mongoku 2.7.1 → 2.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (148) hide show
  1. package/build/client/_app/immutable/chunks/{CNrIfF0J.js → BzDxl-xY.js} +2 -2
  2. package/build/client/_app/immutable/chunks/BzDxl-xY.js.br +0 -0
  3. package/build/client/_app/immutable/chunks/{CNrIfF0J.js.gz → BzDxl-xY.js.gz} +0 -0
  4. package/build/client/_app/immutable/chunks/{CdAen0lC.js → C4KNUyMJ.js} +1 -1
  5. package/build/client/_app/immutable/chunks/C4KNUyMJ.js.br +0 -0
  6. package/build/client/_app/immutable/chunks/C4KNUyMJ.js.gz +0 -0
  7. package/build/client/_app/immutable/chunks/{tWRwcLQq.js → DFGVB86g.js} +1 -1
  8. package/build/client/_app/immutable/chunks/DFGVB86g.js.br +0 -0
  9. package/build/client/_app/immutable/chunks/DFGVB86g.js.gz +0 -0
  10. package/build/client/_app/immutable/chunks/{DtdWp2vz.js → DJ979gqK.js} +1 -1
  11. package/build/client/_app/immutable/chunks/DJ979gqK.js.br +0 -0
  12. package/build/client/_app/immutable/chunks/DJ979gqK.js.gz +0 -0
  13. package/build/client/_app/immutable/chunks/{dXVm_RYC.js → Dv6E2xv5.js} +1 -1
  14. package/build/client/_app/immutable/chunks/Dv6E2xv5.js.br +0 -0
  15. package/build/client/_app/immutable/chunks/Dv6E2xv5.js.gz +0 -0
  16. package/build/client/_app/immutable/chunks/{BVHgdG0f.js → Lr-7lzyW.js} +1 -1
  17. package/build/client/_app/immutable/chunks/Lr-7lzyW.js.br +0 -0
  18. package/build/client/_app/immutable/chunks/Lr-7lzyW.js.gz +0 -0
  19. package/build/client/_app/immutable/chunks/{CEE5miT0.js → ZsFEdbVh.js} +1 -1
  20. package/build/client/_app/immutable/chunks/ZsFEdbVh.js.br +0 -0
  21. package/build/client/_app/immutable/chunks/ZsFEdbVh.js.gz +0 -0
  22. package/build/client/_app/immutable/entry/{app.B94_pW6C.js → app.CbeXEXwj.js} +2 -2
  23. package/build/client/_app/immutable/entry/app.CbeXEXwj.js.br +0 -0
  24. package/build/client/_app/immutable/entry/app.CbeXEXwj.js.gz +0 -0
  25. package/build/client/_app/immutable/entry/start.B2QE_PNG.js +1 -0
  26. package/build/client/_app/immutable/entry/start.B2QE_PNG.js.br +0 -0
  27. package/build/client/_app/immutable/entry/start.B2QE_PNG.js.gz +0 -0
  28. package/build/client/_app/immutable/nodes/{0.f88UHDdT.js → 0.zEd7eXYr.js} +1 -1
  29. package/build/client/_app/immutable/nodes/0.zEd7eXYr.js.br +0 -0
  30. package/build/client/_app/immutable/nodes/0.zEd7eXYr.js.gz +0 -0
  31. package/build/client/_app/immutable/nodes/{1.Desus7Z0.js → 1.BWwHWtSC.js} +1 -1
  32. package/build/client/_app/immutable/nodes/1.BWwHWtSC.js.br +0 -0
  33. package/build/client/_app/immutable/nodes/1.BWwHWtSC.js.gz +0 -0
  34. package/build/client/_app/immutable/nodes/{10.CKrdPjF9.js → 10.GZrKT64A.js} +1 -1
  35. package/build/client/_app/immutable/nodes/10.GZrKT64A.js.br +0 -0
  36. package/build/client/_app/immutable/nodes/10.GZrKT64A.js.gz +0 -0
  37. package/build/client/_app/immutable/nodes/{11.BCi9nWAG.js → 11.BM5zOOG5.js} +5 -5
  38. package/build/client/_app/immutable/nodes/11.BM5zOOG5.js.br +0 -0
  39. package/build/client/_app/immutable/nodes/11.BM5zOOG5.js.gz +0 -0
  40. package/build/client/_app/immutable/nodes/{12.BvJv6YXe.js → 12.DijleEEI.js} +1 -1
  41. package/build/client/_app/immutable/nodes/12.DijleEEI.js.br +0 -0
  42. package/build/client/_app/immutable/nodes/12.DijleEEI.js.gz +0 -0
  43. package/build/client/_app/immutable/nodes/{13.8numcQD1.js → 13.DMrrd0M2.js} +1 -1
  44. package/build/client/_app/immutable/nodes/13.DMrrd0M2.js.br +0 -0
  45. package/build/client/_app/immutable/nodes/13.DMrrd0M2.js.gz +0 -0
  46. package/build/client/_app/immutable/nodes/{14.DR0QhDO3.js → 14.BQgWzzYn.js} +1 -1
  47. package/build/client/_app/immutable/nodes/14.BQgWzzYn.js.br +0 -0
  48. package/build/client/_app/immutable/nodes/14.BQgWzzYn.js.gz +0 -0
  49. package/build/client/_app/immutable/nodes/{7.CyNI5m9e.js → 7.DtAVmCku.js} +1 -1
  50. package/build/client/_app/immutable/nodes/7.DtAVmCku.js.br +0 -0
  51. package/build/client/_app/immutable/nodes/7.DtAVmCku.js.gz +0 -0
  52. package/build/client/_app/immutable/nodes/{8.C65eVjiy.js → 8.D0grRuj8.js} +1 -1
  53. package/build/client/_app/immutable/nodes/8.D0grRuj8.js.br +0 -0
  54. package/build/client/_app/immutable/nodes/8.D0grRuj8.js.gz +0 -0
  55. package/build/client/_app/immutable/nodes/{9.DuKHdX0P.js → 9._KEpqNmu.js} +1 -1
  56. package/build/client/_app/immutable/nodes/9._KEpqNmu.js.br +0 -0
  57. package/build/client/_app/immutable/nodes/9._KEpqNmu.js.gz +0 -0
  58. package/build/client/_app/version.json +1 -1
  59. package/build/client/_app/version.json.br +0 -0
  60. package/build/client/_app/version.json.gz +0 -0
  61. package/build/server/chunks/{0-Cr1NP1t1.js → 0-B4_GybFX.js} +3 -3
  62. package/build/server/chunks/{0-Cr1NP1t1.js.map → 0-B4_GybFX.js.map} +1 -1
  63. package/build/server/chunks/{1-V8fH7Fqf.js → 1-CBliTycp.js} +2 -2
  64. package/build/server/chunks/{1-V8fH7Fqf.js.map → 1-CBliTycp.js.map} +1 -1
  65. package/build/server/chunks/{10-CYp3tj1z.js → 10-DK-L3H19.js} +2 -2
  66. package/build/server/chunks/{10-CYp3tj1z.js.map → 10-DK-L3H19.js.map} +1 -1
  67. package/build/server/chunks/{11-UmZ9siO8.js → 11-D4I1cu7b.js} +2 -2
  68. package/build/server/chunks/{11-UmZ9siO8.js.map → 11-D4I1cu7b.js.map} +1 -1
  69. package/build/server/chunks/{12-2SNiqYVT.js → 12-URI5MmUx.js} +2 -2
  70. package/build/server/chunks/{12-2SNiqYVT.js.map → 12-URI5MmUx.js.map} +1 -1
  71. package/build/server/chunks/{13-BYckYgMm.js → 13-D9RDShiT.js} +2 -2
  72. package/build/server/chunks/{13-BYckYgMm.js.map → 13-D9RDShiT.js.map} +1 -1
  73. package/build/server/chunks/{14-Ce-K3ova.js → 14-KiJwv7-9.js} +2 -2
  74. package/build/server/chunks/{14-Ce-K3ova.js.map → 14-KiJwv7-9.js.map} +1 -1
  75. package/build/server/chunks/7-CZgTCmLR.js +30 -0
  76. package/build/server/chunks/7-CZgTCmLR.js.map +1 -0
  77. package/build/server/chunks/{8-CBMDPIX6.js → 8-nACIipIn.js} +2 -2
  78. package/build/server/chunks/{8-CBMDPIX6.js.map → 8-nACIipIn.js.map} +1 -1
  79. package/build/server/chunks/{9-DPPbF_HA.js → 9-BRPnUMf5.js} +2 -2
  80. package/build/server/chunks/{9-DPPbF_HA.js.map → 9-BRPnUMf5.js.map} +1 -1
  81. package/build/server/chunks/{_server.ts-BsZ825gJ.js → _server.ts-CHqxLmE4.js} +2 -2
  82. package/build/server/chunks/{_server.ts-BsZ825gJ.js.map → _server.ts-CHqxLmE4.js.map} +1 -1
  83. package/build/server/chunks/{_server.ts-BmyzPj3L.js → _server.ts-CNiqI4C6.js} +6 -3
  84. package/build/server/chunks/_server.ts-CNiqI4C6.js.map +1 -0
  85. package/build/server/chunks/{_server.ts-DKuI03oJ.js → _server.ts-OSPJ0dek.js} +9 -2
  86. package/build/server/chunks/_server.ts-OSPJ0dek.js.map +1 -0
  87. package/build/server/chunks/{hooks.server-FwLGFfI8.js → hooks.server-ChbJBVwm.js} +5 -3
  88. package/build/server/chunks/hooks.server-ChbJBVwm.js.map +1 -0
  89. package/build/server/chunks/{oauth-CpJ4lGij.js → oauth-BbSyq_Sb.js} +49 -2
  90. package/build/server/chunks/oauth-BbSyq_Sb.js.map +1 -0
  91. package/build/server/index.js +2 -2
  92. package/build/server/index.js.map +1 -1
  93. package/build/server/manifest.js +15 -15
  94. package/build/server/manifest.js.map +1 -1
  95. package/package.json +1 -1
  96. package/src/hooks.server.ts +3 -1
  97. package/src/lib/components/SearchBox.svelte +6 -1
  98. package/src/lib/server/oauth.ts +59 -0
  99. package/src/routes/auth/callback/+server.ts +7 -1
  100. package/src/routes/auth/login/+server.ts +10 -0
  101. package/src/routes/auth/logout/+page.server.ts +11 -0
  102. package/build/client/_app/immutable/chunks/BVHgdG0f.js.br +0 -0
  103. package/build/client/_app/immutable/chunks/BVHgdG0f.js.gz +0 -0
  104. package/build/client/_app/immutable/chunks/CEE5miT0.js.br +0 -0
  105. package/build/client/_app/immutable/chunks/CEE5miT0.js.gz +0 -0
  106. package/build/client/_app/immutable/chunks/CNrIfF0J.js.br +0 -0
  107. package/build/client/_app/immutable/chunks/CdAen0lC.js.br +0 -0
  108. package/build/client/_app/immutable/chunks/CdAen0lC.js.gz +0 -0
  109. package/build/client/_app/immutable/chunks/DtdWp2vz.js.br +0 -0
  110. package/build/client/_app/immutable/chunks/DtdWp2vz.js.gz +0 -0
  111. package/build/client/_app/immutable/chunks/dXVm_RYC.js.br +0 -0
  112. package/build/client/_app/immutable/chunks/dXVm_RYC.js.gz +0 -0
  113. package/build/client/_app/immutable/chunks/tWRwcLQq.js.br +0 -0
  114. package/build/client/_app/immutable/chunks/tWRwcLQq.js.gz +0 -0
  115. package/build/client/_app/immutable/entry/app.B94_pW6C.js.br +0 -0
  116. package/build/client/_app/immutable/entry/app.B94_pW6C.js.gz +0 -0
  117. package/build/client/_app/immutable/entry/start.KEFHhFV4.js +0 -1
  118. package/build/client/_app/immutable/entry/start.KEFHhFV4.js.br +0 -0
  119. package/build/client/_app/immutable/entry/start.KEFHhFV4.js.gz +0 -0
  120. package/build/client/_app/immutable/nodes/0.f88UHDdT.js.br +0 -0
  121. package/build/client/_app/immutable/nodes/0.f88UHDdT.js.gz +0 -0
  122. package/build/client/_app/immutable/nodes/1.Desus7Z0.js.br +0 -6
  123. package/build/client/_app/immutable/nodes/1.Desus7Z0.js.gz +0 -0
  124. package/build/client/_app/immutable/nodes/10.CKrdPjF9.js.br +0 -0
  125. package/build/client/_app/immutable/nodes/10.CKrdPjF9.js.gz +0 -0
  126. package/build/client/_app/immutable/nodes/11.BCi9nWAG.js.br +0 -0
  127. package/build/client/_app/immutable/nodes/11.BCi9nWAG.js.gz +0 -0
  128. package/build/client/_app/immutable/nodes/12.BvJv6YXe.js.br +0 -0
  129. package/build/client/_app/immutable/nodes/12.BvJv6YXe.js.gz +0 -0
  130. package/build/client/_app/immutable/nodes/13.8numcQD1.js.br +0 -0
  131. package/build/client/_app/immutable/nodes/13.8numcQD1.js.gz +0 -0
  132. package/build/client/_app/immutable/nodes/14.DR0QhDO3.js.br +0 -0
  133. package/build/client/_app/immutable/nodes/14.DR0QhDO3.js.gz +0 -0
  134. package/build/client/_app/immutable/nodes/7.CyNI5m9e.js.br +0 -0
  135. package/build/client/_app/immutable/nodes/7.CyNI5m9e.js.gz +0 -0
  136. package/build/client/_app/immutable/nodes/8.C65eVjiy.js.br +0 -0
  137. package/build/client/_app/immutable/nodes/8.C65eVjiy.js.gz +0 -0
  138. package/build/client/_app/immutable/nodes/9.DuKHdX0P.js.br +0 -0
  139. package/build/client/_app/immutable/nodes/9.DuKHdX0P.js.gz +0 -0
  140. package/build/server/chunks/7-sUlsCWEf.js +0 -9
  141. package/build/server/chunks/7-sUlsCWEf.js.map +0 -1
  142. package/build/server/chunks/_server.ts-BmyzPj3L.js.map +0 -1
  143. package/build/server/chunks/_server.ts-D67MghZb.js +0 -15
  144. package/build/server/chunks/_server.ts-D67MghZb.js.map +0 -1
  145. package/build/server/chunks/_server.ts-DKuI03oJ.js.map +0 -1
  146. package/build/server/chunks/hooks.server-FwLGFfI8.js.map +0 -1
  147. package/build/server/chunks/oauth-CpJ4lGij.js.map +0 -1
  148. package/src/routes/auth/logout/+server.ts +0 -9
package/build/server/chunks/{_server.ts-BmyzPj3L.js → _server.ts-CNiqI4C6.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as checkRequiredClaim, f as createSessionCookie } from './oauth-CpJ4lGij.js';
3
+ import { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as checkRequiredClaim, f as createSessionCookie, h as OAUTH_RETURN_COOKIE, s as sanitizeOAuthReturnPath } from './oauth-BbSyq_Sb.js';
4
4
  import { r as redirect, e as error } from './index-wpIsICWW.js';
5
5
  import './async-lVJA8xJZ.js';
6
6
  import './shared-server-BmU87nph.js';
@@ -43,8 +43,11 @@ const GET = async ({ url, cookies }) => {
43
43
  error(403, `Required claim not satisfied: ${config.requiredClaim.field}=${config.requiredClaim.value}`);
44
44
  }
45
45
  cookies.set("mongoku_session", createSessionCookie(config, user), cookieOptions(url, config.sessionDuration));
46
- redirect(302, `${base}/`);
46
+ const returnCookie = cookies.get(OAUTH_RETURN_COOKIE);
47
+ cookies.delete(OAUTH_RETURN_COOKIE, cookieOptions(url));
48
+ const afterLogin = sanitizeOAuthReturnPath(url, returnCookie) ?? `${base}/`;
49
+ redirect(302, afterLogin);
47
50
  };
48
51
 
49
52
  export { GET };
50
- //# sourceMappingURL=_server.ts-BmyzPj3L.js.map
53
+ //# sourceMappingURL=_server.ts-CNiqI4C6.js.map
package/build/server/chunks/_server.ts-CNiqI4C6.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"_server.ts-CNiqI4C6.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/callback/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, c as cookieOptions, e as exchangeCode, a as getCallbackUrl, b as extractUserFromIdToken, d as checkRequiredClaim, f as createSessionCookie, h as OAUTH_RETURN_COOKIE, s as sanitizeOAuthReturnPath } from \"../../../../chunks/oauth.js\";\nimport { redirect, error } from \"@sveltejs/kit\";\nconst GET = async ({ url, cookies }) => {\n const config = await getOAuthConfig();\n if (!config) {\n redirect(302, `${base}/`);\n }\n const oauthError = url.searchParams.get(\"error\");\n if (oauthError) {\n error(403, url.searchParams.get(\"error_description\") || oauthError);\n }\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n if (!code || !state) {\n error(400, \"Missing code or state parameter\");\n }\n const storedState = cookies.get(\"mongoku_pkce_state\");\n const storedVerifier = cookies.get(\"mongoku_pkce_verifier\");\n if (!storedState || !storedVerifier) {\n error(400, \"Missing OAuth cookies — please try logging in again\");\n }\n if (state !== storedState) {\n error(403, \"Invalid OAuth state\");\n }\n cookies.delete(\"mongoku_pkce_state\", cookieOptions(url));\n cookies.delete(\"mongoku_pkce_verifier\", cookieOptions(url));\n const tokens = await exchangeCode(config, url.origin, code, storedVerifier, getCallbackUrl(url.origin));\n let user = {};\n let claims = {};\n if (tokens.id_token) {\n ({ user, claims } = extractUserFromIdToken(tokens.id_token));\n }\n if (config.allowedSubs && (!user.sub || !config.allowedSubs.has(user.sub))) {\n error(403, \"Your account is not authorized to access this application\");\n }\n if (config.requiredClaim && !checkRequiredClaim(claims, config.requiredClaim)) {\n error(403, `Required claim not satisfied: ${config.requiredClaim.field}=${config.requiredClaim.value}`);\n }\n cookies.set(\"mongoku_session\", createSessionCookie(config, user), cookieOptions(url, config.sessionDuration));\n const returnCookie = cookies.get(OAUTH_RETURN_COOKIE);\n cookies.delete(OAUTH_RETURN_COOKIE, cookieOptions(url));\n const afterLogin = sanitizeOAuthReturnPath(url, returnCookie) ?? `${base}/`;\n redirect(302, afterLogin);\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK;AACxC,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7B,EAAE;AACF,EAAE,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAClD,EAAE,IAAI,UAAU,EAAE;AAClB,IAAI,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,UAAU,CAAC;AACvE,EAAE;AACF,EAAE,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;AAC3C,EAAE,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;AAC7C,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;AACvB,IAAI,KAAK,CAAC,GAAG,EAAE,iCAAiC,CAAC;AACjD,EAAE;AACF,EAAE,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;AACvD,EAAE,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;AAC7D,EAAE,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc,EAAE;AACvC,IAAI,KAAK,CAAC,GAAG,EAAE,qDAAqD,CAAC;AACrE,EAAE;AACF,EAAE,IAAI,KAAK,KAAK,WAAW,EAAE;AAC7B,IAAI,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC;AACrC,EAAE;AACF,EAAE,OAAO,CAAC,MAAM,CAAC,oBAAoB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AAC1D,EAAE,OAAO,CAAC,MAAM,CAAC,uBAAuB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AAC7D,EAAE,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,cAAc,EAAE,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACzG,EAAE,IAAI,IAAI,GAAG,EAAE;AACf,EAAE,IAAI,MAAM,GAAG,EAAE;AACjB,EAAE,IAAI,MAAM,CAAC,QAAQ,EAAE;AACvB,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,sBAAsB,CAAC,MAAM,CAAC,QAAQ,CAAC;AAC/D,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,WAAW,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE;AAC9E,IAAI,KAAK,CAAC,GAAG,EAAE,2DAA2D,CAAC;AAC3E,EAAE;AACF,EAAE,IAAI,MAAM,CAAC,aAAa,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,MAAM,CAAC,aAAa,CAAC,EAAE;AACjF,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC,8BAA8B,EAAE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC;AAC3G,EAAE;AACF,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,MAAM,EAAE,IAAI,CAAC,EAAE,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;AAC/G,EAAE,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;AACvD,EAAE,OAAO,CAAC,MAAM,CAAC,mBAAmB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AACzD,EAAE,MAAM,UAAU,GAAG,uBAAuB,CAAC,GAAG,EAAE,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;AAC7E,EAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;AAC3B;;;;"}
package/build/server/chunks/{_server.ts-DKuI03oJ.js → _server.ts-OSPJ0dek.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
- import { g as getOAuthConfig, h as generateCodeVerifier, i as generateCodeChallenge, j as generateState, a as getCallbackUrl, c as cookieOptions, k as buildAuthorizationUrl } from './oauth-CpJ4lGij.js';
3
+ import { g as getOAuthConfig, i as generateCodeVerifier, j as generateCodeChallenge, k as generateState, a as getCallbackUrl, c as cookieOptions, s as sanitizeOAuthReturnPath, h as OAUTH_RETURN_COOKIE, l as buildAuthorizationUrl } from './oauth-BbSyq_Sb.js';
4
4
  import { r as redirect } from './index-wpIsICWW.js';
5
5
  import './async-lVJA8xJZ.js';
6
6
  import './shared-server-BmU87nph.js';
@@ -17,8 +17,15 @@ const GET = async ({ url, cookies }) => {
17
17
  const callbackUrl = getCallbackUrl(url.origin);
18
18
  cookies.set("mongoku_pkce_verifier", codeVerifier, cookieOptions(url, 300));
19
19
  cookies.set("mongoku_pkce_state", state, cookieOptions(url, 300));
20
+ const returnParam = url.searchParams.get("return");
21
+ const sanitizedReturn = sanitizeOAuthReturnPath(url, returnParam);
22
+ if (sanitizedReturn) {
23
+ cookies.set(OAUTH_RETURN_COOKIE, sanitizedReturn, cookieOptions(url, 300));
24
+ } else {
25
+ cookies.delete(OAUTH_RETURN_COOKIE, cookieOptions(url));
26
+ }
20
27
  redirect(302, buildAuthorizationUrl(config, url.origin, callbackUrl, codeChallenge, state));
21
28
  };
22
29
 
23
30
  export { GET };
24
- //# sourceMappingURL=_server.ts-DKuI03oJ.js.map
31
+ //# sourceMappingURL=_server.ts-OSPJ0dek.js.map
package/build/server/chunks/_server.ts-OSPJ0dek.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"_server.ts-OSPJ0dek.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/auth/login/_server.ts.js"],"sourcesContent":["import { b as base } from \"../../../../chunks/server.js\";\nimport \"../../../../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../../../../chunks/root.js\";\nimport { g as getOAuthConfig, i as generateCodeVerifier, j as generateCodeChallenge, k as generateState, a as getCallbackUrl, c as cookieOptions, s as sanitizeOAuthReturnPath, h as OAUTH_RETURN_COOKIE, l as buildAuthorizationUrl } from \"../../../../chunks/oauth.js\";\nimport { redirect } from \"@sveltejs/kit\";\nconst GET = async ({ url, cookies }) => {\n const config = await getOAuthConfig();\n if (!config) {\n redirect(302, `${base}/`);\n }\n const codeVerifier = generateCodeVerifier();\n const codeChallenge = generateCodeChallenge(codeVerifier);\n const state = generateState();\n const callbackUrl = getCallbackUrl(url.origin);\n cookies.set(\"mongoku_pkce_verifier\", codeVerifier, cookieOptions(url, 300));\n cookies.set(\"mongoku_pkce_state\", state, cookieOptions(url, 300));\n const returnParam = url.searchParams.get(\"return\");\n const sanitizedReturn = sanitizeOAuthReturnPath(url, returnParam);\n if (sanitizedReturn) {\n cookies.set(OAUTH_RETURN_COOKIE, sanitizedReturn, cookieOptions(url, 300));\n } else {\n cookies.delete(OAUTH_RETURN_COOKIE, cookieOptions(url));\n }\n redirect(302, buildAuthorizationUrl(config, url.origin, callbackUrl, codeChallenge, state));\n};\nexport {\n GET\n};\n"],"names":[],"mappings":";;;;;;;;AAMK,MAAC,GAAG,GAAG,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK;AACxC,EAAE,MAAM,MAAM,GAAG,MAAM,cAAc,EAAE;AACvC,EAAE,IAAI,CAAC,MAAM,EAAE;AACf,IAAI,QAAQ,CAAC,GAAG,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7B,EAAE;AACF,EAAE,MAAM,YAAY,GAAG,oBAAoB,EAAE;AAC7C,EAAE,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC;AAC3D,EAAE,MAAM,KAAK,GAAG,aAAa,EAAE;AAC/B,EAAE,MAAM,WAAW,GAAG,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC;AAChD,EAAE,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,YAAY,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC7E,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACnE,EAAE,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC;AACpD,EAAE,MAAM,eAAe,GAAG,uBAAuB,CAAC,GAAG,EAAE,WAAW,CAAC;AACnE,EAAE,IAAI,eAAe,EAAE;AACvB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,eAAe,EAAE,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AAC9E,EAAE,CAAC,MAAM;AACT,IAAI,OAAO,CAAC,MAAM,CAAC,mBAAmB,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC;AAC3D,EAAE;AACF,EAAE,QAAQ,CAAC,GAAG,EAAE,qBAAqB,CAAC,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,CAAC,CAAC;AAC7F;;;;"}
package/build/server/chunks/{hooks.server-FwLGFfI8.js → hooks.server-ChbJBVwm.js} RENAMED
@@ -2,7 +2,7 @@ import { b as base } from './server-Crjo4w1q.js';
2
2
  import './url-hmE1zcJ6.js';
3
3
  import { p as private_env } from './shared-server-BmU87nph.js';
4
4
  import { c as contextStore, l as logger } from './logger-PfH_grbh.js';
5
- import { g as getOAuthConfig, v as verifySession } from './oauth-CpJ4lGij.js';
5
+ import { g as getOAuthConfig, v as verifySession } from './oauth-BbSyq_Sb.js';
6
6
  import { MongoError } from 'mongodb';
7
7
  import './async-lVJA8xJZ.js';
8
8
  import 'async_hooks';
@@ -29,9 +29,11 @@ const handle = async ({ event, resolve }) => {
29
29
  const acceptsHtml = event.request.headers.get("accept")?.includes("text/html");
30
30
  logger.logRequest(acceptsHtml ? 302 : 401, performance.now() - startTime);
31
31
  if (acceptsHtml) {
32
+ const returnTo = `${event.url.pathname}${event.url.search}`;
33
+ const loginUrl = `${base}/auth/login?return=${encodeURIComponent(returnTo)}`;
32
34
  return new Response(null, {
33
35
  status: 302,
34
- headers: { Location: `${base}/auth/login` }
36
+ headers: { Location: loginUrl }
35
37
  });
36
38
  }
37
39
  return new Response(JSON.stringify({ message: "Session expired" }), {
@@ -76,4 +78,4 @@ const handleError = ({ error }) => {
76
78
  };
77
79
 
78
80
  export { handle, handleError };
79
- //# sourceMappingURL=hooks.server-FwLGFfI8.js.map
81
+ //# sourceMappingURL=hooks.server-ChbJBVwm.js.map
package/build/server/chunks/hooks.server-ChbJBVwm.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hooks.server-ChbJBVwm.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { b as base } from \"../chunks/server.js\";\nimport \"../chunks/url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"../chunks/root.js\";\nimport { b as private_env } from \"../chunks/shared-server.js\";\nimport { c as contextStore, l as logger } from \"../chunks/logger.js\";\nimport { g as getOAuthConfig, v as verifySession } from \"../chunks/oauth.js\";\nimport { MongoError } from \"mongodb\";\nError.stackTraceLimit = 100;\nconst handle = async ({ event, resolve }) => {\n const oauthConfig = await getOAuthConfig();\n const authBasic = private_env.MONGOKU_AUTH_BASIC;\n event.locals.requestId = event.request.headers.get(\"X-Request-ID\") || crypto.randomUUID();\n event.setHeaders({\n \"X-Request-ID\": event.locals.requestId\n });\n return contextStore.run(event, async () => {\n const startTime = performance.now();\n if (oauthConfig) {\n const isAuthRoute = event.url.pathname.startsWith(`${base}/auth/`);\n const isCimdRoute = event.url.pathname === `${base}/.well-known/cimd.json`;\n if (!isAuthRoute && !isCimdRoute) {\n const sessionCookie = event.cookies.get(\"mongoku_session\");\n const session = sessionCookie ? verifySession(oauthConfig, sessionCookie) : null;\n if (!session) {\n const acceptsHtml = event.request.headers.get(\"accept\")?.includes(\"text/html\");\n logger.logRequest(acceptsHtml ? 302 : 401, performance.now() - startTime);\n if (acceptsHtml) {\n const returnTo = `${event.url.pathname}${event.url.search}`;\n const loginUrl = `${base}/auth/login?return=${encodeURIComponent(returnTo)}`;\n return new Response(null, {\n status: 302,\n headers: { Location: loginUrl }\n });\n }\n return new Response(JSON.stringify({ message: \"Session expired\" }), {\n status: 401,\n headers: { \"Content-Type\": \"application/json\" }\n });\n }\n event.locals.user = { sub: session.sub, name: session.name, email: session.email };\n }\n } else if (authBasic) {\n const [username, password] = authBasic.split(\":\");\n const basicAuth = event.request.headers.get(\"Authorization\");\n if (!basicAuth?.toLowerCase().startsWith(\"basic \") || basicAuth.slice(\"basic \".length) !== Buffer.from(`${username}:${password}`).toString(\"base64\")) {\n logger.logRequest(401, performance.now() - startTime);\n return new Response(\"Unauthorized\", {\n status: 401,\n headers: { \"WWW-Authenticate\": \"Basic\" }\n });\n }\n }\n const response = await resolve(event);\n logger.logRequest(response.status, performance.now() - startTime);\n return response;\n });\n};\nconst handleError = ({ error }) => {\n logger.error(error);\n if (error instanceof MongoError) {\n return {\n message: error.message,\n code: error.code\n };\n }\n if (error instanceof Error) {\n return {\n message: error.message\n };\n }\n return {\n message: \"An unexpected error occurred\"\n };\n};\nexport {\n handle,\n handleError\n};\n"],"names":[],"mappings":";;;;;;;;;;;AAQA,KAAK,CAAC,eAAe,GAAG,GAAG;AACtB,MAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC7C,EAAE,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE;AAC5C,EAAE,MAAM,SAAS,GAAG,WAAW,CAAC,kBAAkB;AAClD,EAAE,KAAK,CAAC,MAAM,CAAC,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AAC3F,EAAE,KAAK,CAAC,UAAU,CAAC;AACnB,IAAI,cAAc,EAAE,KAAK,CAAC,MAAM,CAAC;AACjC,GAAG,CAAC;AACJ,EAAE,OAAO,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,YAAY;AAC7C,IAAI,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE;AACvC,IAAI,IAAI,WAAW,EAAE;AACrB,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;AACxE,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC;AAChF,MAAM,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,EAAE;AACxC,QAAQ,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AAClE,QAAQ,MAAM,OAAO,GAAG,aAAa,GAAG,aAAa,CAAC,WAAW,EAAE,aAAa,CAAC,GAAG,IAAI;AACxF,QAAQ,IAAI,CAAC,OAAO,EAAE;AACtB,UAAU,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC;AACxF,UAAU,MAAM,CAAC,UAAU,CAAC,WAAW,GAAG,GAAG,GAAG,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACnF,UAAU,IAAI,WAAW,EAAE;AAC3B,YAAY,MAAM,QAAQ,GAAG,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;AACvE,YAAY,MAAM,QAAQ,GAAG,CAAC,EAAE,IAAI,CAAC,mBAAmB,EAAE,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAC;AACxF,YAAY,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE;AACtC,cAAc,MAAM,EAAE,GAAG;AACzB,cAAc,OAAO,EAAE,EAAE,QAAQ,EAAE,QAAQ;AAC3C,aAAa,CAAC;AACd,UAAU;AACV,UAAU,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,iBAAiB,EAAE,CAAC,EAAE;AAC9E,YAAY,MAAM,EAAE,GAAG;AACvB,YAAY,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AACzD,WAAW,CAAC;AACZ,QAAQ;AACR,QAAQ,KAAK,CAAC,MAAM,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE;AAC1F,MAAM;AACN,IAAI,CAAC,MAAM,IAAI,SAAS,EAAE;AAC1B,MAAM,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC;AACvD,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;AAClE,MAAM,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;AAC5J,QAAQ,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AAC7D,QAAQ,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE;AAC5C,UAAU,MAAM,EAAE,GAAG;AACrB,UAAU,OAAO,EAAE,EAAE,kBAAkB,EAAE,OAAO;AAChD,SAAS,CAAC;AACV,MAAM;AACN,IAAI;AACJ,IAAI,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACzC,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;AACrE,IAAI,OAAO,QAAQ;AACnB,EAAE,CAAC,CAAC;AACJ;AACK,MAAC,WAAW,GAAG,CAAC,EAAE,KAAK,EAAE,KAAK;AACnC,EAAE,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC;AACrB,EAAE,IAAI,KAAK,YAAY,UAAU,EAAE;AACnC,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC,OAAO;AAC5B,MAAM,IAAI,EAAE,KAAK,CAAC;AAClB,KAAK;AACL,EAAE;AACF,EAAE,IAAI,KAAK,YAAY,KAAK,EAAE;AAC9B,IAAI,OAAO;AACX,MAAM,OAAO,EAAE,KAAK,CAAC;AACrB,KAAK;AACL,EAAE;AACF,EAAE,OAAO;AACT,IAAI,OAAO,EAAE;AACb,GAAG;AACH;;;;"}
package/build/server/chunks/{oauth-CpJ4lGij.js → oauth-BbSyq_Sb.js} RENAMED
@@ -187,6 +187,53 @@ function verifySession(config, cookie) {
187
187
  function getCallbackUrl(origin) {
188
188
  return `${origin}${base}/auth/callback`;
189
189
  }
190
+ const OAUTH_AUTH_PREFIX = `${base}/auth`;
191
+ function sanitizeOAuthReturnPath(requestUrl, raw) {
192
+ if (raw == null || raw === "") {
193
+ return null;
194
+ }
195
+ const trimmed = raw.trim();
196
+ if (trimmed.startsWith("//")) {
197
+ return null;
198
+ }
199
+ let pathWithSearch;
200
+ if (/^https?:\/\//i.test(trimmed)) {
201
+ let parsed;
202
+ try {
203
+ parsed = new URL(trimmed);
204
+ } catch {
205
+ return null;
206
+ }
207
+ if (parsed.origin !== requestUrl.origin) {
208
+ return null;
209
+ }
210
+ pathWithSearch = parsed.pathname + parsed.search;
211
+ } else if (trimmed.startsWith("/")) {
212
+ try {
213
+ const parsed = new URL(trimmed, requestUrl.origin);
214
+ if (parsed.origin !== requestUrl.origin) {
215
+ return null;
216
+ }
217
+ pathWithSearch = parsed.pathname + parsed.search;
218
+ } catch {
219
+ return null;
220
+ }
221
+ } else {
222
+ return null;
223
+ }
224
+ if (base !== "") {
225
+ if (pathWithSearch !== base && !pathWithSearch.startsWith(`${base}/`)) {
226
+ return null;
227
+ }
228
+ } else if (!pathWithSearch.startsWith("/")) {
229
+ return null;
230
+ }
231
+ if (pathWithSearch === OAUTH_AUTH_PREFIX || pathWithSearch.startsWith(`${OAUTH_AUTH_PREFIX}/`)) {
232
+ return null;
233
+ }
234
+ return pathWithSearch;
235
+ }
236
+ const OAUTH_RETURN_COOKIE = "mongoku_oauth_return";
190
237
  function cookieOptions(url, maxAge) {
191
238
  return {
192
239
  httpOnly: true,
@@ -197,5 +244,5 @@ function cookieOptions(url, maxAge) {
197
244
  };
198
245
  }
199
246
 
200
- export { OAUTH_CIMD_CLIENT_ID as O, getCallbackUrl as a, extractUserFromIdToken as b, cookieOptions as c, checkRequiredClaim as d, exchangeCode as e, createSessionCookie as f, getOAuthConfig as g, generateCodeVerifier as h, generateCodeChallenge as i, generateState as j, buildAuthorizationUrl as k, verifySession as v };
201
- //# sourceMappingURL=oauth-CpJ4lGij.js.map
247
+ export { OAUTH_CIMD_CLIENT_ID as O, getCallbackUrl as a, extractUserFromIdToken as b, cookieOptions as c, checkRequiredClaim as d, exchangeCode as e, createSessionCookie as f, getOAuthConfig as g, OAUTH_RETURN_COOKIE as h, generateCodeVerifier as i, generateCodeChallenge as j, generateState as k, buildAuthorizationUrl as l, sanitizeOAuthReturnPath as s, verifySession as v };
248
+ //# sourceMappingURL=oauth-BbSyq_Sb.js.map
package/build/server/chunks/oauth-BbSyq_Sb.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth-BbSyq_Sb.js","sources":["../../../.svelte-kit/adapter-node/chunks/oauth.js"],"sourcesContent":["import { b as base } from \"./server.js\";\nimport \"./url.js\";\nimport \"@sveltejs/kit/internal/server\";\nimport \"./root.js\";\nimport { b as private_env } from \"./shared-server.js\";\nimport { createHmac, randomBytes, createHash, timingSafeEqual } from \"node:crypto\";\nconst DEFAULT_SESSION_DURATION = 86400;\nconst OAUTH_CIMD_CLIENT_ID = \"__CIMD__\";\nlet cachedConfig;\nfunction parseSessionDuration(rawDuration) {\n if (!rawDuration) {\n return DEFAULT_SESSION_DURATION;\n }\n const parsed = Number(rawDuration);\n if (!Number.isInteger(parsed) || parsed <= 0) {\n return DEFAULT_SESSION_DURATION;\n }\n return parsed;\n}\nasync function fetchOpenIDConfiguration(issuerUrl) {\n const wellKnown = issuerUrl.replace(/\\/+$/, \"\") + \"/.well-known/openid-configuration\";\n const response = await fetch(wellKnown);\n if (!response.ok) {\n throw new Error(`Failed to fetch OpenID configuration from ${wellKnown} (${response.status})`);\n }\n const config = await response.json();\n if (!config.authorization_endpoint || !config.token_endpoint) {\n throw new Error(`OpenID configuration at ${wellKnown} is missing required endpoints`);\n }\n return config;\n}\nasync function getOAuthConfig() {\n if (cachedConfig !== void 0) {\n return cachedConfig;\n }\n const clientId = private_env.MONGOKU_OAUTH_CLIENT_ID;\n if (!clientId) {\n cachedConfig = null;\n return null;\n }\n const issuerUrl = private_env.MONGOKU_OAUTH_ISSUER_URL;\n const sessionSecret = private_env.MONGOKU_OAUTH_SESSION_SECRET;\n if (!issuerUrl || !sessionSecret) {\n throw new Error(\n \"OAuth is partially configured. When MONGOKU_OAUTH_CLIENT_ID is set, MONGOKU_OAUTH_ISSUER_URL and MONGOKU_OAUTH_SESSION_SECRET are also required.\"\n );\n }\n const oidc = await fetchOpenIDConfiguration(issuerUrl);\n const allowedSubsRaw = private_env.MONGOKU_OAUTH_ALLOWED_SUBS;\n const allowedSubs = allowedSubsRaw ? new Set(\n allowedSubsRaw.split(\",\").map((s) => s.trim()).filter(Boolean)\n ) : void 0;\n const requiredClaimRaw = private_env.MONGOKU_OAUTH_REQUIRED_CLAIM;\n let requiredClaim;\n if (requiredClaimRaw) {\n const eqIndex = requiredClaimRaw.indexOf(\"=\");\n if (eqIndex <= 0) {\n throw new Error('MONGOKU_OAUTH_REQUIRED_CLAIM must be in the format \"field=value\" (e.g. \"authority=admin\")');\n }\n requiredClaim = {\n field: requiredClaimRaw.slice(0, eqIndex),\n value: requiredClaimRaw.slice(eqIndex + 1)\n };\n }\n cachedConfig = {\n clientId,\n issuerUrl,\n authorizationUrl: oidc.authorization_endpoint,\n tokenUrl: oidc.token_endpoint,\n scopes: private_env.MONGOKU_OAUTH_SCOPES ?? \"openid profile email\",\n sessionSecret,\n sessionDuration: parseSessionDuration(private_env.MONGOKU_OAUTH_SESSION_DURATION),\n allowedSubs,\n requiredClaim\n };\n return cachedConfig;\n}\nfunction resolveOAuthClientId(config, origin) {\n if (config.clientId !== OAUTH_CIMD_CLIENT_ID) {\n return config.clientId;\n }\n return new URL(`${base}/.well-known/cimd.json`, origin).toString();\n}\nfunction base64url(buffer) {\n return buffer.toString(\"base64url\");\n}\nfunction generateCodeVerifier() {\n return base64url(randomBytes(64));\n}\nfunction generateCodeChallenge(verifier) {\n return base64url(createHash(\"sha256\").update(verifier).digest());\n}\nfunction generateState() {\n return base64url(randomBytes(32));\n}\nfunction buildAuthorizationUrl(config, origin, callbackUrl, codeChallenge, state) {\n const url = new URL(config.authorizationUrl);\n url.searchParams.set(\"client_id\", resolveOAuthClientId(config, origin));\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", callbackUrl);\n url.searchParams.set(\"scope\", config.scopes);\n url.searchParams.set(\"state\", state);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n return url.toString();\n}\nasync function exchangeCode(config, origin, code, codeVerifier, callbackUrl) {\n const body = new URLSearchParams({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: callbackUrl,\n client_id: resolveOAuthClientId(config, origin),\n code_verifier: codeVerifier\n });\n const response = await fetch(config.tokenUrl, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n body: body.toString()\n });\n if (!response.ok) {\n const text = await response.text();\n throw new Error(`Token exchange failed (${response.status}): ${text}`);\n }\n return response.json();\n}\nfunction extractUserFromIdToken(idToken) {\n try {\n const parts = idToken.split(\".\");\n if (parts.length !== 3) {\n return { user: {}, claims: {} };\n }\n const claims = JSON.parse(Buffer.from(parts[1], \"base64url\").toString());\n return {\n user: {\n sub: claims.sub,\n name: claims.name || claims.preferred_username,\n email: claims.email\n },\n claims\n };\n } catch {\n return { user: {}, claims: {} };\n }\n}\nfunction checkRequiredClaim(claims, required) {\n const actual = claims[required.field];\n if (Array.isArray(actual)) {\n return actual.includes(required.value);\n }\n return String(actual) === required.value;\n}\nfunction createSessionCookie(config, user) {\n const sessionDuration = Number.isInteger(config.sessionDuration) && config.sessionDuration > 0 ? config.sessionDuration : DEFAULT_SESSION_DURATION;\n const payload = {\n ...user,\n exp: Math.floor(Date.now() / 1e3) + sessionDuration\n };\n const payloadStr = Buffer.from(JSON.stringify(payload)).toString(\"base64url\");\n const signature = createHmac(\"sha256\", config.sessionSecret).update(payloadStr).digest(\"base64url\");\n return `${payloadStr}.${signature}`;\n}\nfunction verifySession(config, cookie) {\n const dotIndex = cookie.lastIndexOf(\".\");\n if (dotIndex === -1) {\n return null;\n }\n const payloadStr = cookie.slice(0, dotIndex);\n const signature = cookie.slice(dotIndex + 1);\n const expectedSignature = createHmac(\"sha256\", config.sessionSecret).update(payloadStr).digest(\"base64url\");\n const a = Buffer.from(signature);\n const b = Buffer.from(expectedSignature);\n if (a.length !== b.length || !timingSafeEqual(a, b)) {\n return null;\n }\n try {\n const payload = JSON.parse(Buffer.from(payloadStr, \"base64url\").toString());\n if (!Number.isFinite(payload.exp)) {\n return null;\n }\n if (payload.exp < Math.floor(Date.now() / 1e3)) {\n return null;\n }\n return payload;\n } catch {\n return null;\n }\n}\nfunction getCallbackUrl(origin) {\n return `${origin}${base}/auth/callback`;\n}\nconst OAUTH_AUTH_PREFIX = `${base}/auth`;\nfunction sanitizeOAuthReturnPath(requestUrl, raw) {\n if (raw == null || raw === \"\") {\n return null;\n }\n const trimmed = raw.trim();\n if (trimmed.startsWith(\"//\")) {\n return null;\n }\n let pathWithSearch;\n if (/^https?:\\/\\//i.test(trimmed)) {\n let parsed;\n try {\n parsed = new URL(trimmed);\n } catch {\n return null;\n }\n if (parsed.origin !== requestUrl.origin) {\n return null;\n }\n pathWithSearch = parsed.pathname + parsed.search;\n } else if (trimmed.startsWith(\"/\")) {\n try {\n const parsed = new URL(trimmed, requestUrl.origin);\n if (parsed.origin !== requestUrl.origin) {\n return null;\n }\n pathWithSearch = parsed.pathname + parsed.search;\n } catch {\n return null;\n }\n } else {\n return null;\n }\n if (base !== \"\") {\n if (pathWithSearch !== base && !pathWithSearch.startsWith(`${base}/`)) {\n return null;\n }\n } else if (!pathWithSearch.startsWith(\"/\")) {\n return null;\n }\n if (pathWithSearch === OAUTH_AUTH_PREFIX || pathWithSearch.startsWith(`${OAUTH_AUTH_PREFIX}/`)) {\n return null;\n }\n return pathWithSearch;\n}\nconst OAUTH_RETURN_COOKIE = \"mongoku_oauth_return\";\nfunction cookieOptions(url, maxAge) {\n return {\n httpOnly: true,\n secure: url.protocol === \"https:\",\n sameSite: \"lax\",\n path: base || \"/\",\n ...maxAge !== void 0 && { maxAge }\n };\n}\nexport {\n OAUTH_CIMD_CLIENT_ID as O,\n getCallbackUrl as a,\n extractUserFromIdToken as b,\n cookieOptions as c,\n checkRequiredClaim as d,\n exchangeCode as e,\n createSessionCookie as f,\n getOAuthConfig as g,\n OAUTH_RETURN_COOKIE as h,\n generateCodeVerifier as i,\n generateCodeChallenge as j,\n generateState as k,\n buildAuthorizationUrl as l,\n sanitizeOAuthReturnPath as s,\n verifySession as v\n};\n"],"names":[],"mappings":";;;;;AAMA,MAAM,wBAAwB,GAAG,KAAK;AACjC,MAAC,oBAAoB,GAAG;AAC7B,IAAI,YAAY;AAChB,SAAS,oBAAoB,CAAC,WAAW,EAAE;AAC3C,EAAE,IAAI,CAAC,WAAW,EAAE;AACpB,IAAI,OAAO,wBAAwB;AACnC,EAAE;AACF,EAAE,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC;AACpC,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,MAAM,IAAI,CAAC,EAAE;AAChD,IAAI,OAAO,wBAAwB;AACnC,EAAE;AACF,EAAE,OAAO,MAAM;AACf;AACA,eAAe,wBAAwB,CAAC,SAAS,EAAE;AACnD,EAAE,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,GAAG,mCAAmC;AACvF,EAAE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC;AACzC,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACpB,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,0CAA0C,EAAE,SAAS,CAAC,EAAE,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAClG,EAAE;AACF,EAAE,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AACtC,EAAE,IAAI,CAAC,MAAM,CAAC,sBAAsB,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE;AAChE,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,wBAAwB,EAAE,SAAS,CAAC,8BAA8B,CAAC,CAAC;AACzF,EAAE;AACF,EAAE,OAAO,MAAM;AACf;AACA,eAAe,cAAc,GAAG;AAChC,EAAE,IAAI,YAAY,KAAK,MAAM,EAAE;AAC/B,IAAI,OAAO,YAAY;AACvB,EAAE;AACF,EAAE,MAAM,QAAQ,GAAG,WAAW,CAAC,uBAAuB;AACtD,EAAE,IAAI,CAAC,QAAQ,EAAE;AACjB,IAAI,YAAY,GAAG,IAAI;AACvB,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,MAAM,SAAS,GAAG,WAAW,CAAC,wBAAwB;AACxD,EAAE,MAAM,aAAa,GAAG,WAAW,CAAC,4BAA4B;AAChE,EAAE,IAAI,CAAC,SAAS,IAAI,CAAC,aAAa,EAAE;AACpC,IAAI,MAAM,IAAI,KAAK;AACnB,MAAM;AACN,KAAK;AACL,EAAE;AACF,EAAE,MAAM,IAAI,GAAG,MAAM,wBAAwB,CAAC,SAAS,CAAC;AACxD,EAAE,MAAM,cAAc,GAAG,WAAW,CAAC,0BAA0B;AAC/D,EAAE,MAAM,WAAW,GAAG,cAAc,GAAG,IAAI,GAAG;AAC9C,IAAI,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO;AACjE,GAAG,GAAG,MAAM;AACZ,EAAE,MAAM,gBAAgB,GAAG,WAAW,CAAC,4BAA4B;AACnE,EAAE,IAAI,aAAa;AACnB,EAAE,IAAI,gBAAgB,EAAE;AACxB,IAAI,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC;AACjD,IAAI,IAAI,OAAO,IAAI,CAAC,EAAE;AACtB,MAAM,MAAM,IAAI,KAAK,CAAC,2FAA2F,CAAC;AAClH,IAAI;AACJ,IAAI,aAAa,GAAG;AACpB,MAAM,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC;AAC/C,MAAM,KAAK,EAAE,gBAAgB,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC;AAC/C,KAAK;AACL,EAAE;AACF,EAAE,YAAY,GAAG;AACjB,IAAI,QAAQ;AACZ,IAAI,SAAS;AACb,IAAI,gBAAgB,EAAE,IAAI,CAAC,sBAAsB;AACjD,IAAI,QAAQ,EAAE,IAAI,CAAC,cAAc;AACjC,IAAI,MAAM,EAAE,WAAW,CAAC,oBAAoB,IAAI,sBAAsB;AACtE,IAAI,aAAa;AACjB,IAAI,eAAe,EAAE,oBAAoB,CAAC,WAAW,CAAC,8BAA8B,CAAC;AACrF,IAAI,WAAW;AACf,IAAI;AACJ,GAAG;AACH,EAAE,OAAO,YAAY;AACrB;AACA,SAAS,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE;AAC9C,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,oBAAoB,EAAE;AAChD,IAAI,OAAO,MAAM,CAAC,QAAQ;AAC1B,EAAE;AACF,EAAE,OAAO,IAAI,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,sBAAsB,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,EAAE;AACpE;AACA,SAAS,SAAS,CAAC,MAAM,EAAE;AAC3B,EAAE,OAAO,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;AACrC;AACA,SAAS,oBAAoB,GAAG;AAChC,EAAE,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AACnC;AACA,SAAS,qBAAqB,CAAC,QAAQ,EAAE;AACzC,EAAE,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC;AAClE;AACA,SAAS,aAAa,GAAG;AACzB,EAAE,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AACnC;AACA,SAAS,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE;AAClF,EAAE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC;AAC9C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACzE,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC;AAC/C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC;AACnD,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC;AAC9C,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;AACtC,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC;AACvD,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC;AACvD,EAAE,OAAO,GAAG,CAAC,QAAQ,EAAE;AACvB;AACA,eAAe,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE;AAC7E,EAAE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;AACnC,IAAI,UAAU,EAAE,oBAAoB;AACpC,IAAI,IAAI;AACR,IAAI,YAAY,EAAE,WAAW;AAC7B,IAAI,SAAS,EAAE,oBAAoB,CAAC,MAAM,EAAE,MAAM,CAAC;AACnD,IAAI,aAAa,EAAE;AACnB,GAAG,CAAC;AACJ,EAAE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE;AAChD,IAAI,MAAM,EAAE,MAAM;AAClB,IAAI,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;AACpE,IAAI,IAAI,EAAE,IAAI,CAAC,QAAQ;AACvB,GAAG,CAAC;AACJ,EAAE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AACpB,IAAI,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AACtC,IAAI,MAAM,IAAI,KAAK,CAAC,CAAC,uBAAuB,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AAC1E,EAAE;AACF,EAAE,OAAO,QAAQ,CAAC,IAAI,EAAE;AACxB;AACA,SAAS,sBAAsB,CAAC,OAAO,EAAE;AACzC,EAAE,IAAI;AACN,IAAI,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;AACpC,IAAI,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;AAC5B,MAAM,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;AACrC,IAAI;AACJ,IAAI,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC5E,IAAI,OAAO;AACX,MAAM,IAAI,EAAE;AACZ,QAAQ,GAAG,EAAE,MAAM,CAAC,GAAG;AACvB,QAAQ,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,kBAAkB;AACtD,QAAQ,KAAK,EAAE,MAAM,CAAC;AACtB,OAAO;AACP,MAAM;AACN,KAAK;AACL,EAAE,CAAC,CAAC,MAAM;AACV,IAAI,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;AACnC,EAAE;AACF;AACA,SAAS,kBAAkB,CAAC,MAAM,EAAE,QAAQ,EAAE;AAC9C,EAAE,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;AACvC,EAAE,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE;AAC7B,IAAI,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;AAC1C,EAAE;AACF,EAAE,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,QAAQ,CAAC,KAAK;AAC1C;AACA,SAAS,mBAAmB,CAAC,MAAM,EAAE,IAAI,EAAE;AAC3C,EAAE,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,MAAM,CAAC,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,eAAe,GAAG,wBAAwB;AACpJ,EAAE,MAAM,OAAO,GAAG;AAClB,IAAI,GAAG,IAAI;AACX,IAAI,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,GAAG;AACxC,GAAG;AACH,EAAE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;AAC/E,EAAE,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;AACrG,EAAE,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;AACrC;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE;AACvC,EAAE,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC;AAC1C,EAAE,IAAI,QAAQ,KAAK,EAAE,EAAE;AACvB,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC;AAC9C,EAAE,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC9C,EAAE,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC;AAC7G,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;AAClC,EAAE,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC;AAC1C,EAAE,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;AACvD,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,IAAI;AACN,IAAI,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC;AAC/E,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;AACvC,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,EAAE;AACpD,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,OAAO,OAAO;AAClB,EAAE,CAAC,CAAC,MAAM;AACV,IAAI,OAAO,IAAI;AACf,EAAE;AACF;AACA,SAAS,cAAc,CAAC,MAAM,EAAE;AAChC,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC;AACzC;AACA,MAAM,iBAAiB,GAAG,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC;AACxC,SAAS,uBAAuB,CAAC,UAAU,EAAE,GAAG,EAAE;AAClD,EAAE,IAAI,GAAG,IAAI,IAAI,IAAI,GAAG,KAAK,EAAE,EAAE;AACjC,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE;AAC5B,EAAE,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AAChC,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,IAAI,cAAc;AACpB,EAAE,IAAI,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;AACrC,IAAI,IAAI,MAAM;AACd,IAAI,IAAI;AACR,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC;AAC/B,IAAI,CAAC,CAAC,MAAM;AACZ,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE;AAC7C,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,IAAI,cAAc,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM;AACpD,EAAE,CAAC,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;AACtC,IAAI,IAAI;AACR,MAAM,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC;AACxD,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE;AAC/C,QAAQ,OAAO,IAAI;AACnB,MAAM;AACN,MAAM,cAAc,GAAG,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM;AACtD,IAAI,CAAC,CAAC,MAAM;AACZ,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,EAAE,CAAC,MAAM;AACT,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,IAAI,IAAI,KAAK,EAAE,EAAE;AACnB,IAAI,IAAI,cAAc,KAAK,IAAI,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE;AAC3E,MAAM,OAAO,IAAI;AACjB,IAAI;AACJ,EAAE,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE;AAC9C,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,IAAI,cAAc,KAAK,iBAAiB,IAAI,cAAc,CAAC,UAAU,CAAC,CAAC,EAAE,iBAAiB,CAAC,CAAC,CAAC,CAAC,EAAE;AAClG,IAAI,OAAO,IAAI;AACf,EAAE;AACF,EAAE,OAAO,cAAc;AACvB;AACK,MAAC,mBAAmB,GAAG;AAC5B,SAAS,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE;AACpC,EAAE,OAAO;AACT,IAAI,QAAQ,EAAE,IAAI;AAClB,IAAI,MAAM,EAAE,GAAG,CAAC,QAAQ,KAAK,QAAQ;AACrC,IAAI,QAAQ,EAAE,KAAK;AACnB,IAAI,IAAI,EAAE,IAAI,IAAI,GAAG;AACrB,IAAI,GAAG,MAAM,KAAK,MAAM,IAAI,EAAE,MAAM;AACpC,GAAG;AACH;;;;"}
package/build/server/index.js CHANGED
@@ -118,7 +118,7 @@ const options = {
118
118
  <div class="error">
119
119
  <span class="status">` + status + '</span>\n <div class="message">\n <h1>' + message + "</h1>\n </div>\n </div>\n </body>\n</html>\n"
120
120
  },
121
- version_hash: "1dlrovl"
121
+ version_hash: "1g7supc"
122
122
  };
123
123
  async function get_hooks() {
124
124
  let handle;
@@ -126,7 +126,7 @@ async function get_hooks() {
126
126
  let handleError;
127
127
  let handleValidationError;
128
128
  let init;
129
- ({ handle, handleFetch, handleError, handleValidationError, init } = await import('./chunks/hooks.server-FwLGFfI8.js'));
129
+ ({ handle, handleFetch, handleError, handleValidationError, init } = await import('./chunks/hooks.server-ChbJBVwm.js'));
130
130
  let reroute;
131
131
  let transport;
132
132
  return {