covara 0.0.1 → 0.6.0

package/dist/auth/adapters/jwt.js

@@ -0,0 +1,368 @@
+import { Hono } from "hono";
+import { getCookie, setCookie, deleteCookie } from "hono/cookie";
+import jwt from "jsonwebtoken";
+import { BaseAuthAdapter } from "../adapter.js";
+import { readJsonBody } from "../../server/request.js";
+import { isProduction } from "../../server/env.js";
+export class JWTAdapter extends BaseAuthAdapter {
+    constructor(options) {
+        super({ sessionStore: options.refreshTokenStore });
+        this.name = "jwt";
+        this.jwtConfig = {
+            algorithm: "HS256",
+            accessTokenTtl: 15 * 60,
+            refreshTokenTtl: 7 * 24 * 60 * 60,
+            clockTolerance: 30,
+            ...options.jwt,
+        };
+        this.getUserByIdFn = options.getUserById;
+        this.validatePasswordFn = options.validatePassword;
+        this.createUserFn = options.createUser;
+        this.refreshStore = options.refreshTokenStore;
+        this.getUserContextFn = options.getUserContext;
+        this.onTokenRefreshFn = options.onTokenRefresh;
+    }
+    extractCredentials(c) {
+        const authHeader = c.req.header("authorization");
+        if (authHeader?.startsWith("Bearer ")) {
+            return { type: "bearer", token: authHeader.slice(7) };
+        }
+        const refreshToken = getCookie(c, "refreshToken");
+        if (refreshToken && c.req.path.endsWith("/refresh")) {
+            return { type: "bearer", token: refreshToken };
+        }
+        return null;
+    }
+    async validateCredentials(credentials) {
+        if (credentials.type !== "bearer" || !credentials.token) {
+            return { success: false, error: "Invalid credential type" };
+        }
+        try {
+            const verifyOptions = {
+                algorithms: [this.jwtConfig.algorithm],
+                clockTolerance: this.jwtConfig.clockTolerance,
+            };
+            if (this.jwtConfig.issuer)
+                verifyOptions.issuer = this.jwtConfig.issuer;
+            if (this.jwtConfig.audience) {
+                verifyOptions.audience = Array.isArray(this.jwtConfig.audience)
+                    ? this.jwtConfig.audience[0]
+                    : this.jwtConfig.audience;
+            }
+            const key = this.jwtConfig.publicKey ?? this.jwtConfig.secret;
+            const payload = jwt.verify(credentials.token, key, verifyOptions);
+            const userContext = this.createContextFromPayload(payload);
+            return {
+                success: true,
+                user: userContext,
+                expiresAt: payload.exp ? new Date(payload.exp * 1000) : undefined,
+            };
+        }
+        catch (error) {
+            if (error instanceof jwt.TokenExpiredError) {
+                return { success: false, error: "Token expired" };
+            }
+            if (error instanceof jwt.JsonWebTokenError) {
+                return { success: false, error: "Invalid token" };
+            }
+            return { success: false, error: "Token validation failed" };
+        }
+    }
+    createContextFromPayload(payload) {
+        if (this.getUserContextFn) {
+            return this.getUserContextFn({
+                id: payload.sub,
+                email: payload.email,
+                name: payload.name,
+                image: payload.image,
+                emailVerified: payload.emailVerified ? new Date() : null,
+                metadata: payload.metadata,
+            }, payload);
+        }
+        return {
+            id: payload.sub,
+            email: payload.email ?? null,
+            name: payload.name ?? null,
+            image: payload.image ?? null,
+            emailVerified: payload.emailVerified ? new Date() : null,
+            sessionId: payload.jti ?? `jwt:${payload.sub}`,
+            sessionExpiresAt: payload.exp
+                ? new Date(payload.exp * 1000)
+                : new Date(Date.now() + 3600000),
+            metadata: payload.metadata,
+        };
+    }
+    generateTokens(user) {
+        const jti = crypto.randomUUID();
+        const accessPayload = {
+            sub: user.id,
+            email: user.email ?? undefined,
+            name: user.name ?? undefined,
+            image: user.image ?? undefined,
+            emailVerified: user.emailVerified ? true : false,
+            metadata: user.metadata,
+            jti,
+        };
+        const signOptions = {
+            algorithm: this.jwtConfig.algorithm,
+            expiresIn: this.jwtConfig.accessTokenTtl,
+        };
+        if (this.jwtConfig.issuer)
+            signOptions.issuer = this.jwtConfig.issuer;
+        if (this.jwtConfig.audience)
+            signOptions.audience = this.jwtConfig.audience;
+        const accessToken = jwt.sign(accessPayload, this.jwtConfig.secret, signOptions);
+        const refreshPayload = {
+            sub: user.id,
+            jti: `refresh:${jti}`,
+        };
+        const refreshToken = jwt.sign(refreshPayload, this.jwtConfig.secret, {
+            ...signOptions,
+            expiresIn: this.jwtConfig.refreshTokenTtl,
+        });
+        return {
+            accessToken,
+            refreshToken,
+            expiresIn: this.jwtConfig.accessTokenTtl,
+        };
+    }
+    async getSession(token) {
+        if (!this.refreshStore)
+            return null;
+        try {
+            const payload = jwt.decode(token);
+            if (!payload?.jti)
+                return null;
+            const stored = await this.refreshStore.get(payload.jti);
+            return stored;
+        }
+        catch {
+            return null;
+        }
+    }
+    async invalidateSession(token) {
+        if (!this.refreshStore)
+            return;
+        try {
+            const payload = jwt.decode(token);
+            if (payload?.jti) {
+                await this.refreshStore.delete(payload.jti);
+            }
+        }
+        catch {
+            // Ignore decode errors on logout
+        }
+    }
+    get middleware() {
+        return async (c, next) => {
+            try {
+                const credentials = this.extractCredentials(c);
+                if (!credentials) {
+                    return next();
+                }
+                const result = await this.validateCredentials(credentials);
+                if (!result.success || !result.user) {
+                    return next();
+                }
+                c.set("user", result.user);
+                return next();
+            }
+            catch {
+                return next();
+            }
+        };
+    }
+    setRefreshCookie(c, refreshToken) {
+        setCookie(c, "refreshToken", refreshToken, {
+            httpOnly: true,
+            secure: isProduction(),
+            sameSite: "strict",
+            maxAge: this.jwtConfig.refreshTokenTtl,
+            path: "/",
+        });
+    }
+    async storeRefreshSession(accessToken, userId) {
+        if (!this.refreshStore)
+            return;
+        const decoded = jwt.decode(accessToken);
+        const jti = `refresh:${decoded.jti}`;
+        await this.refreshStore.set(jti, {
+            id: jti,
+            userId,
+            createdAt: new Date(),
+            expiresAt: new Date(Date.now() + this.jwtConfig.refreshTokenTtl * 1000),
+        }, this.jwtConfig.refreshTokenTtl * 1000);
+    }
+    getRoutes() {
+        const router = new Hono();
+        router.get("/me", async (c) => {
+            const credentials = this.extractCredentials(c);
+            if (!credentials) {
+                return c.json({ user: null });
+            }
+            const result = await this.validateCredentials(credentials);
+            if (!result.success) {
+                return c.json({ user: null });
+            }
+            return c.json({ user: result.user, expiresAt: result.expiresAt });
+        });
+        if (this.validatePasswordFn) {
+            router.post("/login", async (c) => {
+                const { email, password } = (await readJsonBody(c));
+                if (!email || !password) {
+                    return c.json({
+                        error: {
+                            code: "INVALID_INPUT",
+                            message: "Email and password required",
+                        },
+                    }, 400);
+                }
+                const user = await this.validatePasswordFn(email, password);
+                if (!user) {
+                    return c.json({
+                        error: {
+                            code: "INVALID_CREDENTIALS",
+                            message: "Invalid email or password",
+                        },
+                    }, 401);
+                }
+                const tokens = this.generateTokens(user);
+                await this.storeRefreshSession(tokens.accessToken, user.id);
+                this.setRefreshCookie(c, tokens.refreshToken);
+                return c.json({
+                    accessToken: tokens.accessToken,
+                    expiresIn: tokens.expiresIn,
+                    tokenType: "Bearer",
+                });
+            });
+        }
+        if (this.createUserFn) {
+            router.post("/signup", async (c) => {
+                const { email, password, name } = (await readJsonBody(c));
+                if (!email || !password) {
+                    return c.json({
+                        error: {
+                            code: "INVALID_INPUT",
+                            message: "Email and password required",
+                        },
+                    }, 400);
+                }
+                try {
+                    const user = await this.createUserFn({ email, password, name });
+                    const tokens = this.generateTokens(user);
+                    await this.storeRefreshSession(tokens.accessToken, user.id);
+                    this.setRefreshCookie(c, tokens.refreshToken);
+                    return c.json({
+                        accessToken: tokens.accessToken,
+                        expiresIn: tokens.expiresIn,
+                        tokenType: "Bearer",
+                        user: {
+                            id: user.id,
+                            email: user.email,
+                            name: user.name,
+                        },
+                    }, 201);
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : "Failed to create user";
+                    return c.json({
+                        error: {
+                            code: "SIGNUP_FAILED",
+                            message,
+                        },
+                    }, 400);
+                }
+            });
+        }
+        router.post("/refresh", async (c) => {
+            const body = (await readJsonBody(c));
+            const refreshToken = getCookie(c, "refreshToken") ?? body?.refreshToken;
+            if (!refreshToken) {
+                return c.json({
+                    error: {
+                        code: "NO_REFRESH_TOKEN",
+                        message: "Refresh token required",
+                    },
+                }, 400);
+            }
+            try {
+                const payload = jwt.verify(refreshToken, this.jwtConfig.publicKey ?? this.jwtConfig.secret, { algorithms: [this.jwtConfig.algorithm] });
+                if (this.refreshStore) {
+                    const stored = await this.refreshStore.get(payload.jti);
+                    if (!stored) {
+                        return c.json({
+                            error: {
+                                code: "TOKEN_REVOKED",
+                                message: "Refresh token has been revoked",
+                            },
+                        }, 401);
+                    }
+                }
+                const user = await this.getUserByIdFn(payload.sub);
+                if (!user) {
+                    return c.json({
+                        error: { code: "USER_NOT_FOUND", message: "User not found" },
+                    }, 401);
+                }
+                const tokens = this.generateTokens(user);
+                if (this.refreshStore) {
+                    const oldJti = payload.jti;
+                    const newDecoded = jwt.decode(tokens.accessToken);
+                    const newJti = `refresh:${newDecoded.jti}`;
+                    await this.refreshStore.delete(oldJti);
+                    await this.refreshStore.set(newJti, {
+                        id: newJti,
+                        userId: user.id,
+                        createdAt: new Date(),
+                        expiresAt: new Date(Date.now() + this.jwtConfig.refreshTokenTtl * 1000),
+                    }, this.jwtConfig.refreshTokenTtl * 1000);
+                    await this.onTokenRefreshFn?.(user.id, oldJti, newJti);
+                }
+                this.setRefreshCookie(c, tokens.refreshToken);
+                return c.json({
+                    accessToken: tokens.accessToken,
+                    expiresIn: tokens.expiresIn,
+                    tokenType: "Bearer",
+                });
+            }
+            catch (error) {
+                if (error instanceof jwt.TokenExpiredError) {
+                    return c.json({
+                        error: {
+                            code: "REFRESH_TOKEN_EXPIRED",
+                            message: "Refresh token expired",
+                        },
+                    }, 401);
+                }
+                return c.json({
+                    error: {
+                        code: "INVALID_REFRESH_TOKEN",
+                        message: "Invalid refresh token",
+                    },
+                }, 401);
+            }
+        });
+        router.post("/logout", async (c) => {
+            const body = (await readJsonBody(c));
+            const refreshToken = getCookie(c, "refreshToken") ?? body?.refreshToken;
+            if (refreshToken && this.refreshStore) {
+                try {
+                    const payload = jwt.decode(refreshToken);
+                    if (payload?.jti) {
+                        await this.refreshStore.delete(payload.jti);
+                    }
+                }
+                catch {
+                    // Ignore decode errors
+                }
+            }
+            deleteCookie(c, "refreshToken", { path: "/" });
+            return c.json({ success: true });
+        });
+        return router;
+    }
+}
+export const createJWTAdapter = (options) => {
+    return new JWTAdapter(options);
+};
+//# sourceMappingURL=jwt.js.map

package/dist/auth/adapters/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/auth/adapters/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAwC,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,GAA8C,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAQ7C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAuD5C,MAAM,OAAO,UAAW,SAAQ,eAAe;IAa7C,YAAY,OAA0B;QACpC,KAAK,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;QAbrD,SAAI,GAAG,KAAK,CAAC;QAcX,IAAI,CAAC,SAAS,GAAG;YACf,SAAS,EAAE,OAAO;YAClB,cAAc,EAAE,EAAE,GAAG,EAAE;YACvB,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YACjC,cAAc,EAAE,EAAE;YAClB,GAAG,OAAO,CAAC,GAAG;SACf,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC;QACzC,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACnD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,UAAU,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,iBAAiB,CAAC;QAC9C,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,cAAc,CAAC;QAC/C,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,cAAc,CAAC;IACjD,CAAC;IAED,kBAAkB,CAAC,CAAU;QAC3B,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAClD,IAAI,YAAY,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC;QACjD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,WAA4B;QACpD,IAAI,WAAW,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YACxD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,GAAkB;gBACnC,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;gBACtC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc;aAC9C,CAAC;YAEF,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM;gBAAE,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YACxE,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;gBAC5B,aAAa,CAAC,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;oBAC7D,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAC5B,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;YAC9B,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;YAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CACxB,WAAW,CAAC,KAAK,EACjB,GAAG,EACH,aAAa,CACA,CAAC;YAEhB,MAAM,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,CAAC;YAE3D,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;aAClE,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;YACpD,CAAC;YACD,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;gBAC3C,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;YACpD,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,wBAAwB,CAAC,OAAmB;QAClD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,gBAAgB,CAC1B;gBACE,EAAE,EAAE,OAAO,CAAC,GAAG;gBACf,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,KAAK,EAAE,OAAO,CAAC,KAAK;gBACpB,aAAa,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI;gBACxD,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B,EACD,OAAO,CACR,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,OAAO,CAAC,GAAG;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;YAC1B,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI;YAC5B,aAAa,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI;YACxD,SAAS,EAAE,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,EAAE;YAC9C,gBAAgB,EAAE,OAAO,CAAC,GAAG;gBAC3B,CAAC,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC;gBAC9B,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,IAAa;QAKlC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,MAAM,aAAa,GAAe;YAChC,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;YAC9B,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,SAAS;YAC5B,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS;YAC9B,aAAa,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK;YAChD,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,GAAG;SACJ,CAAC;QAEF,MAAM,WAAW,GAAgB;YAC/B,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS;YACnC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc;SACzC,CAAC;QAEF,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM;YAAE,WAAW,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;QACtE,IAAI,IAAI,CAAC,SAAS,CAAC,QAAQ;YAAE,WAAW,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;QAE5E,MAAM,WAAW,GAAG,GAAG,CAAC,IAAI,CAC1B,aAAa,EACb,IAAI,CAAC,SAAS,CAAC,MAAM,EACrB,WAAW,CACZ,CAAC;QAEF,MAAM,cAAc,GAAe;YACjC,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,GAAG,EAAE,WAAW,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE;YACnE,GAAG,WAAW;YACd,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe;SAC1C,CAAC,CAAC;QAEH,OAAO;YACL,WAAW;YACX,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,cAAc;SACzC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAEpC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAsB,CAAC;YACvD,IAAI,CAAC,OAAO,EAAE,GAAG;gBAAE,OAAO,IAAI,CAAC;YAE/B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,KAAa;QACnC,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QAE/B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAsB,CAAC;YACvD,IAAI,OAAO,EAAE,GAAG,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,iCAAiC;QACnC,CAAC;IACH,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;YACvB,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;gBAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;gBAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;oBACpC,OAAO,IAAI,EAAE,CAAC;gBAChB,CAAC;gBAED,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;gBAC3B,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,CAAU,EAAE,YAAoB;QACvD,SAAS,CAAC,CAAC,EAAE,cAAc,EAAE,YAAY,EAAE;YACzC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,YAAY,EAAE;YACtB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,eAAe;YACtC,IAAI,EAAE,GAAG;SACV,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,WAAmB,EAAE,MAAc;QACnE,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,OAAO;QAC/B,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,CAAe,CAAC;QACtD,MAAM,GAAG,GAAG,WAAW,OAAO,CAAC,GAAG,EAAE,CAAC;QACrC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CACzB,GAAG,EACH;YACE,EAAE,EAAE,GAAG;YACP,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,GAAG,IAAI,CAAC;SACxE,EACD,IAAI,CAAC,SAAS,CAAC,eAAe,GAAG,IAAI,CACtC,CAAC;IACJ,CAAC;IAED,SAAS;QACP,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAE1B,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBAChC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,CAAmB,CAAC;gBAEtE,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACxB,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE;4BACL,IAAI,EAAE,eAAe;4BACrB,OAAO,EAAE,6BAA6B;yBACvC;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,kBAAmB,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBAC7D,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE;4BACL,IAAI,EAAE,qBAAqB;4BAC3B,OAAO,EAAE,2BAA2B;yBACrC;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAEzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;gBAE5D,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBAE9C,OAAO,CAAC,CAAC,IAAI,CAAC;oBACZ,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,SAAS,EAAE,QAAQ;iBACpB,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBACjC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,CAAmB,CAAC;gBAE5E,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACxB,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE;4BACL,IAAI,EAAE,eAAe;4BACrB,OAAO,EAAE,6BAA6B;yBACvC;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAa,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;oBACjE,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;oBAEzC,MAAM,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;oBAE5D,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;oBAE9C,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,WAAW,EAAE,MAAM,CAAC,WAAW;wBAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;wBAC3B,SAAS,EAAE,QAAQ;wBACnB,IAAI,EAAE;4BACJ,EAAE,EAAE,IAAI,CAAC,EAAE;4BACX,KAAK,EAAE,IAAI,CAAC,KAAK;4BACjB,IAAI,EAAE,IAAI,CAAC,IAAI;yBAChB;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,uBAAuB,CAAC;oBACjF,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE;4BACL,IAAI,EAAE,eAAe;4BACrB,OAAO;yBACR;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YAClC,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,CAAmB,CAAC;YACvD,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,IAAI,IAAI,EAAE,YAAY,CAAC;YAExE,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,KAAK,EAAE;wBACL,IAAI,EAAE,kBAAkB;wBACxB,OAAO,EAAE,wBAAwB;qBAClC;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CACxB,YAAY,EACZ,IAAI,CAAC,SAAS,CAAC,SAAS,IAAI,IAAI,CAAC,SAAS,CAAC,MAAM,EACjD,EAAE,UAAU,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,CAC7B,CAAC;gBAEhB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,GAAI,CAAC,CAAC;oBACzD,IAAI,CAAC,MAAM,EAAE,CAAC;wBACZ,OAAO,CAAC,CAAC,IAAI,CACX;4BACE,KAAK,EAAE;gCACL,IAAI,EAAE,eAAe;gCACrB,OAAO,EAAE,gCAAgC;6BAC1C;yBACF,EACD,GAAG,CACJ,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACnD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,EAAE;qBAC7D,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;gBAEzC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAI,CAAC;oBAC5B,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAe,CAAC;oBAChE,MAAM,MAAM,GAAG,WAAW,UAAU,CAAC,GAAG,EAAE,CAAC;oBAE3C,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBACvC,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CACzB,MAAM,EACN;wBACE,EAAE,EAAE,MAAM;wBACV,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,SAAS,EAAE,IAAI,IAAI,CACjB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,eAAe,GAAG,IAAI,CACnD;qBACF,EACD,IAAI,CAAC,SAAS,CAAC,eAAe,GAAG,IAAI,CACtC,CAAC;oBAEF,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBACzD,CAAC;gBAED,IAAI,CAAC,gBAAgB,CAAC,CAAC,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;gBAE9C,OAAO,CAAC,CAAC,IAAI,CAAC;oBACZ,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,SAAS,EAAE,MAAM,CAAC,SAAS;oBAC3B,SAAS,EAAE,QAAQ;iBACpB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;oBAC3C,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE;4BACL,IAAI,EAAE,uBAAuB;4BAC7B,OAAO,EAAE,uBAAuB;yBACjC;qBACF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBACD,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,KAAK,EAAE;wBACL,IAAI,EAAE,uBAAuB;wBAC7B,OAAO,EAAE,uBAAuB;qBACjC;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,CAAmB,CAAC;YACvD,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,IAAI,IAAI,EAAE,YAAY,CAAC;YAExE,IAAI,YAAY,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACtC,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,YAAY,CAAsB,CAAC;oBAC9D,IAAI,OAAO,EAAE,GAAG,EAAE,CAAC;wBACjB,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBAC9C,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,uBAAuB;gBACzB,CAAC;YACH,CAAC;YAED,YAAY,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAA0B,EAAc,EAAE;IACzE,OAAO,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC;AACjC,CAAC,CAAC"}

package/dist/auth/adapters/oidc.d.ts

@@ -0,0 +1,120 @@
+import { Hono, type Context } from "hono";
+import { BaseAuthAdapter } from "../adapter.js";
+import { AuthCredentials, AuthResult, SessionData, SessionStore } from "../types.js";
+import { UserContext } from "../../resource/types.js";
+export interface OIDCProviderConfig {
+    name: string;
+    clientId: string;
+    clientSecret: string;
+    issuer: string;
+    authorizationEndpoint?: string;
+    tokenEndpoint?: string;
+    userinfoEndpoint?: string;
+    jwksUri?: string;
+    scopes?: string[];
+    redirectUri?: string;
+    responseType?: "code" | "id_token" | "code id_token";
+    pkce?: boolean;
+    audience?: string;
+    clockTolerance?: number;
+}
+export interface OIDCUserInfo {
+    sub: string;
+    email?: string;
+    email_verified?: boolean;
+    name?: string;
+    given_name?: string;
+    family_name?: string;
+    picture?: string;
+    locale?: string;
+}
+export interface OIDCAccount {
+    id: string;
+    userId: string;
+    provider: string;
+    providerAccountId: string;
+    accessToken?: string;
+    refreshToken?: string;
+    accessTokenExpiresAt?: Date;
+    refreshTokenExpiresAt?: Date;
+    scope?: string;
+    idToken?: string;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface OIDCUser {
+    id: string;
+    email?: string | null;
+    name?: string | null;
+    image?: string | null;
+    emailVerified?: Date | null;
+    metadata?: Record<string, unknown>;
+}
+export interface OIDCAdapterOptions {
+    providers: OIDCProviderConfig[];
+    baseUrl: string;
+    callbackPath?: string;
+    findUserByAccount?: (provider: string, providerAccountId: string) => Promise<OIDCUser | null>;
+    createUser?: (userInfo: OIDCUserInfo, provider: string) => Promise<OIDCUser>;
+    linkAccount?: (userId: string, account: Omit<OIDCAccount, "id" | "createdAt" | "updatedAt">) => Promise<void>;
+    updateAccount?: (accountId: string, tokens: Partial<OIDCAccount>) => Promise<void>;
+    sessionStore?: SessionStore;
+    sessionTtlMs?: number;
+    getUserContext?: (user: OIDCUser, session: SessionData) => UserContext;
+    onSignIn?: (user: UserContext, account: OIDCAccount, isNewUser: boolean) => void | Promise<void>;
+    onLinkAccount?: (user: UserContext, account: OIDCAccount) => void | Promise<void>;
+    onError?: (error: Error, provider: string) => void;
+}
+export declare class OIDCAdapter extends BaseAuthAdapter {
+    name: string;
+    private providers;
+    private options;
+    private stateStore;
+    private discoveryCache;
+    constructor(options: OIDCAdapterOptions);
+    private discoverProvider;
+    getAuthorizationUrl(providerName: string, returnTo?: string): Promise<string>;
+    handleCallback(providerName: string, code: string, state: string): Promise<{
+        user: UserContext;
+        session: SessionData;
+        isNewUser: boolean;
+    }>;
+    extractCredentials(c: Context): AuthCredentials | null;
+    validateCredentials(credentials: AuthCredentials): Promise<AuthResult>;
+    getRoutes(): Hono;
+}
+export declare const createOIDCAdapter: (options: OIDCAdapterOptions) => OIDCAdapter;
+export declare const oidcProviders: {
+    google: (config: Partial<OIDCProviderConfig> & {
+        clientId: string;
+        clientSecret: string;
+    }) => OIDCProviderConfig;
+    microsoft: (config: Partial<OIDCProviderConfig> & {
+        clientId: string;
+        clientSecret: string;
+        tenantId?: string;
+    }) => OIDCProviderConfig;
+    okta: (config: Partial<OIDCProviderConfig> & {
+        clientId: string;
+        clientSecret: string;
+        domain: string;
+    }) => OIDCProviderConfig;
+    auth0: (config: Partial<OIDCProviderConfig> & {
+        clientId: string;
+        clientSecret: string;
+        domain: string;
+    }) => OIDCProviderConfig;
+    keycloak: (config: Partial<OIDCProviderConfig> & {
+        clientId: string;
+        clientSecret: string;
+        baseUrl: string;
+        realm: string;
+    }) => OIDCProviderConfig;
+    generic: (config: Partial<OIDCProviderConfig> & {
+        name: string;
+        clientId: string;
+        clientSecret: string;
+        issuer: string;
+    }) => OIDCProviderConfig;
+};
+//# sourceMappingURL=oidc.d.ts.map

package/dist/auth/adapters/oidc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../../src/auth/adapters/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,eAAe,EAAqB,MAAM,YAAY,CAAC;AAChE,OAAO,EACL,eAAe,EACf,UAAU,EACV,WAAW,EACX,YAAY,EACb,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAI/C,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,GAAG,UAAU,GAAG,eAAe,CAAC;IACrD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAuBD,MAAM,WAAW,YAAY;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,oBAAoB,CAAC,EAAE,IAAI,CAAC;IAC5B,qBAAqB,CAAC,EAAE,IAAI,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,kBAAkB,EAAE,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,CAClB,QAAQ,EAAE,MAAM,EAChB,iBAAiB,EAAE,MAAM,KACtB,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAC9B,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,WAAW,CAAC,EAAE,CACZ,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,GAAG,WAAW,GAAG,WAAW,CAAC,KACzD,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB,aAAa,CAAC,EAAE,CACd,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,KACzB,OAAO,CAAC,IAAI,CAAC,CAAC;IACnB,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,WAAW,KAAK,WAAW,CAAC;IACvE,QAAQ,CAAC,EAAE,CACT,IAAI,EAAE,WAAW,EACjB,OAAO,EAAE,WAAW,EACpB,SAAS,EAAE,OAAO,KACf,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,aAAa,CAAC,EAAE,CACd,IAAI,EAAE,WAAW,EACjB,OAAO,EAAE,WAAW,KACjB,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;CACpD;AAUD,qBAAa,WAAY,SAAQ,eAAe;IAC9C,IAAI,SAAU;IACd,OAAO,CAAC,SAAS,CAGf;IACF,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,UAAU,CAAqC;IACvD,OAAO,CAAC,cAAc,CAAiD;gBAE3D,OAAO,EAAE,kBAAkB;YASzB,gBAAgB;IAmBxB,mBAAmB,CACvB,YAAY,EAAE,MAAM,EACpB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAmDZ,cAAc,CAClB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC;QAAE,IAAI,EAAE,WAAW,CAAC;QAAC,OAAO,EAAE,WAAW,CAAC;QAAC,SAAS,EAAE,OAAO,CAAA;KAAE,CAAC;IA2G3E,kBAAkB,CAAC,CAAC,EAAE,OAAO,GAAG,eAAe,GAAG,IAAI;IAchD,mBAAmB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC;IAc5E,SAAS,IAAI,IAAI;CAmFlB;AAED,eAAO,MAAM,iBAAiB,GAAI,SAAS,kBAAkB,KAAG,WAE/D,CAAC;AAEF,eAAO,MAAM,aAAa;qBAEd,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;KACtB,KACA,kBAAkB;wBAQX,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,KACA,kBAAkB;mBAQX,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;KAChB,KACA,kBAAkB;oBAQX,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;KAChB,KACA,kBAAkB;uBAQX,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,KACA,kBAAkB;sBAQX,OAAO,CAAC,kBAAkB,CAAC,GAAG;QACpC,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,CAAC;KAChB,KACA,kBAAkB;CAKtB,CAAC"}