strapi-plugin-firebase-authentication 1.2.0 → 1.2.1

package/dist/server/index.js

@@ -401,293 +401,6 @@ const contentTypes = {
   "firebase-authentication-configuration": { schema: firebaseAuthenticationConfiguration },
   "firebase-user-data": { schema: firebaseUserData }
 };
-const pluginName = "firebase-authentication";
-const PLUGIN_NAME = "firebase-authentication";
-const PLUGIN_UID = `plugin::${PLUGIN_NAME}`;
-const CONFIG_CONTENT_TYPE = `${PLUGIN_UID}.firebase-authentication-configuration`;
-const DEFAULT_PASSWORD_RESET_URL = "http://localhost:3000/reset-password";
-const DEFAULT_PASSWORD_REGEX = "^.{6,}$";
-const DEFAULT_PASSWORD_MESSAGE = "Password must be at least 6 characters long";
-const DEFAULT_RESET_EMAIL_SUBJECT = "Reset Your Password";
-const ERROR_MESSAGES = {
-  FIREBASE_NOT_INITIALIZED: "Firebase is not initialized. Please upload Firebase service account configuration via Settings → Firebase Authentication.",
-  INVALID_JSON: "Invalid JSON format. Please ensure you copied the entire JSON content correctly.",
-  MISSING_DATA: "data is missing",
-  SOMETHING_WENT_WRONG: "Something went wrong",
-  AUTHENTICATION_FAILED: "Authentication failed",
-  TOKEN_MISSING: "idToken is missing!",
-  EMAIL_PASSWORD_REQUIRED: "Email and password are required",
-  PASSWORD_REQUIRED: "Password is required",
-  AUTHORIZATION_REQUIRED: "Authorization token is required",
-  INVALID_TOKEN: "Invalid or expired token",
-  USER_NOT_FOUND: "User not found",
-  USER_NO_EMAIL: "User does not have an email address",
-  FIREBASE_LINK_FAILED: "Failed to generate Firebase reset link",
-  CONFIG_NOT_FOUND: "No config found",
-  INVALID_SERVICE_ACCOUNT: "Invalid service account JSON",
-  WEB_API_NOT_CONFIGURED: "Email/password authentication is not available. Web API Key is not configured.",
-  RESET_URL_NOT_CONFIGURED: "Password reset URL is not configured",
-  RESET_URL_MUST_BE_HTTPS: "Password reset URL must use HTTPS in production",
-  RESET_URL_INVALID_FORMAT: "Password reset URL is not a valid URL format",
-  USER_NOT_LINKED_FIREBASE: "User is not linked to Firebase authentication",
-  OVERRIDE_USER_ID_REQUIRED: "Override user ID is required",
-  EITHER_EMAIL_OR_PHONE_REQUIRED: "Either email or phoneNumber is required",
-  DELETION_NO_CONFIG: "No Firebase configs exists for deletion"
-};
-const SUCCESS_MESSAGES = {
-  FIREBASE_INITIALIZED: "Firebase successfully initialized",
-  FIREBASE_CONFIG_DELETED: "Firebase config deleted and reinitialized",
-  PASSWORD_RESET_EMAIL_SENT: "If an account with that email exists, a password reset link has been sent.",
-  SERVER_RESTARTING: "SERVER IS RESTARTING"
-};
-const CONFIG_KEYS = {
-  ENCRYPTION_KEY: `${PLUGIN_UID}.FIREBASE_JSON_ENCRYPTION_KEY`
-};
-const REQUIRED_FIELDS = {
-  SERVICE_ACCOUNT: ["private_key", "client_email", "project_id", "type"],
-  WEB_CONFIG: ["apiKey", "authDomain"]
-  // These indicate wrong JSON type
-};
-const VALIDATION_MESSAGES = {
-  INVALID_SERVICE_ACCOUNT: "Invalid Service Account JSON. Missing required fields:",
-  WRONG_JSON_TYPE: "You uploaded a Web App Config (SDK snippet) instead of a Service Account JSON. Please go to Firebase Console → Service Accounts tab → Generate New Private Key to download the correct file.",
-  SERVICE_ACCOUNT_HELP: "Please download the correct JSON from Firebase Console → Service Accounts → Generate New Private Key. Do NOT use the Web App Config (SDK snippet) - that is a different file!"
-};
-const firebaseController = {
-  async validateToken(ctx) {
-    strapi.log.debug("validateToken called");
-    try {
-      const { idToken, profileMetaData } = ctx.request.body || {};
-      const populate2 = ctx.request.query.populate || [];
-      if (!idToken) {
-        return ctx.badRequest(ERROR_MESSAGES.TOKEN_MISSING);
-      }
-      const result = await strapi.plugin(pluginName).service("firebaseService").validateFirebaseToken(idToken, profileMetaData, populate2);
-      ctx.body = result;
-    } catch (error2) {
-      strapi.log.error(`validateToken controller error: ${error2.message}`);
-      if (error2.name === "ValidationError") {
-        return ctx.badRequest(error2.message);
-      }
-      if (error2.name === "UnauthorizedError") {
-        return ctx.unauthorized(error2.message);
-      }
-      throw error2;
-    }
-  },
-  async deleteByEmail(email2) {
-    const user = await strapi.firebase.auth().getUserByEmail(email2);
-    await strapi.plugin(pluginName).service("firebaseService").delete(user.toJSON().uid);
-    return user.toJSON();
-  },
-  async overrideAccess(ctx) {
-    try {
-      const { overrideUserId } = ctx.request.body || {};
-      const populate2 = ctx.request.query.populate || [];
-      const result = await strapi.plugin(pluginName).service("firebaseService").overrideFirebaseAccess(overrideUserId, populate2);
-      ctx.body = result;
-    } catch (error2) {
-      if (error2.name === "ValidationError") {
-        return ctx.badRequest(error2.message);
-      }
-      if (error2.name === "NotFoundError") {
-        return ctx.notFound(error2.message);
-      }
-      throw error2;
-    }
-  },
-  /**
-   * Controller method for email/password authentication
-   * Handles the `/api/firebase-authentication/emailLogin` endpoint
-   *
-   * @param ctx - Koa context object
-   * @returns Promise that sets ctx.body with user data and JWT or error message
-   *
-   * @remarks
-   * This controller acts as a proxy to Firebase's Identity Toolkit API,
-   * allowing users to authenticate with email/password and receive a Strapi JWT.
-   *
-   * HTTP Status Codes:
-   * - `400`: Validation errors (missing credentials, invalid email/password)
-   * - `500`: Server errors (missing configuration, Firebase API issues)
-   */
-  async emailLogin(ctx) {
-    strapi.log.debug("emailLogin controller");
-    try {
-      const { email: email2, password } = ctx.request.body || {};
-      const populate2 = ctx.request.query.populate || [];
-      const result = await strapi.plugin(pluginName).service("firebaseService").emailLogin(email2, password, populate2);
-      ctx.body = result;
-    } catch (error2) {
-      strapi.log.error("emailLogin controller error:", error2);
-      if (error2.name === "ValidationError") {
-        ctx.status = 400;
-      } else if (error2.name === "ApplicationError") {
-        ctx.status = 500;
-      } else {
-        ctx.status = 500;
-      }
-      ctx.body = { error: error2.message };
-    }
-  },
-  /**
-   * Forgot password - sends reset email
-   * POST /api/firebase-authentication/forgotPassword
-   * Public endpoint - no authentication required
-   */
-  async forgotPassword(ctx) {
-    strapi.log.debug("forgotPassword endpoint called");
-    try {
-      const { email: email2 } = ctx.request.body || {};
-      ctx.body = await strapi.plugin(pluginName).service("firebaseService").forgotPassword(email2);
-    } catch (error2) {
-      strapi.log.error("forgotPassword controller error:", error2);
-      if (error2.name === "ValidationError") {
-        ctx.status = 400;
-      } else if (error2.name === "NotFoundError") {
-        ctx.status = 404;
-      } else {
-        ctx.status = 500;
-      }
-      ctx.body = { error: error2.message };
-    }
-  },
-  /**
-   * Reset password - authenticated password change
-   * POST /api/firebase-authentication/resetPassword
-   * Public endpoint - requires valid JWT in Authorization header
-   * Used for admin-initiated resets or user self-service password changes
-   * NOT used for forgot password email flow (which uses Firebase's hosted UI)
-   */
-  async resetPassword(ctx) {
-    strapi.log.debug("resetPassword endpoint called");
-    try {
-      const { password } = ctx.request.body || {};
-      const token = ctx.request.headers.authorization?.replace("Bearer ", "");
-      const populate2 = ctx.request.query.populate || [];
-      ctx.body = await strapi.plugin(pluginName).service("firebaseService").resetPassword(password, token, populate2);
-    } catch (error2) {
-      strapi.log.error("resetPassword controller error:", error2);
-      if (error2.name === "ValidationError" || error2.name === "UnauthorizedError") {
-        ctx.status = 401;
-      } else {
-        ctx.status = 500;
-      }
-      ctx.body = { error: error2.message };
-    }
-  },
-  async requestMagicLink(ctx) {
-    try {
-      const { email: email2 } = ctx.request.body || {};
-      const result = await strapi.plugin("firebase-authentication").service("firebaseService").requestMagicLink(email2);
-      ctx.body = result;
-    } catch (error2) {
-      if (error2.name === "ValidationError" || error2.name === "ApplicationError") {
-        throw error2;
-      }
-      strapi.log.error("requestMagicLink controller error:", error2);
-      ctx.body = {
-        success: false,
-        message: "An error occurred while processing your request"
-      };
-    }
-  },
-  /**
-   * Reset password using custom JWT token
-   * POST /api/firebase-authentication/resetPasswordWithToken
-   * Public endpoint - token provides authentication
-   *
-   * @param ctx - Koa context with { token, newPassword } in body
-   * @returns { success: true, message: "Password has been reset successfully" }
-   */
-  async resetPasswordWithToken(ctx) {
-    strapi.log.debug("resetPasswordWithToken endpoint called");
-    try {
-      const { token, newPassword } = ctx.request.body || {};
-      if (!token) {
-        ctx.status = 400;
-        ctx.body = { error: "Token is required" };
-        return;
-      }
-      if (!newPassword) {
-        ctx.status = 400;
-        ctx.body = { error: "New password is required" };
-        return;
-      }
-      const result = await strapi.plugin(pluginName).service("userService").resetPasswordWithToken(token, newPassword);
-      ctx.body = result;
-    } catch (error2) {
-      strapi.log.error("resetPasswordWithToken controller error:", error2);
-      if (error2.name === "ValidationError") {
-        ctx.status = 400;
-        ctx.body = { error: error2.message };
-        return;
-      }
-      if (error2.name === "NotFoundError") {
-        ctx.status = 404;
-        ctx.body = { error: error2.message };
-        return;
-      }
-      ctx.status = 500;
-      ctx.body = { error: "An error occurred while resetting your password" };
-    }
-  },
-  /**
-   * Send email verification - public endpoint
-   * POST /api/firebase-authentication/sendVerificationEmail
-   * Public endpoint - no authentication required
-   */
-  async sendVerificationEmail(ctx) {
-    strapi.log.debug("sendVerificationEmail endpoint called");
-    try {
-      const { email: email2 } = ctx.request.body || {};
-      ctx.body = await strapi.plugin(pluginName).service("firebaseService").sendVerificationEmail(email2);
-    } catch (error2) {
-      strapi.log.error("sendVerificationEmail controller error:", error2);
-      if (error2.name === "ValidationError") {
-        ctx.status = 400;
-      } else {
-        ctx.status = 500;
-      }
-      ctx.body = { error: error2.message };
-    }
-  },
-  /**
-   * Verify email using custom JWT token
-   * POST /api/firebase-authentication/verifyEmail
-   * Public endpoint - token provides authentication
-   *
-   * @param ctx - Koa context with { token } in body
-   * @returns { success: true, message: "Email verified successfully" }
-   */
-  async verifyEmail(ctx) {
-    strapi.log.debug("verifyEmail endpoint called");
-    try {
-      const { token } = ctx.request.body || {};
-      if (!token) {
-        ctx.status = 400;
-        ctx.body = { error: "Token is required" };
-        return;
-      }
-      const result = await strapi.plugin(pluginName).service("firebaseService").verifyEmail(token);
-      ctx.body = result;
-    } catch (error2) {
-      strapi.log.error("verifyEmail controller error:", error2);
-      if (error2.name === "ValidationError") {
-        ctx.status = 400;
-        ctx.body = { error: error2.message };
-        return;
-      }
-      if (error2.name === "NotFoundError") {
-        ctx.status = 404;
-        ctx.body = { error: error2.message };
-        return;
-      }
-      ctx.status = 500;
-      ctx.body = { error: "An error occurred while verifying your email" };
-    }
-  }
-};
 var commonjsGlobal = typeof globalThis !== "undefined" ? globalThis : typeof window !== "undefined" ? window : typeof global !== "undefined" ? global : typeof self !== "undefined" ? self : {};
 function getDefaultExportFromCjs(x) {
   return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, "default") ? x["default"] : x;
@@ -702,7 +415,7 @@ var lodash = { exports: {} };
  * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
  */
 lodash.exports;
-(function(module2, exports2) {
+(function(module2, exports$1) {
   (function() {
     var undefined$1;
     var VERSION = "4.17.21";
@@ -1030,7 +743,7 @@ lodash.exports;
     var freeGlobal2 = typeof commonjsGlobal == "object" && commonjsGlobal && commonjsGlobal.Object === Object && commonjsGlobal;
     var freeSelf2 = typeof self == "object" && self && self.Object === Object && self;
     var root2 = freeGlobal2 || freeSelf2 || Function("return this")();
-    var freeExports = exports2 && !exports2.nodeType && exports2;
+    var freeExports = exports$1 && !exports$1.nodeType && exports$1;
     var freeModule = freeExports && true && module2 && !module2.nodeType && module2;
     var moduleExports = freeModule && freeModule.exports === freeExports;
     var freeProcess = moduleExports && freeGlobal2.process;
@@ -6260,7 +5973,7 @@ var lodash_min = { exports: {} };
  * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors
  */
 lodash_min.exports;
-(function(module2, exports2) {
+(function(module2, exports$1) {
   (function() {
     function n(n2, t3, r2) {
       switch (r2.length) {
@@ -6693,7 +6406,7 @@ lodash_min.exports;
       "œ": "oe",
       "ʼn": "'n",
       "ſ": "s"
-    }, Hr = { "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;", "'": "&#39;" }, Jr = { "&amp;": "&", "&lt;": "<", "&gt;": ">", "&quot;": '"', "&#39;": "'" }, Yr = { "\\": "\\", "'": "'", "\n": "n", "\r": "r", "\u2028": "u2028", "\u2029": "u2029" }, Qr = parseFloat, Xr = parseInt, ne = "object" == typeof commonjsGlobal && commonjsGlobal && commonjsGlobal.Object === Object && commonjsGlobal, te = "object" == typeof self && self && self.Object === Object && self, re2 = ne || te || Function("return this")(), ee = exports2 && !exports2.nodeType && exports2, ue = ee && true && module2 && !module2.nodeType && module2, ie = ue && ue.exports === ee, oe = ie && ne.process, fe = function() {
+    }, Hr = { "&": "&amp;", "<": "&lt;", ">": "&gt;", '"': "&quot;", "'": "&#39;" }, Jr = { "&amp;": "&", "&lt;": "<", "&gt;": ">", "&quot;": '"', "&#39;": "'" }, Yr = { "\\": "\\", "'": "'", "\n": "n", "\r": "r", "\u2028": "u2028", "\u2029": "u2029" }, Qr = parseFloat, Xr = parseInt, ne = "object" == typeof commonjsGlobal && commonjsGlobal && commonjsGlobal.Object === Object && commonjsGlobal, te = "object" == typeof self && self && self.Object === Object && self, re2 = ne || te || Function("return this")(), ee = exports$1 && !exports$1.nodeType && exports$1, ue = ee && true && module2 && !module2.nodeType && module2, ie = ue && ue.exports === ee, oe = ie && ne.process, fe = function() {
       try {
         var n2 = ue && ue.require && ue.require("util").types;
         return n2 ? n2 : oe && oe.binding && oe.binding("util");
@@ -9366,8 +9079,8 @@ lodash_min.exports;
 })(lodash_min, lodash_min.exports);
 var lodash_minExports = lodash_min.exports;
 var _mapping = {};
-(function(exports2) {
-  exports2.aliasToReal = {
+(function(exports$1) {
+  exports$1.aliasToReal = {
     // Lodash aliases.
     "each": "forEach",
     "eachRight": "forEachRight",
@@ -9432,7 +9145,7 @@ var _mapping = {};
     "whereEq": "isMatch",
     "zipObj": "zipObject"
   };
-  exports2.aryMethod = {
+  exports$1.aryMethod = {
     "1": [
       "assignAll",
       "assignInAll",
@@ -9667,12 +9380,12 @@ var _mapping = {};
       "updateWith"
     ]
   };
-  exports2.aryRearg = {
+  exports$1.aryRearg = {
     "2": [1, 0],
     "3": [2, 0, 1],
     "4": [3, 2, 0, 1]
   };
-  exports2.iterateeAry = {
+  exports$1.iterateeAry = {
     "dropRightWhile": 1,
     "dropWhile": 1,
     "every": 1,
@@ -9710,11 +9423,11 @@ var _mapping = {};
     "times": 1,
     "transform": 2
   };
-  exports2.iterateeRearg = {
+  exports$1.iterateeRearg = {
     "mapKeys": [1],
     "reduceRight": [1, 0]
   };
-  exports2.methodRearg = {
+  exports$1.methodRearg = {
     "assignInAllWith": [1, 0],
     "assignInWith": [1, 2, 0],
     "assignAllWith": [1, 0],
@@ -9745,7 +9458,7 @@ var _mapping = {};
     "xorWith": [1, 2, 0],
     "zipWith": [1, 2, 0]
   };
-  exports2.methodSpread = {
+  exports$1.methodSpread = {
     "assignAll": { "start": 0 },
     "assignAllWith": { "start": 0 },
     "assignInAll": { "start": 0 },
@@ -9761,7 +9474,7 @@ var _mapping = {};
     "without": { "start": 1 },
     "zipAll": { "start": 0 }
   };
-  exports2.mutate = {
+  exports$1.mutate = {
     "array": {
       "fill": true,
       "pull": true,
@@ -9798,8 +9511,8 @@ var _mapping = {};
       "updateWith": true
     }
   };
-  exports2.realToAlias = function() {
-    var hasOwnProperty2 = Object.prototype.hasOwnProperty, object2 = exports2.aliasToReal, result = {};
+  exports$1.realToAlias = function() {
+    var hasOwnProperty2 = Object.prototype.hasOwnProperty, object2 = exports$1.aliasToReal, result = {};
     for (var key in object2) {
       var value = object2[key];
       if (hasOwnProperty2.call(result, value)) {
@@ -9810,7 +9523,7 @@ var _mapping = {};
     }
     return result;
   }();
-  exports2.remap = {
+  exports$1.remap = {
     "assignAll": "assign",
     "assignAllWith": "assignWith",
     "assignInAll": "assignIn",
@@ -9844,7 +9557,7 @@ var _mapping = {};
     "trimCharsStart": "trimStart",
     "zipAll": "zip"
   };
-  exports2.skipFixed = {
+  exports$1.skipFixed = {
     "castArray": true,
     "flow": true,
     "flowRight": true,
@@ -9853,7 +9566,7 @@ var _mapping = {};
     "rearg": true,
     "runInContext": true
   };
-  exports2.skipRearg = {
+  exports$1.skipRearg = {
     "add": true,
     "assign": true,
     "assignIn": true,
@@ -10307,13 +10020,13 @@ const traverseEntity = async (visitor2, options2, entity) => {
     if (fp.isNil(value) || fp.isNil(attribute)) {
       continue;
     }
-    parent = {
-      schema: schema2,
-      key,
-      attribute,
-      path: newPath
-    };
     if (isRelationalAttribute(attribute)) {
+      parent = {
+        schema: schema2,
+        key,
+        attribute,
+        path: newPath
+      };
       const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
       const method = isMorphRelation ? traverseMorphRelationTarget : traverseRelationTarget(getModel(attribute.target));
       if (fp.isArray(value)) {
@@ -10332,6 +10045,12 @@ const traverseEntity = async (visitor2, options2, entity) => {
       continue;
     }
     if (isMediaAttribute(attribute)) {
+      parent = {
+        schema: schema2,
+        key,
+        attribute,
+        path: newPath
+      };
       if (fp.isArray(value)) {
         const res = new Array(value.length);
         for (let i2 = 0; i2 < value.length; i2 += 1) {
@@ -10348,6 +10067,12 @@ const traverseEntity = async (visitor2, options2, entity) => {
       continue;
     }
     if (attribute.type === "component") {
+      parent = {
+        schema: schema2,
+        key,
+        attribute,
+        path: newPath
+      };
       const targetSchema = getModel(attribute.component);
       if (fp.isArray(value)) {
         const res = new Array(value.length);
@@ -10365,6 +10090,12 @@ const traverseEntity = async (visitor2, options2, entity) => {
       continue;
     }
     if (attribute.type === "dynamiczone" && fp.isArray(value)) {
+      parent = {
+        schema: schema2,
+        key,
+        attribute,
+        path: newPath
+      };
       const res = new Array(value.length);
       for (let i2 = 0; i2 < value.length; i2 += 1) {
         const arrayPath = {
@@ -10389,7 +10120,7 @@ const createVisitorUtils = ({ data }) => ({
 });
 fp.curry(traverseEntity);
 var dist = { exports: {} };
-(function(module2, exports2) {
+(function(module2, exports$1) {
   !function(t2, n) {
     module2.exports = n(require$$0__default.default, crypto__default.default);
   }(commonjsGlobal, function(t2, n) {
@@ -11937,9 +11668,9 @@ function stubFalse() {
 }
 var stubFalse_1 = stubFalse;
 isBuffer$2.exports;
-(function(module2, exports2) {
+(function(module2, exports$1) {
   var root2 = _root, stubFalse2 = stubFalse_1;
-  var freeExports = exports2 && !exports2.nodeType && exports2;
+  var freeExports = exports$1 && !exports$1.nodeType && exports$1;
   var freeModule = freeExports && true && module2 && !module2.nodeType && module2;
   var moduleExports = freeModule && freeModule.exports === freeExports;
   var Buffer2 = moduleExports ? root2.Buffer : void 0;
@@ -11966,9 +11697,9 @@ function baseUnary$1(func) {
 var _baseUnary = baseUnary$1;
 var _nodeUtil = { exports: {} };
 _nodeUtil.exports;
-(function(module2, exports2) {
+(function(module2, exports$1) {
   var freeGlobal2 = _freeGlobal;
-  var freeExports = exports2 && !exports2.nodeType && exports2;
+  var freeExports = exports$1 && !exports$1.nodeType && exports$1;
   var freeModule = freeExports && true && module2 && !module2.nodeType && module2;
   var moduleExports = freeModule && freeModule.exports === freeExports;
   var freeProcess = moduleExports && freeGlobal2.process;
@@ -14927,7 +14658,7 @@ function toIdentifier(str2) {
       Object.defineProperty(func, "name", desc);
     }
   }
-  function populateConstructorExports(exports2, codes2, HttpError) {
+  function populateConstructorExports(exports$1, codes2, HttpError) {
     codes2.forEach(function forEachCode(code) {
       var CodeError;
       var name = toIdentifier2(statuses$1.message[code]);
@@ -14940,8 +14671,8 @@ function toIdentifier(str2) {
           break;
       }
       if (CodeError) {
-        exports2[code] = CodeError;
-        exports2[name] = CodeError;
+        exports$1[code] = CodeError;
+        exports$1[name] = CodeError;
       }
     });
   }
@@ -14963,7 +14694,7 @@ const formatYupErrors = (yupError) => ({
   message: yupError.message
 });
 let ApplicationError$2 = class ApplicationError extends Error {
-  constructor(message = "An application error occured", details = {}) {
+  constructor(message = "An application error occurred", details = {}) {
     super();
     this.name = "ApplicationError";
     this.message = message;
@@ -18159,8 +17890,8 @@ pkgDir$1.exports.sync = (cwd2) => {
 };
 var pkgDirExports = pkgDir$1.exports;
 var utils$8 = {};
-(function(exports2) {
-  exports2.isInteger = (num) => {
+(function(exports$1) {
+  exports$1.isInteger = (num) => {
     if (typeof num === "number") {
       return Number.isInteger(num);
     }
@@ -18169,13 +17900,13 @@ var utils$8 = {};
     }
     return false;
   };
-  exports2.find = (node, type2) => node.nodes.find((node2) => node2.type === type2);
-  exports2.exceedsLimit = (min, max, step = 1, limit) => {
+  exports$1.find = (node, type2) => node.nodes.find((node2) => node2.type === type2);
+  exports$1.exceedsLimit = (min, max, step = 1, limit) => {
     if (limit === false) return false;
-    if (!exports2.isInteger(min) || !exports2.isInteger(max)) return false;
+    if (!exports$1.isInteger(min) || !exports$1.isInteger(max)) return false;
     return (Number(max) - Number(min)) / Number(step) >= limit;
   };
-  exports2.escapeNode = (block, n = 0, type2) => {
+  exports$1.escapeNode = (block, n = 0, type2) => {
     const node = block.nodes[n];
     if (!node) return;
     if (type2 && node.type === type2 || node.type === "open" || node.type === "close") {
@@ -18185,7 +17916,7 @@ var utils$8 = {};
       }
     }
   };
-  exports2.encloseBrace = (node) => {
+  exports$1.encloseBrace = (node) => {
     if (node.type !== "brace") return false;
     if (node.commas >> 0 + node.ranges >> 0 === 0) {
       node.invalid = true;
@@ -18193,7 +17924,7 @@ var utils$8 = {};
     }
     return false;
   };
-  exports2.isInvalidBrace = (block) => {
+  exports$1.isInvalidBrace = (block) => {
     if (block.type !== "brace") return false;
     if (block.invalid === true || block.dollar) return true;
     if (block.commas >> 0 + block.ranges >> 0 === 0) {
@@ -18206,18 +17937,18 @@ var utils$8 = {};
     }
     return false;
   };
-  exports2.isOpenOrClose = (node) => {
+  exports$1.isOpenOrClose = (node) => {
     if (node.type === "open" || node.type === "close") {
       return true;
     }
     return node.open === true || node.close === true;
   };
-  exports2.reduce = (nodes) => nodes.reduce((acc, node) => {
+  exports$1.reduce = (nodes) => nodes.reduce((acc, node) => {
     if (node.type === "text") acc.push(node.value);
     if (node.type === "range") node.type = "text";
     return acc;
   }, []);
-  exports2.flatten = (...args) => {
+  exports$1.flatten = (...args) => {
     const result = [];
     const flat = (arr) => {
       for (let i = 0; i < arr.length; i++) {
@@ -19319,7 +19050,7 @@ var constants$5 = {
     return win32 === true ? WINDOWS_CHARS : POSIX_CHARS;
   }
 };
-(function(exports2) {
+(function(exports$1) {
   const path2 = require$$0__namespace.default;
   const win32 = process.platform === "win32";
   const {
@@ -19328,36 +19059,36 @@ var constants$5 = {
     REGEX_SPECIAL_CHARS,
     REGEX_SPECIAL_CHARS_GLOBAL
   } = constants$5;
-  exports2.isObject = (val) => val !== null && typeof val === "object" && !Array.isArray(val);
-  exports2.hasRegexChars = (str2) => REGEX_SPECIAL_CHARS.test(str2);
-  exports2.isRegexChar = (str2) => str2.length === 1 && exports2.hasRegexChars(str2);
-  exports2.escapeRegex = (str2) => str2.replace(REGEX_SPECIAL_CHARS_GLOBAL, "\\$1");
-  exports2.toPosixSlashes = (str2) => str2.replace(REGEX_BACKSLASH, "/");
-  exports2.removeBackslashes = (str2) => {
+  exports$1.isObject = (val) => val !== null && typeof val === "object" && !Array.isArray(val);
+  exports$1.hasRegexChars = (str2) => REGEX_SPECIAL_CHARS.test(str2);
+  exports$1.isRegexChar = (str2) => str2.length === 1 && exports$1.hasRegexChars(str2);
+  exports$1.escapeRegex = (str2) => str2.replace(REGEX_SPECIAL_CHARS_GLOBAL, "\\$1");
+  exports$1.toPosixSlashes = (str2) => str2.replace(REGEX_BACKSLASH, "/");
+  exports$1.removeBackslashes = (str2) => {
     return str2.replace(REGEX_REMOVE_BACKSLASH, (match) => {
       return match === "\\" ? "" : match;
     });
   };
-  exports2.supportsLookbehinds = () => {
+  exports$1.supportsLookbehinds = () => {
     const segs = process.version.slice(1).split(".").map(Number);
     if (segs.length === 3 && segs[0] >= 9 || segs[0] === 8 && segs[1] >= 10) {
       return true;
     }
     return false;
   };
-  exports2.isWindows = (options2) => {
+  exports$1.isWindows = (options2) => {
     if (options2 && typeof options2.windows === "boolean") {
       return options2.windows;
     }
     return win32 === true || path2.sep === "\\";
   };
-  exports2.escapeLast = (input, char, lastIdx) => {
+  exports$1.escapeLast = (input, char, lastIdx) => {
     const idx = input.lastIndexOf(char, lastIdx);
     if (idx === -1) return input;
-    if (input[idx - 1] === "\\") return exports2.escapeLast(input, char, idx - 1);
+    if (input[idx - 1] === "\\") return exports$1.escapeLast(input, char, idx - 1);
     return `${input.slice(0, idx)}\\${input.slice(idx)}`;
   };
-  exports2.removePrefix = (input, state = {}) => {
+  exports$1.removePrefix = (input, state = {}) => {
     let output = input;
     if (output.startsWith("./")) {
       output = output.slice(2);
@@ -19365,7 +19096,7 @@ var constants$5 = {
     }
     return output;
   };
-  exports2.wrapOutput = (input, state = {}, options2 = {}) => {
+  exports$1.wrapOutput = (input, state = {}, options2 = {}) => {
     const prepend = options2.contains ? "" : "^";
     const append2 = options2.contains ? "" : "$";
     let output = `${prepend}(?:${input})${append2}`;
@@ -22920,6 +22651,18 @@ function charFromCodepoint(c) {
     (c - 65536 & 1023) + 56320
   );
 }
+function setProperty(object2, key, value) {
+  if (key === "__proto__") {
+    Object.defineProperty(object2, key, {
+      configurable: true,
+      enumerable: true,
+      writable: true,
+      value
+    });
+  } else {
+    object2[key] = value;
+  }
+}
 var simpleEscapeCheck = new Array(256);
 var simpleEscapeMap = new Array(256);
 for (var i = 0; i < 256; i++) {
@@ -23026,7 +22769,7 @@ function mergeMappings(state, destination, source, overridableKeys) {
   for (index2 = 0, quantity = sourceKeys.length; index2 < quantity; index2 += 1) {
     key = sourceKeys[index2];
     if (!_hasOwnProperty$1.call(destination, key)) {
-      destination[key] = source[key];
+      setProperty(destination, key, source[key]);
       overridableKeys[key] = true;
     }
   }
@@ -23065,7 +22808,7 @@ function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valu
       state.position = startPos || state.position;
       throwError(state, "duplicated mapping key");
     }
-    _result[keyNode] = valueNode;
+    setProperty(_result, keyNode, valueNode);
     delete overridableKeys[keyNode];
   }
   return _result;
@@ -28968,6 +28711,247 @@ _enum([
   "published"
 ]).describe("Filter by publication status");
 string().describe("Search query string");
+const pluginName = "firebase-authentication";
+const PLUGIN_NAME = "firebase-authentication";
+const PLUGIN_UID = `plugin::${PLUGIN_NAME}`;
+const CONFIG_CONTENT_TYPE = `${PLUGIN_UID}.firebase-authentication-configuration`;
+const DEFAULT_PASSWORD_RESET_URL = "http://localhost:3000/reset-password";
+const DEFAULT_PASSWORD_REGEX = "^.{6,}$";
+const DEFAULT_PASSWORD_MESSAGE = "Password must be at least 6 characters long";
+const DEFAULT_RESET_EMAIL_SUBJECT = "Reset Your Password";
+const ERROR_MESSAGES = {
+  FIREBASE_NOT_INITIALIZED: "Firebase is not initialized. Please upload Firebase service account configuration via Settings → Firebase Authentication.",
+  INVALID_JSON: "Invalid JSON format. Please ensure you copied the entire JSON content correctly.",
+  MISSING_DATA: "data is missing",
+  SOMETHING_WENT_WRONG: "Something went wrong",
+  AUTHENTICATION_FAILED: "Authentication failed",
+  TOKEN_MISSING: "idToken is missing!",
+  EMAIL_PASSWORD_REQUIRED: "Email and password are required",
+  PASSWORD_REQUIRED: "Password is required",
+  AUTHORIZATION_REQUIRED: "Authorization token is required",
+  INVALID_TOKEN: "Invalid or expired token",
+  USER_NOT_FOUND: "User not found",
+  USER_NO_EMAIL: "User does not have an email address",
+  FIREBASE_LINK_FAILED: "Failed to generate Firebase reset link",
+  CONFIG_NOT_FOUND: "No config found",
+  INVALID_SERVICE_ACCOUNT: "Invalid service account JSON",
+  WEB_API_NOT_CONFIGURED: "Email/password authentication is not available. Web API Key is not configured.",
+  RESET_URL_NOT_CONFIGURED: "Password reset URL is not configured",
+  RESET_URL_MUST_BE_HTTPS: "Password reset URL must use HTTPS in production",
+  RESET_URL_INVALID_FORMAT: "Password reset URL is not a valid URL format",
+  USER_NOT_LINKED_FIREBASE: "User is not linked to Firebase authentication",
+  OVERRIDE_USER_ID_REQUIRED: "Override user ID is required",
+  EITHER_EMAIL_OR_PHONE_REQUIRED: "Either email or phoneNumber is required",
+  DELETION_NO_CONFIG: "No Firebase configs exists for deletion"
+};
+const SUCCESS_MESSAGES = {
+  FIREBASE_INITIALIZED: "Firebase successfully initialized",
+  FIREBASE_CONFIG_DELETED: "Firebase config deleted and reinitialized",
+  PASSWORD_RESET_EMAIL_SENT: "If an account with that email exists, a password reset link has been sent.",
+  SERVER_RESTARTING: "SERVER IS RESTARTING"
+};
+const CONFIG_KEYS = {
+  ENCRYPTION_KEY: `${PLUGIN_UID}.FIREBASE_JSON_ENCRYPTION_KEY`
+};
+const REQUIRED_FIELDS = {
+  SERVICE_ACCOUNT: ["private_key", "client_email", "project_id", "type"],
+  WEB_CONFIG: ["apiKey", "authDomain"]
+  // These indicate wrong JSON type
+};
+const VALIDATION_MESSAGES = {
+  INVALID_SERVICE_ACCOUNT: "Invalid Service Account JSON. Missing required fields:",
+  WRONG_JSON_TYPE: "You uploaded a Web App Config (SDK snippet) instead of a Service Account JSON. Please go to Firebase Console → Service Accounts tab → Generate New Private Key to download the correct file.",
+  SERVICE_ACCOUNT_HELP: "Please download the correct JSON from Firebase Console → Service Accounts → Generate New Private Key. Do NOT use the Web App Config (SDK snippet) - that is a different file!"
+};
+const firebaseController = {
+  async validateToken(ctx) {
+    strapi.log.debug("validateToken called");
+    try {
+      const { idToken, profileMetaData } = ctx.request.body || {};
+      const populate2 = ctx.request.query.populate || [];
+      if (!idToken) {
+        return ctx.badRequest(ERROR_MESSAGES.TOKEN_MISSING);
+      }
+      const result = await strapi.plugin(pluginName).service("firebaseService").validateFirebaseToken(idToken, profileMetaData, populate2);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error(`validateToken controller error: ${error2.message}`);
+      if (error2.name === "ValidationError") {
+        return ctx.badRequest(error2.message);
+      }
+      if (error2.name === "UnauthorizedError") {
+        return ctx.unauthorized(error2.message);
+      }
+      throw error2;
+    }
+  },
+  async deleteByEmail(email2) {
+    try {
+      const user = await strapi.firebase.auth().getUserByEmail(email2);
+      await strapi.plugin(pluginName).service("firebaseService").delete(user.toJSON().uid);
+      return user.toJSON();
+    } catch (error2) {
+      strapi.log.error("deleteByEmail error:", error2);
+      throw error2;
+    }
+  },
+  async overrideAccess(ctx) {
+    try {
+      const { overrideUserId } = ctx.request.body || {};
+      const populate2 = ctx.request.query.populate || [];
+      const result = await strapi.plugin(pluginName).service("firebaseService").overrideFirebaseAccess(overrideUserId, populate2);
+      ctx.body = result;
+    } catch (error2) {
+      if (error2.name === "ValidationError") {
+        return ctx.badRequest(error2.message);
+      }
+      if (error2.name === "NotFoundError") {
+        return ctx.notFound(error2.message);
+      }
+      throw error2;
+    }
+  },
+  /**
+   * Controller method for email/password authentication
+   * Handles the `/api/firebase-authentication/emailLogin` endpoint
+   *
+   * @param ctx - Koa context object
+   * @returns Promise that sets ctx.body with user data and JWT or error message
+   *
+   * @remarks
+   * This controller acts as a proxy to Firebase's Identity Toolkit API,
+   * allowing users to authenticate with email/password and receive a Strapi JWT.
+   *
+   * HTTP Status Codes:
+   * - `400`: Validation errors (missing credentials, invalid email/password)
+   * - `500`: Server errors (missing configuration, Firebase API issues)
+   */
+  async emailLogin(ctx) {
+    strapi.log.debug("emailLogin controller");
+    try {
+      const { email: email2, password } = ctx.request.body || {};
+      const populate2 = ctx.request.query.populate || [];
+      const result = await strapi.plugin(pluginName).service("firebaseService").emailLogin(email2, password, populate2);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error("emailLogin controller error:", error2);
+      throw error2;
+    }
+  },
+  /**
+   * Forgot password - sends reset email
+   * POST /api/firebase-authentication/forgotPassword
+   * Public endpoint - no authentication required
+   */
+  async forgotPassword(ctx) {
+    strapi.log.debug("forgotPassword endpoint called");
+    try {
+      const { email: email2 } = ctx.request.body || {};
+      ctx.body = await strapi.plugin(pluginName).service("firebaseService").forgotPassword(email2);
+    } catch (error2) {
+      strapi.log.error("forgotPassword controller error:", error2);
+      throw error2;
+    }
+  },
+  /**
+   * Reset password - authenticated password change
+   * POST /api/firebase-authentication/resetPassword
+   * Authenticated endpoint - requires valid JWT (enforced by is-authenticated policy)
+   * Used for admin-initiated resets or user self-service password changes
+   * NOT used for forgot password email flow (which uses Firebase's hosted UI)
+   */
+  async resetPassword(ctx) {
+    strapi.log.debug("resetPassword endpoint called");
+    try {
+      const { password } = ctx.request.body || {};
+      const user = ctx.state.user;
+      const populate2 = ctx.request.query.populate || [];
+      ctx.body = await strapi.plugin(pluginName).service("firebaseService").resetPassword(password, user, populate2);
+    } catch (error2) {
+      strapi.log.error("resetPassword controller error:", error2);
+      throw error2;
+    }
+  },
+  async requestMagicLink(ctx) {
+    try {
+      const { email: email2 } = ctx.request.body || {};
+      const result = await strapi.plugin("firebase-authentication").service("firebaseService").requestMagicLink(email2);
+      ctx.body = result;
+    } catch (error2) {
+      if (error2.name === "ValidationError" || error2.name === "ApplicationError") {
+        throw error2;
+      }
+      strapi.log.error("requestMagicLink controller error:", error2);
+      ctx.body = {
+        success: false,
+        message: "An error occurred while processing your request"
+      };
+    }
+  },
+  /**
+   * Reset password using custom JWT token
+   * POST /api/firebase-authentication/resetPasswordWithToken
+   * Public endpoint - token provides authentication
+   *
+   * @param ctx - Koa context with { token, newPassword } in body
+   * @returns { success: true, message: "Password has been reset successfully" }
+   */
+  async resetPasswordWithToken(ctx) {
+    strapi.log.debug("resetPasswordWithToken endpoint called");
+    try {
+      const { token, newPassword } = ctx.request.body || {};
+      if (!token) {
+        throw new ValidationError$1("Token is required");
+      }
+      if (!newPassword) {
+        throw new ValidationError$1("New password is required");
+      }
+      const result = await strapi.plugin(pluginName).service("userService").resetPasswordWithToken(token, newPassword);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error("resetPasswordWithToken controller error:", error2);
+      throw error2;
+    }
+  },
+  /**
+   * Send email verification - public endpoint
+   * POST /api/firebase-authentication/sendVerificationEmail
+   * Authenticated endpoint - sends verification email to the logged-in user's email
+   */
+  async sendVerificationEmail(ctx) {
+    strapi.log.debug("sendVerificationEmail endpoint called");
+    try {
+      const user = ctx.state.user;
+      const email2 = user.email;
+      ctx.body = await strapi.plugin(pluginName).service("firebaseService").sendVerificationEmail(email2);
+    } catch (error2) {
+      strapi.log.error("sendVerificationEmail controller error:", error2);
+      throw error2;
+    }
+  },
+  /**
+   * Verify email using custom JWT token
+   * POST /api/firebase-authentication/verifyEmail
+   * Public endpoint - token provides authentication
+   *
+   * @param ctx - Koa context with { token } in body
+   * @returns { success: true, message: "Email verified successfully" }
+   */
+  async verifyEmail(ctx) {
+    strapi.log.debug("verifyEmail endpoint called");
+    try {
+      const { token } = ctx.request.body || {};
+      if (!token) {
+        throw new ValidationError$1("Token is required");
+      }
+      const result = await strapi.plugin(pluginName).service("firebaseService").verifyEmail(token);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error("verifyEmail controller error:", error2);
+      throw error2;
+    }
+  }
+};
 const STRAPI_DESTINATION = "strapi";
 const FIREBASE_DESTINATION = "firebase";
 const userController = {
@@ -29229,7 +29213,16 @@ const controllers = {
   settingsController
 };
 const middlewares = {};
-const policies = {};
+const isAuthenticated = async (policyContext) => {
+  const user = policyContext.state.user;
+  if (!user) {
+    throw new UnauthorizedError("Authentication required");
+  }
+  return true;
+};
+const policies = {
+  "is-authenticated": isAuthenticated
+};
 const settingsRoute = [
   {
     method: "POST",
@@ -29379,9 +29372,7 @@ const contentApi = {
       path: "/resetPassword",
       handler: "firebaseController.resetPassword",
       config: {
-        auth: false,
-        // Public endpoint - authenticated password change, requires valid JWT in Authorization header
-        policies: []
+        policies: ["plugin::firebase-authentication.is-authenticated"]
       }
     },
     {
@@ -29419,9 +29410,7 @@ const contentApi = {
       path: "/sendVerificationEmail",
       handler: "firebaseController.sendVerificationEmail",
       config: {
-        auth: false,
-        // Public endpoint - sends email verification link
-        policies: []
+        policies: ["plugin::firebase-authentication.is-authenticated"]
       }
     },
     {
@@ -30930,20 +30919,17 @@ const firebaseService = ({ strapi: strapi2 }) => ({
    * 2. User-initiated password change (when already authenticated)
    *
    * NOT used for forgot password email flow - that now uses Firebase's hosted UI
+   *
+   * @param password - New password to set
+   * @param user - Authenticated user from ctx.state.user (populated by is-authenticated policy)
+   * @param populate - Fields to populate in response
    */
-  resetPassword: async (password, token, populate2) => {
+  resetPassword: async (password, user, populate2) => {
     if (!password) {
       throw new ValidationError$1("Password is required");
     }
-    if (!token) {
-      throw new UnauthorizedError("Authorization token is required");
-    }
-    let decoded;
-    try {
-      const jwtService = strapi2.plugin("users-permissions").service("jwt");
-      decoded = await jwtService.verify(token);
-    } catch (error2) {
-      throw new UnauthorizedError("Invalid or expired token");
+    if (!user || !user.id) {
+      throw new UnauthorizedError("Authentication required");
     }
     const config2 = await strapi2.plugin("firebase-authentication").service("settingsService").getFirebaseConfigJson();
     const passwordRegex = config2?.passwordRequirementsRegex || "^.{6,}$";
@@ -30954,8 +30940,7 @@ const firebaseService = ({ strapi: strapi2 }) => ({
     }
     try {
       const strapiUser = await strapi2.db.query("plugin::users-permissions.user").findOne({
-        where: { id: decoded.id }
-        // Use numeric id from JWT
+        where: { id: user.id }
       });
       if (!strapiUser) {
         throw new NotFoundError("User not found");
@@ -32617,7 +32602,7 @@ var TokenExpiredError_1 = TokenExpiredError$1;
 var jws$3 = {};
 var safeBuffer = { exports: {} };
 /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
-(function(module2, exports2) {
+(function(module2, exports$1) {
   var buffer = require$$0__default$5.default;
   var Buffer2 = buffer.Buffer;
   function copyProps(src, dst) {
@@ -32628,8 +32613,8 @@ var safeBuffer = { exports: {} };
   if (Buffer2.from && Buffer2.alloc && Buffer2.allocUnsafe && Buffer2.allocUnsafeSlow) {
     module2.exports = buffer;
   } else {
-    copyProps(buffer, exports2);
-    exports2.Buffer = SafeBuffer;
+    copyProps(buffer, exports$1);
+    exports$1.Buffer = SafeBuffer;
   }
   function SafeBuffer(arg, encodingOrOffset, length) {
     return Buffer2(arg, encodingOrOffset, length);
@@ -33144,7 +33129,12 @@ function jwsSign(opts) {
   return util$1.format("%s.%s", securedInput, signature);
 }
 function SignStream$1(opts) {
-  var secret = opts.secret || opts.privateKey || opts.key;
+  var secret = opts.secret;
+  secret = secret == null ? opts.privateKey : secret;
+  secret = secret == null ? opts.key : secret;
+  if (/^hs/i.test(opts.header.alg) === true && secret == null) {
+    throw new TypeError("secret must be a string or buffer or a KeyObject");
+  }
   var secretStream = new DataStream$1(secret);
   this.readable = true;
   this.header = opts.header;
@@ -33250,7 +33240,12 @@ function jwsDecode(jwsSig, opts) {
 }
 function VerifyStream$1(opts) {
   opts = opts || {};
-  var secretOrKey = opts.secret || opts.publicKey || opts.key;
+  var secretOrKey = opts.secret;
+  secretOrKey = secretOrKey == null ? opts.publicKey : secretOrKey;
+  secretOrKey = secretOrKey == null ? opts.key : secretOrKey;
+  if (/^hs/i.test(opts.algorithm) === true && secretOrKey == null) {
+    throw new TypeError("secret must be a string or buffer or a KeyObject");
+  }
   var secretStream = new DataStream(secretOrKey);
   this.readable = true;
   this.algorithm = opts.algorithm;
@@ -33493,19 +33488,19 @@ var constants$1 = {
 const debug$1 = typeof process === "object" && process.env && process.env.NODE_DEBUG && /\bsemver\b/i.test(process.env.NODE_DEBUG) ? (...args) => console.error("SEMVER", ...args) : () => {
 };
 var debug_1 = debug$1;
-(function(module2, exports2) {
+(function(module2, exports$1) {
   const {
     MAX_SAFE_COMPONENT_LENGTH: MAX_SAFE_COMPONENT_LENGTH2,
     MAX_SAFE_BUILD_LENGTH: MAX_SAFE_BUILD_LENGTH2,
     MAX_LENGTH: MAX_LENGTH2
   } = constants$1;
   const debug2 = debug_1;
-  exports2 = module2.exports = {};
-  const re2 = exports2.re = [];
-  const safeRe = exports2.safeRe = [];
-  const src = exports2.src = [];
-  const safeSrc = exports2.safeSrc = [];
-  const t2 = exports2.t = {};
+  exports$1 = module2.exports = {};
+  const re2 = exports$1.re = [];
+  const safeRe = exports$1.safeRe = [];
+  const src = exports$1.src = [];
+  const safeSrc = exports$1.safeSrc = [];
+  const t2 = exports$1.t = {};
   let R = 0;
   const LETTERDASHNUMBER = "[a-zA-Z0-9-]";
   const safeRegexReplacements = [
@@ -33558,18 +33553,18 @@ var debug_1 = debug$1;
   createToken("COERCERTLFULL", src[t2.COERCEFULL], true);
   createToken("LONETILDE", "(?:~>?)");
   createToken("TILDETRIM", `(\\s*)${src[t2.LONETILDE]}\\s+`, true);
-  exports2.tildeTrimReplace = "$1~";
+  exports$1.tildeTrimReplace = "$1~";
   createToken("TILDE", `^${src[t2.LONETILDE]}${src[t2.XRANGEPLAIN]}$`);
   createToken("TILDELOOSE", `^${src[t2.LONETILDE]}${src[t2.XRANGEPLAINLOOSE]}$`);
   createToken("LONECARET", "(?:\\^)");
   createToken("CARETTRIM", `(\\s*)${src[t2.LONECARET]}\\s+`, true);
-  exports2.caretTrimReplace = "$1^";
+  exports$1.caretTrimReplace = "$1^";
   createToken("CARET", `^${src[t2.LONECARET]}${src[t2.XRANGEPLAIN]}$`);
   createToken("CARETLOOSE", `^${src[t2.LONECARET]}${src[t2.XRANGEPLAINLOOSE]}$`);
   createToken("COMPARATORLOOSE", `^${src[t2.GTLT]}\\s*(${src[t2.LOOSEPLAIN]})$|^$`);
   createToken("COMPARATOR", `^${src[t2.GTLT]}\\s*(${src[t2.FULLPLAIN]})$|^$`);
   createToken("COMPARATORTRIM", `(\\s*)${src[t2.GTLT]}\\s*(${src[t2.LOOSEPLAIN]}|${src[t2.XRANGEPLAIN]})`, true);
-  exports2.comparatorTrimReplace = "$1$2$3";
+  exports$1.comparatorTrimReplace = "$1$2$3";
   createToken("HYPHENRANGE", `^\\s*(${src[t2.XRANGEPLAIN]})\\s+-\\s+(${src[t2.XRANGEPLAIN]})\\s*$`);
   createToken("HYPHENRANGELOOSE", `^\\s*(${src[t2.XRANGEPLAINLOOSE]})\\s+-\\s+(${src[t2.XRANGEPLAINLOOSE]})\\s*$`);
   createToken("STAR", "(<|>)?=?\\s*\\*");