: \"GET\",\n\t\trequireHeaders: true,\n\t},\n\tasync (ctx) => {\n\t\tconst sessionCookieToken = await ctx.getSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\tif (!sessionCookieToken) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst session =\n\t\t\tawait ctx.context.internalAdapter.findSession(sessionCookieToken);\n\t\tif (!session || session.session.expiresAt < new Date()) {\n\t\t\tctx.setSignedCookie(\n\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\"\",\n\t\t\t\tctx.context.secret,\n\t\t\t\t{\n\t\t\t\t\tmaxAge: 0,\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst updatedSession = await ctx.context.internalAdapter.updateSession(\n\t\t\tsession.session,\n\t\t);\n\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tupdatedSession.id,\n\t\t\tctx.context.secret,\n\t\t\t{\n\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\tmaxAge: updatedSession.expiresAt.valueOf() - Date.now(),\n\t\t\t},\n\t\t);\n\t\treturn ctx.json({\n\t\t\tsession: updatedSession,\n\t\t\tuser: session.user,\n\t\t});\n\t},\n);\n\nexport const getSessionFromCtx = async (ctx: Context<any, any>) => {\n\tconst session = await getSession({\n\t\t...ctx,\n\t\t//@ts-expect-error: By default since this request context comes from a router it'll have a `router` flag which force it to be a request object\n\t\t_flag: undefined,\n\t});\n\treturn session;\n};\n","import { APIError } from \"better-call\";\nimport { z } from \"zod\";\nimport { userSchema } from \"../../adapters/schema\";\nimport { HIDE_ON_CLIENT_METADATA } from \"../../client/client-utils\";\nimport { generateId } from \"../../utils/id\";\nimport { parseState } from \"../../utils/state\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const callbackOAuth = createAuthEndpoint(\n\t\"/callback/:id\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\tstate: z.string(),\n\t\t\tcode: z.string(),\n\t\t\tcode_verifier: z.string().optional(),\n\t\t}),\n\t\tmetadata: HIDE_ON_CLIENT_METADATA,\n\t},\n\tasync (c) => {\n\t\tconst provider = c.context.options.socialProvider?.find(\n\t\t\t(p) => p.id === c.params.id,\n\t\t);\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Oauth provider with id\",\n\t\t\t\tc.params.id,\n\t\t\t\t\"not found\",\n\t\t\t);\n\t\t\tthrow new APIError(\"NOT_FOUND\");\n\t\t}\n\t\tconst tokens = await provider.validateAuthorizationCode(\n\t\t\tc.query.code,\n\t\t\tc.query.code_verifier || \"\",\n\t\t);\n\t\tif (!tokens) {\n\t\t\tc.context.logger.error(\"Code verification failed\");\n\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst user = await provider.getUserInfo(tokens).then((res) => res?.user);\n\t\tconst id = generateId();\n\t\tconst data = userSchema.safeParse({\n\t\t\t...user,\n\t\t\tid,\n\t\t});\n\t\tconst { callbackURL, currentURL } = parseState(c.query.state);\n\t\tif (!user || data.success === false) {\n\t\t\tif (currentURL) {\n\t\t\t\tthrow c.redirect(`${currentURL}?error=oauth_validation_failed`);\n\t\t\t} else {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\");\n\t\t\t}\n\t\t}\n\t\tif (!callbackURL) {\n\t\t\tc.context.logger.error(\"Callback URL not found\");\n\t\t\tthrow new APIError(\"FORBIDDEN\");\n\t\t}\n\t\t//find user in db\n\t\tconst dbUser = await c.context.internalAdapter.findUserByEmail(user.email);\n\t\tconst userId = dbUser?.user.id;\n\t\tif (dbUser) {\n\t\t\t//check if user has already linked this provider\n\t\t\tconst hasBeenLinked = dbUser.accounts.find(\n\t\t\t\t(a) => a.providerId === provider.id,\n\t\t\t);\n\t\t\tif (!hasBeenLinked && !user.emailVerified) {\n\t\t\t\tc.context.logger.error(\"User already exists\");\n\t\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\t\turl.searchParams.set(\"error\", \"user_already_exists\");\n\t\t\t\tthrow c.redirect(url.toString());\n\t\t\t}\n\n\t\t\tif (!hasBeenLinked && user.emailVerified) {\n\t\t\t\tawait c.context.internalAdapter.linkAccount({\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tid: `${provider.id}:${user.id}`,\n\t\t\t\t\tuserId: dbUser.user.id,\n\t\t\t\t\t...tokens,\n\t\t\t\t});\n\t\t\t}\n\t\t} else {\n\t\t\ttry {\n\t\t\t\tawait c.context.internalAdapter.createOAuthUser(data.data, {\n\t\t\t\t\t...tokens,\n\t\t\t\t\tid: `${provider.id}:${user.id}`,\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tuserId: id,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\t\turl.searchParams.set(\"error\", \"unable_to_create_user\");\n\t\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t\t\tthrow c.redirect(url.toString());\n\t\t\t}\n\t\t}\n\t\t//this should never happen\n\t\tif (!userId && !id)\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: \"Unable to create user\",\n\t\t\t});\n\t\t//create session\n\t\tconst session = await c.context.internalAdapter.createSession(\n\t\t\tuserId || id,\n\t\t\tc.request,\n\t\t);\n\t\ttry {\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tc.context.authCookies.sessionToken.name,\n\t\t\t\tsession.id,\n\t\t\t\tc.context.secret,\n\t\t\t\tc.context.authCookies.sessionToken.options,\n\t\t\t);\n\t\t} catch (e) {\n\t\t\tc.context.logger.error(\"Unable to set session cookie\", e);\n\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\turl.searchParams.set(\"error\", \"unable_to_create_session\");\n\t\t\tthrow c.redirect(url.toString());\n\t\t}\n\t\tthrow c.redirect(callbackURL);\n\t},\n);\n","import { z } from \"zod\";\nimport type { FieldAttribute } from \"../db\";\nimport type { BetterAuthOptions } from \"../types\";\n\nexport const accountSchema = z.object({\n\tid: z.string(),\n\tproviderId: z.string(),\n\taccountId: z.string(),\n\tuserId: z.string(),\n\taccessToken: z.string().nullable().optional(),\n\trefreshToken: z.string().nullable().optional(),\n\tidToken: z.string().nullable().optional(),\n\taccessTokenExpiresAt: z.date().nullable().optional(),\n\trefreshTokenExpiresAt: z.date().nullable().optional(),\n\t/**\n\t * Password is only stored in the credential provider\n\t */\n\tpassword: z.string().optional().nullable(),\n});\n\nexport const userSchema = z.object({\n\tid: z.string(),\n\temail: z.string().transform((val) => val.toLowerCase()),\n\temailVerified: z.boolean().default(false),\n\tname: z.string(),\n\timage: z.string().optional(),\n\tcreatedAt: z.date().default(new Date()),\n\tupdatedAt: z.date().default(new Date()),\n});\n\nexport const sessionSchema = z.object({\n\tid: z.string(),\n\tuserId: z.string(),\n\texpiresAt: z.date(),\n\tipAddress: z.string().optional(),\n\tuserAgent: z.string().optional(),\n});\n\nexport type User = z.infer<typeof userSchema>;\nexport type Account = z.infer<typeof accountSchema>;\nexport type Session = z.infer<typeof sessionSchema>;\nexport interface MigrationTable {\n\tname: string;\n\ttimestamp: string;\n}\n\nexport function parseData<T extends Record<string, any>>(\n\tdata: T,\n\tschema: {\n\t\tfields: Record<string, FieldAttribute>;\n\t},\n) {\n\tconst fields = schema.fields;\n\tconst parsedData: Record<string, any> = {};\n\tfor (const key in data) {\n\t\tconst field = fields[key];\n\t\tif (!field) {\n\t\t\tparsedData[key] = data[key];\n\t\t\tcontinue;\n\t\t}\n\t\tif (field.returned === false) {\n\t\t\tcontinue;\n\t\t}\n\t\tparsedData[key] = data[key];\n\t}\n\treturn parsedData as T;\n}\n\nexport function getAllFields(options: BetterAuthOptions, table: string) {\n\tlet schema: Record<string, FieldAttribute> = {};\n\tfor (const plugin of options.plugins || []) {\n\t\tif (plugin.schema && plugin.schema[table]) {\n\t\t\tschema = {\n\t\t\t\t...schema,\n\t\t\t\t...plugin.schema[table].fields,\n\t\t\t};\n\t\t}\n\t}\n\treturn schema;\n}\n\nexport function parseUser(options: BetterAuthOptions, user: User) {\n\tconst schema = getAllFields(options, \"user\");\n\treturn parseData(user, { fields: schema });\n}\n\nexport function parseAccount(options: BetterAuthOptions, account: Account) {\n\tconst schema = getAllFields(options, \"account\");\n\treturn parseData(account, { fields: schema });\n}\n\nexport function parseSession(options: BetterAuthOptions, session: Session) {\n\tconst schema = getAllFields(options, \"session\");\n\treturn parseData(session, { fields: schema });\n}\n","export const HIDE_ON_CLIENT_METADATA = {\n\tonClient: \"hide\" as const,\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nexport const generateId = () => {\n\treturn generateRandomString(36, alphabet(\"a-z\", \"0-9\"));\n};\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const signOut = createAuthEndpoint(\n\t\"/sign-out\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z\n\t\t\t.object({\n\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t},\n\tasync (ctx) => {\n\t\tconst sessionCookieToken = await ctx.getSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\tif (!sessionCookieToken) {\n\t\t\treturn ctx.json(null);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteSession(sessionCookieToken);\n\t\tctx.setCookie(ctx.context.authCookies.sessionToken.name, \"\", {\n\t\t\tmaxAge: 0,\n\t\t});\n\t\treturn ctx.json(null, {\n\t\t\tbody: {\n\t\t\t\tredirect: !!ctx.body?.callbackURL,\n\t\t\t\turl: ctx.body?.callbackURL,\n\t\t\t},\n\t\t});\n\t},\n);\n","import { TimeSpan } from \"oslo\";\nimport { createJWT } from \"oslo/jwt\";\nimport { validateJWT } from \"oslo/jwt\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const forgetPassword = createAuthEndpoint(\n\t\"/forget-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The email address of the user to send a password reset email to.\n\t\t\t */\n\t\t\temail: z.string().email(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendResetPasswordToken) {\n\t\t\tctx.context.logger.error(\n\t\t\t\t\"Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!\",\n\t\t\t);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"RESET_PASSWORD_EMAIL_NOT_SENT\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Reset password isn't enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { email } = ctx.body;\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\tif (!user) {\n\t\t\treturn ctx.json(\n\t\t\t\t{\n\t\t\t\t\terror: \"User not found\",\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t}\n\t\tconst token = await createJWT(\n\t\t\t\"HS256\",\n\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t{\n\t\t\t\temail: user.user.email,\n\t\t\t},\n\t\t\t{\n\t\t\t\texpiresIn: new TimeSpan(1, \"h\"),\n\t\t\t\tissuer: \"better-auth\",\n\t\t\t\tsubject: \"forget-password\",\n\t\t\t\taudiences: [user.user.email],\n\t\t\t\tincludeIssuedTimestamp: true,\n\t\t\t},\n\t\t);\n\t\tawait ctx.context.options.emailAndPassword.sendResetPasswordToken(\n\t\t\ttoken,\n\t\t\tuser.user,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const resetPassword = createAuthEndpoint(\n\t\"/reset-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\ttoken: z.string(),\n\t\t\tnewPassword: z.string(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst { token, newPassword } = ctx.body;\n\t\ttry {\n\t\t\tconst jwt = await validateJWT(\n\t\t\t\t\"HS256\",\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\ttoken,\n\t\t\t);\n\t\t\tconst email = z\n\t\t\t\t.string()\n\t\t\t\t.email()\n\t\t\t\t.parse((jwt.payload as { email: string }).email);\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (!user) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tif (\n\t\t\t\tnewPassword.length <\n\t\t\t\t\t(ctx.context.options.emailAndPassword?.minPasswordLength || 8) ||\n\t\t\t\tnewPassword.length >\n\t\t\t\t\t(ctx.context.options.emailAndPassword?.maxPasswordLength || 32)\n\t\t\t) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"INVALID_PASSWORD_LENGTH\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Password length must be between 8 and 32\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst argon2id = new Argon2id();\n\t\t\tconst hashedPassword = await argon2id.hash(newPassword);\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updatePassword(\n\t\t\t\tuser.user.id,\n\t\t\t\thashedPassword,\n\t\t\t);\n\t\t\tif (!updatedUser) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 500,\n\t\t\t\t\tstatusText: \"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Internal server error\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t});\n\t\t} catch (e) {\n\t\t\tconsole.log(e);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"INVALID_TOKEN\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invalid token\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t},\n);\n","import { TimeSpan } from \"oslo\";\nimport { createJWT, validateJWT } from \"oslo/jwt\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const sendVerificationEmail = createAuthEndpoint(\n\t\"/send-verification-email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\temail: z.string().email(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendVerificationEmail) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"VERIFICATION_EMAIL_NOT_SENT\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Verification email isn't enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { email } = ctx.body;\n\t\tconst token = await createJWT(\n\t\t\t\"HS256\",\n\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t{\n\t\t\t\temail: email.toLowerCase(),\n\t\t\t},\n\t\t\t{\n\t\t\t\texpiresIn: new TimeSpan(1, \"h\"),\n\t\t\t\tissuer: \"better-auth\",\n\t\t\t\tsubject: \"verify-email\",\n\t\t\t\taudiences: [email],\n\t\t\t\tincludeIssuedTimestamp: true,\n\t\t\t},\n\t\t);\n\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}?callbackURL=${ctx.body.callbackURL}`;\n\t\tawait ctx.context.options.emailAndPassword.sendVerificationEmail(\n\t\t\temail,\n\t\t\turl,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const verifyEmail = createAuthEndpoint(\n\t\"/verify-email\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\ttoken: z.string(),\n\t\t\tcallbackURL: z.string(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst { token } = ctx.query;\n\t\ttry {\n\t\t\tconst jwt = await validateJWT(\n\t\t\t\t\"HS256\",\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\ttoken,\n\t\t\t);\n\t\t\tconst schema = z.object({\n\t\t\t\temail: z.string().email(),\n\t\t\t});\n\t\t\tconst parsed = schema.parse(jwt.payload);\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(\n\t\t\t\tparsed.email,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst account = user.accounts.find((a) => a.providerId === \"credential\");\n\t\t\tif (!account) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"ACCOUNT_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Account not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.updateUserByEmail(parsed.email, {\n\t\t\t\temailVerified: true,\n\t\t\t});\n\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t} catch (e) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"INVALID_TOKEN\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invalid token\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t},\n);\n","import type { AuthContext } from \"../init\";\n\nexport const shimContext = <T extends Record<string, any>>(\n\toriginalObject: T,\n\tnewContext: Record<string, any>,\n) => {\n\tconst shimmedObj: Record<string, any> = {};\n\tfor (const [key, value] of Object.entries(originalObject)) {\n\t\tshimmedObj[key] = (ctx: Record<string, any>) => {\n\t\t\treturn value({\n\t\t\t\t...ctx,\n\t\t\t\tcontext: {\n\t\t\t\t\t...newContext,\n\t\t\t\t\t...ctx.context,\n\t\t\t\t},\n\t\t\t});\n\t\t};\n\t\tshimmedObj[key].path = value.path;\n\t\tshimmedObj[key].method = value.method;\n\t\tshimmedObj[key].options = value.options;\n\t\tshimmedObj[key].headers = value.headers;\n\t}\n\treturn shimmedObj as T;\n};\n\nexport const shimEndpoint = (ctx: AuthContext, value: any) => {\n\treturn async (context: any) => {\n\t\tfor (const plugin of ctx.options.plugins || []) {\n\t\t\tif (plugin.hooks?.before) {\n\t\t\t\tfor (const hook of plugin.hooks.before) {\n\t\t\t\t\tconst match = hook.matcher({\n\t\t\t\t\t\t...context,\n\t\t\t\t\t\t...value,\n\t\t\t\t\t});\n\t\t\t\t\tif (match) {\n\t\t\t\t\t\tconst hookRes = await hook.handler(context);\n\t\t\t\t\t\tif (hookRes && \"context\" in hookRes) {\n\t\t\t\t\t\t\tcontext = {\n\t\t\t\t\t\t\t\t...context,\n\t\t\t\t\t\t\t\t...hookRes.context,\n\t\t\t\t\t\t\t\t...value,\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t//@ts-ignore\n\t\tconst endpointRes = value({\n\t\t\t...context,\n\t\t\tcontext: {\n\t\t\t\t...ctx,\n\t\t\t\t...context.context,\n\t\t\t},\n\t\t});\n\t\tlet response = endpointRes;\n\t\tfor (const plugin of ctx.options.plugins || []) {\n\t\t\tif (plugin.hooks?.after) {\n\t\t\t\tfor (const hook of plugin.hooks.after) {\n\t\t\t\t\tconst match = hook.matcher(context);\n\t\t\t\t\tif (match) {\n\t\t\t\t\t\tconst obj = Object.assign(context, {\n\t\t\t\t\t\t\treturned: endpointRes,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst hookRes = await hook.handler(obj);\n\t\t\t\t\t\tif (hookRes && \"response\" in hookRes) {\n\t\t\t\t\t\t\tresponse = hookRes.response as any;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn response;\n\t};\n};\n","export * from \"./src/access\";\nexport * from \"./src/types\";\nexport * from \"./statement\";\nexport * from \"./utils\";\n","import type { StatementsPrimitive as Statements, Subset } from \"./types\";\n\nexport class ParsingError extends Error {\n\tpublic readonly path: string;\n\tconstructor(message: string, path: string) {\n\t\tsuper(message);\n\t\tthis.path = path;\n\t}\n}\n\ntype Connector = \"OR\" | \"AND\";\n\nexport class AccessControl<TStatements extends Statements = Statements> {\n\tprivate readonly statements: TStatements;\n\tconstructor(private readonly s: TStatements) {\n\t\tthis.statements = s;\n\t}\n\tpublic newRole<K extends keyof TStatements>(\n\t\tstatements: Subset<K, TStatements>,\n\t) {\n\t\treturn new Role<Subset<K, TStatements>>(statements);\n\t}\n}\n\nexport type AuthortizeResponse =\n\t| { success: false; error: string }\n\t| { success: true; error?: never };\n\nexport class Role<TStatements extends Statements> {\n\tpublic readonly statements: TStatements;\n\n\tconstructor(statements: TStatements) {\n\t\tthis.statements = statements;\n\t}\n\n\tpublic authorize<K extends keyof TStatements>(\n\t\trequest: Subset<K, TStatements>,\n\t\tconnector?: Connector,\n\t): AuthortizeResponse {\n\t\tfor (const [requestedResource, requestedActions] of Object.entries(\n\t\t\trequest,\n\t\t)) {\n\t\t\tconst allowedActions = this.statements[requestedResource];\n\t\t\tif (!allowedActions) {\n\t\t\t\treturn {\n\t\t\t\t\tsuccess: false,\n\t\t\t\t\terror: `You are not allowed to access resource: ${requestedResource}`,\n\t\t\t\t};\n\t\t\t}\n\t\t\tconst success =\n\t\t\t\tconnector === \"OR\"\n\t\t\t\t\t? (requestedActions as string[]).some((requestedAction) =>\n\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t)\n\t\t\t\t\t: (requestedActions as string[]).every((requestedAction) =>\n\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t);\n\t\t\tif (success) {\n\t\t\t\treturn { success };\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tsuccess: false,\n\t\t\t\terror: `unauthorized to access resource \"${requestedResource}\"`,\n\t\t\t};\n\t\t}\n\t\treturn {\n\t\t\tsuccess: false,\n\t\t\terror: \"Not authorized\",\n\t\t};\n\t}\n\n\tstatic fromString<TStatements extends Statements>(s: string) {\n\t\tconst statements = JSON.parse(s) as TStatements;\n\n\t\tif (typeof statements !== \"object\") {\n\t\t\tthrow new ParsingError(\"statements is not an object\", \".\");\n\t\t}\n\t\tfor (const [resource, actions] of Object.entries(statements)) {\n\t\t\tif (typeof resource !== \"string\") {\n\t\t\t\tthrow new ParsingError(\"invalid resource identifier\", resource);\n\t\t\t}\n\t\t\tif (!Array.isArray(actions)) {\n\t\t\t\tthrow new ParsingError(\"actions is not an array\", resource);\n\t\t\t}\n\t\t\tfor (let i = 0; i < actions.length; i++) {\n\t\t\t\tif (typeof actions[i] !== \"string\") {\n\t\t\t\t\tthrow new ParsingError(\"action is not a string\", `${resource}[${i}]`);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn new Role<TStatements>(statements);\n\t}\n\n\tpublic toString(): string {\n\t\treturn JSON.stringify(this.statements);\n\t}\n}\n","import { AccessControl } from \"./src/access\";\nimport type { StatementsPrimitive } from \"./src/types\";\n\nexport const createAccessControl = <S extends StatementsPrimitive>(\n\tstatements: S,\n) => {\n\treturn new AccessControl<S>(statements);\n};\n\nexport const defaultStatements = {\n\torganization: [\"update\", \"delete\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n\tinvitation: [\"create\", \"cancel\"],\n} as const;\n\nexport const defaultAc = createAccessControl(defaultStatements);\n\nexport const adminAc = defaultAc.newRole({\n\torganization: [\"update\"],\n\tinvitation: [\"create\", \"cancel\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n});\n\nexport const ownerAc = defaultAc.newRole({\n\torganization: [\"update\", \"delete\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n\tinvitation: [\"create\", \"cancel\"],\n});\n\nexport const memberAc = defaultAc.newRole({\n\torganization: [],\n\tmember: [],\n\tinvitation: [],\n});\n\nexport const defaultRoles = {\n\tadmin: adminAc,\n\towner: ownerAc,\n\tmember: memberAc,\n};\n","import { Role } from \"./src/access\";\n\nexport const permissionFromString = (permission?: string) => {\n\treturn Role.fromString(permission ?? \"\");\n};\n","export const getDate = (span: number) => {\n\tconst date = new Date();\n\treturn new Date(date.getTime() + span);\n};\n","import type { Session, User } from \"../../adapters/schema\";\nimport type { Adapter } from \"../../types/adapter\";\nimport { getDate } from \"../../utils/date\";\nimport { generateId } from \"../../utils/id\";\nimport type { OrganizationOptions } from \"./organization\";\nimport type { Invitation, Member, Organization } from \"./schema\";\n\nexport const getOrgAdapter = (\n\tadapter: Adapter,\n\toptions?: OrganizationOptions,\n) => {\n\treturn {\n\t\tfindOrganizationBySlug: async (slug: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"slug\",\n\t\t\t\t\t\tvalue: slug,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tcreateOrganization: async (data: {\n\t\t\torganization: Organization;\n\t\t\tuser: User;\n\t\t}) => {\n\t\t\tconst organization = await adapter.create<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\tdata: data.organization,\n\t\t\t});\n\t\t\tconst member = await adapter.create<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\tdata: {\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\tname: data.user.name,\n\t\t\t\t\torganizationId: organization.id,\n\t\t\t\t\tuserId: data.user.id,\n\t\t\t\t\temail: data.user.email,\n\t\t\t\t\trole: options?.creatorRole || \"owner\",\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn {\n\t\t\t\t...organization,\n\t\t\t\tmembers: [member],\n\t\t\t};\n\t\t},\n\t\tfindMemberByEmail: async (data: {\n\t\t\temail: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"email\",\n\t\t\t\t\t\tvalue: data.email,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tfindMemberByOrgId: async (data: {\n\t\t\tuserId: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: data.userId,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tfindMemberById: async (memberId: string) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tcreateMember: async (data: Member) => {\n\t\t\tconst member = await adapter.create<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\tdata: data,\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tupdateMember: async (memberId: string, role: string) => {\n\t\t\tconst member = await adapter.update<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\trole,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tdeleteMember: async (memberId: string) => {\n\t\t\tconst member = await adapter.delete<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tupdateOrganization: async (orgId: string, data: Partial<Organization>) => {\n\t\t\tconst organization = await adapter.update<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: data,\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tdeleteOrganization: async (orgId: string) => {\n\t\t\tconst organization = await adapter.delete<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tsetActiveOrganization: async (sessionId: string, orgId: string | null) => {\n\t\t\tconst session = await adapter.update<Session>({\n\t\t\t\tmodel: \"session\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: sessionId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\tactiveOrganizationId: orgId,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn session;\n\t\t},\n\t\tfindOrganizationById: async (orgId: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tfindFullOrganization: async (orgId: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!organization) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst members = await adapter.findMany<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tconst invitations = await adapter.findMany<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn {\n\t\t\t\t...organization,\n\t\t\t\tmembers,\n\t\t\t\tinvitations,\n\t\t\t};\n\t\t},\n\t\tlistOrganizations: async (userId: string) => {\n\t\t\tconst members = await adapter.findMany<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: userId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tconst organizationIds = members?.map((member) => member.organizationId);\n\t\t\tconsole.log({ organizationIds });\n\t\t\tif (!organizationIds) {\n\t\t\t\treturn [];\n\t\t\t}\n\t\t\tconst organizations: Organization[] = [];\n\t\t\tfor (const id of organizationIds) {\n\t\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\tvalue: id,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t});\n\t\t\t\tif (organization) {\n\t\t\t\t\torganizations.push(organization);\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn organizations;\n\t\t},\n\t\tcreateInvitation: async ({\n\t\t\tinvitation,\n\t\t\tuser,\n\t\t}: {\n\t\t\tinvitation: {\n\t\t\t\temail: string;\n\t\t\t\trole: \"admin\" | \"member\" | \"owner\";\n\t\t\t\torganizationId: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t}) => {\n\t\t\tconst defaultExpiration = 1000 * 60 * 60 * 48;\n\t\t\tconst expiresAt = getDate(\n\t\t\t\toptions?.invitationExpiresIn || defaultExpiration,\n\t\t\t);\n\t\t\tconst invite = await adapter.create<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\tdata: {\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\temail: invitation.email,\n\t\t\t\t\trole: invitation.role,\n\t\t\t\t\torganizationId: invitation.organizationId,\n\t\t\t\t\tstatus: \"pending\",\n\t\t\t\t\texpiresAt,\n\t\t\t\t\tinviterId: user.id,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn invite;\n\t\t},\n\t\tfindInvitationById: async (id: string) => {\n\t\t\tconst invitation = await adapter.findOne<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: id,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn invitation;\n\t\t},\n\t\tfindPendingInvitation: async (data: {\n\t\t\temail: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst invitation = await adapter.findMany<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"email\",\n\t\t\t\t\t\tvalue: data.email,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"status\",\n\t\t\t\t\t\tvalue: \"pending\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn invitation.filter(\n\t\t\t\t(invite) => new Date(invite.expiresAt) > new Date(),\n\t\t\t);\n\t\t},\n\t\tupdateInvitation: async (data: {\n\t\t\tinvitationId: string;\n\t\t\tstatus: \"accepted\" | \"canceled\" | \"rejected\";\n\t\t}) => {\n\t\t\tconst invitation = await adapter.update<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: data.invitationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\tstatus: data.status,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn invitation;\n\t\t},\n\t};\n};\n","import { APIError, type Context, createEndpointCreator } from \"better-call\";\nimport type { Session, User } from \"../../adapters/schema\";\nimport { createAuthMiddleware, optionsMiddleware } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport type { Role, defaultRoles } from \"./access\";\nimport type { OrganizationOptions } from \"./organization\";\n\nexport const orgMiddleware = createAuthMiddleware(async (ctx) => {\n\treturn {} as {\n\t\torgOptions: OrganizationOptions;\n\t\troles: typeof defaultRoles & {\n\t\t\t[key: string]: Role<{}>;\n\t\t};\n\t\tgetSession: (context: Context<any, any>) => Promise<{\n\t\t\tsession: Session & {\n\t\t\t\tactiveOrganizationId?: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t}>;\n\t};\n});\n\nexport const orgSessionMiddleware = createAuthMiddleware(\n\t{\n\t\tuse: [sessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\t//@ts-expect-error: fix this later on better-call repo. Session middleware will return session in the context.\n\t\tconst session = ctx.context.session as {\n\t\t\tsession: Session & {\n\t\t\t\tactiveOrganizationId?: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t};\n\t\treturn {\n\t\t\tsession,\n\t\t};\n\t},\n);\n","import { APIError } from \"better-call\";\nimport { createAuthMiddleware } from \"../call\";\nimport { getSessionFromCtx } from \"../routes\";\n\nexport const sessionMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session?.session) {\n\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t};\n});\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { getSessionFromCtx } from \"../../../api/routes\";\nimport { generateId } from \"../../../utils/id\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\nimport { role } from \"../schema\";\n\nexport const createInvitation = createAuthEndpoint(\n\t\"/organization/invite-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t\tbody: z.object({\n\t\t\temail: z.string(),\n\t\t\trole: role,\n\t\t\torganizationId: z.string().optional(),\n\t\t\tresend: z.boolean().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId =\n\t\t\tctx.body.organizationId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canInvite = role.authorize({\n\t\t\tinvitation: [\"create\"],\n\t\t});\n\t\tif (canInvite.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to invite users to this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst alreadyMember = await adapter.findMemberByEmail({\n\t\t\temail: ctx.body.email,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (alreadyMember) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is already a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst alreadyInvited = await adapter.findPendingInvitation({\n\t\t\temail: ctx.body.email,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (alreadyInvited.length && !ctx.body.resend) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is already invited to this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst invitation = await adapter.createInvitation({\n\t\t\tinvitation: {\n\t\t\t\trole: ctx.body.role,\n\t\t\t\temail: ctx.body.email,\n\t\t\t\torganizationId: orgId,\n\t\t\t},\n\t\t\tuser: session.user,\n\t\t});\n\t\tawait ctx.context.orgOptions.sendInvitationEmail?.(\n\t\t\tinvitation,\n\t\t\tctx.body.email,\n\t\t);\n\t\treturn ctx.json(invitation);\n\t},\n);\n\nexport const acceptInvitation = createAuthEndpoint(\n\t\"/organization/accept-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.expiresAt < new Date() ||\n\t\t\tinvitation.status !== \"pending\"\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst acceptedI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"accepted\",\n\t\t});\n\t\tconst member = await adapter.createMember({\n\t\t\tid: generateId(),\n\t\t\torganizationId: invitation.organizationId,\n\t\t\tuserId: session.user.id,\n\t\t\temail: invitation.email,\n\t\t\trole: invitation.role,\n\t\t\tname: session.user.name,\n\t\t});\n\t\treturn ctx.json({\n\t\t\tinvitation: acceptedI,\n\t\t\tmember,\n\t\t});\n\t},\n);\nexport const rejectInvitation = createAuthEndpoint(\n\t\"/organization/reject-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.expiresAt < new Date() ||\n\t\t\tinvitation.status !== \"pending\"\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst rejectedI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"rejected\",\n\t\t});\n\t\treturn ctx.json({\n\t\t\tinvitation: rejectedI,\n\t\t\tmember: null,\n\t\t});\n\t},\n);\n\nexport const cancelInvitation = createAuthEndpoint(\n\t\"/organization/cancel-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (!invitation) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: invitation.organizationId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canCancel = ctx.context.roles[member.role].authorize({\n\t\t\tinvitation: [\"cancel\"],\n\t\t});\n\t\tif (canCancel.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 403,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to cancel this invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canceledI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"canceled\",\n\t\t});\n\t\treturn ctx.json(canceledI);\n\t},\n);\n\nexport const getActiveInvitation = createAuthEndpoint(\n\t\"/organization/get-active-invitation\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [orgMiddleware],\n\t\tquery: z.object({\n\t\t\tid: z.string(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User not logged in\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.query.id);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.status !== \"pending\" ||\n\t\t\tinvitation.expiresAt < new Date()\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst organization = await adapter.findOrganizationById(\n\t\t\tinvitation.organizationId,\n\t\t);\n\t\tif (!organization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: invitation.inviterId,\n\t\t\torganizationId: invitation.organizationId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Inviter is no longer a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\treturn ctx.json({\n\t\t\t...invitation,\n\t\t\torganizationName: organization.name,\n\t\t\torganizationSlug: organization.slug,\n\t\t\tinviterEmail: member.email,\n\t\t\tinviterName: member.name,\n\t\t});\n\t},\n);\n","import { z } from \"zod\";\n\nexport const role = z.enum([\"admin\", \"member\", \"owner\"]);\nexport const invitationStatus = z\n\t.enum([\"pending\", \"accepted\", \"rejected\", \"canceled\"])\n\t.default(\"pending\");\nexport const organizationSchema = z.object({\n\tid: z.string(),\n\tname: z.string(),\n\tslug: z.string(),\n});\n\nexport const memberSchema = z.object({\n\tid: z.string(),\n\tname: z.string(),\n\temail: z.string(),\n\torganizationId: z.string(),\n\tuserId: z.string(),\n\trole,\n});\n\nexport const invitationSchema = z.object({\n\tid: z.string(),\n\torganizationId: z.string(),\n\temail: z.string(),\n\trole,\n\tstatus: invitationStatus,\n\t/**\n\t * The id of the user who invited the user.\n\t */\n\tinviterId: z.string(),\n\texpiresAt: z.date(),\n});\n\nexport type Organization = z.infer<typeof organizationSchema>;\nexport type Member = z.infer<typeof memberSchema>;\nexport type Invitation = z.infer<typeof invitationSchema>;\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\n\nexport const removeMember = createAuthEndpoint(\n\t\"/organization/remove-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tmemberId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"No active organization found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (\n\t\t\tsession.user.id === member.userId &&\n\t\t\tmember.role === (ctx.context.orgOptions?.creatorRole || \"owner\")\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You cannot delete yourself\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canDeleteMember = role.authorize({\n\t\t\tmember: [\"delete\"],\n\t\t});\n\t\tif (canDeleteMember.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to delete this member\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst existing = await adapter.findMemberById(ctx.body.memberId);\n\t\tif (existing?.organizationId !== orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst deletedMember = await adapter.deleteMember(ctx.body.memberId);\n\t\tif (\n\t\t\tsession.user.id === existing.userId &&\n\t\t\tsession.session.activeOrganizationId === existing.organizationId\n\t\t) {\n\t\t\tawait adapter.setActiveOrganization(session.session.id, null);\n\t\t}\n\t\treturn ctx.json(deletedMember);\n\t},\n);\n\nexport const updateMember = createAuthEndpoint(\n\t\"/organization/update-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tmemberId: z.string(),\n\t\t\trole: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"No active organization found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canUpdateMember = role.authorize({\n\t\t\tmember: [\"update\"],\n\t\t});\n\t\tif (canUpdateMember.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to update this member\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst updatedMember = await adapter.updateMember(\n\t\t\tctx.body.memberId,\n\t\t\tctx.body.role,\n\t\t);\n\t\treturn ctx.json(updatedMember);\n\t},\n);\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { generateId } from \"../../../utils/id\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\n\nexport const createOrganization = createAuthEndpoint(\n\t\"/organization/create\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string(),\n\t\t\tslug: z.string(),\n\t\t\tuserId: z.string().optional(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst user = ctx.context.session.user;\n\t\tif (!user) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst options = ctx.context.orgOptions;\n\t\tconst canCreateOrg =\n\t\t\ttypeof options?.allowUserToCreateOrganization === \"function\"\n\t\t\t\t? await options.allowUserToCreateOrganization(user)\n\t\t\t\t: options?.allowUserToCreateOrganization === undefined\n\t\t\t\t\t? true\n\t\t\t\t\t: options.allowUserToCreateOrganization;\n\t\tif (!canCreateOrg) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 403,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to create organizations\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, options);\n\t\tconst existingOrganization = await adapter.findOrganizationBySlug(\n\t\t\tctx.body.slug,\n\t\t);\n\t\tif (existingOrganization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization with this slug already exists\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst organization = await adapter.createOrganization({\n\t\t\torganization: {\n\t\t\t\tid: generateId(),\n\t\t\t\tslug: ctx.body.slug,\n\t\t\t\tname: ctx.body.name,\n\t\t\t},\n\t\t\tuser,\n\t\t});\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const updateOrganization = createAuthEndpoint(\n\t\"/organization/update\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string().optional(),\n\t\t\tslug: z.string().optional(),\n\t\t\torgId: z.string().optional(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = await ctx.context.getSession(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst orgId = ctx.body.orgId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canUpdateOrg = role.authorize({\n\t\t\torganization: [\"update\"],\n\t\t});\n\t\tif (canUpdateOrg.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to update this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst updatedOrg = await adapter.updateOrganization(orgId, ctx.body);\n\t\treturn ctx.json(updatedOrg);\n\t},\n);\n\nexport const deleteOrganization = createAuthEndpoint(\n\t\"/organization/delete\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\torgId: z.string(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = await ctx.context.getSession(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst orgId = ctx.body.orgId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canDeleteOrg = role.authorize({\n\t\t\torganization: [\"delete\"],\n\t\t});\n\t\tif (canDeleteOrg.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to delete this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tif (orgId === session.session.activeOrganizationId) {\n\t\t\t/**\n\t\t\t * If the organization is deleted, we set the active organization to null\n\t\t\t */\n\t\t\tawait adapter.setActiveOrganization(session.session.id, null);\n\t\t}\n\t\tconst deletedOrg = await adapter.deleteOrganization(orgId);\n\t\treturn ctx.json(deletedOrg);\n\t},\n);\n\nexport const getFullOrganization = createAuthEndpoint(\n\t\"/organization/full\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\torgId: z.string().optional(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = ctx.query.orgId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst organization = await adapter.findFullOrganization(orgId);\n\t\tif (!organization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 404,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const setActiveOrganization = createAuthEndpoint(\n\t\"/organization/set-active\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\torgId: z.string(),\n\t\t}),\n\t\tuse: [sessionMiddleware, orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = ctx.body.orgId;\n\t\tawait adapter.setActiveOrganization(session.session.id, orgId);\n\t\tconst organization = await adapter.findFullOrganization(orgId);\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const listOrganization = createAuthEndpoint(\n\t\"/organization/list\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst organizations = await adapter.listOrganizations(\n\t\t\tctx.context.session.user.id,\n\t\t);\n\t\treturn ctx.json(organizations);\n\t},\n);\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint, createAuthMiddleware } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport { hs256, symmetricEncrypt } from \"../../crypto\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { backupCode2fa, generateBackupCodes } from \"./backup-codes\";\nimport { otp2fa } from \"./otp\";\nimport { totp2fa } from \"./totp\";\n\nimport type { TwoFactorOptions, UserWithTwoFactor } from \"./types\";\nimport type { Session } from \"../../adapters/schema\";\n\nexport const twoFactor = <O extends TwoFactorOptions>(options: O) => {\n\tconst totp = totp2fa({\n\t\tissuer: options.issuer,\n\t\t...options.totpOptions,\n\t});\n\tconst backupCode = backupCode2fa(options.backupCodeOptions);\n\tconst otp = otp2fa(options.otpOptions);\n\tconst providers = [totp, backupCode, otp];\n\treturn {\n\t\tid: \"two-factor\",\n\t\tendpoints: {\n\t\t\t...totp.endpoints,\n\t\t\t...otp.endpoints,\n\t\t\t...backupCode.endpoints,\n\t\t\tenableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/enable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst secret = generateRandomString(16, alphabet(\"a-z\", \"0-9\", \"-\"));\n\t\t\t\t\tconst encryptedSecret = await symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: secret,\n\t\t\t\t\t});\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\toptions.backupCodeOptions,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorSecret: encryptedSecret,\n\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t\ttwoFactorBackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t\tdisableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/disable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorEnabled: false,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\toptions: options,\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/email\" ||\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/username\"\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = (await (ctx as any).returned) as Response;\n\t\t\t\t\t\tif (returned?.status !== 200) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst response = (await returned.json()) as {\n\t\t\t\t\t\t\tuser: UserWithTwoFactor;\n\t\t\t\t\t\t\tsession: Session;\n\t\t\t\t\t\t};\n\t\t\t\t\t\tif (!response.user.twoFactorEnabled) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * remove the session cookie. It's set by the sign in credential\n\t\t\t\t\t\t */\n\t\t\t\t\t\tctx.setCookie(ctx.context.authCookies.sessionToken.name, \"\", {\n\t\t\t\t\t\t\tpath: \"/\",\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsecure: false,\n\t\t\t\t\t\t\tmaxAge: 0,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst hash = await hs256(ctx.context.secret, response.session.id);\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * We set the user id and the session\n\t\t\t\t\t\t * id as a hash. Later will fetch for\n\t\t\t\t\t\t * sessions with the user id compare\n\t\t\t\t\t\t * the hash and set that as session.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\t\"better-auth.two-factor\",\n\t\t\t\t\t\t\t`${response.session.userId}!${hash}`,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tconst res = new Response(\n\t\t\t\t\t\t\tJSON.stringify({\n\t\t\t\t\t\t\t\ttwoFactorRedirect: true,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\theaders: ctx.responseHeader,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\tresponse: res,\n\t\t\t\t\t\t};\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tschema: {\n\t\t\tuser: {\n\t\t\t\tfields: {\n\t\t\t\t\ttwoFactorEnabled: {\n\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tdefaultValue: false,\n\t\t\t\t\t},\n\t\t\t\t\ttwoFactorSecret: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\ttwoFactorBackupCodes: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\treturned: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n\nexport * from \"./client\";\n","import { xchacha20poly1305 } from \"@noble/ciphers/chacha\";\nimport { bytesToHex, hexToBytes, utf8ToBytes } from \"@noble/ciphers/utils\";\nimport { managedNonce } from \"@noble/ciphers/webcrypto\";\nimport { sha256 } from \"@noble/hashes/sha256\";\n\nexport async function hs256(secretKey: string, message: string) {\n\tconst enc = new TextEncoder();\n\tconst algorithm = { name: \"HMAC\", hash: \"SHA-256\" };\n\tconst key = await crypto.subtle.importKey(\n\t\t\"raw\",\n\t\tenc.encode(secretKey),\n\t\talgorithm,\n\t\tfalse,\n\t\t[\"sign\", \"verify\"],\n\t);\n\tconst signature = await crypto.subtle.sign(\n\t\talgorithm.name,\n\t\tkey,\n\t\tenc.encode(message),\n\t);\n\treturn btoa(String.fromCharCode(...new Uint8Array(signature)));\n}\n\nexport type SymmetricEncryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricEncrypt = ({ key, data }: SymmetricEncryptOptions) => {\n\tconst keyAsBytes = sha256(key);\n\tconst dataAsBytes = utf8ToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(keyAsBytes);\n\treturn bytesToHex(chacha.encrypt(dataAsBytes));\n};\n\nexport type SymmetricDecryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricDecrypt = ({ key, data }: SymmetricDecryptOptions) => {\n\tconst keyAsBytes = sha256(key);\n\tconst dataAsBytes = hexToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(keyAsBytes);\n\treturn chacha.decrypt(dataAsBytes);\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { symmetricDecrypt, symmetricEncrypt } from \"../../../crypto\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport interface BackupCodeOptions {\n\t/**\n\t * The amount of backup codes to generate\n\t *\n\t * @default 10\n\t */\n\tamount?: number;\n\t/**\n\t * The length of the backup codes\n\t *\n\t * @default 10\n\t */\n\tlength?: number;\n\tcustomBackupCodesGenerate?: () => string[];\n}\n\nfunction generateBackupCodesFn(options?: BackupCodeOptions) {\n\treturn Array.from({ length: options?.amount ?? 10 })\n\t\t.fill(null)\n\t\t.map(() =>\n\t\t\tgenerateRandomString(options?.length ?? 10, alphabet(\"a-z\", \"0-9\")),\n\t\t)\n\t\t.map((code) => `${code.slice(0, 5)}-${code.slice(5)}`);\n}\n\nexport async function generateBackupCodes(\n\tsecret: string,\n\toptions?: BackupCodeOptions,\n) {\n\tconst key = secret;\n\tconst backupCodes = options?.customBackupCodesGenerate\n\t\t? options.customBackupCodesGenerate()\n\t\t: generateBackupCodesFn();\n\tconst encCodes = symmetricEncrypt({\n\t\tdata: JSON.stringify(backupCodes),\n\t\tkey: key,\n\t});\n\treturn {\n\t\tbackupCodes,\n\t\tencryptedBackupCodes: encCodes,\n\t};\n}\n\nexport async function verifyBackupCode(\n\tdata: {\n\t\tuser: UserWithTwoFactor;\n\t\tcode: string;\n\t},\n\tkey: string,\n) {\n\tconst codes = await getBackupCodes(data.user, key);\n\tif (!codes) {\n\t\treturn false;\n\t}\n\treturn codes.includes(data.code);\n}\n\nexport async function getBackupCodes(user: UserWithTwoFactor, key: string) {\n\tconst secret = Buffer.from(\n\t\tawait symmetricDecrypt({ key, data: user.twoFactorBackupCodes }),\n\t).toString(\"utf-8\");\n\tconst data = JSON.parse(secret);\n\tconst result = z.array(z.string()).safeParse(data);\n\tif (result.success) {\n\t\treturn result.data;\n\t}\n\treturn null;\n}\n\nexport const backupCode2fa = (options?: BackupCodeOptions) => {\n\treturn {\n\t\tid: \"backup_code\",\n\t\tendpoints: {\n\t\t\tverifyBackupCode: createAuthEndpoint(\n\t\t\t\t\"/two-factor/verify-backup-code\",\n\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tcode: z.string(),\n\t\t\t\t\t}),\n\t\t\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst validate = verifyBackupCode(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tuser: ctx.context.session.user,\n\t\t\t\t\t\t\tcode: ctx.body.code,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!validate) {\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{ status: false },\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t\tgenerateBackupCodes: createAuthEndpoint(\n\t\t\t\t\"/two-factor/generate-backup-codes\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\toptions,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t\ttwoFactorBackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: ctx.context.session.user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: backupCodes.backupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tviewBackupCodes: createAuthEndpoint(\n\t\t\t\t\"/view/backup-codes\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst backupCodes = getBackupCodes(user, ctx.context.secret);\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: backupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import { APIError } from \"better-call\";\nimport type { Session } from \"../../adapters/schema\";\nimport { createAuthMiddleware } from \"../../api/call\";\nimport { hs256 } from \"../../crypto\";\nimport { TWO_FACTOR_COOKIE_NAME } from \"./constant\";\nimport type { UserWithTwoFactor } from \"./types\";\n\nexport const verifyTwoFactorMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst cookie = await ctx.getSignedCookie(\n\t\tTWO_FACTOR_COOKIE_NAME,\n\t\tctx.context.secret,\n\t);\n\tif (!cookie) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"two factor isn't enabled\",\n\t\t});\n\t}\n\tconst [userId, hash] = cookie.split(\"!\");\n\tif (!userId || !hash) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid two factor cookie\",\n\t\t});\n\t}\n\tconst sessions = await ctx.context.adapter.findMany<Session>({\n\t\tmodel: \"session\",\n\t\twhere: [\n\t\t\t{\n\t\t\t\tfield: \"userId\",\n\t\t\t\tvalue: userId,\n\t\t\t},\n\t\t],\n\t});\n\tif (!sessions.length) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid session\",\n\t\t});\n\t}\n\tconst activeSessions = sessions.filter(\n\t\t(session) => session.expiresAt > new Date(),\n\t);\n\tif (!activeSessions) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid session\",\n\t\t});\n\t}\n\tfor (const session of activeSessions) {\n\t\tconst hashToMatch = await hs256(ctx.context.secret, session.id);\n\t\tconst user = await ctx.context.adapter.findOne<UserWithTwoFactor>({\n\t\t\tmodel: \"user\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: session.userId,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\t\tif (!user) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"invalid session\",\n\t\t\t});\n\t\t}\n\t\tif (hashToMatch === hash) {\n\t\t\treturn {\n\t\t\t\tvalid: async () => {\n\t\t\t\t\t/**\n\t\t\t\t\t * Set the session cookie\n\t\t\t\t\t */\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\tsession.id,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t);\n\t\t\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\t\tcallbackURL: ctx.body.callbackURL,\n\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t\tinvalid: async () => {\n\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t{ status: false },\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Invalid code\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsession: {\n\t\t\t\t\tid: session.id,\n\t\t\t\t\tuserId: session.userId,\n\t\t\t\t\texpiresAt: session.expiresAt,\n\t\t\t\t\tuser,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\tmessage: \"invalid two factor authentication\",\n\t});\n});\n","export const TWO_FACTOR_COOKIE_NAME = \"better-auth.two-factor\";\nexport const OTP_RANDOM_NUMBER_COOKIE_NAME = \"otp.counter\";\n","import { APIError } from \"better-call\";\nimport { generateRandomInteger } from \"oslo/crypto\";\nimport { generateHOTP } from \"oslo/otp\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { OTP_RANDOM_NUMBER_COOKIE_NAME } from \"../constant\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport interface OTPOptions {\n\t/**\n\t * How long the opt will be valid for\n\t *\n\t * @default \"5 mins\"\n\t */\n\tperiod?: number;\n\tsendOTP: (user: UserWithTwoFactor, otp: string) => Promise<void>;\n}\n\n/**\n * The otp adapter is created from the totp adapter.\n */\nexport const otp2fa = (options?: OTPOptions) => {\n\t/**\n\t * Generate OTP and send it to the user.\n\t */\n\tconst send2FaOTP = createAuthEndpoint(\n\t\t\"/two-factor/send-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options || !options.sendOTP) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"otp isn't configured. please pass otp option on two factor plugin to enable otp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"otp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst randomNumber = generateRandomInteger(100000);\n\t\t\tconst otp = await generateHOTP(\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\trandomNumber,\n\t\t\t);\n\t\t\tawait options.sendOTP(ctx.context.session.user as UserWithTwoFactor, otp);\n\t\t\tconst cookie = ctx.context.createAuthCookie(\n\t\t\t\tOTP_RANDOM_NUMBER_COOKIE_NAME,\n\t\t\t\t{\n\t\t\t\t\tmaxAge: options.period,\n\t\t\t\t},\n\t\t\t);\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tcookie.name,\n\t\t\t\trandomNumber.toString(),\n\t\t\t\tctx.context.secret,\n\t\t\t\tcookie.options,\n\t\t\t);\n\t\t\treturn ctx.json({ status: true });\n\t\t},\n\t);\n\n\tconst verifyOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: z.object({\n\t\t\t\tcode: z.string(),\n\t\t\t}),\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst user = ctx.context.session.user;\n\t\t\tif (!user.twoFactorEnabled) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"two factor isn't enabled\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst cookie = ctx.context.createAuthCookie(\n\t\t\t\tOTP_RANDOM_NUMBER_COOKIE_NAME,\n\t\t\t);\n\t\t\tconst randomNumber = await ctx.getSignedCookie(\n\t\t\t\tcookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tif (!randomNumber) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"OTP is expired\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst toCheckOtp = await generateHOTP(\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\tparseInt(randomNumber),\n\t\t\t);\n\t\t\tif (toCheckOtp === ctx.body.code) {\n\t\t\t\tctx.setCookie(cookie.name, \"\", {\n\t\t\t\t\tpath: \"/\",\n\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\thttpOnly: true,\n\t\t\t\t\tsecure: false,\n\t\t\t\t\tmaxAge: 0,\n\t\t\t\t});\n\t\t\t\treturn ctx.context.valid();\n\t\t\t} else {\n\t\t\t\treturn ctx.context.invalid();\n\t\t\t}\n\t\t},\n\t);\n\treturn {\n\t\tid: \"otp\",\n\t\tendpoints: {\n\t\t\tsend2FaOTP,\n\t\t\tverifyOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import { APIError } from \"better-call\";\nimport { TimeSpan } from \"oslo\";\nimport { TOTPController, createTOTPKeyURI } from \"oslo/otp\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { symmetricDecrypt } from \"../../../crypto\";\nimport type { BackupCodeOptions } from \"../backup-codes\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport type TOTPOptions = {\n\t/**\n\t * Issuer\n\t */\n\tissuer: string;\n\t/**\n\t * How many digits the otp to be\n\t *\n\t * @default 6\n\t */\n\tdigits?: 6 | 8;\n\t/**\n\t * Period for otp in seconds.\n\t * @default 30\n\t */\n\tperiod?: number;\n\t/**\n\t * Backup codes configuration\n\t */\n\tbackupCodes?: BackupCodeOptions;\n};\n\nexport const totp2fa = (options: TOTPOptions) => {\n\tconst opts = {\n\t\tdigits: 6,\n\t\tperiod: new TimeSpan(options?.period || 30, \"s\"),\n\t};\n\n\tconst generateTOTP = createAuthEndpoint(\n\t\t\"/totp/generate\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [sessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = ctx.context.session.user as UserWithTwoFactor;\n\t\t\tconst totp = new TOTPController(opts);\n\t\t\tconst code = await totp.generate(Buffer.from(session.twoFactorSecret));\n\t\t\treturn { code };\n\t\t},\n\t);\n\n\tconst getTOTPURI = createAuthEndpoint(\n\t\t\"/two-factor/get-totp-uri\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [sessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\treturn {\n\t\t\t\ttotpURI: createTOTPKeyURI(\n\t\t\t\t\toptions?.issuer || \"BetterAuth\",\n\t\t\t\t\tuser.email,\n\t\t\t\t\tBuffer.from(user.twoFactorSecret),\n\t\t\t\t\topts,\n\t\t\t\t),\n\t\t\t};\n\t\t},\n\t);\n\n\tconst verifyTOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-totp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: z.object({\n\t\t\t\tcode: z.string(),\n\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t}),\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst totp = new TOTPController(opts);\n\t\t\tconst secret = Buffer.from(\n\t\t\t\tawait symmetricDecrypt({\n\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\tdata: ctx.context.session.user.twoFactorSecret,\n\t\t\t\t}),\n\t\t\t);\n\t\t\tconst status = await totp.verify(ctx.body.code, secret);\n\t\t\tif (!status) {\n\t\t\t\treturn ctx.context.invalid();\n\t\t\t}\n\t\t\treturn ctx.context.valid();\n\t\t},\n\t);\n\treturn {\n\t\tid: \"totp\",\n\t\tendpoints: {\n\t\t\tgenerateTOTP: generateTOTP,\n\t\t\tviewTOTPURI: getTOTPURI,\n\t\t\tverifyTOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import type { BetterFetch, BetterFetchPlugin } from \"@better-fetch/fetch\";\nimport type { Endpoint } from \"better-call\";\nimport type { AuthProxySignal } from \"./proxy\";\nimport type { Atom, PreinitializedWritableAtom } from \"nanostores\";\nimport type { BetterAuthPlugin } from \"../types/plugins\";\nimport type { AuthPlugin } from \"./type\";\nimport type { useAuthStore as reactStore } from \"./react\";\nimport type { useAuthStore as vueStore } from \"./vue\";\nimport type { useAuthStore as preactStore } from \"./preact\";\n\nexport const createClientPlugin = <E extends BetterAuthPlugin = never>() => {\n\treturn <\n\t\tActions extends Record<string, any>,\n\t\tIntegrations extends {\n\t\t\treact?: (useStore: typeof reactStore) => Record<string, any>;\n\t\t\tvue?: (useStore: typeof vueStore) => Record<string, any>;\n\t\t\tpreact?: (useStore: typeof preactStore) => Record<string, any>;\n\t\t\tsvelte?: () => Record<string, any>;\n\t\t},\n\t>(\n\t\t$fn: ($fetch: BetterFetch) => {\n\t\t\tid: string;\n\t\t\tactions?: Actions;\n\t\t\tauthProxySignal?: AuthProxySignal[];\n\t\t\tsignals?: Record<string, PreinitializedWritableAtom<boolean>>;\n\t\t\tatoms?: Record<string, Atom<any>>;\n\t\t\tintegrations?: Integrations;\n\t\t\tpathMethods?: Record<string, \"POST\" | \"GET\">;\n\t\t\tfetchPlugins?: BetterFetchPlugin[];\n\t\t},\n\t) => {\n\t\treturn ($fetch: BetterFetch) => {\n\t\t\tconst data = $fn($fetch);\n\t\t\treturn {\n\t\t\t\t...data,\n\t\t\t\tintegrations: data.integrations as Integrations,\n\t\t\t\tplugin: {} as E,\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport interface AuthClientPlugin {\n\tid: string;\n\tendpoint: Record<string, Endpoint>;\n}\n","import { createClientPlugin } from \"../../client/create-client-plugin\";\nimport type { twoFactor as twoFa } from \"../../plugins/two-factor\";\n\nexport const twoFactorClient = (\n\toptions: {\n\t\ttwoFactorPage: string;\n\t\t/**\n\t\t * Redirect to the two factor page. If twoFactorPage\n\t\t * is not set this will redirect to the root path.\n\t\t * @default true\n\t\t */\n\t\tredirect?: boolean;\n\t} = {\n\t\tredirect: true,\n\t\ttwoFactorPage: \"/\",\n\t},\n) => {\n\treturn createClientPlugin<ReturnType<typeof twoFa>>()(($fetch) => {\n\t\treturn {\n\t\t\tid: \"two-factor\",\n\t\t\tauthProxySignal: [\n\t\t\t\t{\n\t\t\t\t\tmatcher: (path) =>\n\t\t\t\t\t\tpath === \"/two-factor/enable\" || path === \"/two-factor/send-otp\",\n\t\t\t\t\tatom: \"$sessionSignal\",\n\t\t\t\t},\n\t\t\t],\n\t\t\tpathMethods: {\n\t\t\t\t\"enable/totp\": \"POST\",\n\t\t\t\t\"/two-factor/disable\": \"POST\",\n\t\t\t\t\"/two-factor/enable\": \"POST\",\n\t\t\t\t\"/two-factor/send-otp\": \"POST\",\n\t\t\t},\n\t\t\tfetchPlugins: [\n\t\t\t\t{\n\t\t\t\t\tid: \"two-factor\",\n\t\t\t\t\tname: \"two-factor\",\n\t\t\t\t\thooks: {\n\t\t\t\t\t\tasync onSuccess(context) {\n\t\t\t\t\t\t\tif (context.data?.twoFactorRedirect) {\n\t\t\t\t\t\t\t\tif (options.redirect) {\n\t\t\t\t\t\t\t\t\twindow.location.href = options.twoFactorPage;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t};\n\t});\n};\n","import {\n\tgenerateAuthenticationOptions,\n\tgenerateRegistrationOptions,\n\tverifyAuthenticationResponse,\n\tverifyRegistrationResponse,\n} from \"@simplewebauthn/server\";\nimport type {\n\tAuthenticationResponseJSON,\n\tAuthenticatorTransportFuture,\n\tCredentialDeviceType,\n\tPublicKeyCredentialCreationOptionsJSON,\n} from \"@simplewebauthn/types\";\nimport { APIError } from \"better-call\";\nimport { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport { getSessionFromCtx } from \"../../api/routes\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\n\nexport interface PasskeyOptions {\n\t/**\n\t * A unique identifier for your website. 'localhost' is okay for\n\t * local dev\n\t */\n\trpID: string;\n\t/**\n\t * Human-readable title for your website\n\t */\n\trpName: string;\n\t/**\n\t * The URL at which registrations and authentications should occur.\n\t * 'http://localhost' and 'http://localhost:PORT' are also valid.\n\t * Do NOT include any trailing /\n\t *\n\t * if this isn't provided. The client itself will\n\t * pass this value.\n\t */\n\torigin?: string | null;\n\t/**\n\t * Advanced options\n\t */\n\tadvanced?: {\n\t\twebAuthnChallengeCookie?: string;\n\t};\n}\n\nexport type WebAuthnCookieType = {\n\texpectedChallenge: string;\n\tuserData: { id: string; email: string };\n\tcallbackURL?: string;\n};\n\nexport type Passkey = {\n\tid: string;\n\tpublicKey: string;\n\tuserId: string;\n\twebauthnUserID: string;\n\tcounter: number;\n\tdeviceType: CredentialDeviceType;\n\tbackedUp: boolean;\n\ttransports?: string;\n\tcreatedAt: Date;\n};\n\nexport const passkey = (options: PasskeyOptions) => {\n\tconst opts = {\n\t\torigin: null,\n\t\t...options,\n\t\trpID: process.env.NODE_ENV === \"development\" ? \"localhost\" : options.rpID,\n\t\tadvanced: {\n\t\t\twebAuthnChallengeCookie: \"better-auth-passkey\",\n\t\t\t...options.advanced,\n\t\t},\n\t};\n\tconst webAuthnChallengeCookieExpiration = 60 * 60 * 24; // 24 hours\n\treturn {\n\t\tid: \"passkey\",\n\t\tendpoints: {\n\t\t\tgeneratePasskeyRegistrationOptions: createAuthEndpoint(\n\t\t\t\t\"/passkey/generate-register-options\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\tclient: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst session = ctx.context.session;\n\t\t\t\t\tconst userPasskeys = await ctx.context.adapter.findMany<Passkey>({\n\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: session.user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tconst userID = new Uint8Array(\n\t\t\t\t\t\tBuffer.from(generateRandomString(32, alphabet(\"a-z\", \"0-9\"))),\n\t\t\t\t\t);\n\t\t\t\t\tlet options: PublicKeyCredentialCreationOptionsJSON;\n\t\t\t\t\toptions = await generateRegistrationOptions({\n\t\t\t\t\t\trpName: opts.rpName,\n\t\t\t\t\t\trpID: opts.rpID,\n\t\t\t\t\t\tuserID,\n\t\t\t\t\t\tuserName: session.user.email || session.user.id,\n\t\t\t\t\t\tattestationType: \"none\",\n\t\t\t\t\t\texcludeCredentials: userPasskeys.map((passkey) => ({\n\t\t\t\t\t\t\tid: passkey.id,\n\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t})),\n\t\t\t\t\t\tauthenticatorSelection: {\n\t\t\t\t\t\t\tresidentKey: \"preferred\",\n\t\t\t\t\t\t\tuserVerification: \"preferred\",\n\t\t\t\t\t\t\tauthenticatorAttachment: \"platform\",\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t\t/**\n\t\t\t\t\t * set challenge on cookies\n\t\t\t\t\t */\n\t\t\t\t\tconst data: WebAuthnCookieType = {\n\t\t\t\t\t\texpectedChallenge: options.challenge,\n\t\t\t\t\t\tuserData: {\n\t\t\t\t\t\t\t...session.user,\n\t\t\t\t\t\t\temail: session.user.email || session.user.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t};\n\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tJSON.stringify(data),\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tsecure: true,\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\tmaxAge: webAuthnChallengeCookieExpiration,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json(options, {\n\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tgeneratePasskeyAuthenticationOptions: createAuthEndpoint(\n\t\t\t\t\"/passkey/generate-authenticate-options\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z\n\t\t\t\t\t\t.object({\n\t\t\t\t\t\t\temail: z.string().optional(),\n\t\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t\t})\n\t\t\t\t\t\t.optional(),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst session = await getSessionFromCtx(ctx);\n\t\t\t\t\tlet userPasskeys: Passkey[] = [];\n\t\t\t\t\tif (session) {\n\t\t\t\t\t\tuserPasskeys = await ctx.context.adapter.findMany<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\t\tvalue: session.user.id,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst options = await generateAuthenticationOptions({\n\t\t\t\t\t\trpID: opts.rpID,\n\t\t\t\t\t\tuserVerification: \"preferred\",\n\t\t\t\t\t\t...(userPasskeys.length\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tallowCredentials: userPasskeys.map((passkey) => ({\n\t\t\t\t\t\t\t\t\t\tid: passkey.id,\n\t\t\t\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t\t\t\t})),\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t});\n\t\t\t\t\t/**\n\t\t\t\t\t * set challenge on cookies\n\t\t\t\t\t */\n\t\t\t\t\tconst data: WebAuthnCookieType = {\n\t\t\t\t\t\texpectedChallenge: options.challenge,\n\t\t\t\t\t\tuserData: {\n\t\t\t\t\t\t\temail: session?.user.email || session?.user.id || \"\",\n\t\t\t\t\t\t\tid: session?.user.id || \"\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcallbackURL: ctx.body?.callbackURL,\n\t\t\t\t\t};\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tJSON.stringify(data),\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tsecure: true,\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\tmaxAge: webAuthnChallengeCookieExpiration,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json(options, {\n\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tverifyPasskeyRegistration: createAuthEndpoint(\n\t\t\t\t\"/passkey/verify-registration\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tresponse: z.any(),\n\t\t\t\t\t}),\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst origin = options.origin || ctx.headers?.get(\"origin\") || \"\";\n\t\t\t\t\tif (!origin) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst resp = ctx.body.response;\n\t\t\t\t\tconst challengeString = await ctx.getSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!challengeString) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst { userData, expectedChallenge } = JSON.parse(\n\t\t\t\t\t\tchallengeString,\n\t\t\t\t\t) as WebAuthnCookieType;\n\n\t\t\t\t\tif (userData.id !== ctx.context.session.user.id) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"You are not authorized to register this passkey\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst verification = await verifyRegistrationResponse({\n\t\t\t\t\t\t\tresponse: resp,\n\t\t\t\t\t\t\texpectedChallenge,\n\t\t\t\t\t\t\texpectedOrigin: origin,\n\t\t\t\t\t\t\texpectedRPID: options.rpID,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst { verified, registrationInfo } = verification;\n\t\t\t\t\t\tif (!verified || !registrationInfo) {\n\t\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst {\n\t\t\t\t\t\t\tcredentialID,\n\t\t\t\t\t\t\tcredentialPublicKey,\n\t\t\t\t\t\t\tcounter,\n\t\t\t\t\t\t\tcredentialDeviceType,\n\t\t\t\t\t\t\tcredentialBackedUp,\n\t\t\t\t\t\t} = registrationInfo;\n\t\t\t\t\t\tconst pubKey = Buffer.from(credentialPublicKey).toString(\"base64\");\n\t\t\t\t\t\tconst userID = generateRandomString(32, alphabet(\"a-z\", \"0-9\"));\n\t\t\t\t\t\tconst newPasskey: Passkey = {\n\t\t\t\t\t\t\tuserId: userData.id,\n\t\t\t\t\t\t\twebauthnUserID: userID,\n\t\t\t\t\t\t\tid: credentialID,\n\t\t\t\t\t\t\tpublicKey: pubKey,\n\t\t\t\t\t\t\tcounter,\n\t\t\t\t\t\t\tdeviceType: credentialDeviceType,\n\t\t\t\t\t\t\ttransports: resp.response.transports.join(\",\"),\n\t\t\t\t\t\t\tbackedUp: credentialBackedUp,\n\t\t\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\t\t};\n\t\t\t\t\t\tconst newPasskeyRes = await ctx.context.adapter.create<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\tdata: newPasskey,\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn ctx.json(newPasskeyRes, {\n\t\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t\t});\n\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\tconsole.log(e);\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Registration failed\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t),\n\t\t\tverifyPasskeyAuthentication: createAuthEndpoint(\n\t\t\t\t\"/passkey/verify-authentication\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tresponse: z.any(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst origin = options.origin || ctx.headers?.get(\"origin\") || \"\";\n\t\t\t\t\tif (!origin) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst resp = ctx.body.response;\n\t\t\t\t\tconst challengeString = await ctx.getSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!challengeString) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst { expectedChallenge, callbackURL } = JSON.parse(\n\t\t\t\t\t\tchallengeString,\n\t\t\t\t\t) as WebAuthnCookieType;\n\t\t\t\t\tconst passkey = await ctx.context.adapter.findOne<Passkey>({\n\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: resp.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!passkey) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Passkey not found\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst verification = await verifyAuthenticationResponse({\n\t\t\t\t\t\t\tresponse: resp as AuthenticationResponseJSON,\n\t\t\t\t\t\t\texpectedChallenge,\n\t\t\t\t\t\t\texpectedOrigin: origin,\n\t\t\t\t\t\t\texpectedRPID: opts.rpID,\n\t\t\t\t\t\t\tauthenticator: {\n\t\t\t\t\t\t\t\tcredentialID: passkey.id,\n\t\t\t\t\t\t\t\tcredentialPublicKey: new Uint8Array(\n\t\t\t\t\t\t\t\t\tBuffer.from(passkey.publicKey, \"base64\"),\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t\tcounter: passkey.counter,\n\t\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst { verified } = verification;\n\t\t\t\t\t\tif (!verified)\n\t\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\t\tmessage: \"verification failed\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait ctx.context.adapter.update<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\t\tvalue: passkey.id,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\t\tcounter: verification.authenticationInfo.newCounter,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst s = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\t\tpasskey.userId,\n\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\t\ts.id,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tif (callbackURL) {\n\t\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\t\turl: callbackURL,\n\t\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t\t\tsession: s,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tsession: s,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\tctx.context.logger.error(e);\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Authentication failed\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\tschema: {\n\t\t\tpasskey: {\n\t\t\t\tfields: {\n\t\t\t\t\tpublicKey: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\twebauthnUserID: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tcounter: {\n\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t},\n\t\t\t\t\tdeviceType: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tbackedUp: {\n\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t},\n\t\t\t\t\ttransports: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\tdefaultValue: new Date(),\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n\nexport * from \"./client\";\n","import type { BetterFetch } from \"@better-fetch/fetch\";\nimport {\n\tWebAuthnError,\n\tstartAuthentication,\n\tstartRegistration,\n} from \"@simplewebauthn/browser\";\nimport type {\n\tPublicKeyCredentialCreationOptionsJSON,\n\tPublicKeyCredentialRequestOptionsJSON,\n} from \"@simplewebauthn/types\";\nimport type { Session } from \"inspector\";\nimport type { User } from \"../../adapters/schema\";\nimport type { passkey as passkeyPl, Passkey } from \"../../plugins\";\nimport { createClientPlugin } from \"../../client/create-client-plugin\";\n\nexport const getPasskeyActions = ($fetch: BetterFetch) => {\n\tconst signInPasskey = async (opts?: {\n\t\tautoFill?: boolean;\n\t\temail?: string;\n\t\tcallbackURL?: string;\n\t}) => {\n\t\tconst response = await $fetch<PublicKeyCredentialRequestOptionsJSON>(\n\t\t\t\"/passkey/generate-authenticate-options\",\n\t\t\t{\n\t\t\t\tmethod: \"POST\",\n\t\t\t\tbody: {\n\t\t\t\t\temail: opts?.email,\n\t\t\t\t},\n\t\t\t},\n\t\t);\n\t\tif (!response.data) {\n\t\t\treturn response;\n\t\t}\n\t\ttry {\n\t\t\tconst res = await startAuthentication(\n\t\t\t\tresponse.data,\n\t\t\t\topts?.autoFill || false,\n\t\t\t);\n\t\t\tconst verified = await $fetch<{\n\t\t\t\tsession: Session;\n\t\t\t\tuser: User;\n\t\t\t}>(\"/passkey/verify-authentication\", {\n\t\t\t\tbody: {\n\t\t\t\t\tresponse: res,\n\t\t\t\t\ttype: \"authenticate\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!verified.data) {\n\t\t\t\treturn verified;\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tconsole.log(e);\n\t\t}\n\t};\n\n\tconst registerPasskey = async () => {\n\t\tconst options = await $fetch<PublicKeyCredentialCreationOptionsJSON>(\n\t\t\t\"/passkey/generate-register-options\",\n\t\t\t{\n\t\t\t\tmethod: \"GET\",\n\t\t\t},\n\t\t);\n\t\tif (!options.data) {\n\t\t\treturn options;\n\t\t}\n\t\ttry {\n\t\t\tconst res = await startRegistration(options.data);\n\t\t\tconst verified = await $fetch<{\n\t\t\t\tpasskey: Passkey;\n\t\t\t}>(\"/passkey/verify-registration\", {\n\t\t\t\tbody: {\n\t\t\t\t\tresponse: res,\n\t\t\t\t\ttype: \"register\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!verified.data) {\n\t\t\t\treturn verified;\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tif (e instanceof WebAuthnError) {\n\t\t\t\tif (e.code === \"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED\") {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tdata: null,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: \"previously registered\",\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tstatusText: \"BAD_REQUEST\",\n\t\t\t\t\t\t},\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t};\n\treturn {\n\t\tsignInPasskey,\n\t\tregisterPasskey,\n\t};\n};\n\nexport const passkeyClient = createClientPlugin<ReturnType<typeof passkeyPl>>()(\n\t($fetch) => {\n\t\treturn {\n\t\t\tid: \"passkey\",\n\t\t\tactions: getPasskeyActions($fetch),\n\t\t};\n\t},\n);\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { Argon2id } from \"oslo/password\";\nimport { APIError } from \"better-call\";\nimport type { Account, User } from \"../../adapters/schema\";\nimport { signUpEmail } from \"../../api/routes/sign-up\";\n\nexport const username = () => {\n\treturn {\n\t\tid: \"username\",\n\t\tendpoints: {\n\t\t\tsignInUsername: createAuthEndpoint(\n\t\t\t\t\"/sign-in/username\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tusername: z.string(),\n\t\t\t\t\t\tpassword: z.string(),\n\t\t\t\t\t\tdontRememberMe: z.boolean().optional(),\n\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = await ctx.context.adapter.findOne<User>({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"username\",\n\t\t\t\t\t\t\t\tvalue: ctx.body.username,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tconst argon2id = new Argon2id();\n\t\t\t\t\tif (!user) {\n\t\t\t\t\t\tawait argon2id.hash(ctx.body.password);\n\t\t\t\t\t\tctx.context.logger.error(\"User not found\", { username });\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst account = await ctx.context.adapter.findOne<Account>({\n\t\t\t\t\t\tmodel: \"account\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"providerId\",\n\t\t\t\t\t\t\t\tvalue: \"credential\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!account) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst currentPassword = account?.password;\n\t\t\t\t\tif (!currentPassword) {\n\t\t\t\t\t\tctx.context.logger.error(\"Password not found\", { username });\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Unexpected error\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst validPassword = await argon2id.verify(\n\t\t\t\t\t\tcurrentPassword,\n\t\t\t\t\t\tctx.body.password,\n\t\t\t\t\t);\n\t\t\t\t\tif (!validPassword) {\n\t\t\t\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tuser.id,\n\t\t\t\t\t\tctx.request,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\tsession.id,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tctx.body.dontRememberMe\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t\t\t\tmaxAge: undefined,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tuser: user,\n\t\t\t\t\t\tsession,\n\t\t\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tsignUpUsername: createAuthEndpoint(\n\t\t\t\t\"/sign-up/username\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tusername: z.string().min(3).max(20),\n\t\t\t\t\t\tname: z.string(),\n\t\t\t\t\t\temail: z.string().email(),\n\t\t\t\t\t\tpassword: z.string(),\n\t\t\t\t\t\timage: z.string().optional(),\n\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst res = await signUpEmail({\n\t\t\t\t\t\t...ctx,\n\t\t\t\t\t\t//@ts-expect-error\n\t\t\t\t\t\t_flag: undefined,\n\t\t\t\t\t});\n\t\t\t\t\tif (!res) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Sign up failed\",\n\t\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tawait ctx.context.internalAdapter.updateUserByEmail(res.user.email, {\n\t\t\t\t\t\tusername: ctx.body.username,\n\t\t\t\t\t});\n\t\t\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\t\t\treturn ctx.json(res, {\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t\t\t...res,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json(res);\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\n\t\tschema: {\n\t\t\tuser: {\n\t\t\t\tfields: {\n\t\t\t\t\tusername: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t\treturned: true,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const signUpEmail = createAuthEndpoint(\n\t\"/sign-up/email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string(),\n\t\t\temail: z.string().email(),\n\t\t\tpassword: z.string(),\n\t\t\timage: z.string().optional(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.enabled) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { name, email, password, image } = ctx.body;\n\t\tconst minPasswordLength =\n\t\t\tctx.context.options?.emailAndPassword?.minPasswordLength || 8;\n\t\tif (password.length < minPasswordLength) {\n\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: { message: \"Password is too short\" },\n\t\t\t});\n\t\t}\n\t\tconst argon2id = new Argon2id();\n\t\tconst dbUser = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t/**\n\t\t * hash first to avoid timing attacks\n\t\t */\n\t\tconst hash = await argon2id.hash(password);\n\t\tif (dbUser?.user) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User already exists\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst createdUser = await ctx.context.internalAdapter.createUser({\n\t\t\tid: generateRandomString(32, alphabet(\"a-z\", \"0-9\", \"A-Z\")),\n\t\t\temail: email.toLowerCase(),\n\t\t\tname,\n\t\t\timage,\n\t\t\temailVerified: false,\n\t\t\tcreatedAt: new Date(),\n\t\t\tupdatedAt: new Date(),\n\t\t});\n\t\t/**\n\t\t * Link the account to the user\n\t\t */\n\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\tid: generateRandomString(32, alphabet(\"a-z\", \"0-9\", \"A-Z\")),\n\t\t\tuserId: createdUser.id,\n\t\t\tproviderId: \"credential\",\n\t\t\taccountId: createdUser.id,\n\t\t\tpassword: hash,\n\t\t});\n\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\tcreatedUser.id,\n\t\t\tctx.request,\n\t\t);\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tsession.id,\n\t\t\tctx.context.secret,\n\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t);\n\t\treturn ctx.json(\n\t\t\t{\n\t\t\t\tuser: createdUser,\n\t\t\t\tsession,\n\t\t\t},\n\t\t\t{\n\t\t\t\tbody: ctx.body.callbackURL\n\t\t\t\t\t? {\n\t\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t\t\tsession,\n\t\t\t\t\t\t},\n\t\t\t},\n\t\t);\n\t},\n);\n","import { serializeSigned } from \"better-call\";\nimport { createAuthMiddleware } from \"../../api/call\";\nimport { BetterAuthError } from \"../../error/better-auth-error\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\n\n/**\n * Converts bearer token to session cookie\n */\nexport const bearer = () => {\n\treturn {\n\t\tid: \"bearer\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tcontext.request?.headers\n\t\t\t\t\t\t\t\t.get(\"authorization\")\n\t\t\t\t\t\t\t\t?.startsWith(\"Bearer \") || false\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: async (ctx) => {\n\t\t\t\t\t\tconst token = ctx.request?.headers\n\t\t\t\t\t\t\t.get(\"authorization\")\n\t\t\t\t\t\t\t?.replace(\"Bearer \", \"\");\n\t\t\t\t\t\tif (!token) {\n\t\t\t\t\t\t\tthrow new BetterAuthError(\"No token found\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst headers = ctx.headers || new Headers();\n\t\t\t\t\t\tconst signedToken = await serializeSigned(\n\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t);\n\t\t\t\t\t\theaders.set(\n\t\t\t\t\t\t\t\"cookie\",\n\t\t\t\t\t\t\t`${\n\t\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.name\n\t\t\t\t\t\t\t}=${signedToken.replace(\"=\", \"\")}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;AAAA,SAAS,YAAAA,iBAAgB;AACzB;AAAA,EAKC,KAAAC;AAAA,OACM;;;ACPP;AAAA,EAGC;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAIA,IAAM,oBAAoB,iBAAiB,YAAY;AAM7D,SAAO,CAAC;AACT,CAAC;AAEM,IAAM,uBAAuB,wBAAwB;AAAA,EAC3D,KAAK,CAAC,iBAAiB;AACxB,CAAC;AAEM,IAAM,qBAAqB,sBAAsB;AAAA,EACvD,KAAK,CAAC,iBAAiB;AACxB,CAAC;;;ACzBD,SAAS,gBAAgB;AACzB,SAAS,4BAA4B;AACrC,SAAS,gBAAgB;AACzB,SAAS,SAAS;;;ACHlB,OAA6B;AAE7B,SAAS,gBAAgB;AACzB,SAAS,mBAAmB;;;ACHrB,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAC1C,YAAY,SAAiB;AAC5B,UAAM,OAAO;AAAA,EACd;AACD;;;ACFA,SAAS,aAAa,KAAsB;AAC3C,MAAI;AACH,UAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,WAAO,UAAU,aAAa;AAAA,EAC/B,SAAS,OAAO;AACf,YAAQ,MAAM,gBAAgB,KAAK;AACnC,WAAO;AAAA,EACR;AACD;AAEA,SAAS,SAAS,KAAa,OAAO,aAAa;AAClD,QAAM,UAAU,aAAa,GAAG;AAChC,MAAI,SAAS;AACZ,WAAO;AAAA,MACN,SAAS,IAAI,IAAI,GAAG,EAAE;AAAA,MACtB,UAAU;AAAA,IACX;AAAA,EACD;AACA,SAAO,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI;AAC7C,SAAO;AAAA,IACN,SAAS;AAAA,IACT,UAAU,GAAG,GAAG,GAAG,IAAI;AAAA,EACxB;AACD;AAEO,SAAS,WAAW,KAAc,MAAe;AACvD,MAAI,KAAK;AACR,WAAO,SAAS,KAAK,IAAI;AAAA,EAC1B;AAEA,QAAM,MACL,OAAO,YAAY,cAChB,QAAQ,MACR,OAAO,gBAAgB;AAAA;AAAA,IAEvB,YAAY;AAAA,MACX,CAAC;AACN,QAAM,UACL,IAAI,mBACJ,IAAI,YACJ,IAAI,wBACJ,IAAI,+BACJ,IAAI,mBACJ,IAAI,0BACJ,IAAI,+BACJ,IAAI;AACL,MAAI,SAAS;AACZ,WAAO,SAAS,SAAS,IAAI;AAAA,EAC9B;AAEA,QAAM,QACL,CAAC,YAAY,IAAI,aAAa,iBAAiB,IAAI,aAAa;AACjE,MAAI,OAAO;AACV,WAAO;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACX;AAAA,EACD;AACA,QAAM,IAAI;AAAA,IACT;AAAA,EACD;AACD;;;AC7DO,SAAS,eAAe,YAAoB,aAAsB;AACxE,SAAO,eAAe,GAAG,WAAW,CAAC,sBAAsB,UAAU;AACtE;;;AHmDO,IAAM,QAAQ,CAAC;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACD,MAAoB;AACnB,QAAM,gBAAgB;AACtB,gBAAc,eAAe,SAAS,WAAW;AACjD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,SAAS,UAAU,CAAC,SAAS,QAAQ,QAAQ;AACnD,aAAO,IAAI;AAAA,QACV,sDAAsD,QAAQ,oCAAoC,WAAW,UAAU,OAAO;AAAA,UAC7H;AAAA,QACD,CAAC,UAAU,KAAK;AAAA,MACjB;AAAA,IACD;AAAA,IACA,2BAA2B,OAAO,SAAS;AAC1C,YAAM,OAAO,MAAM,YAA0B,eAAe;AAAA,QAC3D,QAAQ;AAAA,QACR,MAAM,IAAI,gBAAgB;AAAA,UACzB,WAAW;AAAA,UACX,eAAe;AAAA,UACf,YAAY;AAAA,UACZ;AAAA,QACD,CAAC;AAAA,QACD,SAAS;AAAA,UACR,gBAAgB;AAAA,QACjB;AAAA,MACD,CAAC;AACD,UAAI,KAAK,OAAO;AACf,cAAM,IAAI,gBAAgB,KAAK,OAAO,WAAW,EAAE;AAAA,MACpD;AACA,aAAO,KAAK;AAAA,IACb;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,YAAM,OAAO,SAAS,MAAM,QAAQ,CAAC,GAAG;AACxC,UAAI,CAAC,MAAM;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,KAAK;AAAA,UACT,MAAM,KAAK;AAAA,UACX,OAAO,KAAK;AAAA,UACZ,eAAe,KAAK,mBAAmB;AAAA,QACxC;AAAA,QACA;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AI3GA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAkFjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAsB;AACrB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,SAAS,UAAU,CAAC,OAAO;AACjC,aAAO,cAAc,uBAAuB,OAAO,MAAM;AAAA,IAC1D;AAAA,IACA,2BAA2B,cAAc;AAAA,IACzC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,MAAM;AAAA,YACL,MAAM;AAAA,YACN,OAAO,MAAM;AAAA,UACd;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ,gBAAgB,QAAQ,YAAY;AAAA,UAClD,OAAO,QAAQ;AAAA,UACf,eAAe,QAAQ;AAAA,QACxB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC7HA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,gBAAgB;AAuBlB,IAAM,WAAW,CAAC;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AACD,MAAuB;AACtB,QAAM,iBAAiB,IAAI;AAAA,IAC1B;AAAA,IACA;AAAA,IACA,eAAe,YAAY,WAAW;AAAA,EACvC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,SAAS,gBAAgB;AACpD,aAAO,eAAe,uBAAuB,OAAO,OAAO;AAAA,IAC5D;AAAA,IACA,2BAA2B,eAAe;AAAA,IAC1C,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,MAAM;AAAA,YACL,MAAM;AAAA,YACN,OAAO,MAAM;AAAA,UACd;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,eAAe,QAAQ;AAAA,QACxB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AClEA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,cAAc;AA0DhB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,YAAY;AACvC,aAAO,aAAa,uBAAuB,OAAO,OAAO;AAAA,IAC1D;AAAA,IACA,2BAA2B,aAAa;AAAA,IACxC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,UAAI,gBAAgB;AACpB,UAAI,CAAC,QAAQ,OAAO;AACnB,cAAM,EAAE,MAAM,OAAAC,OAAM,IAAI,MAAMD,aAO5B,sCAAsC;AAAA,UACvC,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,YAC1C,cAAc;AAAA,UACf;AAAA,QACD,CAAC;AACD,YAAI,CAACC,QAAO;AACX,kBAAQ,SAAS,KAAK,KAAK,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,CAAC,IACnD;AACH,0BACC,KAAK,KAAK,CAAC,MAAM,EAAE,UAAU,QAAQ,KAAK,GAAG,YAAY;AAAA,QAC3D;AAAA,MACD;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ;AAAA,UACf;AAAA,UACA,WAAW,oBAAI,KAAK;AAAA,UACpB,WAAW,oBAAI,KAAK;AAAA,QACrB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC9HA,SAAS,cAAc;AACvB,SAAS,YAAAC,iBAAgB;AAsClB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,QAAQ,aAAa,GAAG;AACvD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,qCAAqC;AAAA,MAChE;AACA,YAAM,UAAU,UAAU,CAAC,SAAS,SAAS;AAC7C,aAAO,aAAa,uBAAuB,OAAO,cAAc,OAAO;AAAA,IACxE;AAAA,IACA,2BAA2B,OAAO,MAAM,iBAAiB;AACxD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,qCAAqC;AAAA,MAChE;AACA,aAAO,aAAa,0BAA0B,MAAM,YAAY;AAAA,IACjE;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,UAAI,CAAC,MAAM,SAAS;AACnB,eAAO;AAAA,MACR;AACA,YAAM,OAAOC,UAAS,MAAM,QAAQ,CAAC,GAAG;AACxC,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,KAAK;AAAA,UACT,MAAM,KAAK;AAAA,UACX,OAAO,KAAK;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ,eAAe,KAAK;AAAA,QACrB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AClFA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAmBjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAsB;AACrB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,iBAAiB;AAC5C,aAAO,cAAc,uBAAuB,OAAO,OAAO;AAAA,IAC3D;AAAA,IACA,2BAA2B,cAAc;AAAA,IACzC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ,OAAO,CAAC,GAAG;AAAA,UAC1B,eAAe;AAAA,QAChB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC/DA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,cAAc;AA6BhB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,kBAAkB,MAAM;AACnD,aAAO,aAAa,uBAAuB,OAAO,OAAO;AAAA,IAC1D;AAAA,IACA,2BAA2B,aAAa;AAAA,IACxC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ;AAAA,UACf,eAAe;AAAA,QAChB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;ACzEA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAoGjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,MAAM;AAC5B,YAAM,UAAU,KAAK,UAAU,CAAC,mBAAmB;AACnD,aAAO,cAAc;AAAA,QACpB,KAAK;AAAA,QACL,KAAK;AAAA,QACL;AAAA,MACD;AAAA,IACD;AAAA,IACA,2BAA2B,OAAO,MAAM,iBAAiB;AACxD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,sCAAsC;AAAA,MACjE;AACA,aAAO,cAAc,0BAA0B,MAAM,YAAY;AAAA,IAClE;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,UAAI,CAAC,QAAQ,KAAK,OAAO;AACxB,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ,KAAK;AAAA,UACjB,MAAM,QAAQ,KAAK;AAAA,UACnB,OAAO,QAAQ,KAAK;AAAA,UACpB,OAAO,QAAQ,KAAK;AAAA,UACpB,eAAe,QAAQ,KAAK,YAAY;AAAA,QACzC;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;ACzJA,OAA6B;;;ACMtB,IAAM,iBAAiB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD;AAEO,IAAM,oBAAoB,OAAO,KAAK,cAAc;;;ACpB3D,SAAS,iBAAiB,0BAA0B;AAE7C,SAAS,cAAc,aAAsB,YAAqB;AACxE,QAAM,OAAO,mBAAmB;AAChC,QAAM,QAAQ,GAAG,IAAI,IAAI,WAAW,IAAI,UAAU;AAClD,SAAO,EAAE,OAAO,KAAK;AACtB;AAEO,SAAS,WAAW,OAAe;AACzC,QAAM,CAAC,MAAM,aAAa,UAAU,IAAI,MAAM,MAAM,GAAG;AACvD,SAAO,EAAE,MAAM,aAAa,WAAW;AACxC;;;ACRO,IAAM,aAAa;AAAA,EACzB;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,gBAAgB;AAAA,EACjB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,qBAAqB,MAAM,IAAI;AAAA,MACpC,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,IAAI,QAAQ;AAAA,IACb;AACA,QAAI,CAAC,oBAAoB;AACxB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,UACL,MAAM,IAAI,QAAQ,gBAAgB,YAAY,kBAAkB;AACjE,QAAI,CAAC,WAAW,QAAQ,QAAQ,YAAY,oBAAI,KAAK,GAAG;AACvD,UAAI;AAAA,QACH,IAAI,QAAQ,YAAY,aAAa;AAAA,QACrC;AAAA,QACA,IAAI,QAAQ;AAAA,QACZ;AAAA,UACC,QAAQ;AAAA,QACT;AAAA,MACD;AACA,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACxD,QAAQ;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,eAAe;AAAA,MACf,IAAI,QAAQ;AAAA,MACZ;AAAA,QACC,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,QACxC,QAAQ,eAAe,UAAU,QAAQ,IAAI,KAAK,IAAI;AAAA,MACvD;AAAA,IACD;AACA,WAAO,IAAI,KAAK;AAAA,MACf,SAAS;AAAA,MACT,MAAM,QAAQ;AAAA,IACf,CAAC;AAAA,EACF;AACD;AAEO,IAAM,oBAAoB,OAAO,QAA2B;AAClE,QAAM,UAAU,MAAM,WAAW;AAAA,IAChC,GAAG;AAAA;AAAA,IAEH,OAAO;AAAA,EACR,CAAC;AACD,SAAO;AACR;;;AfpDO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,gBAAgB;AAAA,IAChB,OAAO,EACL,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKP,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,IACjC,CAAC,EACA,SAAS;AAAA,IACX,MAAM,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,MAId,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,MAIjC,UAAU,EAAE,KAAK,iBAAiB;AAAA,IACnC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,MAAM;AACZ,UAAM,WAAW,EAAE,QAAQ,QAAQ,gBAAgB;AAAA,MAClD,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK;AAAA,IACxB;AACA,QAAI,CAAC,UAAU;AACd,QAAE,QAAQ,OAAO;AAAA,QAChB;AAAA,QACA;AAAA,UACC,UAAU,EAAE,KAAK;AAAA,QAClB;AAAA,MACD;AACA,YAAM,IAAI,SAAS,WAAW;AAAA,IAC/B;AACA,UAAM,SAAS,EAAE,QAAQ;AACzB,UAAM,aAAa,EAAE,OAAO,aACzB,IAAI,IAAI,EAAE,OAAO,UAAU,IAC3B;AACH,UAAM,QAAQ;AAAA,MACb,EAAE,KAAK,eAAe,YAAY,UAAU,EAAE,QAAQ;AAAA,MACtD,EAAE,OAAO;AAAA,IACV;AACA,QAAI;AACH,YAAM,EAAE;AAAA,QACP,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,QACN,EAAE,QAAQ;AAAA,QACV,OAAO,MAAM;AAAA,MACd;AACA,YAAM,eAAe,qBAAqB;AAC1C,YAAM,EAAE;AAAA,QACP,OAAO,eAAe;AAAA,QACtB;AAAA,QACA,EAAE,QAAQ;AAAA,QACV,OAAO,eAAe;AAAA,MACvB;AACA,YAAM,MAAM,SAAS,uBAAuB;AAAA,QAC3C,OAAO,MAAM;AAAA,QACb;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,KAAK,IAAI,SAAS;AAAA,QAClB,OAAO,MAAM;AAAA,QACb;AAAA,QACA,UAAU;AAAA,MACX;AAAA,IACD,SAAS,GAAG;AACX,YAAM,IAAI,SAAS,uBAAuB;AAAA,IAC3C;AAAA,EACD;AACD;AAEO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAM,EAAE,OAAO;AAAA,MACd,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,MACxB,UAAU,EAAE,OAAO;AAAA,MACnB,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA,MAKjC,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS;AAAA,IACrD,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,SAAS,kBAAkB,SAAS;AACpD,UAAI,QAAQ,OAAO,MAAM,mCAAmC;AAC5D,YAAM,IAAI,SAAS,eAAe;AAAA,QACjC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,kBAAkB,GAAG;AAClD,QAAI,gBAAgB;AACnB,aAAO,IAAI,KAAK;AAAA,QACf,MAAM,eAAe;AAAA,QACrB,SAAS,eAAe;AAAA,QACxB,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,QACrB,KAAK,IAAI,KAAK;AAAA,MACf,CAAC;AAAA,IACF;AACA,UAAM,EAAE,OAAO,SAAS,IAAI,IAAI;AAChC,UAAM,WAAW,IAAI,SAAS;AAC9B,UAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,QAAI,CAAC,MAAM;AACV,YAAM,SAAS,KAAK,QAAQ;AAC5B,UAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC;AACpD,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,oBAAoB,KAAK,SAAS;AAAA,MACvC,CAAC,MAAM,EAAE,eAAe;AAAA,IACzB;AACA,QAAI,CAAC,mBAAmB;AACvB,UAAI,QAAQ,OAAO,MAAM,gCAAgC,EAAE,MAAM,CAAC;AAClE,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,kBAAkB,mBAAmB;AAC3C,QAAI,CAAC,iBAAiB;AACrB,UAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC;AACxD,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,SAAS,OAAO,iBAAiB,QAAQ;AACrE,QAAI,CAAC,eAAe;AACnB,UAAI,QAAQ,OAAO,MAAM,kBAAkB;AAC3C,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACjD,KAAK,KAAK;AAAA,MACV,IAAI;AAAA,IACL;AACA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,QAAQ;AAAA,MACR,IAAI,QAAQ;AAAA,MACZ,IAAI,KAAK,iBACN;AAAA,QACA,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,QACxC,QAAQ;AAAA,MACT,IACC,IAAI,QAAQ,YAAY,aAAa;AAAA,IACzC;AACA,WAAO,IAAI,KAAK;AAAA,MACf,MAAM,KAAK;AAAA,MACX;AAAA,MACA,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,MACrB,KAAK,IAAI,KAAK;AAAA,IACf,CAAC;AAAA,EACF;AACD;;;AgB3KA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,UAAS;;;ACDlB,SAAS,KAAAC,UAAS;AAIX,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACrC,IAAIA,GAAE,OAAO;AAAA,EACb,YAAYA,GAAE,OAAO;AAAA,EACrB,WAAWA,GAAE,OAAO;AAAA,EACpB,QAAQA,GAAE,OAAO;AAAA,EACjB,aAAaA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,cAAcA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,SAASA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACxC,sBAAsBA,GAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,EACnD,uBAAuBA,GAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,EAIpD,UAAUA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC1C,CAAC;AAEM,IAAM,aAAaA,GAAE,OAAO;AAAA,EAClC,IAAIA,GAAE,OAAO;AAAA,EACb,OAAOA,GAAE,OAAO,EAAE,UAAU,CAAC,QAAQ,IAAI,YAAY,CAAC;AAAA,EACtD,eAAeA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACxC,MAAMA,GAAE,OAAO;AAAA,EACf,OAAOA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,WAAWA,GAAE,KAAK,EAAE,QAAQ,oBAAI,KAAK,CAAC;AAAA,EACtC,WAAWA,GAAE,KAAK,EAAE,QAAQ,oBAAI,KAAK,CAAC;AACvC,CAAC;AAEM,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACrC,IAAIA,GAAE,OAAO;AAAA,EACb,QAAQA,GAAE,OAAO;AAAA,EACjB,WAAWA,GAAE,KAAK;AAAA,EAClB,WAAWA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAWA,GAAE,OAAO,EAAE,SAAS;AAChC,CAAC;;;ACpCM,IAAM,0BAA0B;AAAA,EACtC,UAAU;AACX;;;ACFA,SAAS,UAAU,4BAA4B;AACxC,IAAM,aAAa,MAAM;AAC/B,SAAO,qBAAqB,IAAI,SAAS,OAAO,KAAK,CAAC;AACvD;;;AHKO,IAAM,gBAAgB;AAAA,EAC5B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOC,GAAE,OAAO;AAAA,MACf,OAAOA,GAAE,OAAO;AAAA,MAChB,MAAMA,GAAE,OAAO;AAAA,MACf,eAAeA,GAAE,OAAO,EAAE,SAAS;AAAA,IACpC,CAAC;AAAA,IACD,UAAU;AAAA,EACX;AAAA,EACA,OAAO,MAAM;AACZ,UAAM,WAAW,EAAE,QAAQ,QAAQ,gBAAgB;AAAA,MAClD,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO;AAAA,IAC1B;AACA,QAAI,CAAC,UAAU;AACd,QAAE,QAAQ,OAAO;AAAA,QAChB;AAAA,QACA,EAAE,OAAO;AAAA,QACT;AAAA,MACD;AACA,YAAM,IAAIC,UAAS,WAAW;AAAA,IAC/B;AACA,UAAM,SAAS,MAAM,SAAS;AAAA,MAC7B,EAAE,MAAM;AAAA,MACR,EAAE,MAAM,iBAAiB;AAAA,IAC1B;AACA,QAAI,CAAC,QAAQ;AACZ,QAAE,QAAQ,OAAO,MAAM,0BAA0B;AACjD,YAAM,IAAIA,UAAS,cAAc;AAAA,IAClC;AACA,UAAM,OAAO,MAAM,SAAS,YAAY,MAAM,EAAE,KAAK,CAAC,QAAQ,KAAK,IAAI;AACvE,UAAM,KAAK,WAAW;AACtB,UAAM,OAAO,WAAW,UAAU;AAAA,MACjC,GAAG;AAAA,MACH;AAAA,IACD,CAAC;AACD,UAAM,EAAE,aAAa,WAAW,IAAI,WAAW,EAAE,MAAM,KAAK;AAC5D,QAAI,CAAC,QAAQ,KAAK,YAAY,OAAO;AACpC,UAAI,YAAY;AACf,cAAM,EAAE,SAAS,GAAG,UAAU,gCAAgC;AAAA,MAC/D,OAAO;AACN,cAAM,IAAIA,UAAS,aAAa;AAAA,MACjC;AAAA,IACD;AACA,QAAI,CAAC,aAAa;AACjB,QAAE,QAAQ,OAAO,MAAM,wBAAwB;AAC/C,YAAM,IAAIA,UAAS,WAAW;AAAA,IAC/B;AAEA,UAAM,SAAS,MAAM,EAAE,QAAQ,gBAAgB,gBAAgB,KAAK,KAAK;AACzE,UAAM,SAAS,QAAQ,KAAK;AAC5B,QAAI,QAAQ;AAEX,YAAM,gBAAgB,OAAO,SAAS;AAAA,QACrC,CAAC,MAAM,EAAE,eAAe,SAAS;AAAA,MAClC;AACA,UAAI,CAAC,iBAAiB,CAAC,KAAK,eAAe;AAC1C,UAAE,QAAQ,OAAO,MAAM,qBAAqB;AAC5C,cAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,YAAI,aAAa,IAAI,SAAS,qBAAqB;AACnD,cAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,MAChC;AAEA,UAAI,CAAC,iBAAiB,KAAK,eAAe;AACzC,cAAM,EAAE,QAAQ,gBAAgB,YAAY;AAAA,UAC3C,YAAY,SAAS;AAAA,UACrB,WAAW,KAAK;AAAA,UAChB,IAAI,GAAG,SAAS,EAAE,IAAI,KAAK,EAAE;AAAA,UAC7B,QAAQ,OAAO,KAAK;AAAA,UACpB,GAAG;AAAA,QACJ,CAAC;AAAA,MACF;AAAA,IACD,OAAO;AACN,UAAI;AACH,cAAM,EAAE,QAAQ,gBAAgB,gBAAgB,KAAK,MAAM;AAAA,UAC1D,GAAG;AAAA,UACH,IAAI,GAAG,SAAS,EAAE,IAAI,KAAK,EAAE;AAAA,UAC7B,YAAY,SAAS;AAAA,UACrB,WAAW,KAAK;AAAA,UAChB,QAAQ;AAAA,QACT,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,YAAI,aAAa,IAAI,SAAS,uBAAuB;AACrD,UAAE,UAAU,YAAY,IAAI,SAAS,CAAC;AACtC,cAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,MAChC;AAAA,IACD;AAEA,QAAI,CAAC,UAAU,CAAC;AACf,YAAM,IAAIA,UAAS,yBAAyB;AAAA,QAC3C,SAAS;AAAA,MACV,CAAC;AAEF,UAAM,UAAU,MAAM,EAAE,QAAQ,gBAAgB;AAAA,MAC/C,UAAU;AAAA,MACV,EAAE;AAAA,IACH;AACA,QAAI;AACH,YAAM,EAAE;AAAA,QACP,EAAE,QAAQ,YAAY,aAAa;AAAA,QACnC,QAAQ;AAAA,QACR,EAAE,QAAQ;AAAA,QACV,EAAE,QAAQ,YAAY,aAAa;AAAA,MACpC;AAAA,IACD,SAAS,GAAG;AACX,QAAE,QAAQ,OAAO,MAAM,gCAAgC,CAAC;AACxD,YAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,UAAI,aAAa,IAAI,SAAS,0BAA0B;AACxD,YAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,IAChC;AACA,UAAM,EAAE,SAAS,WAAW;AAAA,EAC7B;AACD;;;AI1HA,SAAS,KAAAC,UAAS;AAGX,IAAM,UAAU;AAAA,EACtB;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GACJ,OAAO;AAAA,MACP,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC,EACA,SAAS;AAAA,EACZ;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,qBAAqB,MAAM,IAAI;AAAA,MACpC,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,IAAI,QAAQ;AAAA,IACb;AACA,QAAI,CAAC,oBAAoB;AACxB,aAAO,IAAI,KAAK,IAAI;AAAA,IACrB;AACA,UAAM,IAAI,QAAQ,gBAAgB,cAAc,kBAAkB;AAClE,QAAI,UAAU,IAAI,QAAQ,YAAY,aAAa,MAAM,IAAI;AAAA,MAC5D,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK,MAAM;AAAA,MACrB,MAAM;AAAA,QACL,UAAU,CAAC,CAAC,IAAI,MAAM;AAAA,QACtB,KAAK,IAAI,MAAM;AAAA,MAChB;AAAA,IACD,CAAC;AAAA,EACF;AACD;;;AChCA,SAAS,gBAAgB;AACzB,SAAS,iBAAiB;AAC1B,SAAS,mBAAmB;AAC5B,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,UAAS;AAGX,IAAM,iBAAiB;AAAA,EAC7B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA;AAAA;AAAA;AAAA,MAId,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,IACzB,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,wBAAwB;AAClE,UAAI,QAAQ,OAAO;AAAA,QAClB;AAAA,MACD;AACA,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,QAAI,CAAC,MAAM;AACV,aAAO,IAAI;AAAA,QACV;AAAA,UACC,OAAO;AAAA,QACR;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD;AAAA,MACD;AAAA,IACD;AACA,UAAM,QAAQ,MAAM;AAAA,MACnB;AAAA,MACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,MAC9B;AAAA,QACC,OAAO,KAAK,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,QACC,WAAW,IAAI,SAAS,GAAG,GAAG;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW,CAAC,KAAK,KAAK,KAAK;AAAA,QAC3B,wBAAwB;AAAA,MACzB;AAAA,IACD;AACA,UAAM,IAAI,QAAQ,QAAQ,iBAAiB;AAAA,MAC1C;AAAA,MACA,KAAK;AAAA,IACN;AACA,WAAO,IAAI,KAAK;AAAA,MACf,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,gBAAgB;AAAA,EAC5B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO;AAAA,MAChB,aAAaA,GAAE,OAAO;AAAA,MACtB,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,EAAE,OAAO,YAAY,IAAI,IAAI;AACnC,QAAI;AACH,YAAM,MAAM,MAAM;AAAA,QACjB;AAAA,QACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,QAAQA,GACZ,OAAO,EACP,MAAM,EACN,MAAO,IAAI,QAA8B,KAAK;AAChD,YAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,UAAI,CAAC,MAAM;AACV,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,UACC,YAAY,UACV,IAAI,QAAQ,QAAQ,kBAAkB,qBAAqB,MAC7D,YAAY,UACV,IAAI,QAAQ,QAAQ,kBAAkB,qBAAqB,KAC5D;AACD,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,WAAW,IAAIC,UAAS;AAC9B,YAAM,iBAAiB,MAAM,SAAS,KAAK,WAAW;AACtD,YAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB;AAAA,QACrD,KAAK,KAAK;AAAA,QACV;AAAA,MACD;AACA,UAAI,CAAC,aAAa;AACjB,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,aAAO,IAAI,KAAK;AAAA,QACf,QAAQ;AAAA,QACR,KAAK,IAAI,KAAK;AAAA,QACd,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,MACtB,CAAC;AAAA,IACF,SAAS,GAAG;AACX,cAAQ,IAAI,CAAC;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACD;;;ACpJA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,aAAAC,YAAW,eAAAC,oBAAmB;AACvC,SAAS,KAAAC,UAAS;AAGX,IAAM,wBAAwB;AAAA,EACpC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,MACxB,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,uBAAuB;AACjE,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,QAAQ,MAAMC;AAAA,MACnB;AAAA,MACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,MAC9B;AAAA,QACC,OAAO,MAAM,YAAY;AAAA,MAC1B;AAAA,MACA;AAAA,QACC,WAAW,IAAIC,UAAS,GAAG,GAAG;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW,CAAC,KAAK;AAAA,QACjB,wBAAwB;AAAA,MACzB;AAAA,IACD;AACA,UAAM,MAAM,GAAG,IAAI,QAAQ,OAAO,uBAAuB,KAAK,gBAAgB,IAAI,KAAK,WAAW;AAClG,UAAM,IAAI,QAAQ,QAAQ,iBAAiB;AAAA,MAC1C;AAAA,MACA;AAAA,IACD;AACA,WAAO,IAAI,KAAK;AAAA,MACf,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOF,GAAE,OAAO;AAAA,MACf,OAAOA,GAAE,OAAO;AAAA,MAChB,aAAaA,GAAE,OAAO;AAAA,IACvB,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,QAAI;AACH,YAAM,MAAM,MAAMG;AAAA,QACjB;AAAA,QACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,SAASH,GAAE,OAAO;AAAA,QACvB,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,MACzB,CAAC;AACD,YAAM,SAAS,OAAO,MAAM,IAAI,OAAO;AACvC,YAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB;AAAA,QAC9C,OAAO;AAAA,MACR;AACA,UAAI,CAAC,MAAM;AACV,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,UAAU,KAAK,SAAS,KAAK,CAAC,MAAM,EAAE,eAAe,YAAY;AACvE,UAAI,CAAC,SAAS;AACb,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,IAAI,QAAQ,gBAAgB,kBAAkB,OAAO,OAAO;AAAA,QACjE,eAAe;AAAA,MAChB,CAAC;AACD,UAAI,IAAI,MAAM,aAAa;AAC1B,cAAM,IAAI,SAAS,IAAI,MAAM,WAAW;AAAA,MACzC;AACA,aAAO,IAAI,KAAK;AAAA,QACf,QAAQ;AAAA,MACT,CAAC;AAAA,IACF,SAAS,GAAG;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACD;;;AC9GO,IAAM,cAAc,CAC1B,gBACA,eACI;AACJ,QAAM,aAAkC,CAAC;AACzC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AAC1D,eAAW,GAAG,IAAI,CAAC,QAA6B;AAC/C,aAAO,MAAM;AAAA,QACZ,GAAG;AAAA,QACH,SAAS;AAAA,UACR,GAAG;AAAA,UACH,GAAG,IAAI;AAAA,QACR;AAAA,MACD,CAAC;AAAA,IACF;AACA,eAAW,GAAG,EAAE,OAAO,MAAM;AAC7B,eAAW,GAAG,EAAE,SAAS,MAAM;AAC/B,eAAW,GAAG,EAAE,UAAU,MAAM;AAChC,eAAW,GAAG,EAAE,UAAU,MAAM;AAAA,EACjC;AACA,SAAO;AACR;;;ACvBA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACvB;AAAA,EAChB,YAAY,SAAiB,MAAc;AAC1C,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACb;AACD;AAIO,IAAM,gBAAN,MAAiE;AAAA,EAEvE,YAA6B,GAAgB;AAAhB;AAC5B,SAAK,aAAa;AAAA,EACnB;AAAA,EAHiB;AAAA,EAIV,QACN,YACC;AACD,WAAO,IAAI,KAA6B,UAAU;AAAA,EACnD;AACD;AAMO,IAAM,OAAN,MAAM,MAAqC;AAAA,EACjC;AAAA,EAEhB,YAAY,YAAyB;AACpC,SAAK,aAAa;AAAA,EACnB;AAAA,EAEO,UACN,SACA,WACqB;AACrB,eAAW,CAAC,mBAAmB,gBAAgB,KAAK,OAAO;AAAA,MAC1D;AAAA,IACD,GAAG;AACF,YAAM,iBAAiB,KAAK,WAAW,iBAAiB;AACxD,UAAI,CAAC,gBAAgB;AACpB,eAAO;AAAA,UACN,SAAS;AAAA,UACT,OAAO,2CAA2C,iBAAiB;AAAA,QACpE;AAAA,MACD;AACA,YAAM,UACL,cAAc,OACV,iBAA8B;AAAA,QAAK,CAAC,oBACrC,eAAe,SAAS,eAAe;AAAA,MACxC,IACE,iBAA8B;AAAA,QAAM,CAAC,oBACtC,eAAe,SAAS,eAAe;AAAA,MACxC;AACH,UAAI,SAAS;AACZ,eAAO,EAAE,QAAQ;AAAA,MAClB;AACA,aAAO;AAAA,QACN,SAAS;AAAA,QACT,OAAO,oCAAoC,iBAAiB;AAAA,MAC7D;AAAA,IACD;AACA,WAAO;AAAA,MACN,SAAS;AAAA,MACT,OAAO;AAAA,IACR;AAAA,EACD;AAAA,EAEA,OAAO,WAA2C,GAAW;AAC5D,UAAM,aAAa,KAAK,MAAM,CAAC;AAE/B,QAAI,OAAO,eAAe,UAAU;AACnC,YAAM,IAAI,aAAa,+BAA+B,GAAG;AAAA,IAC1D;AACA,eAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,UAAU,GAAG;AAC7D,UAAI,OAAO,aAAa,UAAU;AACjC,cAAM,IAAI,aAAa,+BAA+B,QAAQ;AAAA,MAC/D;AACA,UAAI,CAAC,MAAM,QAAQ,OAAO,GAAG;AAC5B,cAAM,IAAI,aAAa,2BAA2B,QAAQ;AAAA,MAC3D;AACA,eAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;AACxC,YAAI,OAAO,QAAQ,CAAC,MAAM,UAAU;AACnC,gBAAM,IAAI,aAAa,0BAA0B,GAAG,QAAQ,IAAI,CAAC,GAAG;AAAA,QACrE;AAAA,MACD;AAAA,IACD;AACA,WAAO,IAAI,MAAkB,UAAU;AAAA,EACxC;AAAA,EAEO,WAAmB;AACzB,WAAO,KAAK,UAAU,KAAK,UAAU;AAAA,EACtC;AACD;;;AC7FO,IAAM,sBAAsB,CAClC,eACI;AACJ,SAAO,IAAI,cAAiB,UAAU;AACvC;AAEO,IAAM,oBAAoB;AAAA,EAChC,cAAc,CAAC,UAAU,QAAQ;AAAA,EACjC,QAAQ,CAAC,UAAU,UAAU,QAAQ;AAAA,EACrC,YAAY,CAAC,UAAU,QAAQ;AAChC;AAEO,IAAM,YAAY,oBAAoB,iBAAiB;AAEvD,IAAM,UAAU,UAAU,QAAQ;AAAA,EACxC,cAAc,CAAC,QAAQ;AAAA,EACvB,YAAY,CAAC,UAAU,QAAQ;AAAA,EAC/B,QAAQ,CAAC,UAAU,UAAU,QAAQ;AACtC,CAAC;AAEM,IAAM,UAAU,UAAU,QAAQ;AAAA,EACxC,cAAc,CAAC,UAAU,QAAQ;AAAA,EACjC,QAAQ,CAAC,UAAU,UAAU,QAAQ;AAAA,EACrC,YAAY,CAAC,UAAU,QAAQ;AAChC,CAAC;AAEM,IAAM,WAAW,UAAU,QAAQ;AAAA,EACzC,cAAc,CAAC;AAAA,EACf,QAAQ,CAAC;AAAA,EACT,YAAY,CAAC;AACd,CAAC;AAEM,IAAM,eAAe;AAAA,EAC3B,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AACT;;;ACrCO,IAAM,uBAAuB,CAAC,eAAwB;AAC5D,SAAO,KAAK,WAAW,cAAc,EAAE;AACxC;;;ACJO,IAAM,UAAU,CAAC,SAAiB;AACxC,QAAM,OAAO,oBAAI,KAAK;AACtB,SAAO,IAAI,KAAK,KAAK,QAAQ,IAAI,IAAI;AACtC;;;ACIO,IAAM,gBAAgB,CAC5B,SACA,YACI;AACJ,SAAO;AAAA,IACN,wBAAwB,OAAO,SAAiB;AAC/C,YAAMI,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,SAGrB;AACL,YAAMA,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,MAAM,KAAK;AAAA,MACZ,CAAC;AACD,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,MAAM;AAAA,UACL,IAAI,WAAW;AAAA,UACf,MAAM,KAAK,KAAK;AAAA,UAChB,gBAAgBA,cAAa;AAAA,UAC7B,QAAQ,KAAK,KAAK;AAAA,UAClB,OAAO,KAAK,KAAK;AAAA,UACjB,MAAM,SAAS,eAAe;AAAA,QAC/B;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,GAAGA;AAAA,QACH,SAAS,CAAC,MAAM;AAAA,MACjB;AAAA,IACD;AAAA,IACA,mBAAmB,OAAO,SAGpB;AACL,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,mBAAmB,OAAO,SAGpB;AACL,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,gBAAgB,OAAO,aAAqB;AAC3C,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,SAAiB;AACrC,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,UAAkBC,UAAiB;AACvD,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,MAAAA;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,aAAqB;AACzC,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,OAAe,SAAgC;AACzE,YAAMD,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,UAAkB;AAC5C,YAAMA,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,uBAAuB,OAAO,WAAmB,UAAyB;AACzE,YAAM,UAAU,MAAM,QAAQ,OAAgB;AAAA,QAC7C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,sBAAsB;AAAA,QACvB;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,sBAAsB,OAAO,UAAkB;AAC9C,YAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,sBAAsB,OAAO,UAAkB;AAC9C,YAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,UAAI,CAACA,eAAc;AAClB,eAAO;AAAA,MACR;AACA,YAAM,UAAU,MAAM,QAAQ,SAAiB;AAAA,QAC9C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,YAAM,cAAc,MAAM,QAAQ,SAAqB;AAAA,QACtD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,GAAGA;AAAA,QACH;AAAA,QACA;AAAA,MACD;AAAA,IACD;AAAA,IACA,mBAAmB,OAAO,WAAmB;AAC5C,YAAM,UAAU,MAAM,QAAQ,SAAiB;AAAA,QAC9C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,YAAM,kBAAkB,SAAS,IAAI,CAAC,WAAW,OAAO,cAAc;AACtE,cAAQ,IAAI,EAAE,gBAAgB,CAAC;AAC/B,UAAI,CAAC,iBAAiB;AACrB,eAAO,CAAC;AAAA,MACT;AACA,YAAM,gBAAgC,CAAC;AACvC,iBAAW,MAAM,iBAAiB;AACjC,cAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,UACxD,OAAO;AAAA,UACP,OAAO;AAAA,YACN;AAAA,cACC,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD,CAAC;AACD,YAAIA,eAAc;AACjB,wBAAc,KAAKA,aAAY;AAAA,QAChC;AAAA,MACD;AACA,aAAO;AAAA,IACR;AAAA,IACA,kBAAkB,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACD,MAOM;AACL,YAAM,oBAAoB,MAAO,KAAK,KAAK;AAC3C,YAAM,YAAY;AAAA,QACjB,SAAS,uBAAuB;AAAA,MACjC;AACA,YAAM,SAAS,MAAM,QAAQ,OAAmB;AAAA,QAC/C,OAAO;AAAA,QACP,MAAM;AAAA,UACL,IAAI,WAAW;AAAA,UACf,OAAO,WAAW;AAAA,UAClB,MAAM,WAAW;AAAA,UACjB,gBAAgB,WAAW;AAAA,UAC3B,QAAQ;AAAA,UACR;AAAA,UACA,WAAW,KAAK;AAAA,QACjB;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,OAAe;AACzC,YAAM,aAAa,MAAM,QAAQ,QAAoB;AAAA,QACpD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,uBAAuB,OAAO,SAGxB;AACL,YAAM,aAAa,MAAM,QAAQ,SAAqB;AAAA,QACrD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO,WAAW;AAAA,QACjB,CAAC,WAAW,IAAI,KAAK,OAAO,SAAS,IAAI,oBAAI,KAAK;AAAA,MACnD;AAAA,IACD;AAAA,IACA,kBAAkB,OAAO,SAGnB;AACL,YAAM,aAAa,MAAM,QAAQ,OAAmB;AAAA,QACnD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,QAAQ,KAAK;AAAA,QACd;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,EACD;AACD;;;AClVA,OAA8D;;;ACA9D,SAAS,YAAAE,iBAAgB;AAIlB,IAAM,oBAAoB,qBAAqB,OAAO,QAAQ;AACpE,QAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,MAAI,CAAC,SAAS,SAAS;AACtB,UAAM,IAAIC,UAAS,cAAc;AAAA,EAClC;AACA,SAAO;AAAA,IACN;AAAA,EACD;AACD,CAAC;;;ADLM,IAAM,gBAAgB,qBAAqB,OAAO,QAAQ;AAChE,SAAO,CAAC;AAYT,CAAC;AAEM,IAAM,uBAAuB;AAAA,EACnC;AAAA,IACC,KAAK,CAAC,iBAAiB;AAAA,EACxB;AAAA,EACA,OAAO,QAAQ;AAEd,UAAM,UAAU,IAAI,QAAQ;AAM5B,WAAO;AAAA,MACN;AAAA,IACD;AAAA,EACD;AACD;;;AEtCA,SAAS,KAAAC,UAAS;;;ACAlB,SAAS,KAAAC,UAAS;AAEX,IAAM,OAAOA,GAAE,KAAK,CAAC,SAAS,UAAU,OAAO,CAAC;AAChD,IAAM,mBAAmBA,GAC9B,KAAK,CAAC,WAAW,YAAY,YAAY,UAAU,CAAC,EACpD,QAAQ,SAAS;AACZ,IAAM,qBAAqBA,GAAE,OAAO;AAAA,EAC1C,IAAIA,GAAE,OAAO;AAAA,EACb,MAAMA,GAAE,OAAO;AAAA,EACf,MAAMA,GAAE,OAAO;AAChB,CAAC;AAEM,IAAM,eAAeA,GAAE,OAAO;AAAA,EACpC,IAAIA,GAAE,OAAO;AAAA,EACb,MAAMA,GAAE,OAAO;AAAA,EACf,OAAOA,GAAE,OAAO;AAAA,EAChB,gBAAgBA,GAAE,OAAO;AAAA,EACzB,QAAQA,GAAE,OAAO;AAAA,EACjB;AACD,CAAC;AAEM,IAAM,mBAAmBA,GAAE,OAAO;AAAA,EACxC,IAAIA,GAAE,OAAO;AAAA,EACb,gBAAgBA,GAAE,OAAO;AAAA,EACzB,OAAOA,GAAE,OAAO;AAAA,EAChB;AAAA,EACA,QAAQ;AAAA;AAAA;AAAA;AAAA,EAIR,WAAWA,GAAE,OAAO;AAAA,EACpB,WAAWA,GAAE,KAAK;AACnB,CAAC;;;ADxBM,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,eAAe,oBAAoB;AAAA,IACzC,MAAMC,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO;AAAA,MAChB;AAAA,MACA,gBAAgBA,GAAE,OAAO,EAAE,SAAS;AAAA,MACpC,QAAQA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9B,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QACL,IAAI,KAAK,kBAAkB,QAAQ,QAAQ;AAC5C,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAYA,MAAK,UAAU;AAAA,MAChC,YAAY,CAAC,QAAQ;AAAA,IACtB,CAAC;AACD,QAAI,UAAU,OAAO;AACpB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ,kBAAkB;AAAA,MACrD,OAAO,IAAI,KAAK;AAAA,MAChB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,eAAe;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,QAAQ,sBAAsB;AAAA,MAC1D,OAAO,IAAI,KAAK;AAAA,MAChB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,eAAe,UAAU,CAAC,IAAI,KAAK,QAAQ;AAC9C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,aAAa,MAAM,QAAQ,iBAAiB;AAAA,MACjD,YAAY;AAAA,QACX,MAAM,IAAI,KAAK;AAAA,QACf,OAAO,IAAI,KAAK;AAAA,QAChB,gBAAgB;AAAA,MACjB;AAAA,MACA,MAAM,QAAQ;AAAA,IACf,CAAC;AACD,UAAM,IAAI,QAAQ,WAAW;AAAA,MAC5B;AAAA,MACA,IAAI,KAAK;AAAA,IACV;AACA,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QACC,CAAC,cACD,WAAW,YAAY,oBAAI,KAAK,KAChC,WAAW,WAAW,WACrB;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,UAAM,SAAS,MAAM,QAAQ,aAAa;AAAA,MACzC,IAAI,WAAW;AAAA,MACf,gBAAgB,WAAW;AAAA,MAC3B,QAAQ,QAAQ,KAAK;AAAA,MACrB,OAAO,WAAW;AAAA,MAClB,MAAM,WAAW;AAAA,MACjB,MAAM,QAAQ,KAAK;AAAA,IACpB,CAAC;AACD,WAAO,IAAI,KAAK;AAAA,MACf,YAAY;AAAA,MACZ;AAAA,IACD,CAAC;AAAA,EACF;AACD;AACO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QACC,CAAC,cACD,WAAW,YAAY,oBAAI,KAAK,KAChC,WAAW,WAAW,WACrB;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QAAI,CAAC,YAAY;AAChB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB,WAAW;AAAA,IAC5B,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,IAAI,QAAQ,MAAM,OAAO,IAAI,EAAE,UAAU;AAAA,MAC1D,YAAY,CAAC,QAAQ;AAAA,IACtB,CAAC;AACD,QAAI,UAAU,OAAO;AACpB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK,SAAS;AAAA,EAC1B;AACD;AAEO,IAAM,sBAAsB;AAAA,EAClC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,aAAa;AAAA,IACnB,OAAOA,GAAE,OAAO;AAAA,MACf,IAAIA,GAAE,OAAO;AAAA,IACd,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,MAAM,EAAE;AAChE,QACC,CAAC,cACD,WAAW,WAAW,aACtB,WAAW,YAAY,oBAAI,KAAK,GAC/B;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,gBAAe,MAAM,QAAQ;AAAA,MAClC,WAAW;AAAA,IACZ;AACA,QAAI,CAACA,eAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,WAAW;AAAA,MACnB,gBAAgB,WAAW;AAAA,IAC5B,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,MACf,GAAG;AAAA,MACH,kBAAkBA,cAAa;AAAA,MAC/B,kBAAkBA,cAAa;AAAA,MAC/B,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,IACrB,CAAC;AAAA,EACF;AACD;;;AEpUA,SAAS,KAAAC,UAAS;AAKX,IAAM,eAAe;AAAA,EAC3B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA,MACd,UAAUA,GAAE,OAAO;AAAA,IACpB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,QAAQ,QAAQ;AAC9B,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QACC,QAAQ,KAAK,OAAO,OAAO,UAC3B,OAAO,UAAU,IAAI,QAAQ,YAAY,eAAe,UACvD;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,kBAAkBA,MAAK,UAAU;AAAA,MACtC,QAAQ,CAAC,QAAQ;AAAA,IAClB,CAAC;AACD,QAAI,gBAAgB,OAAO;AAC1B,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,WAAW,MAAM,QAAQ,eAAe,IAAI,KAAK,QAAQ;AAC/D,QAAI,UAAU,mBAAmB,OAAO;AACvC,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ,aAAa,IAAI,KAAK,QAAQ;AAClE,QACC,QAAQ,KAAK,OAAO,SAAS,UAC7B,QAAQ,QAAQ,yBAAyB,SAAS,gBACjD;AACD,YAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,IAAI;AAAA,IAC7D;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;AAEO,IAAM,eAAe;AAAA,EAC3B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,GAAE,OAAO;AAAA,MACd,UAAUA,GAAE,OAAO;AAAA,MACnB,MAAMA,GAAE,OAAO;AAAA,IAChB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,QAAQ,QAAQ;AAC9B,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,kBAAkBA,MAAK,UAAU;AAAA,MACtC,QAAQ,CAAC,QAAQ;AAAA,IAClB,CAAC;AACD,QAAI,gBAAgB,OAAO;AAC1B,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ;AAAA,MACnC,IAAI,KAAK;AAAA,MACT,IAAI,KAAK;AAAA,IACV;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;;;ACrJA,SAAS,KAAAC,WAAS;AAOX,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO;AAAA,MACf,MAAMA,IAAE,OAAO;AAAA,MACf,QAAQA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,QAAI,CAAC,MAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,eACL,OAAO,SAAS,kCAAkC,aAC/C,MAAM,QAAQ,8BAA8B,IAAI,IAChD,SAAS,kCAAkC,SAC1C,OACA,QAAQ;AACb,QAAI,CAAC,cAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,OAAO;AAC1D,UAAM,uBAAuB,MAAM,QAAQ;AAAA,MAC1C,IAAI,KAAK;AAAA,IACV;AACA,QAAI,sBAAsB;AACzB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,gBAAe,MAAM,QAAQ,mBAAmB;AAAA,MACrD,cAAc;AAAA,QACb,IAAI,WAAW;AAAA,QACf,MAAM,IAAI,KAAK;AAAA,QACf,MAAM,IAAI,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,IACD,CAAC;AACD,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,MAAMA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,aAAa;AAAA,EACpB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,IAAI,QAAQ,WAAW,GAAG;AAChD,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,QAAQ,IAAI,KAAK,SAAS,QAAQ,QAAQ;AAChD,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,eAAeA,MAAK,UAAU;AAAA,MACnC,cAAc,CAAC,QAAQ;AAAA,IACxB,CAAC;AACD,QAAI,aAAa,OAAO;AACvB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,aAAa,MAAM,QAAQ,mBAAmB,OAAO,IAAI,IAAI;AACnE,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMF,IAAE,OAAO;AAAA,MACd,OAAOA,IAAE,OAAO;AAAA,IACjB,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,aAAa;AAAA,EACpB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,IAAI,QAAQ,WAAW,GAAG;AAChD,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,QAAQ,IAAI,KAAK;AACvB,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,eAAeA,MAAK,UAAU;AAAA,MACnC,cAAc,CAAC,QAAQ;AAAA,IACxB,CAAC;AACD,QAAI,aAAa,OAAO;AACvB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,QAAI,UAAU,QAAQ,QAAQ,sBAAsB;AAInD,YAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,IAAI;AAAA,IAC7D;AACA,UAAM,aAAa,MAAM,QAAQ,mBAAmB,KAAK;AACzD,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,sBAAsB;AAAA,EAClC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOF,IAAE,OAAO;AAAA,MACf,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,IAAI,MAAM,SAAS,QAAQ,QAAQ;AACjD,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAMC,gBAAe,MAAM,QAAQ,qBAAqB,KAAK;AAC7D,QAAI,CAACA,eAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,wBAAwB;AAAA,EACpC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,IAAE,OAAO;AAAA,MACd,OAAOA,IAAE,OAAO;AAAA,IACjB,CAAC;AAAA,IACD,KAAK,CAAC,mBAAmB,aAAa;AAAA,EACvC;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,IAAI,KAAK;AACvB,UAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,KAAK;AAC7D,UAAMC,gBAAe,MAAM,QAAQ,qBAAqB,KAAK;AAC7D,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,gBAAgB,MAAM,QAAQ;AAAA,MACnC,IAAI,QAAQ,QAAQ,KAAK;AAAA,IAC1B;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;;;ArChKO,IAAM,eAAe,CAAgC,YAAgB;AAC3E,QAAM,YAAY;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD;AAEA,QAAM,QAAQ;AAAA,IACb,GAAG;AAAA,IACH,GAAG,SAAS;AAAA,EACb;AAEA,QAAM,MAAM,YAAY,WAAW;AAAA,IAClC,YAAY,WAAW,CAAC;AAAA,IACxB;AAAA,IACA,YAAY,OAAO,YAAyB;AAE3C,aAAO,MAAM,kBAAkB,OAAO;AAAA,IACvC;AAAA,EACD,CAAC;AAQD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,GAAG;AAAA,MACH,eAAe;AAAA,QACd;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,gBAAgB;AAAA,UAChB,MAAME,IAAE,OAAO;AAAA,YACd,YAAYA,IAAE,OAAOA,IAAE,OAAO,GAAGA,IAAE,MAAMA,IAAE,OAAO,CAAC,CAAC;AAAA,UACrD,CAAC;AAAA,UAQD,KAAK,CAAC,oBAAoB;AAAA,QAC3B;AAAA,QACA,OAAO,QAAQ;AACd,cAAI,CAAC,IAAI,QAAQ,QAAQ,QAAQ,sBAAsB;AACtD,kBAAM,IAAIC,UAAS,eAAe;AAAA,cACjC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,cAAc,IAAI,QAAQ,OAAO;AACjD,gBAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,YAC9C,QAAQ,IAAI,QAAQ,QAAQ,KAAK;AAAA,YACjC,gBACC,IAAI,QAAQ,QAAQ,QAAQ,wBAAwB;AAAA,UACtD,CAAC;AACD,cAAI,CAAC,QAAQ;AACZ,kBAAM,IAAIA,UAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAMC,QAAO,MAAM,OAAO,IAAI;AAC9B,gBAAM,SAASA,MAAK,UAAU,IAAI,KAAK,UAAiB;AACxD,cAAI,OAAO,OAAO;AACjB,mBAAO,IAAI;AAAA,cACV;AAAA,gBACC,OAAO,OAAO;AAAA,gBACd,SAAS;AAAA,cACV;AAAA,cACA;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD;AACA,iBAAO,IAAI,KAAK;AAAA,YACf,OAAO;AAAA,YACP,SAAS;AAAA,UACV,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,SAAS;AAAA,QACR,QAAQ;AAAA,UACP,sBAAsB;AAAA,YACrB,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,MACA,cAAc;AAAA,QACb,QAAQ;AAAA,UACP,MAAM;AAAA,YACL,MAAM;AAAA,UACP;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,QAAQ;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,MACA,QAAQ;AAAA,QACP,QAAQ;AAAA,UACP,gBAAgB;AAAA,YACf,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,OAAO;AAAA,YACN,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,UACP;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,QACD;AAAA,MACD;AAAA,MACA,YAAY;AAAA,QACX,QAAQ;AAAA,UACP,gBAAgB;AAAA,YACf,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,OAAO;AAAA,YACN,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,YAAY;AAAA,cACX,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AsCvRA,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,OAAkB;;;ACDlB,SAAS,yBAAyB;AAClC,SAAS,YAAY,YAAY,mBAAmB;AACpD,SAAS,oBAAoB;AAC7B,SAAS,cAAc;AAEvB,eAAsB,MAAM,WAAmB,SAAiB;AAC/D,QAAM,MAAM,IAAI,YAAY;AAC5B,QAAM,YAAY,EAAE,MAAM,QAAQ,MAAM,UAAU;AAClD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,IACA,IAAI,OAAO,SAAS;AAAA,IACpB;AAAA,IACA;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAClB;AACA,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACrC,UAAU;AAAA,IACV;AAAA,IACA,IAAI,OAAO,OAAO;AAAA,EACnB;AACA,SAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,SAAS,CAAC,CAAC;AAC9D;AAOO,IAAM,mBAAmB,CAAC,EAAE,KAAK,KAAK,MAA+B;AAC3E,QAAM,aAAa,OAAO,GAAG;AAC7B,QAAM,cAAc,YAAY,IAAI;AACpC,QAAM,SAAS,aAAa,iBAAiB,EAAE,UAAU;AACzD,SAAO,WAAW,OAAO,QAAQ,WAAW,CAAC;AAC9C;AAOO,IAAM,mBAAmB,CAAC,EAAE,KAAK,KAAK,MAA+B;AAC3E,QAAM,aAAa,OAAO,GAAG;AAC7B,QAAM,cAAc,WAAW,IAAI;AACnC,QAAM,SAAS,aAAa,iBAAiB,EAAE,UAAU;AACzD,SAAO,OAAO,QAAQ,WAAW;AAClC;;;AC7CA,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,KAAAC,WAAS;;;ACDlB,SAAS,YAAAC,iBAAgB;;;ACAlB,IAAM,yBAAyB;AAC/B,IAAM,gCAAgC;;;ADMtC,IAAM,4BAA4B,qBAAqB,OAAO,QAAQ;AAC5E,QAAM,SAAS,MAAM,IAAI;AAAA,IACxB;AAAA,IACA,IAAI,QAAQ;AAAA,EACb;AACA,MAAI,CAAC,QAAQ;AACZ,UAAM,IAAIC,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,CAAC,QAAQ,IAAI,IAAI,OAAO,MAAM,GAAG;AACvC,MAAI,CAAC,UAAU,CAAC,MAAM;AACrB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,WAAW,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,IAC5D,OAAO;AAAA,IACP,OAAO;AAAA,MACN;AAAA,QACC,OAAO;AAAA,QACP,OAAO;AAAA,MACR;AAAA,IACD;AAAA,EACD,CAAC;AACD,MAAI,CAAC,SAAS,QAAQ;AACrB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,iBAAiB,SAAS;AAAA,IAC/B,CAAC,YAAY,QAAQ,YAAY,oBAAI,KAAK;AAAA,EAC3C;AACA,MAAI,CAAC,gBAAgB;AACpB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,aAAW,WAAW,gBAAgB;AACrC,UAAM,cAAc,MAAM,MAAM,IAAI,QAAQ,QAAQ,QAAQ,EAAE;AAC9D,UAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAA2B;AAAA,MACjE,OAAO;AAAA,MACP,OAAO;AAAA,QACN;AAAA,UACC,OAAO;AAAA,UACP,OAAO,QAAQ;AAAA,QAChB;AAAA,MACD;AAAA,IACD,CAAC;AACD,QAAI,CAAC,MAAM;AACV,YAAM,IAAIA,UAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,QAAI,gBAAgB,MAAM;AACzB,aAAO;AAAA,QACN,OAAO,YAAY;AAIlB,gBAAM,IAAI;AAAA,YACT,IAAI,QAAQ,YAAY,aAAa;AAAA,YACrC,QAAQ;AAAA,YACR,IAAI,QAAQ;AAAA,YACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,UACtC;AACA,cAAI,IAAI,KAAK,aAAa;AACzB,mBAAO,IAAI,KAAK;AAAA,cACf,QAAQ;AAAA,cACR,aAAa,IAAI,KAAK;AAAA,cACtB,UAAU;AAAA,YACX,CAAC;AAAA,UACF;AAEA,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,QACA,SAAS,YAAY;AACpB,iBAAO,IAAI;AAAA,YACV,EAAE,QAAQ,MAAM;AAAA,YAChB;AAAA,cACC,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD;AAAA,UACD;AAAA,QACD;AAAA,QACA,SAAS;AAAA,UACR,IAAI,QAAQ;AAAA,UACZ,QAAQ,QAAQ;AAAA,UAChB,WAAW,QAAQ;AAAA,UACnB;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACA,QAAM,IAAIA,UAAS,gBAAgB;AAAA,IAClC,SAAS;AAAA,EACV,CAAC;AACF,CAAC;;;ADlFD,SAAS,sBAAsB,SAA6B;AAC3D,SAAO,MAAM,KAAK,EAAE,QAAQ,SAAS,UAAU,GAAG,CAAC,EACjD,KAAK,IAAI,EACT;AAAA,IAAI,MACJC,sBAAqB,SAAS,UAAU,IAAIC,UAAS,OAAO,KAAK,CAAC;AAAA,EACnE,EACC,IAAI,CAAC,SAAS,GAAG,KAAK,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,EAAE;AACvD;AAEA,eAAsB,oBACrB,QACA,SACC;AACD,QAAM,MAAM;AACZ,QAAM,cAAc,SAAS,4BAC1B,QAAQ,0BAA0B,IAClC,sBAAsB;AACzB,QAAM,WAAW,iBAAiB;AAAA,IACjC,MAAM,KAAK,UAAU,WAAW;AAAA,IAChC;AAAA,EACD,CAAC;AACD,SAAO;AAAA,IACN;AAAA,IACA,sBAAsB;AAAA,EACvB;AACD;AAEA,eAAsB,iBACrB,MAIA,KACC;AACD,QAAM,QAAQ,MAAM,eAAe,KAAK,MAAM,GAAG;AACjD,MAAI,CAAC,OAAO;AACX,WAAO;AAAA,EACR;AACA,SAAO,MAAM,SAAS,KAAK,IAAI;AAChC;AAEA,eAAsB,eAAe,MAAyB,KAAa;AAC1E,QAAM,SAAS,OAAO;AAAA,IACrB,MAAM,iBAAiB,EAAE,KAAK,MAAM,KAAK,qBAAqB,CAAC;AAAA,EAChE,EAAE,SAAS,OAAO;AAClB,QAAM,OAAO,KAAK,MAAM,MAAM;AAC9B,QAAM,SAASC,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,UAAU,IAAI;AACjD,MAAI,OAAO,SAAS;AACnB,WAAO,OAAO;AAAA,EACf;AACA,SAAO;AACR;AAEO,IAAM,gBAAgB,CAAC,YAAgC;AAC7D,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,kBAAkB;AAAA,QACjB;AAAA,QAEA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMA,IAAE,OAAO;AAAA,YACd,MAAMA,IAAE,OAAO;AAAA,UAChB,CAAC;AAAA,UACD,KAAK,CAAC,yBAAyB;AAAA,QAChC;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,WAAW;AAAA,YAChB;AAAA,cACC,MAAM,IAAI,QAAQ,QAAQ;AAAA,cAC1B,MAAM,IAAI,KAAK;AAAA,YAChB;AAAA,YACA,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,UAAU;AACd,mBAAO,IAAI;AAAA,cACV,EAAE,QAAQ,MAAM;AAAA,cAChB;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD;AACA,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,MACA,qBAAqB;AAAA,QACpB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,cAAc,MAAM;AAAA,YACzB,IAAI,QAAQ;AAAA,YACZ;AAAA,UACD;AACA,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,kBAAkB;AAAA,cAClB,sBAAsB,YAAY;AAAA,YACnC;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,IAAI,QAAQ,QAAQ,KAAK;AAAA,cACjC;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK;AAAA,YACf,QAAQ;AAAA,YACR,aAAa,YAAY;AAAA,UAC1B,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,iBAAiB;AAAA,QAChB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,cAAc,eAAe,MAAM,IAAI,QAAQ,MAAM;AAC3D,iBAAO,IAAI,KAAK;AAAA,YACf,QAAQ;AAAA,YACR;AAAA,UACD,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AG7JA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,6BAA6B;AACtC,SAAS,oBAAoB;AAC7B,SAAS,KAAAC,WAAS;AAmBX,IAAM,SAAS,CAAC,YAAyB;AAI/C,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,WAAW,CAAC,QAAQ,SAAS;AACjC,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIC,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,eAAe,sBAAsB,GAAM;AACjD,YAAM,MAAM,MAAM;AAAA,QACjB,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,QAAQ,QAAQ,IAAI,QAAQ,QAAQ,MAA2B,GAAG;AACxE,YAAM,SAAS,IAAI,QAAQ;AAAA,QAC1B;AAAA,QACA;AAAA,UACC,QAAQ,QAAQ;AAAA,QACjB;AAAA,MACD;AACA,YAAM,IAAI;AAAA,QACT,OAAO;AAAA,QACP,aAAa,SAAS;AAAA,QACtB,IAAI,QAAQ;AAAA,QACZ,OAAO;AAAA,MACR;AACA,aAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACjC;AAAA,EACD;AAEA,QAAM,YAAY;AAAA,IACjB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,MAAMC,IAAE,OAAO;AAAA,QACd,MAAMA,IAAE,OAAO;AAAA,MAChB,CAAC;AAAA,MACD,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,YAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,UAAI,CAAC,KAAK,kBAAkB;AAC3B,cAAM,IAAID,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,SAAS,IAAI,QAAQ;AAAA,QAC1B;AAAA,MACD;AACA,YAAM,eAAe,MAAM,IAAI;AAAA,QAC9B,OAAO;AAAA,QACP,IAAI,QAAQ;AAAA,MACb;AACA,UAAI,CAAC,cAAc;AAClB,cAAM,IAAIA,UAAS,gBAAgB;AAAA,UAClC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,aAAa,MAAM;AAAA,QACxB,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B,SAAS,YAAY;AAAA,MACtB;AACA,UAAI,eAAe,IAAI,KAAK,MAAM;AACjC,YAAI,UAAU,OAAO,MAAM,IAAI;AAAA,UAC9B,MAAM;AAAA,UACN,UAAU;AAAA,UACV,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,QAAQ;AAAA,QACT,CAAC;AACD,eAAO,IAAI,QAAQ,MAAM;AAAA,MAC1B,OAAO;AACN,eAAO,IAAI,QAAQ,QAAQ;AAAA,MAC5B;AAAA,IACD;AAAA,EACD;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV;AAAA,MACA;AAAA,IACD;AAAA,EACD;AACD;;;ACpHA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,YAAAC,iBAAgB;AACzB,SAAS,gBAAgB,wBAAwB;AACjD,SAAS,KAAAC,WAAS;AA8BX,IAAM,UAAU,CAAC,YAAyB;AAChD,QAAM,OAAO;AAAA,IACZ,QAAQ;AAAA,IACR,QAAQ,IAAIC,UAAS,SAAS,UAAU,IAAI,GAAG;AAAA,EAChD;AAEA,QAAM,eAAe;AAAA,IACpB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,iBAAiB;AAAA,IACxB;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIC,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,UAAU,IAAI,QAAQ,QAAQ;AACpC,YAAM,OAAO,IAAI,eAAe,IAAI;AACpC,YAAM,OAAO,MAAM,KAAK,SAAS,OAAO,KAAK,QAAQ,eAAe,CAAC;AACrE,aAAO,EAAE,KAAK;AAAA,IACf;AAAA,EACD;AAEA,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,iBAAiB;AAAA,IACxB;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIA,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,aAAO;AAAA,QACN,SAAS;AAAA,UACR,SAAS,UAAU;AAAA,UACnB,KAAK;AAAA,UACL,OAAO,KAAK,KAAK,eAAe;AAAA,UAChC;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AAEA,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,MAAMC,IAAE,OAAO;AAAA,QACd,MAAMA,IAAE,OAAO;AAAA,QACf,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,MAClC,CAAC;AAAA,MACD,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAID,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,OAAO,IAAI,eAAe,IAAI;AACpC,YAAM,SAAS,OAAO;AAAA,QACrB,MAAM,iBAAiB;AAAA,UACtB,KAAK,IAAI,QAAQ;AAAA,UACjB,MAAM,IAAI,QAAQ,QAAQ,KAAK;AAAA,QAChC,CAAC;AAAA,MACF;AACA,YAAM,SAAS,MAAM,KAAK,OAAO,IAAI,KAAK,MAAM,MAAM;AACtD,UAAI,CAAC,QAAQ;AACZ,eAAO,IAAI,QAAQ,QAAQ;AAAA,MAC5B;AACA,aAAO,IAAI,QAAQ,MAAM;AAAA,IAC1B;AAAA,EACD;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV;AAAA,MACA,aAAa;AAAA,MACb;AAAA,IACD;AAAA,EACD;AACD;;;ACvHO,IAAM,qBAAqB,MAA0C;AAC3E,SAAO,CASN,QAUI;AACJ,WAAO,CAAC,WAAwB;AAC/B,YAAM,OAAO,IAAI,MAAM;AACvB,aAAO;AAAA,QACN,GAAG;AAAA,QACH,cAAc,KAAK;AAAA,QACnB,QAAQ,CAAC;AAAA,MACV;AAAA,IACD;AAAA,EACD;AACD;;;ACrCO,IAAM,kBAAkB,CAC9B,UAQI;AAAA,EACH,UAAU;AAAA,EACV,eAAe;AAChB,MACI;AACJ,SAAO,mBAA6C,EAAE,CAAC,WAAW;AACjE,WAAO;AAAA,MACN,IAAI;AAAA,MACJ,iBAAiB;AAAA,QAChB;AAAA,UACC,SAAS,CAAC,SACT,SAAS,wBAAwB,SAAS;AAAA,UAC3C,MAAM;AAAA,QACP;AAAA,MACD;AAAA,MACA,aAAa;AAAA,QACZ,eAAe;AAAA,QACf,uBAAuB;AAAA,QACvB,sBAAsB;AAAA,QACtB,wBAAwB;AAAA,MACzB;AAAA,MACA,cAAc;AAAA,QACb;AAAA,UACC,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,OAAO;AAAA,YACN,MAAM,UAAU,SAAS;AACxB,kBAAI,QAAQ,MAAM,mBAAmB;AACpC,oBAAI,QAAQ,UAAU;AACrB,yBAAO,SAAS,OAAO,QAAQ;AAAA,gBAChC;AAAA,cACD;AAAA,YACD;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD,CAAC;AACF;;;ARrCO,IAAM,YAAY,CAA6B,YAAe;AACpE,QAAM,OAAO,QAAQ;AAAA,IACpB,QAAQ,QAAQ;AAAA,IAChB,GAAG,QAAQ;AAAA,EACZ,CAAC;AACD,QAAM,aAAa,cAAc,QAAQ,iBAAiB;AAC1D,QAAM,MAAM,OAAO,QAAQ,UAAU;AACrC,QAAM,YAAY,CAAC,MAAM,YAAY,GAAG;AACxC,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,GAAG,KAAK;AAAA,MACR,GAAG,IAAI;AAAA,MACP,GAAG,WAAW;AAAA,MACd,iBAAiB;AAAA,QAChB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,SAASE,sBAAqB,IAAIC,UAAS,OAAO,OAAO,GAAG,CAAC;AACnE,gBAAM,kBAAkB,MAAM,iBAAiB;AAAA,YAC9C,KAAK,IAAI,QAAQ;AAAA,YACjB,MAAM;AAAA,UACP,CAAC;AACD,gBAAM,cAAc,MAAM;AAAA,YACzB,IAAI,QAAQ;AAAA,YACZ,QAAQ;AAAA,UACT;AACA,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,iBAAiB;AAAA,cACjB,kBAAkB;AAAA,cAClB,sBAAsB,YAAY;AAAA,YACnC;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,MACA,kBAAkB;AAAA,QACjB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,kBAAkB;AAAA,YACnB;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,IACD;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACN,OAAO;AAAA,QACN;AAAA,UACC,QAAQ,SAAS;AAChB,mBACC,QAAQ,SAAS,oBACjB,QAAQ,SAAS;AAAA,UAEnB;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC5C,kBAAM,WAAY,MAAO,IAAY;AACrC,gBAAI,UAAU,WAAW,KAAK;AAC7B;AAAA,YACD;AACA,kBAAM,WAAY,MAAM,SAAS,KAAK;AAItC,gBAAI,CAAC,SAAS,KAAK,kBAAkB;AACpC;AAAA,YACD;AAIA,gBAAI,UAAU,IAAI,QAAQ,YAAY,aAAa,MAAM,IAAI;AAAA,cAC5D,MAAM;AAAA,cACN,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,cACR,QAAQ;AAAA,YACT,CAAC;AACD,kBAAM,OAAO,MAAM,MAAM,IAAI,QAAQ,QAAQ,SAAS,QAAQ,EAAE;AAOhE,kBAAM,IAAI;AAAA,cACT;AAAA,cACA,GAAG,SAAS,QAAQ,MAAM,IAAI,IAAI;AAAA,cAClC,IAAI,QAAQ;AAAA,cACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,YACtC;AACA,kBAAM,MAAM,IAAI;AAAA,cACf,KAAK,UAAU;AAAA,gBACd,mBAAmB;AAAA,cACpB,CAAC;AAAA,cACD;AAAA,gBACC,SAAS,IAAI;AAAA,cACd;AAAA,YACD;AACA,mBAAO;AAAA,cACN,UAAU;AAAA,YACX;AAAA,UACD,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,MAAM;AAAA,QACL,QAAQ;AAAA,UACP,kBAAkB;AAAA,YACjB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,UACA,iBAAiB;AAAA,YAChB,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,sBAAsB;AAAA,YACrB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AStKA;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAOP,SAAS,YAAAC,iBAAgB;AACzB,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,KAAAC,WAAS;;;ACblB;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAUA,IAAM,oBAAoB,CAAC,WAAwB;AACzD,QAAM,gBAAgB,OAAO,SAIvB;AACL,UAAM,WAAW,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,QACC,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,OAAO,MAAM;AAAA,QACd;AAAA,MACD;AAAA,IACD;AACA,QAAI,CAAC,SAAS,MAAM;AACnB,aAAO;AAAA,IACR;AACA,QAAI;AACH,YAAM,MAAM,MAAM;AAAA,QACjB,SAAS;AAAA,QACT,MAAM,YAAY;AAAA,MACnB;AACA,YAAM,WAAW,MAAM,OAGpB,kCAAkC;AAAA,QACpC,MAAM;AAAA,UACL,UAAU;AAAA,UACV,MAAM;AAAA,QACP;AAAA,MACD,CAAC;AACD,UAAI,CAAC,SAAS,MAAM;AACnB,eAAO;AAAA,MACR;AAAA,IACD,SAAS,GAAG;AACX,cAAQ,IAAI,CAAC;AAAA,IACd;AAAA,EACD;AAEA,QAAM,kBAAkB,YAAY;AACnC,UAAM,UAAU,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,QACC,QAAQ;AAAA,MACT;AAAA,IACD;AACA,QAAI,CAAC,QAAQ,MAAM;AAClB,aAAO;AAAA,IACR;AACA,QAAI;AACH,YAAM,MAAM,MAAM,kBAAkB,QAAQ,IAAI;AAChD,YAAM,WAAW,MAAM,OAEpB,gCAAgC;AAAA,QAClC,MAAM;AAAA,UACL,UAAU;AAAA,UACV,MAAM;AAAA,QACP;AAAA,MACD,CAAC;AACD,UAAI,CAAC,SAAS,MAAM;AACnB,eAAO;AAAA,MACR;AAAA,IACD,SAAS,GAAG;AACX,UAAI,aAAa,eAAe;AAC/B,YAAI,EAAE,SAAS,6CAA6C;AAC3D,iBAAO;AAAA,YACN,MAAM;AAAA,YACN,OAAO;AAAA,cACN,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,YAAY;AAAA,YACb;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACA,SAAO;AAAA,IACN;AAAA,IACA;AAAA,EACD;AACD;AAEO,IAAM,gBAAgB,mBAAiD;AAAA,EAC7E,CAAC,WAAW;AACX,WAAO;AAAA,MACN,IAAI;AAAA,MACJ,SAAS,kBAAkB,MAAM;AAAA,IAClC;AAAA,EACD;AACD;;;ADzCO,IAAM,UAAU,CAAC,YAA4B;AACnD,QAAM,OAAO;AAAA,IACZ,QAAQ;AAAA,IACR,GAAG;AAAA,IACH,MAAM,QAAQ,IAAI,aAAa,gBAAgB,cAAc,QAAQ;AAAA,IACrE,UAAU;AAAA,MACT,yBAAyB;AAAA,MACzB,GAAG,QAAQ;AAAA,IACZ;AAAA,EACD;AACA,QAAM,oCAAoC,KAAK,KAAK;AACpD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,oCAAoC;AAAA,QACnC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,UACvB,UAAU;AAAA,YACT,QAAQ;AAAA,UACT;AAAA,QACD;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,UAAU,IAAI,QAAQ;AAC5B,gBAAM,eAAe,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,YAChE,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,QAAQ,KAAK;AAAA,cACrB;AAAA,YACD;AAAA,UACD,CAAC;AACD,gBAAM,SAAS,IAAI;AAAA,YAClB,OAAO,KAAKC,sBAAqB,IAAIC,UAAS,OAAO,KAAK,CAAC,CAAC;AAAA,UAC7D;AACA,cAAIC;AACJ,UAAAA,WAAU,MAAM,4BAA4B;AAAA,YAC3C,QAAQ,KAAK;AAAA,YACb,MAAM,KAAK;AAAA,YACX;AAAA,YACA,UAAU,QAAQ,KAAK,SAAS,QAAQ,KAAK;AAAA,YAC7C,iBAAiB;AAAA,YACjB,oBAAoB,aAAa,IAAI,CAACC,cAAa;AAAA,cAClD,IAAIA,SAAQ;AAAA,cACZ,YAAYA,SAAQ,YAAY;AAAA,gBAC/B;AAAA,cACD;AAAA,YACD,EAAE;AAAA,YACF,wBAAwB;AAAA,cACvB,aAAa;AAAA,cACb,kBAAkB;AAAA,cAClB,yBAAyB;AAAA,YAC1B;AAAA,UACD,CAAC;AAID,gBAAM,OAA2B;AAAA,YAChC,mBAAmBD,SAAQ;AAAA,YAC3B,UAAU;AAAA,cACT,GAAG,QAAQ;AAAA,cACX,OAAO,QAAQ,KAAK,SAAS,QAAQ,KAAK;AAAA,YAC3C;AAAA,UACD;AAEA,gBAAM,IAAI;AAAA,YACT,KAAK,SAAS;AAAA,YACd,KAAK,UAAU,IAAI;AAAA,YACnB,IAAI,QAAQ;AAAA,YACZ;AAAA,cACC,QAAQ;AAAA,cACR,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,YACT;AAAA,UACD;AACA,iBAAO,IAAI,KAAKA,UAAS;AAAA,YACxB,QAAQ;AAAA,UACT,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,sCAAsC;AAAA,QACrC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAME,IACJ,OAAO;AAAA,YACP,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,YAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC,EACA,SAAS;AAAA,QACZ;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,cAAI,eAA0B,CAAC;AAC/B,cAAI,SAAS;AACZ,2BAAe,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,cAC1D,OAAO;AAAA,cACP,OAAO;AAAA,gBACN;AAAA,kBACC,OAAO;AAAA,kBACP,OAAO,QAAQ,KAAK;AAAA,gBACrB;AAAA,cACD;AAAA,YACD,CAAC;AAAA,UACF;AACA,gBAAMF,WAAU,MAAM,8BAA8B;AAAA,YACnD,MAAM,KAAK;AAAA,YACX,kBAAkB;AAAA,YAClB,GAAI,aAAa,SACd;AAAA,cACA,kBAAkB,aAAa,IAAI,CAACC,cAAa;AAAA,gBAChD,IAAIA,SAAQ;AAAA,gBACZ,YAAYA,SAAQ,YAAY;AAAA,kBAC/B;AAAA,gBACD;AAAA,cACD,EAAE;AAAA,YACH,IACC,CAAC;AAAA,UACL,CAAC;AAID,gBAAM,OAA2B;AAAA,YAChC,mBAAmBD,SAAQ;AAAA,YAC3B,UAAU;AAAA,cACT,OAAO,SAAS,KAAK,SAAS,SAAS,KAAK,MAAM;AAAA,cAClD,IAAI,SAAS,KAAK,MAAM;AAAA,YACzB;AAAA,YACA,aAAa,IAAI,MAAM;AAAA,UACxB;AACA,gBAAM,IAAI;AAAA,YACT,KAAK,SAAS;AAAA,YACd,KAAK,UAAU,IAAI;AAAA,YACnB,IAAI,QAAQ;AAAA,YACZ;AAAA,cACC,QAAQ;AAAA,cACR,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,YACT;AAAA,UACD;AACA,iBAAO,IAAI,KAAKA,UAAS;AAAA,YACxB,QAAQ;AAAA,UACT,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,2BAA2B;AAAA,QAC1B;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAME,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,IAAI;AAAA,UACjB,CAAC;AAAA,UACD,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,SAAS,QAAQ,UAAU,IAAI,SAAS,IAAI,QAAQ,KAAK;AAC/D,cAAI,CAAC,QAAQ;AACZ,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,OAAO,IAAI,KAAK;AACtB,gBAAM,kBAAkB,MAAM,IAAI;AAAA,YACjC,KAAK,SAAS;AAAA,YACd,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,iBAAiB;AACrB,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,EAAE,UAAU,kBAAkB,IAAI,KAAK;AAAA,YAC5C;AAAA,UACD;AAEA,cAAI,SAAS,OAAO,IAAI,QAAQ,QAAQ,KAAK,IAAI;AAChD,kBAAM,IAAIC,UAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AAEA,cAAI;AACH,kBAAM,eAAe,MAAM,2BAA2B;AAAA,cACrD,UAAU;AAAA,cACV;AAAA,cACA,gBAAgB;AAAA,cAChB,cAAc,QAAQ;AAAA,YACvB,CAAC;AACD,kBAAM,EAAE,UAAU,iBAAiB,IAAI;AACvC,gBAAI,CAAC,YAAY,CAAC,kBAAkB;AACnC,qBAAO,IAAI,KAAK,MAAM;AAAA,gBACrB,QAAQ;AAAA,cACT,CAAC;AAAA,YACF;AACA,kBAAM;AAAA,cACL;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACD,IAAI;AACJ,kBAAM,SAAS,OAAO,KAAK,mBAAmB,EAAE,SAAS,QAAQ;AACjE,kBAAM,SAASL,sBAAqB,IAAIC,UAAS,OAAO,KAAK,CAAC;AAC9D,kBAAM,aAAsB;AAAA,cAC3B,QAAQ,SAAS;AAAA,cACjB,gBAAgB;AAAA,cAChB,IAAI;AAAA,cACJ,WAAW;AAAA,cACX;AAAA,cACA,YAAY;AAAA,cACZ,YAAY,KAAK,SAAS,WAAW,KAAK,GAAG;AAAA,cAC7C,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,YACrB;AACA,kBAAM,gBAAgB,MAAM,IAAI,QAAQ,QAAQ,OAAgB;AAAA,cAC/D,OAAO;AAAA,cACP,MAAM;AAAA,YACP,CAAC;AACD,mBAAO,IAAI,KAAK,eAAe;AAAA,cAC9B,QAAQ;AAAA,YACT,CAAC;AAAA,UACF,SAAS,GAAG;AACX,oBAAQ,IAAI,CAAC;AACb,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AAAA,QACD;AAAA,MACD;AAAA,MACA,6BAA6B;AAAA,QAC5B;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMG,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,IAAI;AAAA,UACjB,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,SAAS,QAAQ,UAAU,IAAI,SAAS,IAAI,QAAQ,KAAK;AAC/D,cAAI,CAAC,QAAQ;AACZ,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,OAAO,IAAI,KAAK;AACtB,gBAAM,kBAAkB,MAAM,IAAI;AAAA,YACjC,KAAK,SAAS;AAAA,YACd,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,iBAAiB;AACrB,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,EAAE,mBAAmB,YAAY,IAAI,KAAK;AAAA,YAC/C;AAAA,UACD;AACA,gBAAMD,WAAU,MAAM,IAAI,QAAQ,QAAQ,QAAiB;AAAA,YAC1D,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,cAAI,CAACA,UAAS;AACb,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AACA,cAAI;AACH,kBAAM,eAAe,MAAM,6BAA6B;AAAA,cACvD,UAAU;AAAA,cACV;AAAA,cACA,gBAAgB;AAAA,cAChB,cAAc,KAAK;AAAA,cACnB,eAAe;AAAA,gBACd,cAAcA,SAAQ;AAAA,gBACtB,qBAAqB,IAAI;AAAA,kBACxB,OAAO,KAAKA,SAAQ,WAAW,QAAQ;AAAA,gBACxC;AAAA,gBACA,SAASA,SAAQ;AAAA,gBACjB,YAAYA,SAAQ,YAAY;AAAA,kBAC/B;AAAA,gBACD;AAAA,cACD;AAAA,YACD,CAAC;AACD,kBAAM,EAAE,SAAS,IAAI;AACrB,gBAAI,CAAC;AACJ,qBAAO,IAAI,KAAK,MAAM;AAAA,gBACrB,QAAQ;AAAA,gBACR,MAAM;AAAA,kBACL,SAAS;AAAA,gBACV;AAAA,cACD,CAAC;AAEF,kBAAM,IAAI,QAAQ,QAAQ,OAAgB;AAAA,cACzC,OAAO;AAAA,cACP,OAAO;AAAA,gBACN;AAAA,kBACC,OAAO;AAAA,kBACP,OAAOA,SAAQ;AAAA,gBAChB;AAAA,cACD;AAAA,cACA,QAAQ;AAAA,gBACP,SAAS,aAAa,mBAAmB;AAAA,cAC1C;AAAA,YACD,CAAC;AACD,kBAAM,IAAI,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAC3CA,SAAQ;AAAA,cACR,IAAI;AAAA,YACL;AACA,kBAAM,IAAI;AAAA,cACT,IAAI,QAAQ,YAAY,aAAa;AAAA,cACrC,EAAE;AAAA,cACF,IAAI,QAAQ;AAAA,cACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,YACtC;AACA,gBAAI,aAAa;AAChB,qBAAO,IAAI,KAAK;AAAA,gBACf,KAAK;AAAA,gBACL,UAAU;AAAA,gBACV,SAAS;AAAA,cACV,CAAC;AAAA,YACF;AACA,mBAAO,IAAI;AAAA,cACV;AAAA,gBACC,SAAS;AAAA,cACV;AAAA,cACA;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD,SAAS,GAAG;AACX,gBAAI,QAAQ,OAAO,MAAM,CAAC;AAC1B,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,SAAS;AAAA,QACR,QAAQ;AAAA,UACP,WAAW;AAAA,YACV,MAAM;AAAA,UACP;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,YAAY;AAAA,cACX,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,UACA,gBAAgB;AAAA,YACf,MAAM;AAAA,UACP;AAAA,UACA,SAAS;AAAA,YACR,MAAM;AAAA,UACP;AAAA,UACA,YAAY;AAAA,YACX,MAAM;AAAA,UACP;AAAA,UACA,UAAU;AAAA,YACT,MAAM;AAAA,UACP;AAAA,UACA,YAAY;AAAA,YACX,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,cAAc,oBAAI,KAAK;AAAA,YACvB,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AE3cA,SAAS,KAAAG,WAAS;AAGlB,SAAS,YAAAC,iBAAgB;AACzB,SAAS,YAAAC,kBAAgB;;;ACJzB,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,WAAS;AAGX,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO;AAAA,MACf,OAAOA,IAAE,OAAO,EAAE,MAAM;AAAA,MACxB,UAAUA,IAAE,OAAO;AAAA,MACnB,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,SAAS;AACnD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,OAAO,UAAU,MAAM,IAAI,IAAI;AAC7C,UAAM,oBACL,IAAI,QAAQ,SAAS,kBAAkB,qBAAqB;AAC7D,QAAI,SAAS,SAAS,mBAAmB;AACxC,UAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM,EAAE,SAAS,wBAAwB;AAAA,MAC1C,CAAC;AAAA,IACF;AACA,UAAM,WAAW,IAAIC,UAAS;AAC9B,UAAM,SAAS,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AAItE,UAAM,OAAO,MAAM,SAAS,KAAK,QAAQ;AACzC,QAAI,QAAQ,MAAM;AACjB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WAAW;AAAA,MAChE,IAAIC,sBAAqB,IAAIC,UAAS,OAAO,OAAO,KAAK,CAAC;AAAA,MAC1D,OAAO,MAAM,YAAY;AAAA,MACzB;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACrB,CAAC;AAID,UAAM,IAAI,QAAQ,gBAAgB,YAAY;AAAA,MAC7C,IAAID,sBAAqB,IAAIC,UAAS,OAAO,OAAO,KAAK,CAAC;AAAA,MAC1D,QAAQ,YAAY;AAAA,MACpB,YAAY;AAAA,MACZ,WAAW,YAAY;AAAA,MACvB,UAAU;AAAA,IACX,CAAC;AACD,UAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACjD,YAAY;AAAA,MACZ,IAAI;AAAA,IACL;AACA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,QAAQ;AAAA,MACR,IAAI,QAAQ;AAAA,MACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,IACtC;AACA,WAAO,IAAI;AAAA,MACV;AAAA,QACC,MAAM;AAAA,QACN;AAAA,MACD;AAAA,MACA;AAAA,QACC,MAAM,IAAI,KAAK,cACZ;AAAA,UACA,KAAK,IAAI,KAAK;AAAA,UACd,UAAU;AAAA,QACX,IACC;AAAA,UACA,MAAM;AAAA,UACN;AAAA,QACD;AAAA,MACH;AAAA,IACD;AAAA,EACD;AACD;;;ADzFO,IAAM,WAAW,MAAM;AAC7B,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,gBAAgB;AAAA,QACf;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMC,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,OAAO;AAAA,YACnB,UAAUA,IAAE,OAAO;AAAA,YACnB,gBAAgBA,IAAE,QAAQ,EAAE,SAAS;AAAA,YACrC,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAAc;AAAA,YACpD,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,IAAI,KAAK;AAAA,cACjB;AAAA,YACD;AAAA,UACD,CAAC;AACD,gBAAM,WAAW,IAAIC,UAAS;AAC9B,cAAI,CAAC,MAAM;AACV,kBAAM,SAAS,KAAK,IAAI,KAAK,QAAQ;AACrC,gBAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,SAAS,CAAC;AACvD,kBAAM,IAAIC,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,MAAM,IAAI,QAAQ,QAAQ,QAAiB;AAAA,YAC1D,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,cACA;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO;AAAA,cACR;AAAA,YACD;AAAA,UACD,CAAC;AACD,cAAI,CAAC,SAAS;AACb,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,kBAAkB,SAAS;AACjC,cAAI,CAAC,iBAAiB;AACrB,gBAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,SAAS,CAAC;AAC3D,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,gBAAgB,MAAM,SAAS;AAAA,YACpC;AAAA,YACA,IAAI,KAAK;AAAA,UACV;AACA,cAAI,CAAC,eAAe;AACnB,gBAAI,QAAQ,OAAO,MAAM,kBAAkB;AAC3C,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,YACjD,KAAK;AAAA,YACL,IAAI;AAAA,UACL;AACA,gBAAM,IAAI;AAAA,YACT,IAAI,QAAQ,YAAY,aAAa;AAAA,YACrC,QAAQ;AAAA,YACR,IAAI,QAAQ;AAAA,YACZ,IAAI,KAAK,iBACN;AAAA,cACA,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,cACxC,QAAQ;AAAA,YACT,IACC,IAAI,QAAQ,YAAY,aAAa;AAAA,UACzC;AACA,iBAAO,IAAI,KAAK;AAAA,YACf;AAAA,YACA;AAAA,YACA,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,YACrB,KAAK,IAAI,KAAK;AAAA,UACf,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,gBAAgB;AAAA,QACf;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMF,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,YAClC,MAAMA,IAAE,OAAO;AAAA,YACf,OAAOA,IAAE,OAAO,EAAE,MAAM;AAAA,YACxB,UAAUA,IAAE,OAAO;AAAA,YACnB,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,YAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,MAAM,MAAM,YAAY;AAAA,YAC7B,GAAG;AAAA;AAAA,YAEH,OAAO;AAAA,UACR,CAAC;AACD,cAAI,CAAC,KAAK;AACT,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,gBACT,QAAQ;AAAA,cACT;AAAA,YACD,CAAC;AAAA,UACF;AACA,gBAAM,IAAI,QAAQ,gBAAgB,kBAAkB,IAAI,KAAK,OAAO;AAAA,YACnE,UAAU,IAAI,KAAK;AAAA,UACpB,CAAC;AACD,cAAI,IAAI,KAAK,aAAa;AACzB,mBAAO,IAAI,KAAK,KAAK;AAAA,cACpB,MAAM;AAAA,gBACL,KAAK,IAAI,KAAK;AAAA,gBACd,UAAU;AAAA,gBACV,GAAG;AAAA,cACJ;AAAA,YACD,CAAC;AAAA,UACF;AACA,iBAAO,IAAI,KAAK,GAAG;AAAA,QACpB;AAAA,MACD;AAAA,IACD;AAAA,IAEA,QAAQ;AAAA,MACP,MAAM;AAAA,QACL,QAAQ;AAAA,UACP,UAAU;AAAA,YACT,MAAM;AAAA,YACN,UAAU;AAAA,YACV,QAAQ;AAAA,YACR,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AE7JA,SAAS,uBAAuB;AAQzB,IAAM,SAAS,MAAM;AAC3B,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,OAAO;AAAA,MACN,QAAQ;AAAA,QACP;AAAA,UACC,QAAQ,SAAS;AAChB,mBACC,QAAQ,SAAS,QACf,IAAI,eAAe,GAClB,WAAW,SAAS,KAAK;AAAA,UAE9B;AAAA,UACA,SAAS,OAAO,QAAQ;AACvB,kBAAM,QAAQ,IAAI,SAAS,QACzB,IAAI,eAAe,GAClB,QAAQ,WAAW,EAAE;AACxB,gBAAI,CAAC,OAAO;AACX,oBAAM,IAAI,gBAAgB,gBAAgB;AAAA,YAC3C;AACA,kBAAM,UAAU,IAAI,WAAW,IAAI,QAAQ;AAC3C,kBAAM,cAAc,MAAM;AAAA,cACzB;AAAA,cACA;AAAA,cACA,IAAI,QAAQ;AAAA,YACb;AACA,oBAAQ;AAAA,cACP;AAAA,cACA,GACC,IAAI,QAAQ,YAAY,aAAa,IACtC,IAAI,YAAY,QAAQ,KAAK,EAAE,CAAC;AAAA,YACjC;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;","names":["APIError","z","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","error","parseJWT","parseJWT","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","APIError","z","z","z","APIError","z","z","Argon2id","z","z","Argon2id","TimeSpan","createJWT","validateJWT","z","z","createJWT","TimeSpan","validateJWT","organization","role","APIError","APIError","z","z","z","role","organization","z","z","role","z","z","organization","role","z","APIError","role","alphabet","generateRandomString","alphabet","generateRandomString","z","APIError","APIError","generateRandomString","alphabet","z","APIError","z","APIError","z","APIError","TimeSpan","z","TimeSpan","APIError","z","generateRandomString","alphabet","APIError","alphabet","generateRandomString","z","generateRandomString","alphabet","options","passkey","z","APIError","z","Argon2id","APIError","alphabet","generateRandomString","Argon2id","z","z","Argon2id","generateRandomString","alphabet","z","Argon2id","APIError"]}
|
|
1
|
+
{"version":3,"sources":["../src/plugins/organization/organization.ts","../src/api/call.ts","../src/api/routes/sign-in.ts","../src/social-providers/apple.ts","../src/error/better-auth-error.ts","../src/utils/base-url.ts","../src/social-providers/utils.ts","../src/social-providers/discord.ts","../src/social-providers/facebook.ts","../src/social-providers/github.ts","../src/social-providers/google.ts","../src/social-providers/spotify.ts","../src/social-providers/twitch.ts","../src/social-providers/twitter.ts","../src/types/provider.ts","../src/social-providers/index.ts","../src/utils/state.ts","../src/api/routes/session.ts","../src/api/routes/callback.ts","../src/adapters/schema.ts","../src/client/client-utils.ts","../src/utils/id.ts","../src/api/routes/sign-out.ts","../src/api/routes/forget-password.ts","../src/api/routes/verify-email.ts","../src/utils/shim.ts","../src/plugins/organization/access/index.ts","../src/plugins/organization/access/src/access.ts","../src/plugins/organization/access/statement.ts","../src/plugins/organization/access/utils.ts","../src/utils/date.ts","../src/plugins/organization/adapter.ts","../src/plugins/organization/call.ts","../src/api/middlewares/session.ts","../src/plugins/organization/routes/crud-invites.ts","../src/plugins/organization/schema.ts","../src/plugins/organization/routes/crud-members.ts","../src/plugins/organization/routes/crud-org.ts","../src/plugins/two-factor/index.ts","../src/crypto/index.ts","../src/plugins/two-factor/backup-codes/index.ts","../src/plugins/two-factor/verify-middleware.ts","../src/plugins/two-factor/constant.ts","../src/plugins/two-factor/otp/index.ts","../src/plugins/two-factor/totp/index.ts","../src/client/create-client-plugin.ts","../src/plugins/two-factor/client.ts","../src/plugins/passkey/index.ts","../src/plugins/passkey/client.ts","../src/plugins/username/index.ts","../src/api/routes/sign-up.ts","../src/plugins/bearer/index.ts"],"sourcesContent":["import { APIError } from \"better-call\";\nimport {\n\ttype ZodArray,\n\ttype ZodLiteral,\n\ttype ZodObject,\n\ttype ZodOptional,\n\tz,\n} from \"zod\";\nimport type { User } from \"../../adapters/schema\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport { getSessionFromCtx } from \"../../api/routes\";\nimport type { AuthContext } from \"../../init\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { shimContext } from \"../../utils/shim\";\nimport {\n\ttype AccessControl,\n\ttype Role,\n\tdefaultRoles,\n\ttype defaultStatements,\n} from \"./access\";\nimport { getOrgAdapter } from \"./adapter\";\nimport { orgSessionMiddleware } from \"./call\";\nimport {\n\tacceptInvitation,\n\tcancelInvitation,\n\tcreateInvitation,\n\tgetActiveInvitation,\n\trejectInvitation,\n} from \"./routes/crud-invites\";\nimport { removeMember, updateMember } from \"./routes/crud-members\";\nimport {\n\tcreateOrganization,\n\tgetFullOrganization,\n\tlistOrganization,\n\tsetActiveOrganization,\n\tupdateOrganization,\n} from \"./routes/crud-org\";\nimport type { Invitation } from \"./schema\";\n\nexport interface OrganizationOptions {\n\t/**\n\t * Configure whether new users are able to create new organizations.\n\t * You can also pass a function that returns a boolean.\n\t *\n\t * \t@example\n\t * ```ts\n\t * allowUserToCreateOrganization: async (user) => {\n\t * \t\tconst plan = await getUserPlan(user);\n\t * return plan.name === \"pro\";\n\t * }\n\t * ```\n\t * @default true\n\t */\n\tallowUserToCreateOrganization?:\n\t\t| boolean\n\t\t| ((user: User) => Promise<boolean> | boolean);\n\t/**\n\t *\n\t */\n\torganizationLimit?: number;\n\t/**\n\t * The role that is assigned to the creator of the organization.\n\t *\n\t * @default \"admin\"\n\t */\n\tcreatorRole?: \"admin\" | \"owner\";\n\t/**\n\t * The number of memberships a user can have in an organization.\n\t *\n\t * @default \"unlimited\"\n\t */\n\tmembershipLimit?: number;\n\t/**\n\t * Configure the roles and permissions for the organization plugin.\n\t *\n\t */\n\tac?: AccessControl;\n\t/**\n\t *\n\t */\n\troles?: {\n\t\t[key in \"admin\" | \"member\" | \"owner\"]?: Role<any>;\n\t};\n\t/**\n\t * The expiration time for the invitation link.\n\t *\n\t * @default 48 hours\n\t */\n\tinvitationExpiresIn?: number;\n\t/**\n\t * @param invitation the invitation object\n\t * @param email the email of the user to be invited\n\t *\n\t * Make sure to construct the invitation link using the invitation id.\n\t * @example\n\t * ```ts\n\t * const invitationLink = `${ctx.origin}/organization/accept-invitation?invitationId=$\n\t * {invitation.id}`\n\t *\n\t * ```\n\t */\n\tsendInvitationEmail?: (\n\t\tinvitation: Invitation,\n\t\temail: string,\n\t) => Promise<void>;\n}\n\nexport const organization = <O extends OrganizationOptions>(options?: O) => {\n\tconst endpoints = {\n\t\tcreateOrganization,\n\t\tupdateOrganization,\n\t\tsetActiveOrganization,\n\t\tgetFullOrganization,\n\t\tlistOrganization,\n\t\tcreateInvitation,\n\t\tcancelInvitation,\n\t\tacceptInvitation,\n\t\tgetActiveInvitation,\n\t\trejectInvitation,\n\t\tremoveMember,\n\t\tupdateMember,\n\t};\n\n\tconst roles = {\n\t\t...defaultRoles,\n\t\t...options?.roles,\n\t};\n\n\tconst api = shimContext(endpoints, {\n\t\torgOptions: options || {},\n\t\troles,\n\t\tgetSession: async (context: AuthContext) => {\n\t\t\t//@ts-expect-error\n\t\t\treturn await getSessionFromCtx(context);\n\t\t},\n\t});\n\n\ttype DefaultStatements = typeof defaultStatements;\n\ttype Statements = O[\"ac\"] extends AccessControl<infer S>\n\t\t? S extends Record<string, any>\n\t\t\t? S & DefaultStatements\n\t\t\t: DefaultStatements\n\t\t: DefaultStatements;\n\treturn {\n\t\tid: \"organization\",\n\t\tendpoints: {\n\t\t\t...api,\n\t\t\thasPermission: createAuthEndpoint(\n\t\t\t\t\"/organization/has-permission\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\trequireHeaders: true,\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tpermission: z.record(z.string(), z.array(z.string())),\n\t\t\t\t\t}) as unknown as ZodObject<{\n\t\t\t\t\t\tpermission: ZodObject<{\n\t\t\t\t\t\t\t[key in keyof Statements]: ZodOptional<\n\t\t\t\t\t\t\t\t//@ts-expect-error TODO: fix this\n\t\t\t\t\t\t\t\tZodArray<ZodLiteral<Statements[key][number]>>\n\t\t\t\t\t\t\t>;\n\t\t\t\t\t\t}>;\n\t\t\t\t\t}>,\n\t\t\t\t\tuse: [orgSessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tif (!ctx.context.session.session.activeOrganizationId) {\n\t\t\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\t\t\tmessage: \"No active organization\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst adapter = getOrgAdapter(ctx.context.adapter);\n\t\t\t\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\t\t\t\tuserId: ctx.context.session.user.id,\n\t\t\t\t\t\torganizationId:\n\t\t\t\t\t\t\tctx.context.session.session.activeOrganizationId || \"\",\n\t\t\t\t\t});\n\t\t\t\t\tif (!member) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"You are not a member of this organization\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst role = roles[member.role];\n\t\t\t\t\tconst result = role.authorize(ctx.body.permission as any);\n\t\t\t\t\tif (result.error) {\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\terror: result.error,\n\t\t\t\t\t\t\t\tsuccess: false,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 403,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\terror: null,\n\t\t\t\t\t\tsuccess: true,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\tschema: {\n\t\t\tsession: {\n\t\t\t\tfields: {\n\t\t\t\t\tactiveOrganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\torganization: {\n\t\t\t\tfields: {\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tslug: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tmember: {\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tname: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdefaultValue: \"member\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tinvitation: {\n\t\t\t\tfields: {\n\t\t\t\t\torganizationId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\temail: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\trole: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\tstatus: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t\tdefaultValue: \"pending\",\n\t\t\t\t\t},\n\t\t\t\t\texpiresAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\trequired: true,\n\t\t\t\t\t},\n\t\t\t\t\tinviterId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n","import {\n\ttype Endpoint,\n\ttype EndpointResponse,\n\tcreateEndpointCreator,\n\tcreateMiddleware,\n\tcreateMiddlewareCreator,\n} from \"better-call\";\nimport type { AuthContext } from \"../init\";\nimport type { BetterAuthOptions } from \"../types/options\";\n\nexport const optionsMiddleware = createMiddleware(async () => {\n\t/**\n\t * This will be passed on the instance of\n\t * the context. Used to infer the type\n\t * here.\n\t */\n\treturn {} as AuthContext;\n});\n\nexport const createAuthMiddleware = createMiddlewareCreator({\n\tuse: [optionsMiddleware],\n});\n\nexport const createAuthEndpoint = createEndpointCreator({\n\tuse: [optionsMiddleware],\n});\n\nexport type AuthEndpoint = Endpoint<\n\t(ctx: {\n\t\toptions: BetterAuthOptions;\n\t\tbody: any;\n\t\tquery: any;\n\t\theaders: Headers;\n\t}) => Promise<EndpointResponse>\n>;\n\nexport type AuthMiddleware = ReturnType<typeof createAuthMiddleware>;\n","import { APIError } from \"better-call\";\nimport { generateCodeVerifier } from \"oslo/oauth2\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { oAuthProviderList } from \"../../social-providers\";\nimport { generateState } from \"../../utils/state\";\nimport { createAuthEndpoint } from \"../call\";\nimport { getSessionFromCtx } from \"./session\";\n\nexport const signInOAuth = createAuthEndpoint(\n\t\"/sign-in/social\",\n\t{\n\t\tmethod: \"POST\",\n\t\trequireHeaders: true,\n\t\tquery: z\n\t\t\t.object({\n\t\t\t\t/**\n\t\t\t\t * Redirect to the current URL after the\n\t\t\t\t * user has signed in.\n\t\t\t\t */\n\t\t\t\tcurrentURL: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * Callback URL to redirect to after the user has signed in.\n\t\t\t */\n\t\t\tcallbackURL: z.string().optional(),\n\t\t\t/**\n\t\t\t * OAuth2 provider to use`\n\t\t\t */\n\t\t\tprovider: z.enum(oAuthProviderList),\n\t\t}),\n\t},\n\tasync (c) => {\n\t\tconst provider = c.context.options.socialProvider?.find(\n\t\t\t(p) => p.id === c.body.provider,\n\t\t);\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Provider not found. Make sure to add the provider to your auth config\",\n\t\t\t\t{\n\t\t\t\t\tprovider: c.body.provider,\n\t\t\t\t},\n\t\t\t);\n\t\t\tthrow new APIError(\"NOT_FOUND\");\n\t\t}\n\t\tconst cookie = c.context.authCookies;\n\t\tconst currentURL = c.query?.currentURL\n\t\t\t? new URL(c.query?.currentURL)\n\t\t\t: null;\n\t\tconst state = generateState(\n\t\t\tc.body.callbackURL || currentURL?.origin || c.context.baseURL,\n\t\t\tc.query?.currentURL,\n\t\t);\n\t\ttry {\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tcookie.state.name,\n\t\t\t\tstate.code,\n\t\t\t\tc.context.secret,\n\t\t\t\tcookie.state.options,\n\t\t\t);\n\t\t\tconst codeVerifier = generateCodeVerifier();\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tcookie.pkCodeVerifier.name,\n\t\t\t\tcodeVerifier,\n\t\t\t\tc.context.secret,\n\t\t\t\tcookie.pkCodeVerifier.options,\n\t\t\t);\n\t\t\tconst url = provider.createAuthorizationURL({\n\t\t\t\tstate: state.state,\n\t\t\t\tcodeVerifier,\n\t\t\t});\n\t\t\treturn {\n\t\t\t\turl: url.toString(),\n\t\t\t\tstate: state.state,\n\t\t\t\tcodeVerifier,\n\t\t\t\tredirect: true,\n\t\t\t};\n\t\t} catch (e) {\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\");\n\t\t}\n\t},\n);\n\nexport const signInEmail = createAuthEndpoint(\n\t\"/sign-in/email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\temail: z.string().email(),\n\t\t\tpassword: z.string(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t\t/**\n\t\t\t * If this is true the session will only be valid for the current browser session\n\t\t\t * @default false\n\t\t\t */\n\t\t\tdontRememberMe: z.boolean().default(false).optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options?.emailAndPassword?.enabled) {\n\t\t\tctx.context.logger.error(\"Email and password is not enabled\");\n\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t});\n\t\t}\n\t\tconst currentSession = await getSessionFromCtx(ctx);\n\t\tif (currentSession) {\n\t\t\treturn ctx.json({\n\t\t\t\tuser: currentSession.user,\n\t\t\t\tsession: currentSession.session,\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t});\n\t\t}\n\t\tconst { email, password } = ctx.body;\n\t\tconst argon2id = new Argon2id();\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\tif (!user) {\n\t\t\tawait argon2id.hash(password);\n\t\t\tctx.context.logger.error(\"User not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst credentialAccount = user.accounts.find(\n\t\t\t(a) => a.providerId === \"credential\",\n\t\t);\n\t\tif (!credentialAccount) {\n\t\t\tctx.context.logger.error(\"Credential account not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst currentPassword = credentialAccount?.password;\n\t\tif (!currentPassword) {\n\t\t\tctx.context.logger.error(\"Password not found\", { email });\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Unexpected error\",\n\t\t\t});\n\t\t}\n\t\tconst validPassword = await argon2id.verify(currentPassword, password);\n\t\tif (!validPassword) {\n\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t});\n\t\t}\n\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\tuser.user.id,\n\t\t\tctx.request,\n\t\t);\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tsession.id,\n\t\t\tctx.context.secret,\n\t\t\tctx.body.dontRememberMe\n\t\t\t\t? {\n\t\t\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\tmaxAge: undefined,\n\t\t\t\t\t}\n\t\t\t\t: ctx.context.authCookies.sessionToken.options,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tuser: user.user,\n\t\t\tsession,\n\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\turl: ctx.body.callbackURL,\n\t\t});\n\t},\n);\n","import { OAuth2Tokens } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { parseJWT } from \"oslo/jwt\";\nimport { betterFetch } from \"@better-fetch/fetch\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\nimport { getRedirectURI } from \"./utils\";\nexport interface AppleProfile {\n\t/**\n\t * The subject registered claim identifies the principal that’s the subject\n\t * of the identity token. Because this token is for your app, the value is\n\t * the unique identifier for the user.\n\t */\n\tsub: string;\n\t/**\n\t * A String value representing the user's email address.\n\t * The email address is either the user's real email address or the proxy\n\t * address, depending on their status private email relay service.\n\t */\n\temail: string;\n\t/**\n\t * A string or Boolean value that indicates whether the service verifies\n\t * the email. The value can either be a string (\"true\" or \"false\") or a\n\t * Boolean (true or false). The system may not verify email addresses for\n\t * Sign in with Apple at Work & School users, and this claim is \"false\" or\n\t * false for those users.\n\t */\n\temail_verified: true | \"true\";\n\t/**\n\t * A string or Boolean value that indicates whether the email that the user\n\t * shares is the proxy address. The value can either be a string (\"true\" or\n\t * \"false\") or a Boolean (true or false).\n\t */\n\tis_private_email: boolean;\n\t/**\n\t * An Integer value that indicates whether the user appears to be a real\n\t * person. Use the value of this claim to mitigate fraud. The possible\n\t * values are: 0 (or Unsupported), 1 (or Unknown), 2 (or LikelyReal). For\n\t * more information, see ASUserDetectionStatus. This claim is present only\n\t * in iOS 14 and later, macOS 11 and later, watchOS 7 and later, tvOS 14\n\t * and later. The claim isn’t present or supported for web-based apps.\n\t */\n\treal_user_status: number;\n\t/**\n\t * The user’s full name in the format provided during the authorization\n\t * process.\n\t */\n\tname: string;\n}\n\nexport interface AppleOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const apple = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: AppleOptions) => {\n\tconst tokenEndpoint = \"https://appleid.apple.com/auth/token\";\n\tredirectURI = getRedirectURI(\"apple\", redirectURI);\n\treturn {\n\t\tid: \"apple\",\n\t\tname: \"Apple\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scope = scopes || [\"email\", \"name\", \"openid\"];\n\t\t\treturn new URL(\n\t\t\t\t`https://appleid.apple.com/auth/authorize?client_id=${clientId}&response_type=code&redirect_uri=${redirectURI}&scope=${_scope.join(\n\t\t\t\t\t\" \",\n\t\t\t\t)}&state=${state}`,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code) => {\n\t\t\tconst data = await betterFetch<OAuth2Tokens>(tokenEndpoint, {\n\t\t\t\tmethod: \"POST\",\n\t\t\t\tbody: new URLSearchParams({\n\t\t\t\t\tclient_id: clientId,\n\t\t\t\t\tclient_secret: clientSecret,\n\t\t\t\t\tgrant_type: \"authorization_code\",\n\t\t\t\t\tcode,\n\t\t\t\t}),\n\t\t\t\theaders: {\n\t\t\t\t\t\"Content-Type\": \"application/x-www-form-urlencoded\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (data.error) {\n\t\t\t\tthrow new BetterAuthError(data.error?.message || \"\");\n\t\t\t}\n\t\t\treturn data.data;\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tconst data = parseJWT(token.idToken())?.payload as AppleProfile | null;\n\t\t\tif (!data) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: data.sub,\n\t\t\t\t\tname: data.name,\n\t\t\t\t\temail: data.email,\n\t\t\t\t\temailVerified: data.email_verified === \"true\",\n\t\t\t\t},\n\t\t\t\tdata,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<AppleProfile>;\n};\n","export class BetterAuthError extends Error {\n\tconstructor(message: string) {\n\t\tsuper(message);\n\t}\n}\n","import { BetterAuthError } from \"../error/better-auth-error\";\n\nfunction checkHasPath(url: string): boolean {\n\ttry {\n\t\tconst parsedUrl = new URL(url);\n\t\treturn parsedUrl.pathname !== \"/\";\n\t} catch (error) {\n\t\tconsole.error(\"Invalid URL:\", error);\n\t\treturn false;\n\t}\n}\n\nfunction withPath(url: string, path = \"/api/auth\") {\n\tconst hasPath = checkHasPath(url);\n\tif (hasPath) {\n\t\treturn {\n\t\t\tbaseURL: new URL(url).origin,\n\t\t\twithPath: url,\n\t\t};\n\t}\n\tpath = path.startsWith(\"/\") ? path : `/${path}`;\n\treturn {\n\t\tbaseURL: url,\n\t\twithPath: `${url}${path}`,\n\t};\n}\n\nexport function getBaseURL(url?: string, path?: string) {\n\tif (url) {\n\t\treturn withPath(url, path);\n\t}\n\tconst env: any = typeof process !== \"undefined\" ? process.env : {};\n\tconst fromEnv =\n\t\tenv.BETTER_AUTH_URL ||\n\t\tenv.AUTH_URL ||\n\t\tenv.NEXT_PUBLIC_AUTH_URL ||\n\t\tenv.NEXT_PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.PUBLIC_AUTH_URL ||\n\t\tenv.PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.NUXT_PUBLIC_BETTER_AUTH_URL ||\n\t\tenv.NUXT_PUBLIC_AUTH_URL;\n\tif (fromEnv) {\n\t\treturn withPath(fromEnv, path);\n\t}\n\n\tconst isDev =\n\t\t!fromEnv && (env.NODE_ENV === \"development\" || env.NODE_ENV === \"test\");\n\tif (isDev) {\n\t\treturn {\n\t\t\tbaseURL: \"http://localhost:3000\",\n\t\t\twithPath: \"http://localhost:3000/api/auth\",\n\t\t};\n\t}\n\tthrow new BetterAuthError(\n\t\t\"Could not infer baseURL from environment variables\",\n\t);\n}\n","import { getBaseURL } from \"../utils/base-url\";\n\nexport function getRedirectURI(providerId: string, redirectURI?: string) {\n\treturn redirectURI || `${getBaseURL()}/api/auth/callback/${providerId}`;\n}\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Discord } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface DiscordProfile extends Record<string, any> {\n\t/** the user's id (i.e. the numerical snowflake) */\n\tid: string;\n\t/** the user's username, not unique across the platform */\n\tusername: string;\n\t/** the user's Discord-tag */\n\tdiscriminator: string;\n\t/** the user's display name, if it is set */\n\tglobal_name: string | null;\n\t/**\n\t * the user's avatar hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tavatar: string | null;\n\t/** whether the user belongs to an OAuth2 application */\n\tbot?: boolean;\n\t/**\n\t * whether the user is an Official Discord System user (part of the urgent\n\t * message system)\n\t */\n\tsystem?: boolean;\n\t/** whether the user has two factor enabled on their account */\n\tmfa_enabled: boolean;\n\t/**\n\t * the user's banner hash:\n\t * https://discord.com/developers/docs/reference#image-formatting\n\t */\n\tbanner: string | null;\n\n\t/** the user's banner color encoded as an integer representation of hexadecimal color code */\n\taccent_color: number | null;\n\n\t/**\n\t * the user's chosen language option:\n\t * https://discord.com/developers/docs/reference#locales\n\t */\n\tlocale: string;\n\t/** whether the email on this account has been verified */\n\tverified: boolean;\n\t/** the user's email */\n\temail: string;\n\t/**\n\t * the flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tflags: number;\n\t/**\n\t * the type of Nitro subscription on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-premium-types\n\t */\n\tpremium_type: number;\n\t/**\n\t * the public flags on a user's account:\n\t * https://discord.com/developers/docs/resources/user#user-object-user-flags\n\t */\n\tpublic_flags: number;\n\t/** undocumented field; corresponds to the user's custom nickname */\n\tdisplay_name: string | null;\n\t/**\n\t * undocumented field; corresponds to the Discord feature where you can e.g.\n\t * put your avatar inside of an ice cube\n\t */\n\tavatar_decoration: string | null;\n\t/**\n\t * undocumented field; corresponds to the premium feature where you can\n\t * select a custom banner color\n\t */\n\tbanner_color: string | null;\n\t/** undocumented field; the CDN URL of their profile picture */\n\timage_url: string;\n}\n\nexport interface DiscordOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const discord = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: DiscordOptions) => {\n\tconst discordArctic = new Discord(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"discord\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"discord\",\n\t\tname: \"Discord\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scope = scopes || [\"email\"];\n\t\t\treturn discordArctic.createAuthorizationURL(state, _scope);\n\t\t},\n\t\tvalidateAuthorizationCode: discordArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<DiscordProfile>(\n\t\t\t\t\"https://discord.com/api/users/@me\",\n\t\t\t\t{\n\t\t\t\t\tauth: {\n\t\t\t\t\t\ttype: \"Bearer\",\n\t\t\t\t\t\ttoken: token.accessToken,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name || profile.username || \"\",\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.verified,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<DiscordProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Facebook } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface FacebookProfile {\n\tid: string;\n\tname: string;\n\temail: string;\n\temail_verified: boolean;\n\tpicture: {\n\t\tdata: {\n\t\t\theight: number;\n\t\t\tis_silhouette: boolean;\n\t\t\turl: string;\n\t\t\twidth: number;\n\t\t};\n\t};\n}\nexport interface FacebookOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\nexport const facebook = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: FacebookOptions) => {\n\tconst facebookArctic = new Facebook(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"facebook\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"facebook\",\n\t\tname: \"Facebook\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"email\", \"public_profile\"];\n\t\t\treturn facebookArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: facebookArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<FacebookProfile>(\n\t\t\t\t\"https://graph.facebook.com/me\",\n\t\t\t\t{\n\t\t\t\t\tauth: {\n\t\t\t\t\t\ttype: \"Bearer\",\n\t\t\t\t\t\ttoken: token.accessToken,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\temailVerified: profile.email_verified,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<FacebookProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { GitHub } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface GithubProfile {\n\tlogin: string;\n\tid: string;\n\tnode_id: string;\n\tavatar_url: string;\n\tgravatar_id: string;\n\turl: string;\n\thtml_url: string;\n\tfollowers_url: string;\n\tfollowing_url: string;\n\tgists_url: string;\n\tstarred_url: string;\n\tsubscriptions_url: string;\n\torganizations_url: string;\n\trepos_url: string;\n\tevents_url: string;\n\treceived_events_url: string;\n\ttype: string;\n\tsite_admin: boolean;\n\tname: string;\n\tcompany: string;\n\tblog: string;\n\tlocation: string;\n\temail: string;\n\thireable: boolean;\n\tbio: string;\n\ttwitter_username: string;\n\tpublic_repos: string;\n\tpublic_gists: string;\n\tfollowers: string;\n\tfollowing: string;\n\tcreated_at: string;\n\tupdated_at: string;\n\tprivate_gists: string;\n\ttotal_private_repos: string;\n\towned_private_repos: string;\n\tdisk_usage: string;\n\tcollaborators: string;\n\ttwo_factor_authentication: boolean;\n\tplan: {\n\t\tname: string;\n\t\tspace: string;\n\t\tprivate_repos: string;\n\t\tcollaborators: string;\n\t};\n\tfirst_name: string;\n\tlast_name: string;\n}\n\nexport interface GithubOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\nexport const github = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: GithubOptions) => {\n\tconst githubArctic = new GitHub(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"github\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"github\",\n\t\tname: \"Github\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"user:email\"];\n\t\t\treturn githubArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: githubArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<GithubProfile>(\n\t\t\t\t\"https://api.github.com/user\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tlet emailVerified = false;\n\t\t\tif (!profile.email) {\n\t\t\t\tconst { data, error } = await betterFetch<\n\t\t\t\t\t{\n\t\t\t\t\t\temail: string;\n\t\t\t\t\t\tprimary: boolean;\n\t\t\t\t\t\tverified: boolean;\n\t\t\t\t\t\tvisibility: \"public\" | \"private\";\n\t\t\t\t\t}[]\n\t\t\t\t>(\"https://api.github.com/user/emails\", {\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t\t\"User-Agent\": \"better-auth\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t\tif (!error) {\n\t\t\t\t\tprofile.email = (data.find((e) => e.primary) ?? data[0])\n\t\t\t\t\t\t?.email as string;\n\t\t\t\t\temailVerified =\n\t\t\t\t\t\tdata.find((e) => e.email === profile.email)?.verified ?? false;\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.avatar_url,\n\t\t\t\t\temailVerified,\n\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\tupdatedAt: new Date(),\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<GithubProfile>;\n};\n","import { Google } from \"arctic\";\nimport { parseJWT } from \"oslo/jwt\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\n\nexport interface GoogleProfile {\n\taud: string;\n\tazp: string;\n\temail: string;\n\temail_verified: boolean;\n\texp: number;\n\t/**\n\t * The family name of the user, or last name in most\n\t * Western languages.\n\t */\n\tfamily_name: string;\n\t/**\n\t * The given name of the user, or first name in most\n\t * Western languages.\n\t */\n\tgiven_name: string;\n\thd?: string;\n\tiat: number;\n\tiss: string;\n\tjti?: string;\n\tlocale?: string;\n\tname: string;\n\tnbf?: number;\n\tpicture: string;\n\tsub: string;\n}\n\nexport interface GoogleOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const google = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: GoogleOptions) => {\n\tconst googleArctic = new Google(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"google\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"google\",\n\t\tname: \"Google\",\n\t\tcreateAuthorizationURL({ state, scopes, codeVerifier }) {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Google\");\n\t\t\t}\n\t\t\tconst _scopes = scopes || [\"email\", \"profile\"];\n\t\t\treturn googleArctic.createAuthorizationURL(state, codeVerifier, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code, codeVerifier) => {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Google\");\n\t\t\t}\n\t\t\treturn googleArctic.validateAuthorizationCode(code, codeVerifier);\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tif (!token.idToken) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst user = parseJWT(token.idToken())?.payload as GoogleProfile;\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: user.sub,\n\t\t\t\t\tname: user.name,\n\t\t\t\t\temail: user.email,\n\t\t\t\t\timage: user.picture,\n\t\t\t\t\temailVerified: user.email_verified,\n\t\t\t\t},\n\t\t\t\tdata: user,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<GoogleProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Spotify } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface SpotifyProfile {\n\tid: string;\n\tdisplay_name: string;\n\temail: string;\n\timages: {\n\t\turl: string;\n\t}[];\n}\n\nexport interface SpotifyOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const spotify = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: SpotifyOptions) => {\n\tconst spotifyArctic = new Spotify(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"spotify\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"spotify\",\n\t\tname: \"Spotify\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"user-read-email\"];\n\t\t\treturn spotifyArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: spotifyArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<SpotifyProfile>(\n\t\t\t\t\"https://api.spotify.com/v1/me\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.id,\n\t\t\t\t\tname: profile.display_name,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.images[0]?.url,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<SpotifyProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Twitch } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\n\nexport interface TwitchProfile {\n\t/**\n\t * The sub of the user\n\t */\n\tsub: string;\n\t/**\n\t * The preferred username of the user\n\t */\n\tpreferred_username: string;\n\t/**\n\t * The email of the user\n\t */\n\temail: string;\n\t/**\n\t * The picture of the user\n\t */\n\tpicture: string;\n}\n\nexport interface TwitchOptions {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const twitch = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: TwitchOptions) => {\n\tconst twitchArctic = new Twitch(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"twitch\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"twitch\",\n\t\tname: \"Twitch\",\n\t\tcreateAuthorizationURL({ state, scopes }) {\n\t\t\tconst _scopes = scopes || [\"activity:write\", \"read\"];\n\t\t\treturn twitchArctic.createAuthorizationURL(state, _scopes);\n\t\t},\n\t\tvalidateAuthorizationCode: twitchArctic.validateAuthorizationCode,\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<TwitchProfile>(\n\t\t\t\t\"https://api.twitch.tv/helix/users\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.sub,\n\t\t\t\t\tname: profile.preferred_username,\n\t\t\t\t\temail: profile.email,\n\t\t\t\t\timage: profile.picture,\n\t\t\t\t\temailVerified: false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<TwitchProfile>;\n};\n","import { betterFetch } from \"@better-fetch/fetch\";\nimport { Twitter } from \"arctic\";\nimport type { OAuthProvider } from \".\";\nimport { getRedirectURI } from \"./utils\";\nimport { BetterAuthError } from \"../error/better-auth-error\";\n\nexport interface TwitterProfile {\n\tdata: {\n\t\t/**\n\t\t * Unique identifier of this user. This is returned as a string in order to avoid complications with languages and tools\n\t\t * that cannot handle large integers.\n\t\t */\n\t\tid: string;\n\t\t/** The friendly name of this user, as shown on their profile. */\n\t\tname: string;\n\t\t/** @note Email is currently unsupported by Twitter. */\n\t\temail?: string;\n\t\t/** The Twitter handle (screen name) of this user. */\n\t\tusername: string;\n\t\t/**\n\t\t * The location specified in the user's profile, if the user provided one.\n\t\t * As this is a freeform value, it may not indicate a valid location, but it may be fuzzily evaluated when performing searches with location queries.\n\t\t *\n\t\t * To return this field, add `user.fields=location` in the authorization request's query parameter.\n\t\t */\n\t\tlocation?: string;\n\t\t/**\n\t\t * This object and its children fields contain details about text that has a special meaning in the user's description.\n\t\t *\n\t\t *To return this field, add `user.fields=entities` in the authorization request's query parameter.\n\t\t */\n\t\tentities?: {\n\t\t\t/** Contains details about the user's profile website. */\n\t\t\turl: {\n\t\t\t\t/** Contains details about the user's profile website. */\n\t\t\t\turls: Array<{\n\t\t\t\t\t/** The start position (zero-based) of the recognized user's profile website. All start indices are inclusive. */\n\t\t\t\t\tstart: number;\n\t\t\t\t\t/** The end position (zero-based) of the recognized user's profile website. This end index is exclusive. */\n\t\t\t\t\tend: number;\n\t\t\t\t\t/** The URL in the format entered by the user. */\n\t\t\t\t\turl: string;\n\t\t\t\t\t/** The fully resolved URL. */\n\t\t\t\t\texpanded_url: string;\n\t\t\t\t\t/** The URL as displayed in the user's profile. */\n\t\t\t\t\tdisplay_url: string;\n\t\t\t\t}>;\n\t\t\t};\n\t\t\t/** Contains details about URLs, Hashtags, Cashtags, or mentions located within a user's description. */\n\t\t\tdescription: {\n\t\t\t\thashtags: Array<{\n\t\t\t\t\tstart: number;\n\t\t\t\t\tend: number;\n\t\t\t\t\ttag: string;\n\t\t\t\t}>;\n\t\t\t};\n\t\t};\n\t\t/**\n\t\t * Indicate if this user is a verified Twitter user.\n\t\t *\n\t\t * To return this field, add `user.fields=verified` in the authorization request's query parameter.\n\t\t */\n\t\tverified?: boolean;\n\t\t/**\n\t\t * The text of this user's profile description (also known as bio), if the user provided one.\n\t\t *\n\t\t * To return this field, add `user.fields=description` in the authorization request's query parameter.\n\t\t */\n\t\tdescription?: string;\n\t\t/**\n\t\t * The URL specified in the user's profile, if present.\n\t\t *\n\t\t * To return this field, add `user.fields=url` in the authorization request's query parameter.\n\t\t */\n\t\turl?: string;\n\t\t/** The URL to the profile image for this user, as shown on the user's profile. */\n\t\tprofile_image_url?: string;\n\t\tprotected?: boolean;\n\t\t/**\n\t\t * Unique identifier of this user's pinned Tweet.\n\t\t *\n\t\t * You can obtain the expanded object in `includes.tweets` by adding `expansions=pinned_tweet_id` in the authorization request's query parameter.\n\t\t */\n\t\tpinned_tweet_id?: string;\n\t\tcreated_at?: string;\n\t};\n\tincludes?: {\n\t\ttweets?: Array<{\n\t\t\tid: string;\n\t\t\ttext: string;\n\t\t}>;\n\t};\n\t[claims: string]: unknown;\n}\n\nexport interface TwitterOption {\n\tclientId: string;\n\tclientSecret: string;\n\tredirectURI?: string;\n}\n\nexport const twitter = ({\n\tclientId,\n\tclientSecret,\n\tredirectURI,\n}: TwitterOption) => {\n\tconst twitterArctic = new Twitter(\n\t\tclientId,\n\t\tclientSecret,\n\t\tgetRedirectURI(\"twitter\", redirectURI),\n\t);\n\treturn {\n\t\tid: \"twitter\",\n\t\tname: \"Twitter\",\n\t\tcreateAuthorizationURL(data) {\n\t\t\tconst _scopes = data.scopes || [\"account_info.read\"];\n\t\t\treturn twitterArctic.createAuthorizationURL(\n\t\t\t\tdata.state,\n\t\t\t\tdata.codeVerifier,\n\t\t\t\t_scopes,\n\t\t\t);\n\t\t},\n\t\tvalidateAuthorizationCode: async (code, codeVerifier) => {\n\t\t\tif (!codeVerifier) {\n\t\t\t\tthrow new BetterAuthError(\"codeVerifier is required for Twitter\");\n\t\t\t}\n\t\t\treturn twitterArctic.validateAuthorizationCode(code, codeVerifier);\n\t\t},\n\t\tasync getUserInfo(token) {\n\t\t\tconst { data: profile, error } = await betterFetch<TwitterProfile>(\n\t\t\t\t\"https://api.x.com/2/users/me?user.fields=profile_image_url\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\theaders: {\n\t\t\t\t\t\tAuthorization: `Bearer ${token.accessToken}`,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t\tif (error) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tif (!profile.data.email) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tuser: {\n\t\t\t\t\tid: profile.data.id,\n\t\t\t\t\tname: profile.data.name,\n\t\t\t\t\temail: profile.data.email,\n\t\t\t\t\timage: profile.data.profile_image_url,\n\t\t\t\t\temailVerified: profile.data.verified || false,\n\t\t\t\t},\n\t\t\t\tdata: profile,\n\t\t\t};\n\t\t},\n\t} satisfies OAuthProvider<TwitterProfile>;\n};\n","import type { User } from \"../adapters/schema\";\nimport type { oAuthProviderList } from \"../social-providers\";\nimport type { LiteralString } from \"./helper\";\nimport { OAuth2Tokens } from \"arctic\";\n\nexport interface OAuthProvider<\n\tT extends Record<string, any> = Record<string, any>,\n> {\n\tid: LiteralString;\n\tcreateAuthorizationURL: (data: {\n\t\tstate: string;\n\t\tcodeVerifier: string;\n\t\tscopes?: string[];\n\t}) => URL;\n\tname: string;\n\tvalidateAuthorizationCode: (\n\t\tcode: string,\n\t\tcodeVerifier?: string,\n\t) => Promise<OAuth2Tokens>;\n\tgetUserInfo: (token: OAuth2Tokens) => Promise<{\n\t\tuser: Omit<User, \"createdAt\" | \"updatedAt\">;\n\t\tdata: T;\n\t} | null>;\n\trefreshAccessToken?: (refreshToken: string) => Promise<OAuth2Tokens>;\n\trevokeToken?: (token: string) => Promise<void>;\n}\n\nexport type OAuthProviderList = typeof oAuthProviderList;\n","import { apple } from \"./apple\";\nimport { discord } from \"./discord\";\nimport { facebook } from \"./facebook\";\nimport { github } from \"./github\";\nimport { google } from \"./google\";\nimport { spotify } from \"./spotify\";\nimport { twitch } from \"./twitch\";\nimport { twitter } from \"./twitter\";\n\nexport const oAuthProviders = {\n\tapple,\n\tdiscord,\n\tfacebook,\n\tgithub,\n\tgoogle,\n\tspotify,\n\ttwitch,\n\ttwitter,\n};\n\nexport const oAuthProviderList = Object.keys(oAuthProviders) as [\n\t\"github\",\n\t...(keyof typeof oAuthProviders)[],\n];\n\nexport * from \"./github\";\nexport * from \"./google\";\nexport * from \"./apple\";\nexport * from \"./discord\";\nexport * from \"./spotify\";\nexport * from \"./twitch\";\nexport * from \"./facebook\";\nexport * from \"./twitter\";\nexport * from \"../types/provider\";\n","import { generateState as generateStateOAuth } from \"oslo/oauth2\";\n\nexport function generateState(callbackURL?: string, currentURL?: string) {\n\tconst code = generateStateOAuth();\n\tconst state = `${code}!${callbackURL}!${currentURL}`;\n\treturn { state, code };\n}\n\nexport function parseState(state: string) {\n\tconst [code, callbackURL, currentURL] = state.split(\"!\");\n\treturn { code, callbackURL, currentURL };\n}\n","import type { Context } from \"better-call\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const getSession = createAuthEndpoint(\n\t\"/session\",\n\t{\n\t\tmethod: \"GET\",\n\t\trequireHeaders: true,\n\t},\n\tasync (ctx) => {\n\t\tconst sessionCookieToken = await ctx.getSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\tif (!sessionCookieToken) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst session =\n\t\t\tawait ctx.context.internalAdapter.findSession(sessionCookieToken);\n\t\tif (!session || session.session.expiresAt < new Date()) {\n\t\t\tctx.setSignedCookie(\n\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\"\",\n\t\t\t\tctx.context.secret,\n\t\t\t\t{\n\t\t\t\t\tmaxAge: 0,\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst updatedSession = await ctx.context.internalAdapter.updateSession(\n\t\t\tsession.session,\n\t\t);\n\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tupdatedSession.id,\n\t\t\tctx.context.secret,\n\t\t\t{\n\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\tmaxAge: updatedSession.expiresAt.valueOf() - Date.now(),\n\t\t\t},\n\t\t);\n\t\treturn ctx.json({\n\t\t\tsession: updatedSession,\n\t\t\tuser: session.user,\n\t\t});\n\t},\n);\n\nexport const getSessionFromCtx = async (ctx: Context<any, any>) => {\n\tconst session = await getSession({\n\t\t...ctx,\n\t\t//@ts-expect-error: By default since this request context comes from a router it'll have a `router` flag which force it to be a request object\n\t\t_flag: undefined,\n\t});\n\treturn session;\n};\n","import { APIError } from \"better-call\";\nimport { z } from \"zod\";\nimport { userSchema } from \"../../adapters/schema\";\nimport { HIDE_ON_CLIENT_METADATA } from \"../../client/client-utils\";\nimport { generateId } from \"../../utils/id\";\nimport { parseState } from \"../../utils/state\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const callbackOAuth = createAuthEndpoint(\n\t\"/callback/:id\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\tstate: z.string(),\n\t\t\tcode: z.string(),\n\t\t\tcode_verifier: z.string().optional(),\n\t\t}),\n\t\tmetadata: HIDE_ON_CLIENT_METADATA,\n\t},\n\tasync (c) => {\n\t\tconst provider = c.context.options.socialProvider?.find(\n\t\t\t(p) => p.id === c.params.id,\n\t\t);\n\t\tif (!provider) {\n\t\t\tc.context.logger.error(\n\t\t\t\t\"Oauth provider with id\",\n\t\t\t\tc.params.id,\n\t\t\t\t\"not found\",\n\t\t\t);\n\t\t\tthrow new APIError(\"NOT_FOUND\");\n\t\t}\n\t\tconst tokens = await provider.validateAuthorizationCode(\n\t\t\tc.query.code,\n\t\t\tc.query.code_verifier || \"\",\n\t\t);\n\t\tif (!tokens) {\n\t\t\tc.context.logger.error(\"Code verification failed\");\n\t\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t\t}\n\t\tconst user = await provider.getUserInfo(tokens).then((res) => res?.user);\n\t\tconst id = generateId();\n\t\tconst data = userSchema.safeParse({\n\t\t\t...user,\n\t\t\tid,\n\t\t});\n\t\tconst { callbackURL, currentURL } = parseState(c.query.state);\n\t\tif (!user || data.success === false) {\n\t\t\tif (currentURL) {\n\t\t\t\tthrow c.redirect(`${currentURL}?error=oauth_validation_failed`);\n\t\t\t} else {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\");\n\t\t\t}\n\t\t}\n\t\tif (!callbackURL) {\n\t\t\tc.context.logger.error(\"Callback URL not found\");\n\t\t\tthrow new APIError(\"FORBIDDEN\");\n\t\t}\n\t\t//find user in db\n\t\tconst dbUser = await c.context.internalAdapter.findUserByEmail(user.email);\n\t\tconst userId = dbUser?.user.id;\n\t\tif (dbUser) {\n\t\t\t//check if user has already linked this provider\n\t\t\tconst hasBeenLinked = dbUser.accounts.find(\n\t\t\t\t(a) => a.providerId === provider.id,\n\t\t\t);\n\t\t\tif (!hasBeenLinked && !user.emailVerified) {\n\t\t\t\tc.context.logger.error(\"User already exists\");\n\t\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\t\turl.searchParams.set(\"error\", \"user_already_exists\");\n\t\t\t\tthrow c.redirect(url.toString());\n\t\t\t}\n\n\t\t\tif (!hasBeenLinked && user.emailVerified) {\n\t\t\t\tawait c.context.internalAdapter.linkAccount({\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tid: `${provider.id}:${user.id}`,\n\t\t\t\t\tuserId: dbUser.user.id,\n\t\t\t\t\t...tokens,\n\t\t\t\t});\n\t\t\t}\n\t\t} else {\n\t\t\ttry {\n\t\t\t\tawait c.context.internalAdapter.createOAuthUser(data.data, {\n\t\t\t\t\t...tokens,\n\t\t\t\t\tid: `${provider.id}:${user.id}`,\n\t\t\t\t\tproviderId: provider.id,\n\t\t\t\t\taccountId: user.id,\n\t\t\t\t\tuserId: id,\n\t\t\t\t});\n\t\t\t} catch (e) {\n\t\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\t\turl.searchParams.set(\"error\", \"unable_to_create_user\");\n\t\t\t\tc.setHeader(\"Location\", url.toString());\n\t\t\t\tthrow c.redirect(url.toString());\n\t\t\t}\n\t\t}\n\t\t//this should never happen\n\t\tif (!userId && !id)\n\t\t\tthrow new APIError(\"INTERNAL_SERVER_ERROR\", {\n\t\t\t\tmessage: \"Unable to create user\",\n\t\t\t});\n\t\t//create session\n\t\tconst session = await c.context.internalAdapter.createSession(\n\t\t\tuserId || id,\n\t\t\tc.request,\n\t\t);\n\t\ttry {\n\t\t\tawait c.setSignedCookie(\n\t\t\t\tc.context.authCookies.sessionToken.name,\n\t\t\t\tsession.id,\n\t\t\t\tc.context.secret,\n\t\t\t\tc.context.authCookies.sessionToken.options,\n\t\t\t);\n\t\t} catch (e) {\n\t\t\tc.context.logger.error(\"Unable to set session cookie\", e);\n\t\t\tconst url = new URL(currentURL || callbackURL);\n\t\t\turl.searchParams.set(\"error\", \"unable_to_create_session\");\n\t\t\tthrow c.redirect(url.toString());\n\t\t}\n\t\tthrow c.redirect(callbackURL);\n\t},\n);\n","import { z } from \"zod\";\nimport type { FieldAttribute } from \"../db\";\nimport type { BetterAuthOptions } from \"../types\";\n\nexport const accountSchema = z.object({\n\tid: z.string(),\n\tproviderId: z.string(),\n\taccountId: z.string(),\n\tuserId: z.string(),\n\taccessToken: z.string().nullable().optional(),\n\trefreshToken: z.string().nullable().optional(),\n\tidToken: z.string().nullable().optional(),\n\taccessTokenExpiresAt: z.date().nullable().optional(),\n\trefreshTokenExpiresAt: z.date().nullable().optional(),\n\t/**\n\t * Password is only stored in the credential provider\n\t */\n\tpassword: z.string().optional().nullable(),\n});\n\nexport const userSchema = z.object({\n\tid: z.string(),\n\temail: z.string().transform((val) => val.toLowerCase()),\n\temailVerified: z.boolean().default(false),\n\tname: z.string(),\n\timage: z.string().optional(),\n\tcreatedAt: z.date().default(new Date()),\n\tupdatedAt: z.date().default(new Date()),\n});\n\nexport const sessionSchema = z.object({\n\tid: z.string(),\n\tuserId: z.string(),\n\texpiresAt: z.date(),\n\tipAddress: z.string().optional(),\n\tuserAgent: z.string().optional(),\n});\n\nexport type User = z.infer<typeof userSchema>;\nexport type Account = z.infer<typeof accountSchema>;\nexport type Session = z.infer<typeof sessionSchema>;\nexport interface MigrationTable {\n\tname: string;\n\ttimestamp: string;\n}\n\nexport function parseData<T extends Record<string, any>>(\n\tdata: T,\n\tschema: {\n\t\tfields: Record<string, FieldAttribute>;\n\t},\n) {\n\tconst fields = schema.fields;\n\tconst parsedData: Record<string, any> = {};\n\tfor (const key in data) {\n\t\tconst field = fields[key];\n\t\tif (!field) {\n\t\t\tparsedData[key] = data[key];\n\t\t\tcontinue;\n\t\t}\n\t\tif (field.returned === false) {\n\t\t\tcontinue;\n\t\t}\n\t\tparsedData[key] = data[key];\n\t}\n\treturn parsedData as T;\n}\n\nexport function getAllFields(options: BetterAuthOptions, table: string) {\n\tlet schema: Record<string, FieldAttribute> = {};\n\tfor (const plugin of options.plugins || []) {\n\t\tif (plugin.schema && plugin.schema[table]) {\n\t\t\tschema = {\n\t\t\t\t...schema,\n\t\t\t\t...plugin.schema[table].fields,\n\t\t\t};\n\t\t}\n\t}\n\treturn schema;\n}\n\nexport function parseUser(options: BetterAuthOptions, user: User) {\n\tconst schema = getAllFields(options, \"user\");\n\treturn parseData(user, { fields: schema });\n}\n\nexport function parseAccount(options: BetterAuthOptions, account: Account) {\n\tconst schema = getAllFields(options, \"account\");\n\treturn parseData(account, { fields: schema });\n}\n\nexport function parseSession(options: BetterAuthOptions, session: Session) {\n\tconst schema = getAllFields(options, \"session\");\n\treturn parseData(session, { fields: schema });\n}\n","export const HIDE_ON_CLIENT_METADATA = {\n\tonClient: \"hide\" as const,\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nexport const generateId = () => {\n\treturn generateRandomString(36, alphabet(\"a-z\", \"0-9\"));\n};\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const signOut = createAuthEndpoint(\n\t\"/sign-out\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z\n\t\t\t.object({\n\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t})\n\t\t\t.optional(),\n\t},\n\tasync (ctx) => {\n\t\tconst sessionCookieToken = await ctx.getSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tctx.context.secret,\n\t\t);\n\t\tif (!sessionCookieToken) {\n\t\t\treturn ctx.json(null);\n\t\t}\n\t\tawait ctx.context.internalAdapter.deleteSession(sessionCookieToken);\n\t\tctx.setCookie(ctx.context.authCookies.sessionToken.name, \"\", {\n\t\t\tmaxAge: 0,\n\t\t});\n\t\treturn ctx.json(null, {\n\t\t\tbody: {\n\t\t\t\tredirect: !!ctx.body?.callbackURL,\n\t\t\t\turl: ctx.body?.callbackURL,\n\t\t\t},\n\t\t});\n\t},\n);\n","import { TimeSpan } from \"oslo\";\nimport { createJWT } from \"oslo/jwt\";\nimport { validateJWT } from \"oslo/jwt\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const forgetPassword = createAuthEndpoint(\n\t\"/forget-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\t/**\n\t\t\t * The email address of the user to send a password reset email to.\n\t\t\t */\n\t\t\temail: z.string().email(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendResetPasswordToken) {\n\t\t\tctx.context.logger.error(\n\t\t\t\t\"Reset password isn't enabled.Please pass an emailAndPassword.sendResetPasswordToken function to your auth config!\",\n\t\t\t);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"RESET_PASSWORD_EMAIL_NOT_SENT\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Reset password isn't enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { email } = ctx.body;\n\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\tif (!user) {\n\t\t\treturn ctx.json(\n\t\t\t\t{\n\t\t\t\t\terror: \"User not found\",\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t);\n\t\t}\n\t\tconst token = await createJWT(\n\t\t\t\"HS256\",\n\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t{\n\t\t\t\temail: user.user.email,\n\t\t\t},\n\t\t\t{\n\t\t\t\texpiresIn: new TimeSpan(1, \"h\"),\n\t\t\t\tissuer: \"better-auth\",\n\t\t\t\tsubject: \"forget-password\",\n\t\t\t\taudiences: [user.user.email],\n\t\t\t\tincludeIssuedTimestamp: true,\n\t\t\t},\n\t\t);\n\t\tawait ctx.context.options.emailAndPassword.sendResetPasswordToken(\n\t\t\ttoken,\n\t\t\tuser.user,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const resetPassword = createAuthEndpoint(\n\t\"/reset-password\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\ttoken: z.string(),\n\t\t\tnewPassword: z.string(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst { token, newPassword } = ctx.body;\n\t\ttry {\n\t\t\tconst jwt = await validateJWT(\n\t\t\t\t\"HS256\",\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\ttoken,\n\t\t\t);\n\t\t\tconst email = z\n\t\t\t\t.string()\n\t\t\t\t.email()\n\t\t\t\t.parse((jwt.payload as { email: string }).email);\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t\tif (!user) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tif (\n\t\t\t\tnewPassword.length <\n\t\t\t\t\t(ctx.context.options.emailAndPassword?.minPasswordLength || 8) ||\n\t\t\t\tnewPassword.length >\n\t\t\t\t\t(ctx.context.options.emailAndPassword?.maxPasswordLength || 32)\n\t\t\t) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"INVALID_PASSWORD_LENGTH\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Password length must be between 8 and 32\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst argon2id = new Argon2id();\n\t\t\tconst hashedPassword = await argon2id.hash(newPassword);\n\t\t\tconst updatedUser = await ctx.context.internalAdapter.updatePassword(\n\t\t\t\tuser.user.id,\n\t\t\t\thashedPassword,\n\t\t\t);\n\t\t\tif (!updatedUser) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 500,\n\t\t\t\t\tstatusText: \"INTERNAL_SERVER_ERROR\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Internal server error\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t});\n\t\t} catch (e) {\n\t\t\tconsole.log(e);\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"INVALID_TOKEN\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invalid token\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t},\n);\n","import { TimeSpan } from \"oslo\";\nimport { createJWT, validateJWT } from \"oslo/jwt\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const sendVerificationEmail = createAuthEndpoint(\n\t\"/send-verification-email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\temail: z.string().email(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.sendVerificationEmail) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"VERIFICATION_EMAIL_NOT_SENT\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Verification email isn't enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { email } = ctx.body;\n\t\tconst token = await createJWT(\n\t\t\t\"HS256\",\n\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t{\n\t\t\t\temail: email.toLowerCase(),\n\t\t\t},\n\t\t\t{\n\t\t\t\texpiresIn: new TimeSpan(1, \"h\"),\n\t\t\t\tissuer: \"better-auth\",\n\t\t\t\tsubject: \"verify-email\",\n\t\t\t\taudiences: [email],\n\t\t\t\tincludeIssuedTimestamp: true,\n\t\t\t},\n\t\t);\n\t\tconst url = `${ctx.context.baseURL}/verify-email?token=${token}?callbackURL=${ctx.body.callbackURL}`;\n\t\tawait ctx.context.options.emailAndPassword.sendVerificationEmail(\n\t\t\temail,\n\t\t\turl,\n\t\t);\n\t\treturn ctx.json({\n\t\t\tstatus: true,\n\t\t});\n\t},\n);\n\nexport const verifyEmail = createAuthEndpoint(\n\t\"/verify-email\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\ttoken: z.string(),\n\t\t\tcallbackURL: z.string(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst { token } = ctx.query;\n\t\ttry {\n\t\t\tconst jwt = await validateJWT(\n\t\t\t\t\"HS256\",\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\ttoken,\n\t\t\t);\n\t\t\tconst schema = z.object({\n\t\t\t\temail: z.string().email(),\n\t\t\t});\n\t\t\tconst parsed = schema.parse(jwt.payload);\n\t\t\tconst user = await ctx.context.internalAdapter.findUserByEmail(\n\t\t\t\tparsed.email,\n\t\t\t);\n\t\t\tif (!user) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"USER_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"User not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst account = user.accounts.find((a) => a.providerId === \"credential\");\n\t\t\tif (!account) {\n\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\tstatus: 400,\n\t\t\t\t\tstatusText: \"ACCOUNT_NOT_FOUND\",\n\t\t\t\t\tbody: {\n\t\t\t\t\t\tmessage: \"Account not found\",\n\t\t\t\t\t},\n\t\t\t\t});\n\t\t\t}\n\t\t\tawait ctx.context.internalAdapter.updateUserByEmail(parsed.email, {\n\t\t\t\temailVerified: true,\n\t\t\t});\n\t\t\tif (ctx.query.callbackURL) {\n\t\t\t\tthrow ctx.redirect(ctx.query.callbackURL);\n\t\t\t}\n\t\t\treturn ctx.json({\n\t\t\t\tstatus: true,\n\t\t\t});\n\t\t} catch (e) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tstatusText: \"INVALID_TOKEN\",\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invalid token\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t},\n);\n","import type { AuthContext } from \"../init\";\n\nexport const shimContext = <T extends Record<string, any>>(\n\toriginalObject: T,\n\tnewContext: Record<string, any>,\n) => {\n\tconst shimmedObj: Record<string, any> = {};\n\tfor (const [key, value] of Object.entries(originalObject)) {\n\t\tshimmedObj[key] = (ctx: Record<string, any>) => {\n\t\t\treturn value({\n\t\t\t\t...ctx,\n\t\t\t\tcontext: {\n\t\t\t\t\t...newContext,\n\t\t\t\t\t...ctx.context,\n\t\t\t\t},\n\t\t\t});\n\t\t};\n\t\tshimmedObj[key].path = value.path;\n\t\tshimmedObj[key].method = value.method;\n\t\tshimmedObj[key].options = value.options;\n\t\tshimmedObj[key].headers = value.headers;\n\t}\n\treturn shimmedObj as T;\n};\n\nexport const shimEndpoint = (ctx: AuthContext, value: any) => {\n\treturn async (context: any) => {\n\t\tfor (const plugin of ctx.options.plugins || []) {\n\t\t\tif (plugin.hooks?.before) {\n\t\t\t\tfor (const hook of plugin.hooks.before) {\n\t\t\t\t\tconst match = hook.matcher({\n\t\t\t\t\t\t...context,\n\t\t\t\t\t\t...value,\n\t\t\t\t\t});\n\t\t\t\t\tif (match) {\n\t\t\t\t\t\tconst hookRes = await hook.handler(context);\n\t\t\t\t\t\tif (hookRes && \"context\" in hookRes) {\n\t\t\t\t\t\t\tcontext = {\n\t\t\t\t\t\t\t\t...context,\n\t\t\t\t\t\t\t\t...hookRes.context,\n\t\t\t\t\t\t\t\t...value,\n\t\t\t\t\t\t\t};\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t//@ts-ignore\n\t\tconst endpointRes = value({\n\t\t\t...context,\n\t\t\tcontext: {\n\t\t\t\t...ctx,\n\t\t\t\t...context.context,\n\t\t\t},\n\t\t});\n\t\tlet response = endpointRes;\n\t\tfor (const plugin of ctx.options.plugins || []) {\n\t\t\tif (plugin.hooks?.after) {\n\t\t\t\tfor (const hook of plugin.hooks.after) {\n\t\t\t\t\tconst match = hook.matcher(context);\n\t\t\t\t\tif (match) {\n\t\t\t\t\t\tconst obj = Object.assign(context, {\n\t\t\t\t\t\t\treturned: endpointRes,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst hookRes = await hook.handler(obj);\n\t\t\t\t\t\tif (hookRes && \"response\" in hookRes) {\n\t\t\t\t\t\t\tresponse = hookRes.response as any;\n\t\t\t\t\t\t}\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn response;\n\t};\n};\n","export * from \"./src/access\";\nexport * from \"./src/types\";\nexport * from \"./statement\";\nexport * from \"./utils\";\n","import type { StatementsPrimitive as Statements, Subset } from \"./types\";\n\nexport class ParsingError extends Error {\n\tpublic readonly path: string;\n\tconstructor(message: string, path: string) {\n\t\tsuper(message);\n\t\tthis.path = path;\n\t}\n}\n\ntype Connector = \"OR\" | \"AND\";\n\nexport class AccessControl<TStatements extends Statements = Statements> {\n\tprivate readonly statements: TStatements;\n\tconstructor(private readonly s: TStatements) {\n\t\tthis.statements = s;\n\t}\n\tpublic newRole<K extends keyof TStatements>(\n\t\tstatements: Subset<K, TStatements>,\n\t) {\n\t\treturn new Role<Subset<K, TStatements>>(statements);\n\t}\n}\n\nexport type AuthortizeResponse =\n\t| { success: false; error: string }\n\t| { success: true; error?: never };\n\nexport class Role<TStatements extends Statements> {\n\tpublic readonly statements: TStatements;\n\n\tconstructor(statements: TStatements) {\n\t\tthis.statements = statements;\n\t}\n\n\tpublic authorize<K extends keyof TStatements>(\n\t\trequest: Subset<K, TStatements>,\n\t\tconnector?: Connector,\n\t): AuthortizeResponse {\n\t\tfor (const [requestedResource, requestedActions] of Object.entries(\n\t\t\trequest,\n\t\t)) {\n\t\t\tconst allowedActions = this.statements[requestedResource];\n\t\t\tif (!allowedActions) {\n\t\t\t\treturn {\n\t\t\t\t\tsuccess: false,\n\t\t\t\t\terror: `You are not allowed to access resource: ${requestedResource}`,\n\t\t\t\t};\n\t\t\t}\n\t\t\tconst success =\n\t\t\t\tconnector === \"OR\"\n\t\t\t\t\t? (requestedActions as string[]).some((requestedAction) =>\n\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t)\n\t\t\t\t\t: (requestedActions as string[]).every((requestedAction) =>\n\t\t\t\t\t\t\tallowedActions.includes(requestedAction),\n\t\t\t\t\t\t);\n\t\t\tif (success) {\n\t\t\t\treturn { success };\n\t\t\t}\n\t\t\treturn {\n\t\t\t\tsuccess: false,\n\t\t\t\terror: `unauthorized to access resource \"${requestedResource}\"`,\n\t\t\t};\n\t\t}\n\t\treturn {\n\t\t\tsuccess: false,\n\t\t\terror: \"Not authorized\",\n\t\t};\n\t}\n\n\tstatic fromString<TStatements extends Statements>(s: string) {\n\t\tconst statements = JSON.parse(s) as TStatements;\n\n\t\tif (typeof statements !== \"object\") {\n\t\t\tthrow new ParsingError(\"statements is not an object\", \".\");\n\t\t}\n\t\tfor (const [resource, actions] of Object.entries(statements)) {\n\t\t\tif (typeof resource !== \"string\") {\n\t\t\t\tthrow new ParsingError(\"invalid resource identifier\", resource);\n\t\t\t}\n\t\t\tif (!Array.isArray(actions)) {\n\t\t\t\tthrow new ParsingError(\"actions is not an array\", resource);\n\t\t\t}\n\t\t\tfor (let i = 0; i < actions.length; i++) {\n\t\t\t\tif (typeof actions[i] !== \"string\") {\n\t\t\t\t\tthrow new ParsingError(\"action is not a string\", `${resource}[${i}]`);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\treturn new Role<TStatements>(statements);\n\t}\n\n\tpublic toString(): string {\n\t\treturn JSON.stringify(this.statements);\n\t}\n}\n","import { AccessControl } from \"./src/access\";\nimport type { StatementsPrimitive } from \"./src/types\";\n\nexport const createAccessControl = <S extends StatementsPrimitive>(\n\tstatements: S,\n) => {\n\treturn new AccessControl<S>(statements);\n};\n\nexport const defaultStatements = {\n\torganization: [\"update\", \"delete\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n\tinvitation: [\"create\", \"cancel\"],\n} as const;\n\nexport const defaultAc = createAccessControl(defaultStatements);\n\nexport const adminAc = defaultAc.newRole({\n\torganization: [\"update\"],\n\tinvitation: [\"create\", \"cancel\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n});\n\nexport const ownerAc = defaultAc.newRole({\n\torganization: [\"update\", \"delete\"],\n\tmember: [\"create\", \"update\", \"delete\"],\n\tinvitation: [\"create\", \"cancel\"],\n});\n\nexport const memberAc = defaultAc.newRole({\n\torganization: [],\n\tmember: [],\n\tinvitation: [],\n});\n\nexport const defaultRoles = {\n\tadmin: adminAc,\n\towner: ownerAc,\n\tmember: memberAc,\n};\n","import { Role } from \"./src/access\";\n\nexport const permissionFromString = (permission?: string) => {\n\treturn Role.fromString(permission ?? \"\");\n};\n","export const getDate = (span: number) => {\n\tconst date = new Date();\n\treturn new Date(date.getTime() + span);\n};\n","import type { Session, User } from \"../../adapters/schema\";\nimport type { Adapter } from \"../../types/adapter\";\nimport { getDate } from \"../../utils/date\";\nimport { generateId } from \"../../utils/id\";\nimport type { OrganizationOptions } from \"./organization\";\nimport type { Invitation, Member, Organization } from \"./schema\";\n\nexport const getOrgAdapter = (\n\tadapter: Adapter,\n\toptions?: OrganizationOptions,\n) => {\n\treturn {\n\t\tfindOrganizationBySlug: async (slug: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"slug\",\n\t\t\t\t\t\tvalue: slug,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tcreateOrganization: async (data: {\n\t\t\torganization: Organization;\n\t\t\tuser: User;\n\t\t}) => {\n\t\t\tconst organization = await adapter.create<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\tdata: data.organization,\n\t\t\t});\n\t\t\tconst member = await adapter.create<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\tdata: {\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\tname: data.user.name,\n\t\t\t\t\torganizationId: organization.id,\n\t\t\t\t\tuserId: data.user.id,\n\t\t\t\t\temail: data.user.email,\n\t\t\t\t\trole: options?.creatorRole || \"owner\",\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn {\n\t\t\t\t...organization,\n\t\t\t\tmembers: [member],\n\t\t\t};\n\t\t},\n\t\tfindMemberByEmail: async (data: {\n\t\t\temail: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"email\",\n\t\t\t\t\t\tvalue: data.email,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tfindMemberByOrgId: async (data: {\n\t\t\tuserId: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: data.userId,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tfindMemberById: async (memberId: string) => {\n\t\t\tconst member = await adapter.findOne<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tcreateMember: async (data: Member) => {\n\t\t\tconst member = await adapter.create<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\tdata: data,\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tupdateMember: async (memberId: string, role: string) => {\n\t\t\tconst member = await adapter.update<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\trole,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tdeleteMember: async (memberId: string) => {\n\t\t\tconst member = await adapter.delete<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: memberId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn member;\n\t\t},\n\t\tupdateOrganization: async (orgId: string, data: Partial<Organization>) => {\n\t\t\tconst organization = await adapter.update<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: data,\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tdeleteOrganization: async (orgId: string) => {\n\t\t\tconst organization = await adapter.delete<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tsetActiveOrganization: async (sessionId: string, orgId: string | null) => {\n\t\t\tconst session = await adapter.update<Session>({\n\t\t\t\tmodel: \"session\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: sessionId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\tactiveOrganizationId: orgId,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn session;\n\t\t},\n\t\tfindOrganizationById: async (orgId: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn organization;\n\t\t},\n\t\tfindFullOrganization: async (orgId: string) => {\n\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\tmodel: \"organization\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tif (!organization) {\n\t\t\t\treturn null;\n\t\t\t}\n\t\t\tconst members = await adapter.findMany<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tconst invitations = await adapter.findMany<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: orgId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn {\n\t\t\t\t...organization,\n\t\t\t\tmembers,\n\t\t\t\tinvitations,\n\t\t\t};\n\t\t},\n\t\tlistOrganizations: async (userId: string) => {\n\t\t\tconst members = await adapter.findMany<Member>({\n\t\t\t\tmodel: \"member\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\tvalue: userId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\tconst organizationIds = members?.map((member) => member.organizationId);\n\t\t\tconsole.log({ organizationIds });\n\t\t\tif (!organizationIds) {\n\t\t\t\treturn [];\n\t\t\t}\n\t\t\tconst organizations: Organization[] = [];\n\t\t\tfor (const id of organizationIds) {\n\t\t\t\tconst organization = await adapter.findOne<Organization>({\n\t\t\t\t\tmodel: \"organization\",\n\t\t\t\t\twhere: [\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\tvalue: id,\n\t\t\t\t\t\t},\n\t\t\t\t\t],\n\t\t\t\t});\n\t\t\t\tif (organization) {\n\t\t\t\t\torganizations.push(organization);\n\t\t\t\t}\n\t\t\t}\n\t\t\treturn organizations;\n\t\t},\n\t\tcreateInvitation: async ({\n\t\t\tinvitation,\n\t\t\tuser,\n\t\t}: {\n\t\t\tinvitation: {\n\t\t\t\temail: string;\n\t\t\t\trole: \"admin\" | \"member\" | \"owner\";\n\t\t\t\torganizationId: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t}) => {\n\t\t\tconst defaultExpiration = 1000 * 60 * 60 * 48;\n\t\t\tconst expiresAt = getDate(\n\t\t\t\toptions?.invitationExpiresIn || defaultExpiration,\n\t\t\t);\n\t\t\tconst invite = await adapter.create<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\tdata: {\n\t\t\t\t\tid: generateId(),\n\t\t\t\t\temail: invitation.email,\n\t\t\t\t\trole: invitation.role,\n\t\t\t\t\torganizationId: invitation.organizationId,\n\t\t\t\t\tstatus: \"pending\",\n\t\t\t\t\texpiresAt,\n\t\t\t\t\tinviterId: user.id,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn invite;\n\t\t},\n\t\tfindInvitationById: async (id: string) => {\n\t\t\tconst invitation = await adapter.findOne<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: id,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn invitation;\n\t\t},\n\t\tfindPendingInvitation: async (data: {\n\t\t\temail: string;\n\t\t\torganizationId: string;\n\t\t}) => {\n\t\t\tconst invitation = await adapter.findMany<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"email\",\n\t\t\t\t\t\tvalue: data.email,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"organizationId\",\n\t\t\t\t\t\tvalue: data.organizationId,\n\t\t\t\t\t},\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"status\",\n\t\t\t\t\t\tvalue: \"pending\",\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t});\n\t\t\treturn invitation.filter(\n\t\t\t\t(invite) => new Date(invite.expiresAt) > new Date(),\n\t\t\t);\n\t\t},\n\t\tupdateInvitation: async (data: {\n\t\t\tinvitationId: string;\n\t\t\tstatus: \"accepted\" | \"canceled\" | \"rejected\";\n\t\t}) => {\n\t\t\tconst invitation = await adapter.update<Invitation>({\n\t\t\t\tmodel: \"invitation\",\n\t\t\t\twhere: [\n\t\t\t\t\t{\n\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\tvalue: data.invitationId,\n\t\t\t\t\t},\n\t\t\t\t],\n\t\t\t\tupdate: {\n\t\t\t\t\tstatus: data.status,\n\t\t\t\t},\n\t\t\t});\n\t\t\treturn invitation;\n\t\t},\n\t};\n};\n","import { APIError, type Context, createEndpointCreator } from \"better-call\";\nimport type { Session, User } from \"../../adapters/schema\";\nimport { createAuthMiddleware, optionsMiddleware } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport type { Role, defaultRoles } from \"./access\";\nimport type { OrganizationOptions } from \"./organization\";\n\nexport const orgMiddleware = createAuthMiddleware(async (ctx) => {\n\treturn {} as {\n\t\torgOptions: OrganizationOptions;\n\t\troles: typeof defaultRoles & {\n\t\t\t[key: string]: Role<{}>;\n\t\t};\n\t\tgetSession: (context: Context<any, any>) => Promise<{\n\t\t\tsession: Session & {\n\t\t\t\tactiveOrganizationId?: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t}>;\n\t};\n});\n\nexport const orgSessionMiddleware = createAuthMiddleware(\n\t{\n\t\tuse: [sessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\t//@ts-expect-error: fix this later on better-call repo. Session middleware will return session in the context.\n\t\tconst session = ctx.context.session as {\n\t\t\tsession: Session & {\n\t\t\t\tactiveOrganizationId?: string;\n\t\t\t};\n\t\t\tuser: User;\n\t\t};\n\t\treturn {\n\t\t\tsession,\n\t\t};\n\t},\n);\n","import { APIError } from \"better-call\";\nimport { createAuthMiddleware } from \"../call\";\nimport { getSessionFromCtx } from \"../routes\";\n\nexport const sessionMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst session = await getSessionFromCtx(ctx);\n\tif (!session?.session) {\n\t\tthrow new APIError(\"UNAUTHORIZED\");\n\t}\n\treturn {\n\t\tsession,\n\t};\n});\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { getSessionFromCtx } from \"../../../api/routes\";\nimport { generateId } from \"../../../utils/id\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\nimport { role } from \"../schema\";\n\nexport const createInvitation = createAuthEndpoint(\n\t\"/organization/invite-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t\tbody: z.object({\n\t\t\temail: z.string(),\n\t\t\trole: role,\n\t\t\torganizationId: z.string().optional(),\n\t\t\tresend: z.boolean().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId =\n\t\t\tctx.body.organizationId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canInvite = role.authorize({\n\t\t\tinvitation: [\"create\"],\n\t\t});\n\t\tif (canInvite.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to invite users to this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst alreadyMember = await adapter.findMemberByEmail({\n\t\t\temail: ctx.body.email,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (alreadyMember) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is already a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst alreadyInvited = await adapter.findPendingInvitation({\n\t\t\temail: ctx.body.email,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (alreadyInvited.length && !ctx.body.resend) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is already invited to this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst invitation = await adapter.createInvitation({\n\t\t\tinvitation: {\n\t\t\t\trole: ctx.body.role,\n\t\t\t\temail: ctx.body.email,\n\t\t\t\torganizationId: orgId,\n\t\t\t},\n\t\t\tuser: session.user,\n\t\t});\n\t\tawait ctx.context.orgOptions.sendInvitationEmail?.(\n\t\t\tinvitation,\n\t\t\tctx.body.email,\n\t\t);\n\t\treturn ctx.json(invitation);\n\t},\n);\n\nexport const acceptInvitation = createAuthEndpoint(\n\t\"/organization/accept-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.expiresAt < new Date() ||\n\t\t\tinvitation.status !== \"pending\"\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst acceptedI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"accepted\",\n\t\t});\n\t\tconst member = await adapter.createMember({\n\t\t\tid: generateId(),\n\t\t\torganizationId: invitation.organizationId,\n\t\t\tuserId: session.user.id,\n\t\t\temail: invitation.email,\n\t\t\trole: invitation.role,\n\t\t\tname: session.user.name,\n\t\t});\n\t\treturn ctx.json({\n\t\t\tinvitation: acceptedI,\n\t\t\tmember,\n\t\t});\n\t},\n);\nexport const rejectInvitation = createAuthEndpoint(\n\t\"/organization/reject-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.expiresAt < new Date() ||\n\t\t\tinvitation.status !== \"pending\"\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst rejectedI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"rejected\",\n\t\t});\n\t\treturn ctx.json({\n\t\t\tinvitation: rejectedI,\n\t\t\tmember: null,\n\t\t});\n\t},\n);\n\nexport const cancelInvitation = createAuthEndpoint(\n\t\"/organization/cancel-invitation\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tinvitationId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.body.invitationId);\n\t\tif (!invitation) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: invitation.organizationId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canCancel = ctx.context.roles[member.role].authorize({\n\t\t\tinvitation: [\"cancel\"],\n\t\t});\n\t\tif (canCancel.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 403,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to cancel this invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canceledI = await adapter.updateInvitation({\n\t\t\tinvitationId: ctx.body.invitationId,\n\t\t\tstatus: \"canceled\",\n\t\t});\n\t\treturn ctx.json(canceledI);\n\t},\n);\n\nexport const getActiveInvitation = createAuthEndpoint(\n\t\"/organization/get-active-invitation\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [orgMiddleware],\n\t\tquery: z.object({\n\t\t\tid: z.string(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tconst session = await getSessionFromCtx(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User not logged in\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst invitation = await adapter.findInvitationById(ctx.query.id);\n\t\tif (\n\t\t\t!invitation ||\n\t\t\tinvitation.status !== \"pending\" ||\n\t\t\tinvitation.expiresAt < new Date()\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Invitation not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (invitation.email !== session.user.email) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not the repentant of the invitation\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst organization = await adapter.findOrganizationById(\n\t\t\tinvitation.organizationId,\n\t\t);\n\t\tif (!organization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: invitation.inviterId,\n\t\t\torganizationId: invitation.organizationId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Inviter is no longer a member of this organization\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\treturn ctx.json({\n\t\t\t...invitation,\n\t\t\torganizationName: organization.name,\n\t\t\torganizationSlug: organization.slug,\n\t\t\tinviterEmail: member.email,\n\t\t\tinviterName: member.name,\n\t\t});\n\t},\n);\n","import { z } from \"zod\";\n\nexport const role = z.enum([\"admin\", \"member\", \"owner\"]);\nexport const invitationStatus = z\n\t.enum([\"pending\", \"accepted\", \"rejected\", \"canceled\"])\n\t.default(\"pending\");\nexport const organizationSchema = z.object({\n\tid: z.string(),\n\tname: z.string(),\n\tslug: z.string(),\n});\n\nexport const memberSchema = z.object({\n\tid: z.string(),\n\tname: z.string(),\n\temail: z.string(),\n\torganizationId: z.string(),\n\tuserId: z.string(),\n\trole,\n});\n\nexport const invitationSchema = z.object({\n\tid: z.string(),\n\torganizationId: z.string(),\n\temail: z.string(),\n\trole,\n\tstatus: invitationStatus,\n\t/**\n\t * The id of the user who invited the user.\n\t */\n\tinviterId: z.string(),\n\texpiresAt: z.date(),\n});\n\nexport type Organization = z.infer<typeof organizationSchema>;\nexport type Member = z.infer<typeof memberSchema>;\nexport type Invitation = z.infer<typeof invitationSchema>;\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\n\nexport const removeMember = createAuthEndpoint(\n\t\"/organization/remove-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tmemberId: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"No active organization found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tif (\n\t\t\tsession.user.id === member.userId &&\n\t\t\tmember.role === (ctx.context.orgOptions?.creatorRole || \"owner\")\n\t\t) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You cannot delete yourself\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canDeleteMember = role.authorize({\n\t\t\tmember: [\"delete\"],\n\t\t});\n\t\tif (canDeleteMember.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to delete this member\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst existing = await adapter.findMemberById(ctx.body.memberId);\n\t\tif (existing?.organizationId !== orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst deletedMember = await adapter.deleteMember(ctx.body.memberId);\n\t\tif (\n\t\t\tsession.user.id === existing.userId &&\n\t\t\tsession.session.activeOrganizationId === existing.organizationId\n\t\t) {\n\t\t\tawait adapter.setActiveOrganization(session.session.id, null);\n\t\t}\n\t\treturn ctx.json(deletedMember);\n\t},\n);\n\nexport const updateMember = createAuthEndpoint(\n\t\"/organization/update-member\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tmemberId: z.string(),\n\t\t\trole: z.string(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"No active organization found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Member not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canUpdateMember = role.authorize({\n\t\t\tmember: [\"update\"],\n\t\t});\n\t\tif (canUpdateMember.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to update this member\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst updatedMember = await adapter.updateMember(\n\t\t\tctx.body.memberId,\n\t\t\tctx.body.role,\n\t\t);\n\t\treturn ctx.json(updatedMember);\n\t},\n);\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { generateId } from \"../../../utils/id\";\nimport { getOrgAdapter } from \"../adapter\";\nimport { orgMiddleware, orgSessionMiddleware } from \"../call\";\n\nexport const createOrganization = createAuthEndpoint(\n\t\"/organization/create\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string(),\n\t\t\tslug: z.string(),\n\t\t\tuserId: z.string().optional(),\n\t\t}),\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst user = ctx.context.session.user;\n\t\tif (!user) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst options = ctx.context.orgOptions;\n\t\tconst canCreateOrg =\n\t\t\ttypeof options?.allowUserToCreateOrganization === \"function\"\n\t\t\t\t? await options.allowUserToCreateOrganization(user)\n\t\t\t\t: options?.allowUserToCreateOrganization === undefined\n\t\t\t\t\t? true\n\t\t\t\t\t: options.allowUserToCreateOrganization;\n\t\tif (!canCreateOrg) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 403,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to create organizations\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, options);\n\t\tconst existingOrganization = await adapter.findOrganizationBySlug(\n\t\t\tctx.body.slug,\n\t\t);\n\t\tif (existingOrganization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization with this slug already exists\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst organization = await adapter.createOrganization({\n\t\t\torganization: {\n\t\t\t\tid: generateId(),\n\t\t\t\tslug: ctx.body.slug,\n\t\t\t\tname: ctx.body.name,\n\t\t\t},\n\t\t\tuser,\n\t\t});\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const updateOrganization = createAuthEndpoint(\n\t\"/organization/update\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string().optional(),\n\t\t\tslug: z.string().optional(),\n\t\t\torgId: z.string().optional(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = await ctx.context.getSession(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst orgId = ctx.body.orgId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canUpdateOrg = role.authorize({\n\t\t\torganization: [\"update\"],\n\t\t});\n\t\tif (canUpdateOrg.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to update this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tconst updatedOrg = await adapter.updateOrganization(orgId, ctx.body);\n\t\treturn ctx.json(updatedOrg);\n\t},\n);\n\nexport const deleteOrganization = createAuthEndpoint(\n\t\"/organization/delete\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\torgId: z.string(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = await ctx.context.getSession(ctx);\n\t\tif (!session) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 401,\n\t\t\t});\n\t\t}\n\t\tconst orgId = ctx.body.orgId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst member = await adapter.findMemberByOrgId({\n\t\t\tuserId: session.user.id,\n\t\t\torganizationId: orgId,\n\t\t});\n\t\tif (!member) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User is not a member of this organization!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst role = ctx.context.roles[member.role];\n\t\tif (!role) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Role not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst canDeleteOrg = role.authorize({\n\t\t\torganization: [\"delete\"],\n\t\t});\n\t\tif (canDeleteOrg.error) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"You are not allowed to delete this organization\",\n\t\t\t\t},\n\t\t\t\tstatus: 403,\n\t\t\t});\n\t\t}\n\t\tif (orgId === session.session.activeOrganizationId) {\n\t\t\t/**\n\t\t\t * If the organization is deleted, we set the active organization to null\n\t\t\t */\n\t\t\tawait adapter.setActiveOrganization(session.session.id, null);\n\t\t}\n\t\tconst deletedOrg = await adapter.deleteOrganization(orgId);\n\t\treturn ctx.json(deletedOrg);\n\t},\n);\n\nexport const getFullOrganization = createAuthEndpoint(\n\t\"/organization/full\",\n\t{\n\t\tmethod: \"GET\",\n\t\tquery: z.object({\n\t\t\torgId: z.string().optional(),\n\t\t}),\n\t\trequireHeaders: true,\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = ctx.query.orgId || session.session.activeOrganizationId;\n\t\tif (!orgId) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization id not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst organization = await adapter.findFullOrganization(orgId);\n\t\tif (!organization) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 404,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Organization not found!\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const setActiveOrganization = createAuthEndpoint(\n\t\"/organization/set-active\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\torgId: z.string(),\n\t\t}),\n\t\tuse: [sessionMiddleware, orgMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst session = ctx.context.session;\n\t\tconst orgId = ctx.body.orgId;\n\t\tawait adapter.setActiveOrganization(session.session.id, orgId);\n\t\tconst organization = await adapter.findFullOrganization(orgId);\n\t\treturn ctx.json(organization);\n\t},\n);\n\nexport const listOrganization = createAuthEndpoint(\n\t\"/organization/list\",\n\t{\n\t\tmethod: \"GET\",\n\t\tuse: [orgMiddleware, orgSessionMiddleware],\n\t},\n\tasync (ctx) => {\n\t\tconst adapter = getOrgAdapter(ctx.context.adapter, ctx.context.orgOptions);\n\t\tconst organizations = await adapter.listOrganizations(\n\t\t\tctx.context.session.user.id,\n\t\t);\n\t\treturn ctx.json(organizations);\n\t},\n);\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint, createAuthMiddleware } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport { hs256, symmetricEncrypt } from \"../../crypto\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { backupCode2fa, generateBackupCodes } from \"./backup-codes\";\nimport { otp2fa } from \"./otp\";\nimport { totp2fa } from \"./totp\";\n\nimport type { TwoFactorOptions, UserWithTwoFactor } from \"./types\";\nimport type { Session } from \"../../adapters/schema\";\n\nexport const twoFactor = <O extends TwoFactorOptions>(options: O) => {\n\tconst totp = totp2fa({\n\t\tissuer: options.issuer,\n\t\t...options.totpOptions,\n\t});\n\tconst backupCode = backupCode2fa(options.backupCodeOptions);\n\tconst otp = otp2fa(options.otpOptions);\n\tconst providers = [totp, backupCode, otp];\n\treturn {\n\t\tid: \"two-factor\",\n\t\tendpoints: {\n\t\t\t...totp.endpoints,\n\t\t\t...otp.endpoints,\n\t\t\t...backupCode.endpoints,\n\t\t\tenableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/enable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst secret = generateRandomString(16, alphabet(\"a-z\", \"0-9\", \"-\"));\n\t\t\t\t\tconst encryptedSecret = await symmetricEncrypt({\n\t\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\t\tdata: secret,\n\t\t\t\t\t});\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\toptions.backupCodeOptions,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorSecret: encryptedSecret,\n\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t\ttwoFactorBackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t\tdisableTwoFactor: createAuthEndpoint(\n\t\t\t\t\"/two-factor/disable\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorEnabled: false,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\toptions: options,\n\t\thooks: {\n\t\t\tafter: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/email\" ||\n\t\t\t\t\t\t\tcontext.path === \"/sign-in/username\"\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: createAuthMiddleware(async (ctx) => {\n\t\t\t\t\t\tconst returned = (await (ctx as any).returned) as Response;\n\t\t\t\t\t\tif (returned?.status !== 200) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst response = (await returned.json()) as {\n\t\t\t\t\t\t\tuser: UserWithTwoFactor;\n\t\t\t\t\t\t\tsession: Session;\n\t\t\t\t\t\t};\n\t\t\t\t\t\tif (!response.user.twoFactorEnabled) {\n\t\t\t\t\t\t\treturn;\n\t\t\t\t\t\t}\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * remove the session cookie. It's set by the sign in credential\n\t\t\t\t\t\t */\n\t\t\t\t\t\tctx.setCookie(ctx.context.authCookies.sessionToken.name, \"\", {\n\t\t\t\t\t\t\tpath: \"/\",\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsecure: false,\n\t\t\t\t\t\t\tmaxAge: 0,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst hash = await hs256(ctx.context.secret, response.session.id);\n\t\t\t\t\t\t/**\n\t\t\t\t\t\t * We set the user id and the session\n\t\t\t\t\t\t * id as a hash. Later will fetch for\n\t\t\t\t\t\t * sessions with the user id compare\n\t\t\t\t\t\t * the hash and set that as session.\n\t\t\t\t\t\t */\n\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\t\"better-auth.two-factor\",\n\t\t\t\t\t\t\t`${response.session.userId}!${hash}`,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tconst res = new Response(\n\t\t\t\t\t\t\tJSON.stringify({\n\t\t\t\t\t\t\t\ttwoFactorRedirect: true,\n\t\t\t\t\t\t\t}),\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\theaders: ctx.responseHeader,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t\treturn {\n\t\t\t\t\t\t\tresponse: res,\n\t\t\t\t\t\t};\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t\tschema: {\n\t\t\tuser: {\n\t\t\t\tfields: {\n\t\t\t\t\ttwoFactorEnabled: {\n\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tdefaultValue: false,\n\t\t\t\t\t},\n\t\t\t\t\ttwoFactorSecret: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\ttwoFactorBackupCodes: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\treturned: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n\nexport * from \"./client\";\n","import { xchacha20poly1305 } from \"@noble/ciphers/chacha\";\nimport { bytesToHex, hexToBytes, utf8ToBytes } from \"@noble/ciphers/utils\";\nimport { managedNonce } from \"@noble/ciphers/webcrypto\";\nimport { sha256 } from \"@noble/hashes/sha256\";\n\nexport async function hs256(secretKey: string, message: string) {\n\tconst enc = new TextEncoder();\n\tconst algorithm = { name: \"HMAC\", hash: \"SHA-256\" };\n\tconst key = await crypto.subtle.importKey(\n\t\t\"raw\",\n\t\tenc.encode(secretKey),\n\t\talgorithm,\n\t\tfalse,\n\t\t[\"sign\", \"verify\"],\n\t);\n\tconst signature = await crypto.subtle.sign(\n\t\talgorithm.name,\n\t\tkey,\n\t\tenc.encode(message),\n\t);\n\treturn btoa(String.fromCharCode(...new Uint8Array(signature)));\n}\n\nexport type SymmetricEncryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricEncrypt = ({ key, data }: SymmetricEncryptOptions) => {\n\tconst keyAsBytes = sha256(key);\n\tconst dataAsBytes = utf8ToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(keyAsBytes);\n\treturn bytesToHex(chacha.encrypt(dataAsBytes));\n};\n\nexport type SymmetricDecryptOptions = {\n\tkey: string;\n\tdata: string;\n};\n\nexport const symmetricDecrypt = ({ key, data }: SymmetricDecryptOptions) => {\n\tconst keyAsBytes = sha256(key);\n\tconst dataAsBytes = hexToBytes(data);\n\tconst chacha = managedNonce(xchacha20poly1305)(keyAsBytes);\n\treturn chacha.decrypt(dataAsBytes);\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { symmetricDecrypt, symmetricEncrypt } from \"../../../crypto\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport interface BackupCodeOptions {\n\t/**\n\t * The amount of backup codes to generate\n\t *\n\t * @default 10\n\t */\n\tamount?: number;\n\t/**\n\t * The length of the backup codes\n\t *\n\t * @default 10\n\t */\n\tlength?: number;\n\tcustomBackupCodesGenerate?: () => string[];\n}\n\nfunction generateBackupCodesFn(options?: BackupCodeOptions) {\n\treturn Array.from({ length: options?.amount ?? 10 })\n\t\t.fill(null)\n\t\t.map(() =>\n\t\t\tgenerateRandomString(options?.length ?? 10, alphabet(\"a-z\", \"0-9\")),\n\t\t)\n\t\t.map((code) => `${code.slice(0, 5)}-${code.slice(5)}`);\n}\n\nexport async function generateBackupCodes(\n\tsecret: string,\n\toptions?: BackupCodeOptions,\n) {\n\tconst key = secret;\n\tconst backupCodes = options?.customBackupCodesGenerate\n\t\t? options.customBackupCodesGenerate()\n\t\t: generateBackupCodesFn();\n\tconst encCodes = symmetricEncrypt({\n\t\tdata: JSON.stringify(backupCodes),\n\t\tkey: key,\n\t});\n\treturn {\n\t\tbackupCodes,\n\t\tencryptedBackupCodes: encCodes,\n\t};\n}\n\nexport async function verifyBackupCode(\n\tdata: {\n\t\tuser: UserWithTwoFactor;\n\t\tcode: string;\n\t},\n\tkey: string,\n) {\n\tconst codes = await getBackupCodes(data.user, key);\n\tif (!codes) {\n\t\treturn false;\n\t}\n\treturn codes.includes(data.code);\n}\n\nexport async function getBackupCodes(user: UserWithTwoFactor, key: string) {\n\tconst secret = Buffer.from(\n\t\tawait symmetricDecrypt({ key, data: user.twoFactorBackupCodes }),\n\t).toString(\"utf-8\");\n\tconst data = JSON.parse(secret);\n\tconst result = z.array(z.string()).safeParse(data);\n\tif (result.success) {\n\t\treturn result.data;\n\t}\n\treturn null;\n}\n\nexport const backupCode2fa = (options?: BackupCodeOptions) => {\n\treturn {\n\t\tid: \"backup_code\",\n\t\tendpoints: {\n\t\t\tverifyBackupCode: createAuthEndpoint(\n\t\t\t\t\"/two-factor/verify-backup-code\",\n\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tcode: z.string(),\n\t\t\t\t\t}),\n\t\t\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst validate = verifyBackupCode(\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tuser: ctx.context.session.user,\n\t\t\t\t\t\t\tcode: ctx.body.code,\n\t\t\t\t\t\t},\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!validate) {\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{ status: false },\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t),\n\t\t\tgenerateBackupCodes: createAuthEndpoint(\n\t\t\t\t\"/two-factor/generate-backup-codes\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst backupCodes = await generateBackupCodes(\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\toptions,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.context.adapter.update({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\ttwoFactorEnabled: true,\n\t\t\t\t\t\t\ttwoFactorBackupCodes: backupCodes.encryptedBackupCodes,\n\t\t\t\t\t\t},\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: ctx.context.session.user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: backupCodes.backupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tviewBackupCodes: createAuthEndpoint(\n\t\t\t\t\"/view/backup-codes\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\t\t\tconst backupCodes = getBackupCodes(user, ctx.context.secret);\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\tbackupCodes: backupCodes,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import { APIError } from \"better-call\";\nimport type { Session } from \"../../adapters/schema\";\nimport { createAuthMiddleware } from \"../../api/call\";\nimport { hs256 } from \"../../crypto\";\nimport { TWO_FACTOR_COOKIE_NAME } from \"./constant\";\nimport type { UserWithTwoFactor } from \"./types\";\n\nexport const verifyTwoFactorMiddleware = createAuthMiddleware(async (ctx) => {\n\tconst cookie = await ctx.getSignedCookie(\n\t\tTWO_FACTOR_COOKIE_NAME,\n\t\tctx.context.secret,\n\t);\n\tif (!cookie) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"two factor isn't enabled\",\n\t\t});\n\t}\n\tconst [userId, hash] = cookie.split(\"!\");\n\tif (!userId || !hash) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid two factor cookie\",\n\t\t});\n\t}\n\tconst sessions = await ctx.context.adapter.findMany<Session>({\n\t\tmodel: \"session\",\n\t\twhere: [\n\t\t\t{\n\t\t\t\tfield: \"userId\",\n\t\t\t\tvalue: userId,\n\t\t\t},\n\t\t],\n\t});\n\tif (!sessions.length) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid session\",\n\t\t});\n\t}\n\tconst activeSessions = sessions.filter(\n\t\t(session) => session.expiresAt > new Date(),\n\t);\n\tif (!activeSessions) {\n\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\tmessage: \"invalid session\",\n\t\t});\n\t}\n\tfor (const session of activeSessions) {\n\t\tconst hashToMatch = await hs256(ctx.context.secret, session.id);\n\t\tconst user = await ctx.context.adapter.findOne<UserWithTwoFactor>({\n\t\t\tmodel: \"user\",\n\t\t\twhere: [\n\t\t\t\t{\n\t\t\t\t\tfield: \"id\",\n\t\t\t\t\tvalue: session.userId,\n\t\t\t\t},\n\t\t\t],\n\t\t});\n\t\tif (!user) {\n\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\tmessage: \"invalid session\",\n\t\t\t});\n\t\t}\n\t\tif (hashToMatch === hash) {\n\t\t\treturn {\n\t\t\t\tvalid: async () => {\n\t\t\t\t\t/**\n\t\t\t\t\t * Set the session cookie\n\t\t\t\t\t */\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\tsession.id,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t);\n\t\t\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\tstatus: true,\n\t\t\t\t\t\t\tcallbackURL: ctx.body.callbackURL,\n\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\n\t\t\t\t\treturn ctx.json({ status: true });\n\t\t\t\t},\n\t\t\t\tinvalid: async () => {\n\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t{ status: false },\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Invalid code\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t},\n\t\t\t\tsession: {\n\t\t\t\t\tid: session.id,\n\t\t\t\t\tuserId: session.userId,\n\t\t\t\t\texpiresAt: session.expiresAt,\n\t\t\t\t\tuser,\n\t\t\t\t},\n\t\t\t};\n\t\t}\n\t}\n\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\tmessage: \"invalid two factor authentication\",\n\t});\n});\n","export const TWO_FACTOR_COOKIE_NAME = \"better-auth.two-factor\";\nexport const OTP_RANDOM_NUMBER_COOKIE_NAME = \"otp.counter\";\n","import { APIError } from \"better-call\";\nimport { generateRandomInteger } from \"oslo/crypto\";\nimport { generateHOTP } from \"oslo/otp\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { OTP_RANDOM_NUMBER_COOKIE_NAME } from \"../constant\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport interface OTPOptions {\n\t/**\n\t * How long the opt will be valid for\n\t *\n\t * @default \"5 mins\"\n\t */\n\tperiod?: number;\n\tsendOTP: (user: UserWithTwoFactor, otp: string) => Promise<void>;\n}\n\n/**\n * The otp adapter is created from the totp adapter.\n */\nexport const otp2fa = (options?: OTPOptions) => {\n\t/**\n\t * Generate OTP and send it to the user.\n\t */\n\tconst send2FaOTP = createAuthEndpoint(\n\t\t\"/two-factor/send-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options || !options.sendOTP) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"otp isn't configured. please pass otp option on two factor plugin to enable otp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"otp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst randomNumber = generateRandomInteger(100000);\n\t\t\tconst otp = await generateHOTP(\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\trandomNumber,\n\t\t\t);\n\t\t\tawait options.sendOTP(ctx.context.session.user as UserWithTwoFactor, otp);\n\t\t\tconst cookie = ctx.context.createAuthCookie(\n\t\t\t\tOTP_RANDOM_NUMBER_COOKIE_NAME,\n\t\t\t\t{\n\t\t\t\t\tmaxAge: options.period,\n\t\t\t\t},\n\t\t\t);\n\t\t\tawait ctx.setSignedCookie(\n\t\t\t\tcookie.name,\n\t\t\t\trandomNumber.toString(),\n\t\t\t\tctx.context.secret,\n\t\t\t\tcookie.options,\n\t\t\t);\n\t\t\treturn ctx.json({ status: true });\n\t\t},\n\t);\n\n\tconst verifyOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-otp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: z.object({\n\t\t\t\tcode: z.string(),\n\t\t\t}),\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tconst user = ctx.context.session.user;\n\t\t\tif (!user.twoFactorEnabled) {\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"two factor isn't enabled\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst cookie = ctx.context.createAuthCookie(\n\t\t\t\tOTP_RANDOM_NUMBER_COOKIE_NAME,\n\t\t\t);\n\t\t\tconst randomNumber = await ctx.getSignedCookie(\n\t\t\t\tcookie.name,\n\t\t\t\tctx.context.secret,\n\t\t\t);\n\t\t\tif (!randomNumber) {\n\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\tmessage: \"OTP is expired\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst toCheckOtp = await generateHOTP(\n\t\t\t\tBuffer.from(ctx.context.secret),\n\t\t\t\tparseInt(randomNumber),\n\t\t\t);\n\t\t\tif (toCheckOtp === ctx.body.code) {\n\t\t\t\tctx.setCookie(cookie.name, \"\", {\n\t\t\t\t\tpath: \"/\",\n\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\thttpOnly: true,\n\t\t\t\t\tsecure: false,\n\t\t\t\t\tmaxAge: 0,\n\t\t\t\t});\n\t\t\t\treturn ctx.context.valid();\n\t\t\t} else {\n\t\t\t\treturn ctx.context.invalid();\n\t\t\t}\n\t\t},\n\t);\n\treturn {\n\t\tid: \"otp\",\n\t\tendpoints: {\n\t\t\tsend2FaOTP,\n\t\t\tverifyOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import { APIError } from \"better-call\";\nimport { TimeSpan } from \"oslo\";\nimport { TOTPController, createTOTPKeyURI } from \"oslo/otp\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../../api/call\";\nimport { sessionMiddleware } from \"../../../api/middlewares/session\";\nimport { symmetricDecrypt } from \"../../../crypto\";\nimport type { BackupCodeOptions } from \"../backup-codes\";\nimport { verifyTwoFactorMiddleware } from \"../verify-middleware\";\nimport type { TwoFactorProvider, UserWithTwoFactor } from \"../types\";\n\nexport type TOTPOptions = {\n\t/**\n\t * Issuer\n\t */\n\tissuer: string;\n\t/**\n\t * How many digits the otp to be\n\t *\n\t * @default 6\n\t */\n\tdigits?: 6 | 8;\n\t/**\n\t * Period for otp in seconds.\n\t * @default 30\n\t */\n\tperiod?: number;\n\t/**\n\t * Backup codes configuration\n\t */\n\tbackupCodes?: BackupCodeOptions;\n};\n\nexport const totp2fa = (options: TOTPOptions) => {\n\tconst opts = {\n\t\tdigits: 6,\n\t\tperiod: new TimeSpan(options?.period || 30, \"s\"),\n\t};\n\n\tconst generateTOTP = createAuthEndpoint(\n\t\t\"/totp/generate\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tuse: [sessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst session = ctx.context.session.user as UserWithTwoFactor;\n\t\t\tconst totp = new TOTPController(opts);\n\t\t\tconst code = await totp.generate(Buffer.from(session.twoFactorSecret));\n\t\t\treturn { code };\n\t\t},\n\t);\n\n\tconst getTOTPURI = createAuthEndpoint(\n\t\t\"/two-factor/get-totp-uri\",\n\t\t{\n\t\t\tmethod: \"GET\",\n\t\t\tuse: [sessionMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst user = ctx.context.session.user as UserWithTwoFactor;\n\t\t\treturn {\n\t\t\t\ttotpURI: createTOTPKeyURI(\n\t\t\t\t\toptions?.issuer || \"BetterAuth\",\n\t\t\t\t\tuser.email,\n\t\t\t\t\tBuffer.from(user.twoFactorSecret),\n\t\t\t\t\topts,\n\t\t\t\t),\n\t\t\t};\n\t\t},\n\t);\n\n\tconst verifyTOTP = createAuthEndpoint(\n\t\t\"/two-factor/verify-totp\",\n\t\t{\n\t\t\tmethod: \"POST\",\n\t\t\tbody: z.object({\n\t\t\t\tcode: z.string(),\n\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t}),\n\t\t\tuse: [verifyTwoFactorMiddleware],\n\t\t},\n\t\tasync (ctx) => {\n\t\t\tif (!options) {\n\t\t\t\tctx.context.logger.error(\n\t\t\t\t\t\"totp isn't configured. please pass totp option on two factor plugin to enable totp\",\n\t\t\t\t);\n\t\t\t\tthrow new APIError(\"BAD_REQUEST\", {\n\t\t\t\t\tmessage: \"totp isn't configured\",\n\t\t\t\t});\n\t\t\t}\n\t\t\tconst totp = new TOTPController(opts);\n\t\t\tconst secret = Buffer.from(\n\t\t\t\tawait symmetricDecrypt({\n\t\t\t\t\tkey: ctx.context.secret,\n\t\t\t\t\tdata: ctx.context.session.user.twoFactorSecret,\n\t\t\t\t}),\n\t\t\t);\n\t\t\tconst status = await totp.verify(ctx.body.code, secret);\n\t\t\tif (!status) {\n\t\t\t\treturn ctx.context.invalid();\n\t\t\t}\n\t\t\treturn ctx.context.valid();\n\t\t},\n\t);\n\treturn {\n\t\tid: \"totp\",\n\t\tendpoints: {\n\t\t\tgenerateTOTP: generateTOTP,\n\t\t\tviewTOTPURI: getTOTPURI,\n\t\t\tverifyTOTP,\n\t\t},\n\t} satisfies TwoFactorProvider;\n};\n","import type { BetterFetch, BetterFetchPlugin } from \"@better-fetch/fetch\";\nimport type { Endpoint } from \"better-call\";\nimport type { AuthProxySignal } from \"./proxy\";\nimport type { Atom, PreinitializedWritableAtom } from \"nanostores\";\nimport type { BetterAuthPlugin } from \"../types/plugins\";\nimport type { AuthPlugin } from \"./type\";\nimport type { useAuthStore as reactStore } from \"./react\";\nimport type { useAuthStore as vueStore } from \"./vue\";\nimport type { useAuthStore as preactStore } from \"./preact\";\n\nexport const createClientPlugin = <E extends BetterAuthPlugin = never>() => {\n\treturn <\n\t\tActions extends Record<string, any>,\n\t\tIntegrations extends {\n\t\t\treact?: (useStore: typeof reactStore) => Record<string, any>;\n\t\t\tvue?: (useStore: typeof vueStore) => Record<string, any>;\n\t\t\tpreact?: (useStore: typeof preactStore) => Record<string, any>;\n\t\t\tsvelte?: () => Record<string, any>;\n\t\t},\n\t>(\n\t\t$fn: ($fetch: BetterFetch) => {\n\t\t\tid: string;\n\t\t\tactions?: Actions;\n\t\t\tauthProxySignal?: AuthProxySignal[];\n\t\t\tsignals?: Record<string, PreinitializedWritableAtom<boolean>>;\n\t\t\tatoms?: Record<string, Atom<any>>;\n\t\t\tintegrations?: Integrations;\n\t\t\tpathMethods?: Record<string, \"POST\" | \"GET\">;\n\t\t\tfetchPlugins?: BetterFetchPlugin[];\n\t\t},\n\t) => {\n\t\treturn ($fetch: BetterFetch) => {\n\t\t\tconst data = $fn($fetch);\n\t\t\treturn {\n\t\t\t\t...data,\n\t\t\t\tintegrations: data.integrations as Integrations,\n\t\t\t\tplugin: {} as E,\n\t\t\t};\n\t\t};\n\t};\n};\n\nexport interface AuthClientPlugin {\n\tid: string;\n\tendpoint: Record<string, Endpoint>;\n}\n","import { createClientPlugin } from \"../../client/create-client-plugin\";\nimport type { twoFactor as twoFa } from \"../../plugins/two-factor\";\n\nexport const twoFactorClient = (\n\toptions: {\n\t\ttwoFactorPage: string;\n\t\t/**\n\t\t * Redirect to the two factor page. If twoFactorPage\n\t\t * is not set this will redirect to the root path.\n\t\t * @default true\n\t\t */\n\t\tredirect?: boolean;\n\t} = {\n\t\tredirect: true,\n\t\ttwoFactorPage: \"/\",\n\t},\n) => {\n\treturn createClientPlugin<ReturnType<typeof twoFa>>()(($fetch) => {\n\t\treturn {\n\t\t\tid: \"two-factor\",\n\t\t\tauthProxySignal: [\n\t\t\t\t{\n\t\t\t\t\tmatcher: (path) =>\n\t\t\t\t\t\tpath === \"/two-factor/enable\" || path === \"/two-factor/send-otp\",\n\t\t\t\t\tatom: \"$sessionSignal\",\n\t\t\t\t},\n\t\t\t],\n\t\t\tpathMethods: {\n\t\t\t\t\"enable/totp\": \"POST\",\n\t\t\t\t\"/two-factor/disable\": \"POST\",\n\t\t\t\t\"/two-factor/enable\": \"POST\",\n\t\t\t\t\"/two-factor/send-otp\": \"POST\",\n\t\t\t},\n\t\t\tfetchPlugins: [\n\t\t\t\t{\n\t\t\t\t\tid: \"two-factor\",\n\t\t\t\t\tname: \"two-factor\",\n\t\t\t\t\thooks: {\n\t\t\t\t\t\tasync onSuccess(context) {\n\t\t\t\t\t\t\tif (context.data?.twoFactorRedirect) {\n\t\t\t\t\t\t\t\tif (options.redirect) {\n\t\t\t\t\t\t\t\t\twindow.location.href = options.twoFactorPage;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t}\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t};\n\t});\n};\n","import {\n\tgenerateAuthenticationOptions,\n\tgenerateRegistrationOptions,\n\tverifyAuthenticationResponse,\n\tverifyRegistrationResponse,\n} from \"@simplewebauthn/server\";\nimport type {\n\tAuthenticationResponseJSON,\n\tAuthenticatorTransportFuture,\n\tCredentialDeviceType,\n\tPublicKeyCredentialCreationOptionsJSON,\n} from \"@simplewebauthn/types\";\nimport { APIError } from \"better-call\";\nimport { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport { sessionMiddleware } from \"../../api/middlewares/session\";\nimport { getSessionFromCtx } from \"../../api/routes\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\n\nexport interface PasskeyOptions {\n\t/**\n\t * A unique identifier for your website. 'localhost' is okay for\n\t * local dev\n\t */\n\trpID: string;\n\t/**\n\t * Human-readable title for your website\n\t */\n\trpName: string;\n\t/**\n\t * The URL at which registrations and authentications should occur.\n\t * 'http://localhost' and 'http://localhost:PORT' are also valid.\n\t * Do NOT include any trailing /\n\t *\n\t * if this isn't provided. The client itself will\n\t * pass this value.\n\t */\n\torigin?: string | null;\n\t/**\n\t * Advanced options\n\t */\n\tadvanced?: {\n\t\twebAuthnChallengeCookie?: string;\n\t};\n}\n\nexport type WebAuthnCookieType = {\n\texpectedChallenge: string;\n\tuserData: { id: string; email: string };\n\tcallbackURL?: string;\n};\n\nexport type Passkey = {\n\tid: string;\n\tpublicKey: string;\n\tuserId: string;\n\twebauthnUserID: string;\n\tcounter: number;\n\tdeviceType: CredentialDeviceType;\n\tbackedUp: boolean;\n\ttransports?: string;\n\tcreatedAt: Date;\n};\n\nexport const passkey = (options: PasskeyOptions) => {\n\tconst opts = {\n\t\torigin: null,\n\t\t...options,\n\t\trpID: process.env.NODE_ENV === \"development\" ? \"localhost\" : options.rpID,\n\t\tadvanced: {\n\t\t\twebAuthnChallengeCookie: \"better-auth-passkey\",\n\t\t\t...options.advanced,\n\t\t},\n\t};\n\tconst webAuthnChallengeCookieExpiration = 60 * 60 * 24; // 24 hours\n\treturn {\n\t\tid: \"passkey\",\n\t\tendpoints: {\n\t\t\tgeneratePasskeyRegistrationOptions: createAuthEndpoint(\n\t\t\t\t\"/passkey/generate-register-options\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"GET\",\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t\tmetadata: {\n\t\t\t\t\t\tclient: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst session = ctx.context.session;\n\t\t\t\t\tconst userPasskeys = await ctx.context.adapter.findMany<Passkey>({\n\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: session.user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tconst userID = new Uint8Array(\n\t\t\t\t\t\tBuffer.from(generateRandomString(32, alphabet(\"a-z\", \"0-9\"))),\n\t\t\t\t\t);\n\t\t\t\t\tlet options: PublicKeyCredentialCreationOptionsJSON;\n\t\t\t\t\toptions = await generateRegistrationOptions({\n\t\t\t\t\t\trpName: opts.rpName,\n\t\t\t\t\t\trpID: opts.rpID,\n\t\t\t\t\t\tuserID,\n\t\t\t\t\t\tuserName: session.user.email || session.user.id,\n\t\t\t\t\t\tattestationType: \"none\",\n\t\t\t\t\t\texcludeCredentials: userPasskeys.map((passkey) => ({\n\t\t\t\t\t\t\tid: passkey.id,\n\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t})),\n\t\t\t\t\t\tauthenticatorSelection: {\n\t\t\t\t\t\t\tresidentKey: \"preferred\",\n\t\t\t\t\t\t\tuserVerification: \"preferred\",\n\t\t\t\t\t\t\tauthenticatorAttachment: \"platform\",\n\t\t\t\t\t\t},\n\t\t\t\t\t});\n\t\t\t\t\t/**\n\t\t\t\t\t * set challenge on cookies\n\t\t\t\t\t */\n\t\t\t\t\tconst data: WebAuthnCookieType = {\n\t\t\t\t\t\texpectedChallenge: options.challenge,\n\t\t\t\t\t\tuserData: {\n\t\t\t\t\t\t\t...session.user,\n\t\t\t\t\t\t\temail: session.user.email || session.user.id,\n\t\t\t\t\t\t},\n\t\t\t\t\t};\n\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tJSON.stringify(data),\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tsecure: true,\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\tmaxAge: webAuthnChallengeCookieExpiration,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json(options, {\n\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tgeneratePasskeyAuthenticationOptions: createAuthEndpoint(\n\t\t\t\t\"/passkey/generate-authenticate-options\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z\n\t\t\t\t\t\t.object({\n\t\t\t\t\t\t\temail: z.string().optional(),\n\t\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t\t})\n\t\t\t\t\t\t.optional(),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst session = await getSessionFromCtx(ctx);\n\t\t\t\t\tlet userPasskeys: Passkey[] = [];\n\t\t\t\t\tif (session) {\n\t\t\t\t\t\tuserPasskeys = await ctx.context.adapter.findMany<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\t\tvalue: session.user.id,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst options = await generateAuthenticationOptions({\n\t\t\t\t\t\trpID: opts.rpID,\n\t\t\t\t\t\tuserVerification: \"preferred\",\n\t\t\t\t\t\t...(userPasskeys.length\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\tallowCredentials: userPasskeys.map((passkey) => ({\n\t\t\t\t\t\t\t\t\t\tid: passkey.id,\n\t\t\t\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t\t\t\t})),\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: {}),\n\t\t\t\t\t});\n\t\t\t\t\t/**\n\t\t\t\t\t * set challenge on cookies\n\t\t\t\t\t */\n\t\t\t\t\tconst data: WebAuthnCookieType = {\n\t\t\t\t\t\texpectedChallenge: options.challenge,\n\t\t\t\t\t\tuserData: {\n\t\t\t\t\t\t\temail: session?.user.email || session?.user.id || \"\",\n\t\t\t\t\t\t\tid: session?.user.id || \"\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tcallbackURL: ctx.body?.callbackURL,\n\t\t\t\t\t};\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tJSON.stringify(data),\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tsecure: true,\n\t\t\t\t\t\t\thttpOnly: true,\n\t\t\t\t\t\t\tsameSite: \"lax\",\n\t\t\t\t\t\t\tmaxAge: webAuthnChallengeCookieExpiration,\n\t\t\t\t\t\t},\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json(options, {\n\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tverifyPasskeyRegistration: createAuthEndpoint(\n\t\t\t\t\"/passkey/verify-registration\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tresponse: z.any(),\n\t\t\t\t\t}),\n\t\t\t\t\tuse: [sessionMiddleware],\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst origin = options.origin || ctx.headers?.get(\"origin\") || \"\";\n\t\t\t\t\tif (!origin) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst resp = ctx.body.response;\n\t\t\t\t\tconst challengeString = await ctx.getSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!challengeString) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst { userData, expectedChallenge } = JSON.parse(\n\t\t\t\t\t\tchallengeString,\n\t\t\t\t\t) as WebAuthnCookieType;\n\n\t\t\t\t\tif (userData.id !== ctx.context.session.user.id) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"You are not authorized to register this passkey\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst verification = await verifyRegistrationResponse({\n\t\t\t\t\t\t\tresponse: resp,\n\t\t\t\t\t\t\texpectedChallenge,\n\t\t\t\t\t\t\texpectedOrigin: origin,\n\t\t\t\t\t\t\texpectedRPID: options.rpID,\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst { verified, registrationInfo } = verification;\n\t\t\t\t\t\tif (!verified || !registrationInfo) {\n\t\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst {\n\t\t\t\t\t\t\tcredentialID,\n\t\t\t\t\t\t\tcredentialPublicKey,\n\t\t\t\t\t\t\tcounter,\n\t\t\t\t\t\t\tcredentialDeviceType,\n\t\t\t\t\t\t\tcredentialBackedUp,\n\t\t\t\t\t\t} = registrationInfo;\n\t\t\t\t\t\tconst pubKey = Buffer.from(credentialPublicKey).toString(\"base64\");\n\t\t\t\t\t\tconst userID = generateRandomString(32, alphabet(\"a-z\", \"0-9\"));\n\t\t\t\t\t\tconst newPasskey: Passkey = {\n\t\t\t\t\t\t\tuserId: userData.id,\n\t\t\t\t\t\t\twebauthnUserID: userID,\n\t\t\t\t\t\t\tid: credentialID,\n\t\t\t\t\t\t\tpublicKey: pubKey,\n\t\t\t\t\t\t\tcounter,\n\t\t\t\t\t\t\tdeviceType: credentialDeviceType,\n\t\t\t\t\t\t\ttransports: resp.response.transports.join(\",\"),\n\t\t\t\t\t\t\tbackedUp: credentialBackedUp,\n\t\t\t\t\t\t\tcreatedAt: new Date(),\n\t\t\t\t\t\t};\n\t\t\t\t\t\tconst newPasskeyRes = await ctx.context.adapter.create<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\tdata: newPasskey,\n\t\t\t\t\t\t});\n\t\t\t\t\t\treturn ctx.json(newPasskeyRes, {\n\t\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t\t});\n\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\tconsole.log(e);\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Registration failed\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t),\n\t\t\tverifyPasskeyAuthentication: createAuthEndpoint(\n\t\t\t\t\"/passkey/verify-authentication\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tresponse: z.any(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst origin = options.origin || ctx.headers?.get(\"origin\") || \"\";\n\t\t\t\t\tif (!origin) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst resp = ctx.body.response;\n\t\t\t\t\tconst challengeString = await ctx.getSignedCookie(\n\t\t\t\t\t\topts.advanced.webAuthnChallengeCookie,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t);\n\t\t\t\t\tif (!challengeString) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst { expectedChallenge, callbackURL } = JSON.parse(\n\t\t\t\t\t\tchallengeString,\n\t\t\t\t\t) as WebAuthnCookieType;\n\t\t\t\t\tconst passkey = await ctx.context.adapter.findOne<Passkey>({\n\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\tvalue: resp.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!passkey) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Passkey not found\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\ttry {\n\t\t\t\t\t\tconst verification = await verifyAuthenticationResponse({\n\t\t\t\t\t\t\tresponse: resp as AuthenticationResponseJSON,\n\t\t\t\t\t\t\texpectedChallenge,\n\t\t\t\t\t\t\texpectedOrigin: origin,\n\t\t\t\t\t\t\texpectedRPID: opts.rpID,\n\t\t\t\t\t\t\tauthenticator: {\n\t\t\t\t\t\t\t\tcredentialID: passkey.id,\n\t\t\t\t\t\t\t\tcredentialPublicKey: new Uint8Array(\n\t\t\t\t\t\t\t\t\tBuffer.from(passkey.publicKey, \"base64\"),\n\t\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\t\tcounter: passkey.counter,\n\t\t\t\t\t\t\t\ttransports: passkey.transports?.split(\n\t\t\t\t\t\t\t\t\t\",\",\n\t\t\t\t\t\t\t\t) as AuthenticatorTransportFuture[],\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst { verified } = verification;\n\t\t\t\t\t\tif (!verified)\n\t\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\t\tstatus: 401,\n\t\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\t\tmessage: \"verification failed\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t});\n\n\t\t\t\t\t\tawait ctx.context.adapter.update<Passkey>({\n\t\t\t\t\t\t\tmodel: \"passkey\",\n\t\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t\t\t\tvalue: passkey.id,\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t],\n\t\t\t\t\t\t\tupdate: {\n\t\t\t\t\t\t\t\tcounter: verification.authenticationInfo.newCounter,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t\tconst s = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\t\tpasskey.userId,\n\t\t\t\t\t\t\tctx.request,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\t\ts.id,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t);\n\t\t\t\t\t\tif (callbackURL) {\n\t\t\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\t\t\turl: callbackURL,\n\t\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t\t\tsession: s,\n\t\t\t\t\t\t\t});\n\t\t\t\t\t\t}\n\t\t\t\t\t\treturn ctx.json(\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tsession: s,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tstatus: 200,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t);\n\t\t\t\t\t} catch (e) {\n\t\t\t\t\t\tctx.context.logger.error(e);\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Authentication failed\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\t\tschema: {\n\t\t\tpasskey: {\n\t\t\t\tfields: {\n\t\t\t\t\tpublicKey: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tuserId: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\treferences: {\n\t\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\t\tfield: \"id\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\twebauthnUserID: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tcounter: {\n\t\t\t\t\t\ttype: \"number\",\n\t\t\t\t\t},\n\t\t\t\t\tdeviceType: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t},\n\t\t\t\t\tbackedUp: {\n\t\t\t\t\t\ttype: \"boolean\",\n\t\t\t\t\t},\n\t\t\t\t\ttransports: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t\tcreatedAt: {\n\t\t\t\t\t\ttype: \"date\",\n\t\t\t\t\t\tdefaultValue: new Date(),\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n\nexport * from \"./client\";\n","import type { BetterFetch } from \"@better-fetch/fetch\";\nimport {\n\tWebAuthnError,\n\tstartAuthentication,\n\tstartRegistration,\n} from \"@simplewebauthn/browser\";\nimport type {\n\tPublicKeyCredentialCreationOptionsJSON,\n\tPublicKeyCredentialRequestOptionsJSON,\n} from \"@simplewebauthn/types\";\nimport type { Session } from \"inspector\";\nimport type { User } from \"../../adapters/schema\";\nimport type { passkey as passkeyPl, Passkey } from \"../../plugins\";\nimport { createClientPlugin } from \"../../client/create-client-plugin\";\n\nexport const getPasskeyActions = ($fetch: BetterFetch) => {\n\tconst signInPasskey = async (opts?: {\n\t\tautoFill?: boolean;\n\t\temail?: string;\n\t\tcallbackURL?: string;\n\t}) => {\n\t\tconst response = await $fetch<PublicKeyCredentialRequestOptionsJSON>(\n\t\t\t\"/passkey/generate-authenticate-options\",\n\t\t\t{\n\t\t\t\tmethod: \"POST\",\n\t\t\t\tbody: {\n\t\t\t\t\temail: opts?.email,\n\t\t\t\t},\n\t\t\t},\n\t\t);\n\t\tif (!response.data) {\n\t\t\treturn response;\n\t\t}\n\t\ttry {\n\t\t\tconst res = await startAuthentication(\n\t\t\t\tresponse.data,\n\t\t\t\topts?.autoFill || false,\n\t\t\t);\n\t\t\tconst verified = await $fetch<{\n\t\t\t\tsession: Session;\n\t\t\t\tuser: User;\n\t\t\t}>(\"/passkey/verify-authentication\", {\n\t\t\t\tbody: {\n\t\t\t\t\tresponse: res,\n\t\t\t\t\ttype: \"authenticate\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!verified.data) {\n\t\t\t\treturn verified;\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tconsole.log(e);\n\t\t}\n\t};\n\n\tconst registerPasskey = async () => {\n\t\tconst options = await $fetch<PublicKeyCredentialCreationOptionsJSON>(\n\t\t\t\"/passkey/generate-register-options\",\n\t\t\t{\n\t\t\t\tmethod: \"GET\",\n\t\t\t},\n\t\t);\n\t\tif (!options.data) {\n\t\t\treturn options;\n\t\t}\n\t\ttry {\n\t\t\tconst res = await startRegistration(options.data);\n\t\t\tconst verified = await $fetch<{\n\t\t\t\tpasskey: Passkey;\n\t\t\t}>(\"/passkey/verify-registration\", {\n\t\t\t\tbody: {\n\t\t\t\t\tresponse: res,\n\t\t\t\t\ttype: \"register\",\n\t\t\t\t},\n\t\t\t});\n\t\t\tif (!verified.data) {\n\t\t\t\treturn verified;\n\t\t\t}\n\t\t} catch (e) {\n\t\t\tif (e instanceof WebAuthnError) {\n\t\t\t\tif (e.code === \"ERROR_AUTHENTICATOR_PREVIOUSLY_REGISTERED\") {\n\t\t\t\t\treturn {\n\t\t\t\t\t\tdata: null,\n\t\t\t\t\t\terror: {\n\t\t\t\t\t\t\tmessage: \"previously registered\",\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tstatusText: \"BAD_REQUEST\",\n\t\t\t\t\t\t},\n\t\t\t\t\t};\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t};\n\treturn {\n\t\tsignInPasskey,\n\t\tregisterPasskey,\n\t};\n};\n\nexport const passkeyClient = createClientPlugin<ReturnType<typeof passkeyPl>>()(\n\t($fetch) => {\n\t\treturn {\n\t\t\tid: \"passkey\",\n\t\t\tactions: getPasskeyActions($fetch),\n\t\t};\n\t},\n);\n","import { z } from \"zod\";\nimport { createAuthEndpoint } from \"../../api/call\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\nimport { Argon2id } from \"oslo/password\";\nimport { APIError } from \"better-call\";\nimport type { Account, User } from \"../../adapters/schema\";\nimport { signUpEmail } from \"../../api/routes/sign-up\";\n\nexport const username = () => {\n\treturn {\n\t\tid: \"username\",\n\t\tendpoints: {\n\t\t\tsignInUsername: createAuthEndpoint(\n\t\t\t\t\"/sign-in/username\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tusername: z.string(),\n\t\t\t\t\t\tpassword: z.string(),\n\t\t\t\t\t\tdontRememberMe: z.boolean().optional(),\n\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst user = await ctx.context.adapter.findOne<User>({\n\t\t\t\t\t\tmodel: \"user\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"username\",\n\t\t\t\t\t\t\t\tvalue: ctx.body.username,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tconst argon2id = new Argon2id();\n\t\t\t\t\tif (!user) {\n\t\t\t\t\t\tawait argon2id.hash(ctx.body.password);\n\t\t\t\t\t\tctx.context.logger.error(\"User not found\", { username });\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst account = await ctx.context.adapter.findOne<Account>({\n\t\t\t\t\t\tmodel: \"account\",\n\t\t\t\t\t\twhere: [\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"userId\",\n\t\t\t\t\t\t\t\tvalue: user.id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfield: \"providerId\",\n\t\t\t\t\t\t\t\tvalue: \"credential\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t],\n\t\t\t\t\t});\n\t\t\t\t\tif (!account) {\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst currentPassword = account?.password;\n\t\t\t\t\tif (!currentPassword) {\n\t\t\t\t\t\tctx.context.logger.error(\"Password not found\", { username });\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Unexpected error\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst validPassword = await argon2id.verify(\n\t\t\t\t\t\tcurrentPassword,\n\t\t\t\t\t\tctx.body.password,\n\t\t\t\t\t);\n\t\t\t\t\tif (!validPassword) {\n\t\t\t\t\t\tctx.context.logger.error(\"Invalid password\");\n\t\t\t\t\t\tthrow new APIError(\"UNAUTHORIZED\", {\n\t\t\t\t\t\t\tmessage: \"Invalid email or password\",\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\t\t\t\tuser.id,\n\t\t\t\t\t\tctx.request,\n\t\t\t\t\t);\n\t\t\t\t\tawait ctx.setSignedCookie(\n\t\t\t\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\t\t\t\tsession.id,\n\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\tctx.body.dontRememberMe\n\t\t\t\t\t\t\t? {\n\t\t\t\t\t\t\t\t\t...ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t\t\t\t\tmaxAge: undefined,\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t: ctx.context.authCookies.sessionToken.options,\n\t\t\t\t\t);\n\t\t\t\t\treturn ctx.json({\n\t\t\t\t\t\tuser: user,\n\t\t\t\t\t\tsession,\n\t\t\t\t\t\tredirect: !!ctx.body.callbackURL,\n\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t});\n\t\t\t\t},\n\t\t\t),\n\t\t\tsignUpUsername: createAuthEndpoint(\n\t\t\t\t\"/sign-up/username\",\n\t\t\t\t{\n\t\t\t\t\tmethod: \"POST\",\n\t\t\t\t\tbody: z.object({\n\t\t\t\t\t\tusername: z.string().min(3).max(20),\n\t\t\t\t\t\tname: z.string(),\n\t\t\t\t\t\temail: z.string().email(),\n\t\t\t\t\t\tpassword: z.string(),\n\t\t\t\t\t\timage: z.string().optional(),\n\t\t\t\t\t\tcallbackURL: z.string().optional(),\n\t\t\t\t\t}),\n\t\t\t\t},\n\t\t\t\tasync (ctx) => {\n\t\t\t\t\tconst res = await signUpEmail({\n\t\t\t\t\t\t...ctx,\n\t\t\t\t\t\t//@ts-expect-error\n\t\t\t\t\t\t_flag: undefined,\n\t\t\t\t\t});\n\t\t\t\t\tif (!res) {\n\t\t\t\t\t\treturn ctx.json(null, {\n\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\tmessage: \"Sign up failed\",\n\t\t\t\t\t\t\t\tstatus: 400,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\tawait ctx.context.internalAdapter.updateUserByEmail(res.user.email, {\n\t\t\t\t\t\tusername: ctx.body.username,\n\t\t\t\t\t});\n\t\t\t\t\tif (ctx.body.callbackURL) {\n\t\t\t\t\t\treturn ctx.json(res, {\n\t\t\t\t\t\t\tbody: {\n\t\t\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t\t\t...res,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t});\n\t\t\t\t\t}\n\t\t\t\t\treturn ctx.json(res);\n\t\t\t\t},\n\t\t\t),\n\t\t},\n\n\t\tschema: {\n\t\t\tuser: {\n\t\t\t\tfields: {\n\t\t\t\t\tusername: {\n\t\t\t\t\t\ttype: \"string\",\n\t\t\t\t\t\trequired: false,\n\t\t\t\t\t\tunique: true,\n\t\t\t\t\t\treturned: true,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n","import { alphabet, generateRandomString } from \"oslo/crypto\";\nimport { Argon2id } from \"oslo/password\";\nimport { z } from \"zod\";\nimport { createAuthEndpoint } from \"../call\";\n\nexport const signUpEmail = createAuthEndpoint(\n\t\"/sign-up/email\",\n\t{\n\t\tmethod: \"POST\",\n\t\tbody: z.object({\n\t\t\tname: z.string(),\n\t\t\temail: z.string().email(),\n\t\t\tpassword: z.string(),\n\t\t\timage: z.string().optional(),\n\t\t\tcallbackURL: z.string().optional(),\n\t\t}),\n\t},\n\tasync (ctx) => {\n\t\tif (!ctx.context.options.emailAndPassword?.enabled) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"Email and password is not enabled\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst { name, email, password, image } = ctx.body;\n\t\tconst minPasswordLength =\n\t\t\tctx.context.options?.emailAndPassword?.minPasswordLength || 8;\n\t\tif (password.length < minPasswordLength) {\n\t\t\tctx.context.logger.error(\"Password is too short\");\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: { message: \"Password is too short\" },\n\t\t\t});\n\t\t}\n\t\tconst argon2id = new Argon2id();\n\t\tconst dbUser = await ctx.context.internalAdapter.findUserByEmail(email);\n\t\t/**\n\t\t * hash first to avoid timing attacks\n\t\t */\n\t\tconst hash = await argon2id.hash(password);\n\t\tif (dbUser?.user) {\n\t\t\treturn ctx.json(null, {\n\t\t\t\tstatus: 400,\n\t\t\t\tbody: {\n\t\t\t\t\tmessage: \"User already exists\",\n\t\t\t\t},\n\t\t\t});\n\t\t}\n\t\tconst createdUser = await ctx.context.internalAdapter.createUser({\n\t\t\tid: generateRandomString(32, alphabet(\"a-z\", \"0-9\", \"A-Z\")),\n\t\t\temail: email.toLowerCase(),\n\t\t\tname,\n\t\t\timage,\n\t\t\temailVerified: false,\n\t\t\tcreatedAt: new Date(),\n\t\t\tupdatedAt: new Date(),\n\t\t});\n\t\t/**\n\t\t * Link the account to the user\n\t\t */\n\t\tawait ctx.context.internalAdapter.linkAccount({\n\t\t\tid: generateRandomString(32, alphabet(\"a-z\", \"0-9\", \"A-Z\")),\n\t\t\tuserId: createdUser.id,\n\t\t\tproviderId: \"credential\",\n\t\t\taccountId: createdUser.id,\n\t\t\tpassword: hash,\n\t\t});\n\t\tconst session = await ctx.context.internalAdapter.createSession(\n\t\t\tcreatedUser.id,\n\t\t\tctx.request,\n\t\t);\n\t\tawait ctx.setSignedCookie(\n\t\t\tctx.context.authCookies.sessionToken.name,\n\t\t\tsession.id,\n\t\t\tctx.context.secret,\n\t\t\tctx.context.authCookies.sessionToken.options,\n\t\t);\n\t\treturn ctx.json(\n\t\t\t{\n\t\t\t\tuser: createdUser,\n\t\t\t\tsession,\n\t\t\t},\n\t\t\t{\n\t\t\t\tbody: ctx.body.callbackURL\n\t\t\t\t\t? {\n\t\t\t\t\t\t\turl: ctx.body.callbackURL,\n\t\t\t\t\t\t\tredirect: true,\n\t\t\t\t\t\t}\n\t\t\t\t\t: {\n\t\t\t\t\t\t\tuser: createdUser,\n\t\t\t\t\t\t\tsession,\n\t\t\t\t\t\t},\n\t\t\t},\n\t\t);\n\t},\n);\n","import { serializeSigned } from \"better-call\";\nimport { createAuthMiddleware } from \"../../api/call\";\nimport { BetterAuthError } from \"../../error/better-auth-error\";\nimport type { BetterAuthPlugin } from \"../../types/plugins\";\n\n/**\n * Converts bearer token to session cookie\n */\nexport const bearer = () => {\n\treturn {\n\t\tid: \"bearer\",\n\t\thooks: {\n\t\t\tbefore: [\n\t\t\t\t{\n\t\t\t\t\tmatcher(context) {\n\t\t\t\t\t\treturn (\n\t\t\t\t\t\t\tcontext.request?.headers\n\t\t\t\t\t\t\t\t.get(\"authorization\")\n\t\t\t\t\t\t\t\t?.startsWith(\"Bearer \") || false\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t\thandler: async (ctx) => {\n\t\t\t\t\t\tconst token = ctx.request?.headers\n\t\t\t\t\t\t\t.get(\"authorization\")\n\t\t\t\t\t\t\t?.replace(\"Bearer \", \"\");\n\t\t\t\t\t\tif (!token) {\n\t\t\t\t\t\t\tthrow new BetterAuthError(\"No token found\");\n\t\t\t\t\t\t}\n\t\t\t\t\t\tconst headers = ctx.headers || new Headers();\n\t\t\t\t\t\tconst signedToken = await serializeSigned(\n\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\ttoken,\n\t\t\t\t\t\t\tctx.context.secret,\n\t\t\t\t\t\t);\n\t\t\t\t\t\theaders.set(\n\t\t\t\t\t\t\t\"cookie\",\n\t\t\t\t\t\t\t`${\n\t\t\t\t\t\t\t\tctx.context.authCookies.sessionToken.name\n\t\t\t\t\t\t\t}=${signedToken.replace(\"=\", \"\")}`,\n\t\t\t\t\t\t);\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t],\n\t\t},\n\t} satisfies BetterAuthPlugin;\n};\n"],"mappings":";;;;;;;AAAA,SAAS,YAAAA,iBAAgB;AACzB;AAAA,EAKC,KAAAC;AAAA,OACM;;;ACPP;AAAA,EAGC;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAIA,IAAM,oBAAoB,iBAAiB,YAAY;AAM7D,SAAO,CAAC;AACT,CAAC;AAEM,IAAM,uBAAuB,wBAAwB;AAAA,EAC3D,KAAK,CAAC,iBAAiB;AACxB,CAAC;AAEM,IAAM,qBAAqB,sBAAsB;AAAA,EACvD,KAAK,CAAC,iBAAiB;AACxB,CAAC;;;ACzBD,SAAS,gBAAgB;AACzB,SAAS,4BAA4B;AACrC,SAAS,gBAAgB;AACzB,SAAS,SAAS;;;ACHlB,OAA6B;AAE7B,SAAS,gBAAgB;AACzB,SAAS,mBAAmB;;;ACHrB,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAC1C,YAAY,SAAiB;AAC5B,UAAM,OAAO;AAAA,EACd;AACD;;;ACFA,SAAS,aAAa,KAAsB;AAC3C,MAAI;AACH,UAAM,YAAY,IAAI,IAAI,GAAG;AAC7B,WAAO,UAAU,aAAa;AAAA,EAC/B,SAAS,OAAO;AACf,YAAQ,MAAM,gBAAgB,KAAK;AACnC,WAAO;AAAA,EACR;AACD;AAEA,SAAS,SAAS,KAAa,OAAO,aAAa;AAClD,QAAM,UAAU,aAAa,GAAG;AAChC,MAAI,SAAS;AACZ,WAAO;AAAA,MACN,SAAS,IAAI,IAAI,GAAG,EAAE;AAAA,MACtB,UAAU;AAAA,IACX;AAAA,EACD;AACA,SAAO,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI;AAC7C,SAAO;AAAA,IACN,SAAS;AAAA,IACT,UAAU,GAAG,GAAG,GAAG,IAAI;AAAA,EACxB;AACD;AAEO,SAAS,WAAW,KAAc,MAAe;AACvD,MAAI,KAAK;AACR,WAAO,SAAS,KAAK,IAAI;AAAA,EAC1B;AACA,QAAM,MAAW,OAAO,YAAY,cAAc,QAAQ,MAAM,CAAC;AACjE,QAAM,UACL,IAAI,mBACJ,IAAI,YACJ,IAAI,wBACJ,IAAI,+BACJ,IAAI,mBACJ,IAAI,0BACJ,IAAI,+BACJ,IAAI;AACL,MAAI,SAAS;AACZ,WAAO,SAAS,SAAS,IAAI;AAAA,EAC9B;AAEA,QAAM,QACL,CAAC,YAAY,IAAI,aAAa,iBAAiB,IAAI,aAAa;AACjE,MAAI,OAAO;AACV,WAAO;AAAA,MACN,SAAS;AAAA,MACT,UAAU;AAAA,IACX;AAAA,EACD;AACA,QAAM,IAAI;AAAA,IACT;AAAA,EACD;AACD;;;ACtDO,SAAS,eAAe,YAAoB,aAAsB;AACxE,SAAO,eAAe,GAAG,WAAW,CAAC,sBAAsB,UAAU;AACtE;;;AHmDO,IAAM,QAAQ,CAAC;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AACD,MAAoB;AACnB,QAAM,gBAAgB;AACtB,gBAAc,eAAe,SAAS,WAAW;AACjD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,SAAS,UAAU,CAAC,SAAS,QAAQ,QAAQ;AACnD,aAAO,IAAI;AAAA,QACV,sDAAsD,QAAQ,oCAAoC,WAAW,UAAU,OAAO;AAAA,UAC7H;AAAA,QACD,CAAC,UAAU,KAAK;AAAA,MACjB;AAAA,IACD;AAAA,IACA,2BAA2B,OAAO,SAAS;AAC1C,YAAM,OAAO,MAAM,YAA0B,eAAe;AAAA,QAC3D,QAAQ;AAAA,QACR,MAAM,IAAI,gBAAgB;AAAA,UACzB,WAAW;AAAA,UACX,eAAe;AAAA,UACf,YAAY;AAAA,UACZ;AAAA,QACD,CAAC;AAAA,QACD,SAAS;AAAA,UACR,gBAAgB;AAAA,QACjB;AAAA,MACD,CAAC;AACD,UAAI,KAAK,OAAO;AACf,cAAM,IAAI,gBAAgB,KAAK,OAAO,WAAW,EAAE;AAAA,MACpD;AACA,aAAO,KAAK;AAAA,IACb;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,YAAM,OAAO,SAAS,MAAM,QAAQ,CAAC,GAAG;AACxC,UAAI,CAAC,MAAM;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,KAAK;AAAA,UACT,MAAM,KAAK;AAAA,UACX,OAAO,KAAK;AAAA,UACZ,eAAe,KAAK,mBAAmB;AAAA,QACxC;AAAA,QACA;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AI3GA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAkFjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAsB;AACrB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,SAAS,UAAU,CAAC,OAAO;AACjC,aAAO,cAAc,uBAAuB,OAAO,MAAM;AAAA,IAC1D;AAAA,IACA,2BAA2B,cAAc;AAAA,IACzC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,MAAM;AAAA,YACL,MAAM;AAAA,YACN,OAAO,MAAM;AAAA,UACd;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ,gBAAgB,QAAQ,YAAY;AAAA,UAClD,OAAO,QAAQ;AAAA,UACf,eAAe,QAAQ;AAAA,QACxB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC7HA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,gBAAgB;AAuBlB,IAAM,WAAW,CAAC;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AACD,MAAuB;AACtB,QAAM,iBAAiB,IAAI;AAAA,IAC1B;AAAA,IACA;AAAA,IACA,eAAe,YAAY,WAAW;AAAA,EACvC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,SAAS,gBAAgB;AACpD,aAAO,eAAe,uBAAuB,OAAO,OAAO;AAAA,IAC5D;AAAA,IACA,2BAA2B,eAAe;AAAA,IAC1C,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,MAAM;AAAA,YACL,MAAM;AAAA,YACN,OAAO,MAAM;AAAA,UACd;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,eAAe,QAAQ;AAAA,QACxB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AClEA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,cAAc;AA0DhB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,YAAY;AACvC,aAAO,aAAa,uBAAuB,OAAO,OAAO;AAAA,IAC1D;AAAA,IACA,2BAA2B,aAAa;AAAA,IACxC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,UAAI,gBAAgB;AACpB,UAAI,CAAC,QAAQ,OAAO;AACnB,cAAM,EAAE,MAAM,OAAAC,OAAM,IAAI,MAAMD,aAO5B,sCAAsC;AAAA,UACvC,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,YAC1C,cAAc;AAAA,UACf;AAAA,QACD,CAAC;AACD,YAAI,CAACC,QAAO;AACX,kBAAQ,SAAS,KAAK,KAAK,CAAC,MAAM,EAAE,OAAO,KAAK,KAAK,CAAC,IACnD;AACH,0BACC,KAAK,KAAK,CAAC,MAAM,EAAE,UAAU,QAAQ,KAAK,GAAG,YAAY;AAAA,QAC3D;AAAA,MACD;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ;AAAA,UACf;AAAA,UACA,WAAW,oBAAI,KAAK;AAAA,UACpB,WAAW,oBAAI,KAAK;AAAA,QACrB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC9HA,SAAS,cAAc;AACvB,SAAS,YAAAC,iBAAgB;AAsClB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,QAAQ,aAAa,GAAG;AACvD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,qCAAqC;AAAA,MAChE;AACA,YAAM,UAAU,UAAU,CAAC,SAAS,SAAS;AAC7C,aAAO,aAAa,uBAAuB,OAAO,cAAc,OAAO;AAAA,IACxE;AAAA,IACA,2BAA2B,OAAO,MAAM,iBAAiB;AACxD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,qCAAqC;AAAA,MAChE;AACA,aAAO,aAAa,0BAA0B,MAAM,YAAY;AAAA,IACjE;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,UAAI,CAAC,MAAM,SAAS;AACnB,eAAO;AAAA,MACR;AACA,YAAM,OAAOC,UAAS,MAAM,QAAQ,CAAC,GAAG;AACxC,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,KAAK;AAAA,UACT,MAAM,KAAK;AAAA,UACX,OAAO,KAAK;AAAA,UACZ,OAAO,KAAK;AAAA,UACZ,eAAe,KAAK;AAAA,QACrB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AClFA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAmBjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAsB;AACrB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,iBAAiB;AAC5C,aAAO,cAAc,uBAAuB,OAAO,OAAO;AAAA,IAC3D;AAAA,IACA,2BAA2B,cAAc;AAAA,IACzC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ,OAAO,CAAC,GAAG;AAAA,UAC1B,eAAe;AAAA,QAChB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;AC/DA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,cAAc;AA6BhB,IAAM,SAAS,CAAC;AAAA,EACtB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,eAAe,IAAI;AAAA,IACxB;AAAA,IACA;AAAA,IACA,eAAe,UAAU,WAAW;AAAA,EACrC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,EAAE,OAAO,OAAO,GAAG;AACzC,YAAM,UAAU,UAAU,CAAC,kBAAkB,MAAM;AACnD,aAAO,aAAa,uBAAuB,OAAO,OAAO;AAAA,IAC1D;AAAA,IACA,2BAA2B,aAAa;AAAA,IACxC,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ;AAAA,UACZ,MAAM,QAAQ;AAAA,UACd,OAAO,QAAQ;AAAA,UACf,OAAO,QAAQ;AAAA,UACf,eAAe;AAAA,QAChB;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;ACzEA,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,eAAe;AAoGjB,IAAM,UAAU,CAAC;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AACD,MAAqB;AACpB,QAAM,gBAAgB,IAAI;AAAA,IACzB;AAAA,IACA;AAAA,IACA,eAAe,WAAW,WAAW;AAAA,EACtC;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,uBAAuB,MAAM;AAC5B,YAAM,UAAU,KAAK,UAAU,CAAC,mBAAmB;AACnD,aAAO,cAAc;AAAA,QACpB,KAAK;AAAA,QACL,KAAK;AAAA,QACL;AAAA,MACD;AAAA,IACD;AAAA,IACA,2BAA2B,OAAO,MAAM,iBAAiB;AACxD,UAAI,CAAC,cAAc;AAClB,cAAM,IAAI,gBAAgB,sCAAsC;AAAA,MACjE;AACA,aAAO,cAAc,0BAA0B,MAAM,YAAY;AAAA,IAClE;AAAA,IACA,MAAM,YAAY,OAAO;AACxB,YAAM,EAAE,MAAM,SAAS,MAAM,IAAI,MAAMC;AAAA,QACtC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,SAAS;AAAA,YACR,eAAe,UAAU,MAAM,WAAW;AAAA,UAC3C;AAAA,QACD;AAAA,MACD;AACA,UAAI,OAAO;AACV,eAAO;AAAA,MACR;AACA,UAAI,CAAC,QAAQ,KAAK,OAAO;AACxB,eAAO;AAAA,MACR;AACA,aAAO;AAAA,QACN,MAAM;AAAA,UACL,IAAI,QAAQ,KAAK;AAAA,UACjB,MAAM,QAAQ,KAAK;AAAA,UACnB,OAAO,QAAQ,KAAK;AAAA,UACpB,OAAO,QAAQ,KAAK;AAAA,UACpB,eAAe,QAAQ,KAAK,YAAY;AAAA,QACzC;AAAA,QACA,MAAM;AAAA,MACP;AAAA,IACD;AAAA,EACD;AACD;;;ACzJA,OAA6B;;;ACMtB,IAAM,iBAAiB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACD;AAEO,IAAM,oBAAoB,OAAO,KAAK,cAAc;;;ACpB3D,SAAS,iBAAiB,0BAA0B;AAE7C,SAAS,cAAc,aAAsB,YAAqB;AACxE,QAAM,OAAO,mBAAmB;AAChC,QAAM,QAAQ,GAAG,IAAI,IAAI,WAAW,IAAI,UAAU;AAClD,SAAO,EAAE,OAAO,KAAK;AACtB;AAEO,SAAS,WAAW,OAAe;AACzC,QAAM,CAAC,MAAM,aAAa,UAAU,IAAI,MAAM,MAAM,GAAG;AACvD,SAAO,EAAE,MAAM,aAAa,WAAW;AACxC;;;ACRO,IAAM,aAAa;AAAA,EACzB;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,gBAAgB;AAAA,EACjB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,qBAAqB,MAAM,IAAI;AAAA,MACpC,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,IAAI,QAAQ;AAAA,IACb;AACA,QAAI,CAAC,oBAAoB;AACxB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,UACL,MAAM,IAAI,QAAQ,gBAAgB,YAAY,kBAAkB;AACjE,QAAI,CAAC,WAAW,QAAQ,QAAQ,YAAY,oBAAI,KAAK,GAAG;AACvD,UAAI;AAAA,QACH,IAAI,QAAQ,YAAY,aAAa;AAAA,QACrC;AAAA,QACA,IAAI,QAAQ;AAAA,QACZ;AAAA,UACC,QAAQ;AAAA,QACT;AAAA,MACD;AACA,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACxD,QAAQ;AAAA,IACT;AAEA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,eAAe;AAAA,MACf,IAAI,QAAQ;AAAA,MACZ;AAAA,QACC,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,QACxC,QAAQ,eAAe,UAAU,QAAQ,IAAI,KAAK,IAAI;AAAA,MACvD;AAAA,IACD;AACA,WAAO,IAAI,KAAK;AAAA,MACf,SAAS;AAAA,MACT,MAAM,QAAQ;AAAA,IACf,CAAC;AAAA,EACF;AACD;AAEO,IAAM,oBAAoB,OAAO,QAA2B;AAClE,QAAM,UAAU,MAAM,WAAW;AAAA,IAChC,GAAG;AAAA;AAAA,IAEH,OAAO;AAAA,EACR,CAAC;AACD,SAAO;AACR;;;AfpDO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,gBAAgB;AAAA,IAChB,OAAO,EACL,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA,MAKP,YAAY,EAAE,OAAO,EAAE,SAAS;AAAA,IACjC,CAAC,EACA,SAAS;AAAA,IACX,MAAM,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,MAId,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,MAIjC,UAAU,EAAE,KAAK,iBAAiB;AAAA,IACnC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,MAAM;AACZ,UAAM,WAAW,EAAE,QAAQ,QAAQ,gBAAgB;AAAA,MAClD,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK;AAAA,IACxB;AACA,QAAI,CAAC,UAAU;AACd,QAAE,QAAQ,OAAO;AAAA,QAChB;AAAA,QACA;AAAA,UACC,UAAU,EAAE,KAAK;AAAA,QAClB;AAAA,MACD;AACA,YAAM,IAAI,SAAS,WAAW;AAAA,IAC/B;AACA,UAAM,SAAS,EAAE,QAAQ;AACzB,UAAM,aAAa,EAAE,OAAO,aACzB,IAAI,IAAI,EAAE,OAAO,UAAU,IAC3B;AACH,UAAM,QAAQ;AAAA,MACb,EAAE,KAAK,eAAe,YAAY,UAAU,EAAE,QAAQ;AAAA,MACtD,EAAE,OAAO;AAAA,IACV;AACA,QAAI;AACH,YAAM,EAAE;AAAA,QACP,OAAO,MAAM;AAAA,QACb,MAAM;AAAA,QACN,EAAE,QAAQ;AAAA,QACV,OAAO,MAAM;AAAA,MACd;AACA,YAAM,eAAe,qBAAqB;AAC1C,YAAM,EAAE;AAAA,QACP,OAAO,eAAe;AAAA,QACtB;AAAA,QACA,EAAE,QAAQ;AAAA,QACV,OAAO,eAAe;AAAA,MACvB;AACA,YAAM,MAAM,SAAS,uBAAuB;AAAA,QAC3C,OAAO,MAAM;AAAA,QACb;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,KAAK,IAAI,SAAS;AAAA,QAClB,OAAO,MAAM;AAAA,QACb;AAAA,QACA,UAAU;AAAA,MACX;AAAA,IACD,SAAS,GAAG;AACX,YAAM,IAAI,SAAS,uBAAuB;AAAA,IAC3C;AAAA,EACD;AACD;AAEO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAM,EAAE,OAAO;AAAA,MACd,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,MACxB,UAAU,EAAE,OAAO;AAAA,MACnB,aAAa,EAAE,OAAO,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA;AAAA,MAKjC,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,KAAK,EAAE,SAAS;AAAA,IACrD,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,SAAS,kBAAkB,SAAS;AACpD,UAAI,QAAQ,OAAO,MAAM,mCAAmC;AAC5D,YAAM,IAAI,SAAS,eAAe;AAAA,QACjC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,kBAAkB,GAAG;AAClD,QAAI,gBAAgB;AACnB,aAAO,IAAI,KAAK;AAAA,QACf,MAAM,eAAe;AAAA,QACrB,SAAS,eAAe;AAAA,QACxB,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,QACrB,KAAK,IAAI,KAAK;AAAA,MACf,CAAC;AAAA,IACF;AACA,UAAM,EAAE,OAAO,SAAS,IAAI,IAAI;AAChC,UAAM,WAAW,IAAI,SAAS;AAC9B,UAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,QAAI,CAAC,MAAM;AACV,YAAM,SAAS,KAAK,QAAQ;AAC5B,UAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,MAAM,CAAC;AACpD,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,oBAAoB,KAAK,SAAS;AAAA,MACvC,CAAC,MAAM,EAAE,eAAe;AAAA,IACzB;AACA,QAAI,CAAC,mBAAmB;AACvB,UAAI,QAAQ,OAAO,MAAM,gCAAgC,EAAE,MAAM,CAAC;AAClE,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,kBAAkB,mBAAmB;AAC3C,QAAI,CAAC,iBAAiB;AACrB,UAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC;AACxD,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,SAAS,OAAO,iBAAiB,QAAQ;AACrE,QAAI,CAAC,eAAe;AACnB,UAAI,QAAQ,OAAO,MAAM,kBAAkB;AAC3C,YAAM,IAAI,SAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,UAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACjD,KAAK,KAAK;AAAA,MACV,IAAI;AAAA,IACL;AACA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,QAAQ;AAAA,MACR,IAAI,QAAQ;AAAA,MACZ,IAAI,KAAK,iBACN;AAAA,QACA,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,QACxC,QAAQ;AAAA,MACT,IACC,IAAI,QAAQ,YAAY,aAAa;AAAA,IACzC;AACA,WAAO,IAAI,KAAK;AAAA,MACf,MAAM,KAAK;AAAA,MACX;AAAA,MACA,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,MACrB,KAAK,IAAI,KAAK;AAAA,IACf,CAAC;AAAA,EACF;AACD;;;AgB3KA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,UAAS;;;ACDlB,SAAS,KAAAC,UAAS;AAIX,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACrC,IAAIA,GAAE,OAAO;AAAA,EACb,YAAYA,GAAE,OAAO;AAAA,EACrB,WAAWA,GAAE,OAAO;AAAA,EACpB,QAAQA,GAAE,OAAO;AAAA,EACjB,aAAaA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC5C,cAAcA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EAC7C,SAASA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAAA,EACxC,sBAAsBA,GAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA,EACnD,uBAAuBA,GAAE,KAAK,EAAE,SAAS,EAAE,SAAS;AAAA;AAAA;AAAA;AAAA,EAIpD,UAAUA,GAAE,OAAO,EAAE,SAAS,EAAE,SAAS;AAC1C,CAAC;AAEM,IAAM,aAAaA,GAAE,OAAO;AAAA,EAClC,IAAIA,GAAE,OAAO;AAAA,EACb,OAAOA,GAAE,OAAO,EAAE,UAAU,CAAC,QAAQ,IAAI,YAAY,CAAC;AAAA,EACtD,eAAeA,GAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA,EACxC,MAAMA,GAAE,OAAO;AAAA,EACf,OAAOA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC3B,WAAWA,GAAE,KAAK,EAAE,QAAQ,oBAAI,KAAK,CAAC;AAAA,EACtC,WAAWA,GAAE,KAAK,EAAE,QAAQ,oBAAI,KAAK,CAAC;AACvC,CAAC;AAEM,IAAM,gBAAgBA,GAAE,OAAO;AAAA,EACrC,IAAIA,GAAE,OAAO;AAAA,EACb,QAAQA,GAAE,OAAO;AAAA,EACjB,WAAWA,GAAE,KAAK;AAAA,EAClB,WAAWA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC/B,WAAWA,GAAE,OAAO,EAAE,SAAS;AAChC,CAAC;;;ACpCM,IAAM,0BAA0B;AAAA,EACtC,UAAU;AACX;;;ACFA,SAAS,UAAU,4BAA4B;AACxC,IAAM,aAAa,MAAM;AAC/B,SAAO,qBAAqB,IAAI,SAAS,OAAO,KAAK,CAAC;AACvD;;;AHKO,IAAM,gBAAgB;AAAA,EAC5B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOC,GAAE,OAAO;AAAA,MACf,OAAOA,GAAE,OAAO;AAAA,MAChB,MAAMA,GAAE,OAAO;AAAA,MACf,eAAeA,GAAE,OAAO,EAAE,SAAS;AAAA,IACpC,CAAC;AAAA,IACD,UAAU;AAAA,EACX;AAAA,EACA,OAAO,MAAM;AACZ,UAAM,WAAW,EAAE,QAAQ,QAAQ,gBAAgB;AAAA,MAClD,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO;AAAA,IAC1B;AACA,QAAI,CAAC,UAAU;AACd,QAAE,QAAQ,OAAO;AAAA,QAChB;AAAA,QACA,EAAE,OAAO;AAAA,QACT;AAAA,MACD;AACA,YAAM,IAAIC,UAAS,WAAW;AAAA,IAC/B;AACA,UAAM,SAAS,MAAM,SAAS;AAAA,MAC7B,EAAE,MAAM;AAAA,MACR,EAAE,MAAM,iBAAiB;AAAA,IAC1B;AACA,QAAI,CAAC,QAAQ;AACZ,QAAE,QAAQ,OAAO,MAAM,0BAA0B;AACjD,YAAM,IAAIA,UAAS,cAAc;AAAA,IAClC;AACA,UAAM,OAAO,MAAM,SAAS,YAAY,MAAM,EAAE,KAAK,CAAC,QAAQ,KAAK,IAAI;AACvE,UAAM,KAAK,WAAW;AACtB,UAAM,OAAO,WAAW,UAAU;AAAA,MACjC,GAAG;AAAA,MACH;AAAA,IACD,CAAC;AACD,UAAM,EAAE,aAAa,WAAW,IAAI,WAAW,EAAE,MAAM,KAAK;AAC5D,QAAI,CAAC,QAAQ,KAAK,YAAY,OAAO;AACpC,UAAI,YAAY;AACf,cAAM,EAAE,SAAS,GAAG,UAAU,gCAAgC;AAAA,MAC/D,OAAO;AACN,cAAM,IAAIA,UAAS,aAAa;AAAA,MACjC;AAAA,IACD;AACA,QAAI,CAAC,aAAa;AACjB,QAAE,QAAQ,OAAO,MAAM,wBAAwB;AAC/C,YAAM,IAAIA,UAAS,WAAW;AAAA,IAC/B;AAEA,UAAM,SAAS,MAAM,EAAE,QAAQ,gBAAgB,gBAAgB,KAAK,KAAK;AACzE,UAAM,SAAS,QAAQ,KAAK;AAC5B,QAAI,QAAQ;AAEX,YAAM,gBAAgB,OAAO,SAAS;AAAA,QACrC,CAAC,MAAM,EAAE,eAAe,SAAS;AAAA,MAClC;AACA,UAAI,CAAC,iBAAiB,CAAC,KAAK,eAAe;AAC1C,UAAE,QAAQ,OAAO,MAAM,qBAAqB;AAC5C,cAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,YAAI,aAAa,IAAI,SAAS,qBAAqB;AACnD,cAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,MAChC;AAEA,UAAI,CAAC,iBAAiB,KAAK,eAAe;AACzC,cAAM,EAAE,QAAQ,gBAAgB,YAAY;AAAA,UAC3C,YAAY,SAAS;AAAA,UACrB,WAAW,KAAK;AAAA,UAChB,IAAI,GAAG,SAAS,EAAE,IAAI,KAAK,EAAE;AAAA,UAC7B,QAAQ,OAAO,KAAK;AAAA,UACpB,GAAG;AAAA,QACJ,CAAC;AAAA,MACF;AAAA,IACD,OAAO;AACN,UAAI;AACH,cAAM,EAAE,QAAQ,gBAAgB,gBAAgB,KAAK,MAAM;AAAA,UAC1D,GAAG;AAAA,UACH,IAAI,GAAG,SAAS,EAAE,IAAI,KAAK,EAAE;AAAA,UAC7B,YAAY,SAAS;AAAA,UACrB,WAAW,KAAK;AAAA,UAChB,QAAQ;AAAA,QACT,CAAC;AAAA,MACF,SAAS,GAAG;AACX,cAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,YAAI,aAAa,IAAI,SAAS,uBAAuB;AACrD,UAAE,UAAU,YAAY,IAAI,SAAS,CAAC;AACtC,cAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,MAChC;AAAA,IACD;AAEA,QAAI,CAAC,UAAU,CAAC;AACf,YAAM,IAAIA,UAAS,yBAAyB;AAAA,QAC3C,SAAS;AAAA,MACV,CAAC;AAEF,UAAM,UAAU,MAAM,EAAE,QAAQ,gBAAgB;AAAA,MAC/C,UAAU;AAAA,MACV,EAAE;AAAA,IACH;AACA,QAAI;AACH,YAAM,EAAE;AAAA,QACP,EAAE,QAAQ,YAAY,aAAa;AAAA,QACnC,QAAQ;AAAA,QACR,EAAE,QAAQ;AAAA,QACV,EAAE,QAAQ,YAAY,aAAa;AAAA,MACpC;AAAA,IACD,SAAS,GAAG;AACX,QAAE,QAAQ,OAAO,MAAM,gCAAgC,CAAC;AACxD,YAAM,MAAM,IAAI,IAAI,cAAc,WAAW;AAC7C,UAAI,aAAa,IAAI,SAAS,0BAA0B;AACxD,YAAM,EAAE,SAAS,IAAI,SAAS,CAAC;AAAA,IAChC;AACA,UAAM,EAAE,SAAS,WAAW;AAAA,EAC7B;AACD;;;AI1HA,SAAS,KAAAC,UAAS;AAGX,IAAM,UAAU;AAAA,EACtB;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GACJ,OAAO;AAAA,MACP,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC,EACA,SAAS;AAAA,EACZ;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,qBAAqB,MAAM,IAAI;AAAA,MACpC,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,IAAI,QAAQ;AAAA,IACb;AACA,QAAI,CAAC,oBAAoB;AACxB,aAAO,IAAI,KAAK,IAAI;AAAA,IACrB;AACA,UAAM,IAAI,QAAQ,gBAAgB,cAAc,kBAAkB;AAClE,QAAI,UAAU,IAAI,QAAQ,YAAY,aAAa,MAAM,IAAI;AAAA,MAC5D,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK,MAAM;AAAA,MACrB,MAAM;AAAA,QACL,UAAU,CAAC,CAAC,IAAI,MAAM;AAAA,QACtB,KAAK,IAAI,MAAM;AAAA,MAChB;AAAA,IACD,CAAC;AAAA,EACF;AACD;;;AChCA,SAAS,gBAAgB;AACzB,SAAS,iBAAiB;AAC1B,SAAS,mBAAmB;AAC5B,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,UAAS;AAGX,IAAM,iBAAiB;AAAA,EAC7B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA;AAAA;AAAA;AAAA,MAId,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,IACzB,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,wBAAwB;AAClE,UAAI,QAAQ,OAAO;AAAA,QAClB;AAAA,MACD;AACA,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,QAAI,CAAC,MAAM;AACV,aAAO,IAAI;AAAA,QACV;AAAA,UACC,OAAO;AAAA,QACR;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD;AAAA,MACD;AAAA,IACD;AACA,UAAM,QAAQ,MAAM;AAAA,MACnB;AAAA,MACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,MAC9B;AAAA,QACC,OAAO,KAAK,KAAK;AAAA,MAClB;AAAA,MACA;AAAA,QACC,WAAW,IAAI,SAAS,GAAG,GAAG;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW,CAAC,KAAK,KAAK,KAAK;AAAA,QAC3B,wBAAwB;AAAA,MACzB;AAAA,IACD;AACA,UAAM,IAAI,QAAQ,QAAQ,iBAAiB;AAAA,MAC1C;AAAA,MACA,KAAK;AAAA,IACN;AACA,WAAO,IAAI,KAAK;AAAA,MACf,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,gBAAgB;AAAA,EAC5B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO;AAAA,MAChB,aAAaA,GAAE,OAAO;AAAA,MACtB,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,EAAE,OAAO,YAAY,IAAI,IAAI;AACnC,QAAI;AACH,YAAM,MAAM,MAAM;AAAA,QACjB;AAAA,QACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,QAAQA,GACZ,OAAO,EACP,MAAM,EACN,MAAO,IAAI,QAA8B,KAAK;AAChD,YAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AACpE,UAAI,CAAC,MAAM;AACV,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,UACC,YAAY,UACV,IAAI,QAAQ,QAAQ,kBAAkB,qBAAqB,MAC7D,YAAY,UACV,IAAI,QAAQ,QAAQ,kBAAkB,qBAAqB,KAC5D;AACD,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,WAAW,IAAIC,UAAS;AAC9B,YAAM,iBAAiB,MAAM,SAAS,KAAK,WAAW;AACtD,YAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB;AAAA,QACrD,KAAK,KAAK;AAAA,QACV;AAAA,MACD;AACA,UAAI,CAAC,aAAa;AACjB,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,aAAO,IAAI,KAAK;AAAA,QACf,QAAQ;AAAA,QACR,KAAK,IAAI,KAAK;AAAA,QACd,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,MACtB,CAAC;AAAA,IACF,SAAS,GAAG;AACX,cAAQ,IAAI,CAAC;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACD;;;ACpJA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,aAAAC,YAAW,eAAAC,oBAAmB;AACvC,SAAS,KAAAC,UAAS;AAGX,IAAM,wBAAwB;AAAA,EACpC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,MACxB,aAAaA,GAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,uBAAuB;AACjE,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,UAAM,QAAQ,MAAMC;AAAA,MACnB;AAAA,MACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,MAC9B;AAAA,QACC,OAAO,MAAM,YAAY;AAAA,MAC1B;AAAA,MACA;AAAA,QACC,WAAW,IAAIC,UAAS,GAAG,GAAG;AAAA,QAC9B,QAAQ;AAAA,QACR,SAAS;AAAA,QACT,WAAW,CAAC,KAAK;AAAA,QACjB,wBAAwB;AAAA,MACzB;AAAA,IACD;AACA,UAAM,MAAM,GAAG,IAAI,QAAQ,OAAO,uBAAuB,KAAK,gBAAgB,IAAI,KAAK,WAAW;AAClG,UAAM,IAAI,QAAQ,QAAQ,iBAAiB;AAAA,MAC1C;AAAA,MACA;AAAA,IACD;AACA,WAAO,IAAI,KAAK;AAAA,MACf,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOF,GAAE,OAAO;AAAA,MACf,OAAOA,GAAE,OAAO;AAAA,MAChB,aAAaA,GAAE,OAAO;AAAA,IACvB,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,EAAE,MAAM,IAAI,IAAI;AACtB,QAAI;AACH,YAAM,MAAM,MAAMG;AAAA,QACjB;AAAA,QACA,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,SAASH,GAAE,OAAO;AAAA,QACvB,OAAOA,GAAE,OAAO,EAAE,MAAM;AAAA,MACzB,CAAC;AACD,YAAM,SAAS,OAAO,MAAM,IAAI,OAAO;AACvC,YAAM,OAAO,MAAM,IAAI,QAAQ,gBAAgB;AAAA,QAC9C,OAAO;AAAA,MACR;AACA,UAAI,CAAC,MAAM;AACV,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,UAAU,KAAK,SAAS,KAAK,CAAC,MAAM,EAAE,eAAe,YAAY;AACvE,UAAI,CAAC,SAAS;AACb,eAAO,IAAI,KAAK,MAAM;AAAA,UACrB,QAAQ;AAAA,UACR,YAAY;AAAA,UACZ,MAAM;AAAA,YACL,SAAS;AAAA,UACV;AAAA,QACD,CAAC;AAAA,MACF;AACA,YAAM,IAAI,QAAQ,gBAAgB,kBAAkB,OAAO,OAAO;AAAA,QACjE,eAAe;AAAA,MAChB,CAAC;AACD,UAAI,IAAI,MAAM,aAAa;AAC1B,cAAM,IAAI,SAAS,IAAI,MAAM,WAAW;AAAA,MACzC;AACA,aAAO,IAAI,KAAK;AAAA,QACf,QAAQ;AAAA,MACT,CAAC;AAAA,IACF,SAAS,GAAG;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,YAAY;AAAA,QACZ,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AAAA,EACD;AACD;;;AC9GO,IAAM,cAAc,CAC1B,gBACA,eACI;AACJ,QAAM,aAAkC,CAAC;AACzC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AAC1D,eAAW,GAAG,IAAI,CAAC,QAA6B;AAC/C,aAAO,MAAM;AAAA,QACZ,GAAG;AAAA,QACH,SAAS;AAAA,UACR,GAAG;AAAA,UACH,GAAG,IAAI;AAAA,QACR;AAAA,MACD,CAAC;AAAA,IACF;AACA,eAAW,GAAG,EAAE,OAAO,MAAM;AAC7B,eAAW,GAAG,EAAE,SAAS,MAAM;AAC/B,eAAW,GAAG,EAAE,UAAU,MAAM;AAChC,eAAW,GAAG,EAAE,UAAU,MAAM;AAAA,EACjC;AACA,SAAO;AACR;;;ACvBA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEO,IAAM,eAAN,cAA2B,MAAM;AAAA,EACvB;AAAA,EAChB,YAAY,SAAiB,MAAc;AAC1C,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACb;AACD;AAIO,IAAM,gBAAN,MAAiE;AAAA,EAEvE,YAA6B,GAAgB;AAAhB;AAC5B,SAAK,aAAa;AAAA,EACnB;AAAA,EAHiB;AAAA,EAIV,QACN,YACC;AACD,WAAO,IAAI,KAA6B,UAAU;AAAA,EACnD;AACD;AAMO,IAAM,OAAN,MAAM,MAAqC;AAAA,EACjC;AAAA,EAEhB,YAAY,YAAyB;AACpC,SAAK,aAAa;AAAA,EACnB;AAAA,EAEO,UACN,SACA,WACqB;AACrB,eAAW,CAAC,mBAAmB,gBAAgB,KAAK,OAAO;AAAA,MAC1D;AAAA,IACD,GAAG;AACF,YAAM,iBAAiB,KAAK,WAAW,iBAAiB;AACxD,UAAI,CAAC,gBAAgB;AACpB,eAAO;AAAA,UACN,SAAS;AAAA,UACT,OAAO,2CAA2C,iBAAiB;AAAA,QACpE;AAAA,MACD;AACA,YAAM,UACL,cAAc,OACV,iBAA8B;AAAA,QAAK,CAAC,oBACrC,eAAe,SAAS,eAAe;AAAA,MACxC,IACE,iBAA8B;AAAA,QAAM,CAAC,oBACtC,eAAe,SAAS,eAAe;AAAA,MACxC;AACH,UAAI,SAAS;AACZ,eAAO,EAAE,QAAQ;AAAA,MAClB;AACA,aAAO;AAAA,QACN,SAAS;AAAA,QACT,OAAO,oCAAoC,iBAAiB;AAAA,MAC7D;AAAA,IACD;AACA,WAAO;AAAA,MACN,SAAS;AAAA,MACT,OAAO;AAAA,IACR;AAAA,EACD;AAAA,EAEA,OAAO,WAA2C,GAAW;AAC5D,UAAM,aAAa,KAAK,MAAM,CAAC;AAE/B,QAAI,OAAO,eAAe,UAAU;AACnC,YAAM,IAAI,aAAa,+BAA+B,GAAG;AAAA,IAC1D;AACA,eAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,UAAU,GAAG;AAC7D,UAAI,OAAO,aAAa,UAAU;AACjC,cAAM,IAAI,aAAa,+BAA+B,QAAQ;AAAA,MAC/D;AACA,UAAI,CAAC,MAAM,QAAQ,OAAO,GAAG;AAC5B,cAAM,IAAI,aAAa,2BAA2B,QAAQ;AAAA,MAC3D;AACA,eAAS,IAAI,GAAG,IAAI,QAAQ,QAAQ,KAAK;AACxC,YAAI,OAAO,QAAQ,CAAC,MAAM,UAAU;AACnC,gBAAM,IAAI,aAAa,0BAA0B,GAAG,QAAQ,IAAI,CAAC,GAAG;AAAA,QACrE;AAAA,MACD;AAAA,IACD;AACA,WAAO,IAAI,MAAkB,UAAU;AAAA,EACxC;AAAA,EAEO,WAAmB;AACzB,WAAO,KAAK,UAAU,KAAK,UAAU;AAAA,EACtC;AACD;;;AC7FO,IAAM,sBAAsB,CAClC,eACI;AACJ,SAAO,IAAI,cAAiB,UAAU;AACvC;AAEO,IAAM,oBAAoB;AAAA,EAChC,cAAc,CAAC,UAAU,QAAQ;AAAA,EACjC,QAAQ,CAAC,UAAU,UAAU,QAAQ;AAAA,EACrC,YAAY,CAAC,UAAU,QAAQ;AAChC;AAEO,IAAM,YAAY,oBAAoB,iBAAiB;AAEvD,IAAM,UAAU,UAAU,QAAQ;AAAA,EACxC,cAAc,CAAC,QAAQ;AAAA,EACvB,YAAY,CAAC,UAAU,QAAQ;AAAA,EAC/B,QAAQ,CAAC,UAAU,UAAU,QAAQ;AACtC,CAAC;AAEM,IAAM,UAAU,UAAU,QAAQ;AAAA,EACxC,cAAc,CAAC,UAAU,QAAQ;AAAA,EACjC,QAAQ,CAAC,UAAU,UAAU,QAAQ;AAAA,EACrC,YAAY,CAAC,UAAU,QAAQ;AAChC,CAAC;AAEM,IAAM,WAAW,UAAU,QAAQ;AAAA,EACzC,cAAc,CAAC;AAAA,EACf,QAAQ,CAAC;AAAA,EACT,YAAY,CAAC;AACd,CAAC;AAEM,IAAM,eAAe;AAAA,EAC3B,OAAO;AAAA,EACP,OAAO;AAAA,EACP,QAAQ;AACT;;;ACrCO,IAAM,uBAAuB,CAAC,eAAwB;AAC5D,SAAO,KAAK,WAAW,cAAc,EAAE;AACxC;;;ACJO,IAAM,UAAU,CAAC,SAAiB;AACxC,QAAM,OAAO,oBAAI,KAAK;AACtB,SAAO,IAAI,KAAK,KAAK,QAAQ,IAAI,IAAI;AACtC;;;ACIO,IAAM,gBAAgB,CAC5B,SACA,YACI;AACJ,SAAO;AAAA,IACN,wBAAwB,OAAO,SAAiB;AAC/C,YAAMI,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,SAGrB;AACL,YAAMA,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,MAAM,KAAK;AAAA,MACZ,CAAC;AACD,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,MAAM;AAAA,UACL,IAAI,WAAW;AAAA,UACf,MAAM,KAAK,KAAK;AAAA,UAChB,gBAAgBA,cAAa;AAAA,UAC7B,QAAQ,KAAK,KAAK;AAAA,UAClB,OAAO,KAAK,KAAK;AAAA,UACjB,MAAM,SAAS,eAAe;AAAA,QAC/B;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,GAAGA;AAAA,QACH,SAAS,CAAC,MAAM;AAAA,MACjB;AAAA,IACD;AAAA,IACA,mBAAmB,OAAO,SAGpB;AACL,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,mBAAmB,OAAO,SAGpB;AACL,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,gBAAgB,OAAO,aAAqB;AAC3C,YAAM,SAAS,MAAM,QAAQ,QAAgB;AAAA,QAC5C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,SAAiB;AACrC,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,UAAkBC,UAAiB;AACvD,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,MAAAA;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,cAAc,OAAO,aAAqB;AACzC,YAAM,SAAS,MAAM,QAAQ,OAAe;AAAA,QAC3C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,OAAe,SAAgC;AACzE,YAAMD,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,UAAkB;AAC5C,YAAMA,gBAAe,MAAM,QAAQ,OAAqB;AAAA,QACvD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,uBAAuB,OAAO,WAAmB,UAAyB;AACzE,YAAM,UAAU,MAAM,QAAQ,OAAgB;AAAA,QAC7C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,sBAAsB;AAAA,QACvB;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,sBAAsB,OAAO,UAAkB;AAC9C,YAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAOA;AAAA,IACR;AAAA,IACA,sBAAsB,OAAO,UAAkB;AAC9C,YAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,QACxD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,UAAI,CAACA,eAAc;AAClB,eAAO;AAAA,MACR;AACA,YAAM,UAAU,MAAM,QAAQ,SAAiB;AAAA,QAC9C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,YAAM,cAAc,MAAM,QAAQ,SAAqB;AAAA,QACtD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,QACN,GAAGA;AAAA,QACH;AAAA,QACA;AAAA,MACD;AAAA,IACD;AAAA,IACA,mBAAmB,OAAO,WAAmB;AAC5C,YAAM,UAAU,MAAM,QAAQ,SAAiB;AAAA,QAC9C,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,YAAM,kBAAkB,SAAS,IAAI,CAAC,WAAW,OAAO,cAAc;AACtE,cAAQ,IAAI,EAAE,gBAAgB,CAAC;AAC/B,UAAI,CAAC,iBAAiB;AACrB,eAAO,CAAC;AAAA,MACT;AACA,YAAM,gBAAgC,CAAC;AACvC,iBAAW,MAAM,iBAAiB;AACjC,cAAMA,gBAAe,MAAM,QAAQ,QAAsB;AAAA,UACxD,OAAO;AAAA,UACP,OAAO;AAAA,YACN;AAAA,cACC,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD,CAAC;AACD,YAAIA,eAAc;AACjB,wBAAc,KAAKA,aAAY;AAAA,QAChC;AAAA,MACD;AACA,aAAO;AAAA,IACR;AAAA,IACA,kBAAkB,OAAO;AAAA,MACxB;AAAA,MACA;AAAA,IACD,MAOM;AACL,YAAM,oBAAoB,MAAO,KAAK,KAAK;AAC3C,YAAM,YAAY;AAAA,QACjB,SAAS,uBAAuB;AAAA,MACjC;AACA,YAAM,SAAS,MAAM,QAAQ,OAAmB;AAAA,QAC/C,OAAO;AAAA,QACP,MAAM;AAAA,UACL,IAAI,WAAW;AAAA,UACf,OAAO,WAAW;AAAA,UAClB,MAAM,WAAW;AAAA,UACjB,gBAAgB,WAAW;AAAA,UAC3B,QAAQ;AAAA,UACR;AAAA,UACA,WAAW,KAAK;AAAA,QACjB;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,oBAAoB,OAAO,OAAe;AACzC,YAAM,aAAa,MAAM,QAAQ,QAAoB;AAAA,QACpD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,IACA,uBAAuB,OAAO,SAGxB;AACL,YAAM,aAAa,MAAM,QAAQ,SAAqB;AAAA,QACrD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,UACA;AAAA,YACC,OAAO;AAAA,YACP,OAAO;AAAA,UACR;AAAA,QACD;AAAA,MACD,CAAC;AACD,aAAO,WAAW;AAAA,QACjB,CAAC,WAAW,IAAI,KAAK,OAAO,SAAS,IAAI,oBAAI,KAAK;AAAA,MACnD;AAAA,IACD;AAAA,IACA,kBAAkB,OAAO,SAGnB;AACL,YAAM,aAAa,MAAM,QAAQ,OAAmB;AAAA,QACnD,OAAO;AAAA,QACP,OAAO;AAAA,UACN;AAAA,YACC,OAAO;AAAA,YACP,OAAO,KAAK;AAAA,UACb;AAAA,QACD;AAAA,QACA,QAAQ;AAAA,UACP,QAAQ,KAAK;AAAA,QACd;AAAA,MACD,CAAC;AACD,aAAO;AAAA,IACR;AAAA,EACD;AACD;;;AClVA,OAA8D;;;ACA9D,SAAS,YAAAE,iBAAgB;AAIlB,IAAM,oBAAoB,qBAAqB,OAAO,QAAQ;AACpE,QAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,MAAI,CAAC,SAAS,SAAS;AACtB,UAAM,IAAIC,UAAS,cAAc;AAAA,EAClC;AACA,SAAO;AAAA,IACN;AAAA,EACD;AACD,CAAC;;;ADLM,IAAM,gBAAgB,qBAAqB,OAAO,QAAQ;AAChE,SAAO,CAAC;AAYT,CAAC;AAEM,IAAM,uBAAuB;AAAA,EACnC;AAAA,IACC,KAAK,CAAC,iBAAiB;AAAA,EACxB;AAAA,EACA,OAAO,QAAQ;AAEd,UAAM,UAAU,IAAI,QAAQ;AAM5B,WAAO;AAAA,MACN;AAAA,IACD;AAAA,EACD;AACD;;;AEtCA,SAAS,KAAAC,UAAS;;;ACAlB,SAAS,KAAAC,UAAS;AAEX,IAAM,OAAOA,GAAE,KAAK,CAAC,SAAS,UAAU,OAAO,CAAC;AAChD,IAAM,mBAAmBA,GAC9B,KAAK,CAAC,WAAW,YAAY,YAAY,UAAU,CAAC,EACpD,QAAQ,SAAS;AACZ,IAAM,qBAAqBA,GAAE,OAAO;AAAA,EAC1C,IAAIA,GAAE,OAAO;AAAA,EACb,MAAMA,GAAE,OAAO;AAAA,EACf,MAAMA,GAAE,OAAO;AAChB,CAAC;AAEM,IAAM,eAAeA,GAAE,OAAO;AAAA,EACpC,IAAIA,GAAE,OAAO;AAAA,EACb,MAAMA,GAAE,OAAO;AAAA,EACf,OAAOA,GAAE,OAAO;AAAA,EAChB,gBAAgBA,GAAE,OAAO;AAAA,EACzB,QAAQA,GAAE,OAAO;AAAA,EACjB;AACD,CAAC;AAEM,IAAM,mBAAmBA,GAAE,OAAO;AAAA,EACxC,IAAIA,GAAE,OAAO;AAAA,EACb,gBAAgBA,GAAE,OAAO;AAAA,EACzB,OAAOA,GAAE,OAAO;AAAA,EAChB;AAAA,EACA,QAAQ;AAAA;AAAA;AAAA;AAAA,EAIR,WAAWA,GAAE,OAAO;AAAA,EACpB,WAAWA,GAAE,KAAK;AACnB,CAAC;;;ADxBM,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,eAAe,oBAAoB;AAAA,IACzC,MAAMC,GAAE,OAAO;AAAA,MACd,OAAOA,GAAE,OAAO;AAAA,MAChB;AAAA,MACA,gBAAgBA,GAAE,OAAO,EAAE,SAAS;AAAA,MACpC,QAAQA,GAAE,QAAQ,EAAE,SAAS;AAAA,IAC9B,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QACL,IAAI,KAAK,kBAAkB,QAAQ,QAAQ;AAC5C,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAYA,MAAK,UAAU;AAAA,MAChC,YAAY,CAAC,QAAQ;AAAA,IACtB,CAAC;AACD,QAAI,UAAU,OAAO;AACpB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ,kBAAkB;AAAA,MACrD,OAAO,IAAI,KAAK;AAAA,MAChB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,eAAe;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,iBAAiB,MAAM,QAAQ,sBAAsB;AAAA,MAC1D,OAAO,IAAI,KAAK;AAAA,MAChB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,eAAe,UAAU,CAAC,IAAI,KAAK,QAAQ;AAC9C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,aAAa,MAAM,QAAQ,iBAAiB;AAAA,MACjD,YAAY;AAAA,QACX,MAAM,IAAI,KAAK;AAAA,QACf,OAAO,IAAI,KAAK;AAAA,QAChB,gBAAgB;AAAA,MACjB;AAAA,MACA,MAAM,QAAQ;AAAA,IACf,CAAC;AACD,UAAM,IAAI,QAAQ,WAAW;AAAA,MAC5B;AAAA,MACA,IAAI,KAAK;AAAA,IACV;AACA,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QACC,CAAC,cACD,WAAW,YAAY,oBAAI,KAAK,KAChC,WAAW,WAAW,WACrB;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,UAAM,SAAS,MAAM,QAAQ,aAAa;AAAA,MACzC,IAAI,WAAW;AAAA,MACf,gBAAgB,WAAW;AAAA,MAC3B,QAAQ,QAAQ,KAAK;AAAA,MACrB,OAAO,WAAW;AAAA,MAClB,MAAM,WAAW;AAAA,MACjB,MAAM,QAAQ,KAAK;AAAA,IACpB,CAAC;AACD,WAAO,IAAI,KAAK;AAAA,MACf,YAAY;AAAA,MACZ;AAAA,IACD,CAAC;AAAA,EACF;AACD;AACO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QACC,CAAC,cACD,WAAW,YAAY,oBAAI,KAAK,KAChC,WAAW,WAAW,WACrB;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK;AAAA,MACf,YAAY;AAAA,MACZ,QAAQ;AAAA,IACT,CAAC;AAAA,EACF;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMA,GAAE,OAAO;AAAA,MACd,cAAcA,GAAE,OAAO;AAAA,IACxB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,KAAK,YAAY;AACzE,QAAI,CAAC,YAAY;AAChB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB,WAAW;AAAA,IAC5B,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,IAAI,QAAQ,MAAM,OAAO,IAAI,EAAE,UAAU;AAAA,MAC1D,YAAY,CAAC,QAAQ;AAAA,IACtB,CAAC;AACD,QAAI,UAAU,OAAO;AACpB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,YAAY,MAAM,QAAQ,iBAAiB;AAAA,MAChD,cAAc,IAAI,KAAK;AAAA,MACvB,QAAQ;AAAA,IACT,CAAC;AACD,WAAO,IAAI,KAAK,SAAS;AAAA,EAC1B;AACD;AAEO,IAAM,sBAAsB;AAAA,EAClC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,aAAa;AAAA,IACnB,OAAOA,GAAE,OAAO;AAAA,MACf,IAAIA,GAAE,OAAO;AAAA,IACd,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,aAAa,MAAM,QAAQ,mBAAmB,IAAI,MAAM,EAAE;AAChE,QACC,CAAC,cACD,WAAW,WAAW,aACtB,WAAW,YAAY,oBAAI,KAAK,GAC/B;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QAAI,WAAW,UAAU,QAAQ,KAAK,OAAO;AAC5C,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,gBAAe,MAAM,QAAQ;AAAA,MAClC,WAAW;AAAA,IACZ;AACA,QAAI,CAACA,eAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,WAAW;AAAA,MACnB,gBAAgB,WAAW;AAAA,IAC5B,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,WAAO,IAAI,KAAK;AAAA,MACf,GAAG;AAAA,MACH,kBAAkBA,cAAa;AAAA,MAC/B,kBAAkBA,cAAa;AAAA,MAC/B,cAAc,OAAO;AAAA,MACrB,aAAa,OAAO;AAAA,IACrB,CAAC;AAAA,EACF;AACD;;;AEpUA,SAAS,KAAAC,UAAS;AAKX,IAAM,eAAe;AAAA,EAC3B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,GAAE,OAAO;AAAA,MACd,UAAUA,GAAE,OAAO;AAAA,IACpB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,QAAQ,QAAQ;AAC9B,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,QACC,QAAQ,KAAK,OAAO,OAAO,UAC3B,OAAO,UAAU,IAAI,QAAQ,YAAY,eAAe,UACvD;AACD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,kBAAkBA,MAAK,UAAU;AAAA,MACtC,QAAQ,CAAC,QAAQ;AAAA,IAClB,CAAC;AACD,QAAI,gBAAgB,OAAO;AAC1B,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,WAAW,MAAM,QAAQ,eAAe,IAAI,KAAK,QAAQ;AAC/D,QAAI,UAAU,mBAAmB,OAAO;AACvC,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ,aAAa,IAAI,KAAK,QAAQ;AAClE,QACC,QAAQ,KAAK,OAAO,SAAS,UAC7B,QAAQ,QAAQ,yBAAyB,SAAS,gBACjD;AACD,YAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,IAAI;AAAA,IAC7D;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;AAEO,IAAM,eAAe;AAAA,EAC3B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,GAAE,OAAO;AAAA,MACd,UAAUA,GAAE,OAAO;AAAA,MACnB,MAAMA,GAAE,OAAO;AAAA,IAChB,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,QAAQ,QAAQ;AAC9B,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,kBAAkBA,MAAK,UAAU;AAAA,MACtC,QAAQ,CAAC,QAAQ;AAAA,IAClB,CAAC;AACD,QAAI,gBAAgB,OAAO;AAC1B,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,gBAAgB,MAAM,QAAQ;AAAA,MACnC,IAAI,KAAK;AAAA,MACT,IAAI,KAAK;AAAA,IACV;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;;;ACrJA,SAAS,KAAAC,WAAS;AAOX,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO;AAAA,MACf,MAAMA,IAAE,OAAO;AAAA,MACf,QAAQA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC7B,CAAC;AAAA,IACD,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,QAAI,CAAC,MAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,eACL,OAAO,SAAS,kCAAkC,aAC/C,MAAM,QAAQ,8BAA8B,IAAI,IAChD,SAAS,kCAAkC,SAC1C,OACA,QAAQ;AACb,QAAI,CAAC,cAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,OAAO;AAC1D,UAAM,uBAAuB,MAAM,QAAQ;AAAA,MAC1C,IAAI,KAAK;AAAA,IACV;AACA,QAAI,sBAAsB;AACzB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAMC,gBAAe,MAAM,QAAQ,mBAAmB;AAAA,MACrD,cAAc;AAAA,QACb,IAAI,WAAW;AAAA,QACf,MAAM,IAAI,KAAK;AAAA,QACf,MAAM,IAAI,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,IACD,CAAC;AACD,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,MAAMA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC1B,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,aAAa;AAAA,EACpB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,IAAI,QAAQ,WAAW,GAAG;AAChD,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,QAAQ,IAAI,KAAK,SAAS,QAAQ,QAAQ;AAChD,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,eAAeA,MAAK,UAAU;AAAA,MACnC,cAAc,CAAC,QAAQ;AAAA,IACxB,CAAC;AACD,QAAI,aAAa,OAAO;AACvB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,aAAa,MAAM,QAAQ,mBAAmB,OAAO,IAAI,IAAI;AACnE,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,qBAAqB;AAAA,EACjC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMF,IAAE,OAAO;AAAA,MACd,OAAOA,IAAE,OAAO;AAAA,IACjB,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,aAAa;AAAA,EACpB;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,MAAM,IAAI,QAAQ,WAAW,GAAG;AAChD,QAAI,CAAC,SAAS;AACb,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,UAAM,QAAQ,IAAI,KAAK;AACvB,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,MAC9C,QAAQ,QAAQ,KAAK;AAAA,MACrB,gBAAgB;AAAA,IACjB,CAAC;AACD,QAAI,CAAC,QAAQ;AACZ,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAME,QAAO,IAAI,QAAQ,MAAM,OAAO,IAAI;AAC1C,QAAI,CAACA,OAAM;AACV,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,eAAeA,MAAK,UAAU;AAAA,MACnC,cAAc,CAAC,QAAQ;AAAA,IACxB,CAAC;AACD,QAAI,aAAa,OAAO;AACvB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACT,CAAC;AAAA,IACF;AACA,QAAI,UAAU,QAAQ,QAAQ,sBAAsB;AAInD,YAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,IAAI;AAAA,IAC7D;AACA,UAAM,aAAa,MAAM,QAAQ,mBAAmB,KAAK;AACzD,WAAO,IAAI,KAAK,UAAU;AAAA,EAC3B;AACD;AAEO,IAAM,sBAAsB;AAAA,EAClC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,OAAOF,IAAE,OAAO;AAAA,MACf,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,IAC5B,CAAC;AAAA,IACD,gBAAgB;AAAA,IAChB,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,IAAI,MAAM,SAAS,QAAQ,QAAQ;AACjD,QAAI,CAAC,OAAO;AACX,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAMC,gBAAe,MAAM,QAAQ,qBAAqB,KAAK;AAC7D,QAAI,CAACA,eAAc;AAClB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,wBAAwB;AAAA,EACpC;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMD,IAAE,OAAO;AAAA,MACd,OAAOA,IAAE,OAAO;AAAA,IACjB,CAAC;AAAA,IACD,KAAK,CAAC,mBAAmB,aAAa;AAAA,EACvC;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,UAAU,IAAI,QAAQ;AAC5B,UAAM,QAAQ,IAAI,KAAK;AACvB,UAAM,QAAQ,sBAAsB,QAAQ,QAAQ,IAAI,KAAK;AAC7D,UAAMC,gBAAe,MAAM,QAAQ,qBAAqB,KAAK;AAC7D,WAAO,IAAI,KAAKA,aAAY;AAAA,EAC7B;AACD;AAEO,IAAM,mBAAmB;AAAA,EAC/B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,KAAK,CAAC,eAAe,oBAAoB;AAAA,EAC1C;AAAA,EACA,OAAO,QAAQ;AACd,UAAM,UAAU,cAAc,IAAI,QAAQ,SAAS,IAAI,QAAQ,UAAU;AACzE,UAAM,gBAAgB,MAAM,QAAQ;AAAA,MACnC,IAAI,QAAQ,QAAQ,KAAK;AAAA,IAC1B;AACA,WAAO,IAAI,KAAK,aAAa;AAAA,EAC9B;AACD;;;ArChKO,IAAM,eAAe,CAAgC,YAAgB;AAC3E,QAAM,YAAY;AAAA,IACjB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACD;AAEA,QAAM,QAAQ;AAAA,IACb,GAAG;AAAA,IACH,GAAG,SAAS;AAAA,EACb;AAEA,QAAM,MAAM,YAAY,WAAW;AAAA,IAClC,YAAY,WAAW,CAAC;AAAA,IACxB;AAAA,IACA,YAAY,OAAO,YAAyB;AAE3C,aAAO,MAAM,kBAAkB,OAAO;AAAA,IACvC;AAAA,EACD,CAAC;AAQD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,GAAG;AAAA,MACH,eAAe;AAAA,QACd;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,gBAAgB;AAAA,UAChB,MAAME,IAAE,OAAO;AAAA,YACd,YAAYA,IAAE,OAAOA,IAAE,OAAO,GAAGA,IAAE,MAAMA,IAAE,OAAO,CAAC,CAAC;AAAA,UACrD,CAAC;AAAA,UAQD,KAAK,CAAC,oBAAoB;AAAA,QAC3B;AAAA,QACA,OAAO,QAAQ;AACd,cAAI,CAAC,IAAI,QAAQ,QAAQ,QAAQ,sBAAsB;AACtD,kBAAM,IAAIC,UAAS,eAAe;AAAA,cACjC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,cAAc,IAAI,QAAQ,OAAO;AACjD,gBAAM,SAAS,MAAM,QAAQ,kBAAkB;AAAA,YAC9C,QAAQ,IAAI,QAAQ,QAAQ,KAAK;AAAA,YACjC,gBACC,IAAI,QAAQ,QAAQ,QAAQ,wBAAwB;AAAA,UACtD,CAAC;AACD,cAAI,CAAC,QAAQ;AACZ,kBAAM,IAAIA,UAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAMC,QAAO,MAAM,OAAO,IAAI;AAC9B,gBAAM,SAASA,MAAK,UAAU,IAAI,KAAK,UAAiB;AACxD,cAAI,OAAO,OAAO;AACjB,mBAAO,IAAI;AAAA,cACV;AAAA,gBACC,OAAO,OAAO;AAAA,gBACd,SAAS;AAAA,cACV;AAAA,cACA;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD;AACA,iBAAO,IAAI,KAAK;AAAA,YACf,OAAO;AAAA,YACP,SAAS;AAAA,UACV,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,SAAS;AAAA,QACR,QAAQ;AAAA,UACP,sBAAsB;AAAA,YACrB,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,MACA,cAAc;AAAA,QACb,QAAQ;AAAA,UACP,MAAM;AAAA,YACL,MAAM;AAAA,UACP;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,QAAQ;AAAA,UACT;AAAA,QACD;AAAA,MACD;AAAA,MACA,QAAQ;AAAA,QACP,QAAQ;AAAA,UACP,gBAAgB;AAAA,YACf,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,OAAO;AAAA,YACN,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,UACP;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,QACD;AAAA,MACD;AAAA,MACA,YAAY;AAAA,QACX,QAAQ;AAAA,UACP,gBAAgB;AAAA,YACf,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,OAAO;AAAA,YACN,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,MAAM;AAAA,YACL,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,YAAY;AAAA,cACX,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AsCvRA,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,OAAkB;;;ACDlB,SAAS,yBAAyB;AAClC,SAAS,YAAY,YAAY,mBAAmB;AACpD,SAAS,oBAAoB;AAC7B,SAAS,cAAc;AAEvB,eAAsB,MAAM,WAAmB,SAAiB;AAC/D,QAAM,MAAM,IAAI,YAAY;AAC5B,QAAM,YAAY,EAAE,MAAM,QAAQ,MAAM,UAAU;AAClD,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC/B;AAAA,IACA,IAAI,OAAO,SAAS;AAAA,IACpB;AAAA,IACA;AAAA,IACA,CAAC,QAAQ,QAAQ;AAAA,EAClB;AACA,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACrC,UAAU;AAAA,IACV;AAAA,IACA,IAAI,OAAO,OAAO;AAAA,EACnB;AACA,SAAO,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,SAAS,CAAC,CAAC;AAC9D;AAOO,IAAM,mBAAmB,CAAC,EAAE,KAAK,KAAK,MAA+B;AAC3E,QAAM,aAAa,OAAO,GAAG;AAC7B,QAAM,cAAc,YAAY,IAAI;AACpC,QAAM,SAAS,aAAa,iBAAiB,EAAE,UAAU;AACzD,SAAO,WAAW,OAAO,QAAQ,WAAW,CAAC;AAC9C;AAOO,IAAM,mBAAmB,CAAC,EAAE,KAAK,KAAK,MAA+B;AAC3E,QAAM,aAAa,OAAO,GAAG;AAC7B,QAAM,cAAc,WAAW,IAAI;AACnC,QAAM,SAAS,aAAa,iBAAiB,EAAE,UAAU;AACzD,SAAO,OAAO,QAAQ,WAAW;AAClC;;;AC7CA,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,KAAAC,WAAS;;;ACDlB,SAAS,YAAAC,iBAAgB;;;ACAlB,IAAM,yBAAyB;AAC/B,IAAM,gCAAgC;;;ADMtC,IAAM,4BAA4B,qBAAqB,OAAO,QAAQ;AAC5E,QAAM,SAAS,MAAM,IAAI;AAAA,IACxB;AAAA,IACA,IAAI,QAAQ;AAAA,EACb;AACA,MAAI,CAAC,QAAQ;AACZ,UAAM,IAAIC,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,CAAC,QAAQ,IAAI,IAAI,OAAO,MAAM,GAAG;AACvC,MAAI,CAAC,UAAU,CAAC,MAAM;AACrB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,WAAW,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,IAC5D,OAAO;AAAA,IACP,OAAO;AAAA,MACN;AAAA,QACC,OAAO;AAAA,QACP,OAAO;AAAA,MACR;AAAA,IACD;AAAA,EACD,CAAC;AACD,MAAI,CAAC,SAAS,QAAQ;AACrB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,QAAM,iBAAiB,SAAS;AAAA,IAC/B,CAAC,YAAY,QAAQ,YAAY,oBAAI,KAAK;AAAA,EAC3C;AACA,MAAI,CAAC,gBAAgB;AACpB,UAAM,IAAIA,UAAS,gBAAgB;AAAA,MAClC,SAAS;AAAA,IACV,CAAC;AAAA,EACF;AACA,aAAW,WAAW,gBAAgB;AACrC,UAAM,cAAc,MAAM,MAAM,IAAI,QAAQ,QAAQ,QAAQ,EAAE;AAC9D,UAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAA2B;AAAA,MACjE,OAAO;AAAA,MACP,OAAO;AAAA,QACN;AAAA,UACC,OAAO;AAAA,UACP,OAAO,QAAQ;AAAA,QAChB;AAAA,MACD;AAAA,IACD,CAAC;AACD,QAAI,CAAC,MAAM;AACV,YAAM,IAAIA,UAAS,gBAAgB;AAAA,QAClC,SAAS;AAAA,MACV,CAAC;AAAA,IACF;AACA,QAAI,gBAAgB,MAAM;AACzB,aAAO;AAAA,QACN,OAAO,YAAY;AAIlB,gBAAM,IAAI;AAAA,YACT,IAAI,QAAQ,YAAY,aAAa;AAAA,YACrC,QAAQ;AAAA,YACR,IAAI,QAAQ;AAAA,YACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,UACtC;AACA,cAAI,IAAI,KAAK,aAAa;AACzB,mBAAO,IAAI,KAAK;AAAA,cACf,QAAQ;AAAA,cACR,aAAa,IAAI,KAAK;AAAA,cACtB,UAAU;AAAA,YACX,CAAC;AAAA,UACF;AAEA,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,QACA,SAAS,YAAY;AACpB,iBAAO,IAAI;AAAA,YACV,EAAE,QAAQ,MAAM;AAAA,YAChB;AAAA,cACC,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD;AAAA,UACD;AAAA,QACD;AAAA,QACA,SAAS;AAAA,UACR,IAAI,QAAQ;AAAA,UACZ,QAAQ,QAAQ;AAAA,UAChB,WAAW,QAAQ;AAAA,UACnB;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACA,QAAM,IAAIA,UAAS,gBAAgB;AAAA,IAClC,SAAS;AAAA,EACV,CAAC;AACF,CAAC;;;ADlFD,SAAS,sBAAsB,SAA6B;AAC3D,SAAO,MAAM,KAAK,EAAE,QAAQ,SAAS,UAAU,GAAG,CAAC,EACjD,KAAK,IAAI,EACT;AAAA,IAAI,MACJC,sBAAqB,SAAS,UAAU,IAAIC,UAAS,OAAO,KAAK,CAAC;AAAA,EACnE,EACC,IAAI,CAAC,SAAS,GAAG,KAAK,MAAM,GAAG,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,EAAE;AACvD;AAEA,eAAsB,oBACrB,QACA,SACC;AACD,QAAM,MAAM;AACZ,QAAM,cAAc,SAAS,4BAC1B,QAAQ,0BAA0B,IAClC,sBAAsB;AACzB,QAAM,WAAW,iBAAiB;AAAA,IACjC,MAAM,KAAK,UAAU,WAAW;AAAA,IAChC;AAAA,EACD,CAAC;AACD,SAAO;AAAA,IACN;AAAA,IACA,sBAAsB;AAAA,EACvB;AACD;AAEA,eAAsB,iBACrB,MAIA,KACC;AACD,QAAM,QAAQ,MAAM,eAAe,KAAK,MAAM,GAAG;AACjD,MAAI,CAAC,OAAO;AACX,WAAO;AAAA,EACR;AACA,SAAO,MAAM,SAAS,KAAK,IAAI;AAChC;AAEA,eAAsB,eAAe,MAAyB,KAAa;AAC1E,QAAM,SAAS,OAAO;AAAA,IACrB,MAAM,iBAAiB,EAAE,KAAK,MAAM,KAAK,qBAAqB,CAAC;AAAA,EAChE,EAAE,SAAS,OAAO;AAClB,QAAM,OAAO,KAAK,MAAM,MAAM;AAC9B,QAAM,SAASC,IAAE,MAAMA,IAAE,OAAO,CAAC,EAAE,UAAU,IAAI;AACjD,MAAI,OAAO,SAAS;AACnB,WAAO,OAAO;AAAA,EACf;AACA,SAAO;AACR;AAEO,IAAM,gBAAgB,CAAC,YAAgC;AAC7D,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,kBAAkB;AAAA,QACjB;AAAA,QAEA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMA,IAAE,OAAO;AAAA,YACd,MAAMA,IAAE,OAAO;AAAA,UAChB,CAAC;AAAA,UACD,KAAK,CAAC,yBAAyB;AAAA,QAChC;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,WAAW;AAAA,YAChB;AAAA,cACC,MAAM,IAAI,QAAQ,QAAQ;AAAA,cAC1B,MAAM,IAAI,KAAK;AAAA,YAChB;AAAA,YACA,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,UAAU;AACd,mBAAO,IAAI;AAAA,cACV,EAAE,QAAQ,MAAM;AAAA,cAChB;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD;AACA,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,MACA,qBAAqB;AAAA,QACpB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,cAAc,MAAM;AAAA,YACzB,IAAI,QAAQ;AAAA,YACZ;AAAA,UACD;AACA,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,kBAAkB;AAAA,cAClB,sBAAsB,YAAY;AAAA,YACnC;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,IAAI,QAAQ,QAAQ,KAAK;AAAA,cACjC;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK;AAAA,YACf,QAAQ;AAAA,YACR,aAAa,YAAY;AAAA,UAC1B,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,iBAAiB;AAAA,QAChB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,cAAc,eAAe,MAAM,IAAI,QAAQ,MAAM;AAC3D,iBAAO,IAAI,KAAK;AAAA,YACf,QAAQ;AAAA,YACR;AAAA,UACD,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AG7JA,SAAS,YAAAC,iBAAgB;AACzB,SAAS,6BAA6B;AACtC,SAAS,oBAAoB;AAC7B,SAAS,KAAAC,WAAS;AAmBX,IAAM,SAAS,CAAC,YAAyB;AAI/C,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,WAAW,CAAC,QAAQ,SAAS;AACjC,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIC,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,eAAe,sBAAsB,GAAM;AACjD,YAAM,MAAM,MAAM;AAAA,QACjB,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACD;AACA,YAAM,QAAQ,QAAQ,IAAI,QAAQ,QAAQ,MAA2B,GAAG;AACxE,YAAM,SAAS,IAAI,QAAQ;AAAA,QAC1B;AAAA,QACA;AAAA,UACC,QAAQ,QAAQ;AAAA,QACjB;AAAA,MACD;AACA,YAAM,IAAI;AAAA,QACT,OAAO;AAAA,QACP,aAAa,SAAS;AAAA,QACtB,IAAI,QAAQ;AAAA,QACZ,OAAO;AAAA,MACR;AACA,aAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,IACjC;AAAA,EACD;AAEA,QAAM,YAAY;AAAA,IACjB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,MAAMC,IAAE,OAAO;AAAA,QACd,MAAMA,IAAE,OAAO;AAAA,MAChB,CAAC;AAAA,MACD,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,YAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,UAAI,CAAC,KAAK,kBAAkB;AAC3B,cAAM,IAAID,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,SAAS,IAAI,QAAQ;AAAA,QAC1B;AAAA,MACD;AACA,YAAM,eAAe,MAAM,IAAI;AAAA,QAC9B,OAAO;AAAA,QACP,IAAI,QAAQ;AAAA,MACb;AACA,UAAI,CAAC,cAAc;AAClB,cAAM,IAAIA,UAAS,gBAAgB;AAAA,UAClC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,aAAa,MAAM;AAAA,QACxB,OAAO,KAAK,IAAI,QAAQ,MAAM;AAAA,QAC9B,SAAS,YAAY;AAAA,MACtB;AACA,UAAI,eAAe,IAAI,KAAK,MAAM;AACjC,YAAI,UAAU,OAAO,MAAM,IAAI;AAAA,UAC9B,MAAM;AAAA,UACN,UAAU;AAAA,UACV,UAAU;AAAA,UACV,QAAQ;AAAA,UACR,QAAQ;AAAA,QACT,CAAC;AACD,eAAO,IAAI,QAAQ,MAAM;AAAA,MAC1B,OAAO;AACN,eAAO,IAAI,QAAQ,QAAQ;AAAA,MAC5B;AAAA,IACD;AAAA,EACD;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV;AAAA,MACA;AAAA,IACD;AAAA,EACD;AACD;;;ACpHA,SAAS,YAAAE,iBAAgB;AACzB,SAAS,YAAAC,iBAAgB;AACzB,SAAS,gBAAgB,wBAAwB;AACjD,SAAS,KAAAC,WAAS;AA8BX,IAAM,UAAU,CAAC,YAAyB;AAChD,QAAM,OAAO;AAAA,IACZ,QAAQ;AAAA,IACR,QAAQ,IAAIC,UAAS,SAAS,UAAU,IAAI,GAAG;AAAA,EAChD;AAEA,QAAM,eAAe;AAAA,IACpB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,iBAAiB;AAAA,IACxB;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIC,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,UAAU,IAAI,QAAQ,QAAQ;AACpC,YAAM,OAAO,IAAI,eAAe,IAAI;AACpC,YAAM,OAAO,MAAM,KAAK,SAAS,OAAO,KAAK,QAAQ,eAAe,CAAC;AACrE,aAAO,EAAE,KAAK;AAAA,IACf;AAAA,EACD;AAEA,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,KAAK,CAAC,iBAAiB;AAAA,IACxB;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAIA,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,aAAO;AAAA,QACN,SAAS;AAAA,UACR,SAAS,UAAU;AAAA,UACnB,KAAK;AAAA,UACL,OAAO,KAAK,KAAK,eAAe;AAAA,UAChC;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AAEA,QAAM,aAAa;AAAA,IAClB;AAAA,IACA;AAAA,MACC,QAAQ;AAAA,MACR,MAAMC,IAAE,OAAO;AAAA,QACd,MAAMA,IAAE,OAAO;AAAA,QACf,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,MAClC,CAAC;AAAA,MACD,KAAK,CAAC,yBAAyB;AAAA,IAChC;AAAA,IACA,OAAO,QAAQ;AACd,UAAI,CAAC,SAAS;AACb,YAAI,QAAQ,OAAO;AAAA,UAClB;AAAA,QACD;AACA,cAAM,IAAID,UAAS,eAAe;AAAA,UACjC,SAAS;AAAA,QACV,CAAC;AAAA,MACF;AACA,YAAM,OAAO,IAAI,eAAe,IAAI;AACpC,YAAM,SAAS,OAAO;AAAA,QACrB,MAAM,iBAAiB;AAAA,UACtB,KAAK,IAAI,QAAQ;AAAA,UACjB,MAAM,IAAI,QAAQ,QAAQ,KAAK;AAAA,QAChC,CAAC;AAAA,MACF;AACA,YAAM,SAAS,MAAM,KAAK,OAAO,IAAI,KAAK,MAAM,MAAM;AACtD,UAAI,CAAC,QAAQ;AACZ,eAAO,IAAI,QAAQ,QAAQ;AAAA,MAC5B;AACA,aAAO,IAAI,QAAQ,MAAM;AAAA,IAC1B;AAAA,EACD;AACA,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV;AAAA,MACA,aAAa;AAAA,MACb;AAAA,IACD;AAAA,EACD;AACD;;;ACvHO,IAAM,qBAAqB,MAA0C;AAC3E,SAAO,CASN,QAUI;AACJ,WAAO,CAAC,WAAwB;AAC/B,YAAM,OAAO,IAAI,MAAM;AACvB,aAAO;AAAA,QACN,GAAG;AAAA,QACH,cAAc,KAAK;AAAA,QACnB,QAAQ,CAAC;AAAA,MACV;AAAA,IACD;AAAA,EACD;AACD;;;ACrCO,IAAM,kBAAkB,CAC9B,UAQI;AAAA,EACH,UAAU;AAAA,EACV,eAAe;AAChB,MACI;AACJ,SAAO,mBAA6C,EAAE,CAAC,WAAW;AACjE,WAAO;AAAA,MACN,IAAI;AAAA,MACJ,iBAAiB;AAAA,QAChB;AAAA,UACC,SAAS,CAAC,SACT,SAAS,wBAAwB,SAAS;AAAA,UAC3C,MAAM;AAAA,QACP;AAAA,MACD;AAAA,MACA,aAAa;AAAA,QACZ,eAAe;AAAA,QACf,uBAAuB;AAAA,QACvB,sBAAsB;AAAA,QACtB,wBAAwB;AAAA,MACzB;AAAA,MACA,cAAc;AAAA,QACb;AAAA,UACC,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,OAAO;AAAA,YACN,MAAM,UAAU,SAAS;AACxB,kBAAI,QAAQ,MAAM,mBAAmB;AACpC,oBAAI,QAAQ,UAAU;AACrB,yBAAO,SAAS,OAAO,QAAQ;AAAA,gBAChC;AAAA,cACD;AAAA,YACD;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD,CAAC;AACF;;;ARrCO,IAAM,YAAY,CAA6B,YAAe;AACpE,QAAM,OAAO,QAAQ;AAAA,IACpB,QAAQ,QAAQ;AAAA,IAChB,GAAG,QAAQ;AAAA,EACZ,CAAC;AACD,QAAM,aAAa,cAAc,QAAQ,iBAAiB;AAC1D,QAAM,MAAM,OAAO,QAAQ,UAAU;AACrC,QAAM,YAAY,CAAC,MAAM,YAAY,GAAG;AACxC,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,GAAG,KAAK;AAAA,MACR,GAAG,IAAI;AAAA,MACP,GAAG,WAAW;AAAA,MACd,iBAAiB;AAAA,QAChB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,SAASE,sBAAqB,IAAIC,UAAS,OAAO,OAAO,GAAG,CAAC;AACnE,gBAAM,kBAAkB,MAAM,iBAAiB;AAAA,YAC9C,KAAK,IAAI,QAAQ;AAAA,YACjB,MAAM;AAAA,UACP,CAAC;AACD,gBAAM,cAAc,MAAM;AAAA,YACzB,IAAI,QAAQ;AAAA,YACZ,QAAQ;AAAA,UACT;AACA,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,iBAAiB;AAAA,cACjB,kBAAkB;AAAA,cAClB,sBAAsB,YAAY;AAAA,YACnC;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,MACA,kBAAkB;AAAA,QACjB;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,gBAAM,IAAI,QAAQ,QAAQ,OAAO;AAAA,YAChC,OAAO;AAAA,YACP,QAAQ;AAAA,cACP,kBAAkB;AAAA,YACnB;AAAA,YACA,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,iBAAO,IAAI,KAAK,EAAE,QAAQ,KAAK,CAAC;AAAA,QACjC;AAAA,MACD;AAAA,IACD;AAAA,IACA;AAAA,IACA,OAAO;AAAA,MACN,OAAO;AAAA,QACN;AAAA,UACC,QAAQ,SAAS;AAChB,mBACC,QAAQ,SAAS,oBACjB,QAAQ,SAAS;AAAA,UAEnB;AAAA,UACA,SAAS,qBAAqB,OAAO,QAAQ;AAC5C,kBAAM,WAAY,MAAO,IAAY;AACrC,gBAAI,UAAU,WAAW,KAAK;AAC7B;AAAA,YACD;AACA,kBAAM,WAAY,MAAM,SAAS,KAAK;AAItC,gBAAI,CAAC,SAAS,KAAK,kBAAkB;AACpC;AAAA,YACD;AAIA,gBAAI,UAAU,IAAI,QAAQ,YAAY,aAAa,MAAM,IAAI;AAAA,cAC5D,MAAM;AAAA,cACN,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,cACR,QAAQ;AAAA,YACT,CAAC;AACD,kBAAM,OAAO,MAAM,MAAM,IAAI,QAAQ,QAAQ,SAAS,QAAQ,EAAE;AAOhE,kBAAM,IAAI;AAAA,cACT;AAAA,cACA,GAAG,SAAS,QAAQ,MAAM,IAAI,IAAI;AAAA,cAClC,IAAI,QAAQ;AAAA,cACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,YACtC;AACA,kBAAM,MAAM,IAAI;AAAA,cACf,KAAK,UAAU;AAAA,gBACd,mBAAmB;AAAA,cACpB,CAAC;AAAA,cACD;AAAA,gBACC,SAAS,IAAI;AAAA,cACd;AAAA,YACD;AACA,mBAAO;AAAA,cACN,UAAU;AAAA,YACX;AAAA,UACD,CAAC;AAAA,QACF;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,MAAM;AAAA,QACL,QAAQ;AAAA,UACP,kBAAkB;AAAA,YACjB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,cAAc;AAAA,UACf;AAAA,UACA,iBAAiB;AAAA,YAChB,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,sBAAsB;AAAA,YACrB,MAAM;AAAA,YACN,UAAU;AAAA,YACV,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AStKA;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAOP,SAAS,YAAAC,iBAAgB;AACzB,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,KAAAC,WAAS;;;ACblB;AAAA,EACC;AAAA,EACA;AAAA,EACA;AAAA,OACM;AAUA,IAAM,oBAAoB,CAAC,WAAwB;AACzD,QAAM,gBAAgB,OAAO,SAIvB;AACL,UAAM,WAAW,MAAM;AAAA,MACtB;AAAA,MACA;AAAA,QACC,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,OAAO,MAAM;AAAA,QACd;AAAA,MACD;AAAA,IACD;AACA,QAAI,CAAC,SAAS,MAAM;AACnB,aAAO;AAAA,IACR;AACA,QAAI;AACH,YAAM,MAAM,MAAM;AAAA,QACjB,SAAS;AAAA,QACT,MAAM,YAAY;AAAA,MACnB;AACA,YAAM,WAAW,MAAM,OAGpB,kCAAkC;AAAA,QACpC,MAAM;AAAA,UACL,UAAU;AAAA,UACV,MAAM;AAAA,QACP;AAAA,MACD,CAAC;AACD,UAAI,CAAC,SAAS,MAAM;AACnB,eAAO;AAAA,MACR;AAAA,IACD,SAAS,GAAG;AACX,cAAQ,IAAI,CAAC;AAAA,IACd;AAAA,EACD;AAEA,QAAM,kBAAkB,YAAY;AACnC,UAAM,UAAU,MAAM;AAAA,MACrB;AAAA,MACA;AAAA,QACC,QAAQ;AAAA,MACT;AAAA,IACD;AACA,QAAI,CAAC,QAAQ,MAAM;AAClB,aAAO;AAAA,IACR;AACA,QAAI;AACH,YAAM,MAAM,MAAM,kBAAkB,QAAQ,IAAI;AAChD,YAAM,WAAW,MAAM,OAEpB,gCAAgC;AAAA,QAClC,MAAM;AAAA,UACL,UAAU;AAAA,UACV,MAAM;AAAA,QACP;AAAA,MACD,CAAC;AACD,UAAI,CAAC,SAAS,MAAM;AACnB,eAAO;AAAA,MACR;AAAA,IACD,SAAS,GAAG;AACX,UAAI,aAAa,eAAe;AAC/B,YAAI,EAAE,SAAS,6CAA6C;AAC3D,iBAAO;AAAA,YACN,MAAM;AAAA,YACN,OAAO;AAAA,cACN,SAAS;AAAA,cACT,QAAQ;AAAA,cACR,YAAY;AAAA,YACb;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACA,SAAO;AAAA,IACN;AAAA,IACA;AAAA,EACD;AACD;AAEO,IAAM,gBAAgB,mBAAiD;AAAA,EAC7E,CAAC,WAAW;AACX,WAAO;AAAA,MACN,IAAI;AAAA,MACJ,SAAS,kBAAkB,MAAM;AAAA,IAClC;AAAA,EACD;AACD;;;ADzCO,IAAM,UAAU,CAAC,YAA4B;AACnD,QAAM,OAAO;AAAA,IACZ,QAAQ;AAAA,IACR,GAAG;AAAA,IACH,MAAM,QAAQ,IAAI,aAAa,gBAAgB,cAAc,QAAQ;AAAA,IACrE,UAAU;AAAA,MACT,yBAAyB;AAAA,MACzB,GAAG,QAAQ;AAAA,IACZ;AAAA,EACD;AACA,QAAM,oCAAoC,KAAK,KAAK;AACpD,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,oCAAoC;AAAA,QACnC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,KAAK,CAAC,iBAAiB;AAAA,UACvB,UAAU;AAAA,YACT,QAAQ;AAAA,UACT;AAAA,QACD;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,UAAU,IAAI,QAAQ;AAC5B,gBAAM,eAAe,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,YAChE,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,QAAQ,KAAK;AAAA,cACrB;AAAA,YACD;AAAA,UACD,CAAC;AACD,gBAAM,SAAS,IAAI;AAAA,YAClB,OAAO,KAAKC,sBAAqB,IAAIC,UAAS,OAAO,KAAK,CAAC,CAAC;AAAA,UAC7D;AACA,cAAIC;AACJ,UAAAA,WAAU,MAAM,4BAA4B;AAAA,YAC3C,QAAQ,KAAK;AAAA,YACb,MAAM,KAAK;AAAA,YACX;AAAA,YACA,UAAU,QAAQ,KAAK,SAAS,QAAQ,KAAK;AAAA,YAC7C,iBAAiB;AAAA,YACjB,oBAAoB,aAAa,IAAI,CAACC,cAAa;AAAA,cAClD,IAAIA,SAAQ;AAAA,cACZ,YAAYA,SAAQ,YAAY;AAAA,gBAC/B;AAAA,cACD;AAAA,YACD,EAAE;AAAA,YACF,wBAAwB;AAAA,cACvB,aAAa;AAAA,cACb,kBAAkB;AAAA,cAClB,yBAAyB;AAAA,YAC1B;AAAA,UACD,CAAC;AAID,gBAAM,OAA2B;AAAA,YAChC,mBAAmBD,SAAQ;AAAA,YAC3B,UAAU;AAAA,cACT,GAAG,QAAQ;AAAA,cACX,OAAO,QAAQ,KAAK,SAAS,QAAQ,KAAK;AAAA,YAC3C;AAAA,UACD;AAEA,gBAAM,IAAI;AAAA,YACT,KAAK,SAAS;AAAA,YACd,KAAK,UAAU,IAAI;AAAA,YACnB,IAAI,QAAQ;AAAA,YACZ;AAAA,cACC,QAAQ;AAAA,cACR,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,YACT;AAAA,UACD;AACA,iBAAO,IAAI,KAAKA,UAAS;AAAA,YACxB,QAAQ;AAAA,UACT,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,sCAAsC;AAAA,QACrC;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAME,IACJ,OAAO;AAAA,YACP,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,YAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC,EACA,SAAS;AAAA,QACZ;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,UAAU,MAAM,kBAAkB,GAAG;AAC3C,cAAI,eAA0B,CAAC;AAC/B,cAAI,SAAS;AACZ,2BAAe,MAAM,IAAI,QAAQ,QAAQ,SAAkB;AAAA,cAC1D,OAAO;AAAA,cACP,OAAO;AAAA,gBACN;AAAA,kBACC,OAAO;AAAA,kBACP,OAAO,QAAQ,KAAK;AAAA,gBACrB;AAAA,cACD;AAAA,YACD,CAAC;AAAA,UACF;AACA,gBAAMF,WAAU,MAAM,8BAA8B;AAAA,YACnD,MAAM,KAAK;AAAA,YACX,kBAAkB;AAAA,YAClB,GAAI,aAAa,SACd;AAAA,cACA,kBAAkB,aAAa,IAAI,CAACC,cAAa;AAAA,gBAChD,IAAIA,SAAQ;AAAA,gBACZ,YAAYA,SAAQ,YAAY;AAAA,kBAC/B;AAAA,gBACD;AAAA,cACD,EAAE;AAAA,YACH,IACC,CAAC;AAAA,UACL,CAAC;AAID,gBAAM,OAA2B;AAAA,YAChC,mBAAmBD,SAAQ;AAAA,YAC3B,UAAU;AAAA,cACT,OAAO,SAAS,KAAK,SAAS,SAAS,KAAK,MAAM;AAAA,cAClD,IAAI,SAAS,KAAK,MAAM;AAAA,YACzB;AAAA,YACA,aAAa,IAAI,MAAM;AAAA,UACxB;AACA,gBAAM,IAAI;AAAA,YACT,KAAK,SAAS;AAAA,YACd,KAAK,UAAU,IAAI;AAAA,YACnB,IAAI,QAAQ;AAAA,YACZ;AAAA,cACC,QAAQ;AAAA,cACR,UAAU;AAAA,cACV,UAAU;AAAA,cACV,QAAQ;AAAA,YACT;AAAA,UACD;AACA,iBAAO,IAAI,KAAKA,UAAS;AAAA,YACxB,QAAQ;AAAA,UACT,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,2BAA2B;AAAA,QAC1B;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAME,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,IAAI;AAAA,UACjB,CAAC;AAAA,UACD,KAAK,CAAC,iBAAiB;AAAA,QACxB;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,SAAS,QAAQ,UAAU,IAAI,SAAS,IAAI,QAAQ,KAAK;AAC/D,cAAI,CAAC,QAAQ;AACZ,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,OAAO,IAAI,KAAK;AACtB,gBAAM,kBAAkB,MAAM,IAAI;AAAA,YACjC,KAAK,SAAS;AAAA,YACd,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,iBAAiB;AACrB,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,EAAE,UAAU,kBAAkB,IAAI,KAAK;AAAA,YAC5C;AAAA,UACD;AAEA,cAAI,SAAS,OAAO,IAAI,QAAQ,QAAQ,KAAK,IAAI;AAChD,kBAAM,IAAIC,UAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AAEA,cAAI;AACH,kBAAM,eAAe,MAAM,2BAA2B;AAAA,cACrD,UAAU;AAAA,cACV;AAAA,cACA,gBAAgB;AAAA,cAChB,cAAc,QAAQ;AAAA,YACvB,CAAC;AACD,kBAAM,EAAE,UAAU,iBAAiB,IAAI;AACvC,gBAAI,CAAC,YAAY,CAAC,kBAAkB;AACnC,qBAAO,IAAI,KAAK,MAAM;AAAA,gBACrB,QAAQ;AAAA,cACT,CAAC;AAAA,YACF;AACA,kBAAM;AAAA,cACL;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,cACA;AAAA,YACD,IAAI;AACJ,kBAAM,SAAS,OAAO,KAAK,mBAAmB,EAAE,SAAS,QAAQ;AACjE,kBAAM,SAASL,sBAAqB,IAAIC,UAAS,OAAO,KAAK,CAAC;AAC9D,kBAAM,aAAsB;AAAA,cAC3B,QAAQ,SAAS;AAAA,cACjB,gBAAgB;AAAA,cAChB,IAAI;AAAA,cACJ,WAAW;AAAA,cACX;AAAA,cACA,YAAY;AAAA,cACZ,YAAY,KAAK,SAAS,WAAW,KAAK,GAAG;AAAA,cAC7C,UAAU;AAAA,cACV,WAAW,oBAAI,KAAK;AAAA,YACrB;AACA,kBAAM,gBAAgB,MAAM,IAAI,QAAQ,QAAQ,OAAgB;AAAA,cAC/D,OAAO;AAAA,cACP,MAAM;AAAA,YACP,CAAC;AACD,mBAAO,IAAI,KAAK,eAAe;AAAA,cAC9B,QAAQ;AAAA,YACT,CAAC;AAAA,UACF,SAAS,GAAG;AACX,oBAAQ,IAAI,CAAC;AACb,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AAAA,QACD;AAAA,MACD;AAAA,MACA,6BAA6B;AAAA,QAC5B;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMG,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,IAAI;AAAA,UACjB,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,SAAS,QAAQ,UAAU,IAAI,SAAS,IAAI,QAAQ,KAAK;AAC/D,cAAI,CAAC,QAAQ;AACZ,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,OAAO,IAAI,KAAK;AACtB,gBAAM,kBAAkB,MAAM,IAAI;AAAA,YACjC,KAAK,SAAS;AAAA,YACd,IAAI,QAAQ;AAAA,UACb;AACA,cAAI,CAAC,iBAAiB;AACrB,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,YACT,CAAC;AAAA,UACF;AACA,gBAAM,EAAE,mBAAmB,YAAY,IAAI,KAAK;AAAA,YAC/C;AAAA,UACD;AACA,gBAAMD,WAAU,MAAM,IAAI,QAAQ,QAAQ,QAAiB;AAAA,YAC1D,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,YACD;AAAA,UACD,CAAC;AACD,cAAI,CAACA,UAAS;AACb,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AACA,cAAI;AACH,kBAAM,eAAe,MAAM,6BAA6B;AAAA,cACvD,UAAU;AAAA,cACV;AAAA,cACA,gBAAgB;AAAA,cAChB,cAAc,KAAK;AAAA,cACnB,eAAe;AAAA,gBACd,cAAcA,SAAQ;AAAA,gBACtB,qBAAqB,IAAI;AAAA,kBACxB,OAAO,KAAKA,SAAQ,WAAW,QAAQ;AAAA,gBACxC;AAAA,gBACA,SAASA,SAAQ;AAAA,gBACjB,YAAYA,SAAQ,YAAY;AAAA,kBAC/B;AAAA,gBACD;AAAA,cACD;AAAA,YACD,CAAC;AACD,kBAAM,EAAE,SAAS,IAAI;AACrB,gBAAI,CAAC;AACJ,qBAAO,IAAI,KAAK,MAAM;AAAA,gBACrB,QAAQ;AAAA,gBACR,MAAM;AAAA,kBACL,SAAS;AAAA,gBACV;AAAA,cACD,CAAC;AAEF,kBAAM,IAAI,QAAQ,QAAQ,OAAgB;AAAA,cACzC,OAAO;AAAA,cACP,OAAO;AAAA,gBACN;AAAA,kBACC,OAAO;AAAA,kBACP,OAAOA,SAAQ;AAAA,gBAChB;AAAA,cACD;AAAA,cACA,QAAQ;AAAA,gBACP,SAAS,aAAa,mBAAmB;AAAA,cAC1C;AAAA,YACD,CAAC;AACD,kBAAM,IAAI,MAAM,IAAI,QAAQ,gBAAgB;AAAA,cAC3CA,SAAQ;AAAA,cACR,IAAI;AAAA,YACL;AACA,kBAAM,IAAI;AAAA,cACT,IAAI,QAAQ,YAAY,aAAa;AAAA,cACrC,EAAE;AAAA,cACF,IAAI,QAAQ;AAAA,cACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,YACtC;AACA,gBAAI,aAAa;AAChB,qBAAO,IAAI,KAAK;AAAA,gBACf,KAAK;AAAA,gBACL,UAAU;AAAA,gBACV,SAAS;AAAA,cACV,CAAC;AAAA,YACF;AACA,mBAAO,IAAI;AAAA,cACV;AAAA,gBACC,SAAS;AAAA,cACV;AAAA,cACA;AAAA,gBACC,QAAQ;AAAA,cACT;AAAA,YACD;AAAA,UACD,SAAS,GAAG;AACX,gBAAI,QAAQ,OAAO,MAAM,CAAC;AAC1B,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,cACV;AAAA,YACD,CAAC;AAAA,UACF;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,IACA,QAAQ;AAAA,MACP,SAAS;AAAA,QACR,QAAQ;AAAA,UACP,WAAW;AAAA,YACV,MAAM;AAAA,UACP;AAAA,UACA,QAAQ;AAAA,YACP,MAAM;AAAA,YACN,YAAY;AAAA,cACX,OAAO;AAAA,cACP,OAAO;AAAA,YACR;AAAA,UACD;AAAA,UACA,gBAAgB;AAAA,YACf,MAAM;AAAA,UACP;AAAA,UACA,SAAS;AAAA,YACR,MAAM;AAAA,UACP;AAAA,UACA,YAAY;AAAA,YACX,MAAM;AAAA,UACP;AAAA,UACA,UAAU;AAAA,YACT,MAAM;AAAA,UACP;AAAA,UACA,YAAY;AAAA,YACX,MAAM;AAAA,YACN,UAAU;AAAA,UACX;AAAA,UACA,WAAW;AAAA,YACV,MAAM;AAAA,YACN,cAAc,oBAAI,KAAK;AAAA,YACvB,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AE3cA,SAAS,KAAAG,WAAS;AAGlB,SAAS,YAAAC,iBAAgB;AACzB,SAAS,YAAAC,kBAAgB;;;ACJzB,SAAS,YAAAC,WAAU,wBAAAC,6BAA4B;AAC/C,SAAS,YAAAC,iBAAgB;AACzB,SAAS,KAAAC,WAAS;AAGX,IAAM,cAAc;AAAA,EAC1B;AAAA,EACA;AAAA,IACC,QAAQ;AAAA,IACR,MAAMC,IAAE,OAAO;AAAA,MACd,MAAMA,IAAE,OAAO;AAAA,MACf,OAAOA,IAAE,OAAO,EAAE,MAAM;AAAA,MACxB,UAAUA,IAAE,OAAO;AAAA,MACnB,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,MAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,IAClC,CAAC;AAAA,EACF;AAAA,EACA,OAAO,QAAQ;AACd,QAAI,CAAC,IAAI,QAAQ,QAAQ,kBAAkB,SAAS;AACnD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,EAAE,MAAM,OAAO,UAAU,MAAM,IAAI,IAAI;AAC7C,UAAM,oBACL,IAAI,QAAQ,SAAS,kBAAkB,qBAAqB;AAC7D,QAAI,SAAS,SAAS,mBAAmB;AACxC,UAAI,QAAQ,OAAO,MAAM,uBAAuB;AAChD,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM,EAAE,SAAS,wBAAwB;AAAA,MAC1C,CAAC;AAAA,IACF;AACA,UAAM,WAAW,IAAIC,UAAS;AAC9B,UAAM,SAAS,MAAM,IAAI,QAAQ,gBAAgB,gBAAgB,KAAK;AAItE,UAAM,OAAO,MAAM,SAAS,KAAK,QAAQ;AACzC,QAAI,QAAQ,MAAM;AACjB,aAAO,IAAI,KAAK,MAAM;AAAA,QACrB,QAAQ;AAAA,QACR,MAAM;AAAA,UACL,SAAS;AAAA,QACV;AAAA,MACD,CAAC;AAAA,IACF;AACA,UAAM,cAAc,MAAM,IAAI,QAAQ,gBAAgB,WAAW;AAAA,MAChE,IAAIC,sBAAqB,IAAIC,UAAS,OAAO,OAAO,KAAK,CAAC;AAAA,MAC1D,OAAO,MAAM,YAAY;AAAA,MACzB;AAAA,MACA;AAAA,MACA,eAAe;AAAA,MACf,WAAW,oBAAI,KAAK;AAAA,MACpB,WAAW,oBAAI,KAAK;AAAA,IACrB,CAAC;AAID,UAAM,IAAI,QAAQ,gBAAgB,YAAY;AAAA,MAC7C,IAAID,sBAAqB,IAAIC,UAAS,OAAO,OAAO,KAAK,CAAC;AAAA,MAC1D,QAAQ,YAAY;AAAA,MACpB,YAAY;AAAA,MACZ,WAAW,YAAY;AAAA,MACvB,UAAU;AAAA,IACX,CAAC;AACD,UAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,MACjD,YAAY;AAAA,MACZ,IAAI;AAAA,IACL;AACA,UAAM,IAAI;AAAA,MACT,IAAI,QAAQ,YAAY,aAAa;AAAA,MACrC,QAAQ;AAAA,MACR,IAAI,QAAQ;AAAA,MACZ,IAAI,QAAQ,YAAY,aAAa;AAAA,IACtC;AACA,WAAO,IAAI;AAAA,MACV;AAAA,QACC,MAAM;AAAA,QACN;AAAA,MACD;AAAA,MACA;AAAA,QACC,MAAM,IAAI,KAAK,cACZ;AAAA,UACA,KAAK,IAAI,KAAK;AAAA,UACd,UAAU;AAAA,QACX,IACC;AAAA,UACA,MAAM;AAAA,UACN;AAAA,QACD;AAAA,MACH;AAAA,IACD;AAAA,EACD;AACD;;;ADzFO,IAAM,WAAW,MAAM;AAC7B,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,WAAW;AAAA,MACV,gBAAgB;AAAA,QACf;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMC,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,OAAO;AAAA,YACnB,UAAUA,IAAE,OAAO;AAAA,YACnB,gBAAgBA,IAAE,QAAQ,EAAE,SAAS;AAAA,YACrC,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,OAAO,MAAM,IAAI,QAAQ,QAAQ,QAAc;AAAA,YACpD,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,IAAI,KAAK;AAAA,cACjB;AAAA,YACD;AAAA,UACD,CAAC;AACD,gBAAM,WAAW,IAAIC,UAAS;AAC9B,cAAI,CAAC,MAAM;AACV,kBAAM,SAAS,KAAK,IAAI,KAAK,QAAQ;AACrC,gBAAI,QAAQ,OAAO,MAAM,kBAAkB,EAAE,SAAS,CAAC;AACvD,kBAAM,IAAIC,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,MAAM,IAAI,QAAQ,QAAQ,QAAiB;AAAA,YAC1D,OAAO;AAAA,YACP,OAAO;AAAA,cACN;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO,KAAK;AAAA,cACb;AAAA,cACA;AAAA,gBACC,OAAO;AAAA,gBACP,OAAO;AAAA,cACR;AAAA,YACD;AAAA,UACD,CAAC;AACD,cAAI,CAAC,SAAS;AACb,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,kBAAkB,SAAS;AACjC,cAAI,CAAC,iBAAiB;AACrB,gBAAI,QAAQ,OAAO,MAAM,sBAAsB,EAAE,SAAS,CAAC;AAC3D,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,gBAAgB,MAAM,SAAS;AAAA,YACpC;AAAA,YACA,IAAI,KAAK;AAAA,UACV;AACA,cAAI,CAAC,eAAe;AACnB,gBAAI,QAAQ,OAAO,MAAM,kBAAkB;AAC3C,kBAAM,IAAIA,WAAS,gBAAgB;AAAA,cAClC,SAAS;AAAA,YACV,CAAC;AAAA,UACF;AACA,gBAAM,UAAU,MAAM,IAAI,QAAQ,gBAAgB;AAAA,YACjD,KAAK;AAAA,YACL,IAAI;AAAA,UACL;AACA,gBAAM,IAAI;AAAA,YACT,IAAI,QAAQ,YAAY,aAAa;AAAA,YACrC,QAAQ;AAAA,YACR,IAAI,QAAQ;AAAA,YACZ,IAAI,KAAK,iBACN;AAAA,cACA,GAAG,IAAI,QAAQ,YAAY,aAAa;AAAA,cACxC,QAAQ;AAAA,YACT,IACC,IAAI,QAAQ,YAAY,aAAa;AAAA,UACzC;AACA,iBAAO,IAAI,KAAK;AAAA,YACf;AAAA,YACA;AAAA,YACA,UAAU,CAAC,CAAC,IAAI,KAAK;AAAA,YACrB,KAAK,IAAI,KAAK;AAAA,UACf,CAAC;AAAA,QACF;AAAA,MACD;AAAA,MACA,gBAAgB;AAAA,QACf;AAAA,QACA;AAAA,UACC,QAAQ;AAAA,UACR,MAAMF,IAAE,OAAO;AAAA,YACd,UAAUA,IAAE,OAAO,EAAE,IAAI,CAAC,EAAE,IAAI,EAAE;AAAA,YAClC,MAAMA,IAAE,OAAO;AAAA,YACf,OAAOA,IAAE,OAAO,EAAE,MAAM;AAAA,YACxB,UAAUA,IAAE,OAAO;AAAA,YACnB,OAAOA,IAAE,OAAO,EAAE,SAAS;AAAA,YAC3B,aAAaA,IAAE,OAAO,EAAE,SAAS;AAAA,UAClC,CAAC;AAAA,QACF;AAAA,QACA,OAAO,QAAQ;AACd,gBAAM,MAAM,MAAM,YAAY;AAAA,YAC7B,GAAG;AAAA;AAAA,YAEH,OAAO;AAAA,UACR,CAAC;AACD,cAAI,CAAC,KAAK;AACT,mBAAO,IAAI,KAAK,MAAM;AAAA,cACrB,QAAQ;AAAA,cACR,MAAM;AAAA,gBACL,SAAS;AAAA,gBACT,QAAQ;AAAA,cACT;AAAA,YACD,CAAC;AAAA,UACF;AACA,gBAAM,IAAI,QAAQ,gBAAgB,kBAAkB,IAAI,KAAK,OAAO;AAAA,YACnE,UAAU,IAAI,KAAK;AAAA,UACpB,CAAC;AACD,cAAI,IAAI,KAAK,aAAa;AACzB,mBAAO,IAAI,KAAK,KAAK;AAAA,cACpB,MAAM;AAAA,gBACL,KAAK,IAAI,KAAK;AAAA,gBACd,UAAU;AAAA,gBACV,GAAG;AAAA,cACJ;AAAA,YACD,CAAC;AAAA,UACF;AACA,iBAAO,IAAI,KAAK,GAAG;AAAA,QACpB;AAAA,MACD;AAAA,IACD;AAAA,IAEA,QAAQ;AAAA,MACP,MAAM;AAAA,QACL,QAAQ;AAAA,UACP,UAAU;AAAA,YACT,MAAM;AAAA,YACN,UAAU;AAAA,YACV,QAAQ;AAAA,YACR,UAAU;AAAA,UACX;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;;;AE7JA,SAAS,uBAAuB;AAQzB,IAAM,SAAS,MAAM;AAC3B,SAAO;AAAA,IACN,IAAI;AAAA,IACJ,OAAO;AAAA,MACN,QAAQ;AAAA,QACP;AAAA,UACC,QAAQ,SAAS;AAChB,mBACC,QAAQ,SAAS,QACf,IAAI,eAAe,GAClB,WAAW,SAAS,KAAK;AAAA,UAE9B;AAAA,UACA,SAAS,OAAO,QAAQ;AACvB,kBAAM,QAAQ,IAAI,SAAS,QACzB,IAAI,eAAe,GAClB,QAAQ,WAAW,EAAE;AACxB,gBAAI,CAAC,OAAO;AACX,oBAAM,IAAI,gBAAgB,gBAAgB;AAAA,YAC3C;AACA,kBAAM,UAAU,IAAI,WAAW,IAAI,QAAQ;AAC3C,kBAAM,cAAc,MAAM;AAAA,cACzB;AAAA,cACA;AAAA,cACA,IAAI,QAAQ;AAAA,YACb;AACA,oBAAQ;AAAA,cACP;AAAA,cACA,GACC,IAAI,QAAQ,YAAY,aAAa,IACtC,IAAI,YAAY,QAAQ,KAAK,EAAE,CAAC;AAAA,YACjC;AAAA,UACD;AAAA,QACD;AAAA,MACD;AAAA,IACD;AAAA,EACD;AACD;","names":["APIError","z","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","error","parseJWT","parseJWT","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","betterFetch","APIError","z","z","z","APIError","z","z","Argon2id","z","z","Argon2id","TimeSpan","createJWT","validateJWT","z","z","createJWT","TimeSpan","validateJWT","organization","role","APIError","APIError","z","z","z","role","organization","z","z","role","z","z","organization","role","z","APIError","role","alphabet","generateRandomString","alphabet","generateRandomString","z","APIError","APIError","generateRandomString","alphabet","z","APIError","z","APIError","z","APIError","TimeSpan","z","TimeSpan","APIError","z","generateRandomString","alphabet","APIError","alphabet","generateRandomString","z","generateRandomString","alphabet","options","passkey","z","APIError","z","Argon2id","APIError","alphabet","generateRandomString","Argon2id","z","z","Argon2id","generateRandomString","alphabet","z","Argon2id","APIError"]}
|