covara 0.0.1 → 0.6.0

package/dist/auth/adapters/oidc.js

@@ -0,0 +1,280 @@
+import { Hono } from "hono";
+import { getCookie, setCookie, deleteCookie } from "hono/cookie";
+import { BaseAuthAdapter, createUserContext } from "../adapter.js";
+import { isProduction } from "../../server/env.js";
+import * as crypto from "node:crypto";
+export class OIDCAdapter extends BaseAuthAdapter {
+    constructor(options) {
+        super({
+            sessionStore: options.sessionStore,
+            sessionTtlMs: options.sessionTtlMs,
+        });
+        this.name = "oidc";
+        this.stateStore = new Map();
+        this.discoveryCache = new Map();
+        this.options = options;
+        this.providers = new Map(options.providers.map((p) => [p.name, p]));
+    }
+    async discoverProvider(provider) {
+        const cached = this.discoveryCache.get(provider.issuer);
+        if (cached)
+            return cached;
+        const discoveryUrl = `${provider.issuer.replace(/\/$/, "")}/.well-known/openid-configuration`;
+        const response = await fetch(discoveryUrl);
+        if (!response.ok) {
+            throw new Error(`Failed to fetch OIDC discovery document from ${discoveryUrl}`);
+        }
+        const doc = (await response.json());
+        this.discoveryCache.set(provider.issuer, doc);
+        return doc;
+    }
+    async getAuthorizationUrl(providerName, returnTo) {
+        const provider = this.providers.get(providerName);
+        if (!provider)
+            throw new Error(`Unknown provider: ${providerName}`);
+        const discovery = await this.discoverProvider(provider);
+        const state = crypto.randomUUID();
+        const stateData = {
+            provider: providerName,
+            returnTo,
+            createdAt: Date.now(),
+        };
+        let codeChallenge;
+        if (provider.pkce !== false) {
+            const codeVerifier = crypto.randomBytes(32).toString("base64url");
+            stateData.codeVerifier = codeVerifier;
+            codeChallenge = crypto
+                .createHash("sha256")
+                .update(codeVerifier)
+                .digest("base64url");
+        }
+        stateData.nonce = crypto.randomUUID();
+        this.stateStore.set(state, stateData);
+        const authUrl = new URL(provider.authorizationEndpoint ?? discovery.authorization_endpoint);
+        const redirectUri = provider.redirectUri ??
+            `${this.options.baseUrl}${this.options.callbackPath ?? "/auth/oidc/callback"}/${providerName}`;
+        authUrl.searchParams.set("client_id", provider.clientId);
+        authUrl.searchParams.set("redirect_uri", redirectUri);
+        authUrl.searchParams.set("response_type", provider.responseType ?? "code");
+        authUrl.searchParams.set("scope", (provider.scopes ?? ["openid", "profile", "email"]).join(" "));
+        authUrl.searchParams.set("state", state);
+        authUrl.searchParams.set("nonce", stateData.nonce);
+        if (codeChallenge) {
+            authUrl.searchParams.set("code_challenge", codeChallenge);
+            authUrl.searchParams.set("code_challenge_method", "S256");
+        }
+        return authUrl.toString();
+    }
+    async handleCallback(providerName, code, state) {
+        const stateData = this.stateStore.get(state);
+        if (!stateData || stateData.provider !== providerName) {
+            throw new Error("Invalid state parameter");
+        }
+        if (Date.now() - stateData.createdAt > 10 * 60 * 1000) {
+            this.stateStore.delete(state);
+            throw new Error("State expired");
+        }
+        this.stateStore.delete(state);
+        const provider = this.providers.get(providerName);
+        const discovery = await this.discoverProvider(provider);
+        const tokenUrl = provider.tokenEndpoint ?? discovery.token_endpoint;
+        const redirectUri = provider.redirectUri ??
+            `${this.options.baseUrl}${this.options.callbackPath ?? "/auth/oidc/callback"}/${providerName}`;
+        const tokenParams = new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: redirectUri,
+            client_id: provider.clientId,
+            client_secret: provider.clientSecret,
+        });
+        if (stateData.codeVerifier) {
+            tokenParams.set("code_verifier", stateData.codeVerifier);
+        }
+        const tokenResponse = await fetch(tokenUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/x-www-form-urlencoded" },
+            body: tokenParams.toString(),
+        });
+        if (!tokenResponse.ok) {
+            throw new Error(`Token exchange failed: ${await tokenResponse.text()}`);
+        }
+        const tokens = (await tokenResponse.json());
+        const userInfoUrl = provider.userinfoEndpoint ?? discovery.userinfo_endpoint;
+        if (!userInfoUrl) {
+            throw new Error("No userinfo endpoint available");
+        }
+        const userInfoResponse = await fetch(userInfoUrl, {
+            headers: { Authorization: `Bearer ${tokens.access_token}` },
+        });
+        if (!userInfoResponse.ok) {
+            throw new Error("Failed to fetch user info");
+        }
+        const userInfo = (await userInfoResponse.json());
+        let user = await this.options.findUserByAccount?.(providerName, userInfo.sub);
+        let isNewUser = false;
+        if (!user) {
+            if (this.options.createUser) {
+                user = await this.options.createUser(userInfo, providerName);
+                isNewUser = true;
+            }
+            else {
+                throw new Error("User not found and auto-creation is disabled");
+            }
+        }
+        const accountData = {
+            userId: user.id,
+            provider: providerName,
+            providerAccountId: userInfo.sub,
+            accessToken: tokens.access_token,
+            refreshToken: tokens.refresh_token,
+            accessTokenExpiresAt: tokens.expires_in
+                ? new Date(Date.now() + tokens.expires_in * 1000)
+                : undefined,
+            idToken: tokens.id_token,
+            scope: tokens.scope,
+        };
+        if (isNewUser) {
+            await this.options.linkAccount?.(user.id, accountData);
+        }
+        const session = await this.createSession(user.id, { provider: providerName });
+        const userContext = this.options.getUserContext
+            ? this.options.getUserContext(user, session)
+            : createUserContext(user, session);
+        await this.options.onSignIn?.(userContext, accountData, isNewUser);
+        return { user: userContext, session, isNewUser };
+    }
+    extractCredentials(c) {
+        const sessionCookie = getCookie(c, "session");
+        if (sessionCookie) {
+            return { type: "session", sessionId: sessionCookie };
+        }
+        const authHeader = c.req.header("authorization");
+        if (authHeader?.startsWith("Bearer ")) {
+            return { type: "bearer", token: authHeader.slice(7) };
+        }
+        return null;
+    }
+    async validateCredentials(credentials) {
+        const token = credentials.sessionId ?? credentials.token;
+        if (!token) {
+            return { success: false, error: "No token provided" };
+        }
+        const session = await this.getSession(token);
+        if (!session) {
+            return { success: false, error: "Session not found or expired" };
+        }
+        return { success: true, expiresAt: session.expiresAt };
+    }
+    getRoutes() {
+        const router = new Hono();
+        router.get("/provider/:name", async (c) => {
+            const name = c.req.param("name");
+            try {
+                const returnTo = c.req.query("returnTo");
+                const authUrl = await this.getAuthorizationUrl(name, returnTo);
+                return c.redirect(authUrl, 302);
+            }
+            catch (error) {
+                this.options.onError?.(error, name);
+                return c.json({ error: "Failed to initiate OAuth flow" }, 400);
+            }
+        });
+        router.get("/callback/:name", async (c) => {
+            const name = c.req.param("name");
+            try {
+                const code = c.req.query("code");
+                const state = c.req.query("state");
+                const error = c.req.query("error");
+                const errorDescription = c.req.query("error_description");
+                if (error) {
+                    throw new Error(`OAuth error: ${error} - ${errorDescription}`);
+                }
+                if (!code || !state) {
+                    throw new Error("Missing code or state parameter");
+                }
+                const result = await this.handleCallback(name, code, state);
+                setCookie(c, "session", result.session.id, {
+                    httpOnly: true,
+                    secure: isProduction(),
+                    sameSite: "lax",
+                    expires: result.session.expiresAt,
+                });
+                const stateData = this.stateStore.get(state);
+                const returnTo = stateData?.returnTo ?? "/";
+                return c.redirect(returnTo, 302);
+            }
+            catch (error) {
+                this.options.onError?.(error, name);
+                return c.json({ error: "OAuth callback failed" }, 400);
+            }
+        });
+        router.get("/providers", (c) => {
+            const providers = Array.from(this.providers.keys()).map((name) => ({
+                name,
+                authUrl: `/auth/oidc/provider/${name}`,
+            }));
+            return c.json({ providers });
+        });
+        router.get("/me", async (c) => {
+            const credentials = this.extractCredentials(c);
+            if (!credentials) {
+                return c.json({ user: null });
+            }
+            const result = await this.validateCredentials(credentials);
+            if (!result.success) {
+                return c.json({ user: null });
+            }
+            return c.json({ expiresAt: result.expiresAt });
+        });
+        router.post("/logout", async (c) => {
+            const credentials = this.extractCredentials(c);
+            if (credentials?.sessionId) {
+                await this.invalidateSession(credentials.sessionId);
+            }
+            deleteCookie(c, "session");
+            return c.json({ success: true });
+        });
+        return router;
+    }
+}
+export const createOIDCAdapter = (options) => {
+    return new OIDCAdapter(options);
+};
+export const oidcProviders = {
+    google: (config) => ({
+        name: "google",
+        issuer: "https://accounts.google.com",
+        scopes: ["openid", "profile", "email"],
+        ...config,
+    }),
+    microsoft: (config) => ({
+        name: "microsoft",
+        issuer: `https://login.microsoftonline.com/${config.tenantId ?? "common"}/v2.0`,
+        scopes: ["openid", "profile", "email"],
+        ...config,
+    }),
+    okta: (config) => ({
+        name: "okta",
+        issuer: `https://${config.domain}`,
+        scopes: ["openid", "profile", "email"],
+        ...config,
+    }),
+    auth0: (config) => ({
+        name: "auth0",
+        issuer: `https://${config.domain}`,
+        scopes: ["openid", "profile", "email"],
+        ...config,
+    }),
+    keycloak: (config) => ({
+        name: "keycloak",
+        issuer: `${config.baseUrl}/realms/${config.realm}`,
+        scopes: ["openid", "profile", "email"],
+        ...config,
+    }),
+    generic: (config) => ({
+        scopes: ["openid", "profile", "email"],
+        pkce: true,
+        ...config,
+    }),
+};
+//# sourceMappingURL=oidc.js.map

package/dist/auth/adapters/oidc.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../../src/auth/adapters/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAQhE,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAmHtC,MAAM,OAAO,WAAY,SAAQ,eAAe;IAU9C,YAAY,OAA2B;QACrC,KAAK,CAAC;YACJ,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAbL,SAAI,GAAG,MAAM,CAAC;QAMN,eAAU,GAA2B,IAAI,GAAG,EAAE,CAAC;QAC/C,mBAAc,GAAuC,IAAI,GAAG,EAAE,CAAC;QAOrE,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,QAA4B;QAE5B,MAAM,MAAM,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACxD,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;QAE1B,MAAM,YAAY,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,mCAAmC,CAAC;QAC9F,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;QAC3C,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,gDAAgD,YAAY,EAAE,CAC/D,CAAC;QACJ,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA0B,CAAC;QAC7D,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAC9C,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,YAAoB,EACpB,QAAiB;QAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAClD,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,YAAY,EAAE,CAAC,CAAC;QAEpE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAExD,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,SAAS,GAAc;YAC3B,QAAQ,EAAE,YAAY;YACtB,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,IAAI,aAAiC,CAAC;QACtC,IAAI,QAAQ,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;YAC5B,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;YAClE,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;YACtC,aAAa,GAAG,MAAM;iBACnB,UAAU,CAAC,QAAQ,CAAC;iBACpB,MAAM,CAAC,YAAY,CAAC;iBACpB,MAAM,CAAC,WAAW,CAAC,CAAC;QACzB,CAAC;QAED,SAAS,CAAC,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAEtC,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,QAAQ,CAAC,qBAAqB,IAAI,SAAS,CAAC,sBAAsB,CACnE,CAAC;QACF,MAAM,WAAW,GACf,QAAQ,CAAC,WAAW;YACpB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,qBAAqB,IAAI,YAAY,EAAE,CAAC;QAEjG,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,QAAQ,CAAC,YAAY,IAAI,MAAM,CAAC,CAAC;QAC3E,OAAO,CAAC,YAAY,CAAC,GAAG,CACtB,OAAO,EACP,CAAC,QAAQ,CAAC,MAAM,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAC9D,CAAC;QACF,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACzC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC;QAEnD,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;YAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;QAC5D,CAAC;QAED,OAAO,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,YAAoB,EACpB,IAAY,EACZ,KAAa;QAEb,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;YACtD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAE9B,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,CAAE,CAAC;QACnD,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,IAAI,SAAS,CAAC,cAAc,CAAC;QACpE,MAAM,WAAW,GACf,QAAQ,CAAC,WAAW;YACpB,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,IAAI,qBAAqB,IAAI,YAAY,EAAE,CAAC;QAEjG,MAAM,WAAW,GAAG,IAAI,eAAe,CAAC;YACtC,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,YAAY,EAAE,WAAW;YACzB,SAAS,EAAE,QAAQ,CAAC,QAAQ;YAC5B,aAAa,EAAE,QAAQ,CAAC,YAAY;SACrC,CAAC,CAAC;QAEH,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;YAC3B,WAAW,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,YAAY,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,WAAW,CAAC,QAAQ,EAAE;SAC7B,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAsB,CAAC;QAEjE,MAAM,WAAW,GAAG,QAAQ,CAAC,gBAAgB,IAAI,SAAS,CAAC,iBAAiB,CAAC;QAC7E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;YAChD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,CAAC,YAAY,EAAE,EAAE;SAC5D,CAAC,CAAC;QAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,QAAQ,GAAG,CAAC,MAAM,gBAAgB,CAAC,IAAI,EAAE,CAAiB,CAAC;QAEjE,IAAI,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAC/C,YAAY,EACZ,QAAQ,CAAC,GAAG,CACb,CAAC;QACF,IAAI,SAAS,GAAG,KAAK,CAAC;QAEtB,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;gBAC5B,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;gBAC7D,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAClE,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAwD;YACvE,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,QAAQ,EAAE,YAAY;YACtB,iBAAiB,EAAE,QAAQ,CAAC,GAAG;YAC/B,WAAW,EAAE,MAAM,CAAC,YAAY;YAChC,YAAY,EAAE,MAAM,CAAC,aAAa;YAClC,oBAAoB,EAAE,MAAM,CAAC,UAAU;gBACrC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBACjD,CAAC,CAAC,SAAS;YACb,OAAO,EAAE,MAAM,CAAC,QAAQ;YACxB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;QACzD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAE9E,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc;YAC7C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC;YAC5C,CAAC,CAAC,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAErC,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAC3B,WAAW,EACX,WAA0B,EAC1B,SAAS,CACV,CAAC;QAEF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;IACnD,CAAC;IAED,kBAAkB,CAAC,CAAU;QAC3B,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC9C,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,WAA4B;QACpD,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,IAAI,WAAW,CAAC,KAAK,CAAC;QACzD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;QACnE,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;IACzD,CAAC;IAED,SAAS;QACP,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAE1B,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;gBAC/D,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YAClC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAc,EAAE,IAAI,CAAC,CAAC;gBAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,EAAE,GAAG,CAAC,CAAC;YACjE,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACnC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACnC,MAAM,gBAAgB,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAE1D,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,IAAI,KAAK,CAAC,gBAAgB,KAAK,MAAM,gBAAgB,EAAE,CAAC,CAAC;gBACjE,CAAC;gBAED,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACpB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;gBACrD,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;gBAE5D,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE;oBACzC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,YAAY,EAAE;oBACtB,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,SAAS;iBAClC,CAAC,CAAC;gBAEH,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBAC7C,MAAM,QAAQ,GAAG,SAAS,EAAE,QAAQ,IAAI,GAAG,CAAC;gBAC5C,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;YACnC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAc,EAAE,IAAI,CAAC,CAAC;gBAC7C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE;YAC7B,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACjE,IAAI;gBACJ,OAAO,EAAE,uBAAuB,IAAI,EAAE;aACvC,CAAC,CAAC,CAAC;YACJ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,WAAW,EAAE,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACtD,CAAC;YAED,YAAY,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;YAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,OAA2B,EAAe,EAAE;IAC5E,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,MAAM,EAAE,CACN,MAGC,EACmB,EAAE,CAAC,CAAC;QACxB,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,6BAA6B;QACrC,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,GAAG,MAAM;KACV,CAAC;IAEF,SAAS,EAAE,CACT,MAIC,EACmB,EAAE,CAAC,CAAC;QACxB,IAAI,EAAE,WAAW;QACjB,MAAM,EAAE,qCAAqC,MAAM,CAAC,QAAQ,IAAI,QAAQ,OAAO;QAC/E,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,GAAG,MAAM;KACV,CAAC;IAEF,IAAI,EAAE,CACJ,MAIC,EACmB,EAAE,CAAC,CAAC;QACxB,IAAI,EAAE,MAAM;QACZ,MAAM,EAAE,WAAW,MAAM,CAAC,MAAM,EAAE;QAClC,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,GAAG,MAAM;KACV,CAAC;IAEF,KAAK,EAAE,CACL,MAIC,EACmB,EAAE,CAAC,CAAC;QACxB,IAAI,EAAE,OAAO;QACb,MAAM,EAAE,WAAW,MAAM,CAAC,MAAM,EAAE;QAClC,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,GAAG,MAAM;KACV,CAAC;IAEF,QAAQ,EAAE,CACR,MAKC,EACmB,EAAE,CAAC,CAAC;QACxB,IAAI,EAAE,UAAU;QAChB,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC,KAAK,EAAE;QAClD,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,GAAG,MAAM;KACV,CAAC;IAEF,OAAO,EAAE,CACP,MAKC,EACmB,EAAE,CAAC,CAAC;QACxB,MAAM,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;QACtC,IAAI,EAAE,IAAI;QACV,GAAG,MAAM;KACV,CAAC;CACH,CAAC"}

package/dist/auth/adapters/passport.d.ts

@@ -0,0 +1,44 @@
+import { Hono, type Context } from "hono";
+import { BaseAuthAdapter } from "../adapter.js";
+import { AuthCredentials, AuthResult, SessionData, SessionStore } from "../types.js";
+import { UserContext } from "../../resource/types.js";
+export interface PassportAdapterOptions {
+    getUserById: (id: string) => Promise<{
+        id: string;
+        email?: string | null;
+        name?: string | null;
+        image?: string | null;
+        emailVerified?: Date | null;
+        metadata?: Record<string, unknown>;
+    } | null>;
+    validatePassword?: (username: string, password: string) => Promise<{
+        id: string;
+        email?: string | null;
+        name?: string | null;
+        image?: string | null;
+        emailVerified?: Date | null;
+        metadata?: Record<string, unknown>;
+    } | null>;
+    validateApiKey?: (apiKey: string) => Promise<{
+        userId: string;
+        scopes?: string[];
+    } | null>;
+    sessionStore?: SessionStore;
+    sessionTtlMs?: number;
+    getUserContext?: (user: any, session: SessionData) => UserContext;
+}
+export declare class PassportAdapter extends BaseAuthAdapter {
+    name: string;
+    private getUserById;
+    private validatePassword?;
+    private validateApiKey?;
+    private getUserContextFn?;
+    constructor(options: PassportAdapterOptions);
+    extractCredentials(c: Context): AuthCredentials | null;
+    validateCredentials(credentials: AuthCredentials): Promise<AuthResult>;
+    private createContext;
+    getRoutes(): Hono;
+}
+export declare const createPassportAdapter: (options: PassportAdapterOptions) => PassportAdapter;
+export declare const fromPassportUser: (passportUser: any, sessionId: string) => UserContext;
+//# sourceMappingURL=passport.d.ts.map

package/dist/auth/adapters/passport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport.d.ts","sourceRoot":"","sources":["../../../src/auth/adapters/passport.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,OAAO,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,EAAE,eAAe,EAAqB,MAAM,YAAY,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAI/C,MAAM,WAAW,sBAAsB;IACrC,WAAW,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC;QACnC,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;QAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC,CAAC;IACV,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QACjE,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,aAAa,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;QAC5B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACpC,GAAG,IAAI,CAAC,CAAC;IACV,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC;QAC3C,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,GAAG,IAAI,CAAC,CAAC;IACV,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,cAAc,CAAC,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,KAAK,WAAW,CAAC;CACnE;AAED,qBAAa,eAAgB,SAAQ,eAAe;IAClD,IAAI,SAAc;IAClB,OAAO,CAAC,WAAW,CAAwC;IAC3D,OAAO,CAAC,gBAAgB,CAAC,CAA6C;IACtE,OAAO,CAAC,cAAc,CAAC,CAA2C;IAClE,OAAO,CAAC,gBAAgB,CAAC,CAA2C;gBAExD,OAAO,EAAE,sBAAsB;IAW3C,kBAAkB,CAAC,CAAC,EAAE,OAAO,GAAG,eAAe,GAAG,IAAI;IA+BhD,mBAAmB,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC;IA8G5E,OAAO,CAAC,aAAa;IAUrB,SAAS,IAAI,IAAI;CAuElB;AAED,eAAO,MAAM,qBAAqB,GAAI,SAAS,sBAAsB,KAAG,eAEvE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAC3B,cAAc,GAAG,EACjB,WAAW,MAAM,KAChB,WAmBF,CAAC"}

package/dist/auth/adapters/passport.js

@@ -0,0 +1,206 @@
+import { Hono } from "hono";
+import { getCookie, setCookie, deleteCookie } from "hono/cookie";
+import { BaseAuthAdapter, createUserContext } from "../adapter.js";
+import { readJsonBody } from "../../server/request.js";
+import { isProduction } from "../../server/env.js";
+export class PassportAdapter extends BaseAuthAdapter {
+    constructor(options) {
+        super({
+            sessionStore: options.sessionStore,
+            sessionTtlMs: options.sessionTtlMs,
+        });
+        this.name = "passport";
+        this.getUserById = options.getUserById;
+        this.validatePassword = options.validatePassword;
+        this.validateApiKey = options.validateApiKey;
+        this.getUserContextFn = options.getUserContext;
+    }
+    extractCredentials(c) {
+        const passportSessionId = getCookie(c, "connect.sid");
+        if (passportSessionId) {
+            return { type: "session", sessionId: passportSessionId };
+        }
+        const sessionCookie = getCookie(c, "session");
+        if (sessionCookie) {
+            return { type: "session", sessionId: sessionCookie };
+        }
+        const authHeader = c.req.header("authorization");
+        if (authHeader?.startsWith("Bearer ")) {
+            return { type: "bearer", token: authHeader.slice(7) };
+        }
+        if (authHeader?.startsWith("Basic ")) {
+            const base64 = authHeader.slice(6);
+            const decoded = Buffer.from(base64, "base64").toString("utf-8");
+            const [username, password] = decoded.split(":");
+            return { type: "basic", username, password };
+        }
+        const apiKey = c.req.header("x-api-key");
+        if (typeof apiKey === "string") {
+            return { type: "apiKey", apiKey };
+        }
+        return null;
+    }
+    async validateCredentials(credentials) {
+        try {
+            switch (credentials.type) {
+                case "session": {
+                    if (!credentials.sessionId) {
+                        return { success: false, error: "No session ID" };
+                    }
+                    const session = await this.getSession(credentials.sessionId);
+                    if (!session) {
+                        return { success: false, error: "Session not found or expired" };
+                    }
+                    const user = await this.getUserById(session.userId);
+                    if (!user) {
+                        return { success: false, error: "User not found" };
+                    }
+                    const userContext = this.createContext(user, session);
+                    return { success: true, user: userContext, expiresAt: session.expiresAt };
+                }
+                case "bearer": {
+                    if (!credentials.token) {
+                        return { success: false, error: "No token provided" };
+                    }
+                    const session = await this.getSession(credentials.token);
+                    if (!session) {
+                        return { success: false, error: "Invalid token" };
+                    }
+                    const user = await this.getUserById(session.userId);
+                    if (!user) {
+                        return { success: false, error: "User not found" };
+                    }
+                    const userContext = this.createContext(user, session);
+                    return { success: true, user: userContext, expiresAt: session.expiresAt };
+                }
+                case "basic": {
+                    if (!this.validatePassword) {
+                        return { success: false, error: "Password authentication not configured" };
+                    }
+                    if (!credentials.username || !credentials.password) {
+                        return { success: false, error: "Username and password required" };
+                    }
+                    const user = await this.validatePassword(credentials.username, credentials.password);
+                    if (!user) {
+                        return { success: false, error: "Invalid credentials" };
+                    }
+                    const session = await this.createSession(user.id);
+                    const userContext = this.createContext(user, session);
+                    return { success: true, user: userContext, expiresAt: session.expiresAt };
+                }
+                case "apiKey": {
+                    if (!this.validateApiKey) {
+                        return { success: false, error: "API key authentication not configured" };
+                    }
+                    if (!credentials.apiKey) {
+                        return { success: false, error: "API key required" };
+                    }
+                    const keyData = await this.validateApiKey(credentials.apiKey);
+                    if (!keyData) {
+                        return { success: false, error: "Invalid API key" };
+                    }
+                    const user = await this.getUserById(keyData.userId);
+                    if (!user) {
+                        return { success: false, error: "User not found" };
+                    }
+                    const session = {
+                        id: `apikey:${credentials.apiKey.slice(0, 8)}`,
+                        userId: user.id,
+                        createdAt: new Date(),
+                        expiresAt: new Date(Date.now() + this.sessionTtlMs),
+                        data: { scopes: keyData.scopes },
+                    };
+                    const userContext = this.createContext(user, session);
+                    if (keyData.scopes) {
+                        userContext.metadata = {
+                            ...userContext.metadata,
+                            apiKeyScopes: keyData.scopes,
+                        };
+                    }
+                    return { success: true, user: userContext };
+                }
+                default:
+                    return { success: false, error: "Unsupported credential type" };
+            }
+        }
+        catch (error) {
+            console.error("Passport validation error:", error);
+            return { success: false, error: "Authentication failed" };
+        }
+    }
+    createContext(user, session) {
+        if (this.getUserContextFn) {
+            return this.getUserContextFn(user, session);
+        }
+        return createUserContext(user, session);
+    }
+    getRoutes() {
+        const router = new Hono();
+        router.get("/session", async (c) => {
+            const credentials = this.extractCredentials(c);
+            if (!credentials) {
+                return c.json({ user: null });
+            }
+            const result = await this.validateCredentials(credentials);
+            if (!result.success) {
+                return c.json({ user: null });
+            }
+            return c.json({ user: result.user, expiresAt: result.expiresAt });
+        });
+        if (this.validatePassword) {
+            router.post("/login", async (c) => {
+                const { username, password } = (await readJsonBody(c));
+                if (!username || !password) {
+                    return c.json({
+                        error: { code: "INVALID_INPUT", message: "Username and password required" },
+                    }, 400);
+                }
+                const user = await this.validatePassword(username, password);
+                if (!user) {
+                    return c.json({
+                        error: { code: "INVALID_CREDENTIALS", message: "Invalid username or password" },
+                    }, 401);
+                }
+                const session = await this.createSession(user.id);
+                const userContext = this.createContext(user, session);
+                setCookie(c, "session", session.id, {
+                    httpOnly: true,
+                    secure: isProduction(),
+                    sameSite: "lax",
+                    expires: session.expiresAt,
+                });
+                return c.json({ user: userContext, sessionId: session.id });
+            });
+        }
+        router.post("/logout", async (c) => {
+            const credentials = this.extractCredentials(c);
+            if (credentials?.sessionId) {
+                await this.invalidateSession(credentials.sessionId);
+            }
+            deleteCookie(c, "session");
+            deleteCookie(c, "connect.sid");
+            return c.json({ success: true });
+        });
+        return router;
+    }
+}
+export const createPassportAdapter = (options) => {
+    return new PassportAdapter(options);
+};
+export const fromPassportUser = (passportUser, sessionId) => {
+    const session = {
+        id: sessionId,
+        userId: passportUser.id,
+        createdAt: new Date(),
+        expiresAt: new Date(Date.now() + 24 * 60 * 60 * 1000),
+    };
+    return createUserContext({
+        id: passportUser.id,
+        email: passportUser.email,
+        name: passportUser.name ?? passportUser.displayName,
+        image: passportUser.image ?? passportUser.avatar,
+        emailVerified: passportUser.emailVerified,
+        metadata: passportUser.metadata,
+    }, session);
+};
+//# sourceMappingURL=passport.js.map

package/dist/auth/adapters/passport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"passport.js","sourceRoot":"","sources":["../../../src/auth/adapters/passport.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAgB,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAGhE,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AA4B5C,MAAM,OAAO,eAAgB,SAAQ,eAAe;IAOlD,YAAY,OAA+B;QACzC,KAAK,CAAC;YACJ,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;QAVL,SAAI,GAAG,UAAU,CAAC;QAWhB,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACjD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;QAC7C,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,cAAc,CAAC;IACjD,CAAC;IAED,kBAAkB,CAAC,CAAU;QAC3B,MAAM,iBAAiB,GAAG,SAAS,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;QACtD,IAAI,iBAAiB,EAAE,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,iBAAiB,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;QAC9C,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;QACvD,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,IAAI,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,UAAU,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACnC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAChE,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACzC,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QACpC,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,WAA4B;QACpD,IAAI,CAAC;YACH,QAAQ,WAAW,CAAC,IAAI,EAAE,CAAC;gBACzB,KAAK,SAAS,CAAC,CAAC,CAAC;oBACf,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,CAAC;wBAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;oBACpD,CAAC;oBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;oBAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;oBACnE,CAAC;oBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBACpD,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;oBACrD,CAAC;oBAED,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBACtD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC5E,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;wBACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC;oBACxD,CAAC;oBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;oBACzD,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,CAAC;oBACpD,CAAC;oBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBACpD,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;oBACrD,CAAC;oBAED,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBACtD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC5E,CAAC;gBAED,KAAK,OAAO,CAAC,CAAC,CAAC;oBACb,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;wBAC3B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC;oBAC7E,CAAC;oBAED,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;wBACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gCAAgC,EAAE,CAAC;oBACrE,CAAC;oBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CACtC,WAAW,CAAC,QAAQ,EACpB,WAAW,CAAC,QAAQ,CACrB,CAAC;oBACF,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC;oBAC1D,CAAC;oBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;oBAClD,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBACtD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC5E,CAAC;gBAED,KAAK,QAAQ,CAAC,CAAC,CAAC;oBACd,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;wBACzB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC;oBAC5E,CAAC;oBAED,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,CAAC;wBACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;oBACvD,CAAC;oBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;oBAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;wBACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC;oBACtD,CAAC;oBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBACpD,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;oBACrD,CAAC;oBAED,MAAM,OAAO,GAAgB;wBAC3B,EAAE,EAAE,UAAU,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;wBAC9C,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,SAAS,EAAE,IAAI,IAAI,EAAE;wBACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,CAAC;wBACnD,IAAI,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE;qBACjC,CAAC;oBAEF,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBACtD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;wBACnB,WAAW,CAAC,QAAQ,GAAG;4BACrB,GAAG,WAAW,CAAC,QAAQ;4BACvB,YAAY,EAAE,OAAO,CAAC,MAAM;yBAC7B,CAAC;oBACJ,CAAC;oBAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;gBAC9C,CAAC;gBAED;oBACE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC;YACpE,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;QAC5D,CAAC;IACH,CAAC;IAEO,aAAa,CACnB,IAA6E,EAC7E,OAAoB;QAEpB,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,iBAAiB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED,SAAS;QACP,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QAE1B,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YAChC,CAAC;YAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;gBAChC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,YAAY,CAAC,CAAC,CAAC,CAGpD,CAAC;gBAEF,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC3B,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,gCAAgC,EAAE;qBAC5E,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAiB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;gBAC9D,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,OAAO,CAAC,CAAC,IAAI,CACX;wBACE,KAAK,EAAE,EAAE,IAAI,EAAE,qBAAqB,EAAE,OAAO,EAAE,8BAA8B,EAAE;qBAChF,EACD,GAAG,CACJ,CAAC;gBACJ,CAAC;gBAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAClD,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;gBAEtD,SAAS,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE;oBAClC,QAAQ,EAAE,IAAI;oBACd,MAAM,EAAE,YAAY,EAAE;oBACtB,QAAQ,EAAE,KAAK;oBACf,OAAO,EAAE,OAAO,CAAC,SAAS;iBAC3B,CAAC,CAAC;gBAEH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;YAC9D,CAAC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC;YAC/C,IAAI,WAAW,EAAE,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACtD,CAAC;YAED,YAAY,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;YAC3B,YAAY,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;YAE/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,OAA+B,EAAmB,EAAE;IACxF,OAAO,IAAI,eAAe,CAAC,OAAO,CAAC,CAAC;AACtC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAC9B,YAAiB,EACjB,SAAiB,EACJ,EAAE;IACf,MAAM,OAAO,GAAgB;QAC3B,EAAE,EAAE,SAAS;QACb,MAAM,EAAE,YAAY,CAAC,EAAE;QACvB,SAAS,EAAE,IAAI,IAAI,EAAE;QACrB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;KACtD,CAAC;IAEF,OAAO,iBAAiB,CACtB;QACE,EAAE,EAAE,YAAY,CAAC,EAAE;QACnB,KAAK,EAAE,YAAY,CAAC,KAAK;QACzB,IAAI,EAAE,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,WAAW;QACnD,KAAK,EAAE,YAAY,CAAC,KAAK,IAAI,YAAY,CAAC,MAAM;QAChD,aAAa,EAAE,YAAY,CAAC,aAAa;QACzC,QAAQ,EAAE,YAAY,CAAC,QAAQ;KAChC,EACD,OAAO,CACR,CAAC;AACJ,CAAC,CAAC"}

package/dist/auth/api-keys.d.ts

@@ -0,0 +1,68 @@
+export interface ApiKeyMetadata {
+    id: string;
+    label?: string;
+    userId?: string;
+    createdAt: Date;
+    lastUsedAt?: Date | null;
+    expiresAt?: Date | null;
+    scopes?: string[];
+}
+export interface StoredApiKey extends ApiKeyMetadata {
+    hash: string;
+}
+export interface ApiKeyStore {
+    create(record: StoredApiKey): Promise<void>;
+    list(filter?: {
+        userId?: string;
+    }): Promise<StoredApiKey[]>;
+    findById(id: string): Promise<StoredApiKey | null>;
+    delete(id: string): Promise<void>;
+    touch(id: string, lastUsedAt: Date): Promise<void>;
+}
+export declare class InMemoryApiKeyStore implements ApiKeyStore {
+    private keys;
+    create(record: StoredApiKey): Promise<void>;
+    list(filter?: {
+        userId?: string;
+    }): Promise<StoredApiKey[]>;
+    findById(id: string): Promise<StoredApiKey | null>;
+    delete(id: string): Promise<void>;
+    touch(id: string, lastUsedAt: Date): Promise<void>;
+}
+export interface CreateApiKeyOptions {
+    store: ApiKeyStore;
+    label?: string;
+    userId?: string;
+    scopes?: string[];
+    expiresAt?: Date | null;
+    ttlMs?: number;
+    prefix?: string;
+    byteLength?: number;
+}
+export interface CreatedApiKey {
+    key: string;
+    metadata: ApiKeyMetadata;
+}
+export declare const createApiKey: (options: CreateApiKeyOptions) => Promise<CreatedApiKey>;
+export interface VerifyApiKeyResult {
+    valid: boolean;
+    metadata?: ApiKeyMetadata;
+    reason?: "not_found" | "expired" | "mismatch";
+}
+export declare const verifyApiKey: (key: string, options: {
+    store: ApiKeyStore;
+    updateLastUsed?: boolean;
+    now?: Date;
+}) => Promise<VerifyApiKeyResult>;
+export declare const listApiKeys: (options: {
+    store: ApiKeyStore;
+    userId?: string;
+}) => Promise<ApiKeyMetadata[]>;
+export declare const revokeApiKey: (id: string, options: {
+    store: ApiKeyStore;
+}) => Promise<void>;
+export interface RotateApiKeyOptions extends CreateApiKeyOptions {
+    id: string;
+}
+export declare const rotateApiKey: (options: RotateApiKeyOptions) => Promise<CreatedApiKey>;
+//# sourceMappingURL=api-keys.d.ts.map

package/dist/auth/api-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../../src/auth/api-keys.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,UAAU,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,YAAa,SAAQ,cAAc;IAClD,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC5D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IACnD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpD;AAED,qBAAa,mBAAoB,YAAW,WAAW;IACrD,OAAO,CAAC,IAAI,CAAmC;IAEzC,MAAM,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3C,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAQ3D,QAAQ,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC;IAIlD,MAAM,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;CAMzD;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,WAAW,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,cAAc,CAAC;CAC1B;AAmBD,eAAO,MAAM,YAAY,GAAU,SAAS,mBAAmB,KAAG,OAAO,CAAC,aAAa,CAqBtF,CAAC;AAcF,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,MAAM,CAAC,EAAE,WAAW,GAAG,SAAS,GAAG,UAAU,CAAC;CAC/C;AAED,eAAO,MAAM,YAAY,GACvB,KAAK,MAAM,EACX,SAAS;IAAE,KAAK,EAAE,WAAW,CAAC;IAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAAC,GAAG,CAAC,EAAE,IAAI,CAAA;CAAE,KACpE,OAAO,CAAC,kBAAkB,CAqB5B,CAAC;AAEF,eAAO,MAAM,WAAW,GACtB,SAAS;IAAE,KAAK,EAAE,WAAW,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,KAC/C,OAAO,CAAC,cAAc,EAAE,CAK1B,CAAC;AAEF,eAAO,MAAM,YAAY,GACvB,IAAI,MAAM,EACV,SAAS;IAAE,KAAK,EAAE,WAAW,CAAA;CAAE,KAC9B,OAAO,CAAC,IAAI,CAEd,CAAC;AAEF,MAAM,WAAW,mBAAoB,SAAQ,mBAAmB;IAC9D,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,eAAO,MAAM,YAAY,GAAU,SAAS,mBAAmB,KAAG,OAAO,CAAC,aAAa,CAatF,CAAC"}