wcz-layout 6.7.2 → 7.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of wcz-layout might be problematic. Click here for more details.

Files changed (303) hide show
  1. package/dist/DialogsContext-BIhId-r8.js +7 -0
  2. package/dist/DialogsContext-BIhId-r8.js.map +1 -0
  3. package/dist/DialogsHooks-CZVdKmPv.js +207 -0
  4. package/dist/DialogsHooks-CZVdKmPv.js.map +1 -0
  5. package/dist/FileMeta-YGG9mxo_.js +36 -0
  6. package/dist/FileMeta-YGG9mxo_.js.map +1 -0
  7. package/dist/NotificationContext-DovR_auQ.js +7 -0
  8. package/dist/NotificationContext-DovR_auQ.js.map +1 -0
  9. package/dist/RouterListItemButton-DeaQB4ym.js +31 -0
  10. package/dist/RouterListItemButton-DeaQB4ym.js.map +1 -0
  11. package/dist/components/core/AppTitle.d.ts +2 -0
  12. package/dist/components/core/Fullscreen.d.ts +3 -0
  13. package/dist/components/core/Layout.d.ts +10 -0
  14. package/dist/{src/components/layout → components/core}/TypographyWithIcon.d.ts +1 -1
  15. package/dist/components/core/account/UserAvatar.d.ts +2 -0
  16. package/dist/components/core/account/UserMenu.d.ts +2 -0
  17. package/dist/components/core/navigation/NavigationContent.d.ts +11 -0
  18. package/dist/components/core/navigation/NavigationList.d.ts +22 -0
  19. package/dist/components/core/navigation/NavigationListItem.d.ts +16 -0
  20. package/dist/components/core/navigation/NavigationRail.d.ts +12 -0
  21. package/dist/{src/components/dataGrid → components/data-grid}/ChipInputCell.d.ts +3 -3
  22. package/dist/components/data-grid/EditableColumnHeader.d.ts +2 -0
  23. package/dist/components/file/Dropzone.d.ts +8 -0
  24. package/dist/components/file/FileViewer.d.ts +20 -0
  25. package/dist/components/file/fileViewer/FileViewerGrid.d.ts +17 -0
  26. package/dist/components/file/fileViewer/FileViewerList.d.ts +12 -0
  27. package/dist/components/file/fileViewer/ImageViewer.d.ts +6 -0
  28. package/dist/components/file/fileViewer/common/ActionsMenu.d.ts +15 -0
  29. package/dist/{src/components → components}/form/FormAutocomplete.d.ts +3 -3
  30. package/dist/{src/components → components}/form/FormCheckbox.d.ts +3 -3
  31. package/dist/components/form/FormDatePicker.d.ts +8 -0
  32. package/dist/components/form/FormDateRangePicker.d.ts +8 -0
  33. package/dist/components/form/FormDateTimePicker.d.ts +8 -0
  34. package/dist/components/form/FormDateTimeRangePicker.d.ts +8 -0
  35. package/dist/{src/components → components}/form/FormNumberField.d.ts +4 -7
  36. package/dist/{src/components → components}/form/FormRadioGroup.d.ts +4 -4
  37. package/dist/{src/components → components}/form/FormSlider.d.ts +3 -3
  38. package/dist/components/form/FormSubmitButton.d.ts +4 -0
  39. package/dist/{src/components → components}/form/FormSwitch.d.ts +3 -3
  40. package/dist/{src/components → components}/form/FormTextField.d.ts +3 -3
  41. package/dist/components/form/FormTimePicker.d.ts +8 -0
  42. package/dist/components/form/FormTimeRangePicker.d.ts +8 -0
  43. package/dist/components/router/RouterButton.d.ts +6 -0
  44. package/dist/components/router/RouterError.d.ts +7 -0
  45. package/dist/components/router/RouterFab.d.ts +6 -0
  46. package/dist/components/router/RouterGridActionsCellItem.d.ts +6 -0
  47. package/dist/components/router/RouterIconButton.d.ts +6 -0
  48. package/dist/components/router/RouterLink.d.ts +6 -0
  49. package/dist/components/router/RouterListItemButton.d.ts +6 -0
  50. package/dist/components/router/RouterNotFound.d.ts +1 -0
  51. package/dist/components/router/RouterTab.d.ts +6 -0
  52. package/dist/components.js +3255 -0
  53. package/dist/components.js.map +1 -0
  54. package/dist/contexts/DialogsContext.d.ts +6 -0
  55. package/dist/contexts/FileContext.d.ts +13 -0
  56. package/dist/contexts/NotificationContext.d.ts +9 -0
  57. package/dist/dist-Bxzg1_9c.js +152 -0
  58. package/dist/dist-Bxzg1_9c.js.map +1 -0
  59. package/dist/exports/components.d.ts +15 -0
  60. package/dist/exports/hooks.d.ts +7 -0
  61. package/dist/exports/index.d.ts +5 -0
  62. package/dist/exports/middleware.d.ts +2 -0
  63. package/dist/exports/models.d.ts +24 -0
  64. package/dist/exports/query.d.ts +3 -0
  65. package/dist/exports/utils.d.ts +6 -0
  66. package/dist/exports/vite.d.ts +1 -0
  67. package/dist/hooks/DialogsHooks.d.ts +42 -0
  68. package/dist/hooks/FormHooks.d.ts +52 -0
  69. package/dist/hooks/UseNotification.d.ts +1 -0
  70. package/dist/hooks/UseScanDetection.d.ts +28 -0
  71. package/dist/hooks.js +1075 -0
  72. package/dist/hooks.js.map +1 -0
  73. package/dist/index.js +1105 -0
  74. package/dist/index.js.map +1 -0
  75. package/dist/lib/auth/msalClient.d.ts +19 -0
  76. package/dist/lib/auth/msalServer.d.ts +11 -0
  77. package/dist/lib/auth/permissions.d.ts +4 -0
  78. package/dist/lib/auth/scopes.d.ts +4 -0
  79. package/dist/lib/db/collections/userCollection.d.ts +18 -0
  80. package/dist/lib/queryClient.d.ts +2 -0
  81. package/dist/lib/theme.d.ts +1 -0
  82. package/dist/lib/utils.d.ts +63 -0
  83. package/dist/lib/vite-plugin.d.ts +2 -0
  84. package/dist/middleware/authMiddleware.d.ts +22 -0
  85. package/dist/middleware/validationMiddleware.d.ts +4 -0
  86. package/dist/middleware.js +1051 -0
  87. package/dist/middleware.js.map +1 -0
  88. package/dist/models/LayoutOptions.d.ts +7 -0
  89. package/dist/models/Navigation.d.ts +18 -0
  90. package/dist/models/TokenPayload.d.ts +9 -0
  91. package/dist/models/User.d.ts +10 -0
  92. package/dist/models/VaultConfig.d.ts +9 -0
  93. package/dist/models/approval/Approval.d.ts +177 -0
  94. package/dist/models/approval/ApprovalEmployee.d.ts +7 -0
  95. package/dist/models/approval/ApprovalFlow.d.ts +49 -0
  96. package/dist/models/approval/ApprovalFlowStep.d.ts +29 -0
  97. package/dist/models/approval/ApprovalRequestType.d.ts +5 -0
  98. package/dist/models/approval/ApprovalStatus.d.ts +9 -0
  99. package/dist/models/approval/ApprovalStepResult.d.ts +11 -0
  100. package/dist/models/approval/StepApprovalOrder.d.ts +6 -0
  101. package/dist/models/email/Email.d.ts +13 -0
  102. package/dist/models/email/EmailAttachment.d.ts +6 -0
  103. package/dist/models/file/FileActions.d.ts +6 -0
  104. package/dist/models/file/FileMeta.d.ts +15 -0
  105. package/dist/models/peoplesoft/Department.d.ts +58 -0
  106. package/dist/models/peoplesoft/Employee.d.ts +46 -0
  107. package/dist/models/peoplesoft/EmployeeCategoryGroup.d.ts +6 -0
  108. package/dist/models/peoplesoft/EmployeeStatus.d.ts +6 -0
  109. package/dist/models.js +150 -0
  110. package/dist/models.js.map +1 -0
  111. package/dist/providers/DialogsProvider.d.ts +5 -0
  112. package/dist/providers/LayoutProvider.d.ts +12 -0
  113. package/dist/providers/MsalAuthProvider.d.ts +6 -0
  114. package/dist/providers/NotificationProvider.d.ts +7 -0
  115. package/dist/queries/ApprovalQueries.d.ts +661 -0
  116. package/dist/queries/FileQueries.d.ts +205 -0
  117. package/dist/queries/PeopleSoftQueries.d.ts +2173 -0
  118. package/dist/queries/index.d.ts +2958 -0
  119. package/dist/queries-D-DV5lCw.js +2941 -0
  120. package/dist/queries-D-DV5lCw.js.map +1 -0
  121. package/dist/query.js +3 -0
  122. package/dist/queryClient-B__OEZ70.js +7 -0
  123. package/dist/queryClient-B__OEZ70.js.map +1 -0
  124. package/dist/utils-C4oJ0tr5.js +157 -0
  125. package/dist/utils-C4oJ0tr5.js.map +1 -0
  126. package/dist/utils.js +35 -0
  127. package/dist/utils.js.map +1 -0
  128. package/dist/vite.js +110 -0
  129. package/dist/vite.js.map +1 -0
  130. package/package.json +132 -62
  131. package/dist/src/components/Layout.d.ts +0 -16
  132. package/dist/src/components/Layout.js +0 -122
  133. package/dist/src/components/Layout.js.map +0 -1
  134. package/dist/src/components/dataGrid/ChipInputCell.js +0 -17
  135. package/dist/src/components/dataGrid/ChipInputCell.js.map +0 -1
  136. package/dist/src/components/dataGrid/EditableColumnHeader.d.ts +0 -2
  137. package/dist/src/components/dataGrid/EditableColumnHeader.js +0 -7
  138. package/dist/src/components/dataGrid/EditableColumnHeader.js.map +0 -1
  139. package/dist/src/components/dataGrid/GridToolbar.d.ts +0 -8
  140. package/dist/src/components/dataGrid/GridToolbar.js +0 -40
  141. package/dist/src/components/dataGrid/GridToolbar.js.map +0 -1
  142. package/dist/src/components/dataGrid/TableContainer.d.ts +0 -3
  143. package/dist/src/components/dataGrid/TableContainer.js +0 -32
  144. package/dist/src/components/dataGrid/TableContainer.js.map +0 -1
  145. package/dist/src/components/form/FormAutocomplete.js +0 -10
  146. package/dist/src/components/form/FormAutocomplete.js.map +0 -1
  147. package/dist/src/components/form/FormCheckbox.js +0 -11
  148. package/dist/src/components/form/FormCheckbox.js.map +0 -1
  149. package/dist/src/components/form/FormDatePicker.d.ts +0 -9
  150. package/dist/src/components/form/FormDatePicker.js +0 -19
  151. package/dist/src/components/form/FormDatePicker.js.map +0 -1
  152. package/dist/src/components/form/FormDateTimePicker.d.ts +0 -9
  153. package/dist/src/components/form/FormDateTimePicker.js +0 -19
  154. package/dist/src/components/form/FormDateTimePicker.js.map +0 -1
  155. package/dist/src/components/form/FormNumberField.js +0 -12
  156. package/dist/src/components/form/FormNumberField.js.map +0 -1
  157. package/dist/src/components/form/FormRadioGroup.js +0 -11
  158. package/dist/src/components/form/FormRadioGroup.js.map +0 -1
  159. package/dist/src/components/form/FormSlider.js +0 -11
  160. package/dist/src/components/form/FormSlider.js.map +0 -1
  161. package/dist/src/components/form/FormSubmitButton.d.ts +0 -5
  162. package/dist/src/components/form/FormSubmitButton.js +0 -13
  163. package/dist/src/components/form/FormSubmitButton.js.map +0 -1
  164. package/dist/src/components/form/FormSwitch.js +0 -11
  165. package/dist/src/components/form/FormSwitch.js.map +0 -1
  166. package/dist/src/components/form/FormTextField.js +0 -11
  167. package/dist/src/components/form/FormTextField.js.map +0 -1
  168. package/dist/src/components/layout/AccountMenu.d.ts +0 -9
  169. package/dist/src/components/layout/AccountMenu.js +0 -44
  170. package/dist/src/components/layout/AccountMenu.js.map +0 -1
  171. package/dist/src/components/layout/DevelopmentBanner.d.ts +0 -7
  172. package/dist/src/components/layout/DevelopmentBanner.js +0 -29
  173. package/dist/src/components/layout/DevelopmentBanner.js.map +0 -1
  174. package/dist/src/components/layout/ErrorPage.d.ts +0 -2
  175. package/dist/src/components/layout/ErrorPage.js +0 -25
  176. package/dist/src/components/layout/ErrorPage.js.map +0 -1
  177. package/dist/src/components/layout/LayoutDialog.d.ts +0 -12
  178. package/dist/src/components/layout/LayoutDialog.js +0 -12
  179. package/dist/src/components/layout/LayoutDialog.js.map +0 -1
  180. package/dist/src/components/layout/LayoutSnackbar.d.ts +0 -8
  181. package/dist/src/components/layout/LayoutSnackbar.js +0 -25
  182. package/dist/src/components/layout/LayoutSnackbar.js.map +0 -1
  183. package/dist/src/components/layout/NavigationDrawer.d.ts +0 -11
  184. package/dist/src/components/layout/NavigationDrawer.js +0 -70
  185. package/dist/src/components/layout/NavigationDrawer.js.map +0 -1
  186. package/dist/src/components/layout/NotificationMenu.d.ts +0 -8
  187. package/dist/src/components/layout/NotificationMenu.js +0 -26
  188. package/dist/src/components/layout/NotificationMenu.js.map +0 -1
  189. package/dist/src/components/layout/TypographyWithIcon.js +0 -22
  190. package/dist/src/components/layout/TypographyWithIcon.js.map +0 -1
  191. package/dist/src/components/layout/Unauthorized.d.ts +0 -2
  192. package/dist/src/components/layout/Unauthorized.js +0 -26
  193. package/dist/src/components/layout/Unauthorized.js.map +0 -1
  194. package/dist/src/contexts/LayoutContext.d.ts +0 -40
  195. package/dist/src/contexts/LayoutContext.js +0 -60
  196. package/dist/src/contexts/LayoutContext.js.map +0 -1
  197. package/dist/src/contexts/UserContext.d.ts +0 -24
  198. package/dist/src/contexts/UserContext.js +0 -55
  199. package/dist/src/contexts/UserContext.js.map +0 -1
  200. package/dist/src/hooks/FormHooks.d.ts +0 -46
  201. package/dist/src/hooks/FormHooks.js +0 -31
  202. package/dist/src/hooks/FormHooks.js.map +0 -1
  203. package/dist/src/hooks/UseSnackbar.d.ts +0 -10
  204. package/dist/src/hooks/UseSnackbar.js +0 -23
  205. package/dist/src/hooks/UseSnackbar.js.map +0 -1
  206. package/dist/src/hooks/UseUser.d.ts +0 -10
  207. package/dist/src/hooks/UseUser.js +0 -25
  208. package/dist/src/hooks/UseUser.js.map +0 -1
  209. package/dist/src/index.d.ts +0 -20
  210. package/dist/src/index.js +0 -15
  211. package/dist/src/index.js.map +0 -1
  212. package/dist/src/models/Error.d.ts +0 -6
  213. package/dist/src/models/Error.js +0 -2
  214. package/dist/src/models/Error.js.map +0 -1
  215. package/dist/src/models/KeycloakSettings.d.ts +0 -8
  216. package/dist/src/models/KeycloakSettings.js +0 -2
  217. package/dist/src/models/KeycloakSettings.js.map +0 -1
  218. package/dist/src/models/LayoutPaletteColorOptions.d.ts +0 -6
  219. package/dist/src/models/LayoutPaletteColorOptions.js +0 -2
  220. package/dist/src/models/LayoutPaletteColorOptions.js.map +0 -1
  221. package/dist/src/models/LayoutRoute.d.ts +0 -14
  222. package/dist/src/models/LayoutRoute.js +0 -2
  223. package/dist/src/models/LayoutRoute.js.map +0 -1
  224. package/dist/src/models/Notification.d.ts +0 -9
  225. package/dist/src/models/Notification.js +0 -2
  226. package/dist/src/models/Notification.js.map +0 -1
  227. package/dist/src/models/PeoplesoftDepartment.d.ts +0 -14
  228. package/dist/src/models/PeoplesoftDepartment.js +0 -2
  229. package/dist/src/models/PeoplesoftDepartment.js.map +0 -1
  230. package/dist/src/models/PeoplesoftEmployee.d.ts +0 -34
  231. package/dist/src/models/PeoplesoftEmployee.js +0 -2
  232. package/dist/src/models/PeoplesoftEmployee.js.map +0 -1
  233. package/dist/src/models/Snackbar.d.ts +0 -15
  234. package/dist/src/models/Snackbar.js +0 -2
  235. package/dist/src/models/Snackbar.js.map +0 -1
  236. package/dist/src/models/User.d.ts +0 -27
  237. package/dist/src/models/User.js +0 -11
  238. package/dist/src/models/User.js.map +0 -1
  239. package/dist/src/models/types/EmployeeCategoryGroup.d.ts +0 -1
  240. package/dist/src/models/types/EmployeeCategoryGroup.js +0 -2
  241. package/dist/src/models/types/EmployeeCategoryGroup.js.map +0 -1
  242. package/dist/src/models/types/EmployeeStatus.d.ts +0 -1
  243. package/dist/src/models/types/EmployeeStatus.js +0 -2
  244. package/dist/src/models/types/EmployeeStatus.js.map +0 -1
  245. package/dist/src/utils/Auth.d.ts +0 -12
  246. package/dist/src/utils/Auth.js +0 -49
  247. package/dist/src/utils/Auth.js.map +0 -1
  248. package/dist/src/utils/Fetches.d.ts +0 -5
  249. package/dist/src/utils/Fetches.js +0 -66
  250. package/dist/src/utils/Fetches.js.map +0 -1
  251. package/dist/src/utils/FormUtils.d.ts +0 -7
  252. package/dist/src/utils/FormUtils.js +0 -9
  253. package/dist/src/utils/FormUtils.js.map +0 -1
  254. package/dist/src/utils/Helpers.d.ts +0 -11
  255. package/dist/src/utils/Helpers.js +0 -26
  256. package/dist/src/utils/Helpers.js.map +0 -1
  257. package/dist/tsconfig.tsbuildinfo +0 -1
  258. package/src/components/Layout.tsx +0 -183
  259. package/src/components/dataGrid/ChipInputCell.tsx +0 -31
  260. package/src/components/dataGrid/EditableColumnHeader.tsx +0 -7
  261. package/src/components/dataGrid/GridToolbar.tsx +0 -63
  262. package/src/components/dataGrid/TableContainer.tsx +0 -39
  263. package/src/components/form/FormAutocomplete.tsx +0 -34
  264. package/src/components/form/FormCheckbox.tsx +0 -32
  265. package/src/components/form/FormDatePicker.tsx +0 -34
  266. package/src/components/form/FormDateTimePicker.tsx +0 -34
  267. package/src/components/form/FormNumberField.tsx +0 -33
  268. package/src/components/form/FormRadioGroup.tsx +0 -43
  269. package/src/components/form/FormSlider.tsx +0 -28
  270. package/src/components/form/FormSubmitButton.tsx +0 -29
  271. package/src/components/form/FormSwitch.tsx +0 -32
  272. package/src/components/form/FormTextField.tsx +0 -26
  273. package/src/components/layout/AccountMenu.tsx +0 -160
  274. package/src/components/layout/DevelopmentBanner.tsx +0 -54
  275. package/src/components/layout/ErrorPage.tsx +0 -34
  276. package/src/components/layout/LayoutDialog.tsx +0 -50
  277. package/src/components/layout/LayoutSnackbar.tsx +0 -44
  278. package/src/components/layout/NavigationDrawer.tsx +0 -131
  279. package/src/components/layout/NotificationMenu.tsx +0 -76
  280. package/src/components/layout/TypographyWithIcon.tsx +0 -35
  281. package/src/components/layout/Unauthorized.tsx +0 -37
  282. package/src/contexts/LayoutContext.tsx +0 -127
  283. package/src/contexts/UserContext.tsx +0 -88
  284. package/src/hooks/FormHooks.ts +0 -33
  285. package/src/hooks/UseSnackbar.tsx +0 -28
  286. package/src/hooks/UseUser.tsx +0 -29
  287. package/src/index.ts +0 -27
  288. package/src/models/Error.tsx +0 -6
  289. package/src/models/KeycloakSettings.ts +0 -8
  290. package/src/models/LayoutPaletteColorOptions.tsx +0 -7
  291. package/src/models/LayoutRoute.ts +0 -15
  292. package/src/models/Notification.ts +0 -10
  293. package/src/models/PeoplesoftDepartment.ts +0 -15
  294. package/src/models/PeoplesoftEmployee.ts +0 -35
  295. package/src/models/Snackbar.ts +0 -16
  296. package/src/models/User.ts +0 -13
  297. package/src/models/types/EmployeeCategoryGroup.ts +0 -1
  298. package/src/models/types/EmployeeStatus.ts +0 -1
  299. package/src/utils/Auth.ts +0 -58
  300. package/src/utils/Fetches.ts +0 -83
  301. package/src/utils/FormUtils.ts +0 -22
  302. package/src/utils/Helpers.ts +0 -27
  303. package/tsconfig.json +0 -29
@@ -0,0 +1,1051 @@
1
+ import { h as e, i as t, u as n } from "./utils-C4oJ0tr5.js";
2
+ import { z as r } from "zod";
3
+ import { createMiddleware as i } from "@tanstack/react-start";
4
+ //#region node_modules/jose/dist/webapi/lib/buffer_utils.js
5
+ var a = new TextEncoder(), o = new TextDecoder();
6
+ function s(...e) {
7
+ let t = e.reduce((e, { length: t }) => e + t, 0), n = new Uint8Array(t), r = 0;
8
+ for (let t of e) n.set(t, r), r += t.length;
9
+ return n;
10
+ }
11
+ function c(e) {
12
+ let t = new Uint8Array(e.length);
13
+ for (let n = 0; n < e.length; n++) {
14
+ let r = e.charCodeAt(n);
15
+ if (r > 127) throw TypeError("non-ASCII string encountered in encode()");
16
+ t[n] = r;
17
+ }
18
+ return t;
19
+ }
20
+ //#endregion
21
+ //#region node_modules/jose/dist/webapi/lib/base64.js
22
+ function l(e) {
23
+ if (Uint8Array.fromBase64) return Uint8Array.fromBase64(e);
24
+ let t = atob(e), n = new Uint8Array(t.length);
25
+ for (let e = 0; e < t.length; e++) n[e] = t.charCodeAt(e);
26
+ return n;
27
+ }
28
+ //#endregion
29
+ //#region node_modules/jose/dist/webapi/util/base64url.js
30
+ function u(e) {
31
+ if (Uint8Array.fromBase64) return Uint8Array.fromBase64(typeof e == "string" ? e : o.decode(e), { alphabet: "base64url" });
32
+ let t = e;
33
+ t instanceof Uint8Array && (t = o.decode(t)), t = t.replace(/-/g, "+").replace(/_/g, "/");
34
+ try {
35
+ return l(t);
36
+ } catch {
37
+ throw TypeError("The input to be decoded is not correctly encoded.");
38
+ }
39
+ }
40
+ //#endregion
41
+ //#region node_modules/jose/dist/webapi/lib/crypto_key.js
42
+ var d = (e, t = "algorithm.name") => /* @__PURE__ */ TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`), f = (e, t) => e.name === t;
43
+ function p(e) {
44
+ return parseInt(e.name.slice(4), 10);
45
+ }
46
+ function m(e, t) {
47
+ if (p(e.hash) !== t) throw d(`SHA-${t}`, "algorithm.hash");
48
+ }
49
+ function h(e) {
50
+ switch (e) {
51
+ case "ES256": return "P-256";
52
+ case "ES384": return "P-384";
53
+ case "ES512": return "P-521";
54
+ default: throw Error("unreachable");
55
+ }
56
+ }
57
+ function g(e, t) {
58
+ if (t && !e.usages.includes(t)) throw TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`);
59
+ }
60
+ function _(e, t, n) {
61
+ switch (t) {
62
+ case "HS256":
63
+ case "HS384":
64
+ case "HS512":
65
+ if (!f(e.algorithm, "HMAC")) throw d("HMAC");
66
+ m(e.algorithm, parseInt(t.slice(2), 10));
67
+ break;
68
+ case "RS256":
69
+ case "RS384":
70
+ case "RS512":
71
+ if (!f(e.algorithm, "RSASSA-PKCS1-v1_5")) throw d("RSASSA-PKCS1-v1_5");
72
+ m(e.algorithm, parseInt(t.slice(2), 10));
73
+ break;
74
+ case "PS256":
75
+ case "PS384":
76
+ case "PS512":
77
+ if (!f(e.algorithm, "RSA-PSS")) throw d("RSA-PSS");
78
+ m(e.algorithm, parseInt(t.slice(2), 10));
79
+ break;
80
+ case "Ed25519":
81
+ case "EdDSA":
82
+ if (!f(e.algorithm, "Ed25519")) throw d("Ed25519");
83
+ break;
84
+ case "ML-DSA-44":
85
+ case "ML-DSA-65":
86
+ case "ML-DSA-87":
87
+ if (!f(e.algorithm, t)) throw d(t);
88
+ break;
89
+ case "ES256":
90
+ case "ES384":
91
+ case "ES512": {
92
+ if (!f(e.algorithm, "ECDSA")) throw d("ECDSA");
93
+ let n = h(t);
94
+ if (e.algorithm.namedCurve !== n) throw d(n, "algorithm.namedCurve");
95
+ break;
96
+ }
97
+ default: throw TypeError("CryptoKey does not support this operation");
98
+ }
99
+ g(e, n);
100
+ }
101
+ //#endregion
102
+ //#region node_modules/jose/dist/webapi/lib/invalid_key_input.js
103
+ function v(e, t, ...n) {
104
+ if (n = n.filter(Boolean), n.length > 2) {
105
+ let t = n.pop();
106
+ e += `one of type ${n.join(", ")}, or ${t}.`;
107
+ } else n.length === 2 ? e += `one of type ${n[0]} or ${n[1]}.` : e += `of type ${n[0]}.`;
108
+ return t == null ? e += ` Received ${t}` : typeof t == "function" && t.name ? e += ` Received function ${t.name}` : typeof t == "object" && t && t.constructor?.name && (e += ` Received an instance of ${t.constructor.name}`), e;
109
+ }
110
+ var y = (e, ...t) => v("Key must be ", e, ...t), b = (e, t, ...n) => v(`Key for the ${e} algorithm must be `, t, ...n), x = class extends Error {
111
+ static code = "ERR_JOSE_GENERIC";
112
+ code = "ERR_JOSE_GENERIC";
113
+ constructor(e, t) {
114
+ super(e, t), this.name = this.constructor.name, Error.captureStackTrace?.(this, this.constructor);
115
+ }
116
+ }, S = class extends x {
117
+ static code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
118
+ code = "ERR_JWT_CLAIM_VALIDATION_FAILED";
119
+ claim;
120
+ reason;
121
+ payload;
122
+ constructor(e, t, n = "unspecified", r = "unspecified") {
123
+ super(e, { cause: {
124
+ claim: n,
125
+ reason: r,
126
+ payload: t
127
+ } }), this.claim = n, this.reason = r, this.payload = t;
128
+ }
129
+ }, C = class extends x {
130
+ static code = "ERR_JWT_EXPIRED";
131
+ code = "ERR_JWT_EXPIRED";
132
+ claim;
133
+ reason;
134
+ payload;
135
+ constructor(e, t, n = "unspecified", r = "unspecified") {
136
+ super(e, { cause: {
137
+ claim: n,
138
+ reason: r,
139
+ payload: t
140
+ } }), this.claim = n, this.reason = r, this.payload = t;
141
+ }
142
+ }, ee = class extends x {
143
+ static code = "ERR_JOSE_ALG_NOT_ALLOWED";
144
+ code = "ERR_JOSE_ALG_NOT_ALLOWED";
145
+ }, w = class extends x {
146
+ static code = "ERR_JOSE_NOT_SUPPORTED";
147
+ code = "ERR_JOSE_NOT_SUPPORTED";
148
+ }, T = class extends x {
149
+ static code = "ERR_JWS_INVALID";
150
+ code = "ERR_JWS_INVALID";
151
+ }, E = class extends x {
152
+ static code = "ERR_JWT_INVALID";
153
+ code = "ERR_JWT_INVALID";
154
+ }, D = class extends x {
155
+ static code = "ERR_JWKS_INVALID";
156
+ code = "ERR_JWKS_INVALID";
157
+ }, O = class extends x {
158
+ static code = "ERR_JWKS_NO_MATCHING_KEY";
159
+ code = "ERR_JWKS_NO_MATCHING_KEY";
160
+ constructor(e = "no applicable key found in the JSON Web Key Set", t) {
161
+ super(e, t);
162
+ }
163
+ }, te = class extends x {
164
+ [Symbol.asyncIterator];
165
+ static code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
166
+ code = "ERR_JWKS_MULTIPLE_MATCHING_KEYS";
167
+ constructor(e = "multiple matching keys found in the JSON Web Key Set", t) {
168
+ super(e, t);
169
+ }
170
+ }, ne = class extends x {
171
+ static code = "ERR_JWKS_TIMEOUT";
172
+ code = "ERR_JWKS_TIMEOUT";
173
+ constructor(e = "request timed out", t) {
174
+ super(e, t);
175
+ }
176
+ }, re = class extends x {
177
+ static code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
178
+ code = "ERR_JWS_SIGNATURE_VERIFICATION_FAILED";
179
+ constructor(e = "signature verification failed", t) {
180
+ super(e, t);
181
+ }
182
+ }, k = (e) => {
183
+ if (e?.[Symbol.toStringTag] === "CryptoKey") return !0;
184
+ try {
185
+ return e instanceof CryptoKey;
186
+ } catch {
187
+ return !1;
188
+ }
189
+ }, A = (e) => e?.[Symbol.toStringTag] === "KeyObject", j = (e) => k(e) || A(e);
190
+ //#endregion
191
+ //#region node_modules/jose/dist/webapi/lib/helpers.js
192
+ function M(e, t, n) {
193
+ try {
194
+ return u(e);
195
+ } catch {
196
+ throw new n(`Failed to base64url decode the ${t}`);
197
+ }
198
+ }
199
+ //#endregion
200
+ //#region node_modules/jose/dist/webapi/lib/type_checks.js
201
+ var ie = (e) => typeof e == "object" && !!e;
202
+ function N(e) {
203
+ if (!ie(e) || Object.prototype.toString.call(e) !== "[object Object]") return !1;
204
+ if (Object.getPrototypeOf(e) === null) return !0;
205
+ let t = e;
206
+ for (; Object.getPrototypeOf(t) !== null;) t = Object.getPrototypeOf(t);
207
+ return Object.getPrototypeOf(e) === t;
208
+ }
209
+ function ae(...e) {
210
+ let t = e.filter(Boolean);
211
+ if (t.length === 0 || t.length === 1) return !0;
212
+ let n;
213
+ for (let e of t) {
214
+ let t = Object.keys(e);
215
+ if (!n || n.size === 0) {
216
+ n = new Set(t);
217
+ continue;
218
+ }
219
+ for (let e of t) {
220
+ if (n.has(e)) return !1;
221
+ n.add(e);
222
+ }
223
+ }
224
+ return !0;
225
+ }
226
+ var P = (e) => N(e) && typeof e.kty == "string", oe = (e) => e.kty !== "oct" && (e.kty === "AKP" && typeof e.priv == "string" || typeof e.d == "string"), se = (e) => e.kty !== "oct" && e.d === void 0 && e.priv === void 0, ce = (e) => e.kty === "oct" && typeof e.k == "string";
227
+ //#endregion
228
+ //#region node_modules/jose/dist/webapi/lib/signing.js
229
+ function le(e, t) {
230
+ if (e.startsWith("RS") || e.startsWith("PS")) {
231
+ let { modulusLength: n } = t.algorithm;
232
+ if (typeof n != "number" || n < 2048) throw TypeError(`${e} requires key modulusLength to be 2048 bits or larger`);
233
+ }
234
+ }
235
+ function ue(e, t) {
236
+ let n = `SHA-${e.slice(-3)}`;
237
+ switch (e) {
238
+ case "HS256":
239
+ case "HS384":
240
+ case "HS512": return {
241
+ hash: n,
242
+ name: "HMAC"
243
+ };
244
+ case "PS256":
245
+ case "PS384":
246
+ case "PS512": return {
247
+ hash: n,
248
+ name: "RSA-PSS",
249
+ saltLength: parseInt(e.slice(-3), 10) >> 3
250
+ };
251
+ case "RS256":
252
+ case "RS384":
253
+ case "RS512": return {
254
+ hash: n,
255
+ name: "RSASSA-PKCS1-v1_5"
256
+ };
257
+ case "ES256":
258
+ case "ES384":
259
+ case "ES512": return {
260
+ hash: n,
261
+ name: "ECDSA",
262
+ namedCurve: t.namedCurve
263
+ };
264
+ case "Ed25519":
265
+ case "EdDSA": return { name: "Ed25519" };
266
+ case "ML-DSA-44":
267
+ case "ML-DSA-65":
268
+ case "ML-DSA-87": return { name: e };
269
+ default: throw new w(`alg ${e} is not supported either by JOSE or your javascript runtime`);
270
+ }
271
+ }
272
+ async function de(e, t, n) {
273
+ if (t instanceof Uint8Array) {
274
+ if (!e.startsWith("HS")) throw TypeError(y(t, "CryptoKey", "KeyObject", "JSON Web Key"));
275
+ return crypto.subtle.importKey("raw", t, {
276
+ hash: `SHA-${e.slice(-3)}`,
277
+ name: "HMAC"
278
+ }, !1, [n]);
279
+ }
280
+ return _(t, e, n), t;
281
+ }
282
+ async function fe(e, t, n, r) {
283
+ let i = await de(e, t, "verify");
284
+ le(e, i);
285
+ let a = ue(e, i.algorithm);
286
+ try {
287
+ return await crypto.subtle.verify(a, i, n, r);
288
+ } catch {
289
+ return !1;
290
+ }
291
+ }
292
+ //#endregion
293
+ //#region node_modules/jose/dist/webapi/lib/jwk_to_key.js
294
+ var F = "Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value";
295
+ function pe(e) {
296
+ let t, n;
297
+ switch (e.kty) {
298
+ case "AKP":
299
+ switch (e.alg) {
300
+ case "ML-DSA-44":
301
+ case "ML-DSA-65":
302
+ case "ML-DSA-87":
303
+ t = { name: e.alg }, n = e.priv ? ["sign"] : ["verify"];
304
+ break;
305
+ default: throw new w(F);
306
+ }
307
+ break;
308
+ case "RSA":
309
+ switch (e.alg) {
310
+ case "PS256":
311
+ case "PS384":
312
+ case "PS512":
313
+ t = {
314
+ name: "RSA-PSS",
315
+ hash: `SHA-${e.alg.slice(-3)}`
316
+ }, n = e.d ? ["sign"] : ["verify"];
317
+ break;
318
+ case "RS256":
319
+ case "RS384":
320
+ case "RS512":
321
+ t = {
322
+ name: "RSASSA-PKCS1-v1_5",
323
+ hash: `SHA-${e.alg.slice(-3)}`
324
+ }, n = e.d ? ["sign"] : ["verify"];
325
+ break;
326
+ case "RSA-OAEP":
327
+ case "RSA-OAEP-256":
328
+ case "RSA-OAEP-384":
329
+ case "RSA-OAEP-512":
330
+ t = {
331
+ name: "RSA-OAEP",
332
+ hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
333
+ }, n = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
334
+ break;
335
+ default: throw new w(F);
336
+ }
337
+ break;
338
+ case "EC":
339
+ switch (e.alg) {
340
+ case "ES256":
341
+ case "ES384":
342
+ case "ES512":
343
+ t = {
344
+ name: "ECDSA",
345
+ namedCurve: {
346
+ ES256: "P-256",
347
+ ES384: "P-384",
348
+ ES512: "P-521"
349
+ }[e.alg]
350
+ }, n = e.d ? ["sign"] : ["verify"];
351
+ break;
352
+ case "ECDH-ES":
353
+ case "ECDH-ES+A128KW":
354
+ case "ECDH-ES+A192KW":
355
+ case "ECDH-ES+A256KW":
356
+ t = {
357
+ name: "ECDH",
358
+ namedCurve: e.crv
359
+ }, n = e.d ? ["deriveBits"] : [];
360
+ break;
361
+ default: throw new w(F);
362
+ }
363
+ break;
364
+ case "OKP":
365
+ switch (e.alg) {
366
+ case "Ed25519":
367
+ case "EdDSA":
368
+ t = { name: "Ed25519" }, n = e.d ? ["sign"] : ["verify"];
369
+ break;
370
+ case "ECDH-ES":
371
+ case "ECDH-ES+A128KW":
372
+ case "ECDH-ES+A192KW":
373
+ case "ECDH-ES+A256KW":
374
+ t = { name: e.crv }, n = e.d ? ["deriveBits"] : [];
375
+ break;
376
+ default: throw new w(F);
377
+ }
378
+ break;
379
+ default: throw new w("Invalid or unsupported JWK \"kty\" (Key Type) Parameter value");
380
+ }
381
+ return {
382
+ algorithm: t,
383
+ keyUsages: n
384
+ };
385
+ }
386
+ async function I(e) {
387
+ if (!e.alg) throw TypeError("\"alg\" argument is required when \"jwk.alg\" is not present");
388
+ let { algorithm: t, keyUsages: n } = pe(e), r = { ...e };
389
+ return r.kty !== "AKP" && delete r.alg, delete r.use, crypto.subtle.importKey("jwk", r, t, e.ext ?? !(e.d || e.priv), e.key_ops ?? n);
390
+ }
391
+ //#endregion
392
+ //#region node_modules/jose/dist/webapi/lib/normalize_key.js
393
+ var L = "given KeyObject instance cannot be used for this algorithm", R, z = async (e, t, n, r = !1) => {
394
+ R ||= /* @__PURE__ */ new WeakMap();
395
+ let i = R.get(e);
396
+ if (i?.[n]) return i[n];
397
+ let a = await I({
398
+ ...t,
399
+ alg: n
400
+ });
401
+ return r && Object.freeze(e), i ? i[n] = a : R.set(e, { [n]: a }), a;
402
+ }, me = (e, t) => {
403
+ R ||= /* @__PURE__ */ new WeakMap();
404
+ let n = R.get(e);
405
+ if (n?.[t]) return n[t];
406
+ let r = e.type === "public", i = !!r, a;
407
+ if (e.asymmetricKeyType === "x25519") {
408
+ switch (t) {
409
+ case "ECDH-ES":
410
+ case "ECDH-ES+A128KW":
411
+ case "ECDH-ES+A192KW":
412
+ case "ECDH-ES+A256KW": break;
413
+ default: throw TypeError(L);
414
+ }
415
+ a = e.toCryptoKey(e.asymmetricKeyType, i, r ? [] : ["deriveBits"]);
416
+ }
417
+ if (e.asymmetricKeyType === "ed25519") {
418
+ if (t !== "EdDSA" && t !== "Ed25519") throw TypeError(L);
419
+ a = e.toCryptoKey(e.asymmetricKeyType, i, [r ? "verify" : "sign"]);
420
+ }
421
+ switch (e.asymmetricKeyType) {
422
+ case "ml-dsa-44":
423
+ case "ml-dsa-65":
424
+ case "ml-dsa-87":
425
+ if (t !== e.asymmetricKeyType.toUpperCase()) throw TypeError(L);
426
+ a = e.toCryptoKey(e.asymmetricKeyType, i, [r ? "verify" : "sign"]);
427
+ }
428
+ if (e.asymmetricKeyType === "rsa") {
429
+ let n;
430
+ switch (t) {
431
+ case "RSA-OAEP":
432
+ n = "SHA-1";
433
+ break;
434
+ case "RS256":
435
+ case "PS256":
436
+ case "RSA-OAEP-256":
437
+ n = "SHA-256";
438
+ break;
439
+ case "RS384":
440
+ case "PS384":
441
+ case "RSA-OAEP-384":
442
+ n = "SHA-384";
443
+ break;
444
+ case "RS512":
445
+ case "PS512":
446
+ case "RSA-OAEP-512":
447
+ n = "SHA-512";
448
+ break;
449
+ default: throw TypeError(L);
450
+ }
451
+ if (t.startsWith("RSA-OAEP")) return e.toCryptoKey({
452
+ name: "RSA-OAEP",
453
+ hash: n
454
+ }, i, r ? ["encrypt"] : ["decrypt"]);
455
+ a = e.toCryptoKey({
456
+ name: t.startsWith("PS") ? "RSA-PSS" : "RSASSA-PKCS1-v1_5",
457
+ hash: n
458
+ }, i, [r ? "verify" : "sign"]);
459
+ }
460
+ if (e.asymmetricKeyType === "ec") {
461
+ let n = new Map([
462
+ ["prime256v1", "P-256"],
463
+ ["secp384r1", "P-384"],
464
+ ["secp521r1", "P-521"]
465
+ ]).get(e.asymmetricKeyDetails?.namedCurve);
466
+ if (!n) throw TypeError(L);
467
+ let o = {
468
+ ES256: "P-256",
469
+ ES384: "P-384",
470
+ ES512: "P-521"
471
+ };
472
+ o[t] && n === o[t] && (a = e.toCryptoKey({
473
+ name: "ECDSA",
474
+ namedCurve: n
475
+ }, i, [r ? "verify" : "sign"])), t.startsWith("ECDH-ES") && (a = e.toCryptoKey({
476
+ name: "ECDH",
477
+ namedCurve: n
478
+ }, i, r ? [] : ["deriveBits"]));
479
+ }
480
+ if (!a) throw TypeError(L);
481
+ return n ? n[t] = a : R.set(e, { [t]: a }), a;
482
+ };
483
+ async function he(e, t) {
484
+ if (e instanceof Uint8Array || k(e)) return e;
485
+ if (A(e)) {
486
+ if (e.type === "secret") return e.export();
487
+ if ("toCryptoKey" in e && typeof e.toCryptoKey == "function") try {
488
+ return me(e, t);
489
+ } catch (e) {
490
+ if (e instanceof TypeError) throw e;
491
+ }
492
+ return z(e, e.export({ format: "jwk" }), t);
493
+ }
494
+ if (P(e)) return e.k ? u(e.k) : z(e, e, t, !0);
495
+ throw Error("unreachable");
496
+ }
497
+ //#endregion
498
+ //#region node_modules/jose/dist/webapi/key/import.js
499
+ async function ge(e, t, n) {
500
+ if (!N(e)) throw TypeError("JWK must be an object");
501
+ let r;
502
+ switch (t ??= e.alg, r ??= n?.extractable ?? e.ext, e.kty) {
503
+ case "oct":
504
+ if (typeof e.k != "string" || !e.k) throw TypeError("missing \"k\" (Key Value) Parameter value");
505
+ return u(e.k);
506
+ case "RSA":
507
+ if ("oth" in e && e.oth !== void 0) throw new w("RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported");
508
+ return I({
509
+ ...e,
510
+ alg: t,
511
+ ext: r
512
+ });
513
+ case "AKP":
514
+ if (typeof e.alg != "string" || !e.alg) throw TypeError("missing \"alg\" (Algorithm) Parameter value");
515
+ if (t !== void 0 && t !== e.alg) throw TypeError("JWK alg and alg option value mismatch");
516
+ return I({
517
+ ...e,
518
+ ext: r
519
+ });
520
+ case "EC":
521
+ case "OKP": return I({
522
+ ...e,
523
+ alg: t,
524
+ ext: r
525
+ });
526
+ default: throw new w("Unsupported \"kty\" (Key Type) Parameter value");
527
+ }
528
+ }
529
+ //#endregion
530
+ //#region node_modules/jose/dist/webapi/lib/validate_crit.js
531
+ function _e(e, t, n, r, i) {
532
+ if (i.crit !== void 0 && r?.crit === void 0) throw new e("\"crit\" (Critical) Header Parameter MUST be integrity protected");
533
+ if (!r || r.crit === void 0) return /* @__PURE__ */ new Set();
534
+ if (!Array.isArray(r.crit) || r.crit.length === 0 || r.crit.some((e) => typeof e != "string" || e.length === 0)) throw new e("\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present");
535
+ let a;
536
+ a = n === void 0 ? t : new Map([...Object.entries(n), ...t.entries()]);
537
+ for (let t of r.crit) {
538
+ if (!a.has(t)) throw new w(`Extension Header Parameter "${t}" is not recognized`);
539
+ if (i[t] === void 0) throw new e(`Extension Header Parameter "${t}" is missing`);
540
+ if (a.get(t) && r[t] === void 0) throw new e(`Extension Header Parameter "${t}" MUST be integrity protected`);
541
+ }
542
+ return new Set(r.crit);
543
+ }
544
+ //#endregion
545
+ //#region node_modules/jose/dist/webapi/lib/validate_algorithms.js
546
+ function ve(e, t) {
547
+ if (t !== void 0 && (!Array.isArray(t) || t.some((e) => typeof e != "string"))) throw TypeError(`"${e}" option must be an array of strings`);
548
+ if (t) return new Set(t);
549
+ }
550
+ //#endregion
551
+ //#region node_modules/jose/dist/webapi/lib/check_key_type.js
552
+ var B = (e) => e?.[Symbol.toStringTag], V = (e, t, n) => {
553
+ if (t.use !== void 0) {
554
+ let e;
555
+ switch (n) {
556
+ case "sign":
557
+ case "verify":
558
+ e = "sig";
559
+ break;
560
+ case "encrypt":
561
+ case "decrypt":
562
+ e = "enc";
563
+ break;
564
+ }
565
+ if (t.use !== e) throw TypeError(`Invalid key for this operation, its "use" must be "${e}" when present`);
566
+ }
567
+ if (t.alg !== void 0 && t.alg !== e) throw TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);
568
+ if (Array.isArray(t.key_ops)) {
569
+ let r;
570
+ switch (!0) {
571
+ case n === "sign" || n === "verify":
572
+ case e === "dir":
573
+ case e.includes("CBC-HS"):
574
+ r = n;
575
+ break;
576
+ case e.startsWith("PBES2"):
577
+ r = "deriveBits";
578
+ break;
579
+ case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):
580
+ r = !e.includes("GCM") && e.endsWith("KW") ? n === "encrypt" ? "wrapKey" : "unwrapKey" : n;
581
+ break;
582
+ case n === "encrypt" && e.startsWith("RSA"):
583
+ r = "wrapKey";
584
+ break;
585
+ case n === "decrypt":
586
+ r = e.startsWith("RSA") ? "unwrapKey" : "deriveBits";
587
+ break;
588
+ }
589
+ if (r && t.key_ops?.includes?.(r) === !1) throw TypeError(`Invalid key for this operation, its "key_ops" must include "${r}" when present`);
590
+ }
591
+ return !0;
592
+ }, ye = (e, t, n) => {
593
+ if (!(t instanceof Uint8Array)) {
594
+ if (P(t)) {
595
+ if (ce(t) && V(e, t, n)) return;
596
+ throw TypeError("JSON Web Key for symmetric algorithms must have JWK \"kty\" (Key Type) equal to \"oct\" and the JWK \"k\" (Key Value) present");
597
+ }
598
+ if (!j(t)) throw TypeError(b(e, t, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
599
+ if (t.type !== "secret") throw TypeError(`${B(t)} instances for symmetric algorithms must be of type "secret"`);
600
+ }
601
+ }, be = (e, t, n) => {
602
+ if (P(t)) switch (n) {
603
+ case "decrypt":
604
+ case "sign":
605
+ if (oe(t) && V(e, t, n)) return;
606
+ throw TypeError("JSON Web Key for this operation must be a private JWK");
607
+ case "encrypt":
608
+ case "verify":
609
+ if (se(t) && V(e, t, n)) return;
610
+ throw TypeError("JSON Web Key for this operation must be a public JWK");
611
+ }
612
+ if (!j(t)) throw TypeError(b(e, t, "CryptoKey", "KeyObject", "JSON Web Key"));
613
+ if (t.type === "secret") throw TypeError(`${B(t)} instances for asymmetric algorithms must not be of type "secret"`);
614
+ if (t.type === "public") switch (n) {
615
+ case "sign": throw TypeError(`${B(t)} instances for asymmetric algorithm signing must be of type "private"`);
616
+ case "decrypt": throw TypeError(`${B(t)} instances for asymmetric algorithm decryption must be of type "private"`);
617
+ }
618
+ if (t.type === "private") switch (n) {
619
+ case "verify": throw TypeError(`${B(t)} instances for asymmetric algorithm verifying must be of type "public"`);
620
+ case "encrypt": throw TypeError(`${B(t)} instances for asymmetric algorithm encryption must be of type "public"`);
621
+ }
622
+ };
623
+ function xe(e, t, n) {
624
+ switch (e.substring(0, 2)) {
625
+ case "A1":
626
+ case "A2":
627
+ case "di":
628
+ case "HS":
629
+ case "PB":
630
+ ye(e, t, n);
631
+ break;
632
+ default: be(e, t, n);
633
+ }
634
+ }
635
+ //#endregion
636
+ //#region node_modules/jose/dist/webapi/jws/flattened/verify.js
637
+ async function Se(e, t, n) {
638
+ if (!N(e)) throw new T("Flattened JWS must be an object");
639
+ if (e.protected === void 0 && e.header === void 0) throw new T("Flattened JWS must have either of the \"protected\" or \"header\" members");
640
+ if (e.protected !== void 0 && typeof e.protected != "string") throw new T("JWS Protected Header incorrect type");
641
+ if (e.payload === void 0) throw new T("JWS Payload missing");
642
+ if (typeof e.signature != "string") throw new T("JWS Signature missing or incorrect type");
643
+ if (e.header !== void 0 && !N(e.header)) throw new T("JWS Unprotected Header incorrect type");
644
+ let r = {};
645
+ if (e.protected) try {
646
+ let t = u(e.protected);
647
+ r = JSON.parse(o.decode(t));
648
+ } catch {
649
+ throw new T("JWS Protected Header is invalid");
650
+ }
651
+ if (!ae(r, e.header)) throw new T("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");
652
+ let i = {
653
+ ...r,
654
+ ...e.header
655
+ }, l = _e(T, new Map([["b64", !0]]), n?.crit, r, i), d = !0;
656
+ if (l.has("b64") && (d = r.b64, typeof d != "boolean")) throw new T("The \"b64\" (base64url-encode payload) Header Parameter must be a boolean");
657
+ let { alg: f } = i;
658
+ if (typeof f != "string" || !f) throw new T("JWS \"alg\" (Algorithm) Header Parameter missing or invalid");
659
+ let p = n && ve("algorithms", n.algorithms);
660
+ if (p && !p.has(f)) throw new ee("\"alg\" (Algorithm) Header Parameter value not allowed");
661
+ if (d) {
662
+ if (typeof e.payload != "string") throw new T("JWS Payload must be a string");
663
+ } else if (typeof e.payload != "string" && !(e.payload instanceof Uint8Array)) throw new T("JWS Payload must be a string or an Uint8Array instance");
664
+ let m = !1;
665
+ typeof t == "function" && (t = await t(r, e), m = !0), xe(f, t, "verify");
666
+ let h = s(e.protected === void 0 ? new Uint8Array() : c(e.protected), c("."), typeof e.payload == "string" ? d ? c(e.payload) : a.encode(e.payload) : e.payload), g = M(e.signature, "signature", T), _ = await he(t, f);
667
+ if (!await fe(f, _, g, h)) throw new re();
668
+ let v;
669
+ v = d ? M(e.payload, "payload", T) : typeof e.payload == "string" ? a.encode(e.payload) : e.payload;
670
+ let y = { payload: v };
671
+ return e.protected !== void 0 && (y.protectedHeader = r), e.header !== void 0 && (y.unprotectedHeader = e.header), m ? {
672
+ ...y,
673
+ key: _
674
+ } : y;
675
+ }
676
+ //#endregion
677
+ //#region node_modules/jose/dist/webapi/jws/compact/verify.js
678
+ async function Ce(e, t, n) {
679
+ if (e instanceof Uint8Array && (e = o.decode(e)), typeof e != "string") throw new T("Compact JWS must be a string or Uint8Array");
680
+ let { 0: r, 1: i, 2: a, length: s } = e.split(".");
681
+ if (s !== 3) throw new T("Invalid Compact JWS");
682
+ let c = await Se({
683
+ payload: i,
684
+ protected: r,
685
+ signature: a
686
+ }, t, n), l = {
687
+ payload: c.payload,
688
+ protectedHeader: c.protectedHeader
689
+ };
690
+ return typeof t == "function" ? {
691
+ ...l,
692
+ key: c.key
693
+ } : l;
694
+ }
695
+ //#endregion
696
+ //#region node_modules/jose/dist/webapi/lib/jwt_claims_set.js
697
+ var we = (e) => Math.floor(e.getTime() / 1e3), H = 60, U = H * 60, W = U * 24, Te = W * 7, Ee = W * 365.25, De = /^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;
698
+ function G(e) {
699
+ let t = De.exec(e);
700
+ if (!t || t[4] && t[1]) throw TypeError("Invalid time period format");
701
+ let n = parseFloat(t[2]), r = t[3].toLowerCase(), i;
702
+ switch (r) {
703
+ case "sec":
704
+ case "secs":
705
+ case "second":
706
+ case "seconds":
707
+ case "s":
708
+ i = Math.round(n);
709
+ break;
710
+ case "minute":
711
+ case "minutes":
712
+ case "min":
713
+ case "mins":
714
+ case "m":
715
+ i = Math.round(n * H);
716
+ break;
717
+ case "hour":
718
+ case "hours":
719
+ case "hr":
720
+ case "hrs":
721
+ case "h":
722
+ i = Math.round(n * U);
723
+ break;
724
+ case "day":
725
+ case "days":
726
+ case "d":
727
+ i = Math.round(n * W);
728
+ break;
729
+ case "week":
730
+ case "weeks":
731
+ case "w":
732
+ i = Math.round(n * Te);
733
+ break;
734
+ default:
735
+ i = Math.round(n * Ee);
736
+ break;
737
+ }
738
+ return t[1] === "-" || t[4] === "ago" ? -i : i;
739
+ }
740
+ var K = (e) => e.includes("/") ? e.toLowerCase() : `application/${e.toLowerCase()}`, Oe = (e, t) => typeof e == "string" ? t.includes(e) : Array.isArray(e) ? t.some(Set.prototype.has.bind(new Set(e))) : !1;
741
+ function ke(e, t, n = {}) {
742
+ let r;
743
+ try {
744
+ r = JSON.parse(o.decode(t));
745
+ } catch {}
746
+ if (!N(r)) throw new E("JWT Claims Set must be a top-level JSON object");
747
+ let { typ: i } = n;
748
+ if (i && (typeof e.typ != "string" || K(e.typ) !== K(i))) throw new S("unexpected \"typ\" JWT header value", r, "typ", "check_failed");
749
+ let { requiredClaims: a = [], issuer: s, subject: c, audience: l, maxTokenAge: u } = n, d = [...a];
750
+ u !== void 0 && d.push("iat"), l !== void 0 && d.push("aud"), c !== void 0 && d.push("sub"), s !== void 0 && d.push("iss");
751
+ for (let e of new Set(d.reverse())) if (!(e in r)) throw new S(`missing required "${e}" claim`, r, e, "missing");
752
+ if (s && !(Array.isArray(s) ? s : [s]).includes(r.iss)) throw new S("unexpected \"iss\" claim value", r, "iss", "check_failed");
753
+ if (c && r.sub !== c) throw new S("unexpected \"sub\" claim value", r, "sub", "check_failed");
754
+ if (l && !Oe(r.aud, typeof l == "string" ? [l] : l)) throw new S("unexpected \"aud\" claim value", r, "aud", "check_failed");
755
+ let f;
756
+ switch (typeof n.clockTolerance) {
757
+ case "string":
758
+ f = G(n.clockTolerance);
759
+ break;
760
+ case "number":
761
+ f = n.clockTolerance;
762
+ break;
763
+ case "undefined":
764
+ f = 0;
765
+ break;
766
+ default: throw TypeError("Invalid clockTolerance option type");
767
+ }
768
+ let { currentDate: p } = n, m = we(p || /* @__PURE__ */ new Date());
769
+ if ((r.iat !== void 0 || u) && typeof r.iat != "number") throw new S("\"iat\" claim must be a number", r, "iat", "invalid");
770
+ if (r.nbf !== void 0) {
771
+ if (typeof r.nbf != "number") throw new S("\"nbf\" claim must be a number", r, "nbf", "invalid");
772
+ if (r.nbf > m + f) throw new S("\"nbf\" claim timestamp check failed", r, "nbf", "check_failed");
773
+ }
774
+ if (r.exp !== void 0) {
775
+ if (typeof r.exp != "number") throw new S("\"exp\" claim must be a number", r, "exp", "invalid");
776
+ if (r.exp <= m - f) throw new C("\"exp\" claim timestamp check failed", r, "exp", "check_failed");
777
+ }
778
+ if (u) {
779
+ let e = m - r.iat, t = typeof u == "number" ? u : G(u);
780
+ if (e - f > t) throw new C("\"iat\" claim timestamp check failed (too far in the past)", r, "iat", "check_failed");
781
+ if (e < 0 - f) throw new S("\"iat\" claim timestamp check failed (it should be in the past)", r, "iat", "check_failed");
782
+ }
783
+ return r;
784
+ }
785
+ //#endregion
786
+ //#region node_modules/jose/dist/webapi/jwt/verify.js
787
+ async function Ae(e, t, n) {
788
+ let r = await Ce(e, t, n);
789
+ if (r.protectedHeader.crit?.includes("b64") && r.protectedHeader.b64 === !1) throw new E("JWTs MUST NOT use unencoded payload");
790
+ let i = {
791
+ payload: ke(r.protectedHeader, r.payload, n),
792
+ protectedHeader: r.protectedHeader
793
+ };
794
+ return typeof t == "function" ? {
795
+ ...i,
796
+ key: r.key
797
+ } : i;
798
+ }
799
+ //#endregion
800
+ //#region node_modules/jose/dist/webapi/jwks/local.js
801
+ function je(e) {
802
+ switch (typeof e == "string" && e.slice(0, 2)) {
803
+ case "RS":
804
+ case "PS": return "RSA";
805
+ case "ES": return "EC";
806
+ case "Ed": return "OKP";
807
+ case "ML": return "AKP";
808
+ default: throw new w("Unsupported \"alg\" value for a JSON Web Key Set");
809
+ }
810
+ }
811
+ function Me(e) {
812
+ return e && typeof e == "object" && Array.isArray(e.keys) && e.keys.every(Ne);
813
+ }
814
+ function Ne(e) {
815
+ return N(e);
816
+ }
817
+ var Pe = class {
818
+ #e;
819
+ #t = /* @__PURE__ */ new WeakMap();
820
+ constructor(e) {
821
+ if (!Me(e)) throw new D("JSON Web Key Set malformed");
822
+ this.#e = structuredClone(e);
823
+ }
824
+ jwks() {
825
+ return this.#e;
826
+ }
827
+ async getKey(e, t) {
828
+ let { alg: n, kid: r } = {
829
+ ...e,
830
+ ...t?.header
831
+ }, i = je(n), a = this.#e.keys.filter((e) => {
832
+ let t = i === e.kty;
833
+ if (t && typeof r == "string" && (t = r === e.kid), t && (typeof e.alg == "string" || i === "AKP") && (t = n === e.alg), t && typeof e.use == "string" && (t = e.use === "sig"), t && Array.isArray(e.key_ops) && (t = e.key_ops.includes("verify")), t) switch (n) {
834
+ case "ES256":
835
+ t = e.crv === "P-256";
836
+ break;
837
+ case "ES384":
838
+ t = e.crv === "P-384";
839
+ break;
840
+ case "ES512":
841
+ t = e.crv === "P-521";
842
+ break;
843
+ case "Ed25519":
844
+ case "EdDSA":
845
+ t = e.crv === "Ed25519";
846
+ break;
847
+ }
848
+ return t;
849
+ }), { 0: o, length: s } = a;
850
+ if (s === 0) throw new O();
851
+ if (s !== 1) {
852
+ let e = new te(), t = this.#t;
853
+ throw e[Symbol.asyncIterator] = async function* () {
854
+ for (let e of a) try {
855
+ yield await q(t, e, n);
856
+ } catch {}
857
+ }, e;
858
+ }
859
+ return q(this.#t, o, n);
860
+ }
861
+ };
862
+ async function q(e, t, n) {
863
+ let r = e.get(t) || e.set(t, {}).get(t);
864
+ if (r[n] === void 0) {
865
+ let e = await ge({
866
+ ...t,
867
+ ext: !0
868
+ }, n);
869
+ if (e instanceof Uint8Array || e.type !== "public") throw new D("JSON Web Key Set members must be public keys");
870
+ r[n] = e;
871
+ }
872
+ return r[n];
873
+ }
874
+ function J(e) {
875
+ let t = new Pe(e), n = async (e, n) => t.getKey(e, n);
876
+ return Object.defineProperties(n, { jwks: {
877
+ value: () => structuredClone(t.jwks()),
878
+ enumerable: !1,
879
+ configurable: !1,
880
+ writable: !1
881
+ } }), n;
882
+ }
883
+ //#endregion
884
+ //#region node_modules/jose/dist/webapi/jwks/remote.js
885
+ function Fe() {
886
+ return typeof WebSocketPair < "u" || typeof navigator < "u" && navigator.userAgent === "Cloudflare-Workers" || typeof EdgeRuntime < "u" && EdgeRuntime === "vercel";
887
+ }
888
+ var Y;
889
+ (typeof navigator > "u" || !navigator.userAgent?.startsWith?.("Mozilla/5.0 ")) && (Y = "jose/v6.2.2");
890
+ var Ie = Symbol();
891
+ async function Le(e, t, n, r = fetch) {
892
+ let i = await r(e, {
893
+ method: "GET",
894
+ signal: n,
895
+ redirect: "manual",
896
+ headers: t
897
+ }).catch((e) => {
898
+ throw e.name === "TimeoutError" ? new ne() : e;
899
+ });
900
+ if (i.status !== 200) throw new x("Expected 200 OK from the JSON Web Key Set HTTP response");
901
+ try {
902
+ return await i.json();
903
+ } catch {
904
+ throw new x("Failed to parse the JSON Web Key Set HTTP response as JSON");
905
+ }
906
+ }
907
+ var X = Symbol();
908
+ function Re(e, t) {
909
+ return !(typeof e != "object" || !e || !("uat" in e) || typeof e.uat != "number" || Date.now() - e.uat >= t || !("jwks" in e) || !N(e.jwks) || !Array.isArray(e.jwks.keys) || !Array.prototype.every.call(e.jwks.keys, N));
910
+ }
911
+ var ze = class {
912
+ #e;
913
+ #t;
914
+ #n;
915
+ #r;
916
+ #i;
917
+ #a;
918
+ #o;
919
+ #s;
920
+ #c;
921
+ #l;
922
+ constructor(e, t) {
923
+ if (!(e instanceof URL)) throw TypeError("url must be an instance of URL");
924
+ this.#e = new URL(e.href), this.#t = typeof t?.timeoutDuration == "number" ? t?.timeoutDuration : 5e3, this.#n = typeof t?.cooldownDuration == "number" ? t?.cooldownDuration : 3e4, this.#r = typeof t?.cacheMaxAge == "number" ? t?.cacheMaxAge : 6e5, this.#o = new Headers(t?.headers), Y && !this.#o.has("User-Agent") && this.#o.set("User-Agent", Y), this.#o.has("accept") || (this.#o.set("accept", "application/json"), this.#o.append("accept", "application/jwk-set+json")), this.#s = t?.[Ie], t?.[X] !== void 0 && (this.#l = t?.[X], Re(t?.[X], this.#r) && (this.#i = this.#l.uat, this.#c = J(this.#l.jwks)));
925
+ }
926
+ pendingFetch() {
927
+ return !!this.#a;
928
+ }
929
+ coolingDown() {
930
+ return typeof this.#i == "number" ? Date.now() < this.#i + this.#n : !1;
931
+ }
932
+ fresh() {
933
+ return typeof this.#i == "number" ? Date.now() < this.#i + this.#r : !1;
934
+ }
935
+ jwks() {
936
+ return this.#c?.jwks();
937
+ }
938
+ async getKey(e, t) {
939
+ (!this.#c || !this.fresh()) && await this.reload();
940
+ try {
941
+ return await this.#c(e, t);
942
+ } catch (n) {
943
+ if (n instanceof O && this.coolingDown() === !1) return await this.reload(), this.#c(e, t);
944
+ throw n;
945
+ }
946
+ }
947
+ async reload() {
948
+ this.#a && Fe() && (this.#a = void 0), this.#a ||= Le(this.#e.href, this.#o, AbortSignal.timeout(this.#t), this.#s).then((e) => {
949
+ this.#c = J(e), this.#l && (this.#l.uat = Date.now(), this.#l.jwks = e), this.#i = Date.now(), this.#a = void 0;
950
+ }).catch((e) => {
951
+ throw this.#a = void 0, e;
952
+ }), await this.#a;
953
+ }
954
+ };
955
+ function Be(e, t) {
956
+ let n = new ze(e, t), r = async (e, t) => n.getKey(e, t);
957
+ return Object.defineProperties(r, {
958
+ coolingDown: {
959
+ get: () => n.coolingDown(),
960
+ enumerable: !0,
961
+ configurable: !1
962
+ },
963
+ fresh: {
964
+ get: () => n.fresh(),
965
+ enumerable: !0,
966
+ configurable: !1
967
+ },
968
+ reload: {
969
+ value: () => n.reload(),
970
+ enumerable: !0,
971
+ configurable: !1,
972
+ writable: !1
973
+ },
974
+ reloading: {
975
+ get: () => n.pendingFetch(),
976
+ enumerable: !0,
977
+ configurable: !1
978
+ },
979
+ jwks: {
980
+ value: () => n.jwks(),
981
+ enumerable: !0,
982
+ configurable: !1,
983
+ writable: !1
984
+ }
985
+ }), r;
986
+ }
987
+ //#endregion
988
+ //#region src/middleware/authMiddleware.ts
989
+ var Ve = i().server(async ({ next: e, request: n }) => {
990
+ let r = n.headers.get("Authorization");
991
+ if (!r?.startsWith("Bearer")) throw Response.json({ message: "Unauthorized: Invalid Authorization header" }, { status: 401 });
992
+ let i;
993
+ try {
994
+ i = await Q(r.substring(7));
995
+ } catch (e) {
996
+ throw Response.json({ message: e instanceof Error ? e.message : "Unauthorized: Invalid access token" }, { status: 401 });
997
+ }
998
+ return e({ context: { user: t(i) } });
999
+ }), He = i().server(async ({ next: e, request: n }) => {
1000
+ let r = n.headers.get("Authorization");
1001
+ if (!r?.startsWith("Bearer")) return e({ context: { user: null } });
1002
+ let i;
1003
+ try {
1004
+ i = await Q(r.substring(7));
1005
+ } catch (e) {
1006
+ throw Response.json({ message: e instanceof Error ? e.message : "Unauthorized: Invalid access token" }, { status: 401 });
1007
+ }
1008
+ return e({ context: { user: t(i) } });
1009
+ });
1010
+ function Z(e) {
1011
+ return e?.optional ? He : Ve;
1012
+ }
1013
+ var Ue = (e) => i().middleware([Z()]).server(async ({ next: t, context: n }) => {
1014
+ if (n.user.hasPermission(e)) return t();
1015
+ throw Response.json({ message: `Forbidden: User ${n.user.name} is not authorized to access this resource` }, { status: 403 });
1016
+ }), We = (e) => i({ type: "function" }).client(async ({ next: t }) => {
1017
+ try {
1018
+ return t({ headers: { Authorization: `Bearer ${await n(e)}` } });
1019
+ } catch {
1020
+ return t();
1021
+ }
1022
+ });
1023
+ async function Q(t) {
1024
+ let { payload: n } = await Ae(t, Ge(), {
1025
+ issuer: `https://login.microsoftonline.com/${e.ENTRA_TENANT_ID}/v2.0`,
1026
+ audience: e.ENTRA_CLIENT_ID
1027
+ });
1028
+ return n;
1029
+ }
1030
+ var $ = null;
1031
+ function Ge() {
1032
+ return $ ??= Be(new URL(`https://login.microsoftonline.com/${e.ENTRA_TENANT_ID}/discovery/v2.0/keys`)), $;
1033
+ }
1034
+ //#endregion
1035
+ //#region src/middleware/validationMiddleware.ts
1036
+ var Ke = (e) => i().server(async ({ next: t, request: n }) => {
1037
+ let i = await n.json(), a = e.safeParse(i);
1038
+ if (!a.success) {
1039
+ let { fieldErrors: e } = r.flattenError(a.error), t = Object.keys(e)[0], n = e[t]?.[0];
1040
+ if (t && n) {
1041
+ let e = t.charAt(0).toUpperCase() + t.slice(1), r = n.replace(/^Invalid input:\s*/i, "").toLowerCase();
1042
+ return Response.json({ message: `${e} - ${r}` }, { status: 400 });
1043
+ }
1044
+ return Response.json({ message: "Validation failed" }, { status: 400 });
1045
+ }
1046
+ return await t({ context: { data: a.data } });
1047
+ });
1048
+ //#endregion
1049
+ export { Z as authenticationMiddleware, Ue as authorizationMiddleware, We as serverFnAccessTokenMiddleware, Ke as validationMiddleware };
1050
+
1051
+ //# sourceMappingURL=middleware.js.map