wcz-test 6.24.14 → 6.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. package/dist/ApprovalStatus-lESbUD_x.js +1 -0
  2. package/dist/ApprovalStatus-lESbUD_x.js.map +1 -0
  3. package/dist/DialogsContext-8xfQ3X-k.js +285 -0
  4. package/dist/DialogsContext-8xfQ3X-k.js.map +1 -0
  5. package/dist/DialogsHooks-Dz4ExWPV.js +232 -0
  6. package/dist/DialogsHooks-Dz4ExWPV.js.map +1 -0
  7. package/dist/{FileHooks-kGkVKOf9.js → FileHooks-T3wXKu_b.js} +5 -4
  8. package/dist/FileHooks-T3wXKu_b.js.map +1 -0
  9. package/dist/FileMeta-Bzeo3ie9.js +1 -0
  10. package/dist/FileMeta-Bzeo3ie9.js.map +1 -0
  11. package/dist/RouterListItemButton-Dmqima3h.js +661 -0
  12. package/dist/RouterListItemButton-Dmqima3h.js.map +1 -0
  13. package/dist/_commonjsHelpers-ByX85dGu.js +34 -0
  14. package/dist/_commonjsHelpers-ByX85dGu.js.map +1 -0
  15. package/dist/components.js +2667 -518
  16. package/dist/components.js.map +1 -0
  17. package/dist/env-BD4Wc07c.js +76 -0
  18. package/dist/env-BD4Wc07c.js.map +1 -0
  19. package/dist/hooks.js +909 -354
  20. package/dist/hooks.js.map +1 -0
  21. package/dist/i18next-Bx3TmZAT.js +1337 -0
  22. package/dist/i18next-Bx3TmZAT.js.map +1 -0
  23. package/dist/index-Biz5inV2.js +268 -0
  24. package/dist/index-Biz5inV2.js.map +1 -0
  25. package/dist/index.js +1076 -1405
  26. package/dist/index.js.map +1 -0
  27. package/dist/models.js +1 -0
  28. package/dist/models.js.map +1 -0
  29. package/dist/queries.js +4 -3
  30. package/dist/queries.js.map +1 -0
  31. package/dist/queryClient--EvGPhnh.js +1 -0
  32. package/dist/queryClient--EvGPhnh.js.map +1 -0
  33. package/dist/server.js +56 -27
  34. package/dist/server.js.map +1 -0
  35. package/dist/session-BCQDwl6n.js +8581 -0
  36. package/dist/session-BCQDwl6n.js.map +1 -0
  37. package/dist/utils-A7xW24zq.js +1850 -0
  38. package/dist/utils-A7xW24zq.js.map +1 -0
  39. package/dist/utils.js +8 -7
  40. package/dist/utils.js.map +1 -0
  41. package/dist/vite.js +1 -0
  42. package/dist/vite.js.map +1 -0
  43. package/package.json +23 -26
  44. package/dist/DialogsContext-2Yy6yhzQ.js +0 -5
  45. package/dist/DialogsHooks-DWkC9zAf.js +0 -113
  46. package/dist/RouterListItemButton-C_SG0uka.js +0 -17
  47. package/dist/_commonjsHelpers-DaMA6jEr.js +0 -8
  48. package/dist/env-4ZoUrNqp.js +0 -27
  49. package/dist/session-7yb0BETM.js +0 -75
  50. package/dist/utils-CZraUjBd.js +0 -81
package/dist/server.js CHANGED
@@ -1,45 +1,73 @@
1
- import { setCookie as u, getCookie as d, deleteCookie as l } from "@tanstack/react-start/server";
2
- import { generateState as m, generateCodeVerifier as f, decodeIdToken as k } from "arctic";
3
- import { s as p } from "./env-4ZoUrNqp.js";
4
- import { e as h, s as g, a as w } from "./session-7yb0BETM.js";
5
- const C = async (e) => {
6
- const o = new URL(e.url).searchParams.get("redirect_uri") || "/", r = m(), s = f(), a = ["openid", "profile", "offline_access", "User.Read"], n = h.createAuthorizationURL(r, s, a);
7
- return u("entra_oauth_state", r, {
8
- secure: p.NODE_ENV === "production",
1
+ import { setCookie as d, getCookie as u, deleteCookie as l } from "@tanstack/react-start/server";
2
+ import { d as _, g as w, a as m, e as p, s as g, b as k } from "./session-BCQDwl6n.js";
3
+ import { s as h } from "./env-BD4Wc07c.js";
4
+ function v(r) {
5
+ const e = r.split(".");
6
+ if (e.length !== 3)
7
+ throw new Error("Invalid JWT");
8
+ let o;
9
+ try {
10
+ o = new TextDecoder().decode(_(e[1]));
11
+ } catch {
12
+ throw new Error("Invalid JWT: Invalid base64url encoding");
13
+ }
14
+ let t;
15
+ try {
16
+ t = JSON.parse(o);
17
+ } catch {
18
+ throw new Error("Invalid JWT: Invalid JSON encoding");
19
+ }
20
+ if (typeof t != "object" || t === null)
21
+ throw new Error("Invalid JWT: Invalid payload");
22
+ return t;
23
+ }
24
+ function y(r) {
25
+ try {
26
+ return v(r);
27
+ } catch (e) {
28
+ throw new Error("Invalid ID token", {
29
+ cause: e
30
+ });
31
+ }
32
+ }
33
+ const R = async (r) => {
34
+ const o = new URL(r.url).searchParams.get("redirect_uri") || "/", t = w(), n = m(), a = ["openid", "profile", "offline_access", "User.Read"], s = p.createAuthorizationURL(t, n, a);
35
+ return d("entra_oauth_state", t, {
36
+ secure: h.NODE_ENV === "production",
9
37
  path: "/",
10
38
  httpOnly: !0,
11
39
  sameSite: "lax",
12
40
  maxAge: 600
13
41
  // 10 minutes
14
- }), u("entra_code_verifier", s, {
15
- secure: p.NODE_ENV === "production",
42
+ }), d("entra_code_verifier", n, {
43
+ secure: h.NODE_ENV === "production",
16
44
  path: "/",
17
45
  httpOnly: !0,
18
46
  sameSite: "lax",
19
47
  maxAge: 600
20
48
  // 10 minutes,
21
- }), u("entra_redirect_uri", o, {
22
- secure: p.NODE_ENV === "production",
49
+ }), d("entra_redirect_uri", o, {
50
+ secure: h.NODE_ENV === "production",
23
51
  path: "/",
24
52
  httpOnly: !0,
25
53
  sameSite: "lax",
26
54
  maxAge: 600
27
55
  // 10 minutes,
28
- }), Response.redirect(n.href);
29
- }, E = async (e) => {
30
- const t = new URL(e.url), o = t.searchParams.get("code");
56
+ }), Response.redirect(s.href);
57
+ }, S = async (r) => {
58
+ const e = new URL(r.url), o = e.searchParams.get("code");
31
59
  if (!o) return new Response("Missing code", {
32
60
  status: 400
33
61
  });
34
- const r = t.searchParams.get("state"), s = d("entra_oauth_state") ?? null, a = d("entra_code_verifier") ?? null, n = d("entra_redirect_uri") ?? "/";
35
- if (!r || !s || !a || !n) throw new Response("Missing entra oauth data in cookies", {
62
+ const t = e.searchParams.get("state"), n = u("entra_oauth_state") ?? null, a = u("entra_code_verifier") ?? null, s = u("entra_redirect_uri") ?? "/";
63
+ if (!t || !n || !a || !s) throw new Response("Missing entra oauth data in cookies", {
36
64
  status: 400
37
65
  });
38
- if (r !== s) return new Response("Invalid oauth state", {
66
+ if (t !== n) return new Response("Invalid oauth state", {
39
67
  status: 400
40
68
  });
41
69
  l("entra_oauth_state"), l("entra_code_verifier"), l("entra_redirect_uri");
42
- const i = await h.validateAuthorizationCode(o, a), _ = i.idToken(), c = k(_);
70
+ const i = await p.validateAuthorizationCode(o, a), f = i.idToken(), c = y(f);
43
71
  return await g({
44
72
  refreshToken: i.refreshToken(),
45
73
  user: {
@@ -47,23 +75,24 @@ const C = async (e) => {
47
75
  name: c.name.split("/")[0],
48
76
  email: c.preferred_username
49
77
  }
50
- }), await w(i.accessToken()), new Response(null, {
78
+ }), await k(i.accessToken()), new Response(null, {
51
79
  status: 302,
52
80
  headers: {
53
- Location: n
81
+ Location: s
54
82
  }
55
83
  });
56
- }, L = async (e) => {
57
- const t = new URL(e.url);
84
+ }, x = async (r) => {
85
+ const e = new URL(r.url);
58
86
  return new Response(null, {
59
87
  status: 302,
60
88
  headers: {
61
- Location: t.href
89
+ Location: e.href
62
90
  }
63
91
  });
64
92
  };
65
93
  export {
66
- E as callback,
67
- C as login,
68
- L as logout
94
+ S as callback,
95
+ R as login,
96
+ x as logout
69
97
  };
98
+ //# sourceMappingURL=server.js.map
package/dist/server.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"server.js","sources":["../node_modules/@oslojs/jwt/dist/index.js","../node_modules/arctic/dist/oidc.js","../src/lib/auth/api.ts"],"sourcesContent":["import { decodeBase64, decodeBase64urlIgnorePadding, encodeBase64urlNoPadding } from \"@oslojs/encoding\";\nexport function parseJWT(jwt) {\n const parts = jwt.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT\");\n }\n let jsonHeader;\n let jsonPayload;\n let signature;\n try {\n jsonHeader = new TextDecoder().decode(decodeBase64urlIgnorePadding(parts[0]));\n jsonPayload = new TextDecoder().decode(decodeBase64urlIgnorePadding(parts[1]));\n signature = decodeBase64urlIgnorePadding(parts[2]);\n }\n catch {\n throw new Error(\"Invalid JWT: Invalid base64url encoding\");\n }\n let header;\n let payload;\n try {\n header = JSON.parse(jsonHeader);\n payload = JSON.parse(jsonPayload);\n }\n catch {\n throw new Error(\"Invalid JWT: Invalid JSON encoding\");\n }\n if (typeof header !== \"object\" || header === null) {\n throw new Error(\"Invalid JWT: Invalid header\");\n }\n if (typeof payload !== \"object\" || payload === null) {\n throw new Error(\"Invalid JWT: Invalid payload\");\n }\n const signatureMessage = new TextEncoder().encode(parts[0] + \".\" + parts[1]);\n return [header, payload, signature, signatureMessage];\n}\nexport function decodeJWT(jwt) {\n const parts = jwt.split(\".\");\n if (parts.length !== 3) {\n throw new Error(\"Invalid JWT\");\n }\n let jsonPayload;\n try {\n jsonPayload = new TextDecoder().decode(decodeBase64urlIgnorePadding(parts[1]));\n }\n catch {\n throw new Error(\"Invalid JWT: Invalid base64url encoding\");\n }\n let payload;\n try {\n payload = JSON.parse(jsonPayload);\n }\n catch {\n throw new Error(\"Invalid JWT: Invalid JSON encoding\");\n }\n if (typeof payload !== \"object\" || payload === null) {\n throw new Error(\"Invalid JWT: Invalid payload\");\n }\n return payload;\n}\nexport function encodeJWT(headerJSON, payloadJSON, signature) {\n const encodedHeader = encodeBase64urlNoPadding(new TextEncoder().encode(headerJSON));\n const encodedPayload = encodeBase64urlNoPadding(new TextEncoder().encode(payloadJSON));\n const encodedSignature = encodeBase64urlNoPadding(signature);\n const jwt = encodedHeader + \".\" + encodedPayload + \".\" + encodedSignature;\n return jwt;\n}\nexport function createJWTSignatureMessage(headerJSON, payloadJSON) {\n const encodedHeader = encodeBase64urlNoPadding(new TextEncoder().encode(headerJSON));\n const encodedPayload = encodeBase64urlNoPadding(new TextEncoder().encode(payloadJSON));\n const message = encodedHeader + \".\" + encodedPayload;\n return new TextEncoder().encode(message);\n}\nexport class JWTClaims {\n target;\n constructor(target) {\n this.target = target;\n }\n hasIssuer() {\n return \"iss\" in this.target;\n }\n issuer() {\n if (\"iss\" in this.target && typeof this.target.iss === \"string\") {\n return this.target.iss;\n }\n throw new Error(\"Invalid or missing 'iss' claim\");\n }\n hasSubject() {\n return \"sub\" in this.target;\n }\n subject() {\n if (\"sub\" in this.target && typeof this.target.sub === \"string\") {\n return this.target.sub;\n }\n throw new Error(\"Invalid or missing 'sub' claim\");\n }\n hasAudiences() {\n return \"aud\" in this.target;\n }\n audiences() {\n if (\"aud\" in this.target && typeof this.target.aud === \"string\") {\n const audiences = [this.target.aud];\n return audiences;\n }\n if (\"aud\" in this.target && Array.isArray(this.target.aud)) {\n for (const audience in this.target.aud) {\n if (typeof audience !== \"string\") {\n throw new Error(\"Invalid or missing 'aud' claim\");\n }\n }\n return this.target.aud;\n }\n throw new Error(\"Invalid or missing 'aud' claim\");\n }\n hasExpiration() {\n return \"exp\" in this.target;\n }\n expiration() {\n if (\"exp\" in this.target &&\n typeof this.target.exp === \"number\" &&\n this.target.exp >= 0 &&\n Number.isInteger(this.target.exp)) {\n return new Date(this.target.exp * 1000);\n }\n throw new Error(\"Invalid or missing 'exp' claim\");\n }\n verifyExpiration() {\n if (\"exp\" in this.target &&\n typeof this.target.exp === \"number\" &&\n this.target.exp >= 0 &&\n Number.isInteger(this.target.exp)) {\n return Date.now() < this.target.exp * 1000;\n }\n throw new Error(\"Invalid or missing 'exp' claim\");\n }\n hasNotBefore() {\n return \"nbf\" in this.target;\n }\n notBefore() {\n if (\"nbf\" in this.target &&\n typeof this.target.nbf === \"number\" &&\n this.target.nbf >= 0 &&\n Number.isInteger(this.target.nbf)) {\n return new Date(this.target.nbf * 1000);\n }\n throw new Error(\"Invalid or missing 'nbf' claim\");\n }\n verifyNotBefore() {\n if (\"nbf\" in this.target &&\n typeof this.target.nbf === \"number\" &&\n this.target.nbf >= 0 &&\n Number.isInteger(this.target.nbf)) {\n return Date.now() >= this.target.nbf * 1000;\n }\n throw new Error(\"Invalid or missing 'nbf' claim\");\n }\n hasIssuedAt() {\n return \"iat\" in this.target;\n }\n issuedAt() {\n if (\"iat\" in this.target &&\n typeof this.target.iat === \"number\" &&\n this.target.iat >= 0 &&\n Number.isInteger(this.target.iat)) {\n return new Date(this.target.iat * 1000);\n }\n throw new Error(\"Invalid or missing 'iat' claim\");\n }\n hasJWTId() {\n return \"jti\" in this.target;\n }\n jwtId() {\n if (\"jti\" in this.target && typeof this.target.jti === \"string\") {\n return this.target.jti;\n }\n throw new Error(\"Invalid or missing 'jti' claim\");\n }\n}\nexport class JWSRegisteredHeaders {\n target;\n constructor(target) {\n this.target = target;\n }\n hasAlgorithm() {\n return \"alg\" in this.target;\n }\n algorithm() {\n if (\"alg\" in this.target && typeof this.target.alg === \"string\") {\n return this.target.alg;\n }\n throw new Error(\"Invalid or missing 'alg' claim\");\n }\n hasJWKSetURL() {\n return \"jku\" in this.target;\n }\n jwkSetURL() {\n if (\"jku\" in this.target && typeof this.target.jku === \"string\") {\n return this.target.jku;\n }\n throw new Error(\"Invalid or missing 'jku' claim\");\n }\n hasJWK() {\n return \"jwk\" in this.target;\n }\n jwk() {\n if (\"jwk\" in this.target && typeof this.target.jwk === \"string\") {\n return this.target.jwk;\n }\n throw new Error(\"Invalid or missing 'jwk' claim\");\n }\n hasKeyId() {\n return \"kid\" in this.target;\n }\n keyId() {\n if (\"kid\" in this.target && typeof this.target.kid === \"string\") {\n return this.target.kid;\n }\n throw new Error(\"Invalid or missing 'kid' claim\");\n }\n hasX509URL() {\n return \"x5u\" in this.target;\n }\n x509URL() {\n if (\"x5u\" in this.target && typeof this.target.x5u === \"string\") {\n return this.target.x5u;\n }\n throw new Error(\"Invalid or missing 'x5u' claim\");\n }\n hasX509CertificateChain() {\n return \"x5c\" in this.target;\n }\n x509CertificateChain() {\n if (\"x5c\" in this.target && Array.isArray(this.target.x5c)) {\n if (this.target.x5c.length === 0) {\n throw new Error(\"Invalid or missing 'x5c' claim\");\n }\n const chain = [];\n for (const encoded of this.target.x5c) {\n if (typeof encoded !== \"string\") {\n throw new Error(\"Invalid or missing 'x5c' claim\");\n }\n try {\n chain.push(decodeBase64(encoded));\n }\n catch {\n throw new Error(\"Invalid or missing 'x5c' claim\");\n }\n }\n return chain;\n }\n throw new Error(\"Invalid or missing 'x5c' claim\");\n }\n hasX509CertificateSHA1Thumbprint() {\n return \"x5t\" in this.target;\n }\n x509CertificateSHA1Thumbprint() {\n if (\"x5t\" in this.target && typeof this.target.x5t === \"string\") {\n try {\n const thumbprint = decodeBase64urlIgnorePadding(this.target.x5t);\n return thumbprint;\n }\n catch {\n throw new Error(\"Invalid or missing 'x5t' claim\");\n }\n }\n throw new Error(\"Invalid or missing 'x5t' claim\");\n }\n hasX509CertificateSHA256Thumbprint() {\n return \"x5t#S256\" in this.target;\n }\n x509CertificateSHA256Thumbprint() {\n if (\"x5t#S256\" in this.target && typeof this.target[\"x5t#S256\"] === \"string\") {\n try {\n const thumbprint = decodeBase64urlIgnorePadding(this.target[\"x5t#S256\"]);\n return thumbprint;\n }\n catch {\n throw new Error(\"Invalid or missing 'x5t#S256' claim\");\n }\n }\n throw new Error(\"Invalid or missing 'x5t#S256' claim\");\n }\n hasType() {\n return \"typ\" in this.target;\n }\n type() {\n if (\"typ\" in this.target && typeof this.target.typ === \"string\") {\n return this.target.typ;\n }\n throw new Error(\"Invalid or missing 'typ' claim\");\n }\n hasContentType() {\n return \"cty\" in this.target;\n }\n contentType() {\n if (\"cty\" in this.target && typeof this.target.cty === \"string\") {\n return this.target.cty;\n }\n throw new Error(\"Invalid or missing 'cty' claim\");\n }\n hasCritical() {\n return \"crit\" in this.target;\n }\n critical() {\n if (\"crit\" in this.target && Array.isArray(this.target.crit)) {\n if (this.target.crit.length === 0) {\n throw new Error(\"Invalid or missing 'crit' claim\");\n }\n for (const audience in this.target.crit) {\n if (typeof audience !== \"string\") {\n throw new Error(\"Invalid or missing 'crit' claim\");\n }\n }\n return this.target.crit;\n }\n throw new Error(\"Invalid or missing 'crit' claim\");\n }\n}\nexport const joseAlgorithmHS256 = \"HS256\";\nexport const joseAlgorithmES256 = \"ES256\";\nexport const joseAlgorithmRS256 = \"RS256\";\n","import * as jwt from \"@oslojs/jwt\";\nexport function decodeIdToken(idToken) {\n try {\n return jwt.decodeJWT(idToken);\n }\n catch (e) {\n throw new Error(\"Invalid ID token\", {\n cause: e\n });\n }\n}\n","import { deleteCookie, getCookie, setCookie } from \"@tanstack/react-start/server\";\r\nimport { decodeIdToken, generateCodeVerifier, generateState } from \"arctic\";\r\nimport type jwt from \"jsonwebtoken\";\r\nimport { serverEnv } from \"~/env\";\r\nimport { entraId } from \"~/lib/auth/entra\";\r\nimport { setSessionAccessTokenCookie, setSessionCookie } from \"~/lib/auth/session\";\r\n\r\nexport const login = async (request: Request): Promise<Response> => {\r\n const url = new URL(request.url);\r\n const redirectUri = url.searchParams.get(\"redirect_uri\") || \"/\";\r\n\r\n const state = generateState();\r\n const codeVerifier = generateCodeVerifier();\r\n const scopes = [\"openid\", \"profile\", \"offline_access\", \"User.Read\"];\r\n const authorizationURL = entraId.createAuthorizationURL(state, codeVerifier, scopes);\r\n\r\n setCookie(\"entra_oauth_state\", state, {\r\n secure: serverEnv.NODE_ENV === \"production\",\r\n path: \"/\",\r\n httpOnly: true,\r\n sameSite: \"lax\",\r\n maxAge: 60 * 10 // 10 minutes\r\n });\r\n\r\n setCookie(\"entra_code_verifier\", codeVerifier, {\r\n secure: serverEnv.NODE_ENV === \"production\",\r\n path: \"/\",\r\n httpOnly: true,\r\n sameSite: \"lax\",\r\n maxAge: 60 * 10 // 10 minutes,\r\n });\r\n\r\n setCookie(\"entra_redirect_uri\", redirectUri, {\r\n secure: serverEnv.NODE_ENV === \"production\",\r\n path: \"/\",\r\n httpOnly: true,\r\n sameSite: \"lax\",\r\n maxAge: 60 * 10 // 10 minutes,\r\n });\r\n\r\n return Response.redirect(authorizationURL.href);\r\n};\r\n\r\nexport const callback = async (request: Request): Promise<Response> => {\r\n const url = new URL(request.url);\r\n const code = url.searchParams.get(\"code\");\r\n if (!code) return new Response(\"Missing code\", { status: 400 });\r\n const state = url.searchParams.get(\"state\");\r\n const storedState = getCookie(\"entra_oauth_state\") ?? null;\r\n const codeVerifier = getCookie(\"entra_code_verifier\") ?? null;\r\n const redirectUri = getCookie(\"entra_redirect_uri\") ?? \"/\";\r\n\r\n if (!state || !storedState || !codeVerifier || !redirectUri) throw new Response(\"Missing entra oauth data in cookies\", { status: 400 });\r\n if (state !== storedState) return new Response(\"Invalid oauth state\", { status: 400 });\r\n\r\n deleteCookie(\"entra_oauth_state\");\r\n deleteCookie(\"entra_code_verifier\");\r\n deleteCookie(\"entra_redirect_uri\");\r\n\r\n const tokens = await entraId.validateAuthorizationCode(code, codeVerifier);\r\n\r\n const idToken = tokens.idToken();\r\n const claims = decodeIdToken(idToken) as jwt.JwtPayload;\r\n\r\n await setSessionCookie({\r\n refreshToken: tokens.refreshToken(),\r\n user: {\r\n id: claims.oid,\r\n name: claims.name.split(\"/\")[0],\r\n email: claims.preferred_username,\r\n }\r\n });\r\n\r\n await setSessionAccessTokenCookie(tokens.accessToken());\r\n\r\n return new Response(null, {\r\n status: 302,\r\n headers: { Location: redirectUri },\r\n });\r\n};\r\n\r\nexport const logout = async (request: Request): Promise<Response> => {\r\n const url = new URL(request.url);\r\n\r\n // const { session } = await validateRequest();\r\n // if (!session) {\r\n // return new Response(null, { status: 302, headers: { Location: \"/\" } });\r\n // }\r\n // setCookie(SESSION_COOKIE_NAME, \"\", {\r\n // httpOnly: true,\r\n // sameSite: \"lax\",\r\n // secure: serverEnv.NODE_ENV === \"production\",\r\n // maxAge: 0,\r\n // path: \"/\",\r\n // });\r\n\r\n return new Response(null, { status: 302, headers: { Location: url.href } });\r\n};\r\n"],"names":["decodeJWT","jwt","parts","jsonPayload","decodeBase64urlIgnorePadding","payload","decodeIdToken","idToken","jwt.decodeJWT","login","request","redirectUri","URL","url","searchParams","get","state","generateState","codeVerifier","generateCodeVerifier","scopes","authorizationURL","entraId","createAuthorizationURL","setCookie","secure","serverEnv","NODE_ENV","path","httpOnly","sameSite","maxAge","Response","redirect","href","callback","code","status","storedState","getCookie","deleteCookie","tokens","validateAuthorizationCode","claims","setSessionCookie","refreshToken","user","id","oid","name","split","email","preferred_username","setSessionAccessTokenCookie","accessToken","headers","Location","logout"],"mappings":";;;AAmCO,SAASA,EAAUC,GAAK;AAC3B,QAAMC,IAAQD,EAAI,MAAM,GAAG;AAC3B,MAAIC,EAAM,WAAW;AACjB,UAAM,IAAI,MAAM,aAAa;AAEjC,MAAIC;AACJ,MAAI;AACA,IAAAA,IAAc,IAAI,cAAc,OAAOC,EAA6BF,EAAM,CAAC,CAAC,CAAC;AAAA,EACjF,QACM;AACF,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC7D;AACA,MAAIG;AACJ,MAAI;AACA,IAAAA,IAAU,KAAK,MAAMF,CAAW;AAAA,EACpC,QACM;AACF,UAAM,IAAI,MAAM,oCAAoC;AAAA,EACxD;AACA,MAAI,OAAOE,KAAY,YAAYA,MAAY;AAC3C,UAAM,IAAI,MAAM,8BAA8B;AAElD,SAAOA;AACX;ACzDO,SAASC,EAAcC,GAAS;AACnC,MAAI;AACA,WAAOC,EAAcD,CAAO;AAAA,EAChC,SACO,GAAG;AACN,UAAM,IAAI,MAAM,oBAAoB;AAAA,MAChC,OAAO;AAAA,IACnB,CAAS;AAAA,EACL;AACJ;ACHO,MAAME,IAAQ,OAAOC,MAAwC;AAEhE,QAAMC,IADM,IAAIC,IAAIF,EAAQG,GAAG,EACPC,aAAaC,IAAI,cAAc,KAAK,KAEtDC,IAAQC,EAAAA,GACRC,IAAeC,EAAAA,GACfC,IAAS,CAAC,UAAU,WAAW,kBAAkB,WAAW,GAC5DC,IAAmBC,EAAQC,uBAAuBP,GAAOE,GAAcE,CAAM;AAEnFI,SAAAA,EAAU,qBAAqBR,GAAO;AAAA,IAClCS,QAAQC,EAAUC,aAAa;AAAA,IAC/BC,MAAM;AAAA,IACNC,UAAU;AAAA,IACVC,UAAU;AAAA,IACVC,QAAQ;AAAA;AAAA,EAAK,CAChB,GAEDP,EAAU,uBAAuBN,GAAc;AAAA,IAC3CO,QAAQC,EAAUC,aAAa;AAAA,IAC/BC,MAAM;AAAA,IACNC,UAAU;AAAA,IACVC,UAAU;AAAA,IACVC,QAAQ;AAAA;AAAA,EAAK,CAChB,GAEDP,EAAU,sBAAsBb,GAAa;AAAA,IACzCc,QAAQC,EAAUC,aAAa;AAAA,IAC/BC,MAAM;AAAA,IACNC,UAAU;AAAA,IACVC,UAAU;AAAA,IACVC,QAAQ;AAAA;AAAA,EAAK,CAChB,GAEMC,SAASC,SAASZ,EAAiBa,IAAI;AAClD,GAEaC,IAAW,OAAOzB,MAAwC;AACnE,QAAMG,IAAM,IAAID,IAAIF,EAAQG,GAAG,GACzBuB,IAAOvB,EAAIC,aAAaC,IAAI,MAAM;AACxC,MAAI,CAACqB,EAAM,QAAO,IAAIJ,SAAS,gBAAgB;AAAA,IAAEK,QAAQ;AAAA,EAAA,CAAK;AAC9D,QAAMrB,IAAQH,EAAIC,aAAaC,IAAI,OAAO,GACpCuB,IAAcC,EAAU,mBAAmB,KAAK,MAChDrB,IAAeqB,EAAU,qBAAqB,KAAK,MACnD5B,IAAc4B,EAAU,oBAAoB,KAAK;AAEvD,MAAI,CAACvB,KAAS,CAACsB,KAAe,CAACpB,KAAgB,CAACP,EAAa,OAAM,IAAIqB,SAAS,uCAAuC;AAAA,IAAEK,QAAQ;AAAA,EAAA,CAAK;AACtI,MAAIrB,MAAUsB,EAAa,QAAO,IAAIN,SAAS,uBAAuB;AAAA,IAAEK,QAAQ;AAAA,EAAA,CAAK;AAErFG,EAAAA,EAAa,mBAAmB,GAChCA,EAAa,qBAAqB,GAClCA,EAAa,oBAAoB;AAEjC,QAAMC,IAAS,MAAMnB,EAAQoB,0BAA0BN,GAAMlB,CAAY,GAEnEX,IAAUkC,EAAOlC,QAAAA,GACjBoC,IAASrC,EAAcC,CAAO;AAEpC,eAAMqC,EAAiB;AAAA,IACnBC,cAAcJ,EAAOI,aAAAA;AAAAA,IACrBC,MAAM;AAAA,MACFC,IAAIJ,EAAOK;AAAAA,MACXC,MAAMN,EAAOM,KAAKC,MAAM,GAAG,EAAE,CAAC;AAAA,MAC9BC,OAAOR,EAAOS;AAAAA,IAAAA;AAAAA,EAClB,CACH,GAED,MAAMC,EAA4BZ,EAAOa,aAAa,GAE/C,IAAItB,SAAS,MAAM;AAAA,IACtBK,QAAQ;AAAA,IACRkB,SAAS;AAAA,MAAEC,UAAU7C;AAAAA,IAAAA;AAAAA,EAAY,CACpC;AACL,GAEa8C,IAAS,OAAO/C,MAAwC;AACjE,QAAMG,IAAM,IAAID,IAAIF,EAAQG,GAAG;AAc/B,SAAO,IAAImB,SAAS,MAAM;AAAA,IAAEK,QAAQ;AAAA,IAAKkB,SAAS;AAAA,MAAEC,UAAU3C,EAAIqB;AAAAA,IAAAA;AAAAA,EAAK,CAAG;AAC9E;","x_google_ignoreList":[0,1]}