hylekit 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +705 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/index.d.cts +1950 -0
  4. package/dist/index.d.ts +1950 -0
  5. package/dist/index.js +666 -0
  6. package/dist/index.js.map +1 -0
  7. package/package.json +50 -0
package/dist/index.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts","../src/auth.ts","../src/schema.ts","../src/client/types.ts","../src/client/sveltekit.ts","../src/client/nextjs.ts"],"sourcesContent":["// Auth server setup\nexport * from \"./auth\";\n\n// Database schema\nexport * from \"./schema\";\n\n// Framework-specific clients\nexport * from \"./client\";\n\n// Convenience re-exports for common usage patterns\nexport { svelteClient, createSvelteKitClient } from \"./client/sveltekit\";\nexport { nextClient, createNextClient } from \"./client/nextjs\";\n","import { betterAuth, type BetterAuthOptions } from \"better-auth\";\nimport { drizzleAdapter } from \"better-auth/adapters/drizzle\";\n\nimport * as schema from \"./schema\";\n\nexport const createAuth = (db: any, config?: Partial<BetterAuthOptions>) => {\n return betterAuth({\n database: drizzleAdapter(db, {\n provider: \"sqlite\",\n schema: {\n ...schema\n }\n }),\n socialProviders: {\n google: {\n enabled: true,\n clientId: process.env.GOOGLE_CLIENT_ID ?? \"\",\n clientSecret: process.env.GOOGLE_CLIENT_SECRET ?? \"\",\n },\n },\n ...config,\n });\n};\n\nexport * from \"./schema\";","import { relations, sql } from \"drizzle-orm\";\nimport { sqliteTable, text, integer, index } from \"drizzle-orm/sqlite-core\";\n\nexport const user = sqliteTable(\"user\", {\n id: text(\"id\").primaryKey(),\n name: text(\"name\").notNull(),\n email: text(\"email\").notNull().unique(),\n emailVerified: integer(\"email_verified\", { mode: \"boolean\" })\n .default(false)\n .notNull(),\n image: text(\"image\"),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .notNull(),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .$onUpdate(() => /* @__PURE__ */ new Date())\n .notNull(),\n});\n\nexport const session = sqliteTable(\n \"session\",\n {\n id: text(\"id\").primaryKey(),\n expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n token: text(\"token\").notNull().unique(),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .notNull(),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n .$onUpdate(() => /* @__PURE__ */ new Date())\n .notNull(),\n ipAddress: text(\"ip_address\"),\n userAgent: text(\"user_agent\"),\n userId: text(\"user_id\")\n .notNull()\n .references(() => user.id, { onDelete: \"cascade\" }),\n },\n (table) => [index(\"session_userId_idx\").on(table.userId)],\n);\n\nexport const account = sqliteTable(\n \"account\",\n {\n id: text(\"id\").primaryKey(),\n accountId: text(\"account_id\").notNull(),\n providerId: text(\"provider_id\").notNull(),\n userId: text(\"user_id\")\n .notNull()\n .references(() => user.id, { onDelete: \"cascade\" }),\n accessToken: text(\"access_token\"),\n refreshToken: text(\"refresh_token\"),\n idToken: text(\"id_token\"),\n accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n mode: \"timestamp_ms\",\n }),\n refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n mode: \"timestamp_ms\",\n }),\n scope: text(\"scope\"),\n password: text(\"password\"),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .notNull(),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n .$onUpdate(() => /* @__PURE__ */ new Date())\n .notNull(),\n },\n (table) => [index(\"account_userId_idx\").on(table.userId)],\n);\n\nexport const verification = sqliteTable(\n \"verification\",\n {\n id: text(\"id\").primaryKey(),\n identifier: text(\"identifier\").notNull(),\n value: text(\"value\").notNull(),\n expiresAt: integer(\"expires_at\", { mode: \"timestamp_ms\" }).notNull(),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .notNull(),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" })\n .default(sql`(cast(unixepoch('subsecond') * 1000 as integer))`)\n .$onUpdate(() => /* @__PURE__ */ new Date())\n .notNull(),\n },\n (table) => [index(\"verification_identifier_idx\").on(table.identifier)],\n);\n\nexport const oauthApplication = sqliteTable(\n \"oauth_application\",\n {\n id: text(\"id\").primaryKey(),\n name: text(\"name\"),\n icon: text(\"icon\"),\n metadata: text(\"metadata\"),\n clientId: text(\"client_id\").unique(),\n clientSecret: text(\"client_secret\"),\n redirectUrls: text(\"redirect_urls\"),\n type: text(\"type\"),\n disabled: integer(\"disabled\", { mode: \"boolean\" }).default(false),\n userId: text(\"user_id\").references(() => user.id, { onDelete: \"cascade\" }),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" }),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" }),\n },\n (table) => [index(\"oauthApplication_userId_idx\").on(table.userId)],\n);\n\nexport const oauthAccessToken = sqliteTable(\n \"oauth_access_token\",\n {\n id: text(\"id\").primaryKey(),\n accessToken: text(\"access_token\").unique(),\n refreshToken: text(\"refresh_token\").unique(),\n accessTokenExpiresAt: integer(\"access_token_expires_at\", {\n mode: \"timestamp_ms\",\n }),\n refreshTokenExpiresAt: integer(\"refresh_token_expires_at\", {\n mode: \"timestamp_ms\",\n }),\n clientId: text(\"client_id\").references(() => oauthApplication.clientId, {\n onDelete: \"cascade\",\n }),\n userId: text(\"user_id\").references(() => user.id, { onDelete: \"cascade\" }),\n scopes: text(\"scopes\"),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" }),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" }),\n },\n (table) => [\n index(\"oauthAccessToken_clientId_idx\").on(table.clientId),\n index(\"oauthAccessToken_userId_idx\").on(table.userId),\n ],\n);\n\nexport const oauthConsent = sqliteTable(\n \"oauth_consent\",\n {\n id: text(\"id\").primaryKey(),\n clientId: text(\"client_id\").references(() => oauthApplication.clientId, {\n onDelete: \"cascade\",\n }),\n userId: text(\"user_id\").references(() => user.id, { onDelete: \"cascade\" }),\n scopes: text(\"scopes\"),\n createdAt: integer(\"created_at\", { mode: \"timestamp_ms\" }),\n updatedAt: integer(\"updated_at\", { mode: \"timestamp_ms\" }),\n consentGiven: integer(\"consent_given\", { mode: \"boolean\" }),\n },\n (table) => [\n index(\"oauthConsent_clientId_idx\").on(table.clientId),\n index(\"oauthConsent_userId_idx\").on(table.userId),\n ],\n);\n\nexport const userRelations = relations(user, ({ many }) => ({\n sessions: many(session),\n accounts: many(account),\n oauthApplications: many(oauthApplication),\n oauthAccessTokens: many(oauthAccessToken),\n oauthConsents: many(oauthConsent),\n}));\n\nexport const sessionRelations = relations(session, ({ one }) => ({\n user: one(user, {\n fields: [session.userId],\n references: [user.id],\n }),\n}));\n\nexport const accountRelations = relations(account, ({ one }) => ({\n user: one(user, {\n fields: [account.userId],\n references: [user.id],\n }),\n}));\n\nexport const oauthApplicationRelations = relations(\n oauthApplication,\n ({ one, many }) => ({\n user: one(user, {\n fields: [oauthApplication.userId],\n references: [user.id],\n }),\n oauthAccessTokens: many(oauthAccessToken),\n oauthConsents: many(oauthConsent),\n }),\n);\n\nexport const oauthAccessTokenRelations = relations(\n oauthAccessToken,\n ({ one }) => ({\n oauthApplication: one(oauthApplication, {\n fields: [oauthAccessToken.clientId],\n references: [oauthApplication.clientId],\n }),\n user: one(user, {\n fields: [oauthAccessToken.userId],\n references: [user.id],\n }),\n }),\n);\n\nexport const oauthConsentRelations = relations(oauthConsent, ({ one }) => ({\n oauthApplication: one(oauthApplication, {\n fields: [oauthConsent.clientId],\n references: [oauthApplication.clientId],\n }),\n user: one(user, {\n fields: [oauthConsent.userId],\n references: [user.id],\n }),\n}));\n","// --- SHARED CONFIGURATION TYPES ---\n\n/**\n * Central Auth Server configuration.\n * Specify this when creating the auth client to point to your auth server.\n */\nexport interface CentralAuthConfig {\n /** Base URL of the Central Auth Server (e.g., \"http://localhost:5173\" or \"https://auth.example.com\") */\n url: string;\n /** OAuth2 authorize endpoint path (default: \"/api/auth/oauth2/authorize\") */\n authorizeEndpoint?: string;\n /** OAuth2 token endpoint path (default: \"/api/auth/oauth2/token\") */\n tokenEndpoint?: string;\n /** OAuth2 userinfo endpoint path (default: \"/api/auth/oauth2/userinfo\") */\n userEndpoint?: string;\n /** Cookie name for storing the access token (default: \"access_token\") */\n cookieName?: string;\n /** Cookie max age in seconds (default: 7 days) */\n cookieMaxAge?: number;\n}\n\n/**\n * OAuth2 client configuration for your application.\n */\nexport interface ClientConfig {\n /** OAuth2 Client ID registered in Central Auth */\n clientId: string;\n /** OAuth2 Client Secret registered in Central Auth */\n clientSecret: string;\n /** Redirect URI - must match exactly what is registered in Central Auth */\n redirectUri: string;\n /** Base URL of this application (e.g., \"http://localhost:3000\") */\n appUrl: string;\n}\n\n/**\n * Options for the signIn method.\n */\nexport interface SignInOptions {\n /** Override the default post-login redirect path (default: \"/\") */\n successRedirectPath?: string;\n /** Additional scopes to request beyond \"openid profile email\" */\n additionalScopes?: string[];\n /** State parameter for CSRF protection (recommended) */\n state?: string;\n}\n\n/**\n * Options for the handleSignInCallback method.\n */\nexport interface CallbackOptions {\n /** Override the default post-login redirect path (default: \"/\") */\n successRedirectPath?: string;\n}\n\n/**\n * User information returned from the userinfo endpoint.\n */\nexport interface UserInfo {\n id: string;\n email?: string;\n name?: string;\n image?: string;\n emailVerified?: boolean;\n [key: string]: unknown;\n}\n\n/**\n * Token response from the OAuth2 token endpoint.\n */\nexport interface TokenResponse {\n access_token: string;\n token_type: string;\n expires_in?: number;\n refresh_token?: string;\n id_token?: string;\n scope?: string;\n}\n\n// --- DEFAULT VALUES ---\n\nexport const DEFAULT_CONFIG = {\n authorizeEndpoint: \"/api/auth/oauth2/authorize\",\n tokenEndpoint: \"/api/auth/oauth2/token\",\n userEndpoint: \"/api/auth/oauth2/userinfo\",\n cookieName: \"access_token\",\n cookieMaxAge: 60 * 60 * 24 * 7, // 7 Days\n} as const;\n\n/**\n * Resolves the full config with defaults applied.\n */\nexport function resolveConfig(config: CentralAuthConfig): Required<CentralAuthConfig> {\n return {\n ...DEFAULT_CONFIG,\n ...config,\n };\n}\n\n/**\n * Builds the OAuth2 authorization URL.\n */\nexport function buildAuthorizationUrl(\n config: Required<CentralAuthConfig>,\n clientConfig: ClientConfig,\n options?: SignInOptions\n): string {\n const targetUrl = new URL(config.url + config.authorizeEndpoint);\n\n const scopes = [\"openid\", \"profile\", \"email\"];\n if (options?.additionalScopes) {\n scopes.push(...options.additionalScopes);\n }\n\n targetUrl.searchParams.set(\"response_type\", \"code\");\n targetUrl.searchParams.set(\"client_id\", clientConfig.clientId);\n targetUrl.searchParams.set(\"redirect_uri\", clientConfig.redirectUri);\n targetUrl.searchParams.set(\"scope\", scopes.join(\" \"));\n\n if (options?.state) {\n targetUrl.searchParams.set(\"state\", options.state);\n }\n\n return targetUrl.toString();\n}\n\n/**\n * Exchanges the authorization code for tokens.\n */\nexport async function exchangeCodeForTokens(\n config: Required<CentralAuthConfig>,\n clientConfig: ClientConfig,\n code: string\n): Promise<TokenResponse> {\n const response = await fetch(config.url + config.tokenEndpoint, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: clientConfig.clientId,\n client_secret: clientConfig.clientSecret,\n redirect_uri: clientConfig.redirectUri,\n code: code,\n }),\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${errorText}`);\n }\n\n const tokens = await response.json();\n\n if (!tokens.access_token) {\n throw new Error(\"No access token in response\");\n }\n\n return tokens;\n}\n\n/**\n * Fetches user info from the Central Auth Server.\n */\nexport async function fetchUserInfo(\n config: Required<CentralAuthConfig>,\n accessToken: string\n): Promise<UserInfo | null> {\n try {\n const response = await fetch(config.url + config.userEndpoint, {\n headers: {\n \"Authorization\": `Bearer ${accessToken}`,\n },\n });\n\n if (!response.ok) {\n return null;\n }\n\n return await response.json();\n } catch {\n return null;\n }\n}\n","import { redirect } from \"@sveltejs/kit\";\nimport type { Cookies, RequestEvent } from \"@sveltejs/kit\";\nimport {\n type CentralAuthConfig,\n type ClientConfig,\n type SignInOptions,\n type CallbackOptions,\n type UserInfo,\n resolveConfig,\n buildAuthorizationUrl,\n exchangeCodeForTokens,\n fetchUserInfo,\n} from \"./types\";\n\n// Re-export shared types\nexport type { CentralAuthConfig, ClientConfig, SignInOptions, CallbackOptions, UserInfo };\n\n/**\n * Creates a SvelteKit-specific OIDC auth client.\n * \n * @example\n * ```typescript\n * // In your hooks.server.ts or +page.server.ts\n * import { createSvelteKitClient } from \"hylejs\";\n * \n * const authClient = createSvelteKitClient({\n * url: env.CENTRAL_AUTH_URL || \"http://localhost:5173\"\n * });\n * \n * const clientConfig = {\n * clientId: env.OAUTH_CLIENT_ID,\n * clientSecret: env.OAUTH_CLIENT_SECRET,\n * redirectUri: `${env.APP_URL}/auth/callback`,\n * appUrl: env.APP_URL,\n * };\n * \n * // In +page.server.ts actions\n * export const actions = {\n * login: async (event) => {\n * authClient.signIn(clientConfig, event.cookies);\n * }\n * };\n * ```\n */\nexport function createSvelteKitClient(centralAuthConfig: CentralAuthConfig) {\n const config = resolveConfig(centralAuthConfig);\n\n return {\n /**\n * Get the current Central Auth configuration.\n */\n getConfig: () => ({ ...config }),\n\n /**\n * Initiates the OAuth2 sign-in flow by redirecting to the Central Auth Server.\n * Uses SvelteKit's redirect() which throws a redirect response.\n * \n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional sign-in options\n * @throws Redirect to the Central Auth authorization endpoint\n */\n signIn: (clientConfig: ClientConfig, options?: SignInOptions): never => {\n const authUrl = buildAuthorizationUrl(config, clientConfig, options);\n redirect(302, authUrl);\n },\n\n /**\n * Builds the authorization URL without redirecting.\n * Useful when you need to return the URL for client-side navigation.\n * \n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional sign-in options\n * @returns The authorization URL string\n */\n getSignInUrl: (clientConfig: ClientConfig, options?: SignInOptions): string => {\n return buildAuthorizationUrl(config, clientConfig, options);\n },\n\n /**\n * Handles the OAuth2 callback, exchanges the code for tokens, and sets the session cookie.\n * Uses SvelteKit's cookies API for cookie management.\n * \n * @param event - SvelteKit RequestEvent\n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional callback options\n * @throws Redirect on success, throws error on failure\n */\n handleSignInCallback: async (\n event: RequestEvent,\n clientConfig: ClientConfig,\n options?: CallbackOptions\n ): Promise<never> => {\n const { url, cookies } = event;\n const code = url.searchParams.get(\"code\");\n const error = url.searchParams.get(\"error\");\n const errorDescription = url.searchParams.get(\"error_description\");\n\n if (error) {\n throw new Error(`Authentication failed: ${errorDescription || error}`);\n }\n\n if (!code) {\n throw new Error(\"Missing authorization code\");\n }\n\n try {\n const tokens = await exchangeCodeForTokens(config, clientConfig, code);\n\n // Set cookie using SvelteKit's cookies API\n cookies.set(config.cookieName, tokens.access_token, {\n httpOnly: true,\n secure: event.url.protocol === \"https:\",\n sameSite: \"lax\",\n path: \"/\",\n maxAge: config.cookieMaxAge,\n });\n\n const successPath = options?.successRedirectPath || \"/\";\n redirect(302, successPath);\n } catch (err) {\n // Re-throw redirects\n if (err && typeof err === \"object\" && \"status\" in err) {\n throw err;\n }\n console.error(\"Auth callback error:\", err);\n throw new Error(\"Authentication failed\");\n }\n },\n\n /**\n * Signs out the user by clearing the session cookie.\n * \n * @param cookies - SvelteKit Cookies object\n * @param redirectPath - Path to redirect to after sign out (default: \"/\")\n * @throws Redirect to the specified path\n */\n signOut: (cookies: Cookies, redirectPath: string = \"/\"): never => {\n cookies.delete(config.cookieName, { path: \"/\" });\n redirect(302, redirectPath);\n },\n\n /**\n * Clears the session cookie without redirecting.\n * Useful when you need more control over the response.\n * \n * @param cookies - SvelteKit Cookies object\n */\n clearSession: (cookies: Cookies): void => {\n cookies.delete(config.cookieName, { path: \"/\" });\n },\n\n /**\n * Retrieves the access token from cookies.\n * \n * @param cookies - SvelteKit Cookies object\n * @returns The access token or null if not found\n */\n getAccessToken: (cookies: Cookies): string | null => {\n return cookies.get(config.cookieName) ?? null;\n },\n\n /**\n * Fetches user information from the Central Auth Server.\n * \n * @param accessToken - The access token to use for authentication\n * @returns The user information or null if the request fails\n */\n getUser: async (accessToken: string): Promise<UserInfo | null> => {\n return fetchUserInfo(config, accessToken);\n },\n\n /**\n * Gets the current user session from cookies.\n * Combines getAccessToken and getUser for convenience.\n * \n * @param cookies - SvelteKit Cookies object\n * @returns The user information or null if not authenticated\n */\n getSession: async (cookies: Cookies): Promise<UserInfo | null> => {\n const accessToken = cookies.get(config.cookieName);\n if (!accessToken) return null;\n return fetchUserInfo(config, accessToken);\n },\n\n /**\n * Checks if the user is authenticated (has access token in cookies).\n * Note: This only checks for token presence, not validity.\n * \n * @param cookies - SvelteKit Cookies object\n * @returns true if an access token is present\n */\n isAuthenticated: (cookies: Cookies): boolean => {\n return !!cookies.get(config.cookieName);\n },\n\n /**\n * Protects a route by checking authentication and redirecting if needed.\n * Use in +page.server.ts or +layout.server.ts load functions.\n * \n * @param cookies - SvelteKit Cookies object\n * @param loginPath - Path to redirect to for login (default: \"/login\")\n * @throws Redirect to login path if not authenticated\n */\n requireAuth: (cookies: Cookies, loginPath: string = \"/login\"): void => {\n if (!cookies.get(config.cookieName)) {\n redirect(302, loginPath);\n }\n },\n };\n}\n\n// Convenience alias\nexport const svelteClient = createSvelteKitClient;\n","import { cookies } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport type { NextRequest } from \"next/server\";\nimport { NextResponse } from \"next/server\";\nimport {\n type CentralAuthConfig,\n type ClientConfig,\n type SignInOptions,\n type CallbackOptions,\n type UserInfo,\n resolveConfig,\n buildAuthorizationUrl,\n exchangeCodeForTokens,\n fetchUserInfo,\n} from \"./types\";\n\n// Re-export shared types\nexport type { CentralAuthConfig, ClientConfig, SignInOptions, CallbackOptions, UserInfo };\n\n/**\n * Creates a Next.js-specific OIDC auth client (App Router).\n * \n * @example\n * ```typescript\n * // In your app/api/auth/[...auth]/route.ts\n * import { createNextClient } from \"hylejs\";\n * \n * const authClient = createNextClient({\n * url: process.env.CENTRAL_AUTH_URL || \"http://localhost:5173\"\n * });\n * \n * const clientConfig = {\n * clientId: process.env.OAUTH_CLIENT_ID!,\n * clientSecret: process.env.OAUTH_CLIENT_SECRET!,\n * redirectUri: `${process.env.APP_URL}/api/auth/callback`,\n * appUrl: process.env.APP_URL!,\n * };\n * \n * export async function GET(request: NextRequest) {\n * const { pathname } = new URL(request.url);\n * \n * if (pathname.endsWith(\"/login\")) {\n * return authClient.signIn(clientConfig);\n * }\n * if (pathname.endsWith(\"/callback\")) {\n * return authClient.handleSignInCallback(request, clientConfig);\n * }\n * if (pathname.endsWith(\"/logout\")) {\n * return authClient.signOut(clientConfig);\n * }\n * }\n * ```\n */\nexport function createNextClient(centralAuthConfig: CentralAuthConfig) {\n const config = resolveConfig(centralAuthConfig);\n\n return {\n /**\n * Get the current Central Auth configuration.\n */\n getConfig: () => ({ ...config }),\n\n /**\n * Initiates the OAuth2 sign-in flow by returning a redirect Response.\n * Use in Route Handlers (App Router).\n * \n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional sign-in options\n * @returns NextResponse redirect to the Central Auth authorization endpoint\n */\n signIn: (clientConfig: ClientConfig, options?: SignInOptions): NextResponse => {\n const authUrl = buildAuthorizationUrl(config, clientConfig, options);\n return NextResponse.redirect(authUrl);\n },\n\n /**\n * Builds the authorization URL without redirecting.\n * Useful for client-side navigation or custom redirect logic.\n * \n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional sign-in options\n * @returns The authorization URL string\n */\n getSignInUrl: (clientConfig: ClientConfig, options?: SignInOptions): string => {\n return buildAuthorizationUrl(config, clientConfig, options);\n },\n\n /**\n * Handles the OAuth2 callback in Route Handlers.\n * Exchanges the code for tokens and sets the session cookie.\n * \n * @param request - NextRequest object\n * @param clientConfig - OAuth2 client configuration\n * @param options - Optional callback options\n * @returns NextResponse with redirect and cookie set\n */\n handleSignInCallback: async (\n request: NextRequest,\n clientConfig: ClientConfig,\n options?: CallbackOptions\n ): Promise<NextResponse> => {\n const { searchParams } = new URL(request.url);\n const code = searchParams.get(\"code\");\n const error = searchParams.get(\"error\");\n const errorDescription = searchParams.get(\"error_description\");\n\n if (error) {\n return NextResponse.json(\n { error: errorDescription || error },\n { status: 400 }\n );\n }\n\n if (!code) {\n return NextResponse.json(\n { error: \"Missing authorization code\" },\n { status: 400 }\n );\n }\n\n try {\n const tokens = await exchangeCodeForTokens(config, clientConfig, code);\n\n const successPath = options?.successRedirectPath || \"/\";\n const successUrl = new URL(successPath, clientConfig.appUrl);\n\n const response = NextResponse.redirect(successUrl);\n\n // Set cookie using NextResponse\n response.cookies.set(config.cookieName, tokens.access_token, {\n httpOnly: true,\n secure: process.env.NODE_ENV === \"production\",\n sameSite: \"lax\",\n path: \"/\",\n maxAge: config.cookieMaxAge,\n });\n\n return response;\n } catch (err) {\n console.error(\"Auth callback error:\", err);\n return NextResponse.json(\n { error: \"Authentication failed\" },\n { status: 500 }\n );\n }\n },\n\n /**\n * Signs out the user by clearing the session cookie.\n * Use in Route Handlers.\n * \n * @param clientConfig - OAuth2 client configuration\n * @param redirectPath - Path to redirect to after sign out (default: \"/\")\n * @returns NextResponse with redirect and cookie cleared\n */\n signOut: (clientConfig: ClientConfig, redirectPath: string = \"/\"): NextResponse => {\n const redirectUrl = new URL(redirectPath, clientConfig.appUrl);\n const response = NextResponse.redirect(redirectUrl);\n\n response.cookies.set(config.cookieName, \"\", {\n httpOnly: true,\n secure: process.env.NODE_ENV === \"production\",\n sameSite: \"lax\",\n path: \"/\",\n maxAge: 0,\n });\n\n return response;\n },\n\n /**\n * Retrieves the access token from cookies.\n * Use in Server Components or Route Handlers.\n * \n * @returns The access token or null if not found\n */\n getAccessToken: async (): Promise<string | null> => {\n const cookieStore = await cookies();\n return cookieStore.get(config.cookieName)?.value ?? null;\n },\n\n /**\n * Retrieves the access token from a NextRequest.\n * Use in middleware or Route Handlers when you have the request object.\n * \n * @param request - NextRequest object\n * @returns The access token or null if not found\n */\n getAccessTokenFromRequest: (request: NextRequest): string | null => {\n return request.cookies.get(config.cookieName)?.value ?? null;\n },\n\n /**\n * Fetches user information from the Central Auth Server.\n * \n * @param accessToken - The access token to use for authentication\n * @returns The user information or null if the request fails\n */\n getUser: async (accessToken: string): Promise<UserInfo | null> => {\n return fetchUserInfo(config, accessToken);\n },\n\n /**\n * Gets the current user session.\n * Use in Server Components.\n * \n * @returns The user information or null if not authenticated\n */\n getSession: async (): Promise<UserInfo | null> => {\n const cookieStore = await cookies();\n const accessToken = cookieStore.get(config.cookieName)?.value;\n if (!accessToken) return null;\n return fetchUserInfo(config, accessToken);\n },\n\n /**\n * Gets the current user session from a request.\n * Use in middleware or Route Handlers.\n * \n * @param request - NextRequest object\n * @returns The user information or null if not authenticated\n */\n getSessionFromRequest: async (request: NextRequest): Promise<UserInfo | null> => {\n const accessToken = request.cookies.get(config.cookieName)?.value;\n if (!accessToken) return null;\n return fetchUserInfo(config, accessToken);\n },\n\n /**\n * Checks if the user is authenticated.\n * Use in Server Components.\n * \n * @returns true if an access token is present\n */\n isAuthenticated: async (): Promise<boolean> => {\n const cookieStore = await cookies();\n return !!cookieStore.get(config.cookieName)?.value;\n },\n\n /**\n * Checks if the request is authenticated.\n * Use in middleware.\n * \n * @param request - NextRequest object\n * @returns true if an access token is present\n */\n isAuthenticatedRequest: (request: NextRequest): boolean => {\n return !!request.cookies.get(config.cookieName)?.value;\n },\n\n /**\n * Protects a route by checking authentication and redirecting if needed.\n * Use in Server Components.\n * \n * @param loginPath - Path to redirect to for login (default: \"/login\")\n * @throws Redirect to login path if not authenticated\n */\n requireAuth: async (loginPath: string = \"/login\"): Promise<void> => {\n const cookieStore = await cookies();\n if (!cookieStore.get(config.cookieName)?.value) {\n redirect(loginPath);\n }\n },\n\n /**\n * Creates a middleware-compatible auth check.\n * Returns a NextResponse redirect if not authenticated.\n * \n * @param request - NextRequest object \n * @param loginPath - Path to redirect to for login (default: \"/login\")\n * @returns NextResponse redirect if not authenticated, null otherwise\n */\n middlewareAuth: (request: NextRequest, loginPath: string = \"/login\"): NextResponse | null => {\n if (!request.cookies.get(config.cookieName)?.value) {\n const loginUrl = new URL(loginPath, request.url);\n loginUrl.searchParams.set(\"from\", request.nextUrl.pathname);\n return NextResponse.redirect(loginUrl);\n }\n return null;\n },\n };\n}\n\n// Convenience alias\nexport const nextClient = createNextClient;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAAmD;AACnD,qBAA+B;;;ACD/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,yBAA+B;AAC/B,yBAAkD;AAE3C,IAAM,WAAO,gCAAY,QAAQ;AAAA,EACtC,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,EAC1B,UAAM,yBAAK,MAAM,EAAE,QAAQ;AAAA,EAC3B,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,EACtC,mBAAe,4BAAQ,kBAAkB,EAAE,MAAM,UAAU,CAAC,EACzD,QAAQ,KAAK,EACb,QAAQ;AAAA,EACX,WAAO,yBAAK,OAAO;AAAA,EACnB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,EACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AACb,CAAC;AAEM,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,WAAO,yBAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA,IACtC,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,IACX,eAAW,yBAAK,YAAY;AAAA,IAC5B,eAAW,yBAAK,YAAY;AAAA,IAC5B,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,EACtD;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,cAAU;AAAA,EACrB;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,eAAW,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACtC,gBAAY,yBAAK,aAAa,EAAE,QAAQ;AAAA,IACxC,YAAQ,yBAAK,SAAS,EACnB,QAAQ,EACR,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACpD,iBAAa,yBAAK,cAAc;AAAA,IAChC,kBAAc,yBAAK,eAAe;AAAA,IAClC,aAAS,yBAAK,UAAU;AAAA,IACxB,0BAAsB,4BAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,2BAAuB,4BAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,WAAO,yBAAK,OAAO;AAAA,IACnB,cAAU,yBAAK,UAAU;AAAA,IACzB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC;AAC1D;AAEO,IAAM,mBAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,gBAAY,yBAAK,YAAY,EAAE,QAAQ;AAAA,IACvC,WAAO,yBAAK,OAAO,EAAE,QAAQ;AAAA,IAC7B,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EAAE,QAAQ;AAAA,IACnE,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,QAAQ;AAAA,IACX,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC,EACtD,QAAQ,wEAAqD,EAC7D,UAAU,MAAsB,oBAAI,KAAK,CAAC,EAC1C,QAAQ;AAAA,EACb;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,6BAA6B,EAAE,GAAG,MAAM,UAAU,CAAC;AACvE;AAEO,IAAM,uBAAmB;AAAA,EAC9B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,UAAM,yBAAK,MAAM;AAAA,IACjB,UAAM,yBAAK,MAAM;AAAA,IACjB,cAAU,yBAAK,UAAU;AAAA,IACzB,cAAU,yBAAK,WAAW,EAAE,OAAO;AAAA,IACnC,kBAAc,yBAAK,eAAe;AAAA,IAClC,kBAAc,yBAAK,eAAe;AAAA,IAClC,UAAM,yBAAK,MAAM;AAAA,IACjB,cAAU,4BAAQ,YAAY,EAAE,MAAM,UAAU,CAAC,EAAE,QAAQ,KAAK;AAAA,IAChE,YAAQ,yBAAK,SAAS,EAAE,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACzE,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,IACzD,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,EAC3D;AAAA,EACA,CAAC,UAAU,KAAC,0BAAM,6BAA6B,EAAE,GAAG,MAAM,MAAM,CAAC;AACnE;AAEO,IAAM,uBAAmB;AAAA,EAC9B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,iBAAa,yBAAK,cAAc,EAAE,OAAO;AAAA,IACzC,kBAAc,yBAAK,eAAe,EAAE,OAAO;AAAA,IAC3C,0BAAsB,4BAAQ,2BAA2B;AAAA,MACvD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,2BAAuB,4BAAQ,4BAA4B;AAAA,MACzD,MAAM;AAAA,IACR,CAAC;AAAA,IACD,cAAU,yBAAK,WAAW,EAAE,WAAW,MAAM,iBAAiB,UAAU;AAAA,MACtE,UAAU;AAAA,IACZ,CAAC;AAAA,IACD,YAAQ,yBAAK,SAAS,EAAE,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACzE,YAAQ,yBAAK,QAAQ;AAAA,IACrB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,IACzD,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,EAC3D;AAAA,EACA,CAAC,UAAU;AAAA,QACT,0BAAM,+BAA+B,EAAE,GAAG,MAAM,QAAQ;AAAA,QACxD,0BAAM,6BAA6B,EAAE,GAAG,MAAM,MAAM;AAAA,EACtD;AACF;AAEO,IAAM,mBAAe;AAAA,EAC1B;AAAA,EACA;AAAA,IACE,QAAI,yBAAK,IAAI,EAAE,WAAW;AAAA,IAC1B,cAAU,yBAAK,WAAW,EAAE,WAAW,MAAM,iBAAiB,UAAU;AAAA,MACtE,UAAU;AAAA,IACZ,CAAC;AAAA,IACD,YAAQ,yBAAK,SAAS,EAAE,WAAW,MAAM,KAAK,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IACzE,YAAQ,yBAAK,QAAQ;AAAA,IACrB,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,IACzD,eAAW,4BAAQ,cAAc,EAAE,MAAM,eAAe,CAAC;AAAA,IACzD,kBAAc,4BAAQ,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAAA,EAC5D;AAAA,EACA,CAAC,UAAU;AAAA,QACT,0BAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,QACpD,0BAAM,yBAAyB,EAAE,GAAG,MAAM,MAAM;AAAA,EAClD;AACF;AAEO,IAAM,oBAAgB,8BAAU,MAAM,CAAC,EAAE,KAAK,OAAO;AAAA,EAC1D,UAAU,KAAK,OAAO;AAAA,EACtB,UAAU,KAAK,OAAO;AAAA,EACtB,mBAAmB,KAAK,gBAAgB;AAAA,EACxC,mBAAmB,KAAK,gBAAgB;AAAA,EACxC,eAAe,KAAK,YAAY;AAClC,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,uBAAmB,8BAAU,SAAS,CAAC,EAAE,IAAI,OAAO;AAAA,EAC/D,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,QAAQ,MAAM;AAAA,IACvB,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;AAEK,IAAM,gCAA4B;AAAA,EACvC;AAAA,EACA,CAAC,EAAE,KAAK,KAAK,OAAO;AAAA,IAClB,MAAM,IAAI,MAAM;AAAA,MACd,QAAQ,CAAC,iBAAiB,MAAM;AAAA,MAChC,YAAY,CAAC,KAAK,EAAE;AAAA,IACtB,CAAC;AAAA,IACD,mBAAmB,KAAK,gBAAgB;AAAA,IACxC,eAAe,KAAK,YAAY;AAAA,EAClC;AACF;AAEO,IAAM,gCAA4B;AAAA,EACvC;AAAA,EACA,CAAC,EAAE,IAAI,OAAO;AAAA,IACZ,kBAAkB,IAAI,kBAAkB;AAAA,MACtC,QAAQ,CAAC,iBAAiB,QAAQ;AAAA,MAClC,YAAY,CAAC,iBAAiB,QAAQ;AAAA,IACxC,CAAC;AAAA,IACD,MAAM,IAAI,MAAM;AAAA,MACd,QAAQ,CAAC,iBAAiB,MAAM;AAAA,MAChC,YAAY,CAAC,KAAK,EAAE;AAAA,IACtB,CAAC;AAAA,EACH;AACF;AAEO,IAAM,4BAAwB,8BAAU,cAAc,CAAC,EAAE,IAAI,OAAO;AAAA,EACzE,kBAAkB,IAAI,kBAAkB;AAAA,IACtC,QAAQ,CAAC,aAAa,QAAQ;AAAA,IAC9B,YAAY,CAAC,iBAAiB,QAAQ;AAAA,EACxC,CAAC;AAAA,EACD,MAAM,IAAI,MAAM;AAAA,IACd,QAAQ,CAAC,aAAa,MAAM;AAAA,IAC5B,YAAY,CAAC,KAAK,EAAE;AAAA,EACtB,CAAC;AACH,EAAE;;;AD7MK,IAAM,aAAa,CAAC,IAAS,WAAwC;AACxE,aAAO,+BAAW;AAAA,IACd,cAAU,+BAAe,IAAI;AAAA,MACzB,UAAU;AAAA,MACV,QAAQ;AAAA,QACJ,GAAG;AAAA,MACP;AAAA,IACJ,CAAC;AAAA,IACD,iBAAiB;AAAA,MACb,QAAQ;AAAA,QACJ,SAAS;AAAA,QACT,UAAU,QAAQ,IAAI,oBAAoB;AAAA,QAC1C,cAAc,QAAQ,IAAI,wBAAwB;AAAA,MACtD;AAAA,IACJ;AAAA,IACA,GAAG;AAAA,EACP,CAAC;AACL;;;AE2DO,IAAM,iBAAiB;AAAA,EAC1B,mBAAmB;AAAA,EACnB,eAAe;AAAA,EACf,cAAc;AAAA,EACd,YAAY;AAAA,EACZ,cAAc,KAAK,KAAK,KAAK;AAAA;AACjC;AAKO,SAAS,cAAc,QAAwD;AAClF,SAAO;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACP;AACJ;AAKO,SAAS,sBACZ,QACA,cACA,SACM;AACN,QAAM,YAAY,IAAI,IAAI,OAAO,MAAM,OAAO,iBAAiB;AAE/D,QAAM,SAAS,CAAC,UAAU,WAAW,OAAO;AAC5C,MAAI,SAAS,kBAAkB;AAC3B,WAAO,KAAK,GAAG,QAAQ,gBAAgB;AAAA,EAC3C;AAEA,YAAU,aAAa,IAAI,iBAAiB,MAAM;AAClD,YAAU,aAAa,IAAI,aAAa,aAAa,QAAQ;AAC7D,YAAU,aAAa,IAAI,gBAAgB,aAAa,WAAW;AACnE,YAAU,aAAa,IAAI,SAAS,OAAO,KAAK,GAAG,CAAC;AAEpD,MAAI,SAAS,OAAO;AAChB,cAAU,aAAa,IAAI,SAAS,QAAQ,KAAK;AAAA,EACrD;AAEA,SAAO,UAAU,SAAS;AAC9B;AAKA,eAAsB,sBAClB,QACA,cACA,MACsB;AACtB,QAAM,WAAW,MAAM,MAAM,OAAO,MAAM,OAAO,eAAe;AAAA,IAC5D,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,oCAAoC;AAAA,IAC/D,MAAM,IAAI,gBAAgB;AAAA,MACtB,YAAY;AAAA,MACZ,WAAW,aAAa;AAAA,MACxB,eAAe,aAAa;AAAA,MAC5B,cAAc,aAAa;AAAA,MAC3B;AAAA,IACJ,CAAC;AAAA,EACL,CAAC;AAED,MAAI,CAAC,SAAS,IAAI;AACd,UAAM,YAAY,MAAM,SAAS,KAAK;AACtC,UAAM,IAAI,MAAM,0BAA0B,SAAS,MAAM,MAAM,SAAS,EAAE;AAAA,EAC9E;AAEA,QAAM,SAAS,MAAM,SAAS,KAAK;AAEnC,MAAI,CAAC,OAAO,cAAc;AACtB,UAAM,IAAI,MAAM,6BAA6B;AAAA,EACjD;AAEA,SAAO;AACX;AAKA,eAAsB,cAClB,QACA,aACwB;AACxB,MAAI;AACA,UAAM,WAAW,MAAM,MAAM,OAAO,MAAM,OAAO,cAAc;AAAA,MAC3D,SAAS;AAAA,QACL,iBAAiB,UAAU,WAAW;AAAA,MAC1C;AAAA,IACJ,CAAC;AAED,QAAI,CAAC,SAAS,IAAI;AACd,aAAO;AAAA,IACX;AAEA,WAAO,MAAM,SAAS,KAAK;AAAA,EAC/B,QAAQ;AACJ,WAAO;AAAA,EACX;AACJ;;;ACtLA,iBAAyB;AA4ClB,SAAS,sBAAsB,mBAAsC;AACxE,QAAM,SAAS,cAAc,iBAAiB;AAE9C,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH,WAAW,OAAO,EAAE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAU9B,QAAQ,CAAC,cAA4B,YAAmC;AACpE,YAAM,UAAU,sBAAsB,QAAQ,cAAc,OAAO;AACnE,+BAAS,KAAK,OAAO;AAAA,IACzB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,cAAc,CAAC,cAA4B,YAAoC;AAC3E,aAAO,sBAAsB,QAAQ,cAAc,OAAO;AAAA,IAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,sBAAsB,OAClB,OACA,cACA,YACiB;AACjB,YAAM,EAAE,KAAK,SAAAA,SAAQ,IAAI;AACzB,YAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAC1C,YAAM,mBAAmB,IAAI,aAAa,IAAI,mBAAmB;AAEjE,UAAI,OAAO;AACP,cAAM,IAAI,MAAM,0BAA0B,oBAAoB,KAAK,EAAE;AAAA,MACzE;AAEA,UAAI,CAAC,MAAM;AACP,cAAM,IAAI,MAAM,4BAA4B;AAAA,MAChD;AAEA,UAAI;AACA,cAAM,SAAS,MAAM,sBAAsB,QAAQ,cAAc,IAAI;AAGrE,QAAAA,SAAQ,IAAI,OAAO,YAAY,OAAO,cAAc;AAAA,UAChD,UAAU;AAAA,UACV,QAAQ,MAAM,IAAI,aAAa;AAAA,UAC/B,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACnB,CAAC;AAED,cAAM,cAAc,SAAS,uBAAuB;AACpD,iCAAS,KAAK,WAAW;AAAA,MAC7B,SAAS,KAAK;AAEV,YAAI,OAAO,OAAO,QAAQ,YAAY,YAAY,KAAK;AACnD,gBAAM;AAAA,QACV;AACA,gBAAQ,MAAM,wBAAwB,GAAG;AACzC,cAAM,IAAI,MAAM,uBAAuB;AAAA,MAC3C;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,SAAS,CAACA,UAAkB,eAAuB,QAAe;AAC9D,MAAAA,SAAQ,OAAO,OAAO,YAAY,EAAE,MAAM,IAAI,CAAC;AAC/C,+BAAS,KAAK,YAAY;AAAA,IAC9B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,cAAc,CAACA,aAA2B;AACtC,MAAAA,SAAQ,OAAO,OAAO,YAAY,EAAE,MAAM,IAAI,CAAC;AAAA,IACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,gBAAgB,CAACA,aAAoC;AACjD,aAAOA,SAAQ,IAAI,OAAO,UAAU,KAAK;AAAA,IAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,SAAS,OAAO,gBAAkD;AAC9D,aAAO,cAAc,QAAQ,WAAW;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,YAAY,OAAOA,aAA+C;AAC9D,YAAM,cAAcA,SAAQ,IAAI,OAAO,UAAU;AACjD,UAAI,CAAC,YAAa,QAAO;AACzB,aAAO,cAAc,QAAQ,WAAW;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,iBAAiB,CAACA,aAA8B;AAC5C,aAAO,CAAC,CAACA,SAAQ,IAAI,OAAO,UAAU;AAAA,IAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,aAAa,CAACA,UAAkB,YAAoB,aAAmB;AACnE,UAAI,CAACA,SAAQ,IAAI,OAAO,UAAU,GAAG;AACjC,iCAAS,KAAK,SAAS;AAAA,MAC3B;AAAA,IACJ;AAAA,EACJ;AACJ;AAGO,IAAM,eAAe;;;ACpN5B,qBAAwB;AACxB,wBAAyB;AAEzB,oBAA6B;AAkDtB,SAAS,iBAAiB,mBAAsC;AACnE,QAAM,SAAS,cAAc,iBAAiB;AAE9C,SAAO;AAAA;AAAA;AAAA;AAAA,IAIH,WAAW,OAAO,EAAE,GAAG,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAU9B,QAAQ,CAAC,cAA4B,YAA0C;AAC3E,YAAM,UAAU,sBAAsB,QAAQ,cAAc,OAAO;AACnE,aAAO,2BAAa,SAAS,OAAO;AAAA,IACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,cAAc,CAAC,cAA4B,YAAoC;AAC3E,aAAO,sBAAsB,QAAQ,cAAc,OAAO;AAAA,IAC9D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAWA,sBAAsB,OAClB,SACA,cACA,YACwB;AACxB,YAAM,EAAE,aAAa,IAAI,IAAI,IAAI,QAAQ,GAAG;AAC5C,YAAM,OAAO,aAAa,IAAI,MAAM;AACpC,YAAM,QAAQ,aAAa,IAAI,OAAO;AACtC,YAAM,mBAAmB,aAAa,IAAI,mBAAmB;AAE7D,UAAI,OAAO;AACP,eAAO,2BAAa;AAAA,UAChB,EAAE,OAAO,oBAAoB,MAAM;AAAA,UACnC,EAAE,QAAQ,IAAI;AAAA,QAClB;AAAA,MACJ;AAEA,UAAI,CAAC,MAAM;AACP,eAAO,2BAAa;AAAA,UAChB,EAAE,OAAO,6BAA6B;AAAA,UACtC,EAAE,QAAQ,IAAI;AAAA,QAClB;AAAA,MACJ;AAEA,UAAI;AACA,cAAM,SAAS,MAAM,sBAAsB,QAAQ,cAAc,IAAI;AAErE,cAAM,cAAc,SAAS,uBAAuB;AACpD,cAAM,aAAa,IAAI,IAAI,aAAa,aAAa,MAAM;AAE3D,cAAM,WAAW,2BAAa,SAAS,UAAU;AAGjD,iBAAS,QAAQ,IAAI,OAAO,YAAY,OAAO,cAAc;AAAA,UACzD,UAAU;AAAA,UACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,UACjC,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,OAAO;AAAA,QACnB,CAAC;AAED,eAAO;AAAA,MACX,SAAS,KAAK;AACV,gBAAQ,MAAM,wBAAwB,GAAG;AACzC,eAAO,2BAAa;AAAA,UAChB,EAAE,OAAO,wBAAwB;AAAA,UACjC,EAAE,QAAQ,IAAI;AAAA,QAClB;AAAA,MACJ;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,SAAS,CAAC,cAA4B,eAAuB,QAAsB;AAC/E,YAAM,cAAc,IAAI,IAAI,cAAc,aAAa,MAAM;AAC7D,YAAM,WAAW,2BAAa,SAAS,WAAW;AAElD,eAAS,QAAQ,IAAI,OAAO,YAAY,IAAI;AAAA,QACxC,UAAU;AAAA,QACV,QAAQ,QAAQ,IAAI,aAAa;AAAA,QACjC,UAAU;AAAA,QACV,MAAM;AAAA,QACN,QAAQ;AAAA,MACZ,CAAC;AAED,aAAO;AAAA,IACX;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,gBAAgB,YAAoC;AAChD,YAAM,cAAc,UAAM,wBAAQ;AAClC,aAAO,YAAY,IAAI,OAAO,UAAU,GAAG,SAAS;AAAA,IACxD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,2BAA2B,CAAC,YAAwC;AAChE,aAAO,QAAQ,QAAQ,IAAI,OAAO,UAAU,GAAG,SAAS;AAAA,IAC5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,SAAS,OAAO,gBAAkD;AAC9D,aAAO,cAAc,QAAQ,WAAW;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,YAAY,YAAsC;AAC9C,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,cAAc,YAAY,IAAI,OAAO,UAAU,GAAG;AACxD,UAAI,CAAC,YAAa,QAAO;AACzB,aAAO,cAAc,QAAQ,WAAW;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,uBAAuB,OAAO,YAAmD;AAC7E,YAAM,cAAc,QAAQ,QAAQ,IAAI,OAAO,UAAU,GAAG;AAC5D,UAAI,CAAC,YAAa,QAAO;AACzB,aAAO,cAAc,QAAQ,WAAW;AAAA,IAC5C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAQA,iBAAiB,YAA8B;AAC3C,YAAM,cAAc,UAAM,wBAAQ;AAClC,aAAO,CAAC,CAAC,YAAY,IAAI,OAAO,UAAU,GAAG;AAAA,IACjD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,wBAAwB,CAAC,YAAkC;AACvD,aAAO,CAAC,CAAC,QAAQ,QAAQ,IAAI,OAAO,UAAU,GAAG;AAAA,IACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IASA,aAAa,OAAO,YAAoB,aAA4B;AAChE,YAAM,cAAc,UAAM,wBAAQ;AAClC,UAAI,CAAC,YAAY,IAAI,OAAO,UAAU,GAAG,OAAO;AAC5C,wCAAS,SAAS;AAAA,MACtB;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAUA,gBAAgB,CAAC,SAAsB,YAAoB,aAAkC;AACzF,UAAI,CAAC,QAAQ,QAAQ,IAAI,OAAO,UAAU,GAAG,OAAO;AAChD,cAAM,WAAW,IAAI,IAAI,WAAW,QAAQ,GAAG;AAC/C,iBAAS,aAAa,IAAI,QAAQ,QAAQ,QAAQ,QAAQ;AAC1D,eAAO,2BAAa,SAAS,QAAQ;AAAA,MACzC;AACA,aAAO;AAAA,IACX;AAAA,EACJ;AACJ;AAGO,IAAM,aAAa;","names":["cookies"]}