wiki-viewer 1.4.1 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.next/standalone/.next/BUILD_ID +1 -1
- package/.next/standalone/.next/build-manifest.json +3 -3
- package/.next/standalone/.next/prerender-manifest.json +3 -27
- package/.next/standalone/.next/server/app/_global-error/page.js +2 -2
- package/.next/standalone/.next/server/app/_global-error/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/_global-error.html +1 -1
- package/.next/standalone/.next/server/app/_global-error.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/__PAGE__.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_full.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_head.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_index.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_global-error.segments/_tree.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found/page.js +4 -4
- package/.next/standalone/.next/server/app/_not-found/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/_not-found.html +1 -1
- package/.next/standalone/.next/server/app/_not-found.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_full.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_head.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_index.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_not-found/__PAGE__.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_not-found.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/_not-found.segments/_tree.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/api/agent/activity/route.js +5 -5
- package/.next/standalone/.next/server/app/api/agent/activity/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/admin/agents/[agentId]/revoke/route.js +6 -6
- package/.next/standalone/.next/server/app/api/agent/admin/agents/[agentId]/revoke/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/admin/agents/route.js +6 -6
- package/.next/standalone/.next/server/app/api/agent/admin/agents/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/[regId]/approve/route.js +6 -6
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/[regId]/approve/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/[regId]/deny/route.js +4 -4
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/[regId]/deny/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/route.js +4 -4
- package/.next/standalone/.next/server/app/api/agent/admin/registrations/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/events/[...path]/route.js +5 -5
- package/.next/standalone/.next/server/app/api/agent/events/[...path]/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/files/[...path]/route.js +4 -4
- package/.next/standalone/.next/server/app/api/agent/files/[...path]/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/internal/span/route.js +8 -8
- package/.next/standalone/.next/server/app/api/agent/internal/span/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/settings/route.js +7 -7
- package/.next/standalone/.next/server/app/api/agent/settings/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/agent/sidecar/[...path]/route.js +7 -7
- package/.next/standalone/.next/server/app/api/agent/sidecar/[...path]/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/app-proxy/[...path]/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/auth/[...all]/route.js +3 -3
- package/.next/standalone/.next/server/app/api/auth/[...all]/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/auth-config/route.js +5 -5
- package/.next/standalone/.next/server/app/api/system/auth-config/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/auth-settings/route.js +4 -4
- package/.next/standalone/.next/server/app/api/system/auth-settings/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/browse/route.js +6 -6
- package/.next/standalone/.next/server/app/api/system/browse/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/clear-root/route.js +5 -5
- package/.next/standalone/.next/server/app/api/system/clear-root/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/config/route.js +5 -5
- package/.next/standalone/.next/server/app/api/system/config/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/pins/route.js +4 -4
- package/.next/standalone/.next/server/app/api/system/pins/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/reveal/route.js +4 -4
- package/.next/standalone/.next/server/app/api/system/reveal/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/root-status/route.js +4 -4
- package/.next/standalone/.next/server/app/api/system/root-status/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/system/set-root/route.js +5 -5
- package/.next/standalone/.next/server/app/api/system/set-root/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/app/route.js +6 -6
- package/.next/standalone/.next/server/app/api/wiki/app/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/content/route.js +7 -7
- package/.next/standalone/.next/server/app/api/wiki/content/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/folder/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/folder/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/move/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/move/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/new-file/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/new-file/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/page/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/page/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/slugs/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/slugs/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/upload/route.js +5 -5
- package/.next/standalone/.next/server/app/api/wiki/upload/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/api/wiki/watch/route.js +6 -6
- package/.next/standalone/.next/server/app/api/wiki/watch/route.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/index.html +1 -1
- package/.next/standalone/.next/server/app/index.rsc +2 -2
- package/.next/standalone/.next/server/app/index.segments/__PAGE__.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/index.segments/_full.segment.rsc +2 -2
- package/.next/standalone/.next/server/app/index.segments/_head.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/index.segments/_index.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/index.segments/_tree.segment.rsc +1 -1
- package/.next/standalone/.next/server/app/page.js +4 -4
- package/.next/standalone/.next/server/app/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/app/signin/page.js +9 -4
- package/.next/standalone/.next/server/app/signin/page.js.nft.json +1 -1
- package/.next/standalone/.next/server/app/signin/page_client-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/chunks/{[root-of-the-server]__03h3~3e._.js → [root-of-the-server]__04udrya._.js} +2 -2
- package/.next/standalone/.next/server/chunks/{[root-of-the-server]__04g0j8i._.js → [root-of-the-server]__0kdn1le._.js} +2 -2
- package/.next/standalone/.next/server/chunks/{[root-of-the-server]__0d89o98._.js → src_lib_auth_server_ts_00f4e0h._.js} +3 -3
- package/.next/standalone/.next/server/chunks/ssr/0biy_@better-auth_core_dist_121m_lh._.js +5 -0
- package/.next/standalone/.next/server/chunks/ssr/0dhv_better-auth_dist_adapters_kysely-adapter_index_mjs_08ymlcb._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0dti_kysely_dist_esm_0-t3o9q._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0dti_kysely_dist_esm_01._58q._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0p91_next_0f40gy0._.js +6 -0
- package/.next/standalone/.next/server/chunks/ssr/{0p91_next_dist_0~2d1tl._.js → 0p91_next_dist_10ud_sa._.js} +2 -2
- package/.next/standalone/.next/server/chunks/ssr/0sag_@better-auth_memory-adapter_dist_index_mjs_07-_ka6._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0ugq_@better-auth_kysely-adapter_dist_bun-sqlite-dialect-DzNwOpKv_mjs_0lruvb8._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0ugq_@better-auth_kysely-adapter_dist_d1-sqlite-dialect-C2B7YsIT_mjs_03n6~tc._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/0ugq_@better-auth_kysely-adapter_dist_index_mjs_0gi5w.w._.js +4 -0
- package/.next/standalone/.next/server/chunks/ssr/0ugq_@better-auth_kysely-adapter_dist_node-sqlite-dialect_mjs_0l4.y~0._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__026s8~z._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__06mzg2t._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0btcd4o._.js +12 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0c~og-9._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__134_q7l._.js +1 -1
- package/.next/standalone/.next/server/chunks/ssr/_0pqaawz._.js +1 -1
- package/.next/standalone/.next/server/chunks/ssr/node_modules__pnpm_051tcva._.js +3 -0
- package/.next/standalone/.next/server/chunks/ssr/node_modules__pnpm_0o~d81.._.js +1 -1
- package/.next/standalone/.next/server/chunks/ssr/src_app_signin_00yk0vm._.js +452 -0
- package/.next/standalone/.next/server/chunks/ssr/src_app_signin_signin-form_tsx_0eznlbd._.js +3 -0
- package/.next/standalone/.next/server/middleware-build-manifest.js +3 -3
- package/.next/standalone/.next/server/middleware-manifest.json +5 -5
- package/.next/standalone/.next/server/pages/404.html +1 -1
- package/.next/standalone/.next/server/pages/500.html +1 -1
- package/.next/standalone/.next/server/server-reference-manifest.js +1 -1
- package/.next/standalone/.next/server/server-reference-manifest.json +1 -1
- package/.next/standalone/.next/static/chunks/09-jtayuhrq~b.js +1 -0
- package/.next/standalone/.next/static/chunks/0uv7ozzpiyp2_.js +1 -0
- package/.next/standalone/.next/static/chunks/135c~rq_ux73w.js +1 -0
- package/.next/standalone/docs/agent-fs-plan.md +230 -0
- package/.next/standalone/package.json +1 -1
- package/.next/standalone/src/app/signin/page.tsx +10 -225
- package/.next/standalone/src/app/signin/signin-form.tsx +238 -0
- package/.next/standalone/src/lib/auth/server.ts +14 -7
- package/.next/standalone/tsconfig.tsbuildinfo +1 -1
- package/package.json +1 -1
- package/.next/standalone/.next/server/app/signin.html +0 -1
- package/.next/standalone/.next/server/app/signin.meta +0 -15
- package/.next/standalone/.next/server/app/signin.rsc +0 -23
- package/.next/standalone/.next/server/app/signin.segments/_full.segment.rsc +0 -23
- package/.next/standalone/.next/server/app/signin.segments/_head.segment.rsc +0 -6
- package/.next/standalone/.next/server/app/signin.segments/_index.segment.rsc +0 -7
- package/.next/standalone/.next/server/app/signin.segments/_tree.segment.rsc +0 -3
- package/.next/standalone/.next/server/app/signin.segments/signin/__PAGE__.segment.rsc +0 -9
- package/.next/standalone/.next/server/app/signin.segments/signin.segment.rsc +0 -5
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__088hqzy._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0c147fo._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__0z.1v1z._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/[root-of-the-server]__12zp2dm._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/node_modules__pnpm_0exqvyf._.js +0 -3
- package/.next/standalone/.next/server/chunks/ssr/src_app_signin_page_tsx_1143y49._.js +0 -3
- package/.next/standalone/.next/static/chunks/0-_39e4awbk8y.js +0 -1
- package/.next/standalone/.next/static/chunks/02bxx~2cg~s6~.js +0 -1
- package/.next/standalone/.next/static/chunks/0mj_f8ncf2tks.js +0 -1
- /package/.next/standalone/.next/static/{bNZLQMXPxlDzQicfJAh2f → kzOuSAQArtvD7uiAJ6ZLh}/_buildManifest.js +0 -0
- /package/.next/standalone/.next/static/{bNZLQMXPxlDzQicfJAh2f → kzOuSAQArtvD7uiAJ6ZLh}/_clientMiddlewareManifest.js +0 -0
- /package/.next/standalone/.next/static/{bNZLQMXPxlDzQicfJAh2f → kzOuSAQArtvD7uiAJ6ZLh}/_ssgManifest.js +0 -0
|
@@ -0,0 +1,452 @@
|
|
|
1
|
+
module.exports=[211730,a=>{"use strict";a.s(["default",()=>b]);let b=(0,a.i(413981).registerClientReference)(function(){throw Error("Attempted to call the default export of [project]/src/app/signin/signin-form.tsx <module evaluation> from the server, but it's on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")},"[project]/src/app/signin/signin-form.tsx <module evaluation>","default")},465274,a=>{"use strict";a.s(["default",()=>b]);let b=(0,a.i(413981).registerClientReference)(function(){throw Error("Attempted to call the default export of [project]/src/app/signin/signin-form.tsx from the server, but it's on the client. It's not possible to invoke a client function from the server, it can only be rendered as a Component or passed to props of a Client Component.")},"[project]/src/app/signin/signin-form.tsx","default")},961603,a=>{"use strict";a.i(211730);var b=a.i(465274);a.n(b)},244925,a=>{"use strict";let b,c,d,e,f,g,h,i,j,k,l,m,n,o;var p,q,r,s,t=a.i(616842),u=a.i(961603),v=a.i(237976),w=a.i(672919);async function x(b,c){let d;if(b.database)d="function"==typeof b.database?b.database(b):await c(b);else{let c=Object.keys((0,v.getAuthTables)(b)).reduce((a,b)=>(a[b]=[],a),{}),{memoryAdapter:e}=await a.A(165483);d=e(c)(b)}return d.transaction||(w.logger.warn("Adapter does not correctly implement transaction function, patching it automatically. Please update your adapter implementation."),d.transaction=async a=>a(d)),d}var y=a.i(35021);async function z(b){return x(b,async b=>{let{createKyselyAdapter:c}=await a.A(18187),{kysely:d,databaseType:e,transaction:f}=await c(b);if(!d)throw new y.BetterAuthError("Failed to initialize database adapter");let{kyselyAdapter:g}=await a.A(18187);return g(d,{type:e||"sqlite",debugLogs:!!b.database&&"debugLogs"in b.database&&b.database.debugLogs,transaction:f})(b)})}var A=a.i(175544);function B(a){return"-"===a||"^"===a||"$"===a||"+"===a||"."===a||"("===a||")"===a||"|"===a||"["===a||"]"===a||"{"===a||"}"===a||"*"===a||"?"===a||"\\"===a?`\\${a}`:a}function C(a,b){if("string"!=typeof b)throw TypeError(`Sample must be a string, but ${typeof b} given`);return a.test(b)}function D(a,b){if("string"!=typeof a&&!Array.isArray(a))throw TypeError(`The first argument must be a single pattern string or an array of patterns, but ${typeof a} given`);if(("string"==typeof b||"boolean"==typeof b)&&(b={separator:b}),2==arguments.length&&!(void 0===b||"object"==typeof b&&null!==b&&!Array.isArray(b)))throw TypeError(`The second argument must be an options object or a string/boolean separator, but ${typeof b} given`);if("\\"===(b=b||{}).separator)throw Error("\\ is not a valid separator because it is used for escaping. Try setting the separator to `true` instead");let c=function a(b,c=!0){if(Array.isArray(b))return`(?:${b.map(b=>`^${a(b,c)}$`).join("|")})`;let d="",e="",f=".";!0===c?(d="/",e="[/\\\\]",f="[^/\\\\]"):c&&((e=function(a){let b="";for(let c=0;c<a.length;c++)b+=B(a[c]);return b}(d=c)).length>1?(e=`(?:${e})`,f=`((?!${e}).)`):f=`[^${e}]`);let g=c?`${e}+?`:"",h=c?`${e}*?`:"",i=c?b.split(d):[b],j="";for(let a=0;a<i.length;a++){let b=i[a],d=i[a+1],e="";if(b||!(a>0)){if(c&&(e=a===i.length-1?h:"**"!==d?g:""),c&&"**"===b){e&&(j+=0===a?"":e,j+=`(?:${f}*?${e})*?`);continue}for(let a=0;a<b.length;a++){let c=b[a];"\\"===c?a<b.length-1&&(j+=B(b[a+1]),a++):"?"===c?j+=f:"*"===c?j+=`${f}*?`:j+=B(c)}j+=e}}return j}(a,b.separator),d=RegExp(`^${c}$`,b.flags),e=C.bind(null,d);return e.options=b,e.pattern=a,e.regexp=d,e}var E=a.i(125039);function F(a){let b=a.length;for(;b>0&&47===a.charCodeAt(b-1);)b--;return b===a.length?a:a.slice(0,b)}function G(a,b="/api/auth"){try{let b=new URL(a);if("http:"!==b.protocol&&"https:"!==b.protocol)throw new y.BetterAuthError(`Invalid base URL: ${a}. URL must include 'http://' or 'https://'`)}catch(b){if(b instanceof y.BetterAuthError)throw b;throw new y.BetterAuthError(`Invalid base URL: ${a}. Please provide a valid base URL.`,{cause:b})}if(function(a){try{return"/"!==(F(new URL(a).pathname)||"/")}catch{throw new y.BetterAuthError(`Invalid base URL: ${a}. Please provide a valid base URL.`)}}(a))return a;let c=F(a);return b&&"/"!==b?(b=b.startsWith("/")?b:`/${b}`,`${c}${b}`):c}function H(a,b){return!!a&&""!==a.trim()&&("proto"===b?"http"===a||"https"===a:"host"===b&&![/\.\./,/\0/,/[\s]/,/^[.]/,/[<>'"]/,/javascript:/i,/file:/i,/data:/i].some(b=>b.test(a))&&(/^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(:[0-9]{1,5})?$/.test(a)||/^(\d{1,3}\.){3}\d{1,3}(:[0-9]{1,5})?$/.test(a)||/^\[[0-9a-fA-F:]+\](:[0-9]{1,5})?$/.test(a)||/^localhost(:[0-9]{1,5})?$/i.test(a)))}function I(a,b,c,d,e){if(a)return G(a,b);if(!1!==d){let a=E.env.BETTER_AUTH_URL||E.env.NEXT_PUBLIC_BETTER_AUTH_URL||E.env.PUBLIC_BETTER_AUTH_URL||E.env.NUXT_PUBLIC_BETTER_AUTH_URL||E.env.NUXT_PUBLIC_AUTH_URL||("/"!==E.env.BASE_URL?E.env.BASE_URL:void 0);if(a)return G(a,b)}let f=c?.headers.get("x-forwarded-host"),g=c?.headers.get("x-forwarded-proto");if(f&&g&&e&&H(g,"proto")&&H(f,"host"))try{return G(`${g}://${f}`,b)}catch(a){}if(c){let a=J(c.url);if(!a)throw new y.BetterAuthError("Could not get origin from request. Please provide a valid base URL.");return G(a,b)}}function J(a){try{let b=new URL(a);return"null"===b.origin?null:b.origin}catch{return null}}function K(a){return"object"==typeof a&&null!==a&&"allowedHosts"in a&&Array.isArray(a.allowedHosts)}function L(a){return a instanceof Request||"object"==typeof a&&null!==a&&"[object Request]"===Object.prototype.toString.call(a)&&"string"==typeof a.url&&"object"==typeof a.headers&&null!==a.headers&&"function"==typeof a.headers.get}function M(a,b){let c=L(a)?a.headers:a;if(b){let a=c.get("x-forwarded-host");if(a&&H(a,"host"))return a}let d=c.get("host");if(d&&H(d,"host"))return d;if(L(a))try{return new URL(a.url).host}catch{}return null}let N=(a,b,c)=>{if(a.startsWith("/"))return!!c?.allowRelativePaths&&a.startsWith("/")&&/^\/(?!\/|\\|%2f|%5c)[\w\-.\+/@]*(?:\?[\w\-.\+/=&%@]*)?$/.test(a);if(b.includes("*")||b.includes("?")){if(b.includes("://"))return D(b)(J(a)||a);let c=function(a){try{return new URL(a).host}catch{return null}}(a);return!!c&&D(b)(c)}let d=function(a){try{return new URL(a).protocol}catch{return null}}(a);return"http:"!==d&&"https:"!==d&&d?a.startsWith(b):b===J(a)};function O(a){return!!a&&("object"==typeof a||"function"==typeof a)&&"function"==typeof a.then}var P=a.i(666680);function Q(a,b){return new Promise((c,d)=>{(0,P.scrypt)(a.normalize("NFKC"),b,64,{N:16384,r:16,p:1,maxmem:0x4000000},(a,b)=>{a?d(a):c(b)})})}async function R(a){let b=(0,P.randomBytes)(16).toString("hex"),c=await Q(a,b);return`${b}:${c.toString("hex")}`}async function S(a,b){let[c,d]=a.split(":");if(!c||!d)throw Error("Invalid password hash");return(await Q(b,c)).toString("hex")===d}let T=async({hash:a,password:b})=>S(a,b);function U(a,b=""){if("number"!=typeof a){let c=b&&`"${b}" `;throw TypeError(`${c}expected number, got ${typeof a}`)}if(!Number.isSafeInteger(a)||a<0){let c=b&&`"${b}" `;throw RangeError(`${c}expected integer >= 0, got ${a}`)}}function V(a,b,c=""){let d=a instanceof Uint8Array||ArrayBuffer.isView(a)&&"Uint8Array"===a.constructor.name&&"BYTES_PER_ELEMENT"in a&&1===a.BYTES_PER_ELEMENT,e=a?.length,f=void 0!==b;if(!d||f&&e!==b){let g=(c&&`"${c}" `)+"expected Uint8Array"+(f?` of length ${b}`:"")+", got "+(d?`length=${e}`:`type=${typeof a}`);if(!d)throw TypeError(g);throw RangeError(g)}return a}function W(a){if("function"!=typeof a||"function"!=typeof a.create)throw TypeError("Hash must wrapped by utils.createHasher");if(U(a.outputLen),U(a.blockLen),a.outputLen<1)throw Error('"outputLen" must be >= 1');if(a.blockLen<1)throw Error('"blockLen" must be >= 1')}function X(a,b=!0){if(a.destroyed)throw Error("Hash instance has been destroyed");if(b&&a.finished)throw Error("Hash#digest() has already been called")}function Y(a,b){V(a,void 0,"digestInto() output");let c=b.outputLen;if(a.length<c)throw RangeError('"digestInto() output" expected to be of length >='+c)}function Z(...a){for(let b=0;b<a.length;b++)a[b].fill(0)}function $(a){return new DataView(a.buffer,a.byteOffset,a.byteLength)}function _(a,b){return a<<32-b|a>>>b}class aa{oHash;iHash;blockLen;outputLen;canXOF=!1;finished=!1;destroyed=!1;constructor(a,b){if(W(a),V(b,void 0,"key"),this.iHash=a.create(),"function"!=typeof this.iHash.update)throw Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;const c=this.blockLen,d=new Uint8Array(c);d.set(b.length>c?a.create().update(b).digest():b);for(let a=0;a<d.length;a++)d[a]^=54;this.iHash.update(d),this.oHash=a.create();for(let a=0;a<d.length;a++)d[a]^=106;this.oHash.update(d),Z(d)}update(a){return X(this),this.iHash.update(a),this}digestInto(a){X(this),Y(a,this),this.finished=!0;let b=a.subarray(0,this.outputLen);this.iHash.digestInto(b),this.oHash.update(b),this.oHash.digestInto(b),this.destroy()}digest(){let a=new Uint8Array(this.oHash.outputLen);return this.digestInto(a),a}_cloneInto(a){a||=Object.create(Object.getPrototypeOf(this),{});let{oHash:b,iHash:c,finished:d,destroyed:e,blockLen:f,outputLen:g}=this;return a.finished=d,a.destroyed=e,a.blockLen=f,a.outputLen=g,a.oHash=b._cloneInto(a.oHash),a.iHash=c._cloneInto(a.iHash),a}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}}let ab=((g=(a,b,c)=>new aa(a,b).update(c).digest()).create=(a,b)=>new aa(a,b),g),ac=Uint8Array.of(0),ad=Uint8Array.of();class ae{blockLen;outputLen;canXOF=!1;padOffset;isLE;buffer;view;finished=!1;length=0;pos=0;destroyed=!1;constructor(a,b,c,d){this.blockLen=a,this.outputLen=b,this.padOffset=c,this.isLE=d,this.buffer=new Uint8Array(a),this.view=$(this.buffer)}update(a){X(this),V(a);let{view:b,buffer:c,blockLen:d}=this,e=a.length;for(let f=0;f<e;){let g=Math.min(d-this.pos,e-f);if(g===d){let b=$(a);for(;d<=e-f;f+=d)this.process(b,f);continue}c.set(a.subarray(f,f+g),this.pos),this.pos+=g,f+=g,this.pos===d&&(this.process(b,0),this.pos=0)}return this.length+=a.length,this.roundClean(),this}digestInto(a){X(this),Y(a,this),this.finished=!0;let{buffer:b,view:c,blockLen:d,isLE:e}=this,{pos:f}=this;b[f++]=128,Z(this.buffer.subarray(f)),this.padOffset>d-f&&(this.process(c,0),f=0);for(let a=f;a<d;a++)b[a]=0;c.setBigUint64(d-8,BigInt(8*this.length),e),this.process(c,0);let g=$(a),h=this.outputLen;if(h%4)throw Error("_sha2: outputLen must be aligned to 32bit");let i=h/4,j=this.get();if(i>j.length)throw Error("_sha2: outputLen bigger than state");for(let a=0;a<i;a++)g.setUint32(4*a,j[a],e)}digest(){let{buffer:a,outputLen:b}=this;this.digestInto(a);let c=a.slice(0,b);return this.destroy(),c}_cloneInto(a){(a||=new this.constructor).set(...this.get());let{blockLen:b,buffer:c,length:d,finished:e,destroyed:f,pos:g}=this;return a.destroyed=f,a.finished=e,a.length=d,a.pos=g,d%b&&a.buffer.set(c),a}clone(){return this._cloneInto()}}let af=Uint32Array.from([0x6a09e667,0xbb67ae85,0x3c6ef372,0xa54ff53a,0x510e527f,0x9b05688c,0x1f83d9ab,0x5be0cd19]),ag=Uint32Array.from([0xc1059ed8,0x367cd507,0x3070dd17,0xf70e5939,0xffc00b31,0x68581511,0x64f98fa7,0xbefa4fa4]),ah=Uint32Array.from([0xcbbb9d5d,0xc1059ed8,0x629a292a,0x367cd507,0x9159015a,0x3070dd17,0x152fecd8,0xf70e5939,0x67332667,0xffc00b31,0x8eb44a87,0x68581511,0xdb0c2e0d,0x64f98fa7,0x47b5481d,0xbefa4fa4]),ai=Uint32Array.from([0x6a09e667,0xf3bcc908,0xbb67ae85,0x84caa73b,0x3c6ef372,0xfe94f82b,0xa54ff53a,0x5f1d36f1,0x510e527f,0xade682d1,0x9b05688c,0x2b3e6c1f,0x1f83d9ab,0xfb41bd6b,0x5be0cd19,0x137e2179]),aj=BigInt(0x100000000-1),ak=BigInt(32),al=Uint32Array.from([0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967,0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2]),am=new Uint32Array(64);class an extends ae{constructor(a){super(64,a,8,!1)}get(){let{A:a,B:b,C:c,D:d,E:e,F:f,G:g,H:h}=this;return[a,b,c,d,e,f,g,h]}set(a,b,c,d,e,f,g,h){this.A=0|a,this.B=0|b,this.C=0|c,this.D=0|d,this.E=0|e,this.F=0|f,this.G=0|g,this.H=0|h}process(a,b){for(let c=0;c<16;c++,b+=4)am[c]=a.getUint32(b,!1);for(let a=16;a<64;a++){let b=am[a-15],c=am[a-2],d=_(b,7)^_(b,18)^b>>>3,e=_(c,17)^_(c,19)^c>>>10;am[a]=e+am[a-7]+d+am[a-16]|0}let{A:c,B:d,C:e,D:f,E:g,F:h,G:i,H:j}=this;for(let a=0;a<64;a++){var k,l,m,n;let b=j+(_(g,6)^_(g,11)^_(g,25))+((k=g)&h^~k&i)+al[a]+am[a]|0,o=(_(c,2)^_(c,13)^_(c,22))+((l=c)&(m=d)^l&(n=e)^m&n)|0;j=i,i=h,h=g,g=f+b|0,f=e,e=d,d=c,c=b+o|0}c=c+this.A|0,d=d+this.B|0,e=e+this.C|0,f=f+this.D|0,g=g+this.E|0,h=h+this.F|0,i=i+this.G|0,j=j+this.H|0,this.set(c,d,e,f,g,h,i,j)}roundClean(){Z(am)}destroy(){this.destroyed=!0,this.set(0,0,0,0,0,0,0,0),Z(this.buffer)}}class ao extends an{A=0|af[0];B=0|af[1];C=0|af[2];D=0|af[3];E=0|af[4];F=0|af[5];G=0|af[6];H=0|af[7];constructor(){super(32)}}let ap=function(a,b=!1){let c=a.length,d=new Uint32Array(c),e=new Uint32Array(c);for(let f=0;f<c;f++){let{h:c,l:g}=function(a,b=!1){return b?{h:Number(a&aj),l:Number(a>>ak&aj)}:{h:0|Number(a>>ak&aj),l:0|Number(a&aj)}}(a[f],b);[d[f],e[f]]=[c,g]}return[d,e]}(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(a=>BigInt(a))),aq=ap[0],ar=ap[1],as=new Uint32Array(80),at=new Uint32Array(80),au=function(a,b={}){let c=(b,c)=>a(c).update(b).digest(),d=a(void 0);return c.outputLen=d.outputLen,c.blockLen=d.blockLen,c.canXOF=d.canXOF,c.create=b=>a(b),Object.assign(c,b),Object.freeze(c)}(()=>new ao,{oid:Uint8Array.from([6,9,96,134,72,1,101,3,4,2,1])}),av=new TextEncoder,aw=new TextDecoder;function ax(...a){let b=new Uint8Array(a.reduce((a,{length:b})=>a+b,0)),c=0;for(let d of a)b.set(d,c),c+=d.length;return b}function ay(a,b,c){if(b<0||b>=0x100000000)throw RangeError(`value must be >= 0 and <= ${0x100000000-1}. Received ${b}`);a.set([b>>>24,b>>>16,b>>>8,255&b],c)}function az(a){let b=Math.floor(a/0x100000000),c=new Uint8Array(8);return ay(c,b,0),ay(c,a%0x100000000,4),c}function aA(a){let b=new Uint8Array(4);return ay(b,a),b}function aB(a){let b=new Uint8Array(a.length);for(let c=0;c<a.length;c++){let d=a.charCodeAt(c);if(d>127)throw TypeError("non-ASCII string encountered in encode()");b[c]=d}return b}function aC(a){if(Uint8Array.fromBase64)return Uint8Array.fromBase64("string"==typeof a?a:aw.decode(a),{alphabet:"base64url"});let b=a;b instanceof Uint8Array&&(b=aw.decode(b)),b=b.replace(/-/g,"+").replace(/_/g,"/");try{var c=b;if(Uint8Array.fromBase64)return Uint8Array.fromBase64(c);let a=atob(c),d=new Uint8Array(a.length);for(let b=0;b<a.length;b++)d[b]=a.charCodeAt(b);return d}catch{throw TypeError("The input to be decoded is not correctly encoded.")}}function aD(a){let b=a;return("string"==typeof b&&(b=av.encode(b)),Uint8Array.prototype.toBase64)?b.toBase64({alphabet:"base64url",omitPadding:!0}):(function(a){if(Uint8Array.prototype.toBase64)return a.toBase64();let b=[];for(let c=0;c<a.length;c+=32768)b.push(String.fromCharCode.apply(null,a.subarray(c,c+32768)));return btoa(b.join(""))})(b).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}a.s(["decode",0,aC,"encode",0,aD],736256);let aE=Symbol();function aF(a,b){if(a)throw TypeError(`${b} can only be called once`)}function aG(a,b,c){try{return aC(a)}catch{throw new c(`Failed to base64url decode the ${b}`)}}async function aH(a,b){let c=`SHA-${a.slice(-3)}`;return new Uint8Array(await crypto.subtle.digest(c,b))}let aI=(a,b="algorithm.name")=>TypeError(`CryptoKey does not support this operation, its ${b} must be ${a}`);function aJ(a,b){if(parseInt(a.hash.name.slice(4),10)!==b)throw aI(`SHA-${b}`,"algorithm.hash")}function aK(a,b){if(b&&!a.usages.includes(b))throw TypeError(`CryptoKey does not support this operation, its usages must include ${b}.`)}function aL(a,b,c){switch(b){case"A128GCM":case"A192GCM":case"A256GCM":{if("AES-GCM"!==a.algorithm.name)throw aI("AES-GCM");let c=parseInt(b.slice(1,4),10);if(a.algorithm.length!==c)throw aI(c,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if("AES-KW"!==a.algorithm.name)throw aI("AES-KW");let c=parseInt(b.slice(1,4),10);if(a.algorithm.length!==c)throw aI(c,"algorithm.length");break}case"ECDH":switch(a.algorithm.name){case"ECDH":case"X25519":break;default:throw aI("ECDH or X25519")}break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if("PBKDF2"!==a.algorithm.name)throw aI("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":if("RSA-OAEP"!==a.algorithm.name)throw aI("RSA-OAEP");aJ(a.algorithm,parseInt(b.slice(9),10)||1);break;default:throw TypeError("CryptoKey does not support this operation")}aK(a,c)}function aM(a,b,...c){if((c=c.filter(Boolean)).length>2){let b=c.pop();a+=`one of type ${c.join(", ")}, or ${b}.`}else 2===c.length?a+=`one of type ${c[0]} or ${c[1]}.`:a+=`of type ${c[0]}.`;return null==b?a+=` Received ${b}`:"function"==typeof b&&b.name?a+=` Received function ${b.name}`:"object"==typeof b&&null!=b&&b.constructor?.name&&(a+=` Received an instance of ${b.constructor.name}`),a}let aN=(a,...b)=>aM("Key must be ",a,...b),aO=(a,b,...c)=>aM(`Key for the ${a} algorithm must be `,b,...c);class aP extends Error{static code="ERR_JOSE_GENERIC";code="ERR_JOSE_GENERIC";constructor(a,b){super(a,b),this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}}class aQ extends aP{static code="ERR_JWT_CLAIM_VALIDATION_FAILED";code="ERR_JWT_CLAIM_VALIDATION_FAILED";claim;reason;payload;constructor(a,b,c="unspecified",d="unspecified"){super(a,{cause:{claim:c,reason:d,payload:b}}),this.claim=c,this.reason=d,this.payload=b}}class aR extends aP{static code="ERR_JWT_EXPIRED";code="ERR_JWT_EXPIRED";claim;reason;payload;constructor(a,b,c="unspecified",d="unspecified"){super(a,{cause:{claim:c,reason:d,payload:b}}),this.claim=c,this.reason=d,this.payload=b}}class aS extends aP{static code="ERR_JOSE_ALG_NOT_ALLOWED";code="ERR_JOSE_ALG_NOT_ALLOWED"}class aT extends aP{static code="ERR_JOSE_NOT_SUPPORTED";code="ERR_JOSE_NOT_SUPPORTED"}class aU extends aP{static code="ERR_JWE_DECRYPTION_FAILED";code="ERR_JWE_DECRYPTION_FAILED";constructor(a="decryption operation failed",b){super(a,b)}}class aV extends aP{static code="ERR_JWE_INVALID";code="ERR_JWE_INVALID"}class aW extends aP{static code="ERR_JWS_INVALID";code="ERR_JWS_INVALID"}class aX extends aP{static code="ERR_JWT_INVALID";code="ERR_JWT_INVALID"}class aY extends aP{static code="ERR_JWK_INVALID";code="ERR_JWK_INVALID"}class aZ extends aP{static code="ERR_JWKS_INVALID";code="ERR_JWKS_INVALID"}class a$ extends aP{static code="ERR_JWKS_NO_MATCHING_KEY";code="ERR_JWKS_NO_MATCHING_KEY";constructor(a="no applicable key found in the JSON Web Key Set",b){super(a,b)}}class a_ extends aP{[Symbol.asyncIterator];static code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";constructor(a="multiple matching keys found in the JSON Web Key Set",b){super(a,b)}}class a0 extends aP{static code="ERR_JWKS_TIMEOUT";code="ERR_JWKS_TIMEOUT";constructor(a="request timed out",b){super(a,b)}}class a1 extends aP{static code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED";code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED";constructor(a="signature verification failed",b){super(a,b)}}function a2(a){if(!a3(a))throw Error("CryptoKey instance expected")}let a3=a=>{if(a?.[Symbol.toStringTag]==="CryptoKey")return!0;try{return a instanceof CryptoKey}catch{return!1}},a4=a=>a?.[Symbol.toStringTag]==="KeyObject",a5=a=>a3(a)||a4(a);function a6(a){switch(a){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new aT(`Unsupported JWE Algorithm: ${a}`)}}let a7=a=>crypto.getRandomValues(new Uint8Array(a6(a)>>3));function a8(a,b){let c=a.byteLength<<3;if(c!==b)throw new aV(`Invalid Content Encryption Key length. Expected ${b} bits, got ${c} bits`)}function a9(a){switch(a){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new aT(`Unsupported JWE Algorithm: ${a}`)}}function ba(a,b){if(b.length<<3!==a9(a))throw new aV("Invalid Initialization Vector length")}async function bb(a,b,c){if(!(b instanceof Uint8Array))throw TypeError(aN(b,"Uint8Array"));let d=parseInt(a.slice(1,4),10);return{encKey:await crypto.subtle.importKey("raw",b.subarray(d>>3),"AES-CBC",!1,[c]),macKey:await crypto.subtle.importKey("raw",b.subarray(0,d>>3),{hash:`SHA-${d<<1}`,name:"HMAC"},!1,["sign"]),keySize:d}}async function bc(a,b,c){return new Uint8Array((await crypto.subtle.sign("HMAC",a,b)).slice(0,c>>3))}async function bd(a,b,c,d,e){let{encKey:f,macKey:g,keySize:h}=await bb(a,c,"encrypt"),i=new Uint8Array(await crypto.subtle.encrypt({iv:d,name:"AES-CBC"},f,b)),j=ax(e,d,i,az(e.length<<3));return{ciphertext:i,tag:await bc(g,j,h),iv:d}}async function be(a,b){if(!(a instanceof Uint8Array))throw TypeError("First argument must be a buffer");if(!(b instanceof Uint8Array))throw TypeError("Second argument must be a buffer");let c={name:"HMAC",hash:"SHA-256"},d=await crypto.subtle.generateKey(c,!1,["sign"]),e=new Uint8Array(await crypto.subtle.sign(c,d,a)),f=new Uint8Array(await crypto.subtle.sign(c,d,b)),g=0,h=-1;for(;++h<32;)g|=e[h]^f[h];return 0===g}async function bf(a,b,c,d,e,f){let g,h,{encKey:i,macKey:j,keySize:k}=await bb(a,b,"decrypt"),l=ax(f,d,c,az(f.length<<3)),m=await bc(j,l,k);try{g=await be(e,m)}catch{}if(!g)throw new aU;try{h=new Uint8Array(await crypto.subtle.decrypt({iv:d,name:"AES-CBC"},i,c))}catch{}if(!h)throw new aU;return h}async function bg(a,b,c,d,e){let f;c instanceof Uint8Array?f=await crypto.subtle.importKey("raw",c,"AES-GCM",!1,["encrypt"]):(aL(c,a,"encrypt"),f=c);let g=new Uint8Array(await crypto.subtle.encrypt({additionalData:e,iv:d,name:"AES-GCM",tagLength:128},f,b)),h=g.slice(-16);return{ciphertext:g.slice(0,-16),tag:h,iv:d}}async function bh(a,b,c,d,e,f){let g;b instanceof Uint8Array?g=await crypto.subtle.importKey("raw",b,"AES-GCM",!1,["decrypt"]):(aL(b,a,"decrypt"),g=b);try{return new Uint8Array(await crypto.subtle.decrypt({additionalData:f,iv:d,name:"AES-GCM",tagLength:128},g,ax(c,e)))}catch{throw new aU}}let bi="Unsupported JWE Content Encryption Algorithm";async function bj(a,b,c,d,e){if(!a3(c)&&!(c instanceof Uint8Array))throw TypeError(aN(c,"CryptoKey","KeyObject","Uint8Array","JSON Web Key"));if(d)ba(a,d);else d=crypto.getRandomValues(new Uint8Array(a9(a)>>3));switch(a){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return c instanceof Uint8Array&&a8(c,parseInt(a.slice(-3),10)),bd(a,b,c,d,e);case"A128GCM":case"A192GCM":case"A256GCM":return c instanceof Uint8Array&&a8(c,parseInt(a.slice(1,4),10)),bg(a,b,c,d,e);default:throw new aT(bi)}}async function bk(a,b,c,d,e,f){if(!a3(b)&&!(b instanceof Uint8Array))throw TypeError(aN(b,"CryptoKey","KeyObject","Uint8Array","JSON Web Key"));if(!d)throw new aV("JWE Initialization Vector missing");if(!e)throw new aV("JWE Authentication Tag missing");switch(ba(a,d),a){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return b instanceof Uint8Array&&a8(b,parseInt(a.slice(-3),10)),bf(a,b,c,d,e,f);case"A128GCM":case"A192GCM":case"A256GCM":return b instanceof Uint8Array&&a8(b,parseInt(a.slice(1,4),10)),bh(a,b,c,d,e,f);default:throw new aT(bi)}}function bl(a,b){if(a.algorithm.length!==parseInt(b.slice(1,4),10))throw TypeError(`Invalid key size for alg: ${b}`)}function bm(a,b,c){return a instanceof Uint8Array?crypto.subtle.importKey("raw",a,"AES-KW",!0,[c]):(aL(a,b,c),a)}async function bn(a,b,c){let d=await bm(b,a,"wrapKey");bl(d,a);let e=await crypto.subtle.importKey("raw",c,{hash:"SHA-256",name:"HMAC"},!0,["sign"]);return new Uint8Array(await crypto.subtle.wrapKey("raw",e,d,"AES-KW"))}async function bo(a,b,c){let d=await bm(b,a,"unwrapKey");bl(d,a);let e=await crypto.subtle.unwrapKey("raw",c,d,"AES-KW",{hash:"SHA-256",name:"HMAC"},!0,["sign"]);return new Uint8Array(await crypto.subtle.exportKey("raw",e))}function bp(a){return ax(aA(a.length),a)}async function bq(a,b,c){let d=b>>3,e=Math.ceil(d/32),f=new Uint8Array(32*e);for(let b=1;b<=e;b++){let d=new Uint8Array(4+a.length+c.length);d.set(aA(b),0),d.set(a,4),d.set(c,4+a.length);let e=await aH("sha256",d);f.set(e,(b-1)*32)}return f.slice(0,d)}async function br(a,b,c,d,e=new Uint8Array,f=new Uint8Array){var g;aL(a,"ECDH"),aL(b,"ECDH","deriveBits");let h=ax(bp(aB(c)),bp(e),bp(f),aA(d),new Uint8Array);return bq(new Uint8Array(await crypto.subtle.deriveBits({name:a.algorithm.name,public:a},b,"X25519"===(g=a).algorithm.name?256:Math.ceil(parseInt(g.algorithm.namedCurve.slice(-3),10)/8)<<3)),d,h)}function bs(a){switch(a.algorithm.namedCurve){case"P-256":case"P-384":case"P-521":return!0;default:return"X25519"===a.algorithm.name}}async function bt(a,b,c,d){if(!(a instanceof Uint8Array)||a.length<8)throw new aV("PBES2 Salt Input must be 8 or more octets");if(!Number.isSafeInteger(c)||1!==Math.sign(c))throw new aV("PBES2 Count Input must be a positive integer");let e=ax(aB(b),Uint8Array.of(0),a),f=parseInt(b.slice(13,16),10),g={hash:`SHA-${b.slice(8,11)}`,iterations:c,name:"PBKDF2",salt:e},h=await (d instanceof Uint8Array?crypto.subtle.importKey("raw",d,"PBKDF2",!1,["deriveBits"]):(aL(d,b,"deriveBits"),d));return new Uint8Array(await crypto.subtle.deriveBits(g,h,f))}async function bu(a,b,c,d=2048,e=crypto.getRandomValues(new Uint8Array(16))){let f=await bt(e,a,d,b);return{encryptedKey:await bn(a.slice(-6),f,c),p2c:d,p2s:aD(e)}}async function bv(a,b,c,d,e){let f=await bt(e,a,d,b);return bo(a.slice(-6),f,c)}function bw(a,b){if(a.startsWith("RS")||a.startsWith("PS")){let{modulusLength:c}=b.algorithm;if("number"!=typeof c||c<2048)throw TypeError(`${a} requires key modulusLength to be 2048 bits or larger`)}}function bx(a,b){let c=`SHA-${a.slice(-3)}`;switch(a){case"HS256":case"HS384":case"HS512":return{hash:c,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:c,name:"RSA-PSS",saltLength:parseInt(a.slice(-3),10)>>3};case"RS256":case"RS384":case"RS512":return{hash:c,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:c,name:"ECDSA",namedCurve:b.namedCurve};case"Ed25519":case"EdDSA":return{name:"Ed25519"};case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return{name:a};default:throw new aT(`alg ${a} is not supported either by JOSE or your javascript runtime`)}}async function by(a,b,c){if(b instanceof Uint8Array){if(!a.startsWith("HS"))throw TypeError(aN(b,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",b,{hash:`SHA-${a.slice(-3)}`,name:"HMAC"},!1,[c])}switch(a){case"HS256":case"HS384":case"HS512":if("HMAC"!==b.algorithm.name)throw aI("HMAC");aJ(b.algorithm,parseInt(a.slice(2),10));break;case"RS256":case"RS384":case"RS512":if("RSASSA-PKCS1-v1_5"!==b.algorithm.name)throw aI("RSASSA-PKCS1-v1_5");aJ(b.algorithm,parseInt(a.slice(2),10));break;case"PS256":case"PS384":case"PS512":if("RSA-PSS"!==b.algorithm.name)throw aI("RSA-PSS");aJ(b.algorithm,parseInt(a.slice(2),10));break;case"Ed25519":case"EdDSA":if("Ed25519"!==b.algorithm.name)throw aI("Ed25519");break;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":let d;if(d=b.algorithm,d.name!==a)throw aI(a);break;case"ES256":case"ES384":case"ES512":{if("ECDSA"!==b.algorithm.name)throw aI("ECDSA");let c=function(a){switch(a){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw Error("unreachable")}}(a);if(b.algorithm.namedCurve!==c)throw aI(c,"algorithm.namedCurve");break}default:throw TypeError("CryptoKey does not support this operation")}return aK(b,c),b}async function bz(a,b,c){let d=await by(a,b,"sign");return bw(a,d),new Uint8Array(await crypto.subtle.sign(bx(a,d.algorithm),d,c))}async function bA(a,b,c,d){let e=await by(a,b,"verify");bw(a,e);let f=bx(a,e.algorithm);try{return await crypto.subtle.verify(f,e,c,d)}catch{return!1}}let bB=a=>{switch(a){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new aT(`alg ${a} is not supported either by JOSE or your javascript runtime`)}};async function bC(a,b,c){return aL(b,a,"encrypt"),bw(a,b),new Uint8Array(await crypto.subtle.encrypt(bB(a),b,c))}async function bD(a,b,c){return aL(b,a,"decrypt"),bw(a,b),new Uint8Array(await crypto.subtle.decrypt(bB(a),b,c))}function bE(a){if("object"!=typeof a||null===a||"[object Object]"!==Object.prototype.toString.call(a))return!1;if(null===Object.getPrototypeOf(a))return!0;let b=a;for(;null!==Object.getPrototypeOf(b);)b=Object.getPrototypeOf(b);return Object.getPrototypeOf(a)===b}function bF(...a){let b,c=a.filter(Boolean);if(0===c.length||1===c.length)return!0;for(let a of c){let c=Object.keys(a);if(!b||0===b.size){b=new Set(c);continue}for(let a of c){if(b.has(a))return!1;b.add(a)}}return!0}let bG=a=>bE(a)&&"string"==typeof a.kty,bH='Invalid or unsupported JWK "alg" (Algorithm) Parameter value';async function bI(a){if(!a.alg)throw TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:b,keyUsages:c}=function(a){let b,c;switch(a.kty){case"AKP":switch(a.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":b={name:a.alg},c=a.priv?["sign"]:["verify"];break;default:throw new aT(bH)}break;case"RSA":switch(a.alg){case"PS256":case"PS384":case"PS512":b={name:"RSA-PSS",hash:`SHA-${a.alg.slice(-3)}`},c=a.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":b={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${a.alg.slice(-3)}`},c=a.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":b={name:"RSA-OAEP",hash:`SHA-${parseInt(a.alg.slice(-3),10)||1}`},c=a.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new aT(bH)}break;case"EC":switch(a.alg){case"ES256":case"ES384":case"ES512":b={name:"ECDSA",namedCurve:({ES256:"P-256",ES384:"P-384",ES512:"P-521"})[a.alg]},c=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":b={name:"ECDH",namedCurve:a.crv},c=a.d?["deriveBits"]:[];break;default:throw new aT(bH)}break;case"OKP":switch(a.alg){case"Ed25519":case"EdDSA":b={name:"Ed25519"},c=a.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":b={name:a.crv},c=a.d?["deriveBits"]:[];break;default:throw new aT(bH)}break;default:throw new aT('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:b,keyUsages:c}}(a),d={...a};return"AKP"!==d.kty&&delete d.alg,delete d.use,crypto.subtle.importKey("jwk",d,b,a.ext??(!a.d&&!a.priv),a.key_ops??c)}let bJ="given KeyObject instance cannot be used for this algorithm",bK=async(a,c,d,e=!1)=>{let f=(b||=new WeakMap).get(a);if(f?.[d])return f[d];let g=await bI({...c,alg:d});return e&&Object.freeze(a),f?f[d]=g:b.set(a,{[d]:g}),g};async function bL(a,c){if(a instanceof Uint8Array||a3(a))return a;if(a4(a)){if("secret"===a.type)return a.export();if("toCryptoKey"in a&&"function"==typeof a.toCryptoKey)try{return((a,c)=>{let d,e=(b||=new WeakMap).get(a);if(e?.[c])return e[c];let f="public"===a.type,g=!!f;if("x25519"===a.asymmetricKeyType){switch(c){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw TypeError(bJ)}d=a.toCryptoKey(a.asymmetricKeyType,g,f?[]:["deriveBits"])}if("ed25519"===a.asymmetricKeyType){if("EdDSA"!==c&&"Ed25519"!==c)throw TypeError(bJ);d=a.toCryptoKey(a.asymmetricKeyType,g,[f?"verify":"sign"])}switch(a.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":if(c!==a.asymmetricKeyType.toUpperCase())throw TypeError(bJ);d=a.toCryptoKey(a.asymmetricKeyType,g,[f?"verify":"sign"])}if("rsa"===a.asymmetricKeyType){let b;switch(c){case"RSA-OAEP":b="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":b="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":b="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":b="SHA-512";break;default:throw TypeError(bJ)}if(c.startsWith("RSA-OAEP"))return a.toCryptoKey({name:"RSA-OAEP",hash:b},g,f?["encrypt"]:["decrypt"]);d=a.toCryptoKey({name:c.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:b},g,[f?"verify":"sign"])}if("ec"===a.asymmetricKeyType){let b=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(a.asymmetricKeyDetails?.namedCurve);if(!b)throw TypeError(bJ);let e={ES256:"P-256",ES384:"P-384",ES512:"P-521"};e[c]&&b===e[c]&&(d=a.toCryptoKey({name:"ECDSA",namedCurve:b},g,[f?"verify":"sign"])),c.startsWith("ECDH-ES")&&(d=a.toCryptoKey({name:"ECDH",namedCurve:b},g,f?[]:["deriveBits"]))}if(!d)throw TypeError(bJ);return e?e[c]=d:b.set(a,{[c]:d}),d})(a,c)}catch(a){if(a instanceof TypeError)throw a}let d=a.export({format:"jwk"});return bK(a,d,c)}if(bG(a))return a.k?aC(a.k):bK(a,a,c,!0);throw Error("unreachable")}async function bM(a,b,c){let d;if(!bE(a))throw TypeError("JWK must be an object");switch(b??=a.alg,d??=c?.extractable??a.ext,a.kty){case"oct":if("string"!=typeof a.k||!a.k)throw TypeError('missing "k" (Key Value) Parameter value');return aC(a.k);case"RSA":if("oth"in a&&void 0!==a.oth)throw new aT('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return bI({...a,alg:b,ext:d});case"AKP":if("string"!=typeof a.alg||!a.alg)throw TypeError('missing "alg" (Algorithm) Parameter value');if(void 0!==b&&b!==a.alg)throw TypeError("JWK alg and alg option value mismatch");return bI({...a,ext:d});case"EC":case"OKP":return bI({...a,alg:b,ext:d});default:throw new aT('Unsupported "kty" (Key Type) Parameter value')}}async function bN(a){if(a4(a))if("secret"!==a.type)return a.export({format:"jwk"});else a=a.export();if(a instanceof Uint8Array)return{kty:"oct",k:aD(a)};if(!a3(a))throw TypeError(aN(a,"CryptoKey","KeyObject","Uint8Array"));if(!a.extractable)throw TypeError("non-extractable CryptoKey cannot be exported as a JWK");let{ext:b,key_ops:c,alg:d,use:e,...f}=await crypto.subtle.exportKey("jwk",a);return"AKP"===f.kty&&(f.alg=d),f}async function bO(a){return bN(a)}async function bP(a,b,c,d){let e=a.slice(0,7),f=await bj(e,c,b,d,new Uint8Array);return{encryptedKey:f.ciphertext,iv:aD(f.iv),tag:aD(f.tag)}}async function bQ(a,b,c,d,e){return bk(a.slice(0,7),b,c,d,e,new Uint8Array)}let bR='Invalid or unsupported "alg" (JWE Algorithm) header value';function bS(a){if(void 0===a)throw new aV("JWE Encrypted Key missing")}async function bT(a,b,c,d,e){switch(a){case"dir":if(void 0!==c)throw new aV("Encountered unexpected JWE Encrypted Key");return b;case"ECDH-ES":if(void 0!==c)throw new aV("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{let e,f;if(!bE(d.epk))throw new aV('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(a2(b),!bs(b))throw new aT("ECDH with the provided key is not allowed or not supported by your javascript runtime");let g=await bM(d.epk,a);if(a2(g),void 0!==d.apu){if("string"!=typeof d.apu)throw new aV('JOSE Header "apu" (Agreement PartyUInfo) invalid');e=aG(d.apu,"apu",aV)}if(void 0!==d.apv){if("string"!=typeof d.apv)throw new aV('JOSE Header "apv" (Agreement PartyVInfo) invalid');f=aG(d.apv,"apv",aV)}let h=await br(g,b,"ECDH-ES"===a?d.enc:a,"ECDH-ES"===a?a6(d.enc):parseInt(a.slice(-5,-2),10),e,f);if("ECDH-ES"===a)return h;return bS(c),bo(a.slice(-6),h,c)}case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return bS(c),a2(b),bD(a,b,c);case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{let f;if(bS(c),"number"!=typeof d.p2c)throw new aV('JOSE Header "p2c" (PBES2 Count) missing or invalid');let g=e?.maxPBES2Count||1e4;if(d.p2c>g)throw new aV('JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds');if("string"!=typeof d.p2s)throw new aV('JOSE Header "p2s" (PBES2 Salt) missing or invalid');return f=aG(d.p2s,"p2s",aV),bv(a,b,c,d.p2c,f)}case"A128KW":case"A192KW":case"A256KW":return bS(c),bo(a,b,c);case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":if(bS(c),"string"!=typeof d.iv)throw new aV('JOSE Header "iv" (Initialization Vector) missing or invalid');if("string"!=typeof d.tag)throw new aV('JOSE Header "tag" (Authentication Tag) missing or invalid');return bQ(a,b,c,aG(d.iv,"iv",aV),aG(d.tag,"tag",aV));default:throw new aT(bR)}}async function bU(a,b,c,d,e={}){let f,g,h;switch(a){case"dir":h=c;break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{let i;if(a2(c),!bs(c))throw new aT("ECDH with the provided key is not allowed or not supported by your javascript runtime");let{apu:j,apv:k}=e;i=e.epk?await bL(e.epk,a):(await crypto.subtle.generateKey(c.algorithm,!0,["deriveBits"])).privateKey;let{x:l,y:m,crv:n,kty:o}=await bO(i),p=await br(c,i,"ECDH-ES"===a?b:a,"ECDH-ES"===a?a6(b):parseInt(a.slice(-5,-2),10),j,k);if(g={epk:{x:l,crv:n,kty:o}},"EC"===o&&(g.epk.y=m),j&&(g.apu=aD(j)),k&&(g.apv=aD(k)),"ECDH-ES"===a){h=p;break}h=d||a7(b);let q=a.slice(-6);f=await bn(q,p,h);break}case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":h=d||a7(b),a2(c),f=await bC(a,c,h);break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{h=d||a7(b);let{p2c:i,p2s:j}=e;({encryptedKey:f,...g}=await bu(a,c,h,i,j));break}case"A128KW":case"A192KW":case"A256KW":h=d||a7(b),f=await bn(a,c,h);break;case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{h=d||a7(b);let{iv:i}=e;({encryptedKey:f,...g}=await bP(a,c,h,i));break}default:throw new aT(bR)}return{cek:h,encryptedKey:f,parameters:g}}function bV(a,b,c,d,e){let f;if(void 0!==e.crit&&d?.crit===void 0)throw new a('"crit" (Critical) Header Parameter MUST be integrity protected');if(!d||void 0===d.crit)return new Set;if(!Array.isArray(d.crit)||0===d.crit.length||d.crit.some(a=>"string"!=typeof a||0===a.length))throw new a('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');for(let g of(f=void 0!==c?new Map([...Object.entries(c),...b.entries()]):b,d.crit)){if(!f.has(g))throw new aT(`Extension Header Parameter "${g}" is not recognized`);if(void 0===e[g])throw new a(`Extension Header Parameter "${g}" is missing`);if(f.get(g)&&void 0===d[g])throw new a(`Extension Header Parameter "${g}" MUST be integrity protected`)}return new Set(d.crit)}let bW=a=>a?.[Symbol.toStringTag],bX=(a,b,c)=>{if(void 0!==b.use){let a;switch(c){case"sign":case"verify":a="sig";break;case"encrypt":case"decrypt":a="enc"}if(b.use!==a)throw TypeError(`Invalid key for this operation, its "use" must be "${a}" when present`)}if(void 0!==b.alg&&b.alg!==a)throw TypeError(`Invalid key for this operation, its "alg" must be "${a}" when present`);if(Array.isArray(b.key_ops)){let d;switch(!0){case"sign"===c||"verify"===c:case"dir"===a:case a.includes("CBC-HS"):d=c;break;case a.startsWith("PBES2"):d="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(a):d=!a.includes("GCM")&&a.endsWith("KW")?"encrypt"===c?"wrapKey":"unwrapKey":c;break;case"encrypt"===c&&a.startsWith("RSA"):d="wrapKey";break;case"decrypt"===c:d=a.startsWith("RSA")?"unwrapKey":"deriveBits"}if(d&&b.key_ops?.includes?.(d)===!1)throw TypeError(`Invalid key for this operation, its "key_ops" must include "${d}" when present`)}return!0};function bY(a,b,c){switch(a.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":((a,b,c)=>{if(!(b instanceof Uint8Array)){if(bG(b)){if("oct"===b.kty&&"string"==typeof b.k&&bX(a,b,c))return;throw TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!a5(b))throw TypeError(aO(a,b,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if("secret"!==b.type)throw TypeError(`${bW(b)} instances for symmetric algorithms must be of type "secret"`)}})(a,b,c);break;default:((a,b,c)=>{if(bG(b))switch(c){case"decrypt":case"sign":if("oct"!==b.kty&&("AKP"===b.kty&&"string"==typeof b.priv||"string"==typeof b.d)&&bX(a,b,c))return;throw TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if("oct"!==b.kty&&void 0===b.d&&void 0===b.priv&&bX(a,b,c))return;throw TypeError("JSON Web Key for this operation must be a public JWK")}if(!a5(b))throw TypeError(aO(a,b,"CryptoKey","KeyObject","JSON Web Key"));if("secret"===b.type)throw TypeError(`${bW(b)} instances for asymmetric algorithms must not be of type "secret"`);if("public"===b.type)switch(c){case"sign":throw TypeError(`${bW(b)} instances for asymmetric algorithm signing must be of type "private"`);case"decrypt":throw TypeError(`${bW(b)} instances for asymmetric algorithm decryption must be of type "private"`)}if("private"===b.type)switch(c){case"verify":throw TypeError(`${bW(b)} instances for asymmetric algorithm verifying must be of type "public"`);case"encrypt":throw TypeError(`${bW(b)} instances for asymmetric algorithm encryption must be of type "public"`)}})(a,b,c)}}function bZ(a){if(void 0===globalThis[a])throw new aT(`JWE "zip" (Compression Algorithm) Header Parameter requires the ${a} API.`)}async function b$(a){bZ("CompressionStream");let b=new CompressionStream("deflate-raw"),c=b.writable.getWriter();c.write(a).catch(()=>{}),c.close().catch(()=>{});let d=[],e=b.readable.getReader();for(;;){let{value:a,done:b}=await e.read();if(b)break;d.push(a)}return ax(...d)}async function b_(a,b){bZ("DecompressionStream");let c=new DecompressionStream("deflate-raw"),d=c.writable.getWriter();d.write(a).catch(()=>{}),d.close().catch(()=>{});let e=[],f=0,g=c.readable.getReader();for(;;){let{value:a,done:c}=await g.read();if(c)break;if(e.push(a),f+=a.byteLength,b!==1/0&&f>b)throw new aV("Decompressed plaintext exceeded the configured limit")}return ax(...e)}class b0{#a;#b;#c;#d;#e;#f;#g;#h;constructor(a){if(!(a instanceof Uint8Array))throw TypeError("plaintext must be an instance of Uint8Array");this.#a=a}setKeyManagementParameters(a){return aF(this.#h,"setKeyManagementParameters"),this.#h=a,this}setProtectedHeader(a){return aF(this.#b,"setProtectedHeader"),this.#b=a,this}setSharedUnprotectedHeader(a){return aF(this.#c,"setSharedUnprotectedHeader"),this.#c=a,this}setUnprotectedHeader(a){return aF(this.#d,"setUnprotectedHeader"),this.#d=a,this}setAdditionalAuthenticatedData(a){return this.#e=a,this}setContentEncryptionKey(a){return aF(this.#f,"setContentEncryptionKey"),this.#f=a,this}setInitializationVector(a){return aF(this.#g,"setInitializationVector"),this.#g=a,this}async encrypt(a,b){let c,d,e,f,g,h;if(!this.#b&&!this.#d&&!this.#c)throw new aV("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");if(!bF(this.#b,this.#d,this.#c))throw new aV("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");let i={...this.#b,...this.#d,...this.#c};if(bV(aV,new Map,b?.crit,this.#b,i),void 0!==i.zip&&"DEF"!==i.zip)throw new aT('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value.');if(void 0!==i.zip&&!this.#b?.zip)throw new aV('JWE "zip" (Compression Algorithm) Header Parameter MUST be in a protected header.');let{alg:j,enc:k}=i;if("string"!=typeof j||!j)throw new aV('JWE "alg" (Algorithm) Header Parameter missing or invalid');if("string"!=typeof k||!k)throw new aV('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');if(this.#f&&("dir"===j||"ECDH-ES"===j))throw TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${j}`);bY("dir"===j?k:j,a,"encrypt");{let e,f=await bL(a,j);({cek:d,encryptedKey:c,parameters:e}=await bU(j,k,f,this.#f,this.#h)),e&&(b&&aE in b?this.#d?this.#d={...this.#d,...e}:this.setUnprotectedHeader(e):this.#b?this.#b={...this.#b,...e}:this.setProtectedHeader(e))}if(this.#b?g=aB(f=aD(JSON.stringify(this.#b))):(f="",g=new Uint8Array),this.#e){let a=aB(h=aD(this.#e));e=ax(g,aB("."),a)}else e=g;let l=this.#a;"DEF"===i.zip&&(l=await b$(l).catch(a=>{throw new aV("Failed to compress plaintext",{cause:a})}));let{ciphertext:m,tag:n,iv:o}=await bj(k,l,d,this.#g,e),p={ciphertext:aD(m)};return o&&(p.iv=aD(o)),n&&(p.tag=aD(n)),c&&(p.encrypted_key=aD(c)),h&&(p.aad=h),this.#b&&(p.protected=f),this.#c&&(p.unprotected=this.#c),this.#d&&(p.header=this.#d),p}}class b1{#i;constructor(a){this.#i=new b0(a)}setContentEncryptionKey(a){return this.#i.setContentEncryptionKey(a),this}setInitializationVector(a){return this.#i.setInitializationVector(a),this}setProtectedHeader(a){return this.#i.setProtectedHeader(a),this}setKeyManagementParameters(a){return this.#i.setKeyManagementParameters(a),this}async encrypt(a,b){let c=await this.#i.encrypt(a,b);return[c.protected,c.encrypted_key,c.iv,c.ciphertext,c.tag].join(".")}}let b2=a=>Math.floor(a.getTime()/1e3),b3=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function b4(a){let b,c=b3.exec(a);if(!c||c[4]&&c[1])throw TypeError("Invalid time period format");let d=parseFloat(c[2]);switch(c[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":b=Math.round(d);break;case"minute":case"minutes":case"min":case"mins":case"m":b=Math.round(60*d);break;case"hour":case"hours":case"hr":case"hrs":case"h":b=Math.round(3600*d);break;case"day":case"days":case"d":b=Math.round(86400*d);break;case"week":case"weeks":case"w":b=Math.round(604800*d);break;default:b=Math.round(0x1e187e0*d)}return"-"===c[1]||"ago"===c[4]?-b:b}function b5(a,b){if(!Number.isFinite(b))throw TypeError(`Invalid ${a} input`);return b}let b6=a=>a.includes("/")?a.toLowerCase():`application/${a.toLowerCase()}`;function b7(a,b,c={}){var d,e;let f,g;try{f=JSON.parse(aw.decode(b))}catch{}if(!bE(f))throw new aX("JWT Claims Set must be a top-level JSON object");let{typ:h}=c;if(h&&("string"!=typeof a.typ||b6(a.typ)!==b6(h)))throw new aQ('unexpected "typ" JWT header value',f,"typ","check_failed");let{requiredClaims:i=[],issuer:j,subject:k,audience:l,maxTokenAge:m}=c,n=[...i];for(let a of(void 0!==m&&n.push("iat"),void 0!==l&&n.push("aud"),void 0!==k&&n.push("sub"),void 0!==j&&n.push("iss"),new Set(n.reverse())))if(!(a in f))throw new aQ(`missing required "${a}" claim`,f,a,"missing");if(j&&!(Array.isArray(j)?j:[j]).includes(f.iss))throw new aQ('unexpected "iss" claim value',f,"iss","check_failed");if(k&&f.sub!==k)throw new aQ('unexpected "sub" claim value',f,"sub","check_failed");if(l&&(d=f.aud,e="string"==typeof l?[l]:l,"string"==typeof d?!e.includes(d):!(Array.isArray(d)&&e.some(Set.prototype.has.bind(new Set(d))))))throw new aQ('unexpected "aud" claim value',f,"aud","check_failed");switch(typeof c.clockTolerance){case"string":g=b4(c.clockTolerance);break;case"number":g=c.clockTolerance;break;case"undefined":g=0;break;default:throw TypeError("Invalid clockTolerance option type")}let{currentDate:o}=c,p=b2(o||new Date);if((void 0!==f.iat||m)&&"number"!=typeof f.iat)throw new aQ('"iat" claim must be a number',f,"iat","invalid");if(void 0!==f.nbf){if("number"!=typeof f.nbf)throw new aQ('"nbf" claim must be a number',f,"nbf","invalid");if(f.nbf>p+g)throw new aQ('"nbf" claim timestamp check failed',f,"nbf","check_failed")}if(void 0!==f.exp){if("number"!=typeof f.exp)throw new aQ('"exp" claim must be a number',f,"exp","invalid");if(f.exp<=p-g)throw new aR('"exp" claim timestamp check failed',f,"exp","check_failed")}if(m){let a=p-f.iat;if(a-g>("number"==typeof m?m:b4(m)))throw new aR('"iat" claim timestamp check failed (too far in the past)',f,"iat","check_failed");if(a<0-g)throw new aQ('"iat" claim timestamp check failed (it should be in the past)',f,"iat","check_failed")}return f}class b8{#j;constructor(a){if(!bE(a))throw TypeError("JWT Claims Set MUST be an object");this.#j=structuredClone(a)}data(){return av.encode(JSON.stringify(this.#j))}get iss(){return this.#j.iss}set iss(a){this.#j.iss=a}get sub(){return this.#j.sub}set sub(a){this.#j.sub=a}get aud(){return this.#j.aud}set aud(a){this.#j.aud=a}set jti(a){this.#j.jti=a}set nbf(a){"number"==typeof a?this.#j.nbf=b5("setNotBefore",a):a instanceof Date?this.#j.nbf=b5("setNotBefore",b2(a)):this.#j.nbf=b2(new Date)+b4(a)}set exp(a){"number"==typeof a?this.#j.exp=b5("setExpirationTime",a):a instanceof Date?this.#j.exp=b5("setExpirationTime",b2(a)):this.#j.exp=b2(new Date)+b4(a)}set iat(a){void 0===a?this.#j.iat=b2(new Date):a instanceof Date?this.#j.iat=b5("setIssuedAt",b2(a)):"string"==typeof a?this.#j.iat=b5("setIssuedAt",b2(new Date)+b4(a)):this.#j.iat=b5("setIssuedAt",a)}}class b9{#f;#g;#h;#b;#k;#l;#m;#n;constructor(a={}){this.#n=new b8(a)}setIssuer(a){return this.#n.iss=a,this}setSubject(a){return this.#n.sub=a,this}setAudience(a){return this.#n.aud=a,this}setJti(a){return this.#n.jti=a,this}setNotBefore(a){return this.#n.nbf=a,this}setExpirationTime(a){return this.#n.exp=a,this}setIssuedAt(a){return this.#n.iat=a,this}setProtectedHeader(a){return aF(this.#b,"setProtectedHeader"),this.#b=a,this}setKeyManagementParameters(a){return aF(this.#h,"setKeyManagementParameters"),this.#h=a,this}setContentEncryptionKey(a){return aF(this.#f,"setContentEncryptionKey"),this.#f=a,this}setInitializationVector(a){return aF(this.#g,"setInitializationVector"),this.#g=a,this}replicateIssuerAsHeader(){return this.#k=!0,this}replicateSubjectAsHeader(){return this.#l=!0,this}replicateAudienceAsHeader(){return this.#m=!0,this}async encrypt(a,b){let c=new b1(this.#n.data());return this.#b&&(this.#k||this.#l||this.#m)&&(this.#b={...this.#b,iss:this.#k?this.#n.iss:void 0,sub:this.#l?this.#n.sub:void 0,aud:this.#m?this.#n.aud:void 0}),c.setProtectedHeader(this.#b),this.#g&&c.setInitializationVector(this.#g),this.#f&&c.setContentEncryptionKey(this.#f),this.#h&&c.setKeyManagementParameters(this.#h),c.encrypt(a,b)}}class ca{#j;#b;#d;constructor(a){if(!(a instanceof Uint8Array))throw TypeError("payload must be an instance of Uint8Array");this.#j=a}setProtectedHeader(a){return aF(this.#b,"setProtectedHeader"),this.#b=a,this}setUnprotectedHeader(a){return aF(this.#d,"setUnprotectedHeader"),this.#d=a,this}async sign(a,b){let c,d,e,f;if(!this.#b&&!this.#d)throw new aW("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!bF(this.#b,this.#d))throw new aW("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let g={...this.#b,...this.#d},h=bV(aW,new Map([["b64",!0]]),b?.crit,this.#b,g),i=!0;if(h.has("b64")&&"boolean"!=typeof(i=this.#b.b64))throw new aW('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:j}=g;if("string"!=typeof j||!j)throw new aW('JWS "alg" (Algorithm) Header Parameter missing or invalid');bY(j,a,"sign"),i?d=aB(c=aD(this.#j)):(d=this.#j,c=""),this.#b?f=aB(e=aD(JSON.stringify(this.#b))):(e="",f=new Uint8Array);let k=ax(f,aB("."),d),l=await bL(a,j),m={signature:aD(await bz(j,l,k)),payload:c};return this.#d&&(m.header=this.#d),this.#b&&(m.protected=e),m}}class cb{#i;constructor(a){this.#i=new ca(a)}setProtectedHeader(a){return this.#i.setProtectedHeader(a),this}async sign(a,b){let c=await this.#i.sign(a,b);if(void 0===c.payload)throw TypeError("use the flattened module for creating JWS with b64: false");return`${c.protected}.${c.payload}.${c.signature}`}}class cc{#b;#n;constructor(a={}){this.#n=new b8(a)}setIssuer(a){return this.#n.iss=a,this}setSubject(a){return this.#n.sub=a,this}setAudience(a){return this.#n.aud=a,this}setJti(a){return this.#n.jti=a,this}setNotBefore(a){return this.#n.nbf=a,this}setExpirationTime(a){return this.#n.exp=a,this}setIssuedAt(a){return this.#n.iat=a,this}setProtectedHeader(a){return this.#b=a,this}async sign(a,b){let c=new cb(this.#n.data());if(c.setProtectedHeader(this.#b),Array.isArray(this.#b?.crit)&&this.#b.crit.includes("b64")&&!1===this.#b.b64)throw new aX("JWTs MUST NOT use unencoded payload");return c.sign(a,b)}}var cd=a.i(736256),cd=cd;let ce=(a,b)=>{if("string"!=typeof a||!a)throw new aY(`${b} missing or invalid`)};async function cf(a,b){let c,d;if(bG(a))c=a;else if(a5(a))c=await bO(a);else throw TypeError(aN(a,"CryptoKey","KeyObject","JSON Web Key"));if("sha256"!==(b??="sha256")&&"sha384"!==b&&"sha512"!==b)throw TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"');switch(c.kty){case"AKP":ce(c.alg,'"alg" (Algorithm) Parameter'),ce(c.pub,'"pub" (Public key) Parameter'),d={alg:c.alg,kty:c.kty,pub:c.pub};break;case"EC":ce(c.crv,'"crv" (Curve) Parameter'),ce(c.x,'"x" (X Coordinate) Parameter'),ce(c.y,'"y" (Y Coordinate) Parameter'),d={crv:c.crv,kty:c.kty,x:c.x,y:c.y};break;case"OKP":ce(c.crv,'"crv" (Subtype of Key Pair) Parameter'),ce(c.x,'"x" (Public Key) Parameter'),d={crv:c.crv,kty:c.kty,x:c.x};break;case"RSA":ce(c.e,'"e" (Exponent) Parameter'),ce(c.n,'"n" (Modulus) Parameter'),d={e:c.e,kty:c.kty,n:c.n};break;case"oct":ce(c.k,'"k" (Key Value) Parameter'),d={k:c.k,kty:c.kty};break;default:throw new aT('"kty" (Key Type) Parameter missing or unsupported')}let e=aB(JSON.stringify(d));return aD(await aH(b,e))}function cg(a){let b;if("string"==typeof a){let c=a.split(".");(3===c.length||5===c.length)&&([b]=c)}else if("object"==typeof a&&a)if("protected"in a)b=a.protected;else throw TypeError("Token does not contain a Protected Header");try{if("string"!=typeof b||!b)throw Error();let a=JSON.parse(aw.decode(aC(b)));if(!bE(a))throw Error();return a}catch{throw TypeError("Invalid Token or Protected Header formatting")}}function ch(a,b){if(void 0!==b&&(!Array.isArray(b)||b.some(a=>"string"!=typeof a)))throw TypeError(`"${a}" option must be an array of strings`);if(b)return new Set(b)}async function ci(a,b,c){let d,e,f,g,h,i;if(!bE(a))throw new aV("Flattened JWE must be an object");if(void 0===a.protected&&void 0===a.header&&void 0===a.unprotected)throw new aV("JOSE Header missing");if(void 0!==a.iv&&"string"!=typeof a.iv)throw new aV("JWE Initialization Vector incorrect type");if("string"!=typeof a.ciphertext)throw new aV("JWE Ciphertext missing or incorrect type");if(void 0!==a.tag&&"string"!=typeof a.tag)throw new aV("JWE Authentication Tag incorrect type");if(void 0!==a.protected&&"string"!=typeof a.protected)throw new aV("JWE Protected Header incorrect type");if(void 0!==a.encrypted_key&&"string"!=typeof a.encrypted_key)throw new aV("JWE Encrypted Key incorrect type");if(void 0!==a.aad&&"string"!=typeof a.aad)throw new aV("JWE AAD incorrect type");if(void 0!==a.header&&!bE(a.header))throw new aV("JWE Shared Unprotected Header incorrect type");if(void 0!==a.unprotected&&!bE(a.unprotected))throw new aV("JWE Per-Recipient Unprotected Header incorrect type");if(a.protected)try{let b=aC(a.protected);d=JSON.parse(aw.decode(b))}catch{throw new aV("JWE Protected Header is invalid")}if(!bF(d,a.header,a.unprotected))throw new aV("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");let j={...d,...a.header,...a.unprotected};if(bV(aV,new Map,c?.crit,d,j),void 0!==j.zip&&"DEF"!==j.zip)throw new aT('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value.');if(void 0!==j.zip&&!d?.zip)throw new aV('JWE "zip" (Compression Algorithm) Header Parameter MUST be in a protected header.');let{alg:k,enc:l}=j;if("string"!=typeof k||!k)throw new aV("missing JWE Algorithm (alg) in JWE Header");if("string"!=typeof l||!l)throw new aV("missing JWE Encryption Algorithm (enc) in JWE Header");let m=c&&ch("keyManagementAlgorithms",c.keyManagementAlgorithms),n=c&&ch("contentEncryptionAlgorithms",c.contentEncryptionAlgorithms);if(m&&!m.has(k)||!m&&k.startsWith("PBES2"))throw new aS('"alg" (Algorithm) Header Parameter value not allowed');if(n&&!n.has(l))throw new aS('"enc" (Encryption Algorithm) Header Parameter value not allowed');void 0!==a.encrypted_key&&(e=aG(a.encrypted_key,"encrypted_key",aV));let o=!1;"function"==typeof b&&(b=await b(d,a),o=!0),bY("dir"===k?l:k,b,"decrypt");let p=await bL(b,k);try{f=await bT(k,p,e,j,c)}catch(a){if(a instanceof TypeError||a instanceof aV||a instanceof aT)throw a;f=a7(l)}void 0!==a.iv&&(g=aG(a.iv,"iv",aV)),void 0!==a.tag&&(h=aG(a.tag,"tag",aV));let q=void 0!==a.protected?aB(a.protected):new Uint8Array;i=void 0!==a.aad?ax(q,aB("."),aB(a.aad)):q;let r=aG(a.ciphertext,"ciphertext",aV),s=await bk(l,f,r,g,h,i),t={plaintext:s};if("DEF"===j.zip){let a=c?.maxDecompressedLength??25e4;if(0===a)throw new aT('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');if(a!==1/0&&(!Number.isSafeInteger(a)||a<1))throw TypeError("maxDecompressedLength must be 0, a positive safe integer, or Infinity");t.plaintext=await b_(s,a).catch(a=>{if(a instanceof aV)throw a;throw new aV("Failed to decompress plaintext",{cause:a})})}return(void 0!==a.protected&&(t.protectedHeader=d),void 0!==a.aad&&(t.additionalAuthenticatedData=aG(a.aad,"aad",aV)),void 0!==a.unprotected&&(t.sharedUnprotectedHeader=a.unprotected),void 0!==a.header&&(t.unprotectedHeader=a.header),o)?{...t,key:p}:t}async function cj(a,b,c){if(a instanceof Uint8Array&&(a=aw.decode(a)),"string"!=typeof a)throw new aV("Compact JWE must be a string or Uint8Array");let{0:d,1:e,2:f,3:g,4:h,length:i}=a.split(".");if(5!==i)throw new aV("Invalid Compact JWE");let j=await ci({ciphertext:g,iv:f||void 0,protected:d,tag:h||void 0,encrypted_key:e||void 0},b,c),k={plaintext:j.plaintext,protectedHeader:j.protectedHeader};return"function"==typeof b?{...k,key:j.key}:k}async function ck(a,b,c){let d=await cj(a,b,c),e=b7(d.protectedHeader,d.plaintext,c),{protectedHeader:f}=d;if(void 0!==f.iss&&f.iss!==e.iss)throw new aQ('replicated "iss" claim header parameter mismatch',e,"iss","mismatch");if(void 0!==f.sub&&f.sub!==e.sub)throw new aQ('replicated "sub" claim header parameter mismatch',e,"sub","mismatch");if(void 0!==f.aud&&JSON.stringify(f.aud)!==JSON.stringify(e.aud))throw new aQ('replicated "aud" claim header parameter mismatch',e,"aud","mismatch");let g={payload:e,protectedHeader:f};return"function"==typeof b?{...g,key:d.key}:g}async function cl(a,b,c){if(!bE(a))throw new aW("Flattened JWS must be an object");if(void 0===a.protected&&void 0===a.header)throw new aW('Flattened JWS must have either of the "protected" or "header" members');if(void 0!==a.protected&&"string"!=typeof a.protected)throw new aW("JWS Protected Header incorrect type");if(void 0===a.payload)throw new aW("JWS Payload missing");if("string"!=typeof a.signature)throw new aW("JWS Signature missing or incorrect type");if(void 0!==a.header&&!bE(a.header))throw new aW("JWS Unprotected Header incorrect type");let d={};if(a.protected)try{let b=aC(a.protected);d=JSON.parse(aw.decode(b))}catch{throw new aW("JWS Protected Header is invalid")}if(!bF(d,a.header))throw new aW("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let e={...d,...a.header},f=bV(aW,new Map([["b64",!0]]),c?.crit,d,e),g=!0;if(f.has("b64")&&"boolean"!=typeof(g=d.b64))throw new aW('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:h}=e;if("string"!=typeof h||!h)throw new aW('JWS "alg" (Algorithm) Header Parameter missing or invalid');let i=c&&ch("algorithms",c.algorithms);if(i&&!i.has(h))throw new aS('"alg" (Algorithm) Header Parameter value not allowed');if(g){if("string"!=typeof a.payload)throw new aW("JWS Payload must be a string")}else if("string"!=typeof a.payload&&!(a.payload instanceof Uint8Array))throw new aW("JWS Payload must be a string or an Uint8Array instance");let j=!1;"function"==typeof b&&(b=await b(d,a),j=!0),bY(h,b,"verify");let k=ax(void 0!==a.protected?aB(a.protected):new Uint8Array,aB("."),"string"==typeof a.payload?g?aB(a.payload):av.encode(a.payload):a.payload),l=aG(a.signature,"signature",aW),m=await bL(b,h);if(!await bA(h,m,l,k))throw new a1;let n={payload:g?aG(a.payload,"payload",aW):"string"==typeof a.payload?av.encode(a.payload):a.payload};return(void 0!==a.protected&&(n.protectedHeader=d),void 0!==a.header&&(n.unprotectedHeader=a.header),j)?{...n,key:m}:n}async function cm(a,b,c){if(a instanceof Uint8Array&&(a=aw.decode(a)),"string"!=typeof a)throw new aW("Compact JWS must be a string or Uint8Array");let{0:d,1:e,2:f,length:g}=a.split(".");if(3!==g)throw new aW("Invalid Compact JWS");let h=await cl({payload:e,protected:d,signature:f},b,c),i={payload:h.payload,protectedHeader:h.protectedHeader};return"function"==typeof b?{...i,key:h.key}:i}async function cn(a,b,c){let d=await cm(a,b,c);if(d.protectedHeader.crit?.includes("b64")&&!1===d.protectedHeader.b64)throw new aX("JWTs MUST NOT use unencoded payload");let e={payload:b7(d.protectedHeader,d.payload,c),protectedHeader:d.protectedHeader};return"function"==typeof b?{...e,key:d.key}:e}async function co(a,b,c=3600){return await new cc(a).setProtectedHeader({alg:"HS256"}).setIssuedAt().setExpirationTime(Math.floor(Date.now()/1e3)+c).sign(new TextEncoder().encode(b))}async function cp(a,b){try{return(await cn(a,new TextEncoder().encode(b))).payload}catch{return null}}let cq=new Uint8Array([66,101,116,116,101,114,65,117,116,104,46,106,115,32,71,101,110,101,114,97,116,101,100,32,69,110,99,114,121,112,116,105,111,110,32,75,101,121]),cr="A256CBC-HS512";function cs(a,b){var c,d,e;return c=new TextEncoder().encode(a),d=new TextEncoder().encode(b),function(a,b,c,d=32){W(a),U(d,"length"),V(b,void 0,"prk");let e=a.outputLen;if(b.length<e)throw Error('"prk" must be at least HashLen octets');if(d>255*e)throw Error("Length must be <= 255*HashLen");let f=Math.ceil(d/e);void 0===c?c=ad:V(c,void 0,"info");let g=new Uint8Array(f*e),h=ab.create(a,b),i=h._cloneInto(),j=new Uint8Array(h.outputLen);for(let a=0;a<f;a++)ac[0]=a+1,i.update(0===a?ad:j).update(c).update(ac).digestInto(j),g.set(j,e*a),h._cloneInto(i);return h.destroy(),i.destroy(),Z(j,ac),g.slice(0,d)}(au,(e=d,W(au),void 0===e&&(e=new Uint8Array(au.outputLen)),ab(au,e,c)),cq,64)}function ct(a){if("string"==typeof a)return[{version:0,value:a}];let b=[];for(let[c,d]of a.keys)b.push({version:c,value:d});return a.legacySecret&&!b.some(b=>b.value===a.legacySecret)&&b.push({version:-1,value:a.legacySecret}),b}async function cu(a,b,c,d=3600){let e=cs(function(a){if("string"==typeof a)return a;let b=a.keys.get(a.currentVersion);if(!b)throw Error(`Secret version ${a.currentVersion} not found in keys`);return b}(b),c),f=await cf({kty:"oct",k:cd.encode(e)},"sha256");return await new b9(a).setProtectedHeader({alg:"dir",enc:cr,kid:f}).setIssuedAt().setExpirationTime((Date.now()/1e3|0)+d).setJti(crypto.randomUUID()).encrypt(e)}let cv={clockTolerance:15,keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[cr,"A256GCM"]};async function cw(a,b,c){if(!a)return null;let d=!1;try{d=void 0!==cg(a).kid}catch{return null}try{let d=ct(b),{payload:e}=await ck(a,async a=>{let b=a.kid;if(void 0!==b){for(let a of d){let d=cs(a.value,c);if(b===await cf({kty:"oct",k:cd.encode(d)},"sha256"))return d}throw Error("no matching decryption secret")}return d.length,cs(d[0].value,c)},cv);return e}catch{if(d)return null;let e=ct(b);if(e.length<=1)return null;for(let b=1;b<e.length;b++)try{let d=e[b],{payload:f}=await ck(a,cs(d.value,c),cv);return f}catch{continue}return null}}var cx=a.i(238696);function cy(a,b){if(!a||!b)return a;let c=Object.entries(b).filter(([,{returned:a}])=>!1===a).map(([a])=>a);return Object.entries(structuredClone(a)).filter(([a])=>!c.includes(a)).reduce((a,[b,c])=>({...a,[b]:c}),{})}let cz=new WeakMap;function cA(a,b,c){let d=`${b}:${c}`;cz.has(a)||cz.set(a,new Map);let e=cz.get(a);if(e.has(d))return e.get(d);let f="output"===c?(0,v.getAuthTables)(a)[b]?.fields??{}:{},g="user"===b||"session"===b||"account"===b?a[b]?.additionalFields:void 0,h={...f,...g??{}};for(let c of a.plugins||[])c.schema&&c.schema[b]&&(h={...h,...c.schema[b].fields});return e.set(d,h),h}function cB(a,b){return cy(b,cA(a,"user","output"))}function cC(a,b){let c=cA(a,"user","output"),d={};for(let a in c){let e=c[a];!1!==e.returned&&(a in b&&void 0!==b[a]?d[a]=b[a]:void 0!==e.defaultValue?d[a]="function"==typeof e.defaultValue?e.defaultValue():e.defaultValue:e.required||(d[a]=null))}return"id"in b&&(d.id=b.id),d}function cD(a,b){return cy(b,cA(a,"session","output"))}function cE(a,b){let c=b.action||"create",d=b.fields,e=Object.create(null);for(let b in d){if(b in a){if(!1===d[b].input){if(void 0!==d[b].defaultValue&&"update"!==c){e[b]=d[b].defaultValue;continue}if(a[b])throw y.APIError.from("BAD_REQUEST",{...cx.BASE_ERROR_CODES.FIELD_NOT_ALLOWED,message:`${b} is not allowed to be set`});continue}if(d[b].validator?.input&&void 0!==a[b]){let c=d[b].validator.input["~standard"].validate(a[b]);if(c instanceof Promise)throw y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.ASYNC_VALIDATION_NOT_SUPPORTED);if("issues"in c&&c.issues)throw y.APIError.from("BAD_REQUEST",{...cx.BASE_ERROR_CODES.VALIDATION_ERROR,message:c.issues[0]?.message||"Validation Error"});e[b]=c.value;continue}if(d[b].transform?.input&&void 0!==a[b]){e[b]=d[b].transform?.input(a[b]);continue}e[b]=a[b];continue}if(void 0!==d[b].defaultValue&&"create"===c){if("function"==typeof d[b].defaultValue){e[b]=d[b].defaultValue();continue}e[b]=d[b].defaultValue;continue}if(d[b].required&&"create"===c)throw y.APIError.from("BAD_REQUEST",{...cx.BASE_ERROR_CODES.MISSING_FIELD,message:`${b} is required`})}return e}function cF(a,b={},c){return cE(b,{fields:cA(a,"user","input"),action:c})}let cG=(a,b="ms")=>new Date(Date.now()+("sec"===b?1e3*a:a)),cH=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|months?|mo|years?|yrs?|y)(?: (ago|from now))?$/i;function cI(a){if(-1===a.indexOf("%"))return a;try{return decodeURIComponent(a)}catch{return a}}function cJ(a){if(!a)return[];let b=[],c=0,d=0;for(;d<a.length;){if(","===a[d]){let e=d+1;for(;e<a.length&&" "===a[e];)e++;for(;e<a.length&&"="!==a[e]&&";"!==a[e]&&","!==a[e];)e++;if(e<a.length&&"="===a[e]){let e=a.slice(c,d).trim();for(e&&b.push(e),c=d+1;c<a.length&&" "===a[c];)c++;d=c;continue}}d++}let e=a.slice(c).trim();return e&&b.push(e),b}let cK=/^[\w!#$%&'*.^`|~+-]+$/,cL=/^[ !#-:<-[\]-~]*$/;function cM(a){return!(a.length<2)&&a.startsWith('"')&&a.endsWith('"')?a.slice(1,-1):a}function cN(a){let b=0,c=a.length;for(;b<c;){let c=a.charCodeAt(b);if(32!==c&&9!==c)break;b++}for(;c>b;){let b=a.charCodeAt(c-1);if(32!==b&&9!==b)break;c--}return 0===b&&c===a.length?a:a.slice(b,c)}function cO(a){let b=new Map;if(a.length<2)return b;for(let c of a.split(";")){let a=c.indexOf("=");if(-1===a)continue;let d=cN(c.slice(0,a)),e=cM(cN(c.slice(a+1)));cK.test(d)&&cL.test(e)&&b.set(d,cI(e))}return b}var cP=a.i(92929);function cQ(a,b,c){function d(c,d){if(c._zod||Object.defineProperty(c,"_zod",{value:{def:d,constr:g,traits:new Set},enumerable:!1}),c._zod.traits.has(a))return;c._zod.traits.add(a),b(c,d);let e=g.prototype,f=Object.keys(e);for(let a=0;a<f.length;a++){let b=f[a];b in c||(c[b]=e[b].bind(c))}}let e=c?.Parent??Object;class f extends e{}function g(a){var b;let e=c?.Parent?new f:this;for(let c of(d(e,a),(b=e._zod).deferred??(b.deferred=[]),e._zod.deferred))c();return e}return Object.defineProperty(f,"name",{value:a}),Object.defineProperty(g,"init",{value:d}),Object.defineProperty(g,Symbol.hasInstance,{value:b=>!!c?.Parent&&b instanceof c.Parent||b?._zod?.traits?.has(a)}),Object.defineProperty(g,"name",{value:a}),g}Symbol("zod_brand");class cR extends Error{constructor(){super("Encountered Promise during synchronous parse. Use .parseAsync() instead.")}}class cS extends Error{constructor(a){super(`Encountered unidirectional transform during encode: ${a}`),this.name="ZodEncodeError"}}(r=globalThis).__zod_globalConfig??(r.__zod_globalConfig={});let cT=globalThis.__zod_globalConfig;function cU(a){return a&&Object.assign(cT,a),cT}function cV(a){let b=Object.values(a).filter(a=>"number"==typeof a);return Object.entries(a).filter(([a,c])=>-1===b.indexOf(+a)).map(([a,b])=>b)}function cW(a,b){return"bigint"==typeof b?b.toString():b}function cX(a){return{get value(){{let b=a();return Object.defineProperty(this,"value",{value:b}),b}}}}function cY(a){return null==a}function cZ(a){let b=+!!a.startsWith("^"),c=a.endsWith("$")?a.length-1:a.length;return a.slice(b,c)}function c$(a,b){let c=a/b,d=Math.round(c),e=Number.EPSILON*Math.max(Math.abs(c),1);return Math.abs(c-d)<e?0:c-d}let c_=Symbol("evaluating");function c0(a,b,c){let d;Object.defineProperty(a,b,{get(){if(d!==c_)return void 0===d&&(d=c_,d=c()),d},set(c){Object.defineProperty(a,b,{value:c})},configurable:!0})}function c1(a,b,c){Object.defineProperty(a,b,{value:c,writable:!0,enumerable:!0,configurable:!0})}function c2(...a){let b={};for(let c of a)Object.assign(b,Object.getOwnPropertyDescriptors(c));return Object.defineProperties({},b)}function c3(a){return JSON.stringify(a)}function c4(a){return a.toLowerCase().trim().replace(/[^\w\s-]/g,"").replace(/[\s_-]+/g,"-").replace(/^-+|-+$/g,"")}let c5="captureStackTrace"in Error?Error.captureStackTrace:(...a)=>{};function c6(a){return"object"==typeof a&&null!==a&&!Array.isArray(a)}let c7=cX(()=>{if(cT.jitless||"u">typeof navigator&&navigator?.userAgent?.includes("Cloudflare"))return!1;try{return Function(""),!0}catch(a){return!1}});function c8(a){if(!1===c6(a))return!1;let b=a.constructor;if(void 0===b||"function"!=typeof b)return!0;let c=b.prototype;return!1!==c6(c)&&!1!==Object.prototype.hasOwnProperty.call(c,"isPrototypeOf")}let c9=new Set(["string","number","symbol"]),da=new Set(["string","number","bigint","boolean","symbol","undefined"]);function db(a){return a.replace(/[.*+?^${}()|[\]\\]/g,"\\$&")}function dc(a,b,c){let d=new a._zod.constr(b??a._zod.def);return(!b||c?.parent)&&(d._zod.parent=a),d}function dd(a){if(!a)return{};if("string"==typeof a)return{error:()=>a};if(a?.message!==void 0){if(a?.error!==void 0)throw Error("Cannot specify both `message` and `error` params");a.error=a.message}return(delete a.message,"string"==typeof a.error)?{...a,error:()=>a.error}:a}function de(a){return"bigint"==typeof a?a.toString()+"n":"string"==typeof a?`"${a}"`:`${a}`}function df(a){return Object.keys(a).filter(b=>"optional"===a[b]._zod.optin&&"optional"===a[b]._zod.optout)}let dg={safeint:[Number.MIN_SAFE_INTEGER,Number.MAX_SAFE_INTEGER],int32:[-0x80000000,0x7fffffff],uint32:[0,0xffffffff],float32:[-34028234663852886e22,34028234663852886e22],float64:[-Number.MAX_VALUE,Number.MAX_VALUE]},dh={int64:[BigInt("-9223372036854775808"),BigInt("9223372036854775807")],uint64:[BigInt(0),BigInt("18446744073709551615")]};function di(a,b=0){if(!0===a.aborted)return!0;for(let c=b;c<a.issues.length;c++)if(a.issues[c]?.continue!==!0)return!0;return!1}function dj(a,b=0){if(!0===a.aborted)return!0;for(let c=b;c<a.issues.length;c++)if(a.issues[c]?.continue===!1)return!0;return!1}function dk(a,b){return b.map(b=>(b.path??(b.path=[]),b.path.unshift(a),b))}function dl(a){return"string"==typeof a?a:a?.message}function dm(a,b,c){let d=a.message?a.message:dl(a.inst?._zod.def?.error?.(a))??dl(b?.error?.(a))??dl(c.customError?.(a))??dl(c.localeError?.(a))??"Invalid input",{inst:e,continue:f,input:g,...h}=a;return h.path??(h.path=[]),h.message=d,b?.reportInput&&(h.input=g),h}function dn(a){return a instanceof Set?"set":a instanceof Map?"map":a instanceof File?"file":"unknown"}function dp(a){return Array.isArray(a)?"array":"string"==typeof a?"string":"unknown"}function dq(...a){let[b,c,d]=a;return"string"==typeof b?{message:b,code:"custom",input:c,inst:d}:{...b}}function dr(a){let b=atob(a),c=new Uint8Array(b.length);for(let a=0;a<b.length;a++)c[a]=b.charCodeAt(a);return c}function ds(a){let b="";for(let c=0;c<a.length;c++)b+=String.fromCharCode(a[c]);return btoa(b)}a.s(["BIGINT_FORMAT_RANGES",0,dh,"Class",0,class{constructor(...a){}},"NUMBER_FORMAT_RANGES",0,dg,"aborted",0,di,"allowsEval",0,c7,"assert",0,function(a){},"assertEqual",0,function(a){return a},"assertIs",0,function(a){},"assertNever",0,function(a){throw Error("Unexpected value in exhaustive check")},"assertNotEqual",0,function(a){return a},"assignProp",0,c1,"base64ToUint8Array",0,dr,"base64urlToUint8Array",0,function(a){let b=a.replace(/-/g,"+").replace(/_/g,"/"),c="=".repeat((4-b.length%4)%4);return dr(b+c)},"cached",0,cX,"captureStackTrace",0,c5,"cleanEnum",0,function(a){return Object.entries(a).filter(([a,b])=>Number.isNaN(Number.parseInt(a,10))).map(a=>a[1])},"cleanRegex",0,cZ,"clone",0,dc,"cloneDef",0,function(a){return c2(a._zod.def)},"createTransparentProxy",0,function(a){let b;return new Proxy({},{get:(c,d,e)=>(b??(b=a()),Reflect.get(b,d,e)),set:(c,d,e,f)=>(b??(b=a()),Reflect.set(b,d,e,f)),has:(c,d)=>(b??(b=a()),Reflect.has(b,d)),deleteProperty:(c,d)=>(b??(b=a()),Reflect.deleteProperty(b,d)),ownKeys:c=>(b??(b=a()),Reflect.ownKeys(b)),getOwnPropertyDescriptor:(c,d)=>(b??(b=a()),Reflect.getOwnPropertyDescriptor(b,d)),defineProperty:(c,d,e)=>(b??(b=a()),Reflect.defineProperty(b,d,e))})},"defineLazy",0,c0,"esc",0,c3,"escapeRegex",0,db,"explicitlyAborted",0,dj,"extend",0,function(a,b){if(!c8(b))throw Error("Invalid input to extend: expected a plain object");let c=a._zod.def.checks;if(c&&c.length>0){let c=a._zod.def.shape;for(let a in b)if(void 0!==Object.getOwnPropertyDescriptor(c,a))throw Error("Cannot overwrite keys on object schemas containing refinements. Use `.safeExtend()` instead.")}let d=c2(a._zod.def,{get shape(){let c={...a._zod.def.shape,...b};return c1(this,"shape",c),c}});return dc(a,d)},"finalizeIssue",0,dm,"floatSafeRemainder",0,c$,"getElementAtPath",0,function(a,b){return b?b.reduce((a,b)=>a?.[b],a):a},"getEnumValues",0,cV,"getLengthableOrigin",0,dp,"getParsedType",0,a=>{let b=typeof a;switch(b){case"undefined":return"undefined";case"string":return"string";case"number":return Number.isNaN(a)?"nan":"number";case"boolean":return"boolean";case"function":return"function";case"bigint":return"bigint";case"symbol":return"symbol";case"object":if(Array.isArray(a))return"array";if(null===a)return"null";if(a.then&&"function"==typeof a.then&&a.catch&&"function"==typeof a.catch)return"promise";if("u">typeof Map&&a instanceof Map)return"map";if("u">typeof Set&&a instanceof Set)return"set";if("u">typeof Date&&a instanceof Date)return"date";if("u">typeof File&&a instanceof File)return"file";return"object";default:throw Error(`Unknown data type: ${b}`)}},"getSizableOrigin",0,dn,"hexToUint8Array",0,function(a){let b=a.replace(/^0x/,"");if(b.length%2!=0)throw Error("Invalid hex string length");let c=new Uint8Array(b.length/2);for(let a=0;a<b.length;a+=2)c[a/2]=Number.parseInt(b.slice(a,a+2),16);return c},"isObject",0,c6,"isPlainObject",0,c8,"issue",0,dq,"joinValues",0,function(a,b="|"){return a.map(a=>de(a)).join(b)},"jsonStringifyReplacer",0,cW,"merge",0,function(a,b){if(a._zod.def.checks?.length)throw Error(".merge() cannot be used on object schemas containing refinements. Use .safeExtend() instead.");let c=c2(a._zod.def,{get shape(){let c={...a._zod.def.shape,...b._zod.def.shape};return c1(this,"shape",c),c},get catchall(){return b._zod.def.catchall},checks:b._zod.def.checks??[]});return dc(a,c)},"mergeDefs",0,c2,"normalizeParams",0,dd,"nullish",0,cY,"numKeys",0,function(a){let b=0;for(let c in a)Object.prototype.hasOwnProperty.call(a,c)&&b++;return b},"objectClone",0,function(a){return Object.create(Object.getPrototypeOf(a),Object.getOwnPropertyDescriptors(a))},"omit",0,function(a,b){let c=a._zod.def,d=c.checks;if(d&&d.length>0)throw Error(".omit() cannot be used on object schemas containing refinements");let e=c2(a._zod.def,{get shape(){let d={...a._zod.def.shape};for(let a in b){if(!(a in c.shape))throw Error(`Unrecognized key: "${a}"`);b[a]&&delete d[a]}return c1(this,"shape",d),d},checks:[]});return dc(a,e)},"optionalKeys",0,df,"parsedType",0,function(a){let b=typeof a;switch(b){case"number":return Number.isNaN(a)?"nan":"number";case"object":if(null===a)return"null";if(Array.isArray(a))return"array";if(a&&Object.getPrototypeOf(a)!==Object.prototype&&"constructor"in a&&a.constructor)return a.constructor.name}return b},"partial",0,function(a,b,c){let d=b._zod.def.checks;if(d&&d.length>0)throw Error(".partial() cannot be used on object schemas containing refinements");let e=c2(b._zod.def,{get shape(){let d=b._zod.def.shape,e={...d};if(c)for(let b in c){if(!(b in d))throw Error(`Unrecognized key: "${b}"`);c[b]&&(e[b]=a?new a({type:"optional",innerType:d[b]}):d[b])}else for(let b in d)e[b]=a?new a({type:"optional",innerType:d[b]}):d[b];return c1(this,"shape",e),e},checks:[]});return dc(b,e)},"pick",0,function(a,b){let c=a._zod.def,d=c.checks;if(d&&d.length>0)throw Error(".pick() cannot be used on object schemas containing refinements");let e=c2(a._zod.def,{get shape(){let a={};for(let d in b){if(!(d in c.shape))throw Error(`Unrecognized key: "${d}"`);b[d]&&(a[d]=c.shape[d])}return c1(this,"shape",a),a},checks:[]});return dc(a,e)},"prefixIssues",0,dk,"primitiveTypes",0,da,"promiseAllObject",0,function(a){let b=Object.keys(a);return Promise.all(b.map(b=>a[b])).then(a=>{let c={};for(let d=0;d<b.length;d++)c[b[d]]=a[d];return c})},"propertyKeyTypes",0,c9,"randomString",0,function(a=10){let b="abcdefghijklmnopqrstuvwxyz",c="";for(let d=0;d<a;d++)c+=b[Math.floor(Math.random()*b.length)];return c},"required",0,function(a,b,c){let d=c2(b._zod.def,{get shape(){let d=b._zod.def.shape,e={...d};if(c)for(let b in c){if(!(b in e))throw Error(`Unrecognized key: "${b}"`);c[b]&&(e[b]=new a({type:"nonoptional",innerType:d[b]}))}else for(let b in d)e[b]=new a({type:"nonoptional",innerType:d[b]});return c1(this,"shape",e),e}});return dc(b,d)},"safeExtend",0,function(a,b){if(!c8(b))throw Error("Invalid input to safeExtend: expected a plain object");let c=c2(a._zod.def,{get shape(){let c={...a._zod.def.shape,...b};return c1(this,"shape",c),c}});return dc(a,c)},"shallowClone",0,function(a){return c8(a)?{...a}:Array.isArray(a)?[...a]:a instanceof Map?new Map(a):a instanceof Set?new Set(a):a},"slugify",0,c4,"stringifyPrimitive",0,de,"uint8ArrayToBase64",0,ds,"uint8ArrayToBase64url",0,function(a){return ds(a).replace(/\+/g,"-").replace(/\//g,"_").replace(/=/g,"")},"uint8ArrayToHex",0,function(a){return Array.from(a).map(a=>a.toString(16).padStart(2,"0")).join("")},"unwrapMessage",0,dl],549230);let dt=/^[cC][0-9a-z]{6,}$/,du=/^[0-9a-z]+$/,dv=/^[0-9A-HJKMNP-TV-Za-hjkmnp-tv-z]{26}$/,dw=/^[0-9a-vA-V]{20}$/,dx=/^[A-Za-z0-9]{27}$/,dy=/^[a-zA-Z0-9_-]{21}$/,dz=/^P(?:(\d+W)|(?!.*W)(?=\d|T\d)(\d+Y)?(\d+M)?(\d+D)?(T(?=\d)(\d+H)?(\d+M)?(\d+([.,]\d+)?S)?)?)$/,dA=/^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})$/,dB=a=>a?RegExp(`^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-${a}[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})$`):/^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$/,dC=dB(4),dD=dB(6),dE=dB(7),dF=/^(?!\.)(?!.*\.\.)([A-Za-z0-9_'+\-\.]*)[A-Za-z0-9_+-]@([A-Za-z0-9][A-Za-z0-9\-]*\.)+[A-Za-z]{2,}$/,dG=/^[^\s@"]{1,64}@[^\s@]{1,255}$/u;function dH(){return RegExp("^(\\p{Extended_Pictographic}|\\p{Emoji_Component})+$","u")}let dI=/^(?:(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])$/,dJ=/^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$/,dK=a=>{let b=db(a??":");return RegExp(`^(?:[0-9A-F]{2}${b}){5}[0-9A-F]{2}$|^(?:[0-9a-f]{2}${b}){5}[0-9a-f]{2}$`)},dL=/^((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]|[0-9])\/([0-9]|[1-2][0-9]|3[0-2])$/,dM=/^(([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}|::|([0-9a-fA-F]{1,4})?::([0-9a-fA-F]{1,4}:?){0,6})\/(12[0-8]|1[01][0-9]|[1-9]?[0-9])$/,dN=/^$|^(?:[0-9a-zA-Z+/]{4})*(?:(?:[0-9a-zA-Z+/]{2}==)|(?:[0-9a-zA-Z+/]{3}=))?$/,dO=/^[A-Za-z0-9_-]*$/,dP=/^https?$/,dQ=/^\+[1-9]\d{6,14}$/,dR="(?:(?:\\d\\d[2468][048]|\\d\\d[13579][26]|\\d\\d0[48]|[02468][048]00|[13579][26]00)-02-29|\\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\\d|30)|(?:02)-(?:0[1-9]|1\\d|2[0-8])))",dS=RegExp(`^${dR}$`);function dT(a){let b="(?:[01]\\d|2[0-3]):[0-5]\\d";return"number"==typeof a.precision?-1===a.precision?`${b}`:0===a.precision?`${b}:[0-5]\\d`:`${b}:[0-5]\\d\\.\\d{${a.precision}}`:`${b}(?::[0-5]\\d(?:\\.\\d+)?)?`}function dU(a){return RegExp(`^${dT(a)}$`)}function dV(a){let b=dT({precision:a.precision}),c=["Z"];a.local&&c.push(""),a.offset&&c.push("([+-](?:[01]\\d|2[0-3]):[0-5]\\d)");let d=`${b}(?:${c.join("|")})`;return RegExp(`^${dR}T(?:${d})$`)}let dW=a=>{let b=a?`[\\s\\S]{${a?.minimum??0},${a?.maximum??""}}`:"[\\s\\S]*";return RegExp(`^${b}$`)},dX=/^-?\d+n?$/,dY=/^-?\d+$/,dZ=/^-?\d+(?:\.\d+)?$/,d$=/^(?:true|false)$/i,d_=/^null$/i,d0=/^undefined$/i,d1=/^[^A-Z]*$/,d2=/^[^a-z]*$/;function d3(a,b){return RegExp(`^[A-Za-z0-9+/]{${a}}${b}$`)}function d4(a){return RegExp(`^[A-Za-z0-9_-]{${a}}$`)}let d5=d3(22,"=="),d6=d4(22),d7=d3(27,"="),d8=d4(27),d9=d3(43,"="),ea=d4(43),eb=d3(64,""),ec=d4(64),ed=d3(86,"=="),ee=d4(86);a.s(["base64",0,dN,"base64url",0,dO,"bigint",0,dX,"boolean",0,d$,"browserEmail",0,/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/,"cidrv4",0,dL,"cidrv6",0,dM,"cuid",0,dt,"cuid2",0,du,"date",0,dS,"datetime",0,dV,"domain",0,/^([a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/,"duration",0,dz,"e164",0,dQ,"email",0,dF,"emoji",0,dH,"extendedDuration",0,/^[-+]?P(?!$)(?:(?:[-+]?\d+Y)|(?:[-+]?\d+[.,]\d+Y$))?(?:(?:[-+]?\d+M)|(?:[-+]?\d+[.,]\d+M$))?(?:(?:[-+]?\d+W)|(?:[-+]?\d+[.,]\d+W$))?(?:(?:[-+]?\d+D)|(?:[-+]?\d+[.,]\d+D$))?(?:T(?=[\d+-])(?:(?:[-+]?\d+H)|(?:[-+]?\d+[.,]\d+H$))?(?:(?:[-+]?\d+M)|(?:[-+]?\d+[.,]\d+M$))?(?:[-+]?\d+(?:[.,]\d+)?S)?)??$/,"guid",0,dA,"hex",0,/^[0-9a-fA-F]*$/,"hostname",0,/^(?=.{1,253}\.?$)[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[-0-9a-zA-Z]{0,61}[0-9a-zA-Z])?)*\.?$/,"html5Email",0,/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/,"httpProtocol",0,dP,"idnEmail",0,dG,"integer",0,dY,"ipv4",0,dI,"ipv6",0,dJ,"ksuid",0,dx,"lowercase",0,d1,"mac",0,dK,"md5_base64",0,d5,"md5_base64url",0,d6,"md5_hex",0,/^[0-9a-fA-F]{32}$/,"nanoid",0,dy,"null",0,d_,"number",0,dZ,"rfc5322Email",0,/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,"sha1_base64",0,d7,"sha1_base64url",0,d8,"sha1_hex",0,/^[0-9a-fA-F]{40}$/,"sha256_base64",0,d9,"sha256_base64url",0,ea,"sha256_hex",0,/^[0-9a-fA-F]{64}$/,"sha384_base64",0,eb,"sha384_base64url",0,ec,"sha384_hex",0,/^[0-9a-fA-F]{96}$/,"sha512_base64",0,ed,"sha512_base64url",0,ee,"sha512_hex",0,/^[0-9a-fA-F]{128}$/,"string",0,dW,"time",0,dU,"ulid",0,dv,"undefined",0,d0,"unicodeEmail",0,dG,"uppercase",0,d2,"uuid",0,dB,"uuid4",0,dC,"uuid6",0,dD,"uuid7",0,dE,"xid",0,dw],854018);let ef=cQ("$ZodCheck",(a,b)=>{var c;a._zod??(a._zod={}),a._zod.def=b,(c=a._zod).onattach??(c.onattach=[])}),eg={number:"number",bigint:"bigint",object:"date"},eh=cQ("$ZodCheckLessThan",(a,b)=>{ef.init(a,b);let c=eg[typeof b.value];a._zod.onattach.push(a=>{let c=a._zod.bag,d=(b.inclusive?c.maximum:c.exclusiveMaximum)??1/0;b.value<d&&(b.inclusive?c.maximum=b.value:c.exclusiveMaximum=b.value)}),a._zod.check=d=>{(b.inclusive?d.value<=b.value:d.value<b.value)||d.issues.push({origin:c,code:"too_big",maximum:"object"==typeof b.value?b.value.getTime():b.value,input:d.value,inclusive:b.inclusive,inst:a,continue:!b.abort})}}),ei=cQ("$ZodCheckGreaterThan",(a,b)=>{ef.init(a,b);let c=eg[typeof b.value];a._zod.onattach.push(a=>{let c=a._zod.bag,d=(b.inclusive?c.minimum:c.exclusiveMinimum)??-1/0;b.value>d&&(b.inclusive?c.minimum=b.value:c.exclusiveMinimum=b.value)}),a._zod.check=d=>{(b.inclusive?d.value>=b.value:d.value>b.value)||d.issues.push({origin:c,code:"too_small",minimum:"object"==typeof b.value?b.value.getTime():b.value,input:d.value,inclusive:b.inclusive,inst:a,continue:!b.abort})}}),ej=cQ("$ZodCheckMultipleOf",(a,b)=>{ef.init(a,b),a._zod.onattach.push(a=>{var c;(c=a._zod.bag).multipleOf??(c.multipleOf=b.value)}),a._zod.check=c=>{if(typeof c.value!=typeof b.value)throw Error("Cannot mix number and bigint in multiple_of check.");("bigint"==typeof c.value?c.value%b.value===BigInt(0):0===c$(c.value,b.value))||c.issues.push({origin:typeof c.value,code:"not_multiple_of",divisor:b.value,input:c.value,inst:a,continue:!b.abort})}}),ek=cQ("$ZodCheckNumberFormat",(a,b)=>{ef.init(a,b),b.format=b.format||"float64";let c=b.format?.includes("int"),d=c?"int":"number",[e,f]=dg[b.format];a._zod.onattach.push(a=>{let d=a._zod.bag;d.format=b.format,d.minimum=e,d.maximum=f,c&&(d.pattern=dY)}),a._zod.check=g=>{let h=g.value;if(c){if(!Number.isInteger(h))return void g.issues.push({expected:d,format:b.format,code:"invalid_type",continue:!1,input:h,inst:a});if(!Number.isSafeInteger(h))return void(h>0?g.issues.push({input:h,code:"too_big",maximum:Number.MAX_SAFE_INTEGER,note:"Integers must be within the safe integer range.",inst:a,origin:d,inclusive:!0,continue:!b.abort}):g.issues.push({input:h,code:"too_small",minimum:Number.MIN_SAFE_INTEGER,note:"Integers must be within the safe integer range.",inst:a,origin:d,inclusive:!0,continue:!b.abort}))}h<e&&g.issues.push({origin:"number",input:h,code:"too_small",minimum:e,inclusive:!0,inst:a,continue:!b.abort}),h>f&&g.issues.push({origin:"number",input:h,code:"too_big",maximum:f,inclusive:!0,inst:a,continue:!b.abort})}}),el=cQ("$ZodCheckBigIntFormat",(a,b)=>{ef.init(a,b);let[c,d]=dh[b.format];a._zod.onattach.push(a=>{let e=a._zod.bag;e.format=b.format,e.minimum=c,e.maximum=d}),a._zod.check=e=>{let f=e.value;f<c&&e.issues.push({origin:"bigint",input:f,code:"too_small",minimum:c,inclusive:!0,inst:a,continue:!b.abort}),f>d&&e.issues.push({origin:"bigint",input:f,code:"too_big",maximum:d,inclusive:!0,inst:a,continue:!b.abort})}}),em=cQ("$ZodCheckMaxSize",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.size}),a._zod.onattach.push(a=>{let c=a._zod.bag.maximum??1/0;b.maximum<c&&(a._zod.bag.maximum=b.maximum)}),a._zod.check=c=>{let d=c.value;d.size<=b.maximum||c.issues.push({origin:dn(d),code:"too_big",maximum:b.maximum,inclusive:!0,input:d,inst:a,continue:!b.abort})}}),en=cQ("$ZodCheckMinSize",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.size}),a._zod.onattach.push(a=>{let c=a._zod.bag.minimum??-1/0;b.minimum>c&&(a._zod.bag.minimum=b.minimum)}),a._zod.check=c=>{let d=c.value;d.size>=b.minimum||c.issues.push({origin:dn(d),code:"too_small",minimum:b.minimum,inclusive:!0,input:d,inst:a,continue:!b.abort})}}),eo=cQ("$ZodCheckSizeEquals",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.size}),a._zod.onattach.push(a=>{let c=a._zod.bag;c.minimum=b.size,c.maximum=b.size,c.size=b.size}),a._zod.check=c=>{let d=c.value,e=d.size;if(e===b.size)return;let f=e>b.size;c.issues.push({origin:dn(d),...f?{code:"too_big",maximum:b.size}:{code:"too_small",minimum:b.size},inclusive:!0,exact:!0,input:c.value,inst:a,continue:!b.abort})}}),ep=cQ("$ZodCheckMaxLength",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.length}),a._zod.onattach.push(a=>{let c=a._zod.bag.maximum??1/0;b.maximum<c&&(a._zod.bag.maximum=b.maximum)}),a._zod.check=c=>{let d=c.value;if(d.length<=b.maximum)return;let e=dp(d);c.issues.push({origin:e,code:"too_big",maximum:b.maximum,inclusive:!0,input:d,inst:a,continue:!b.abort})}}),eq=cQ("$ZodCheckMinLength",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.length}),a._zod.onattach.push(a=>{let c=a._zod.bag.minimum??-1/0;b.minimum>c&&(a._zod.bag.minimum=b.minimum)}),a._zod.check=c=>{let d=c.value;if(d.length>=b.minimum)return;let e=dp(d);c.issues.push({origin:e,code:"too_small",minimum:b.minimum,inclusive:!0,input:d,inst:a,continue:!b.abort})}}),er=cQ("$ZodCheckLengthEquals",(a,b)=>{var c;ef.init(a,b),(c=a._zod.def).when??(c.when=a=>{let b=a.value;return!cY(b)&&void 0!==b.length}),a._zod.onattach.push(a=>{let c=a._zod.bag;c.minimum=b.length,c.maximum=b.length,c.length=b.length}),a._zod.check=c=>{let d=c.value,e=d.length;if(e===b.length)return;let f=dp(d),g=e>b.length;c.issues.push({origin:f,...g?{code:"too_big",maximum:b.length}:{code:"too_small",minimum:b.length},inclusive:!0,exact:!0,input:c.value,inst:a,continue:!b.abort})}}),es=cQ("$ZodCheckStringFormat",(a,b)=>{var c,d;ef.init(a,b),a._zod.onattach.push(a=>{let c=a._zod.bag;c.format=b.format,b.pattern&&(c.patterns??(c.patterns=new Set),c.patterns.add(b.pattern))}),b.pattern?(c=a._zod).check??(c.check=c=>{b.pattern.lastIndex=0,b.pattern.test(c.value)||c.issues.push({origin:"string",code:"invalid_format",format:b.format,input:c.value,...b.pattern?{pattern:b.pattern.toString()}:{},inst:a,continue:!b.abort})}):(d=a._zod).check??(d.check=()=>{})}),et=cQ("$ZodCheckRegex",(a,b)=>{es.init(a,b),a._zod.check=c=>{b.pattern.lastIndex=0,b.pattern.test(c.value)||c.issues.push({origin:"string",code:"invalid_format",format:"regex",input:c.value,pattern:b.pattern.toString(),inst:a,continue:!b.abort})}}),eu=cQ("$ZodCheckLowerCase",(a,b)=>{b.pattern??(b.pattern=d1),es.init(a,b)}),ev=cQ("$ZodCheckUpperCase",(a,b)=>{b.pattern??(b.pattern=d2),es.init(a,b)}),ew=cQ("$ZodCheckIncludes",(a,b)=>{ef.init(a,b);let c=db(b.includes),d=new RegExp("number"==typeof b.position?`^.{${b.position}}${c}`:c);b.pattern=d,a._zod.onattach.push(a=>{let b=a._zod.bag;b.patterns??(b.patterns=new Set),b.patterns.add(d)}),a._zod.check=c=>{c.value.includes(b.includes,b.position)||c.issues.push({origin:"string",code:"invalid_format",format:"includes",includes:b.includes,input:c.value,inst:a,continue:!b.abort})}}),ex=cQ("$ZodCheckStartsWith",(a,b)=>{ef.init(a,b);let c=RegExp(`^${db(b.prefix)}.*`);b.pattern??(b.pattern=c),a._zod.onattach.push(a=>{let b=a._zod.bag;b.patterns??(b.patterns=new Set),b.patterns.add(c)}),a._zod.check=c=>{c.value.startsWith(b.prefix)||c.issues.push({origin:"string",code:"invalid_format",format:"starts_with",prefix:b.prefix,input:c.value,inst:a,continue:!b.abort})}}),ey=cQ("$ZodCheckEndsWith",(a,b)=>{ef.init(a,b);let c=RegExp(`.*${db(b.suffix)}$`);b.pattern??(b.pattern=c),a._zod.onattach.push(a=>{let b=a._zod.bag;b.patterns??(b.patterns=new Set),b.patterns.add(c)}),a._zod.check=c=>{c.value.endsWith(b.suffix)||c.issues.push({origin:"string",code:"invalid_format",format:"ends_with",suffix:b.suffix,input:c.value,inst:a,continue:!b.abort})}});(a,b)=>{ef.init(a,b);let c=new Set(b.mime);a._zod.onattach.push(a=>{a._zod.bag.mime=b.mime}),a._zod.check=d=>{c.has(d.value.type)||d.issues.push({code:"invalid_value",values:b.mime,input:d.value.type,inst:a,continue:!b.abort})}};let ez=cQ("$ZodCheckOverwrite",(a,b)=>{ef.init(a,b),a._zod.check=a=>{a.value=b.tx(a.value)}});class eA{constructor(a=[]){this.content=[],this.indent=0,this&&(this.args=a)}indented(a){this.indent+=1,a(this),this.indent-=1}write(a){if("function"==typeof a){a(this,{execution:"sync"}),a(this,{execution:"async"});return}let b=a.split("\n").filter(a=>a),c=Math.min(...b.map(a=>a.length-a.trimStart().length));for(let a of b.map(a=>a.slice(c)).map(a=>" ".repeat(2*this.indent)+a))this.content.push(a)}compile(){return Function(...this?.args,[...(this?.content??[""]).map(a=>` ${a}`)].join("\n"))}}let eB=(a,b)=>{a.name="$ZodError",Object.defineProperty(a,"_zod",{value:a._zod,enumerable:!1}),Object.defineProperty(a,"issues",{value:b,enumerable:!1}),a.message=JSON.stringify(b,cW,2),Object.defineProperty(a,"toString",{value:()=>a.message,enumerable:!1})},eC=cQ("$ZodError",eB),eD=cQ("$ZodError",eB,{Parent:Error}),eE=a=>(b,c,d,e)=>{let f=d?{...d,async:!1}:{async:!1},g=b._zod.run({value:c,issues:[]},f);if(g instanceof Promise)throw new cR;if(g.issues.length){let b=new(e?.Err??a)(g.issues.map(a=>dm(a,f,cU())));throw c5(b,e?.callee),b}return g.value},eF=eE(eD),eG=a=>async(b,c,d,e)=>{let f=d?{...d,async:!0}:{async:!0},g=b._zod.run({value:c,issues:[]},f);if(g instanceof Promise&&(g=await g),g.issues.length){let b=new(e?.Err??a)(g.issues.map(a=>dm(a,f,cU())));throw c5(b,e?.callee),b}return g.value},eH=eG(eD),eI=a=>(b,c,d)=>{let e=d?{...d,async:!1}:{async:!1},f=b._zod.run({value:c,issues:[]},e);if(f instanceof Promise)throw new cR;return f.issues.length?{success:!1,error:new(a??eC)(f.issues.map(a=>dm(a,e,cU())))}:{success:!0,data:f.value}},eJ=eI(eD),eK=a=>async(b,c,d)=>{let e=d?{...d,async:!0}:{async:!0},f=b._zod.run({value:c,issues:[]},e);return f instanceof Promise&&(f=await f),f.issues.length?{success:!1,error:new a(f.issues.map(a=>dm(a,e,cU())))}:{success:!0,data:f.value}},eL=eK(eD),eM={major:4,minor:4,patch:3},eN=cQ("$ZodType",(a,b)=>{var c;a??(a={}),a._zod.def=b,a._zod.bag=a._zod.bag||{},a._zod.version=eM;let d=[...a._zod.def.checks??[]];for(let b of(a._zod.traits.has("$ZodCheck")&&d.unshift(a),d))for(let c of b._zod.onattach)c(a);if(0===d.length)(c=a._zod).deferred??(c.deferred=[]),a._zod.deferred?.push(()=>{a._zod.run=a._zod.parse});else{let b=(a,b,c)=>{let d,e=di(a);for(let f of b){if(f._zod.def.when){if(dj(a)||!f._zod.def.when(a))continue}else if(e)continue;let b=a.issues.length,g=f._zod.check(a);if(g instanceof Promise&&c?.async===!1)throw new cR;if(d||g instanceof Promise)d=(d??Promise.resolve()).then(async()=>{await g,a.issues.length!==b&&(e||(e=di(a,b)))});else{if(a.issues.length===b)continue;e||(e=di(a,b))}}return d?d.then(()=>a):a},c=(c,e,f)=>{if(di(c))return c.aborted=!0,c;let g=b(e,d,f);if(g instanceof Promise){if(!1===f.async)throw new cR;return g.then(b=>a._zod.parse(b,f))}return a._zod.parse(g,f)};a._zod.run=(e,f)=>{if(f.skipChecks)return a._zod.parse(e,f);if("backward"===f.direction){let b=a._zod.parse({value:e.value,issues:[]},{...f,skipChecks:!0});return b instanceof Promise?b.then(a=>c(a,e,f)):c(b,e,f)}let g=a._zod.parse(e,f);if(g instanceof Promise){if(!1===f.async)throw new cR;return g.then(a=>b(a,d,f))}return b(g,d,f)}}c0(a,"~standard",()=>({validate:b=>{try{let c=eJ(a,b);return c.success?{value:c.data}:{issues:c.error?.issues}}catch(c){return eL(a,b).then(a=>a.success?{value:a.data}:{issues:a.error?.issues})}},vendor:"zod",version:1}))}),eO=cQ("$ZodString",(a,b)=>{eN.init(a,b),a._zod.pattern=[...a?._zod.bag?.patterns??[]].pop()??dW(a._zod.bag),a._zod.parse=(c,d)=>{if(b.coerce)try{c.value=String(c.value)}catch(a){}return"string"==typeof c.value||c.issues.push({expected:"string",code:"invalid_type",input:c.value,inst:a}),c}}),eP=cQ("$ZodStringFormat",(a,b)=>{es.init(a,b),eO.init(a,b)}),eQ=cQ("$ZodGUID",(a,b)=>{b.pattern??(b.pattern=dA),eP.init(a,b)}),eR=cQ("$ZodUUID",(a,b)=>{if(b.version){let a={v1:1,v2:2,v3:3,v4:4,v5:5,v6:6,v7:7,v8:8}[b.version];if(void 0===a)throw Error(`Invalid UUID version: "${b.version}"`);b.pattern??(b.pattern=dB(a))}else b.pattern??(b.pattern=dB());eP.init(a,b)}),eS=cQ("$ZodEmail",(a,b)=>{b.pattern??(b.pattern=dF),eP.init(a,b)}),eT=cQ("$ZodURL",(a,b)=>{eP.init(a,b),a._zod.check=c=>{try{let d=c.value.trim();if(!b.normalize&&b.protocol?.source===dP.source&&!/^https?:\/\//i.test(d))return void c.issues.push({code:"invalid_format",format:"url",note:"Invalid URL format",input:c.value,inst:a,continue:!b.abort});let e=new URL(d);b.hostname&&(b.hostname.lastIndex=0,b.hostname.test(e.hostname)||c.issues.push({code:"invalid_format",format:"url",note:"Invalid hostname",pattern:b.hostname.source,input:c.value,inst:a,continue:!b.abort})),b.protocol&&(b.protocol.lastIndex=0,b.protocol.test(e.protocol.endsWith(":")?e.protocol.slice(0,-1):e.protocol)||c.issues.push({code:"invalid_format",format:"url",note:"Invalid protocol",pattern:b.protocol.source,input:c.value,inst:a,continue:!b.abort})),b.normalize?c.value=e.href:c.value=d;return}catch(d){c.issues.push({code:"invalid_format",format:"url",input:c.value,inst:a,continue:!b.abort})}}}),eU=cQ("$ZodEmoji",(a,b)=>{b.pattern??(b.pattern=dH()),eP.init(a,b)}),eV=cQ("$ZodNanoID",(a,b)=>{b.pattern??(b.pattern=dy),eP.init(a,b)}),eW=cQ("$ZodCUID",(a,b)=>{b.pattern??(b.pattern=dt),eP.init(a,b)}),eX=cQ("$ZodCUID2",(a,b)=>{b.pattern??(b.pattern=du),eP.init(a,b)}),eY=cQ("$ZodULID",(a,b)=>{b.pattern??(b.pattern=dv),eP.init(a,b)}),eZ=cQ("$ZodXID",(a,b)=>{b.pattern??(b.pattern=dw),eP.init(a,b)}),e$=cQ("$ZodKSUID",(a,b)=>{b.pattern??(b.pattern=dx),eP.init(a,b)}),e_=cQ("$ZodISODateTime",(a,b)=>{b.pattern??(b.pattern=dV(b)),eP.init(a,b)}),e0=cQ("$ZodISODate",(a,b)=>{b.pattern??(b.pattern=dS),eP.init(a,b)}),e1=cQ("$ZodISOTime",(a,b)=>{b.pattern??(b.pattern=dU(b)),eP.init(a,b)}),e2=cQ("$ZodISODuration",(a,b)=>{b.pattern??(b.pattern=dz),eP.init(a,b)}),e3=cQ("$ZodIPv4",(a,b)=>{b.pattern??(b.pattern=dI),eP.init(a,b),a._zod.bag.format="ipv4"}),e4=cQ("$ZodIPv6",(a,b)=>{b.pattern??(b.pattern=dJ),eP.init(a,b),a._zod.bag.format="ipv6",a._zod.check=c=>{try{new URL(`http://[${c.value}]`)}catch{c.issues.push({code:"invalid_format",format:"ipv6",input:c.value,inst:a,continue:!b.abort})}}}),e5=((a,b)=>{b.pattern??(b.pattern=dK(b.delimiter)),eP.init(a,b),a._zod.bag.format="mac"},cQ("$ZodCIDRv4",(a,b)=>{b.pattern??(b.pattern=dL),eP.init(a,b)})),e6=cQ("$ZodCIDRv6",(a,b)=>{b.pattern??(b.pattern=dM),eP.init(a,b),a._zod.check=c=>{let d=c.value.split("/");try{if(2!==d.length)throw Error();let[a,b]=d;if(!b)throw Error();let c=Number(b);if(`${c}`!==b||c<0||c>128)throw Error();new URL(`http://[${a}]`)}catch{c.issues.push({code:"invalid_format",format:"cidrv6",input:c.value,inst:a,continue:!b.abort})}}});function e7(a){if(""===a)return!0;if(/\s/.test(a)||a.length%4!=0)return!1;try{return atob(a),!0}catch{return!1}}let e8=cQ("$ZodBase64",(a,b)=>{b.pattern??(b.pattern=dN),eP.init(a,b),a._zod.bag.contentEncoding="base64",a._zod.check=c=>{e7(c.value)||c.issues.push({code:"invalid_format",format:"base64",input:c.value,inst:a,continue:!b.abort})}}),e9=cQ("$ZodBase64URL",(a,b)=>{b.pattern??(b.pattern=dO),eP.init(a,b),a._zod.bag.contentEncoding="base64url",a._zod.check=c=>{!function(a){if(!dO.test(a))return!1;let b=a.replace(/[-_]/g,a=>"-"===a?"+":"/");return e7(b.padEnd(4*Math.ceil(b.length/4),"="))}(c.value)&&c.issues.push({code:"invalid_format",format:"base64url",input:c.value,inst:a,continue:!b.abort})}}),fa=cQ("$ZodE164",(a,b)=>{b.pattern??(b.pattern=dQ),eP.init(a,b)}),fb=cQ("$ZodJWT",(a,b)=>{eP.init(a,b),a._zod.check=c=>{!function(a,b=null){try{let c=a.split(".");if(3!==c.length)return!1;let[d]=c;if(!d)return!1;let e=JSON.parse(atob(d));if("typ"in e&&e?.typ!=="JWT"||!e.alg||b&&(!("alg"in e)||e.alg!==b))return!1;return!0}catch{return!1}}(c.value,b.alg)&&c.issues.push({code:"invalid_format",format:"jwt",input:c.value,inst:a,continue:!b.abort})}}),fc=((a,b)=>{eP.init(a,b),a._zod.check=c=>{b.fn(c.value)||c.issues.push({code:"invalid_format",format:b.format,input:c.value,inst:a,continue:!b.abort})}},cQ("$ZodNumber",(a,b)=>{eN.init(a,b),a._zod.pattern=a._zod.bag.pattern??dZ,a._zod.parse=(c,d)=>{if(b.coerce)try{c.value=Number(c.value)}catch(a){}let e=c.value;if("number"==typeof e&&!Number.isNaN(e)&&Number.isFinite(e))return c;let f="number"==typeof e?Number.isNaN(e)?"NaN":Number.isFinite(e)?void 0:"Infinity":void 0;return c.issues.push({expected:"number",code:"invalid_type",input:e,inst:a,...f?{received:f}:{}}),c}})),fd=cQ("$ZodNumberFormat",(a,b)=>{ek.init(a,b),fc.init(a,b)}),fe=cQ("$ZodBoolean",(a,b)=>{eN.init(a,b),a._zod.pattern=d$,a._zod.parse=(c,d)=>{if(b.coerce)try{c.value=!!c.value}catch(a){}let e=c.value;return"boolean"==typeof e||c.issues.push({expected:"boolean",code:"invalid_type",input:e,inst:a}),c}}),ff=cQ("$ZodBigInt",(a,b)=>{eN.init(a,b),a._zod.pattern=dX,a._zod.parse=(c,d)=>{if(b.coerce)try{c.value=BigInt(c.value)}catch(a){}return"bigint"==typeof c.value||c.issues.push({expected:"bigint",code:"invalid_type",input:c.value,inst:a}),c}}),fg=((a,b)=>{el.init(a,b),ff.init(a,b)},cQ("$ZodAny",(a,b)=>{eN.init(a,b),a._zod.parse=a=>a})),fh=cQ("$ZodUnknown",(a,b)=>{eN.init(a,b),a._zod.parse=a=>a}),fi=cQ("$ZodNever",(a,b)=>{eN.init(a,b),a._zod.parse=(b,c)=>(b.issues.push({expected:"never",code:"invalid_type",input:b.value,inst:a}),b)}),fj=((a,b)=>{eN.init(a,b),a._zod.parse=(b,c)=>{let d=b.value;return void 0===d||b.issues.push({expected:"void",code:"invalid_type",input:d,inst:a}),b}},cQ("$ZodDate",(a,b)=>{eN.init(a,b),a._zod.parse=(c,d)=>{if(b.coerce)try{c.value=new Date(c.value)}catch(a){}let e=c.value,f=e instanceof Date;return f&&!Number.isNaN(e.getTime())||c.issues.push({expected:"date",code:"invalid_type",input:e,...f?{received:"Invalid Date"}:{},inst:a}),c}}));function fk(a,b,c){a.issues.length&&b.issues.push(...dk(c,a.issues)),b.value[c]=a.value}let fl=cQ("$ZodArray",(a,b)=>{eN.init(a,b),a._zod.parse=(c,d)=>{let e=c.value;if(!Array.isArray(e))return c.issues.push({expected:"array",code:"invalid_type",input:e,inst:a}),c;c.value=Array(e.length);let f=[];for(let a=0;a<e.length;a++){let g=e[a],h=b.element._zod.run({value:g,issues:[]},d);h instanceof Promise?f.push(h.then(b=>fk(b,c,a))):fk(h,c,a)}return f.length?Promise.all(f).then(()=>c):c}});function fm(a,b,c,d,e,f){let g=c in d;if(a.issues.length){if(e&&f&&!g)return;b.issues.push(...dk(c,a.issues))}if(!g&&!e){a.issues.length||b.issues.push({code:"invalid_type",expected:"nonoptional",input:void 0,path:[c]});return}void 0===a.value?g&&(b.value[c]=void 0):b.value[c]=a.value}function fn(a){let b=Object.keys(a.shape);for(let c of b)if(!a.shape?.[c]?._zod?.traits?.has("$ZodType"))throw Error(`Invalid element at key "${c}": expected a Zod schema`);let c=df(a.shape);return{...a,keys:b,keySet:new Set(b),numKeys:b.length,optionalKeys:new Set(c)}}function fo(a,b,c,d,e,f){let g=[],h=e.keySet,i=e.catchall._zod,j=i.def.type,k="optional"===i.optin,l="optional"===i.optout;for(let e in b){if("__proto__"===e||h.has(e))continue;if("never"===j){g.push(e);continue}let f=i.run({value:b[e],issues:[]},d);f instanceof Promise?a.push(f.then(a=>fm(a,c,e,b,k,l))):fm(f,c,e,b,k,l)}return(g.length&&c.issues.push({code:"unrecognized_keys",keys:g,input:b,inst:f}),a.length)?Promise.all(a).then(()=>c):c}let fp=cQ("$ZodObject",(a,b)=>{let c;eN.init(a,b);let d=Object.getOwnPropertyDescriptor(b,"shape");if(!d?.get){let a=b.shape;Object.defineProperty(b,"shape",{get:()=>{let c={...a};return Object.defineProperty(b,"shape",{value:c}),c}})}let e=cX(()=>fn(b));c0(a._zod,"propValues",()=>{let a=b.shape,c={};for(let b in a){let d=a[b]._zod;if(d.values)for(let a of(c[b]??(c[b]=new Set),d.values))c[b].add(a)}return c});let f=b.catchall;a._zod.parse=(b,d)=>{c??(c=e.value);let g=b.value;if(!c6(g))return b.issues.push({expected:"object",code:"invalid_type",input:g,inst:a}),b;b.value={};let h=[],i=c.shape;for(let a of c.keys){let c=i[a],e="optional"===c._zod.optin,f="optional"===c._zod.optout,j=c._zod.run({value:g[a],issues:[]},d);j instanceof Promise?h.push(j.then(c=>fm(c,b,a,g,e,f))):fm(j,b,a,g,e,f)}return f?fo(h,g,b,d,e.value,a):h.length?Promise.all(h).then(()=>b):b}}),fq=cQ("$ZodObjectJIT",(a,b)=>{let c,d;fp.init(a,b);let e=a._zod.parse,f=cX(()=>fn(b)),g=!cT.jitless,h=g&&c7.value,i=b.catchall;a._zod.parse=(j,k)=>{d??(d=f.value);let l=j.value;return c6(l)?g&&h&&k?.async===!1&&!0!==k.jitless?(c||(c=(a=>{let b=new eA(["shape","payload","ctx"]),c=f.value,d=a=>{let b=c3(a);return`shape[${b}]._zod.run({ value: input[${b}], issues: [] }, ctx)`};b.write("const input = payload.value;");let e=Object.create(null),g=0;for(let a of c.keys)e[a]=`key_${g++}`;for(let f of(b.write("const newResult = {};"),c.keys)){let c=e[f],g=c3(f),h=a[f],i=h?._zod?.optin==="optional",j=h?._zod?.optout==="optional";b.write(`const ${c} = ${d(f)};`),i&&j?b.write(`
|
|
2
|
+
if (${c}.issues.length) {
|
|
3
|
+
if (${g} in input) {
|
|
4
|
+
payload.issues = payload.issues.concat(${c}.issues.map(iss => ({
|
|
5
|
+
...iss,
|
|
6
|
+
path: iss.path ? [${g}, ...iss.path] : [${g}]
|
|
7
|
+
})));
|
|
8
|
+
}
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
if (${c}.value === undefined) {
|
|
12
|
+
if (${g} in input) {
|
|
13
|
+
newResult[${g}] = undefined;
|
|
14
|
+
}
|
|
15
|
+
} else {
|
|
16
|
+
newResult[${g}] = ${c}.value;
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
`):i?b.write(`
|
|
20
|
+
if (${c}.issues.length) {
|
|
21
|
+
payload.issues = payload.issues.concat(${c}.issues.map(iss => ({
|
|
22
|
+
...iss,
|
|
23
|
+
path: iss.path ? [${g}, ...iss.path] : [${g}]
|
|
24
|
+
})));
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
if (${c}.value === undefined) {
|
|
28
|
+
if (${g} in input) {
|
|
29
|
+
newResult[${g}] = undefined;
|
|
30
|
+
}
|
|
31
|
+
} else {
|
|
32
|
+
newResult[${g}] = ${c}.value;
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
`):b.write(`
|
|
36
|
+
const ${c}_present = ${g} in input;
|
|
37
|
+
if (${c}.issues.length) {
|
|
38
|
+
payload.issues = payload.issues.concat(${c}.issues.map(iss => ({
|
|
39
|
+
...iss,
|
|
40
|
+
path: iss.path ? [${g}, ...iss.path] : [${g}]
|
|
41
|
+
})));
|
|
42
|
+
}
|
|
43
|
+
if (!${c}_present && !${c}.issues.length) {
|
|
44
|
+
payload.issues.push({
|
|
45
|
+
code: "invalid_type",
|
|
46
|
+
expected: "nonoptional",
|
|
47
|
+
input: undefined,
|
|
48
|
+
path: [${g}]
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
if (${c}_present) {
|
|
53
|
+
if (${c}.value === undefined) {
|
|
54
|
+
newResult[${g}] = undefined;
|
|
55
|
+
} else {
|
|
56
|
+
newResult[${g}] = ${c}.value;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
`)}b.write("payload.value = newResult;"),b.write("return payload;");let h=b.compile();return(b,c)=>h(a,b,c)})(b.shape)),j=c(j,k),i)?fo([],l,j,k,d,a):j:e(j,k):(j.issues.push({expected:"object",code:"invalid_type",input:l,inst:a}),j)}});function fr(a,b,c,d){for(let c of a)if(0===c.issues.length)return b.value=c.value,b;let e=a.filter(a=>!di(a));return 1===e.length?(b.value=e[0].value,e[0]):(b.issues.push({code:"invalid_union",input:b.value,inst:c,errors:a.map(a=>a.issues.map(a=>dm(a,d,cU())))}),b)}let fs=cQ("$ZodUnion",(a,b)=>{eN.init(a,b),c0(a._zod,"optin",()=>b.options.some(a=>"optional"===a._zod.optin)?"optional":void 0),c0(a._zod,"optout",()=>b.options.some(a=>"optional"===a._zod.optout)?"optional":void 0),c0(a._zod,"values",()=>{if(b.options.every(a=>a._zod.values))return new Set(b.options.flatMap(a=>Array.from(a._zod.values)))}),c0(a._zod,"pattern",()=>{if(b.options.every(a=>a._zod.pattern)){let a=b.options.map(a=>a._zod.pattern);return RegExp(`^(${a.map(a=>cZ(a.source)).join("|")})$`)}});let c=1===b.options.length?b.options[0]._zod.run:null;a._zod.parse=(d,e)=>{if(c)return c(d,e);let f=!1,g=[];for(let a of b.options){let b=a._zod.run({value:d.value,issues:[]},e);if(b instanceof Promise)g.push(b),f=!0;else{if(0===b.issues.length)return b;g.push(b)}}return f?Promise.all(g).then(b=>fr(b,d,a,e)):fr(g,d,a,e)}});function ft(a,b,c,d){let e=a.filter(a=>0===a.issues.length);return 1===e.length?b.value=e[0].value:0===e.length?b.issues.push({code:"invalid_union",input:b.value,inst:c,errors:a.map(a=>a.issues.map(a=>dm(a,d,cU())))}):b.issues.push({code:"invalid_union",input:b.value,inst:c,errors:[],inclusive:!1}),b}(a,b)=>{fs.init(a,b),b.inclusive=!1;let c=1===b.options.length?b.options[0]._zod.run:null;a._zod.parse=(d,e)=>{if(c)return c(d,e);let f=!1,g=[];for(let a of b.options){let b=a._zod.run({value:d.value,issues:[]},e);b instanceof Promise?(g.push(b),f=!0):g.push(b)}return f?Promise.all(g).then(b=>ft(b,d,a,e)):ft(g,d,a,e)}},(a,b)=>{b.inclusive=!1,fs.init(a,b);let c=a._zod.parse;c0(a._zod,"propValues",()=>{let a={};for(let c of b.options){let d=c._zod.propValues;if(!d||0===Object.keys(d).length)throw Error(`Invalid discriminated union option at index "${b.options.indexOf(c)}"`);for(let[b,c]of Object.entries(d))for(let d of(a[b]||(a[b]=new Set),c))a[b].add(d)}return a});let d=cX(()=>{let a=b.options,c=new Map;for(let d of a){let a=d._zod.propValues?.[b.discriminator];if(!a||0===a.size)throw Error(`Invalid discriminated union option at index "${b.options.indexOf(d)}"`);for(let b of a){if(c.has(b))throw Error(`Duplicate discriminator value "${String(b)}"`);c.set(b,d)}}return c});a._zod.parse=(e,f)=>{let g=e.value;if(!c6(g))return e.issues.push({code:"invalid_type",expected:"object",input:g,inst:a}),e;let h=d.value.get(g?.[b.discriminator]);return h?h._zod.run(e,f):b.unionFallback||"backward"===f.direction?c(e,f):(e.issues.push({code:"invalid_union",errors:[],note:"No matching discriminator",discriminator:b.discriminator,options:Array.from(d.value.keys()),input:g,path:[b.discriminator],inst:a}),e)}};let fu=cQ("$ZodIntersection",(a,b)=>{eN.init(a,b),a._zod.parse=(a,c)=>{let d=a.value,e=b.left._zod.run({value:d,issues:[]},c),f=b.right._zod.run({value:d,issues:[]},c);return e instanceof Promise||f instanceof Promise?Promise.all([e,f]).then(([b,c])=>fv(a,b,c)):fv(a,e,f)}});function fv(a,b,c){let d,e=new Map;for(let c of b.issues)if("unrecognized_keys"===c.code)for(let a of(d??(d=c),c.keys))e.has(a)||e.set(a,{}),e.get(a).l=!0;else a.issues.push(c);for(let b of c.issues)if("unrecognized_keys"===b.code)for(let a of b.keys)e.has(a)||e.set(a,{}),e.get(a).r=!0;else a.issues.push(b);let f=[...e].filter(([,a])=>a.l&&a.r).map(([a])=>a);if(f.length&&d&&a.issues.push({...d,keys:f}),di(a))return a;let g=function a(b,c){if(b===c||b instanceof Date&&c instanceof Date&&+b==+c)return{valid:!0,data:b};if(c8(b)&&c8(c)){let d=Object.keys(c),e=Object.keys(b).filter(a=>-1!==d.indexOf(a)),f={...b,...c};for(let d of e){let e=a(b[d],c[d]);if(!e.valid)return{valid:!1,mergeErrorPath:[d,...e.mergeErrorPath]};f[d]=e.data}return{valid:!0,data:f}}if(Array.isArray(b)&&Array.isArray(c)){if(b.length!==c.length)return{valid:!1,mergeErrorPath:[]};let d=[];for(let e=0;e<b.length;e++){let f=a(b[e],c[e]);if(!f.valid)return{valid:!1,mergeErrorPath:[e,...f.mergeErrorPath]};d.push(f.data)}return{valid:!0,data:d}}return{valid:!1,mergeErrorPath:[]}}(b.value,c.value);if(!g.valid)throw Error(`Unmergable intersection. Error path: ${JSON.stringify(g.mergeErrorPath)}`);return a.value=g.data,a}let fw=cQ("$ZodTuple",(a,b)=>{eN.init(a,b);let c=b.items;a._zod.parse=(d,e)=>{let f=d.value;if(!Array.isArray(f))return d.issues.push({input:f,inst:a,expected:"tuple",code:"invalid_type"}),d;d.value=[];let g=[],h=fx(c,"optin"),i=fx(c,"optout");if(!b.rest){if(f.length<h)return d.issues.push({code:"too_small",minimum:h,inclusive:!0,input:f,inst:a,origin:"array"}),d;f.length>c.length&&d.issues.push({code:"too_big",maximum:c.length,inclusive:!0,input:f,inst:a,origin:"array"})}let j=Array(c.length);for(let a=0;a<c.length;a++){let b=c[a]._zod.run({value:f[a],issues:[]},e);b instanceof Promise?g.push(b.then(b=>{j[a]=b})):j[a]=b}if(b.rest){let a=c.length-1;for(let h of f.slice(c.length)){a++;let c=b.rest._zod.run({value:h,issues:[]},e);c instanceof Promise?g.push(c.then(b=>fy(b,d,a))):fy(c,d,a)}}return g.length?Promise.all(g).then(()=>fz(j,d,c,f,i)):fz(j,d,c,f,i)}});function fx(a,b){for(let c=a.length-1;c>=0;c--)if("optional"!==a[c]._zod[b])return c+1;return 0}function fy(a,b,c){a.issues.length&&b.issues.push(...dk(c,a.issues)),b.value[c]=a.value}function fz(a,b,c,d,e){for(let f=0;f<c.length;f++){let c=a[f],g=f<d.length;if(c.issues.length){if(!g&&f>=e){b.value.length=f;break}b.issues.push(...dk(f,c.issues))}b.value[f]=c.value}for(let a=b.value.length-1;a>=d.length;a--)if("optional"===c[a]._zod.optout&&void 0===b.value[a])b.value.length=a;else break;return b}let fA=cQ("$ZodRecord",(a,b)=>{eN.init(a,b),a._zod.parse=(c,d)=>{let e=c.value;if(!c8(e))return c.issues.push({expected:"record",code:"invalid_type",input:e,inst:a}),c;let f=[],g=b.keyType._zod.values;if(g){let h;c.value={};let i=new Set;for(let h of g)if("string"==typeof h||"number"==typeof h||"symbol"==typeof h){i.add("number"==typeof h?h.toString():h);let g=b.keyType._zod.run({value:h,issues:[]},d);if(g instanceof Promise)throw Error("Async schemas not supported in object keys currently");if(g.issues.length){c.issues.push({code:"invalid_key",origin:"record",issues:g.issues.map(a=>dm(a,d,cU())),input:h,path:[h],inst:a});continue}let j=g.value,k=b.valueType._zod.run({value:e[h],issues:[]},d);k instanceof Promise?f.push(k.then(a=>{a.issues.length&&c.issues.push(...dk(h,a.issues)),c.value[j]=a.value})):(k.issues.length&&c.issues.push(...dk(h,k.issues)),c.value[j]=k.value)}for(let a in e)i.has(a)||(h=h??[]).push(a);h&&h.length>0&&c.issues.push({code:"unrecognized_keys",input:e,inst:a,keys:h})}else for(let g of(c.value={},Reflect.ownKeys(e))){if("__proto__"===g||!Object.prototype.propertyIsEnumerable.call(e,g))continue;let h=b.keyType._zod.run({value:g,issues:[]},d);if(h instanceof Promise)throw Error("Async schemas not supported in object keys currently");if("string"==typeof g&&dZ.test(g)&&h.issues.length){let a=b.keyType._zod.run({value:Number(g),issues:[]},d);if(a instanceof Promise)throw Error("Async schemas not supported in object keys currently");0===a.issues.length&&(h=a)}if(h.issues.length){"loose"===b.mode?c.value[g]=e[g]:c.issues.push({code:"invalid_key",origin:"record",issues:h.issues.map(a=>dm(a,d,cU())),input:g,path:[g],inst:a});continue}let i=b.valueType._zod.run({value:e[g],issues:[]},d);i instanceof Promise?f.push(i.then(a=>{a.issues.length&&c.issues.push(...dk(g,a.issues)),c.value[h.value]=a.value})):(i.issues.length&&c.issues.push(...dk(g,i.issues)),c.value[h.value]=i.value)}return f.length?Promise.all(f).then(()=>c):c}});function fB(a,b,c,d,e,f,g){a.issues.length&&(c9.has(typeof d)?c.issues.push(...dk(d,a.issues)):c.issues.push({code:"invalid_key",origin:"map",input:e,inst:f,issues:a.issues.map(a=>dm(a,g,cU()))})),b.issues.length&&(c9.has(typeof d)?c.issues.push(...dk(d,b.issues)):c.issues.push({origin:"map",code:"invalid_element",input:e,inst:f,key:d,issues:b.issues.map(a=>dm(a,g,cU()))})),c.value.set(a.value,b.value)}function fC(a,b){a.issues.length&&b.issues.push(...a.issues),b.value.add(a.value)}(a,b)=>{eN.init(a,b),a._zod.parse=(c,d)=>{let e=c.value;if(!(e instanceof Map))return c.issues.push({expected:"map",code:"invalid_type",input:e,inst:a}),c;let f=[];for(let[g,h]of(c.value=new Map,e)){let i=b.keyType._zod.run({value:g,issues:[]},d),j=b.valueType._zod.run({value:h,issues:[]},d);i instanceof Promise||j instanceof Promise?f.push(Promise.all([i,j]).then(([b,f])=>{fB(b,f,c,g,e,a,d)})):fB(i,j,c,g,e,a,d)}return f.length?Promise.all(f).then(()=>c):c}},(a,b)=>{eN.init(a,b),a._zod.parse=(c,d)=>{let e=c.value;if(!(e instanceof Set))return c.issues.push({input:e,inst:a,expected:"set",code:"invalid_type"}),c;let f=[];for(let a of(c.value=new Set,e)){let e=b.valueType._zod.run({value:a,issues:[]},d);e instanceof Promise?f.push(e.then(a=>fC(a,c))):fC(e,c)}return f.length?Promise.all(f).then(()=>c):c}};let fD=cQ("$ZodEnum",(a,b)=>{eN.init(a,b);let c=cV(b.entries),d=new Set(c);a._zod.values=d,a._zod.pattern=RegExp(`^(${c.filter(a=>c9.has(typeof a)).map(a=>"string"==typeof a?db(a):a.toString()).join("|")})$`),a._zod.parse=(b,e)=>{let f=b.value;return d.has(f)||b.issues.push({code:"invalid_value",values:c,input:f,inst:a}),b}}),fE=((a,b)=>{if(eN.init(a,b),0===b.values.length)throw Error("Cannot create literal schema with no valid values");let c=new Set(b.values);a._zod.values=c,a._zod.pattern=RegExp(`^(${b.values.map(a=>"string"==typeof a?db(a):a?db(a.toString()):String(a)).join("|")})$`),a._zod.parse=(d,e)=>{let f=d.value;return c.has(f)||d.issues.push({code:"invalid_value",values:b.values,input:f,inst:a}),d}},cQ("$ZodTransform",(a,b)=>{eN.init(a,b),a._zod.optin="optional",a._zod.parse=(c,d)=>{if("backward"===d.direction)throw new cS(a.constructor.name);let e=b.transform(c.value,c);if(d.async)return(e instanceof Promise?e:Promise.resolve(e)).then(a=>(c.value=a,c.fallback=!0,c));if(e instanceof Promise)throw new cR;return c.value=e,c.fallback=!0,c}}));function fF(a,b){return void 0===b&&(a.issues.length||a.fallback)?{issues:[],value:void 0}:a}let fG=cQ("$ZodOptional",(a,b)=>{eN.init(a,b),a._zod.optin="optional",a._zod.optout="optional",c0(a._zod,"values",()=>b.innerType._zod.values?new Set([...b.innerType._zod.values,void 0]):void 0),c0(a._zod,"pattern",()=>{let a=b.innerType._zod.pattern;return a?RegExp(`^(${cZ(a.source)})?$`):void 0}),a._zod.parse=(a,c)=>{if("optional"===b.innerType._zod.optin){let d=a.value,e=b.innerType._zod.run(a,c);return e instanceof Promise?e.then(a=>fF(a,d)):fF(e,d)}return void 0===a.value?a:b.innerType._zod.run(a,c)}}),fH=cQ("$ZodExactOptional",(a,b)=>{fG.init(a,b),c0(a._zod,"values",()=>b.innerType._zod.values),c0(a._zod,"pattern",()=>b.innerType._zod.pattern),a._zod.parse=(a,c)=>b.innerType._zod.run(a,c)}),fI=cQ("$ZodNullable",(a,b)=>{eN.init(a,b),c0(a._zod,"optin",()=>b.innerType._zod.optin),c0(a._zod,"optout",()=>b.innerType._zod.optout),c0(a._zod,"pattern",()=>{let a=b.innerType._zod.pattern;return a?RegExp(`^(${cZ(a.source)}|null)$`):void 0}),c0(a._zod,"values",()=>b.innerType._zod.values?new Set([...b.innerType._zod.values,null]):void 0),a._zod.parse=(a,c)=>null===a.value?a:b.innerType._zod.run(a,c)}),fJ=cQ("$ZodDefault",(a,b)=>{eN.init(a,b),a._zod.optin="optional",c0(a._zod,"values",()=>b.innerType._zod.values),a._zod.parse=(a,c)=>{if("backward"===c.direction)return b.innerType._zod.run(a,c);if(void 0===a.value)return a.value=b.defaultValue,a;let d=b.innerType._zod.run(a,c);return d instanceof Promise?d.then(a=>fK(a,b)):fK(d,b)}});function fK(a,b){return void 0===a.value&&(a.value=b.defaultValue),a}let fL=cQ("$ZodPrefault",(a,b)=>{eN.init(a,b),a._zod.optin="optional",c0(a._zod,"values",()=>b.innerType._zod.values),a._zod.parse=(a,c)=>("backward"===c.direction||void 0===a.value&&(a.value=b.defaultValue),b.innerType._zod.run(a,c))}),fM=cQ("$ZodNonOptional",(a,b)=>{eN.init(a,b),c0(a._zod,"values",()=>{let a=b.innerType._zod.values;return a?new Set([...a].filter(a=>void 0!==a)):void 0}),a._zod.parse=(c,d)=>{let e=b.innerType._zod.run(c,d);return e instanceof Promise?e.then(b=>fN(b,a)):fN(e,a)}});function fN(a,b){return a.issues.length||void 0!==a.value||a.issues.push({code:"invalid_type",expected:"nonoptional",input:a.value,inst:b}),a}(a,b)=>{eN.init(a,b),a._zod.parse=(a,c)=>{if("backward"===c.direction)throw new cS("ZodSuccess");let d=b.innerType._zod.run(a,c);return d instanceof Promise?d.then(b=>(a.value=0===b.issues.length,a)):(a.value=0===d.issues.length,a)}};let fO=cQ("$ZodCatch",(a,b)=>{eN.init(a,b),a._zod.optin="optional",c0(a._zod,"optout",()=>b.innerType._zod.optout),c0(a._zod,"values",()=>b.innerType._zod.values),a._zod.parse=(a,c)=>{if("backward"===c.direction)return b.innerType._zod.run(a,c);let d=b.innerType._zod.run(a,c);return d instanceof Promise?d.then(d=>(a.value=d.value,d.issues.length&&(a.value=b.catchValue({...a,error:{issues:d.issues.map(a=>dm(a,c,cU()))},input:a.value}),a.issues=[],a.fallback=!0),a)):(a.value=d.value,d.issues.length&&(a.value=b.catchValue({...a,error:{issues:d.issues.map(a=>dm(a,c,cU()))},input:a.value}),a.issues=[],a.fallback=!0),a)}}),fP=((a,b)=>{eN.init(a,b),a._zod.parse=(b,c)=>("number"==typeof b.value&&Number.isNaN(b.value)||b.issues.push({input:b.value,inst:a,expected:"nan",code:"invalid_type"}),b)},cQ("$ZodPipe",(a,b)=>{eN.init(a,b),c0(a._zod,"values",()=>b.in._zod.values),c0(a._zod,"optin",()=>b.in._zod.optin),c0(a._zod,"optout",()=>b.out._zod.optout),c0(a._zod,"propValues",()=>b.in._zod.propValues),a._zod.parse=(a,c)=>{if("backward"===c.direction){let d=b.out._zod.run(a,c);return d instanceof Promise?d.then(a=>fQ(a,b.in,c)):fQ(d,b.in,c)}let d=b.in._zod.run(a,c);return d instanceof Promise?d.then(a=>fQ(a,b.out,c)):fQ(d,b.out,c)}}));function fQ(a,b,c){return a.issues.length?(a.aborted=!0,a):b._zod.run({value:a.value,issues:a.issues,fallback:a.fallback},c)}function fR(a,b,c){if(a.issues.length)return a.aborted=!0,a;if("forward"===(c.direction||"forward")){let d=b.transform(a.value,a);return d instanceof Promise?d.then(d=>fS(a,d,b.out,c)):fS(a,d,b.out,c)}{let d=b.reverseTransform(a.value,a);return d instanceof Promise?d.then(d=>fS(a,d,b.in,c)):fS(a,d,b.in,c)}}function fS(a,b,c,d){return a.issues.length?(a.aborted=!0,a):c._zod.run({value:b,issues:a.issues},d)}(a,b)=>{eN.init(a,b),c0(a._zod,"values",()=>b.in._zod.values),c0(a._zod,"optin",()=>b.in._zod.optin),c0(a._zod,"optout",()=>b.out._zod.optout),c0(a._zod,"propValues",()=>b.in._zod.propValues),a._zod.parse=(a,c)=>{if("forward"===(c.direction||"forward")){let d=b.in._zod.run(a,c);return d instanceof Promise?d.then(a=>fR(a,b,c)):fR(d,b,c)}{let d=b.out._zod.run(a,c);return d instanceof Promise?d.then(a=>fR(a,b,c)):fR(d,b,c)}}},(a,b)=>{fP.init(a,b)};let fT=cQ("$ZodReadonly",(a,b)=>{eN.init(a,b),c0(a._zod,"propValues",()=>b.innerType._zod.propValues),c0(a._zod,"values",()=>b.innerType._zod.values),c0(a._zod,"optin",()=>b.innerType?._zod?.optin),c0(a._zod,"optout",()=>b.innerType?._zod?.optout),a._zod.parse=(a,c)=>{if("backward"===c.direction)return b.innerType._zod.run(a,c);let d=b.innerType._zod.run(a,c);return d instanceof Promise?d.then(fU):fU(d)}});function fU(a){return a.value=Object.freeze(a.value),a}(a,b)=>{eN.init(a,b);let c=[];for(let a of b.parts)if("object"==typeof a&&null!==a){if(!a._zod.pattern)throw Error(`Invalid template literal part, no pattern found: ${[...a._zod.traits].shift()}`);let b=a._zod.pattern instanceof RegExp?a._zod.pattern.source:a._zod.pattern;if(!b)throw Error(`Invalid template literal part: ${a._zod.traits}`);let d=+!!b.startsWith("^"),e=b.endsWith("$")?b.length-1:b.length;c.push(b.slice(d,e))}else if(null===a||da.has(typeof a))c.push(db(`${a}`));else throw Error(`Invalid template literal part: ${a}`);a._zod.pattern=RegExp(`^${c.join("")}$`),a._zod.parse=(c,d)=>("string"!=typeof c.value?c.issues.push({input:c.value,inst:a,expected:"string",code:"invalid_type"}):(a._zod.pattern.lastIndex=0,a._zod.pattern.test(c.value)||c.issues.push({input:c.value,inst:a,code:"invalid_format",format:b.format??"template_literal",pattern:a._zod.pattern.source})),c)},(a,b)=>{eN.init(a,b),c0(a._zod,"innerType",()=>(b._cachedInner||(b._cachedInner=b.getter()),b._cachedInner)),c0(a._zod,"pattern",()=>a._zod.innerType?._zod?.pattern),c0(a._zod,"propValues",()=>a._zod.innerType?._zod?.propValues),c0(a._zod,"optin",()=>a._zod.innerType?._zod?.optin??void 0),c0(a._zod,"optout",()=>a._zod.innerType?._zod?.optout??void 0),a._zod.parse=(b,c)=>a._zod.innerType._zod.run(b,c)};let fV=cQ("$ZodCustom",(a,b)=>{ef.init(a,b),eN.init(a,b),a._zod.parse=(a,b)=>a,a._zod.check=c=>{let d=c.value,e=b.fn(d);if(e instanceof Promise)return e.then(b=>fW(b,c,d,a));fW(e,c,d,a)}});function fW(a,b,c,d){if(!a){let a={code:"custom",input:c,inst:d,path:[...d._zod.def.path??[]],continue:!d._zod.def.abort};d._zod.def.params&&(a.params=d._zod.def.params),b.issues.push(dq(a))}}Symbol("ZodOutput"),Symbol("ZodInput");(s=globalThis).__zod_globalRegistry??(s.__zod_globalRegistry=new class a{constructor(){this._map=new WeakMap,this._idmap=new Map}add(a,...b){let c=b[0];return this._map.set(a,c),c&&"object"==typeof c&&"id"in c&&this._idmap.set(c.id,a),this}clear(){return this._map=new WeakMap,this._idmap=new Map,this}remove(a){let b=this._map.get(a);return b&&"object"==typeof b&&"id"in b&&this._idmap.delete(b.id),this._map.delete(a),this}get(a){let b=a._zod.parent;if(b){let c={...this.get(b)??{}};delete c.id;let d={...c,...this._map.get(a)};return Object.keys(d).length?d:void 0}return this._map.get(a)}has(a){return this._map.has(a)}});let fX=globalThis.__zod_globalRegistry;function fY(a,b){return new a({type:"string",format:"email",check:"string_format",abort:!1,...dd(b)})}function fZ(a,b){return new a({type:"string",format:"guid",check:"string_format",abort:!1,...dd(b)})}function f$(a,b){return new a({type:"string",format:"ipv4",check:"string_format",abort:!1,...dd(b)})}function f_(a,b){return new a({type:"string",format:"ipv6",check:"string_format",abort:!1,...dd(b)})}function f0(a,b){return new eh({check:"less_than",...dd(b),value:a,inclusive:!1})}function f1(a,b){return new eh({check:"less_than",...dd(b),value:a,inclusive:!0})}function f2(a,b){return new ei({check:"greater_than",...dd(b),value:a,inclusive:!1})}function f3(a,b){return new ei({check:"greater_than",...dd(b),value:a,inclusive:!0})}function f4(a,b){return new ej({check:"multiple_of",...dd(b),value:a})}function f5(a,b){return new ep({check:"max_length",...dd(b),maximum:a})}function f6(a,b){return new eq({check:"min_length",...dd(b),minimum:a})}function f7(a,b){return new er({check:"length_equals",...dd(b),length:a})}function f8(a){return new ez({check:"overwrite",tx:a})}a.i(854018);var f9=a.i(549230),f9=f9;function ga(a){let b=a?.target??"draft-2020-12";return"draft-4"===b&&(b="draft-04"),"draft-7"===b&&(b="draft-07"),{processors:a.processors??{},metadataRegistry:a?.metadata??fX,target:b,unrepresentable:a?.unrepresentable??"throw",override:a?.override??(()=>{}),io:a?.io??"output",counter:0,seen:new Map,cycles:a?.cycles??"ref",reused:a?.reused??"inline",external:a?.external??void 0}}function gb(a,b,c={path:[],schemaPath:[]}){var d;let e=a._zod.def,f=b.seen.get(a);if(f)return f.count++,c.schemaPath.includes(a)&&(f.cycle=c.path),f.schema;let g={schema:{},count:1,cycle:void 0,path:c.path};b.seen.set(a,g);let h=a._zod.toJSONSchema?.();if(h)g.schema=h;else{let d={...c,schemaPath:[...c.schemaPath,a],path:c.path};if(a._zod.processJSONSchema)a._zod.processJSONSchema(b,g.schema,d);else{let c=g.schema,f=b.processors[e.type];if(!f)throw Error(`[toJSONSchema]: Non-representable type encountered: ${e.type}`);f(a,b,c,d)}let f=a._zod.parent;f&&(g.ref||(g.ref=f),gb(f,b,d),b.seen.get(f).isParent=!0)}let i=b.metadataRegistry.get(a);return i&&Object.assign(g.schema,i),"input"===b.io&&function a(b,c){let d=c??{seen:new Set};if(d.seen.has(b))return!1;d.seen.add(b);let e=b._zod.def;if("transform"===e.type)return!0;if("array"===e.type)return a(e.element,d);if("set"===e.type)return a(e.valueType,d);if("lazy"===e.type)return a(e.getter(),d);if("promise"===e.type||"optional"===e.type||"nonoptional"===e.type||"nullable"===e.type||"readonly"===e.type||"default"===e.type||"prefault"===e.type)return a(e.innerType,d);if("intersection"===e.type)return a(e.left,d)||a(e.right,d);if("record"===e.type||"map"===e.type)return a(e.keyType,d)||a(e.valueType,d);if("pipe"===e.type)return!!b._zod.traits.has("$ZodCodec")||a(e.in,d)||a(e.out,d);if("object"===e.type){for(let b in e.shape)if(a(e.shape[b],d))return!0;return!1}if("union"===e.type){for(let b of e.options)if(a(b,d))return!0;return!1}if("tuple"===e.type){for(let b of e.items)if(a(b,d))return!0;if(e.rest&&a(e.rest,d))return!0}return!1}(a)&&(delete g.schema.examples,delete g.schema.default),"input"===b.io&&"_prefault"in g.schema&&((d=g.schema).default??(d.default=g.schema._prefault)),delete g.schema._prefault,b.seen.get(a).schema}function gc(a,b){let c=a.seen.get(b);if(!c)throw Error("Unprocessed schema. This is a bug in Zod.");let d=new Map;for(let b of a.seen.entries()){let c=a.metadataRegistry.get(b[0])?.id;if(c){let a=d.get(c);if(a&&a!==b[0])throw Error(`Duplicate schema id "${c}" detected during JSON Schema conversion. Two different schemas cannot share the same id when converted together.`);d.set(c,b[0])}}let e=b=>{if(b[1].schema.$ref)return;let d=b[1],{ref:e,defId:f}=(b=>{let d="draft-2020-12"===a.target?"$defs":"definitions";if(a.external){let c=a.external.registry.get(b[0])?.id,e=a.external.uri??(a=>a);if(c)return{ref:e(c)};let f=b[1].defId??b[1].schema.id??`schema${a.counter++}`;return b[1].defId=f,{defId:f,ref:`${e("__shared")}#/${d}/${f}`}}if(b[1]===c)return{ref:"#"};let e=`#/${d}/`,f=b[1].schema.id??`__schema${a.counter++}`;return{defId:f,ref:e+f}})(b);d.def={...d.schema},f&&(d.defId=f);let g=d.schema;for(let a in g)delete g[a];g.$ref=e};if("throw"===a.cycles)for(let b of a.seen.entries()){let a=b[1];if(a.cycle)throw Error(`Cycle detected: #/${a.cycle?.join("/")}/<root>
|
|
61
|
+
|
|
62
|
+
Set the \`cycles\` parameter to \`"ref"\` to resolve cyclical schemas with defs.`)}for(let c of a.seen.entries()){let d=c[1];if(b===c[0]){e(c);continue}if(a.external){let d=a.external.registry.get(c[0])?.id;if(b!==c[0]&&d){e(c);continue}}if(a.metadataRegistry.get(c[0])?.id||d.cycle||d.count>1&&"ref"===a.reused){e(c);continue}}}function gd(a,b){let c=a.seen.get(b);if(!c)throw Error("Unprocessed schema. This is a bug in Zod.");let d=b=>{let c=a.seen.get(b);if(null===c.ref)return;let e=c.def??c.schema,f={...e},g=c.ref;if(c.ref=null,g){d(g);let c=a.seen.get(g),h=c.schema;if(h.$ref&&("draft-07"===a.target||"draft-04"===a.target||"openapi-3.0"===a.target)?(e.allOf=e.allOf??[],e.allOf.push(h)):Object.assign(e,h),Object.assign(e,f),b._zod.parent===g)for(let a in e)"$ref"!==a&&"allOf"!==a&&(a in f||delete e[a]);if(h.$ref&&c.def)for(let a in e)"$ref"!==a&&"allOf"!==a&&a in c.def&&JSON.stringify(e[a])===JSON.stringify(c.def[a])&&delete e[a]}let h=b._zod.parent;if(h&&h!==g){d(h);let b=a.seen.get(h);if(b?.schema.$ref&&(e.$ref=b.schema.$ref,b.def))for(let a in e)"$ref"!==a&&"allOf"!==a&&a in b.def&&JSON.stringify(e[a])===JSON.stringify(b.def[a])&&delete e[a]}a.override({zodSchema:b,jsonSchema:e,path:c.path??[]})};for(let b of[...a.seen.entries()].reverse())d(b[0]);let e={};if("draft-2020-12"===a.target?e.$schema="https://json-schema.org/draft/2020-12/schema":"draft-07"===a.target?e.$schema="http://json-schema.org/draft-07/schema#":"draft-04"===a.target?e.$schema="http://json-schema.org/draft-04/schema#":a.target,a.external?.uri){let c=a.external.registry.get(b)?.id;if(!c)throw Error("Schema is missing an `id` property");e.$id=a.external.uri(c)}Object.assign(e,c.def??c.schema);let f=a.metadataRegistry.get(b)?.id;void 0!==f&&e.id===f&&delete e.id;let g=a.external?.defs??{};for(let b of a.seen.entries()){let a=b[1];a.def&&a.defId&&(a.def.id===a.defId&&delete a.def.id,g[a.defId]=a.def)}a.external||Object.keys(g).length>0&&("draft-2020-12"===a.target?e.$defs=g:e.definitions=g);try{let c=JSON.parse(JSON.stringify(e));return Object.defineProperty(c,"~standard",{value:{...b["~standard"],jsonSchema:{input:ge(b,"input",a.processors),output:ge(b,"output",a.processors)}},enumerable:!1,writable:!1}),c}catch(a){throw Error("Error converting schema to JSON.")}}let ge=(a,b,c={})=>d=>{let{libraryOptions:e,target:f}=d??{},g=ga({...e??{},target:f,io:b,processors:c});return gb(a,g),gc(g,a),gd(g,a)},gf={guid:"uuid",url:"uri",datetime:"date-time",json_string:"json-string",regex:""},gg=(a,b,c,d)=>{let e=a._zod.def;gb(e.innerType,b,d),b.seen.get(a).ref=e.innerType},gh=cQ("ZodISODateTime",(a,b)=>{e_.init(a,b),gE.init(a,b)}),gi=cQ("ZodISODate",(a,b)=>{e0.init(a,b),gE.init(a,b)}),gj=cQ("ZodISOTime",(a,b)=>{e1.init(a,b),gE.init(a,b)}),gk=cQ("ZodISODuration",(a,b)=>{e2.init(a,b),gE.init(a,b)}),gl=cQ("ZodError",(a,b)=>{eC.init(a,b),a.name="ZodError",Object.defineProperties(a,{format:{value:b=>(function(a,b=a=>a.message){let c={_errors:[]},d=(a,e=[])=>{for(let f of a.issues)if("invalid_union"===f.code&&f.errors.length)f.errors.map(a=>d({issues:a},[...e,...f.path]));else if("invalid_key"===f.code)d({issues:f.issues},[...e,...f.path]);else if("invalid_element"===f.code)d({issues:f.issues},[...e,...f.path]);else{let a=[...e,...f.path];if(0===a.length)c._errors.push(b(f));else{let d=c,e=0;for(;e<a.length;){let c=a[e];e===a.length-1?(d[c]=d[c]||{_errors:[]},d[c]._errors.push(b(f))):d[c]=d[c]||{_errors:[]},d=d[c],e++}}}};return d(a),c})(a,b)},flatten:{value:b=>(function(a,b=a=>a.message){let c={},d=[];for(let e of a.issues)e.path.length>0?(c[e.path[0]]=c[e.path[0]]||[],c[e.path[0]].push(b(e))):d.push(b(e));return{formErrors:d,fieldErrors:c}})(a,b)},addIssue:{value:b=>{a.issues.push(b),a.message=JSON.stringify(a.issues,cW,2)}},addIssues:{value:b=>{a.issues.push(...b),a.message=JSON.stringify(a.issues,cW,2)}},isEmpty:{get:()=>0===a.issues.length}})},{Parent:Error}),gm=eE(gl),gn=eG(gl),go=eI(gl),gp=eK(gl),gq=(a,b,c)=>{let d=c?{...c,direction:"backward"}:{direction:"backward"};return eE(gl)(a,b,d)},gr=(a,b,c)=>eE(gl)(a,b,c),gs=async(a,b,c)=>{let d=c?{...c,direction:"backward"}:{direction:"backward"};return eG(gl)(a,b,d)},gt=async(a,b,c)=>eG(gl)(a,b,c),gu=(a,b,c)=>{let d=c?{...c,direction:"backward"}:{direction:"backward"};return eI(gl)(a,b,d)},gv=(a,b,c)=>eI(gl)(a,b,c),gw=async(a,b,c)=>{let d=c?{...c,direction:"backward"}:{direction:"backward"};return eK(gl)(a,b,d)},gx=async(a,b,c)=>eK(gl)(a,b,c),gy=new WeakMap;function gz(a,b,c){let d=Object.getPrototypeOf(a),e=gy.get(d);if(e||(e=new Set,gy.set(d,e)),!e.has(b))for(let a in e.add(b),c){let b=c[a];Object.defineProperty(d,a,{configurable:!0,enumerable:!1,get(){let c=b.bind(this);return Object.defineProperty(this,a,{configurable:!0,writable:!0,enumerable:!0,value:c}),c},set(b){Object.defineProperty(this,a,{configurable:!0,writable:!0,enumerable:!0,value:b})}})}}let gA=cQ("ZodType",(a,b)=>(eN.init(a,b),Object.assign(a["~standard"],{jsonSchema:{input:ge(a,"input"),output:ge(a,"output")}}),a.toJSONSchema=((a,b={})=>c=>{let d=ga({...c,processors:b});return gb(a,d),gc(d,a),gd(d,a)})(a,{}),a.def=b,a.type=b.type,Object.defineProperty(a,"_def",{value:b}),a.parse=(b,c)=>gm(a,b,c,{callee:a.parse}),a.safeParse=(b,c)=>go(a,b,c),a.parseAsync=async(b,c)=>gn(a,b,c,{callee:a.parseAsync}),a.safeParseAsync=async(b,c)=>gp(a,b,c),a.spa=a.safeParseAsync,a.encode=(b,c)=>gq(a,b,c),a.decode=(b,c)=>gr(a,b,c),a.encodeAsync=async(b,c)=>gs(a,b,c),a.decodeAsync=async(b,c)=>gt(a,b,c),a.safeEncode=(b,c)=>gu(a,b,c),a.safeDecode=(b,c)=>gv(a,b,c),a.safeEncodeAsync=async(b,c)=>gw(a,b,c),a.safeDecodeAsync=async(b,c)=>gx(a,b,c),gz(a,"ZodType",{check(...a){let b=this.def;return this.clone(f9.mergeDefs(b,{checks:[...b.checks??[],...a.map(a=>"function"==typeof a?{_zod:{check:a,def:{check:"custom"},onattach:[]}}:a)]}),{parent:!0})},with(...a){return this.check(...a)},clone(a,b){return dc(this,a,b)},brand(){return this},register(a,b){return a.add(this,b),this},refine(a,b){return this.check(function(a,b={}){return new hw({type:"custom",check:"custom",fn:a,...dd(b)})}(a,b))},superRefine(a,b){return this.check(function(a,b){var c;let d,e;return c=b=>(b.addIssue=a=>{"string"==typeof a?b.issues.push(dq(a,b.value,d._zod.def)):(a.fatal&&(a.continue=!1),a.code??(a.code="custom"),a.input??(a.input=b.value),a.inst??(a.inst=d),a.continue??(a.continue=!d._zod.def.abort),b.issues.push(dq(a)))},a(b.value,b)),(e=new ef({check:"custom",...dd(b)}))._zod.check=c,d=e}(a,b))},overwrite(a){return this.check(f8(a))},optional(){return hl(this)},exactOptional(){var a;return a=this,new hm({type:"optional",innerType:a})},nullable(){return ho(this)},nullish(){return hl(ho(this))},nonoptional(a){var b,c;return b=this,c=a,new hr({type:"nonoptional",innerType:b,...f9.normalizeParams(c)})},array(){return ha(this)},or(a){return new hd({type:"union",options:[this,a],...f9.normalizeParams(void 0)})},and(a){var b;return b=this,new he({type:"intersection",left:b,right:a})},transform(a){return hu(this,new hj({type:"transform",transform:a}))},default(a){var b,c;return b=this,c=a,new hp({type:"default",innerType:b,get defaultValue(){return"function"==typeof c?c():f9.shallowClone(c)}})},prefault(a){var b,c;return b=this,c=a,new hq({type:"prefault",innerType:b,get defaultValue(){return"function"==typeof c?c():f9.shallowClone(c)}})},catch(a){var b,c;return b=this,new hs({type:"catch",innerType:b,catchValue:"function"==typeof(c=a)?c:()=>c})},pipe(a){return hu(this,a)},readonly(){var a;return a=this,new hv({type:"readonly",innerType:a})},describe(a){let b=this.clone();return fX.add(b,{description:a}),b},meta(...a){if(0===a.length)return fX.get(this);let b=this.clone();return fX.add(b,a[0]),b},isOptional(){return this.safeParse(void 0).success},isNullable(){return this.safeParse(null).success},apply(a){return a(this)}}),Object.defineProperty(a,"description",{get:()=>fX.get(a)?.description,configurable:!0}),a)),gB=cQ("_ZodString",(a,b)=>{eO.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{c.type="string";let{minimum:e,maximum:f,format:g,patterns:h,contentEncoding:i}=a._zod.bag;if("number"==typeof e&&(c.minLength=e),"number"==typeof f&&(c.maxLength=f),g&&(c.format=gf[g]??g,""===c.format&&delete c.format,"time"===g&&delete c.format),i&&(c.contentEncoding=i),h&&h.size>0){let a=[...h];1===a.length?c.pattern=a[0].source:a.length>1&&(c.allOf=[...a.map(a=>({..."draft-07"===b.target||"draft-04"===b.target||"openapi-3.0"===b.target?{type:"string"}:{},pattern:a.source}))])}})(a,b,c,0);let c=a._zod.bag;a.format=c.format??null,a.minLength=c.minimum??null,a.maxLength=c.maximum??null,gz(a,"_ZodString",{regex(...a){return this.check(function(a,b){return new et({check:"string_format",format:"regex",...dd(b),pattern:a})}(...a))},includes(...a){return this.check(function(a,b){return new ew({check:"string_format",format:"includes",...dd(b),includes:a})}(...a))},startsWith(...a){return this.check(function(a,b){return new ex({check:"string_format",format:"starts_with",...dd(b),prefix:a})}(...a))},endsWith(...a){return this.check(function(a,b){return new ey({check:"string_format",format:"ends_with",...dd(b),suffix:a})}(...a))},min(...a){return this.check(f6(...a))},max(...a){return this.check(f5(...a))},length(...a){return this.check(f7(...a))},nonempty(...a){return this.check(f6(1,...a))},lowercase(a){return this.check(new eu({check:"string_format",format:"lowercase",...dd(a)}))},uppercase(a){return this.check(new ev({check:"string_format",format:"uppercase",...dd(a)}))},trim(){return this.check(f8(a=>a.trim()))},normalize(...a){return this.check(function(a){return f8(b=>b.normalize(a))}(...a))},toLowerCase(){return this.check(f8(a=>a.toLowerCase()))},toUpperCase(){return this.check(f8(a=>a.toUpperCase()))},slugify(){return this.check(f8(a=>c4(a)))}})}),gC=cQ("ZodString",(a,b)=>{eO.init(a,b),gB.init(a,b),a.email=b=>a.check(fY(gF,b)),a.url=b=>a.check(new gI({type:"string",format:"url",check:"string_format",abort:!1,...dd(b)})),a.jwt=b=>a.check(new gX({type:"string",format:"jwt",check:"string_format",abort:!1,...dd(b)})),a.emoji=b=>a.check(new gJ({type:"string",format:"emoji",check:"string_format",abort:!1,...dd(b)})),a.guid=b=>a.check(fZ(gG,b)),a.uuid=b=>a.check(new gH({type:"string",format:"uuid",check:"string_format",abort:!1,...dd(b)})),a.uuidv4=b=>a.check(new gH({type:"string",format:"uuid",check:"string_format",abort:!1,version:"v4",...dd(b)})),a.uuidv6=b=>a.check(new gH({type:"string",format:"uuid",check:"string_format",abort:!1,version:"v6",...dd(b)})),a.uuidv7=b=>a.check(new gH({type:"string",format:"uuid",check:"string_format",abort:!1,version:"v7",...dd(b)})),a.nanoid=b=>a.check(new gK({type:"string",format:"nanoid",check:"string_format",abort:!1,...dd(b)})),a.guid=b=>a.check(fZ(gG,b)),a.cuid=b=>a.check(new gL({type:"string",format:"cuid",check:"string_format",abort:!1,...dd(b)})),a.cuid2=b=>a.check(new gM({type:"string",format:"cuid2",check:"string_format",abort:!1,...dd(b)})),a.ulid=b=>a.check(new gN({type:"string",format:"ulid",check:"string_format",abort:!1,...dd(b)})),a.base64=b=>a.check(new gU({type:"string",format:"base64",check:"string_format",abort:!1,...dd(b)})),a.base64url=b=>a.check(new gV({type:"string",format:"base64url",check:"string_format",abort:!1,...dd(b)})),a.xid=b=>a.check(new gO({type:"string",format:"xid",check:"string_format",abort:!1,...dd(b)})),a.ksuid=b=>a.check(new gP({type:"string",format:"ksuid",check:"string_format",abort:!1,...dd(b)})),a.ipv4=b=>a.check(f$(gQ,b)),a.ipv6=b=>a.check(f_(gR,b)),a.cidrv4=b=>a.check(new gS({type:"string",format:"cidrv4",check:"string_format",abort:!1,...dd(b)})),a.cidrv6=b=>a.check(new gT({type:"string",format:"cidrv6",check:"string_format",abort:!1,...dd(b)})),a.e164=b=>a.check(new gW({type:"string",format:"e164",check:"string_format",abort:!1,...dd(b)})),a.datetime=b=>a.check(new gh({type:"string",format:"datetime",check:"string_format",offset:!1,local:!1,precision:null,...dd(b)})),a.date=b=>a.check(new gi({type:"string",format:"date",check:"string_format",...dd(b)})),a.time=b=>a.check(new gj({type:"string",format:"time",check:"string_format",precision:null,...dd(b)})),a.duration=b=>a.check(new gk({type:"string",format:"duration",check:"string_format",...dd(b)}))});function gD(a){return new gC({type:"string",...dd(a)})}let gE=cQ("ZodStringFormat",(a,b)=>{eP.init(a,b),gB.init(a,b)}),gF=cQ("ZodEmail",(a,b)=>{eS.init(a,b),gE.init(a,b)}),gG=cQ("ZodGUID",(a,b)=>{eQ.init(a,b),gE.init(a,b)}),gH=cQ("ZodUUID",(a,b)=>{eR.init(a,b),gE.init(a,b)}),gI=cQ("ZodURL",(a,b)=>{eT.init(a,b),gE.init(a,b)}),gJ=cQ("ZodEmoji",(a,b)=>{eU.init(a,b),gE.init(a,b)}),gK=cQ("ZodNanoID",(a,b)=>{eV.init(a,b),gE.init(a,b)}),gL=cQ("ZodCUID",(a,b)=>{eW.init(a,b),gE.init(a,b)}),gM=cQ("ZodCUID2",(a,b)=>{eX.init(a,b),gE.init(a,b)}),gN=cQ("ZodULID",(a,b)=>{eY.init(a,b),gE.init(a,b)}),gO=cQ("ZodXID",(a,b)=>{eZ.init(a,b),gE.init(a,b)}),gP=cQ("ZodKSUID",(a,b)=>{e$.init(a,b),gE.init(a,b)}),gQ=cQ("ZodIPv4",(a,b)=>{e3.init(a,b),gE.init(a,b)}),gR=cQ("ZodIPv6",(a,b)=>{e4.init(a,b),gE.init(a,b)}),gS=cQ("ZodCIDRv4",(a,b)=>{e5.init(a,b),gE.init(a,b)}),gT=cQ("ZodCIDRv6",(a,b)=>{e6.init(a,b),gE.init(a,b)}),gU=cQ("ZodBase64",(a,b)=>{e8.init(a,b),gE.init(a,b)}),gV=cQ("ZodBase64URL",(a,b)=>{e9.init(a,b),gE.init(a,b)}),gW=cQ("ZodE164",(a,b)=>{fa.init(a,b),gE.init(a,b)}),gX=cQ("ZodJWT",(a,b)=>{fb.init(a,b),gE.init(a,b)}),gY=cQ("ZodNumber",(a,b)=>{fc.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{let{minimum:e,maximum:f,format:g,multipleOf:h,exclusiveMaximum:i,exclusiveMinimum:j}=a._zod.bag;"string"==typeof g&&g.includes("int")?c.type="integer":c.type="number";let k="number"==typeof j&&j>=(e??-1/0),l="number"==typeof i&&i<=(f??1/0),m="draft-04"===b.target||"openapi-3.0"===b.target;k?m?(c.minimum=j,c.exclusiveMinimum=!0):c.exclusiveMinimum=j:"number"==typeof e&&(c.minimum=e),l?m?(c.maximum=i,c.exclusiveMaximum=!0):c.exclusiveMaximum=i:"number"==typeof f&&(c.maximum=f),"number"==typeof h&&(c.multipleOf=h)})(a,b,c,0),gz(a,"ZodNumber",{gt(a,b){return this.check(f2(a,b))},gte(a,b){return this.check(f3(a,b))},min(a,b){return this.check(f3(a,b))},lt(a,b){return this.check(f0(a,b))},lte(a,b){return this.check(f1(a,b))},max(a,b){return this.check(f1(a,b))},int(a){return this.check(g_(a))},safe(a){return this.check(g_(a))},positive(a){return this.check(f2(0,a))},nonnegative(a){return this.check(f3(0,a))},negative(a){return this.check(f0(0,a))},nonpositive(a){return this.check(f1(0,a))},multipleOf(a,b){return this.check(f4(a,b))},step(a,b){return this.check(f4(a,b))},finite(){return this}});let c=a._zod.bag;a.minValue=Math.max(c.minimum??-1/0,c.exclusiveMinimum??-1/0)??null,a.maxValue=Math.min(c.maximum??1/0,c.exclusiveMaximum??1/0)??null,a.isInt=(c.format??"").includes("int")||Number.isSafeInteger(c.multipleOf??.5),a.isFinite=!0,a.format=c.format??null});function gZ(a){return new gY({type:"number",checks:[],...dd(a)})}let g$=cQ("ZodNumberFormat",(a,b)=>{fd.init(a,b),gY.init(a,b)});function g_(a){return new g$({type:"number",check:"number_format",abort:!1,format:"safeint",...dd(a)})}let g0=cQ("ZodBoolean",(a,b)=>{fe.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>{b.type="boolean"}});function g1(a){return new g0({type:"boolean",...dd(a)})}let g2=cQ("ZodBigInt",(a,b)=>{ff.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>((a,b,c,d)=>{if("throw"===b.unrepresentable)throw Error("BigInt cannot be represented in JSON Schema")})(0,a,0,0),a.gte=(b,c)=>a.check(f3(b,c)),a.min=(b,c)=>a.check(f3(b,c)),a.gt=(b,c)=>a.check(f2(b,c)),a.gte=(b,c)=>a.check(f3(b,c)),a.min=(b,c)=>a.check(f3(b,c)),a.lt=(b,c)=>a.check(f0(b,c)),a.lte=(b,c)=>a.check(f1(b,c)),a.max=(b,c)=>a.check(f1(b,c)),a.positive=b=>a.check(f2(BigInt(0),b)),a.negative=b=>a.check(f0(BigInt(0),b)),a.nonpositive=b=>a.check(f1(BigInt(0),b)),a.nonnegative=b=>a.check(f3(BigInt(0),b)),a.multipleOf=(b,c)=>a.check(f4(b,c));let c=a._zod.bag;a.minValue=c.minimum??null,a.maxValue=c.maximum??null,a.format=c.format??null}),g3=cQ("ZodAny",(a,b)=>{fg.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>{}});function g4(){return new g3({type:"any"})}let g5=cQ("ZodUnknown",(a,b)=>{fh.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>{}});function g6(){return new g5({type:"unknown"})}let g7=cQ("ZodNever",(a,b)=>{fi.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>{b.not={}}}),g8=cQ("ZodDate",(a,b)=>{fj.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>((a,b,c,d)=>{if("throw"===b.unrepresentable)throw Error("Date cannot be represented in JSON Schema")})(0,a,0,0),a.min=(b,c)=>a.check(f3(b,c)),a.max=(b,c)=>a.check(f1(b,c));let c=a._zod.bag;a.minDate=c.minimum?new Date(c.minimum):null,a.maxDate=c.maximum?new Date(c.maximum):null}),g9=cQ("ZodArray",(a,b)=>{fl.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{let e=a._zod.def,{minimum:f,maximum:g}=a._zod.bag;"number"==typeof f&&(c.minItems=f),"number"==typeof g&&(c.maxItems=g),c.type="array",c.items=gb(e.element,b,{...d,path:[...d.path,"items"]})})(a,b,c,d),a.element=b.element,gz(a,"ZodArray",{min(a,b){return this.check(f6(a,b))},nonempty(a){return this.check(f6(1,a))},max(a,b){return this.check(f5(a,b))},length(a,b){return this.check(f7(a,b))},unwrap(){return this.element}})});function ha(a,b){return new g9({type:"array",element:a,...dd(b)})}let hb=cQ("ZodObject",(a,b)=>{fq.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{let e=a._zod.def;c.type="object",c.properties={};let f=e.shape;for(let a in f)c.properties[a]=gb(f[a],b,{...d,path:[...d.path,"properties",a]});let g=new Set([...new Set(Object.keys(f))].filter(a=>{let c=e.shape[a]._zod;return"input"===b.io?void 0===c.optin:void 0===c.optout}));g.size>0&&(c.required=Array.from(g)),e.catchall?._zod.def.type==="never"?c.additionalProperties=!1:e.catchall?e.catchall&&(c.additionalProperties=gb(e.catchall,b,{...d,path:[...d.path,"additionalProperties"]})):"output"===b.io&&(c.additionalProperties=!1)})(a,b,c,d),f9.defineLazy(a,"shape",()=>b.shape),gz(a,"ZodObject",{keyof(){return hi(Object.keys(this._zod.def.shape))},catchall(a){return this.clone({...this._zod.def,catchall:a})},passthrough(){return this.clone({...this._zod.def,catchall:g6()})},loose(){return this.clone({...this._zod.def,catchall:g6()})},strict(){return this.clone({...this._zod.def,catchall:new g7({type:"never",...dd(void 0)})})},strip(){return this.clone({...this._zod.def,catchall:void 0})},extend(a){return f9.extend(this,a)},safeExtend(a){return f9.safeExtend(this,a)},merge(a){return f9.merge(this,a)},pick(a){return f9.pick(this,a)},omit(a){return f9.omit(this,a)},partial(...a){return f9.partial(hk,this,a[0])},required(...a){return f9.required(hr,this,a[0])}})});function hc(a,b){return new hb({type:"object",shape:a??{},...f9.normalizeParams(b)})}let hd=cQ("ZodUnion",(a,b)=>{fs.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{var e,f,g,h;let i,j,k;return e=a,f=b,g=c,h=d,j=!1===(i=e._zod.def).inclusive,k=i.options.map((a,b)=>gb(a,f,{...h,path:[...h.path,j?"oneOf":"anyOf",b]})),void(j?g.oneOf=k:g.anyOf=k)},a.options=b.options}),he=cQ("ZodIntersection",(a,b)=>{fu.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e,f,g,h;return f=gb((e=a._zod.def).left,b,{...d,path:[...d.path,"allOf",0]}),g=gb(e.right,b,{...d,path:[...d.path,"allOf",1]}),void(c.allOf=[...(h=a=>"allOf"in a&&1===Object.keys(a).length)(f)?f.allOf:[f],...h(g)?g.allOf:[g]])}}),hf=cQ("ZodRecord",(a,b)=>{fA.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{let e=a._zod.def;c.type="object";let f=e.keyType,g=f._zod.bag,h=g?.patterns;if("loose"===e.mode&&h&&h.size>0){let a=gb(e.valueType,b,{...d,path:[...d.path,"patternProperties","*"]});for(let b of(c.patternProperties={},h))c.patternProperties[b.source]=a}else("draft-07"===b.target||"draft-2020-12"===b.target)&&(c.propertyNames=gb(e.keyType,b,{...d,path:[...d.path,"propertyNames"]})),c.additionalProperties=gb(e.valueType,b,{...d,path:[...d.path,"additionalProperties"]});let i=f._zod.values;if(i){let a=[...i].filter(a=>"string"==typeof a||"number"==typeof a);a.length>0&&(c.required=a)}})(a,b,c,d),a.keyType=b.keyType,a.valueType=b.valueType});function hg(a,b,c){return new hf(b&&b._zod?{type:"record",keyType:a,valueType:b,...f9.normalizeParams(c)}:{type:"record",keyType:gD(),valueType:a,...f9.normalizeParams(b)})}let hh=cQ("ZodEnum",(a,b)=>{fD.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e;(e=cV(a._zod.def.entries)).every(a=>"number"==typeof a)&&(c.type="number"),e.every(a=>"string"==typeof a)&&(c.type="string"),c.enum=e},a.enum=b.entries,a.options=Object.values(b.entries);let c=new Set(Object.keys(b.entries));a.extract=(a,d)=>{let e={};for(let d of a)if(c.has(d))e[d]=b.entries[d];else throw Error(`Key ${d} not found in enum`);return new hh({...b,checks:[],...f9.normalizeParams(d),entries:e})},a.exclude=(a,d)=>{let e={...b.entries};for(let b of a)if(c.has(b))delete e[b];else throw Error(`Key ${b} not found in enum`);return new hh({...b,checks:[],...f9.normalizeParams(d),entries:e})}});function hi(a,b){return new hh({type:"enum",entries:Array.isArray(a)?Object.fromEntries(a.map(a=>[a,a])):a,...f9.normalizeParams(b)})}let hj=cQ("ZodTransform",(a,b)=>{fE.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>((a,b,c,d)=>{if("throw"===b.unrepresentable)throw Error("Transforms cannot be represented in JSON Schema")})(0,a,0,0),a._zod.parse=(c,d)=>{if("backward"===d.direction)throw new cS(a.constructor.name);c.addIssue=d=>{"string"==typeof d?c.issues.push(f9.issue(d,c.value,b)):(d.fatal&&(d.continue=!1),d.code??(d.code="custom"),d.input??(d.input=c.value),d.inst??(d.inst=a),c.issues.push(f9.issue(d)))};let e=b.transform(c.value,c);return e instanceof Promise?e.then(a=>(c.value=a,c.fallback=!0,c)):(c.value=e,c.fallback=!0,c)}}),hk=cQ("ZodOptional",(a,b)=>{fG.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>gg(a,b,c,d),a.unwrap=()=>a._zod.def.innerType});function hl(a){return new hk({type:"optional",innerType:a})}let hm=cQ("ZodExactOptional",(a,b)=>{fH.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>gg(a,b,c,d),a.unwrap=()=>a._zod.def.innerType}),hn=cQ("ZodNullable",(a,b)=>{fI.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e,f,g;return f=gb((e=a._zod.def).innerType,b,d),g=b.seen.get(a),void("openapi-3.0"===b.target?(g.ref=e.innerType,c.nullable=!0):c.anyOf=[f,{type:"null"}])},a.unwrap=()=>a._zod.def.innerType});function ho(a){return new hn({type:"nullable",innerType:a})}let hp=cQ("ZodDefault",(a,b)=>{fJ.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e;gb((e=a._zod.def).innerType,b,d),b.seen.get(a).ref=e.innerType,c.default=JSON.parse(JSON.stringify(e.defaultValue))},a.unwrap=()=>a._zod.def.innerType,a.removeDefault=a.unwrap}),hq=cQ("ZodPrefault",(a,b)=>{fL.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e;gb((e=a._zod.def).innerType,b,d),b.seen.get(a).ref=e.innerType,"input"===b.io&&(c._prefault=JSON.parse(JSON.stringify(e.defaultValue)))},a.unwrap=()=>a._zod.def.innerType}),hr=cQ("ZodNonOptional",(a,b)=>{fM.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e;gb((e=a._zod.def).innerType,b,d),b.seen.get(a).ref=e.innerType},a.unwrap=()=>a._zod.def.innerType}),hs=cQ("ZodCatch",(a,b)=>{fO.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>((a,b,c,d)=>{let e,f=a._zod.def;gb(f.innerType,b,d),b.seen.get(a).ref=f.innerType;try{e=f.catchValue(void 0)}catch{throw Error("Dynamic catch values are not supported in JSON Schema")}c.default=e})(a,b,c,d),a.unwrap=()=>a._zod.def.innerType,a.removeCatch=a.unwrap}),ht=cQ("ZodPipe",(a,b)=>{fP.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e,f,g;return f=(e=a._zod.def).in._zod.traits.has("$ZodTransform"),void(gb(g="input"===b.io?f?e.out:e.in:e.out,b,d),b.seen.get(a).ref=g)},a.in=b.in,a.out=b.out});function hu(a,b){return new ht({type:"pipe",in:a,out:b})}let hv=cQ("ZodReadonly",(a,b)=>{fT.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(b,c,d)=>{let e;gb((e=a._zod.def).innerType,b,d),b.seen.get(a).ref=e.innerType,c.readOnly=!0},a.unwrap=()=>a._zod.def.innerType}),hw=cQ("ZodCustom",(a,b)=>{fV.init(a,b),gA.init(a,b),a._zod.processJSONSchema=(a,b,c)=>((a,b,c,d)=>{if("throw"===b.unrepresentable)throw Error("Custom types cannot be represented in JSON Schema")})(0,a,0,0)});a.s(["bigint",0,function(a){return new g2({type:"bigint",coerce:!0,...dd(a)})},"boolean",0,function(a){return new g0({type:"boolean",coerce:!0,...dd(a)})},"date",0,function(a){return new g8({type:"date",coerce:!0,...dd(a)})},"number",0,function(a){return new gY({type:"number",coerce:!0,checks:[],...dd(a)})},"string",0,function(a){return new gC({type:"string",coerce:!0,...dd(a)})}],461713);var hx=a.i(461713),hx=hx;function hy(a){let b=a.split("."),c=parseInt(b[b.length-1]||"0",10);return isNaN(c)?0:c}function hz(a,b){let c={};for(let d in a)c[d]={name:d,value:"",attributes:{...b,maxAge:0}};return c}let hA=a=>(b,c,d)=>{let e=function(a,b){let c={};for(let[d,e]of cO(b.headers?.get("cookie")||""))d.startsWith(a)&&(c[d]=e);return c}(b,d),f=d.context.logger;return{getValue:()=>Object.keys(e).sort((a,b)=>hy(a)-hy(b)).map(a=>e[a]).join(""),hasChunks:()=>Object.keys(e).length>0,chunk(d,g){let h=hz(e,c);for(let a in e)delete e[a];for(let i of function(a,b,c,d){let e=Math.ceil(b.value.length/3896);if(1===e)return c[b.name]=b.value,[b];let f=[];for(let a=0;a<e;a++){let d=`${b.name}.${a}`,e=3896*a,g=b.value.substring(e,e+3896);f.push({...b,name:d,value:g}),c[d]=g}return d.debug(`CHUNKING_${a.toUpperCase()}_COOKIE`,{message:`${a} cookie exceeds allowed 4096 bytes.`,emptyCookieSize:200,valueSize:b.value.length,chunkCount:e,chunks:f.map(a=>a.value.length+200)}),f}(a,{name:b,value:d,attributes:{...c,...g}},e,f))h[i.name]=i;return Object.values(h)},clean(){let a=hz(e,c);for(let a in e)delete e[a];return Object.values(a)},setCookies(a){for(let b of a)d.setCookie(b.name,b.value,b.attributes)}}},hB=hA("Session"),hC=hA("Account");function hD(a,b){let c=a.getCookie(b);if(c)return c;let d=[],e=a.headers?.get("cookie");if(!e)return null;for(let[a,c]of cO(e))if(a.startsWith(b+".")){let b=parseInt(a.split(".").at(-1)||"0",10);isNaN(b)||d.push({index:b,value:c})}return d.length>0?(d.sort((a,b)=>a.index-b.index),d.map(a=>a.value).join("")):null}async function hE(a,b){let c=a.context.authCookies.accountData,d={maxAge:300,...c.attributes},e=await cu(b,a.context.secretConfig,"better-auth-account",d.maxAge);if(e.length>4096){let b=hC(c.name,d,a),f=b.chunk(e,d);b.setCookies(f)}else{let b=hC(c.name,d,a);if(b.hasChunks()){let a=b.clean();b.setCookies(a)}a.setCookie(c.name,e,d)}}async function hF(a){let b=hD(a,a.context.authCookies.accountData.name);if(b){let c=(0,cP.safeJSONParse)(await cw(b,a.context.secretConfig,"better-auth-account"));if(c)return c}return null}let hG=hl(hc({disableCookieCache:hx.boolean().meta({description:"Disable cookie cache and fetch session from database"}).optional(),disableRefresh:hx.boolean().meta({description:"Disable session refresh. Useful for checking session status, without updating the session"}).optional()}));function hH(a){return a?"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"}function hI(a,b,c){let d="",e=0,f=0;for(let c of a)for(e=e<<8|c,f+=8;f>=6;)f-=6,d+=b[e>>f&63];if(f>0&&(d+=b[e<<6-f&63]),c){let a=(4-d.length%4)%4;d+="=".repeat(a)}return d}function hJ(a,b){let c=new Map;for(let a=0;a<b.length;a++)c.set(b[a],a);let d=[],e=0,f=0;for(let b of a){if("="===b)break;let a=c.get(b);if(void 0===a)throw Error(`Invalid Base64 character: ${b}`);e=e<<6|a,(f+=6)>=8&&(f-=8,d.push(e>>f&255))}return Uint8Array.from(d)}let hK={encode(a,b={}){let c=hH(!1);return hI("string"==typeof a?new TextEncoder().encode(a):new Uint8Array(a),c,b.padding??!0)},decode(a){"string"!=typeof a&&(a=new TextDecoder().decode(a));let b=hH(a.includes("-")||a.includes("_"));return hJ(a,b)}},hL={encode(a,b={}){let c=hH(!0);return hI("string"==typeof a?new TextEncoder().encode(a):new Uint8Array(a),c,b.padding??!0)},decode(a){let b=hH(a.includes("-")||a.includes("_"));return hJ(a,b)}},hM=new Map,hN={decode:(a,b="utf-8")=>(hM.has(b)||hM.set(b,new TextDecoder(b)),hM.get(b).decode(a)),encode:new TextEncoder().encode};function hO(){let a="u">typeof globalThis&&globalThis.crypto;if(a&&"object"==typeof a.subtle&&null!=a.subtle)return a.subtle;throw Error("crypto.subtle must be defined")}let hP=(a="SHA-256",b="none")=>{let c={importKey:async(b,c)=>hO().importKey("raw","string"==typeof b?new TextEncoder().encode(b):b,{name:"HMAC",hash:{name:a}},!1,[c]),sign:async(a,d)=>{"string"==typeof a&&(a=await c.importKey(a,"sign"));let e=await hO().sign("HMAC",a,"string"==typeof d?new TextEncoder().encode(d):d);return"hex"===b?(a=>{if("string"==typeof a&&(a=new TextEncoder().encode(a)),0===a.byteLength)return"";let b=new Uint8Array(a),c="";for(let a of b)c+=a.toString(16).padStart(2,"0");return c})(e):"base64"===b||"base64url"===b||"base64urlnopad"===b?hL.encode(e,{padding:"base64urlnopad"!==b}):e},verify:async(a,d,e)=>("string"==typeof a&&(a=await c.importKey(a,"verify")),"hex"===b&&(e=(a=>{if(!a)return"";if("string"==typeof a){if(a.length%2!=0||!RegExp("^[0123456789abcdef]+$").test(a))throw Error("Invalid hexadecimal string");let b=new Uint8Array(a.length/2);for(let c=0;c<a.length;c+=2)b[c/2]=parseInt(a.slice(c,c+2),16);return new TextDecoder().decode(b)}return new TextDecoder().decode(a)})(e)),("base64"===b||"base64url"===b||"base64urlnopad"===b)&&(e=await hK.decode(e)),hO().verify("HMAC",a,"string"==typeof e?new TextEncoder().encode(e):e,"string"==typeof d?new TextEncoder().encode(d):d))};return c};function hQ(a){let b="string"==typeof a.baseURL?a.baseURL:void 0,c="object"==typeof a.baseURL&&null!==a.baseURL?a.baseURL.protocol:void 0,d=(a.advanced?.useSecureCookies!==void 0?a.advanced?.useSecureCookies:"https"===c||"http"!==c&&(b?b.startsWith("https://"):E.isProduction))?"__Secure-":"",e=!!a.advanced?.crossSubDomainCookies?.enabled,f=e?a.advanced?.crossSubDomainCookies?.domain||(b?new URL(b).hostname:void 0):void 0;if(e&&!f&&!K(a.baseURL))throw new y.BetterAuthError("baseURL is required when crossSubdomainCookies are enabled.");return function(b,c={}){let g=a.advanced?.cookiePrefix||"better-auth",h=a.advanced?.cookies?.[b]?.name||`${g}.${b}`,i=a.advanced?.cookies?.[b]?.attributes??{};return{name:`${d}${h}`,attributes:{secure:!!d,sameSite:"lax",path:"/",httpOnly:!0,...e?{domain:f}:{},...a.advanced?.defaultCookieAttributes,...c,...i}}}}function hR(a){let b=hQ(a),c=b("session_token",{maxAge:a.session?.expiresIn||Math.round(function(){let a,b=cH.exec("7d");if(!b||b[4]&&b[1])throw TypeError('Invalid time string format: "7d". Use formats like "7d", "30m", "1 hour", etc.');let c=parseFloat(b[2]),d=b[3].toLowerCase();switch(d){case"years":case"year":case"yrs":case"yr":case"y":a=315576e5*c;break;case"months":case"month":case"mo":a=2592e6*c;break;case"weeks":case"week":case"w":a=6048e5*c;break;case"days":case"day":case"d":a=864e5*c;break;case"hours":case"hour":case"hrs":case"hr":case"h":a=36e5*c;break;case"minutes":case"minute":case"mins":case"min":case"m":a=6e4*c;break;case"seconds":case"second":case"secs":case"sec":case"s":a=1e3*c;break;default:throw TypeError(`Unknown time unit: "${d}"`)}return"-"===b[1]||"ago"===b[4]?-a:a}()/1e3)}),d=b("session_data",{maxAge:a.session?.cookieCache?.maxAge||300}),e=b("account_data",{maxAge:a.session?.cookieCache?.maxAge||300}),f=b("dont_remember");return{sessionToken:{name:c.name,attributes:c.attributes},sessionData:{name:d.name,attributes:d.attributes},dontRememberToken:{name:f.name,attributes:f.attributes},accountData:{name:e.name,attributes:e.attributes}}}async function hS(a,b,c){let d;if(!a.context.options.session?.cookieCache?.enabled)return;let e=cy(b.session,a.context.options.session?.additionalFields),f=cB(a.context.options,b.user),g=a.context.options.session?.cookieCache?.version,h="1";if(g){if("string"==typeof g)h=g;else if("function"==typeof g){let a=g(b.session,b.user);h=O(a)?await a:a}}let i={session:e,user:f,updatedAt:Date.now(),version:h},j={...a.context.authCookies.sessionData.attributes,maxAge:c?void 0:a.context.authCookies.sessionData.attributes.maxAge},k=cG(j.maxAge||60,"sec").getTime(),l=a.context.options.session?.cookieCache?.strategy||"compact";if((d="jwe"===l?await cu(i,a.context.secretConfig,"better-auth-session",j.maxAge||300):"jwt"===l?await co(i,a.context.secret,j.maxAge||300):hL.encode(JSON.stringify({session:i,expiresAt:k,signature:await hP("SHA-256","base64urlnopad").sign(a.context.secret,JSON.stringify({...i,expiresAt:k}))}),{padding:!1})).length>4093){let b=hB(a.context.authCookies.sessionData.name,j,a),c=b.chunk(d,j);b.setCookies(c)}else{let b=hB(a.context.authCookies.sessionData.name,j,a);if(b.hasChunks()){let a=b.clean();b.setCookies(a)}a.setCookie(a.context.authCookies.sessionData.name,d,j)}if(a.context.options.account?.storeAccountCookie){let b=await hF(a);b&&await hE(a,b)}}async function hT(a,b,c,d){let e=await a.getSignedCookie(a.context.authCookies.dontRememberToken.name,a.context.secret);c=void 0!==c?c:!!e;let f=a.context.authCookies.sessionToken.attributes,g=c?void 0:a.context.sessionConfig.expiresIn;await a.setSignedCookie(a.context.authCookies.sessionToken.name,b.session.token,a.context.secret,{...f,maxAge:g,...d}),c&&await a.setSignedCookie(a.context.authCookies.dontRememberToken.name,"true",a.context.secret,a.context.authCookies.dontRememberToken.attributes),await hS(a,b,c),a.context.setNewSession(b)}function hU(a,b){!function(a,b){let c=new Set;a.responseHeaders&&c.add(a.responseHeaders),a.context?.responseHeaders&&c.add(a.context.responseHeaders);let d=`${b}=`,e=`${b}.`;for(let a of c){let b="function"==typeof a.getSetCookie?a.getSetCookie():cJ(a.get("set-cookie")||"");if(!b.length)continue;let c=b.filter(a=>!a.startsWith(d)&&!a.startsWith(e));if(c.length!==b.length)for(let b of(a.delete("set-cookie"),c))a.append("set-cookie",b)}}(a,b.name),a.setCookie(b.name,"",{...b.attributes,maxAge:0})}function hV(a,b){if(hU(a,a.context.authCookies.sessionToken),hU(a,a.context.authCookies.sessionData),a.context.options.account?.storeAccountCookie){hU(a,a.context.authCookies.accountData);let b=hC(a.context.authCookies.accountData.name,a.context.authCookies.accountData.attributes,a),c=b.clean();b.setCookies(c)}"cookie"===a.context.oauthConfig.storeStateStrategy&&hU(a,a.context.createAuthCookie("oauth_state"));let c=hB(a.context.authCookies.sessionData.name,a.context.authCookies.sessionData.attributes,a),d=c.clean();c.setCookies(d),b||hU(a,a.context.authCookies.dontRememberToken)}function hW(a){return f$(gQ,void 0).safeParse(a).success||f_(gR,void 0).safeParse(a).success}function hX(a){if(a.includes("::")){let b=a.split("::"),c=b[0]?b[0].split(":"):[],d=b[1]?b[1].split(":"):[],e=Array(8-c.length-d.length).fill("0000");return[...c.map(a=>a.padStart(4,"0")),...e,...d.map(a=>a.padStart(4,"0"))]}return a.split(":").map(a=>a.padStart(4,"0"))}function hY(a,b={}){if(f$(gQ,void 0).safeParse(a).success||!f_(gR,void 0).safeParse(a).success)return a.toLowerCase();let c=function(a){let b=a.toLowerCase();if(b.startsWith("::ffff:")){let a=b.substring(7);if(f$(gQ,void 0).safeParse(a).success)return a}let c=a.split(":");if(7===c.length&&c[5]?.toLowerCase()==="ffff"){let a=c[6];if(a&&f$(gQ,void 0).safeParse(a).success)return a}if(b.includes("::ffff:")||b.includes(":ffff:")){let b=hX(a);if(8===b.length&&"0000"===b[0]&&"0000"===b[1]&&"0000"===b[2]&&"0000"===b[3]&&"0000"===b[4]&&"ffff"===b[5]&&b[6]&&b[7])return`${Number.parseInt(b[6].substring(0,2),16)}.${Number.parseInt(b[6].substring(2,4),16)}.${Number.parseInt(b[7].substring(0,2),16)}.${Number.parseInt(b[7].substring(2,4),16)}`}return null}(a);if(c)return c.toLowerCase();var d=b.ipv6Subnet??64;let e=hX(a);if(void 0!==d&&d<128){let a=Math.max(0,Math.floor(d));return e.map(b=>{if(a<=0)return"0000";if(a>=16)return a-=16,b;let c=Number.parseInt(b,16)&(65535<<16-a&65535);return a=0,c.toString(16).padStart(4,"0")}).join(":").toLowerCase()}return e.join(":").toLowerCase()}function hZ(a,b){if(b.advanced?.ipAddress?.disableIpTracking)return null;let c="headers"in a?a.headers:a;for(let a of b.advanced?.ipAddress?.ipAddressHeaders||["x-forwarded-for"]){let d="get"in c?c.get(a):c[a];if("string"==typeof d){let a=d.split(",")[0].trim();if(hW(a))return hY(a,{ipv6Subnet:b.advanced?.ipAddress?.ipv6Subnet})}}return(0,E.isTest)()||(0,E.isDevelopment)()?"127.0.0.1":null}function h$(a,b){return{digest:async c=>{let d=new TextEncoder,e="string"==typeof c?d.encode(c):c,f=await hO().digest(a,e);return"hex"===b?Array.from(new Uint8Array(f)).map(a=>a.toString(16).padStart(2,"0")).join(""):"base64"===b||"base64url"===b||"base64urlnopad"===b?b.includes("url")?hL.encode(f,{padding:"base64urlnopad"!==b}):hK.encode(f):f}}}let h_=async a=>{let b=await h$("SHA-256").digest(new TextEncoder().encode(a));return hL.encode(new Uint8Array(b),{padding:!1})};async function h0(a,b){return b&&"plain"!==b?"hashed"===b?h_(a):"object"==typeof b&&"hash"in b?b.hash(a):a:a}function h1(a,b){if(b){if("object"==typeof b&&"default"in b){if(b.overrides){for(let[c,d]of Object.entries(b.overrides))if(a.startsWith(c))return d}return b.default}return b}}let h2=Symbol.for("better-auth:global"),h3=null,h4={},h5="1.6.12";function h6(){return globalThis[h2]||(globalThis[h2]={version:h5,epoch:1,context:h4},h3=globalThis[h2]),(h3=globalThis[h2]).version!==h5&&(h3.version=h5,h3.epoch++),globalThis[h2]}let h7=import("node:async_hooks").then(a=>a.AsyncLocalStorage).catch(a=>{if("AsyncLocalStorage"in globalThis)return globalThis.AsyncLocalStorage;throw console.warn("[better-auth] Warning: AsyncLocalStorage is not available in this environment. Some features may not work as expected."),console.warn("[better-auth] Please read more about this warning at https://better-auth.com/docs/installation#mount-handler"),console.warn("[better-auth] If you are using Cloudflare Workers, please see: https://developers.cloudflare.com/workers/configuration/compatibility-flags/#nodejs-compatibility-flag"),a});async function h8(){let a=await h7;if(null!==a)return a;throw Error("getAsyncLocalStorage is only available in server code")}let h9=async()=>{let a=h6();if(!a.context.adapterAsyncStorage){let b=await h8();a.context.adapterAsyncStorage=new b}return a.context.adapterAsyncStorage},ia=async a=>h9().then(b=>b.getStore()?.adapter||a).catch(()=>a),ib=async(a,b)=>{let c=!1;return h9().then(async d=>{let e,f;c=!0;let g=[],h=!1;try{e=await d.run({adapter:a,pendingHooks:g},b)}catch(a){f=a,h=!0}for(let a of g)await a();if(h)throw f;return e}).catch(a=>{if(!c)return b();throw a})},ic=async(a,b)=>h9().then(async c=>{let d,e,f=[],g=!1;try{d=await a.transaction(async a=>c.run({adapter:a,pendingHooks:f},b))}catch(a){g=!0,e=a}for(let a of f)await a();if(g)throw e;return d}).catch(a=>{throw a}),id=async a=>h9().then(b=>{let c=b.getStore();if(!c)return a();c.pendingHooks.push(a)}).catch(()=>a()),ie=async()=>{let a=h6();if(!a.context.endpointContextAsyncStorage){let b=await h8();a.context.endpointContextAsyncStorage=new b}return a.context.endpointContextAsyncStorage};async function ig(){let a=(await ie()).getStore();if(!a)throw Error("No auth context found. Please make sure you are calling this function within a `runWithEndpointContext` callback.");return a}async function ih(a,b){return(await ie()).run(a,b)}var ii=a.i(617751);let ij="better_auth.operation_id",ik="better_auth.hook.type",il="better_auth.context";var im=a.i(144200),io=a.i(713698);function ip(a,b=Date.now()){return Math.max(Math.floor((("number"==typeof a?a:a.getTime())-b)/1e3),0)}let iq=(a,b)=>{let c,d=b.logger,e=b.options,f=e.secondaryStorage,g=new Map,h=e.session?.expiresIn||604800,{createWithHooks:i,updateWithHooks:j,updateManyWithHooks:k,deleteWithHooks:l,deleteManyWithHooks:m,consumeOneWithHooks:n}=(c=b.hooks,{createWithHooks:async function(b,d,e){let f=await ig().catch(()=>null),g=b;for(let{source:a,hooks:b}of c){let c=b[d]?.create?.before;if(c){let b=await (0,im.withSpan)(`db create.before ${d}`,{[ik]:"create.before",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:a},()=>c(g,f));if(!1===b)return null;"object"==typeof b&&"data"in b&&(g={...g,...b.data})}}let h=null;for(let{source:b,hooks:i}of((!e||e.executeMainFn)&&(h=await (await ia(a)).create({model:d,data:g,forceAllowId:!0})),e?.fn&&(h=await e.fn(h??g)),c)){let a=i[d]?.create?.after;a&&await id(async()=>{await (0,im.withSpan)(`db create.after ${d}`,{[ik]:"create.after",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:b},()=>a(h,f))})}return h},updateWithHooks:async function(b,d,e,f){let g=await ig().catch(()=>null),h=b;for(let{source:a,hooks:d}of c){let c=d[e]?.update?.before;if(c){let d=await (0,im.withSpan)(`db update.before ${e}`,{[ik]:"update.before",[ii.ATTR_DB_COLLECTION_NAME]:e,[il]:a},()=>c(b,g));if(!1===d)return null;"object"==typeof d&&"data"in d&&(h={...h,...d.data})}}let i=f?await f.fn(h):null,j=!f||f.executeMainFn?await (await ia(a)).update({model:e,update:h,where:d}):i;for(let{source:a,hooks:b}of c){let c=b[e]?.update?.after;c&&await id(async()=>{await (0,im.withSpan)(`db update.after ${e}`,{[ik]:"update.after",[ii.ATTR_DB_COLLECTION_NAME]:e,[il]:a},()=>c(j,g))})}return j},updateManyWithHooks:async function(b,d,e,f){let g=await ig().catch(()=>null),h=b;for(let{source:a,hooks:d}of c){let c=d[e]?.update?.before;if(c){let d=await (0,im.withSpan)(`db updateMany.before ${e}`,{[ik]:"updateMany.before",[ii.ATTR_DB_COLLECTION_NAME]:e,[il]:a},()=>c(b,g));if(!1===d)return null;"object"==typeof d&&"data"in d&&(h={...h,...d.data})}}let i=f?await f.fn(h):null,j=!f||f.executeMainFn?await (await ia(a)).updateMany({model:e,update:h,where:d}):i;for(let{source:a,hooks:b}of c){let c=b[e]?.update?.after;c&&await id(async()=>{await (0,im.withSpan)(`db updateMany.after ${e}`,{[ik]:"updateMany.after",[ii.ATTR_DB_COLLECTION_NAME]:e,[il]:a},()=>c(j,g))})}return j},deleteWithHooks:async function(b,d,e){let f=await ig().catch(()=>null),g=null;try{g=(await (await ia(a)).findMany({model:d,where:b,limit:1}))[0]||null}catch{}if(g)for(let{source:a,hooks:b}of c){let c=b[d]?.delete?.before;if(c&&await (0,im.withSpan)(`db delete.before ${d}`,{[ik]:"delete.before",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:a},()=>c(g,f))===!1)return null}let h=e?await e.fn(b):null,i=(!e||e.executeMainFn)&&g?await (await ia(a)).delete({model:d,where:b}):h;if(g)for(let{source:a,hooks:b}of c){let c=b[d]?.delete?.after;c&&await id(async()=>{await (0,im.withSpan)(`db delete.after ${d}`,{[ik]:"delete.after",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:a},()=>c(g,f))})}return i},deleteManyWithHooks:async function(b,d,e){let f=await ig().catch(()=>null),g=[];try{g=await (await ia(a)).findMany({model:d,where:b})}catch{}for(let a of g)for(let{source:b,hooks:e}of c){let c=e[d]?.delete?.before;if(c&&await (0,im.withSpan)(`db delete.before ${d}`,{[ik]:"delete.before",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:b},()=>c(a,f))===!1)return null}let h=e?await e.fn(b):null,i=!e||e.executeMainFn?await (await ia(a)).deleteMany({model:d,where:b}):h;for(let a of g)for(let{source:b,hooks:e}of c){let c=e[d]?.delete?.after;c&&await id(async()=>{await (0,im.withSpan)(`db delete.after ${d}`,{[ik]:"delete.after",[ii.ATTR_DB_COLLECTION_NAME]:d,[il]:b},()=>c(a,f))})}return i},consumeOneWithHooks:async function(b,d,e,f){let g=await ig().catch(()=>null),h=c.flatMap(({source:a,hooks:c})=>{let d=c[b]?.delete?.before;return d?[{source:a,fn:d}]:[]}),i=f??null;if(h.length){if(!i)try{i=(await (await ia(a)).findMany({model:b,where:d,limit:1}))[0]||null}catch{}if(i){for(let{source:a,fn:c}of h)if(await (0,im.withSpan)(`db delete.before ${b}`,{[ik]:"delete.before",[ii.ATTR_DB_COLLECTION_NAME]:b,[il]:a},()=>c(i,g))===!1)return null}}let j=await e();if(!j)return null;for(let{source:a,hooks:d}of c){let c=d[b]?.delete?.after;c&&await id(async()=>{await (0,im.withSpan)(`db delete.after ${b}`,{[ik]:"delete.after",[ii.ATTR_DB_COLLECTION_NAME]:b,[il]:a},()=>c(j,g))})}return j}});async function o(a){if(!f)return;let b=await f.get(`active-sessions-${a.id}`);if(!b)return;let c=Date.now(),d=((0,cP.safeJSONParse)(b)||[]).filter(a=>a.expiresAt>c);await Promise.all(d.map(async({token:b})=>{let d=await f.get(b);if(!d)return;let e=(0,cP.safeJSONParse)(d);if(!e)return;let g=ip(e.session.expiresAt,c);await f.set(b,JSON.stringify({session:e.session,user:a}),Math.floor(g))}))}async function p(a,b){let c,d=g.get(a)??Promise.resolve(),e=new Promise(a=>{c=a}),f=d.catch(()=>{}).then(()=>e);g.set(a,f),await d.catch(()=>{});try{return await b()}finally{c(),g.get(a)===f&&g.delete(a)}}return{createOAuthUser:async(b,c)=>ic(a,async()=>{let a=await i({createdAt:new Date,updatedAt:new Date,...b,email:b.email?.toLowerCase()},"user",void 0);return{user:a,account:await i({...c,userId:a.id,createdAt:new Date,updatedAt:new Date},"account",void 0)}}),createUser:async a=>await i({createdAt:new Date,updatedAt:new Date,...a,email:a.email?.toLowerCase()},"user",void 0),createAccount:async a=>await i({createdAt:new Date,updatedAt:new Date,...a},"account",void 0),listSessions:async(c,d)=>{if(f){let a=await f.get(`active-sessions-${c}`);if(!a)return[];let d=(0,cP.safeJSONParse)(a)||[],e=Date.now(),g=new Set,h=[];for(let{token:a,expiresAt:c}of d){if(c<=e||g.has(a))continue;g.add(a);let d=await f.get(a);if(d)try{let a="string"==typeof d?JSON.parse(d):d;if(!a?.session)continue;h.push(cD(b.options,{...a.session,expiresAt:new Date(a.session.expiresAt)}))}catch{continue}}return h}return await (await ia(a)).findMany({model:"session",where:[{field:"userId",value:c},...d?.onlyActiveSessions?[{field:"expiresAt",value:new Date,operator:"gt"}]:[]]})},listUsers:async(b,c,d,e)=>await (await ia(a)).findMany({model:"user",limit:b,offset:c,sortBy:d,where:e}),countTotalUsers:async b=>{let c=await (await ia(a)).count({model:"user",where:b});return"string"==typeof c?parseInt(c):c},deleteUser:async a=>{(!f||e.session?.storeSessionInDatabase)&&await m([{field:"userId",value:a}],"session",void 0),await m([{field:"userId",value:a}],"account",void 0),await l([{field:"id",value:a}],"user",void 0)},createSession:async(c,d,g,j)=>{let k,l=await (async()=>{let a=await ig().catch(()=>null);return a?.headers||a?.request?.headers})(),m=e.session?.storeSessionInDatabase,{id:n,...o}=g||{};if(f&&!m){let a=b.generateId({model:"session"});k=!1!==a?a:(0,io.generateId)()}let p=function(a){let b=cA(a,"session","input"),c={};for(let a in b)void 0!==b[a].defaultValue&&(c[a]="function"==typeof b[a].defaultValue?b[a].defaultValue():b[a].defaultValue);return c}(e),q={...k?{id:k}:{},ipAddress:l&&hZ(l,e)||"",userAgent:l?.get("user-agent")||"",...o,expiresAt:d?cG(86400,"sec"):cG(h,"sec"),userId:c,token:(0,io.generateId)(32),createdAt:new Date,updatedAt:new Date,...p,...j?o:{}};return await i(q,"session",f?{fn:async b=>{let d=await f.get(`active-sessions-${c}`),e=[],g=Date.now();d&&(e=(e=(0,cP.safeJSONParse)(d)||[]).filter(a=>a.expiresAt>g&&a.token!==q.token));let h=[...e,{token:q.token,expiresAt:q.expiresAt.getTime()}].sort((a,b)=>a.expiresAt-b.expiresAt),i=ip(h.at(-1)?.expiresAt??q.expiresAt.getTime(),g);i>0&&await f.set(`active-sessions-${c}`,JSON.stringify(h),i);let j=await (await ia(a)).findOne({model:"user",where:[{field:"id",value:c}]}),k=ip(q.expiresAt,g);return k>0&&await f.set(q.token,JSON.stringify({session:b,user:j}),k),b},executeMainFn:m}:void 0)},findSession:async c=>{if(f){let a=await f.get(c);if(!a&&(!e.session?.storeSessionInDatabase||b.options.session?.preserveSessionInDatabase))return null;if(a){let c=(0,cP.safeJSONParse)(a);return c?{session:cD(b.options,{...c.session,expiresAt:new Date(c.session.expiresAt),createdAt:new Date(c.session.createdAt),updatedAt:new Date(c.session.updatedAt)}),user:cB(b.options,{...c.user,createdAt:new Date(c.user.createdAt),updatedAt:new Date(c.user.updatedAt)})}:null}}let d=await (await ia(a)).findOne({model:"session",where:[{value:c,field:"token"}],join:{user:!0}});if(!d)return null;let{user:g,...h}=d;return g?{session:cD(b.options,h),user:cB(b.options,g)}:null},findSessions:async(b,c)=>{if(f){let a=[];for(let d of b){let b=await f.get(d);if(b)try{let d="string"==typeof b?JSON.parse(b):b;if(!d)return[];let e=new Date(d.session.expiresAt);if(c?.onlyActiveSessions&&e<=new Date)continue;let f={session:{...d.session,expiresAt:new Date(d.session.expiresAt)},user:{...d.user,createdAt:new Date(d.user.createdAt),updatedAt:new Date(d.user.updatedAt)}};a.push(f)}catch{continue}}return a}let d=await (await ia(a)).findMany({model:"session",where:[{field:"token",value:b,operator:"in"},...c?.onlyActiveSessions?[{field:"expiresAt",value:new Date,operator:"gt"}]:[]],join:{user:!0}});return!d.length||d.some(a=>!a.user)?[]:d.map(a=>{let{user:b,...c}=a;return{session:c,user:b}})},updateSession:async(a,c)=>await j(c,[{field:"token",value:a}],"session",f?{async fn(c){let d=await f.get(a);if(!d)return null;let e=(0,cP.safeJSONParse)(d);if(!e)return null;let g={...e.session,...c,expiresAt:new Date(c.expiresAt??e.session.expiresAt),createdAt:new Date(e.session.createdAt),updatedAt:new Date(c.updatedAt??e.session.updatedAt)},h=cD(b.options,g),i=Date.now(),j=new Date(h.expiresAt).getTime(),k=ip(j,i);if(k>0){await f.set(a,JSON.stringify({session:h,user:e.user}),k);let b=`active-sessions-${h.userId}`,c=await f.get(b),d=(c&&(0,cP.safeJSONParse)(c)||[]).filter(b=>b.token!==a&&b.expiresAt>i).concat([{token:a,expiresAt:j}]).sort((a,b)=>a.expiresAt-b.expiresAt),g=d.at(-1)?.expiresAt;g&&g>i?await f.set(b,JSON.stringify(d),ip(g,i)):await f.delete(b)}return h},executeMainFn:e.session?.storeSessionInDatabase}:void 0),deleteSession:async a=>{if(f){let c=await f.get(a);if(c){let{session:b}=(0,cP.safeJSONParse)(c)??{};if(!b)return void d.error("Session not found in secondary storage");let e=b.userId,g=await f.get(`active-sessions-${e}`);if(g){let b=(0,cP.safeJSONParse)(g)||[],c=Date.now(),d=b.filter(b=>b.expiresAt>c&&b.token!==a),h=d.sort((a,b)=>a.expiresAt-b.expiresAt).at(-1)?.expiresAt;d.length>0&&h&&h>Date.now()?await f.set(`active-sessions-${e}`,JSON.stringify(d),ip(h,c)):await f.delete(`active-sessions-${e}`)}else d.error("Active sessions list not found in secondary storage")}if(await f.delete(a),!e.session?.storeSessionInDatabase||b.options.session?.preserveSessionInDatabase)return}await l([{field:"token",value:a}],"session",void 0)},deleteAccounts:async a=>{await m([{field:"userId",value:a}],"account",void 0)},deleteAccount:async a=>{await l([{field:"id",value:a}],"account",void 0)},deleteSessions:async a=>{if(f){if("string"==typeof a){let b=await f.get(`active-sessions-${a}`),c=b?(0,cP.safeJSONParse)(b):[];if(!c)return;for(let a of c)await f.delete(a.token);await f.delete(`active-sessions-${a}`)}else for(let b of a)await f.get(b)&&await f.delete(b);if(!e.session?.storeSessionInDatabase||b.options.session?.preserveSessionInDatabase)return}await m([{field:Array.isArray(a)?"token":"userId",value:a,operator:Array.isArray(a)?"in":void 0}],"session",void 0)},findOAuthUser:async(b,c,d)=>{let e=await (await ia(a)).findOne({model:"account",where:[{value:c,field:"accountId"},{value:d,field:"providerId"}],join:{user:!0}});if(e)if(e.user)return{user:e.user,linkedAccount:e,accounts:[e]};else{let c=await (await ia(a)).findOne({model:"user",where:[{value:b.toLowerCase(),field:"email"}]});return c?{user:c,linkedAccount:e,accounts:[e]}:null}{let c=await (await ia(a)).findOne({model:"user",where:[{value:b.toLowerCase(),field:"email"}]});return c?{user:c,linkedAccount:null,accounts:await (await ia(a)).findMany({model:"account",where:[{value:c.id,field:"userId"}]})||[]}:null}},findUserByEmail:async(b,c)=>{let d=await (await ia(a)).findOne({model:"user",where:[{value:b.toLowerCase(),field:"email"}],join:{...c?.includeAccounts?{account:!0}:{}}});if(!d)return null;let{account:e,...f}=d;return{user:f,accounts:e??[]}},findUserById:async b=>b?await (await ia(a)).findOne({model:"user",where:[{field:"id",value:b}]}):null,linkAccount:async a=>await i({createdAt:new Date,updatedAt:new Date,...a},"account",void 0),updateUser:async(a,b)=>{let c=await j({...b,...b.email?{email:b.email.toLowerCase()}:{}},[{field:"id",value:a}],"user",void 0);return await o(c),c},updateUserByEmail:async(a,b)=>{let c=await j({...b,...b.email?{email:b.email.toLowerCase()}:{}},[{field:"email",value:a.toLowerCase()}],"user",void 0);return await o(c),c},updatePassword:async(a,b)=>{await k({password:b},[{field:"userId",value:a},{field:"providerId",value:"credential"}],"account",void 0)},findAccounts:async b=>await (await ia(a)).findMany({model:"account",where:[{field:"userId",value:b}]}),findAccount:async b=>await (await ia(a)).findOne({model:"account",where:[{field:"accountId",value:b}]}),findAccountByProviderId:async(b,c)=>await (await ia(a)).findOne({model:"account",where:[{field:"accountId",value:b},{field:"providerId",value:c}]}),findAccountByUserId:async b=>await (await ia(a)).findMany({model:"account",where:[{field:"userId",value:b}]}),updateAccount:async(a,b)=>await j(b,[{field:"id",value:a}],"account",void 0),createVerificationValue:async a=>{let b=h1(a.identifier,e.verification?.storeIdentifier),c=await h0(a.identifier,b);return await i({createdAt:new Date,updatedAt:new Date,...a,identifier:c},"verification",f?{async fn(a){let b=ip(a.expiresAt);return b>0&&await f.set(`verification:${c}`,JSON.stringify(a),b),a},executeMainFn:e.verification?.storeInDatabase}:void 0)},findVerificationValue:async b=>{let c=h1(b,e.verification?.storeIdentifier),d=await h0(b,c);if(f){let a=await f.get(`verification:${d}`);if(a){let b=(0,cP.safeJSONParse)(a);if(b)return b}if(c&&"plain"!==c){let a=await f.get(`verification:${b}`);if(a){let b=(0,cP.safeJSONParse)(a);if(b)return b}}if(!e.verification?.storeInDatabase)return null}let g=await ia(a);async function h(a){return g.findMany({model:"verification",where:[{field:"identifier",value:a}],sortBy:{field:"createdAt",direction:"desc"},limit:1})}let i=await h(d);return!i.length&&c&&"plain"!==c&&(i=await h(b)),e.verification?.disableCleanup||await m([{field:"expiresAt",value:new Date,operator:"lt"}],"verification",void 0),i[0]||null},deleteVerificationByIdentifier:async a=>{let b=await h0(a,h1(a,e.verification?.storeIdentifier));f&&await f.delete(`verification:${b}`),(!f||e.verification?.storeInDatabase)&&await l([{field:"identifier",value:b}],"verification",void 0)},consumeVerificationValue:async b=>{let c=h1(b,e.verification?.storeIdentifier),d=await h0(b,c),g=c&&"plain"!==c?[d,b]:[d],h=a=>{if(!a)return null;let b="string"==typeof a?(0,cP.safeJSONParse)(a):"object"==typeof a?a:null;if(!b)return null;let c=new Date(b.expiresAt);return Number.isFinite(c.getTime())?{...b,expiresAt:c}:null},i=null;if(f&&!e.verification?.storeInDatabase){let a=async a=>f.getAndDelete?h(await f.getAndDelete(a)):p(a,async()=>{let b=h(await f.get(a));return b?(await f.delete(a),b):null});for(let b of g){let c=await a(`verification:${b}`);if(c){await Promise.all(g.filter(a=>a!==b).map(a=>f.delete(`verification:${a}`))),i=c;break}}}else{let b=async b=>p(`verification:${b}`,()=>ic(a,async()=>{let c=await ia(a),d=[{field:"identifier",value:b}],e=(await c.findMany({model:"verification",where:d,sortBy:{field:"createdAt",direction:"desc"},limit:1}))[0]??null;return e?n("verification",[{field:"id",value:e.id}],async()=>{let a=await c.consumeOne({model:"verification",where:[{field:"id",value:e.id}]});return a?(await c.deleteMany({model:"verification",where:d}),a):null},e):null}));for(let a of g)if(i=await b(a))break;i&&f&&await Promise.all(g.map(a=>f.delete(`verification:${a}`)))}return!i||i.expiresAt<new Date?null:i},updateVerificationByIdentifier:async(a,b)=>{let c=await h0(a,h1(a,e.verification?.storeIdentifier));if(f){let a=await f.get(`verification:${c}`);if(a){let d=(0,cP.safeJSONParse)(a);if(d){let a={...d,...b},g=a.expiresAt??d.expiresAt,h=ip(g instanceof Date?g:new Date(g));if(h>0&&await f.set(`verification:${c}`,JSON.stringify(a),h),!e.verification?.storeInDatabase)return a}}}return!f||e.verification?.storeInDatabase?await j(b,[{field:"identifier",value:c}],"verification",void 0):b},refreshUserSessions:o}};function ir(a){if(null===a||"object"!=typeof a)return!1;let b=Object.getPrototypeOf(a);return(null===b||b===Object.prototype||null===Object.getPrototypeOf(b))&&!(Symbol.iterator in a)&&(!(Symbol.toStringTag in a)||"[object Module]"===Object.prototype.toString.call(a))}function is(a){return(...b)=>b.reduce((b,c)=>(function a(b,c,d=".",e){if(!ir(c))return a(b,{},d,e);let f={...c};for(let c of Object.keys(b)){if("__proto__"===c||"constructor"===c)continue;let g=b[c];null!=g&&(e&&e(f,c,g,d)||(Array.isArray(g)&&Array.isArray(f[c])?f[c]=[...g,...f[c]]:ir(g)&&ir(f[c])?f[c]=a(g,f[c],(d?`${d}.`:"")+c.toString(),e):f[c]=g))}return f})(b,c,"",a),{})}let it=is();is((a,b,c)=>{if(void 0!==a[b]&&"function"==typeof c)return a[b]=c(a[b]),!0}),is((a,b,c)=>{if(Array.isArray(a[b])&&"function"==typeof c)return a[b]=c(a[b]),!0});let iu=new Set(["metadata.google.internal","metadata.goog","metadata","instance-data","instance-data.ec2.internal"]);function iv(a){return/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(a)}function iw(a){let b=a.split(".");return(Number(b[0])<<24|Number(b[1])<<16|Number(b[2])<<8|Number(b[3]))>>>0}function ix(a,b,c){if(0===c)return!0;let d=32===c?0xffffffff:-1<<32-c>>>0;return(a&d)==(b&d)}function iy(a){if("0.0.0.0"===a)return"unspecified";if("255.255.255.255"===a)return"broadcast";let b=iw(a);return ix(b,iw("127.0.0.0"),8)?"loopback":ix(b,iw("10.0.0.0"),8)||ix(b,iw("172.16.0.0"),12)||ix(b,iw("192.168.0.0"),16)?"private":ix(b,iw("169.254.0.0"),16)?"linkLocal":ix(b,iw("100.64.0.0"),10)?"sharedAddressSpace":ix(b,iw("192.0.2.0"),24)||ix(b,iw("198.51.100.0"),24)||ix(b,iw("203.0.113.0"),24)?"documentation":ix(b,iw("198.18.0.0"),15)?"benchmarking":ix(b,iw("224.0.0.0"),4)?"multicast":ix(b,iw("0.0.0.0"),8)||ix(b,iw("192.0.0.0"),24)||ix(b,iw("240.0.0.0"),4)?"reserved":"public"}function iz(a,b,c={}){let d=5*b,e=Number.parseInt(a.slice(d,d+4),16),f=Number.parseInt(a.slice(d+5,d+9),16);if(!Number.isFinite(e)||!Number.isFinite(f))return null;let g=(e<<16|f)>>>0;return c.xor&&(g=(0xffffffff^g)>>>0),`${g>>>24&255}.${g>>>16&255}.${g>>>8&255}.${255&g}`}async function iA(a){let b=a.options,c=b.plugins||[],d=[],e=[];for(let f of c)if(f.init){let c,g=f.init(a);if("object"==typeof(c=O(g)?await g:g)){if(c.options){let{databaseHooks:a,trustedOrigins:g,...h}=c.options;a&&e.push({source:`plugin:${f.id}`,hooks:a}),g&&d.push(g),b=it(b,h)}c.context&&Object.assign(a,c.context)}}if(d.length>0){let a=[...b.trustedOrigins?[b.trustedOrigins]:[],...d],c=a.filter(Array.isArray).flat(),e=a.filter(a=>"function"==typeof a);e.length>0?b.trustedOrigins=async a=>[...c,...(await Promise.all(e.map(b=>b(a)))).flat()].filter(a=>"string"==typeof a&&""!==a):b.trustedOrigins=c}b.databaseHooks&&e.push({source:"user",hooks:b.databaseHooks}),a.internalAdapter=iq(a.adapter,{options:b,logger:a.logger,hooks:e,generateId:a.generateId}),a.options=b}async function iB(a,b){let c=[];if(K(a.baseURL)){let b=a.baseURL.allowedHosts,d=a.baseURL.protocol;for(let a of b)a.includes("://")?c.push(a):(d&&"https"!==d&&"auto"!==d||c.push(`https://${a}`),("http"===d||"auto"===d||function(a){let b=function(a){var b,c;let d,e=(-1===(d=(c=(b=function(a){if(a.startsWith("[")){let b=a.indexOf("]");return -1===b?a:a.slice(0,b+1)}let b=a.indexOf(":");return -1===b||-1!==a.indexOf(":",b+1)?a:a.slice(0,b)}(a.trim())).length>=2&&b.startsWith("[")&&b.endsWith("]")?b.slice(1,-1):b).indexOf("%"))?c:c.slice(0,d)).replace(/\.+$/,"").toLowerCase();if(""===e)return{kind:"reserved",literal:"fqdn",canonical:""};if(!hW(e))return"localhost"===e||e.endsWith(".localhost")?{kind:"localhost",literal:"fqdn",canonical:e}:iu.has(e)?{kind:"cloudMetadata",literal:"fqdn",canonical:e}:{kind:"public",literal:"fqdn",canonical:e};if(iv(e))return{kind:iy(e),literal:"ipv4",canonical:e};let f=hY(e,{ipv6Subnet:128});return iv(f)?{kind:iy(f),literal:"ipv4",canonical:f}:{kind:function(a){if("0000:0000:0000:0000:0000:0000:0000:0000"===a)return"unspecified";if("0000:0000:0000:0000:0000:0000:0000:0001"===a)return"loopback";let b=Number.parseInt(a.slice(0,2),16),c=Number.parseInt(a.slice(2,4),16);if(255===b)return"multicast";if(254===b&&(192&c)==128)return"linkLocal";if((254&b)==252)return"private";if(a.startsWith("2001:0db8:"))return"documentation";if(a.startsWith("2002:")){let b=iz(a,1);return b&&"public"!==iy(b)?"reserved":"public"}if(a.startsWith("0064:ff9b:0000:0000:0000:0000:")){let b=iz(a,6);return b&&iy(b),"reserved"}if(a.startsWith("2001:0000:")){let b=iz(a,6,{xor:!0});return b&&iy(b),"reserved"}return a.startsWith("0100:0000:0000:0000:")?"reserved":"public"}(f),literal:"ipv6",canonical:f}}(a).kind;return"loopback"===b||"localhost"===b}(a))&&c.push(`http://${a}`));if(a.baseURL.fallback)try{c.push(new URL(a.baseURL.fallback).origin)}catch{}}else{let d=I("string"==typeof a.baseURL?a.baseURL:void 0,a.basePath,b);d&&c.push(new URL(d).origin)}if(a.trustedOrigins&&(Array.isArray(a.trustedOrigins)&&c.push(...a.trustedOrigins),"function"==typeof a.trustedOrigins)){let d=await a.trustedOrigins(b);c.push(...d)}let d=E.env.BETTER_AUTH_TRUSTED_ORIGINS;return d&&c.push(...d.split(",")),c.filter(a=>!!a)}function iC(a){return a.advanced?.trustedProxyHeaders??!0}async function iD(a,b,c){let d,e=a.options.baseURL,f=function(a,b,c,d,e){if(K(a)){if(c){let d=M(c,e);if(!d){if(a.fallback)return G(a.fallback,b);throw new y.BetterAuthError("Could not determine host from request headers. Please provide a fallback URL in your baseURL config.")}if(a.allowedHosts.some(a=>((a,b)=>{if(!a||!b)return!1;let c=a.replace(/^https?:\/\//,"").split("/")[0].toLowerCase(),d=b.replace(/^https?:\/\//,"").split("/")[0].toLowerCase();return d.includes("*")||d.includes("?")?D(d)(c):c.toLowerCase()===d.toLowerCase()})(d,a)))return G(`${function(a,b,c){let d;if("http"===b||"https"===b)return b;let e=L(a)?a.headers:a;if(c){let a=e.get("x-forwarded-proto");if(a&&H(a,"proto"))return a}if(L(a))try{let b=new URL(a.url);if("http:"===b.protocol||"https:"===b.protocol)return b.protocol.slice(0,-1)}catch{}let f=M(a,c);return f&&("localhost"===(d=f.replace(/:\d+$/,"").replace(/^\[|\]$/g,"").toLowerCase())||d.endsWith(".localhost")||"::1"===d||d.startsWith("127."))?"http":"https"}(c,a.protocol,e)}://${d}`,b);if(a.fallback)return G(a.fallback,b);throw new y.BetterAuthError(`Host "${d}" is not in the allowed hosts list. Allowed hosts: ${a.allowedHosts.join(", ")}. Add this host to your allowedHosts config or provide a fallback URL.`)}return a.fallback?G(a.fallback,b):I(void 0,b,void 0,d,e)}let f=L(c)?c:void 0;return"string"==typeof a?I(a,b,f,d,e):I(void 0,b,f,d,e)}(e,a.options.basePath||"/api/auth",b,void 0,c);if(!f)throw new y.BetterAuthError("Could not resolve base URL from request. Check your allowedHosts config.");let g=Object.create(Object.getPrototypeOf(a),Object.getOwnPropertyDescriptors(a));g.baseURL=f,g.options={...a.options,baseURL:J(f)||void 0};let h={...g.options,baseURL:e};return d="function"==typeof a.options.trustedOrigins||"function"==typeof a.options.account?.accountLinking?.trustedProviders?L(b)?b:b?new Request(f,{headers:b}):void 0:void 0,g.trustedOrigins=await iB(h,d),g.trustedProviders=await iF(g.options,d),a.options.advanced?.crossSubDomainCookies?.enabled&&(g.authCookies=hR(g.options),g.createAuthCookie=hQ(g.options)),g}async function iE(a,b){if(a)for(let c of a){let a="function"==typeof c?await c():c;if(a[b.field??"id"]===b.value)return a}}async function iF(a,b){let c=a.account?.accountLinking?.trustedProviders;return c?Array.isArray(c)?c.filter(a=>!!a):(await c(b)??[]).filter(a=>!!a):[]}async function iG(a,b){let c=(await a.context.internalAdapter.findAccounts(b.userId))?.find(a=>"credential"===a.providerId),d=c?.password;return!!c&&!!d&&await a.context.password.verify({hash:d,password:b.password})}async function iH(a,b){let c=(await b.context.internalAdapter.findAccounts(a))?.find(a=>"credential"===a.providerId),d=c?.password,e=b.body.password;if(!c||!d||!e)throw e&&await b.context.password.hash(e),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD);if(!await b.context.password.verify({hash:d,password:e}))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD);return!0}var iI=a.i(132040);let iJ=/^application\/([a-z0-9.+-]*\+)?json/i;async function iK(a,b){let c=a.headers.get("content-type")||"",d=c.toLowerCase();if(a.body){if(b&&b.length>0&&!b.some(a=>{let b=d.split(";")[0].trim(),c=a.toLowerCase().trim();return b===c||b.includes(c)})){if(!d)throw new iI.APIError(415,{message:`Content-Type is required. Allowed types: ${b.join(", ")}`,code:"UNSUPPORTED_MEDIA_TYPE"});throw new iI.APIError(415,{message:`Content-Type "${c}" is not allowed. Allowed types: ${b.join(", ")}`,code:"UNSUPPORTED_MEDIA_TYPE"})}if(iJ.test(d))return await a.json();if(d.includes("application/x-www-form-urlencoded")){let b=await a.formData(),c={};return b.forEach((a,b)=>{c[b]=a.toString()}),c}if(d.includes("multipart/form-data")){let b=await a.formData(),c={};return b.forEach((a,b)=>{c[b]=a}),c}return d.includes("text/plain")?await a.text():d.includes("application/octet-stream")?await a.arrayBuffer():d.includes("application/pdf")||d.includes("image/")||d.includes("video/")?await a.blob():d.includes("application/stream")||a.body instanceof ReadableStream?a.body:await a.text()}}function iL(a){return a instanceof iI.APIError||a?.name==="APIError"}async function iM(a){try{return{data:await a,error:null}}catch(a){return{data:null,error:a}}}function iN(a){return a instanceof Request||"[object Request]"===Object.prototype.toString.call(a)}let iO=new Set(["host","user-agent","referer","from","expect","authorization","proxy-authorization","cookie","origin","accept-charset","accept-encoding","accept-language","if-match","if-none-match","if-modified-since","if-unmodified-since","if-range","range","max-forwards","connection","keep-alive","transfer-encoding","te","upgrade","trailer","proxy-connection","content-length"]);function iP(a){for(let b of iO)a.delete(b)}function iQ(a,b){if(a instanceof Response){if(b?.headers){let c=new Headers(b.headers);iP(c),c.forEach((b,c)=>{a.headers.set(c,b)})}return a}if(a&&"object"==typeof a&&"_flag"in a&&"json"===a._flag){let c=a.body,d=a.routerResponse;if(d instanceof Response)return d;let e=new Headers;if(d?.headers){let a=new Headers(d.headers);for(let[b,c]of a.entries())a.set(b,c)}if(a.headers)for(let[b,c]of new Headers(a.headers).entries())e.set(b,c);if(b?.headers){let a=new Headers(b.headers);for(let[b,c]of(iP(a),a.entries()))e.set(b,c)}return e.set("Content-Type","application/json"),new Response(JSON.stringify(c),{...d,headers:e,status:a.status??b?.status??d?.status,statusText:b?.statusText??d?.statusText})}if(iL(a))return iQ(a.body,{status:b?.status??a.statusCode,statusText:a.status.toString(),headers:b?.headers||a.headers});let c=a,d=new Headers(b?.headers);if(iP(d),a){if("string"==typeof a)c=a,d.set("Content-Type","text/plain");else if(a instanceof ArrayBuffer||ArrayBuffer.isView(a))c=a,d.set("Content-Type","application/octet-stream");else if(a instanceof Blob)c=a,d.set("Content-Type",a.type||"application/octet-stream");else if(a instanceof FormData)c=a;else if(a instanceof URLSearchParams)c=a,d.set("Content-Type","application/x-www-form-urlencoded");else if(a instanceof ReadableStream)c=a,d.set("Content-Type","application/octet-stream");else if(function(a){if(void 0===a)return!1;let b=typeof a;return"string"===b||"number"===b||"boolean"===b||null===b||"object"===b&&(!!Array.isArray(a)||!a.buffer&&(a.constructor&&"Object"===a.constructor.name||"function"==typeof a.toJSON))}(a)){let b,e;b=0,e=new WeakMap,c=JSON.stringify(a,(a,c)=>{if("bigint"==typeof c)return c.toString();if("object"==typeof c&&null!==c){if(e.has(c))return`[Circular ref-${e.get(c)}]`;e.set(c,b++)}return c},void 0),d.set("Content-Type","application/json")}}else null===a&&(c=JSON.stringify(null)),d.set("content-type","application/json");return new Response(c,{...b,headers:d})}let iR={name:"HMAC",hash:"SHA-256"},iS=async a=>{let b="string"==typeof a?new TextEncoder().encode(a):a;return await hO().importKey("raw",b,iR,!1,["sign","verify"])},iT=async(a,b,c)=>{try{let d=atob(a),e=new Uint8Array(d.length);for(let a=0,b=d.length;a<b;a++)e[a]=d.charCodeAt(a);return await hO().verify(iR,c,e,new TextEncoder().encode(b))}catch(a){return!1}},iU=async(a,b)=>{let c=await iS(b);return btoa(String.fromCharCode(...new Uint8Array(await hO().sign(iR.name,c,new TextEncoder().encode(a)))))},iV=async(a,b)=>{let c=await iU(a,b);return encodeURIComponent(a=`${a}.${c}`)},iW=(a,b)=>{let c=a;if(b)if("secure"===b)c="__Secure-"+a;else{if("host"!==b)return;c="__Host-"+a}return c},iX=(a,b,c={})=>{let d;if(d=c?.prefix==="secure"?`__Secure-${a}=${b}`:c?.prefix==="host"?`__Host-${a}=${b}`:`${a}=${b}`,a.startsWith("__Secure-")&&!c.secure&&(c.secure=!0),a.startsWith("__Host-")&&(c.secure||(c.secure=!0),"/"!==c.path&&(c.path="/"),c.domain&&(c.domain=void 0)),c&&"number"==typeof c.maxAge&&c.maxAge>=0){if(c.maxAge>3456e4)throw Error("Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration.");d+=`; Max-Age=${Math.floor(c.maxAge)}`}if(c.domain&&"host"!==c.prefix&&(d+=`; Domain=${c.domain}`),c.path&&(d+=`; Path=${c.path}`),c.expires){if(c.expires.getTime()-Date.now()>3456e7)throw Error("Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future.");d+=`; Expires=${c.expires.toUTCString()}`}return c.httpOnly&&(d+="; HttpOnly"),c.secure&&(d+="; Secure"),c.sameSite&&(d+=`; SameSite=${c.sameSite.charAt(0).toUpperCase()+c.sameSite.slice(1)}`),c.partitioned&&(c.secure||(c.secure=!0),d+="; Partitioned"),d},iY=async(a,b,c,d)=>iX(a,b=await iV(b,c),d);async function iZ(a,b={}){let c={body:b.body,query:b.query};if(a.body){let d=await a.body["~standard"].validate(b.body);if(d.issues)return{data:null,error:i$(d.issues,"body")};c.body=d.value}if(a.query){let d=await a.query["~standard"].validate(b.query);if(d.issues)return{data:null,error:i$(d.issues,"query")};c.query=d.value}return a.requireHeaders&&!b.headers?{data:null,error:{message:"Headers is required",issues:[]}}:a.requireRequest&&!b.request?{data:null,error:{message:"Request is required",issues:[]}}:{data:c,error:null}}function i$(a,b){return{message:a.map(a=>`[${a.path?.length?`${b}.`+a.path.map(a=>"object"==typeof a?a.key:a).join("."):b}] ${a.message}`).join("; "),issues:a}}let i_=async(a,{options:b,path:c})=>{let d,e=new Headers,{data:f,error:g}=await iZ(b,a);if(g)throw new iI.ValidationError(g.message,g.issues);let h="headers"in a?a.headers instanceof Headers?a.headers:new Headers(a.headers):"request"in a&&iN(a.request)?a.request.headers:null,i=h?.get("cookie"),j=i?function(a){if("string"!=typeof a)throw TypeError("argument str must be a string");let b=new Map,c=0;for(;c<a.length;){let d=a.indexOf("=",c);if(-1===d)break;let e=a.indexOf(";",c);if(-1===e)e=a.length;else if(e<d){c=a.lastIndexOf(";",d-1)+1;continue}let f=a.slice(c,d).trim();if(!b.has(f)){let c=a.slice(d+1,e).trim();34===c.codePointAt(0)&&(c=c.slice(1,-1)),b.set(f,function(a){try{return a.includes("%")?decodeURIComponent(a):a}catch{return a}}(c))}c=e+1}return b}(i):void 0,k={...a,body:f.body,query:f.query,path:a.path||c||"virtual:",context:"context"in a&&a.context?a.context:{},returned:void 0,headers:a?.headers,request:a?.request,params:"params"in a?a.params:void 0,method:a.method??(Array.isArray(b.method)?b.method[0]:"*"===b.method?"GET":b.method),setHeader:(a,b)=>{e.set(a,b)},getHeader:a=>h?h.get(a):null,getCookie:(a,b)=>{let c=iW(a,b);return c&&j?.get(c)||null},getSignedCookie:async(a,b,c)=>{let d=iW(a,c);if(!d)return null;let e=j?.get(d);if(!e)return null;let f=e.lastIndexOf(".");if(f<1)return null;let g=e.substring(0,f),h=e.substring(f+1);return 44===h.length&&h.endsWith("=")?!!await iT(h,g,await iS(b))&&g:null},setCookie:(a,b,c)=>{var d;let f=iX(a,d=encodeURIComponent(d=b),c);return e.append("set-cookie",f),f},setSignedCookie:async(a,b,c,d)=>{let f=await iY(a,b,c,d);return e.append("set-cookie",f),f},redirect:a=>(e.set("location",a),new iI.APIError("FOUND",void 0,e)),error:(a,b,c)=>new iI.APIError(a,b,c),setStatus:a=>{d=a},json:(b,c)=>a.asResponse?{body:c?.body||b,routerResponse:c,_flag:"json"}:b,responseHeaders:e,get responseStatus(){return d}};for(let a of b.use||[]){let b=await a({...k,returnHeaders:!0,asResponse:!1});b.response&&Object.assign(k.context,b.response),b.headers&&b.headers.forEach((a,b)=>{k.responseHeaders.set(b,a)})}return k};function i0(a,b,c){let d="string"==typeof a?a:void 0,e="object"==typeof b?b:a,f="function"==typeof b?b:c;if(("GET"===e.method||"HEAD"===e.method)&&e.body)throw new iI.BetterCallError("Body is not allowed with GET or HEAD methods");if(d&&/\/{2,}/.test(d))throw new iI.BetterCallError("Path cannot contain consecutive slashes");let g=async(...a)=>{let b=a[0]||{},{data:c,error:g}=await iM(i_(b,{options:e,path:d}));if(g){if(!(g instanceof iI.ValidationError))throw g;throw e.onValidationError&&await e.onValidationError({message:g.message,issues:g.issues}),new iI.APIError(400,{message:g.message,code:"VALIDATION_ERROR"})}let h=await f(c).catch(async a=>{if(iL(a)){let c=e.onAPIError;if(c&&await c(a),b.asResponse)return a}throw a}),i=c.responseHeaders,j=c.responseStatus;return b.asResponse?iQ(h,{headers:i,status:j}):b.returnHeaders?b.returnStatus?{headers:i,response:h,status:j}:{headers:i,response:h}:b.returnStatus?{response:h,status:j}:h};return g.options=e,g.path=d,g}function i1(a,b){let c=async c=>{let d="function"==typeof a?a:b,e=await i_(c,{options:"function"==typeof a?{}:a,path:"/"});if(!d)throw Error("handler must be defined");try{let a=await d(e),b=e.responseHeaders;return c.returnHeaders?{headers:b,response:a}:a}catch(a){throw iL(a)&&Object.defineProperty(a,iI.kAPIErrorHeaderSymbol,{enumerable:!1,configurable:!0,get:()=>e.responseHeaders}),a}};return c.options="function"==typeof a?{}:a,c}i0.create=a=>(b,c,d)=>i0(b,{...c,use:[...c?.use||[],...a?.use||[]]},d),i1.create=a=>function(b,c){if("function"==typeof b)return i1({use:a?.use},b);if(!c)throw Error("Middleware handler is required");return i1({...b,method:"*",use:[...a?.use||[],...b.use||[]]},c)};let i2={};function i3(a){switch(a.constructor.name){case"ZodString":default:return"string";case"ZodNumber":return"number";case"ZodBoolean":return"boolean";case"ZodObject":return"object";case"ZodArray":return"array"}}function i4(a){let b=[];return a.metadata?.openapi?.parameters?b.push(...a.metadata.openapi.parameters):a.query instanceof hb&&Object.entries(a.query.shape).forEach(([a,c])=>{c instanceof hb&&b.push({name:a,in:"query",schema:{type:i3(c),..."minLength"in c&&c.minLength?{minLength:c.minLength}:{},description:c.description}})}),b}function i5(a){return{400:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}},required:["message"]}}},description:"Bad Request. Usually due to missing parameters, or invalid parameters."},401:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}},required:["message"]}}},description:"Unauthorized. Due to missing or invalid authentication."},403:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}}}}},description:"Forbidden. You do not have permission to access this resource or to perform this action."},404:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}}}}},description:"Not Found. The requested resource was not found."},429:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}}}}},description:"Too Many Requests. You have exceeded the rate limit. Try again later."},500:{content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}}}}},description:"Internal Server Error. This is a problem with the server that you cannot fix."},...a}}async function i6(a,b){return Object.entries(a).forEach(([a,b])=>{let c=b.options;if(!(!b.path||c.metadata?.SERVER_ONLY)&&("GET"===c.method&&(i2[b.path]={get:{tags:["Default",...c.metadata?.openapi?.tags||[]],description:c.metadata?.openapi?.description,operationId:c.metadata?.openapi?.operationId,security:[{bearerAuth:[]}],parameters:i4(c),responses:i5(c.metadata?.openapi?.responses)}}),"POST"===c.method)){let a=function(a){if(a.metadata?.openapi?.requestBody)return a.metadata.openapi.requestBody;if(a.body&&(a.body instanceof hb||a.body instanceof hk)){let b=a.body.shape;if(!b)return;let c={},d=[];return Object.entries(b).forEach(([a,b])=>{b instanceof hb&&(c[a]={type:i3(b),description:b.description},b instanceof hk||d.push(a))}),{required:!(a.body instanceof hk)&&!!a.body,content:{"application/json":{schema:{type:"object",properties:c,required:d}}}}}}(c);i2[b.path]={post:{tags:["Default",...c.metadata?.openapi?.tags||[]],description:c.metadata?.openapi?.description,operationId:c.metadata?.openapi?.operationId,security:[{bearerAuth:[]}],parameters:i4(c),...a?{requestBody:a}:{requestBody:{content:{"application/json":{schema:{type:"object",properties:{}}}}}},responses:i5(c.metadata?.openapi?.responses)}}}}),{openapi:"3.1.1",info:{title:"Better Auth",description:"API Reference for your Better Auth Instance",version:"1.1.0"},components:{schemas:{}},security:[{apiKeyCookie:[]}],servers:[{url:b?.url}],tags:[{name:"Default",description:"Default endpoints that are included with Better Auth by default. These endpoints are not part of any plugin."}],paths:i2}}let i7=((h=function(){}).prototype=Object.create(null),Object.freeze(h.prototype),h);function i8(){return{root:{key:""},static:new i7}}function i9(a){let[b,...c]=a.split("/");return""===c[c.length-1]?c.slice(0,-1):c}function ja(a,b){let c=new i7;for(let[d,e]of b){let b=d<0?a.slice(-(d+1)).join("/"):a[d];if("string"==typeof e)c[e]=b;else{let a=b.match(e);if(a)for(let b in a.groups)c[b]=a.groups[b]}}return c}function jb(a,b="",c,d){b=b.toUpperCase(),47!==c.charCodeAt(0)&&(c=`/${c}`);let e=i9(c=c.replace(/\\:/g,"%3A")),f=a.root,g=0,h=[],i=[];for(let a=0;a<e.length;a++){let b=e[a];if(b.startsWith("**")){f.wildcard||(f.wildcard={key:"**"}),f=f.wildcard,h.push([-(a+1),b.split(":")[1]||"_",2===b.length]);break}if("*"===b||b.includes(":")){if(f.param||(f.param={key:"*"}),f=f.param,"*"===b)h.push([a,`_${g++}`,!0]);else if(b.includes(":",1)){let c=function(a){let b=a.replace(/:(\w+)/g,(a,b)=>`(?<${b}>[^/]+)`).replace(/\./g,"\\.");return RegExp(`^${b}$`)}(b);i[a]=c,f.hasRegexParam=!0,h.push([a,c,!1])}else h.push([a,b.slice(1),!1]);continue}"\\*"===b?b=e[a]="*":"\\*\\*"===b&&(b=e[a]="**");let c=f.static?.[b];if(c)f=c;else{let a={key:b};f.static||(f.static=new i7),f.static[b]=a,f=a}}let j=h.length>0;f.methods||(f.methods=new i7),f.methods[b]??=[],f.methods[b].push({data:d||null,paramsRegexp:i,paramsMap:j?h:void 0}),j||(a.static["/"+e.join("/")]=f)}function jc(a){return a instanceof iI.APIError||a instanceof y.APIError||a?.name==="APIError"}let jd=i1(async()=>({})),je=i1.create({use:[jd,i1(async()=>({}))]}),jf=[jd];function jg(a,b,c){let d="string"==typeof a?a:void 0,e="object"==typeof b?b:a,f="function"==typeof b?b:c,g=async a=>{try{return await ih(a,()=>f(a))}catch(c){var b;throw b=a.responseHeaders,jc(c)&&b&&Object.defineProperty(c,iI.kAPIErrorHeaderSymbol,{enumerable:!1,configurable:!0,value:b,writable:!1}),c}};return d?i0(d,{...e,use:[...e?.use||[],...jf]},g):i0({...e,use:[...e?.use||[],...jf]},g)}function jh(a,b){let c;try{c=new URL(a).pathname.replace(/\/+$/,"")||"/"}catch{return"/"}return"/"===b||""===b?c:c===b?"/":c.startsWith(b+"/")?c.slice(b.length).replace(/\/+$/,"")||"/":c}function ji(a){return!0===a.context.skipOriginCheck&&a.context.options.advanced?.disableCSRFCheck===void 0}function jj(a){let b=a.context.skipOriginCheck;if(!0===b)return!0;if(Array.isArray(b)&&a.request)try{let c=new URL(a.context.baseURL).pathname,d=jh(a.request.url,c);return b.some(a=>d.startsWith(a))}catch{}return!1}let jk=(p=function(){},i=!1,function(...a){return i||(((void 0)??console.warn)("[Deprecation] disableOriginCheck: true currently also disables CSRF checks. In a future version, disableOriginCheck will ONLY disable URL validation. To keep CSRF disabled, add disableCSRFCheck: true to your config."),i=!0),p.apply(this,a)}),jl=je(async a=>{if(a.request?.method==="GET"||a.request?.method==="OPTIONS"||a.request?.method==="HEAD"||!a.request||(await jn(a),jj(a)))return;let{body:b,query:c}=a,d=b?.callbackURL||c?.callbackURL,e=b?.redirectTo,f=b?.errorCallbackURL,g=b?.newUserCallbackURL,h=(b,c)=>{if(b&&!a.context.isTrustedOrigin(b,{allowRelativePaths:"origin"!==c})){if(a.context.logger.error(`Invalid ${c}: ${b}`),a.context.logger.info(`If it's a valid URL, please add ${b} to trustedOrigins in your auth config
|
|
63
|
+
`,`Current list of trustedOrigins: ${a.context.trustedOrigins}`),"origin"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_ORIGIN);if("callbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_CALLBACK_URL);if("redirectURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_REDIRECT_URL);if("errorCallbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_ERROR_CALLBACK_URL);if("newUserCallbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_NEW_USER_CALLBACK_URL);throw y.APIError.fromStatus("FORBIDDEN",{message:`Invalid ${c}`})}};d&&h(d,"callbackURL"),e&&h(e,"redirectURL"),f&&h(f,"errorCallbackURL"),g&&h(g,"newUserCallbackURL")}),jm=a=>je(async b=>{if(!b.request||jj(b))return;let c=a(b),d=(a,c)=>{if(a&&!b.context.isTrustedOrigin(a,{allowRelativePaths:"origin"!==c})){if(b.context.logger.error(`Invalid ${c}: ${a}`),b.context.logger.info(`If it's a valid URL, please add ${a} to trustedOrigins in your auth config
|
|
64
|
+
`,`Current list of trustedOrigins: ${b.context.trustedOrigins}`),"origin"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_ORIGIN);if("callbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_CALLBACK_URL);if("redirectURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_REDIRECT_URL);if("errorCallbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_ERROR_CALLBACK_URL);if("newUserCallbackURL"===c)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_NEW_USER_CALLBACK_URL);throw y.APIError.fromStatus("FORBIDDEN",{message:`Invalid ${c}`})}};for(let a of Array.isArray(c)?c:[c])d(a,"callbackURL")});async function jn(a,b=!1){let c=a.request?.headers;if(!c||!a.request)return;let d=c.get("origin")||c.get("referer")||"",e=c.has("cookie");if(a.context.skipCSRFCheck)return;if(ji(a)){a.context.options.advanced?.disableOriginCheck===!0&&jk();return}if(jj(a)||!(b||e))return;if(!d||"null"===d)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.MISSING_OR_NULL_ORIGIN);let f=Array.isArray(a.context.options.trustedOrigins)?a.context.trustedOrigins:[...a.context.trustedOrigins,...(await a.context.options.trustedOrigins?.(a.request))?.filter(a=>!!a)||[]];if(!f.some(a=>N(d,a)))throw a.context.logger.error(`Invalid origin: ${d}`),a.context.logger.info(`If it's a valid URL, please add ${d} to trustedOrigins in your auth config
|
|
65
|
+
`,`Current list of trustedOrigins: ${f}`),y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.INVALID_ORIGIN)}let jo=je(async a=>{a.request&&await jp(a)});async function jp(a){let b=a.request;if(!b||a.context.skipCSRFCheck||ji(a))return;let c=b.headers;if(c.has("cookie"))return await jn(a);let d=c.get("Sec-Fetch-Site"),e=c.get("Sec-Fetch-Mode"),f=c.get("Sec-Fetch-Dest");if(d&&d.trim()||e&&e.trim()||f&&f.trim()){if("cross-site"===d&&"navigate"===e)throw a.context.logger.error("Blocked cross-site navigation login attempt (CSRF protection)",{secFetchSite:d,secFetchMode:e,secFetchDest:f}),y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.CROSS_SITE_NAVIGATION_LOGIN_BLOCKED);return await jn(a,!0)}}let jq=new Map;function jr(a,b){let c,d;if(a.options.rateLimit?.customStorage)return a.options.rateLimit.customStorage;let e=a.rateLimit.storage;return"secondary-storage"===e?{get:async b=>{let c=await a.options.secondaryStorage?.get(b);return c?(0,cP.safeJSONParse)(c):null},set:async(c,d,e)=>{let f=b?.window??a.options.rateLimit?.window??10;await a.options.secondaryStorage?.set?.(c,JSON.stringify(d),f)}}:"memory"===e?{async get(a){let b=jq.get(a);return b?Date.now()>=b.expiresAt?(jq.delete(a),null):b.data:null},async set(c,d,e){let f=b?.window??a.options.rateLimit?.window??10,g=Date.now()+1e3*f;jq.set(c,{data:d,expiresAt:g})}}:(c="rateLimit",d=a.adapter,{get:async a=>{let b=(await d.findMany({model:c,where:[{field:"key",value:a}]}))[0];return"bigint"==typeof b?.lastRequest&&(b.lastRequest=Number(b.lastRequest)),b},set:async(b,e,f)=>{try{f?await d.updateMany({model:c,where:[{field:"key",value:b}],update:{count:e.count,lastRequest:e.lastRequest}}):await d.create({model:c,data:{key:b,count:e.count,lastRequest:e.lastRequest}})}catch(b){a.logger.error("Error setting rate limit",b)}}})}let js=!1;async function jt(a,b){let c=new URL(b.baseURL).pathname,d=jh(a.url,c),e=b.rateLimit.window,f=b.rateLimit.max,g=hZ(a,b.options);if(!g)return js||(b.logger.warn("Rate limiting skipped: could not determine client IP address. Ensure your runtime forwards a trusted client IP header and configure `advanced.ipAddress.ipAddressHeaders` if needed."),js=!0),null;let h=`${g}|${d}`,i=[{pathMatcher:a=>a.startsWith("/sign-in")||a.startsWith("/sign-up")||a.startsWith("/change-password")||a.startsWith("/change-email"),window:10,max:3},{pathMatcher:a=>"/request-password-reset"===a||"/send-verification-email"===a||a.startsWith("/forget-password")||"/email-otp/send-verification-otp"===a||"/email-otp/request-password-reset"===a,window:60,max:3}].find(a=>a.pathMatcher(d));for(let a of(i&&(e=i.window,f=i.max),b.options.plugins||[]))if(a.rateLimit){let b=a.rateLimit.find(a=>a.pathMatcher(d));if(b){e=b.window,f=b.max;break}}if(b.rateLimit.customRules){let c=Object.keys(b.rateLimit.customRules).find(a=>a.includes("*")?D(a)(d):a===d);if(c){let d=b.rateLimit.customRules[c],g="function"==typeof d?await d(a,{window:e,max:f}):d;if(g&&(e=g.window,f=g.max),!1===g)return null}}return{key:h,currentWindow:e,currentMax:f}}async function ju(a,b){var c,d;if(!b.rateLimit.enabled)return;let e=await jt(a,b);if(!e)return;let{key:f,currentWindow:g,currentMax:h}=e,i=await jr(b,{window:g}).get(f);if(i&&Date.now()-i.lastRequest<1e3*g&&i.count>=h)return c=i.lastRequest,d=Math.ceil((c+1e3*g-Date.now())/1e3),new Response(JSON.stringify({message:"Too many requests. Please try again later."}),{status:429,statusText:"Too Many Requests",headers:{"X-Retry-After":d.toString()}})}async function jv(a,b){if(!b.rateLimit.enabled)return;let c=await jt(a,b);if(!c)return;let{key:d,currentWindow:e}=c,f=jr(b,{window:e}),g=await f.get(d),h=Date.now();g?h-g.lastRequest>1e3*e?await f.set(d,{...g,count:1,lastRequest:h},!0):await f.set(d,{...g,count:g.count+1,lastRequest:h},!0):await f.set(d,{key:d,count:1,lastRequest:h})}let jw=async()=>{let a=h6();if(!a.context.requestStateAsyncStorage){let b=await h8();a.context.requestStateAsyncStorage=new b}return a.context.requestStateAsyncStorage};async function jx(){return void 0!==(await jw()).getStore()}async function jy(){let a=(await jw()).getStore();if(!a)throw Error("No request state found. Please make sure you are calling this function within a `runWithRequestState` callback.");return a}async function jz(a,b){return(await jw()).run(a,b)}function jA(a){let b=Object.freeze({});return{get ref(){return b},async get(){let c=await jy();if(!c.has(b)){let d=await a();return c.set(b,d),d}return c.get(b)},async set(a){(await jy()).set(b,a)}}}let{get:jB,set:jC}=jA(()=>null),{get:jD,set:jE}=jA(()=>!1),jF=()=>jg("/get-session",{method:["GET","POST"],operationId:"getSession",query:hG,requireHeaders:!0,metadata:{openapi:{operationId:"getSession",description:"Get the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:["object","null"],properties:{session:{$ref:"#/components/schemas/Session"},user:{$ref:"#/components/schemas/User"}},required:["session","user"]}}}}}}}},async a=>{let b=a.context.options.session?.deferSessionRefresh,c="POST"===a.method;if(c&&!b)throw y.APIError.from("METHOD_NOT_ALLOWED",cx.BASE_ERROR_CODES.METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED);try{let d=await a.getSignedCookie(a.context.authCookies.sessionToken.name,a.context.secret);if(!d)return null;let e=hD(a,a.context.authCookies.sessionData.name),f=null;if(e){let b=a.context.options.session?.cookieCache?.strategy||"compact";if("jwe"===b){let b=await cw(e,a.context.secretConfig,"better-auth-session");if(!b||!b.session||!b.user)return hU(a,a.context.authCookies.sessionData),a.json(null);f={session:{session:b.session,user:b.user,updatedAt:b.updatedAt,version:b.version},expiresAt:b.exp?1e3*b.exp:Date.now()}}else if("jwt"===b){let b=await cp(e,a.context.secret);if(!b||!b.session||!b.user)return hU(a,a.context.authCookies.sessionData),a.json(null);f={session:{session:b.session,user:b.user,updatedAt:b.updatedAt,version:b.version},expiresAt:b.exp?1e3*b.exp:Date.now()}}else{let b=(0,cP.safeJSONParse)(hN.decode(hL.decode(e)));if(b)if(!await hP("SHA-256","base64urlnopad").verify(a.context.secret,JSON.stringify({...b.session,expiresAt:b.expiresAt}),b.signature))return hU(a,a.context.authCookies.sessionData),a.json(null);else f=b}}let g=await a.getSignedCookie(a.context.authCookies.dontRememberToken.name,a.context.secret);if(f?.session&&a.context.options.session?.cookieCache?.enabled&&!a.query?.disableCookieCache){let b=f.session,c=a.context.options.session?.cookieCache?.version,d="1";if(c){if("string"==typeof c)d=c;else if("function"==typeof c){let a=c(b.session,b.user);d=a instanceof Promise?await a:a}}if((b.version||"1")!==d)hU(a,a.context.authCookies.sessionData);else{let c=new Date(b.session.expiresAt);if(f.expiresAt<Date.now()||c<new Date)hU(a,a.context.authCookies.sessionData);else{let c=a.context.sessionConfig.cookieRefreshCache;if(!1===c){a.context.session=b;let c=cD(a.context.options,{...b.session,expiresAt:new Date(b.session.expiresAt),createdAt:new Date(b.session.createdAt),updatedAt:new Date(b.session.updatedAt)}),d=cB(a.context.options,{...b.user,createdAt:new Date(b.user.createdAt),updatedAt:new Date(b.user.updatedAt)});return a.json({session:c,user:d})}let d=f.expiresAt-Date.now(),e=1e3*c.updateAge,h=await jD();if(d<e&&!h){let c={session:{...b.session},user:b.user,updatedAt:Date.now()};await hS(a,c,!1);let d=a.context.authCookies.sessionToken.attributes,e=g?void 0:a.context.sessionConfig.expiresIn;await a.setSignedCookie(a.context.authCookies.sessionToken.name,b.session.token,a.context.secret,{...d,maxAge:e});let f=cD(a.context.options,{...c.session,expiresAt:new Date(c.session.expiresAt),createdAt:new Date(c.session.createdAt),updatedAt:new Date(c.session.updatedAt)}),h=cB(a.context.options,{...c.user,createdAt:new Date(c.user.createdAt),updatedAt:new Date(c.user.updatedAt)});return a.context.session={session:f,user:h},a.json({session:f,user:h})}let i=cD(a.context.options,{...b.session,expiresAt:new Date(b.session.expiresAt),createdAt:new Date(b.session.createdAt),updatedAt:new Date(b.session.updatedAt)}),j=cB(a.context.options,{...b.user,createdAt:new Date(b.user.createdAt),updatedAt:new Date(b.user.updatedAt)});return a.context.session={session:i,user:j},a.json({session:i,user:j})}}}let h=await a.context.internalAdapter.findSession(d);if(a.context.session=h,!h||h.session.expiresAt<new Date)return hV(a),h&&(!b||c)&&await a.context.internalAdapter.deleteSession(h.session.token),a.json(null);if(g||a.query?.disableRefresh){let b=cD(a.context.options,h.session),c=cB(a.context.options,h.user);return a.json({session:b,user:c})}let i=a.context.sessionConfig.expiresIn,j=a.context.sessionConfig.updateAge,k=h.session.expiresAt.valueOf()-1e3*i+1e3*j<=Date.now(),l=a.query?.disableRefresh||a.context.options.session?.disableSessionRefresh,m=await jD(),n=k&&!l&&!m;if(b&&!c){await hS(a,h,!!g);let b=cD(a.context.options,h.session),c=cB(a.context.options,h.user);return a.json({session:b,user:c,needsRefresh:n})}if(n){let b=await a.context.internalAdapter.updateSession(h.session.token,{expiresAt:cG(a.context.sessionConfig.expiresIn,"sec"),updatedAt:new Date});if(!b)throw hV(a),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.FAILED_TO_GET_SESSION);let c=(b.expiresAt.valueOf()-Date.now())/1e3;await hT(a,{session:b,user:h.user},!1,{maxAge:c});let d=cD(a.context.options,b),e=cB(a.context.options,h.user);return a.json({session:d,user:e})}await hS(a,h,!!g);let o=cD(a.context.options,h.session),p=cB(a.context.options,h.user);return a.json({session:o,user:p})}catch(b){if(jc(b))throw b;throw a.context.logger.error("INTERNAL_SERVER_ERROR",b),y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.FAILED_TO_GET_SESSION)}}),jG=async(a,b)=>{if(a.context.session)return a.context.session;let c=await jF()({...a,method:"GET",asResponse:!1,headers:a.headers,returnHeaders:!0,returnStatus:!1,query:{...b,...a.query}}).catch(()=>null);return c?(c.headers&&c.headers.forEach((b,c)=>{a.context.responseHeaders?"set-cookie"===c.toLowerCase()?a.context.responseHeaders.append(c,b):a.context.responseHeaders.set(c,b):a.context.responseHeaders=new Headers({[c]:b})}),a.context.session=c.response,c.response):(a.context.session=null,null)},jH=je(async a=>{let b=await jG(a);if(!b?.session)throw y.APIError.from("UNAUTHORIZED",{message:"Unauthorized",code:"UNAUTHORIZED"});return{session:b}}),jI=je(async a=>{let b=await jG(a,{disableCookieCache:!0});if(!b?.session)throw y.APIError.from("UNAUTHORIZED",{message:"Unauthorized",code:"UNAUTHORIZED"});return{session:b}});je(async a=>{let b=await jG(a);if(!b?.session&&(a.request||a.headers))throw y.APIError.from("UNAUTHORIZED",{message:"Unauthorized",code:"UNAUTHORIZED"});return{session:b}});let jJ=je(async a=>{let b=await jG(a);if(!b?.session)throw y.APIError.from("UNAUTHORIZED",{message:"Unauthorized",code:"UNAUTHORIZED"});if(0!==a.context.sessionConfig.freshAge){let c=new Date(b.session.createdAt).getTime(),d=1e3*a.context.sessionConfig.freshAge;if(Date.now()-c>=d)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.SESSION_NOT_FRESH)}return{session:b}}),jK=jg("/revoke-session",{method:"POST",body:hc({token:gD().meta({description:"The token to revoke"})}),use:[jI],requireHeaders:!0,metadata:{openapi:{description:"Revoke a single session",requestBody:{content:{"application/json":{schema:{type:"object",properties:{token:{type:"string",description:"The token to revoke"}},required:["token"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean",description:"Indicates if the session was revoked successfully"}},required:["status"]}}}}}}}},async a=>{let b=a.body.token;if((await a.context.internalAdapter.findSession(b))?.session.userId===a.context.session.user.id)try{await a.context.internalAdapter.deleteSession(b)}catch(b){throw a.context.logger.error(b&&"object"==typeof b&&"name"in b?b.name:"",b),y.APIError.from("INTERNAL_SERVER_ERROR",{message:"Internal Server Error",code:"INTERNAL_SERVER_ERROR"})}return a.json({status:!0})}),jL=jg("/revoke-sessions",{method:"POST",use:[jI],requireHeaders:!0,metadata:{openapi:{description:"Revoke all sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean",description:"Indicates if all sessions were revoked successfully"}},required:["status"]}}}}}}}},async a=>{try{await a.context.internalAdapter.deleteSessions(a.context.session.user.id)}catch(b){throw a.context.logger.error(b&&"object"==typeof b&&"name"in b?b.name:"",b),y.APIError.from("INTERNAL_SERVER_ERROR",{message:"Internal Server Error",code:"INTERNAL_SERVER_ERROR"})}return a.json({status:!0})}),jM=jg("/revoke-other-sessions",{method:"POST",requireHeaders:!0,use:[jI],metadata:{openapi:{description:"Revoke all other sessions for the user except the current one",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean",description:"Indicates if all other sessions were revoked successfully"}},required:["status"]}}}}}}}},async a=>{let b=a.context.session;if(!b.user)throw y.APIError.from("UNAUTHORIZED",{message:"Unauthorized",code:"UNAUTHORIZED"});let c=(await a.context.internalAdapter.listSessions(b.user.id)).filter(a=>a.expiresAt>new Date).filter(b=>b.token!==a.context.session.session.token);return await Promise.all(c.map(b=>a.context.internalAdapter.deleteSession(b.token))),a.json({status:!0})});function jN(a,b,c,d){let e=new URLSearchParams({error:c});d&&e.set("error_description",d);let f=b.includes("?")?"&":"?";throw a.redirect(`${b}${f}${e.toString()}`)}function jO(a,b){return`${b?.source==="generic"?`Generic OAuth provider "${a}"`:`Provider "${a}"`} did not return an email${b?.source==="id_token"?" in the id token":""}. Either request the provider's email scope, or synthesize one via \`mapProfileToUser\`. See https://www.better-auth.com/docs/concepts/oauth#handling-providers-without-email`}var jP=a.i(117649);let jQ=(0,jP.createRandomStringGenerator)("a-z","0-9","A-Z","-_");function jR(a){if("boolean"!=typeof a)throw TypeError(`boolean expected, not ${a}`)}function jS(a){if("number"!=typeof a)throw TypeError("number expected, got "+typeof a);if(!Number.isSafeInteger(a)||a<0)throw RangeError("positive integer expected, got "+a)}function jT(a,b,c=""){let d=a instanceof Uint8Array||ArrayBuffer.isView(a)&&"Uint8Array"===a.constructor.name&&"BYTES_PER_ELEMENT"in a&&1===a.BYTES_PER_ELEMENT,e=a?.length,f=void 0!==b;if(!d||f&&e!==b){let g=(c&&`"${c}" `)+"expected Uint8Array"+(f?` of length ${b}`:"")+", got "+(d?`length=${e}`:`type=${typeof a}`);if(!d)throw TypeError(g);throw RangeError(g)}return a}function jU(a,b=!0){if(a.destroyed)throw Error("Hash instance has been destroyed");if(b&&a.finished)throw Error("Hash#digest() has already been called")}function jV(a){return new Uint32Array(a.buffer,a.byteOffset,Math.floor(a.byteLength/4))}function jW(...a){for(let b=0;b<a.length;b++)a[b].fill(0)}let jX=68===new Uint8Array(new Uint32Array([0x11223344]).buffer)[0],jY=a=>a<<24&0xff000000|a<<8&0xff0000|a>>>8&65280|a>>>24&255,jZ=jX?a=>a:a=>jY(a)>>>0,j$=jX?a=>a:a=>{for(let b=0;b<a.length;b++)a[b]=jY(a[b]);return a},j_="function"==typeof Uint8Array.from([]).toHex&&"function"==typeof Uint8Array.fromHex,j0=Array.from({length:256},(a,b)=>b.toString(16).padStart(2,"0"));function j1(a){return a>=48&&a<=57?a-48:a>=65&&a<=70?a-55:a>=97&&a<=102?a-87:void 0}function j2(a,b,c=!0){if(void 0===b)return new Uint8Array(a);if(jT(b,void 0,"output"),b.length!==a)throw Error('"output" expected Uint8Array of length '+a+", got: "+b.length);if(c&&!j3(b))throw Error("invalid output, must be aligned");return b}function j3(a){return a.byteOffset%4==0}function j4(a){return Uint8Array.from(jT(a))}function j5(a=32){jS(a);let b="object"==typeof globalThis?globalThis.crypto:null;if("function"!=typeof b?.getRandomValues)throw Error("crypto.getRandomValues must be defined");return b.getRandomValues(new Uint8Array(a))}function j6(a,b=j5){let{nonceLength:c}=a;jS(c);let d=(a,b,c)=>{let d=function(...a){let b=0;for(let c=0;c<a.length;c++){let d=a[c];jT(d),b+=d.length}let c=new Uint8Array(b);for(let b=0,d=0;b<a.length;b++){let e=a[b];c.set(e,d),d+=e.length}return c}(a,b);return c.byteLength&&b.byteLength&&c.buffer===b.buffer&&c.byteOffset<b.byteOffset+b.byteLength&&b.byteOffset<c.byteOffset+c.byteLength||b.fill(0),d},e=(e,...f)=>({encrypt(g){jT(g);let h=b(c),i=a(e,h,...f).encrypt(g);return i instanceof Promise?i.then(a=>d(h,a,g)):d(h,i,g)},decrypt(b){jT(b);let d=b.subarray(0,c),g=b.subarray(c);return a(e,d,...f).decrypt(g)}});return"blockSize"in a&&(e.blockSize=a.blockSize),"tagLength"in a&&(e.tagLength=a.tagLength),e}let j7=a=>Uint8Array.from(a.split(""),a=>a.charCodeAt(0)),j8=j$(jV(j7("expand 16-byte k"))),j9=j$(jV(j7("expand 32-byte k")));function ka(a,b){return a<<b|a>>>32-b}let kb=0x100000000-1,kc=Uint32Array.of();function kd(a,b){return 255&a[b++]|(255&a[b++])<<8}class ke{blockLen=16;outputLen=16;buffer=new Uint8Array(16);r=new Uint16Array(10);h=new Uint16Array(10);pad=new Uint16Array(8);pos=0;finished=!1;destroyed=!1;constructor(a){const b=kd(a=j4(jT(a,32,"key")),0),c=kd(a,2),d=kd(a,4),e=kd(a,6),f=kd(a,8),g=kd(a,10),h=kd(a,12),i=kd(a,14);this.r[0]=8191&b,this.r[1]=(b>>>13|c<<3)&8191,this.r[2]=(c>>>10|d<<6)&7939,this.r[3]=(d>>>7|e<<9)&8191,this.r[4]=(e>>>4|f<<12)&255,this.r[5]=f>>>1&8190,this.r[6]=(f>>>14|g<<2)&8191,this.r[7]=(g>>>11|h<<5)&8065,this.r[8]=(h>>>8|i<<8)&8191,this.r[9]=i>>>5&127;for(let b=0;b<8;b++)this.pad[b]=kd(a,16+2*b)}process(a,b,c=!1){let{h:d,r:e}=this,f=e[0],g=e[1],h=e[2],i=e[3],j=e[4],k=e[5],l=e[6],m=e[7],n=e[8],o=e[9],p=kd(a,b+0),q=kd(a,b+2),r=kd(a,b+4),s=kd(a,b+6),t=kd(a,b+8),u=kd(a,b+10),v=kd(a,b+12),w=kd(a,b+14),x=d[0]+(8191&p),y=d[1]+((p>>>13|q<<3)&8191),z=d[2]+((q>>>10|r<<6)&8191),A=d[3]+((r>>>7|s<<9)&8191),B=d[4]+((s>>>4|t<<12)&8191),C=d[5]+(t>>>1&8191),D=d[6]+((t>>>14|u<<2)&8191),E=d[7]+((u>>>11|v<<5)&8191),F=d[8]+((v>>>8|w<<8)&8191),G=d[9]+(w>>>5|2048*!c),H=0,I=0+x*f+5*o*y+5*n*z+5*m*A+5*l*B;H=I>>>13,I&=8191,I+=5*k*C+5*j*D+5*i*E+5*h*F+5*g*G,H+=I>>>13,I&=8191;let J=H+x*g+y*f+5*o*z+5*n*A+5*m*B;H=J>>>13,J&=8191,J+=5*l*C+5*k*D+5*j*E+5*i*F+5*h*G,H+=J>>>13,J&=8191;let K=H+x*h+y*g+z*f+5*o*A+5*n*B;H=K>>>13,K&=8191,K+=5*m*C+5*l*D+5*k*E+5*j*F+5*i*G,H+=K>>>13,K&=8191;let L=H+x*i+y*h+z*g+A*f+5*o*B;H=L>>>13,L&=8191,L+=5*n*C+5*m*D+5*l*E+5*k*F+5*j*G,H+=L>>>13,L&=8191;let M=H+x*j+y*i+z*h+A*g+B*f;H=M>>>13,M&=8191,M+=5*o*C+5*n*D+5*m*E+5*l*F+5*k*G,H+=M>>>13,M&=8191;let N=H+x*k+y*j+z*i+A*h+B*g;H=N>>>13,N&=8191,N+=C*f+5*o*D+5*n*E+5*m*F+5*l*G,H+=N>>>13,N&=8191;let O=H+x*l+y*k+z*j+A*i+B*h;H=O>>>13,O&=8191,O+=C*g+D*f+5*o*E+5*n*F+5*m*G,H+=O>>>13,O&=8191;let P=H+x*m+y*l+z*k+A*j+B*i;H=P>>>13,P&=8191,P+=C*h+D*g+E*f+5*o*F+5*n*G,H+=P>>>13,P&=8191;let Q=H+x*n+y*m+z*l+A*k+B*j;H=Q>>>13,Q&=8191,Q+=C*i+D*h+E*g+F*f+5*o*G,H+=Q>>>13,Q&=8191;let R=H+x*o+y*n+z*m+A*l+B*k;H=R>>>13,R&=8191,R+=C*j+D*i+E*h+F*g+G*f,H+=R>>>13,R&=8191,I=8191&(H=(H=(H<<2)+H|0)+I|0),H>>>=13,J+=H,d[0]=I,d[1]=J,d[2]=K,d[3]=L,d[4]=M,d[5]=N,d[6]=O,d[7]=P,d[8]=Q,d[9]=R}finalize(){let{h:a,pad:b}=this,c=new Uint16Array(10),d=a[1]>>>13;a[1]&=8191;for(let b=2;b<10;b++)a[b]+=d,d=a[b]>>>13,a[b]&=8191;a[0]+=5*d,d=a[0]>>>13,a[0]&=8191,a[1]+=d,d=a[1]>>>13,a[1]&=8191,a[2]+=d,c[0]=a[0]+5,d=c[0]>>>13,c[0]&=8191;for(let b=1;b<10;b++)c[b]=a[b]+d,d=c[b]>>>13,c[b]&=8191;c[9]-=8192;let e=(1^d)-1;for(let a=0;a<10;a++)c[a]&=e;e=~e;for(let b=0;b<10;b++)a[b]=a[b]&e|c[b];a[0]=(a[0]|a[1]<<13)&65535,a[1]=(a[1]>>>3|a[2]<<10)&65535,a[2]=(a[2]>>>6|a[3]<<7)&65535,a[3]=(a[3]>>>9|a[4]<<4)&65535,a[4]=(a[4]>>>12|a[5]<<1|a[6]<<14)&65535,a[5]=(a[6]>>>2|a[7]<<11)&65535,a[6]=(a[7]>>>5|a[8]<<8)&65535,a[7]=(a[8]>>>8|a[9]<<5)&65535;let f=a[0]+b[0];a[0]=65535&f;for(let c=1;c<8;c++)f=(a[c]+b[c]|0)+(f>>>16)|0,a[c]=65535&f;jW(c)}update(a){jU(this),jT(a);let{buffer:b,blockLen:c}=this,d=(a=j4(a)).length;for(let e=0;e<d;){let f=Math.min(c-this.pos,d-e);if(f===c){for(;c<=d-e;e+=c)this.process(a,e);continue}b.set(a.subarray(e,e+f),this.pos),this.pos+=f,e+=f,this.pos===c&&(this.process(b,0,!1),this.pos=0)}return this}destroy(){this.destroyed=!0,jW(this.h,this.r,this.buffer,this.pad)}digestInto(a){jU(this),function(a,b,c=!1){jT(a,void 0,"output");let d=b.outputLen;if(a.length<d)throw RangeError("digestInto() expects output buffer of length at least "+d);if(c&&!j3(a))throw Error("invalid output, must be aligned")}(a,this),this.finished=!0;let{buffer:b,h:c}=this,{pos:d}=this;if(d){for(b[d++]=1;d<16;d++)b[d]=0;this.process(b,0,!0)}this.finalize();let e=0;for(let b=0;b<8;b++)a[e++]=c[b]>>>0,a[e++]=c[b]>>>8}digest(){let{buffer:a,outputLen:b}=this;this.digestInto(a);let c=a.slice(0,b);return this.destroy(),c}}let kf=(q=a=>new ke(a),j=()=>[],(k=(a,b)=>q(b,...j(a)).update(a).digest()).outputLen=(l=q(new Uint8Array(32),...j(new Uint8Array(0)))).outputLen,k.blockLen=l.blockLen,k.create=(a,...b)=>q(a,...b),k),kg=function(a,b){let{allowShortKeys:c,extendNonceFn:d,counterLength:e,counterRight:f,rounds:g}=function(a,b){if(null==b||"object"!=typeof b)throw Error("options must be defined");return Object.assign(a,b)}({allowShortKeys:!1,counterLength:8,counterRight:!1,rounds:20},b);if("function"!=typeof a)throw Error("core must be a function");return jS(e),jS(g),jR(f),jR(c),(b,h,i,j,k=0)=>{let l,m;if(jT(b,void 0,"key"),jT(h,void 0,"nonce"),jT(i,void 0,"data"),j=j2(i.length,j,!1),jS(k),k<0||k>=kb)throw Error("arx: counter overflow");let n=[],o=b.length;if(32===o)n.push(l=j4(b)),m=j9;else if(16===o&&c)(l=new Uint8Array(32)).set(b),l.set(b,16),m=j8,n.push(l);else throw jT(b,32,"arx key"),Error("invalid key size");jX&&j3(h)||n.push(h=j4(h));let p=jV(l);if(d){if(24!==h.length)throw Error("arx: extended nonce must be 24 bytes");let a=h.subarray(0,16);if(jX)d(m,p,jV(a),p);else{let b=j$(Uint32Array.from(m));d(b,p,jV(a),p),jW(b),j$(p)}h=h.subarray(16)}else jX||j$(p);let q=16-e;if(q!==h.length)throw Error(`arx: nonce must be ${q} or 16 bytes`);if(12!==q){let a=new Uint8Array(12);a.set(h,f?0:12-h.length),h=a,n.push(h)}let r=j$(jV(h));try{return!function(a,b,c,d,e,f,g,h){let i=e.length,j=new Uint8Array(64),k=jV(j),l=jX&&j3(e)&&j3(f),m=l?jV(e):kc,n=l?jV(f):kc;if(!jX){for(let l=0;l<i;g++){if(a(b,c,d,k,g,h),j$(k),g>=kb)throw Error("arx: counter overflow");let m=Math.min(64,i-l);for(let a=0,b;a<m;a++)f[b=l+a]=e[b]^j[a];l+=m}return}for(let o=0;o<i;g++){if(a(b,c,d,k,g,h),g>=kb)throw Error("arx: counter overflow");let p=Math.min(64,i-o);if(l&&64===p){let a=o/4;if(o%4!=0)throw Error("arx: invalid block position");for(let b=0,c;b<16;b++)n[c=a+b]=m[c]^k[b];o+=64;continue}for(let a=0,b;a<p;a++)f[b=o+a]=e[b]^j[a];o+=p}}(a,m,p,r,i,j,k,g),j}finally{jW(...n)}}}(function(a,b,c,d,e,f=20){let g=a[0],h=a[1],i=a[2],j=a[3],k=b[0],l=b[1],m=b[2],n=b[3],o=b[4],p=b[5],q=b[6],r=b[7],s=c[0],t=c[1],u=c[2],v=g,w=h,x=i,y=j,z=k,A=l,B=m,C=n,D=o,E=p,F=q,G=r,H=e,I=s,J=t,K=u;for(let a=0;a<f;a+=2)D=D+(H=ka(H^(v=v+z|0),16))|0,v=v+(z=ka(z^D,12))|0,D=D+(H=ka(H^v,8))|0,z=ka(z^D,7),E=E+(I=ka(I^(w=w+A|0),16))|0,w=w+(A=ka(A^E,12))|0,E=E+(I=ka(I^w,8))|0,A=ka(A^E,7),F=F+(J=ka(J^(x=x+B|0),16))|0,x=x+(B=ka(B^F,12))|0,F=F+(J=ka(J^x,8))|0,B=ka(B^F,7),G=G+(K=ka(K^(y=y+C|0),16))|0,y=y+(C=ka(C^G,12))|0,G=G+(K=ka(K^y,8))|0,C=ka(C^G,7),F=F+(K=ka(K^(v=v+A|0),16))|0,v=v+(A=ka(A^F,12))|0,F=F+(K=ka(K^v,8))|0,A=ka(A^F,7),G=G+(H=ka(H^(w=w+B|0),16))|0,w=w+(B=ka(B^G,12))|0,G=G+(H=ka(H^w,8))|0,B=ka(B^G,7),D=D+(I=ka(I^(x=x+C|0),16))|0,x=x+(C=ka(C^D,12))|0,D=D+(I=ka(I^x,8))|0,C=ka(C^D,7),E=E+(J=ka(J^(y=y+z|0),16))|0,y=y+(z=ka(z^E,12))|0,E=E+(J=ka(J^y,8))|0,z=ka(z^E,7);let L=0;d[L++]=g+v|0,d[L++]=h+w|0,d[L++]=i+x|0,d[L++]=j+y|0,d[L++]=k+z|0,d[L++]=l+A|0,d[L++]=m+B|0,d[L++]=n+C|0,d[L++]=o+D|0,d[L++]=p+E|0,d[L++]=q+F|0,d[L++]=r+G|0,d[L++]=e+H|0,d[L++]=s+I|0,d[L++]=t+J|0,d[L++]=u+K|0},{counterRight:!1,counterLength:8,extendNonceFn:function(a,b,c,d){let e=jZ(a[0]),f=jZ(a[1]),g=jZ(a[2]),h=jZ(a[3]),i=jZ(b[0]),j=jZ(b[1]),k=jZ(b[2]),l=jZ(b[3]),m=jZ(b[4]),n=jZ(b[5]),o=jZ(b[6]),p=jZ(b[7]),q=jZ(c[0]),r=jZ(c[1]),s=jZ(c[2]),t=jZ(c[3]);for(let a=0;a<20;a+=2)m=m+(q=ka(q^(e=e+i|0),16))|0,e=e+(i=ka(i^m,12))|0,m=m+(q=ka(q^e,8))|0,i=ka(i^m,7),n=n+(r=ka(r^(f=f+j|0),16))|0,f=f+(j=ka(j^n,12))|0,n=n+(r=ka(r^f,8))|0,j=ka(j^n,7),o=o+(s=ka(s^(g=g+k|0),16))|0,g=g+(k=ka(k^o,12))|0,o=o+(s=ka(s^g,8))|0,k=ka(k^o,7),p=p+(t=ka(t^(h=h+l|0),16))|0,h=h+(l=ka(l^p,12))|0,p=p+(t=ka(t^h,8))|0,l=ka(l^p,7),o=o+(t=ka(t^(e=e+j|0),16))|0,e=e+(j=ka(j^o,12))|0,o=o+(t=ka(t^e,8))|0,j=ka(j^o,7),p=p+(q=ka(q^(f=f+k|0),16))|0,f=f+(k=ka(k^p,12))|0,p=p+(q=ka(q^f,8))|0,k=ka(k^p,7),m=m+(r=ka(r^(g=g+l|0),16))|0,g=g+(l=ka(l^m,12))|0,m=m+(r=ka(r^g,8))|0,l=ka(l^m,7),n=n+(s=ka(s^(h=h+i|0),16))|0,h=h+(i=ka(i^n,12))|0,n=n+(s=ka(s^h,8))|0,i=ka(i^n,7);let u=0;d[u++]=e,d[u++]=f,d[u++]=g,d[u++]=h,d[u++]=q,d[u++]=r,d[u++]=s,d[u++]=t,j$(d)},allowShortKeys:!1}),kh=new Uint8Array(16),ki=(a,b)=>{a.update(b);let c=b.length%16;c&&a.update(kh.subarray(c))},kj=new Uint8Array(32);function kk(a,b,c,d,e){var f,g;let h,i;void 0!==e&&jT(e,void 0,"AAD");let j=a(b,c,kj),k=(f=d.length,g=e?e.length:0,jS(f),jS(g),jR(!0),(i=new DataView((h=new Uint8Array(16)).buffer,h.byteOffset,h.byteLength)).setBigUint64(0,BigInt(g),!0),i.setBigUint64(8,BigInt(f),!0),h),l=kf.create(j);e&&ki(l,e),ki(l,d),l.update(k);let m=l.digest();return jW(j,k),m}let kl=((a,b)=>{function c(d,...e){jT(d,void 0,"key"),void 0!==a.nonceLength&&jT(e[0],a.varSizeNonce?void 0:a.nonceLength,"nonce");let f=a.tagLength;f&&void 0!==e[1]&&jT(e[1],void 0,"AAD");let g=b(d,...e),h=(a,b)=>{if(void 0!==b){if(2!==a)throw Error("cipher output not supported");jT(b,void 0,"output")}},i=!1;return{encrypt(a,b){if(i)throw Error("cannot encrypt() twice with same key + nonce");return i=!0,jT(a),h(g.encrypt.length,b),g.encrypt(a,b)},decrypt(a,b){if(jT(a),f&&a.length<f)throw Error('"ciphertext" expected length bigger than tagLength='+f);return h(g.decrypt.length,b),g.decrypt(a,b)}}}return Object.assign(c,a),c})({blockSize:64,nonceLength:24,tagLength:16},(a,b,c)=>({encrypt(d,e){let f=d.length;(e=j2(f+16,e,!1)).set(d);let g=e.subarray(0,-16);kg(a,b,g,g,1);let h=kk(kg,a,b,g,c);return e.set(h,f),jW(h),e},decrypt(d,e){e=j2(d.length-16,e,!1);let f=d.subarray(0,-16),g=d.subarray(-16),h=kk(kg,a,b,f,c);if(!function(a,b){if(a.length!==b.length)return!1;let c=0;for(let d=0;d<a.length;d++)c|=a[d]^b[d];return 0===c}(g,h))throw jW(h),Error("invalid tag");return e.set(d.subarray(0,-16)),kg(a,b,e,e,1),jW(h),e}})),km="$ba$";async function kn(a,b){let c=await h$("SHA-256").digest(a),d=function(a){if("string"!=typeof a)throw TypeError("string expected");return new Uint8Array(new TextEncoder().encode(a))}(b);var e=j6(kl)(new Uint8Array(c)).encrypt(d);if(jT(e),j_)return e.toHex();let f="";for(let a=0;a<e.length;a++)f+=j0[e[a]];return f}async function ko(a,b){let c=await h$("SHA-256").digest(a),d=function(a){if("string"!=typeof a)throw TypeError("hex string expected, got "+typeof a);if(j_)try{return Uint8Array.fromHex(a)}catch(a){if(a instanceof SyntaxError)throw RangeError(a.message);throw a}let b=a.length,c=b/2;if(b%2)throw RangeError("hex string expected, got unpadded hex of length "+b);let d=new Uint8Array(c);for(let b=0,e=0;b<c;b++,e+=2){let c=j1(a.charCodeAt(e)),f=j1(a.charCodeAt(e+1));if(void 0===c||void 0===f)throw RangeError('hex string expected, got non-hex character "'+(a[e]+a[e+1])+'" at index '+e);d[b]=16*c+f}return d}(b),e=j6(kl)(new Uint8Array(c));return new TextDecoder().decode(e.decrypt(d))}let kp=async({key:a,data:b})=>{var c;if("string"==typeof a)return kn(a,b);let d=a.keys.get(a.currentVersion);if(!d)throw Error(`Secret version ${a.currentVersion} not found in keys`);let e=await kn(d,b);return c=a.currentVersion,`${km}${c}$${e}`},kq=async({key:a,data:b})=>{if("string"==typeof a)return ko(a,b);let c=function(a){if(!a.startsWith(km))return null;let b=a.indexOf("$",4);if(-1===b)return null;let c=parseInt(a.slice(4,b),10);return!Number.isInteger(c)||c<0?null:{version:c,ciphertext:a.slice(b+1)}}(b);if(c){let b=a.keys.get(c.version);if(!b)throw Error(`Secret version ${c.version} not found in keys (key may have been retired)`);return ko(b,c.ciphertext)}if(a.legacySecret)return ko(a.legacySecret,b);throw Error("Cannot decrypt legacy bare-hex payload: no legacy secret available. Set BETTER_AUTH_SECRET for backwards compatibility.")};var kr=y,hx=hx;let ks=new hb({type:"object",shape:{callbackURL:gD(),codeVerifier:gD(),errorURL:gD().optional(),newUserURL:gD().optional(),expiresAt:gZ(),oauthState:gD().optional(),link:hc({email:gD(),userId:hx.string()}).optional(),requestSignUp:g1().optional()},catchall:g6(),...f9.normalizeParams(void 0)});var kt=class extends kr.BetterAuthError{code;details;errorURL;constructor(a,b){super(a,b),this.code=b.code,this.details=b.details,this.errorURL=b.errorURL}};async function ku(a,b,c){let d=jQ(32);if("cookie"===a.context.oauthConfig.storeStateStrategy){let e={...b,oauthState:d},f=await kp({key:a.context.secretConfig,data:JSON.stringify(e)}),g=a.context.createAuthCookie(c?.cookieName??"oauth_state",{maxAge:600});return a.setCookie(g.name,f,g.attributes),{state:d,codeVerifier:b.codeVerifier}}let e=a.context.createAuthCookie(c?.cookieName??"state",{maxAge:300});await a.setSignedCookie(e.name,d,a.context.secret,e.attributes);let f=new Date;if(f.setMinutes(f.getMinutes()+10),!await a.context.internalAdapter.createVerificationValue({value:JSON.stringify({...b,oauthState:d}),identifier:d,expiresAt:f}))throw new kt("Unable to create verification. Make sure the database adapter is properly working and there is a verification table in the database",{code:"state_generation_error"});return{state:d,codeVerifier:b.codeVerifier}}async function kv(a,b,c){let d;if(!b)throw new kt("State not found in OAuth callback",{code:"state_not_found"});if("cookie"===a.context.oauthConfig.storeStateStrategy){let e=a.context.createAuthCookie(c?.cookieName??"oauth_state"),f=a.getCookie(e.name);if(!f)throw new kt("State mismatch: auth state cookie not found",{code:"state_mismatch",details:{state:b}});try{let b=await kq({key:a.context.secretConfig,data:f});d=ks.parse(JSON.parse(b))}catch(a){throw new kt("State invalid: Failed to decrypt or parse auth state",{code:"state_invalid",details:{state:b},cause:a})}if(!d.oauthState||d.oauthState!==b)throw new kt("State mismatch: OAuth state parameter does not match stored state",{code:"state_security_mismatch",details:{state:b},errorURL:d.errorURL});hU(a,e)}else{let e=await a.context.internalAdapter.findVerificationValue(b);if(!e)throw new kt("State mismatch: verification not found",{code:"state_mismatch",details:{state:b}});if(void 0!==(d=ks.parse(JSON.parse(e.value))).oauthState&&d.oauthState!==b)throw new kt("State mismatch: OAuth state parameter does not match stored state",{code:"state_security_mismatch",details:{state:b},errorURL:d.errorURL});let f=a.context.createAuthCookie(c?.cookieName??"state"),g=await a.getSignedCookie(f.name,a.context.secret);if(!(c?.skipStateCookieCheck??a.context.oauthConfig.skipStateCookieCheck)&&(!g||g!==b))throw new kt("State mismatch: State not persisted correctly",{code:"state_security_mismatch",details:{state:b},errorURL:d.errorURL});hU(a,f),await a.context.internalAdapter.deleteVerificationByIdentifier(b)}if(d.expiresAt<Date.now())throw new kt("Invalid state: request expired",{code:"state_mismatch",details:{expiresAt:d.expiresAt},errorURL:d.errorURL});return d}async function kw(a,b,c){let d=a.body?.callbackURL||a.context.options.baseURL;if(!d)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.CALLBACK_URL_REQUIRED);let e=jQ(128),f={...c||{},callbackURL:d,codeVerifier:e,errorURL:a.body?.errorCallbackURL,newUserURL:a.body?.newUserCallbackURL,link:b,expiresAt:Date.now()+6e5,requestSignUp:a.body?.requestSignUp};await jC(f);try{return ku(a,f)}catch(b){throw a.context.logger.error("Failed to create verification",b),new y.APIError("INTERNAL_SERVER_ERROR",{message:"Unable to create verification",cause:b})}}async function kx(a){let b,c=a.query.state||a.body?.state,d=a.context.options.onAPIError?.errorURL||`${a.context.baseURL}/error`;try{b=await kv(a,c)}catch(e){a.context.logger.error("Failed to parse state",e);let b="internal_server_error",c=d;e instanceof kt&&(b="state_security_mismatch"===e.code?"state_mismatch":e.code,c=e.errorURL??d),jN(a,c,b)}return b.errorURL||(b.errorURL=d),b&&await jC(b),b}function ky(a,b){if(!a)return a;if(b.options.account?.encryptOAuthTokens)return a.startsWith("$ba$")||a.length%2==0&&/^[0-9a-f]+$/i.test(a)?kq({key:b.secretConfig,data:a}):a;return a}function kz(a,b){return b.options.account?.encryptOAuthTokens&&a?kp({key:b.secretConfig,data:a}):a}function kA(a){let b=a=>new Date(new Date().getTime()+1e3*a);return{tokenType:a.token_type,accessToken:a.access_token,refreshToken:a.refresh_token,accessTokenExpiresAt:a.expires_in?b(a.expires_in):void 0,refreshTokenExpiresAt:a.refresh_token_expires_in?b(a.refresh_token_expires_in):void 0,scopes:a?.scope?"string"==typeof a.scope?a.scope.split(" "):a.scope:[],idToken:a.id_token,raw:a}}function kB(a){let b=Array.isArray(a)?a[0]:a;return"string"==typeof b&&b.length>0?b:void 0}async function kC(a){let b=new TextEncoder().encode(a),c=await crypto.subtle.digest("SHA-256",b);return hL.encode(new Uint8Array(c),{padding:!1})}async function kD({id:a,options:b,authorizationEndpoint:c,state:d,codeVerifier:e,scopes:f,claims:g,redirectURI:h,duration:i,prompt:j,accessType:k,responseType:l,display:m,loginHint:n,hd:o,responseMode:p,additionalParams:q,scopeJoiner:r}){let s=new URL((b="function"==typeof b?await b():b).authorizationEndpoint||c);s.searchParams.set("response_type",l||"code");let t=Array.isArray(b.clientId)?b.clientId[0]:b.clientId;if(s.searchParams.set("client_id",t),s.searchParams.set("state",d),f&&s.searchParams.set("scope",f.join(r||" ")),s.searchParams.set("redirect_uri",b.redirectURI||h),i&&s.searchParams.set("duration",i),m&&s.searchParams.set("display",m),n&&s.searchParams.set("login_hint",n),j&&s.searchParams.set("prompt",j),o&&s.searchParams.set("hd",o),k&&s.searchParams.set("access_type",k),p&&s.searchParams.set("response_mode",p),e){let a=await kC(e);s.searchParams.set("code_challenge_method","S256"),s.searchParams.set("code_challenge",a)}if(g){let a=g.reduce((a,b)=>(a[b]=null,a),{});s.searchParams.set("claims",JSON.stringify({id_token:{email:null,email_verified:null,...a}}))}return q&&Object.entries(q).forEach(([a,b])=>{s.searchParams.set(a,b)}),s}var kE=Object.defineProperty,kF=Object.defineProperties,kG=Object.getOwnPropertyDescriptors,kH=Object.getOwnPropertySymbols,kI=Object.prototype.hasOwnProperty,kJ=Object.prototype.propertyIsEnumerable,kK=(a,b,c)=>b in a?kE(a,b,{enumerable:!0,configurable:!0,writable:!0,value:c}):a[b]=c,kL=(a,b)=>{for(var c in b||(b={}))kI.call(b,c)&&kK(a,c,b[c]);if(kH)for(var c of kH(b))kJ.call(b,c)&&kK(a,c,b[c]);return a},kM=(a,b)=>kF(a,kG(b)),kN=class extends Error{constructor(a,b,c){super(b||a.toString(),{cause:c}),this.status=a,this.statusText=b,this.error=c,Error.captureStackTrace(this,this.constructor)}},kO=async(a,b)=>{var c,d,e,f,g,h;let i=b||{},j={onRequest:[null==b?void 0:b.onRequest],onResponse:[null==b?void 0:b.onResponse],onSuccess:[null==b?void 0:b.onSuccess],onError:[null==b?void 0:b.onError],onRetry:[null==b?void 0:b.onRetry]};if(!b||!(null==b?void 0:b.plugins))return{url:a,options:i,hooks:j};for(let k of(null==b?void 0:b.plugins)||[]){if(k.init){let d=await (null==(c=k.init)?void 0:c.call(k,a.toString(),b));i=d.options||i,a=d.url}j.onRequest.push(null==(d=k.hooks)?void 0:d.onRequest),j.onResponse.push(null==(e=k.hooks)?void 0:e.onResponse),j.onSuccess.push(null==(f=k.hooks)?void 0:f.onSuccess),j.onError.push(null==(g=k.hooks)?void 0:g.onError),j.onRetry.push(null==(h=k.hooks)?void 0:h.onRetry)}return{url:a,options:i,hooks:j}},kP=class{constructor(a){this.options=a}shouldAttemptRetry(a,b){return this.options.shouldRetry?Promise.resolve(a<this.options.attempts&&this.options.shouldRetry(b)):Promise.resolve(a<this.options.attempts)}getDelay(){return this.options.delay}},kQ=class{constructor(a){this.options=a}shouldAttemptRetry(a,b){return this.options.shouldRetry?Promise.resolve(a<this.options.attempts&&this.options.shouldRetry(b)):Promise.resolve(a<this.options.attempts)}getDelay(a){return Math.min(this.options.maxDelay,this.options.baseDelay*2**a)}},kR=async a=>{let b={},c=async a=>"function"==typeof a?await a():a;if(null==a?void 0:a.auth){if("Bearer"===a.auth.type){let d=await c(a.auth.token);if(!d)return b;b.authorization=`Bearer ${d}`}else if("Basic"===a.auth.type){let[d,e]=await Promise.all([c(a.auth.username),c(a.auth.password)]);if(!d||!e)return b;b.authorization=`Basic ${btoa(`${d}:${e}`)}`}else if("Custom"===a.auth.type){let[d,e]=await Promise.all([c(a.auth.prefix),c(a.auth.value)]);if(!e)return b;b.authorization=`${null!=d?d:""} ${e}`}}return b},kS=/^application\/(?:[\w!#$%&*.^`~-]*\+)?json(;.+)?$/i;function kT(a){if(void 0===a)return!1;let b=typeof a;return"string"===b||"number"===b||"boolean"===b||null===b||"object"===b&&(!!Array.isArray(a)||!a.buffer&&(a.constructor&&"Object"===a.constructor.name||"function"==typeof a.toJSON))}function kU(a){try{return JSON.parse(a)}catch(b){return a}}async function kV(a){let b=new Headers(null==a?void 0:a.headers);for(let[c,d]of Object.entries(await kR(a)||{}))b.set(c,d);if(!b.has("content-type")){let c=kT(null==a?void 0:a.body)?"application/json":null;c&&b.set("content-type",c)}return b}var kW=class a extends Error{constructor(b,c){super(c||JSON.stringify(b,null,2)),this.issues=b,Object.setPrototypeOf(this,a.prototype)}};async function kX(a,b){let c=await a["~standard"].validate(b);if(c.issues)throw new kW(c.issues);return c.value}var kY=["get","post","put","patch","delete"],kZ=async(a,b)=>{var c,d,e,f,g,h,i,j;let k,{hooks:l,url:m,options:n}=await kO(a,b),o=function(a){if(null==a?void 0:a.customFetchImpl)return a.customFetchImpl;if("u">typeof globalThis&&"function"==typeof globalThis.fetch)return globalThis.fetch;throw Error("No fetch implementation found")}(n),p=new AbortController,q=null!=(c=n.signal)?c:p.signal,r=function(a,b){let{baseURL:c,params:d,query:e}=b||{query:{},params:{},baseURL:""},f=a.startsWith("http")?a.split("/").slice(0,3).join("/"):c||"";if(a.startsWith("@")){let b=a.toString().split("@")[1].split("/")[0];kY.includes(b)&&(a=a.replace(`@${b}/`,"/"))}f.endsWith("/")||(f+="/");let[g,h]=a.replace(f,"").split("?"),i=new URLSearchParams(h);for(let[a,b]of Object.entries(e||{})){let c;if(null!=b){if("string"==typeof b)c=b;else if(Array.isArray(b)){for(let c of b)i.append(a,c);continue}else c=JSON.stringify(b);i.set(a,c)}}if(d)if(Array.isArray(d))for(let[a,b]of g.split("/").filter(a=>a.startsWith(":")).entries()){let c=d[a];g=g.replace(b,c)}else for(let[a,b]of Object.entries(d))g=g.replace(`:${a}`,String(b));(g=g.split("/").map(encodeURIComponent).join("/")).startsWith("/")&&(g=g.slice(1));let j=i.toString();return(j=j.length>0?`?${j}`.replace(/\+/g,"%20"):"",f.startsWith("http"))?new URL(`${g}${j}`,f):`${f}${g}${j}`}(m,n),s=function(a){if(!(null==a?void 0:a.body))return null;let b=new Headers(null==a?void 0:a.headers);if(kT(a.body)&&!b.has("content-type")){for(let[b,c]of Object.entries(null==a?void 0:a.body))c instanceof Date&&(a.body[b]=c.toISOString());return JSON.stringify(a.body)}return b.has("content-type")&&"application/x-www-form-urlencoded"===b.get("content-type")&&kT(a.body)?new URLSearchParams(a.body).toString():a.body}(n),t=await kV(n),u=function(a,b){var c;if(null==b?void 0:b.method)return b.method.toUpperCase();if(a.startsWith("@")){let d=null==(c=a.split("@")[1])?void 0:c.split("/")[0];return kY.includes(d)?d.toUpperCase():(null==b?void 0:b.body)?"POST":"GET"}return(null==b?void 0:b.body)?"POST":"GET"}(m,n),v=kM(kL({},n),{url:r,headers:t,body:s,method:u,signal:q});for(let a of l.onRequest)if(a){let b=await a(v);"object"==typeof b&&null!==b&&(v=b)}("pipeTo"in v&&"function"==typeof v.pipeTo||"function"==typeof(null==(d=null==b?void 0:b.body)?void 0:d.pipe))&&!("duplex"in v)&&(v.duplex="half");let{clearTimeout:w}=(!(null==n?void 0:n.signal)&&(null==n?void 0:n.timeout)&&(k=setTimeout(()=>null==p?void 0:p.abort(),null==n?void 0:n.timeout)),{abortTimeout:k,clearTimeout:()=>{k&&clearTimeout(k)}}),x=await o(v.url,v);w();let y={response:x,request:v};for(let a of l.onResponse)if(a){let c=await a(kM(kL({},y),{response:(null==(e=null==b?void 0:b.hookOptions)?void 0:e.cloneResponse)?x.clone():x}));c instanceof Response?x=c:"object"==typeof c&&null!==c&&(x=c.response)}if(x.ok){if("HEAD"===v.method)return{data:"",error:null};let a=function(a){let b=a.headers.get("content-type"),c=new Set(["image/svg","application/xml","application/xhtml","application/html"]);if(!b)return"json";let d=b.split(";").shift()||"";return kS.test(d)?"json":c.has(d)||d.startsWith("text/")?"text":"blob"}(x),c={data:null,response:x,request:v};if("json"===a||"text"===a){let a=await x.text(),b=null!=(f=v.jsonParser)?f:kU;c.data=await b(a)}else c.data=await x[a]();for(let a of((null==v?void 0:v.output)&&v.output&&!v.disableValidation&&(c.data=await kX(v.output,c.data)),l.onSuccess))a&&await a(kM(kL({},c),{response:(null==(g=null==b?void 0:b.hookOptions)?void 0:g.cloneResponse)?x.clone():x}));return(null==b?void 0:b.throw)?c.data:{data:c.data,error:null}}let z=null!=(h=null==b?void 0:b.jsonParser)?h:kU,A=await x.text(),B=function(a){try{return JSON.parse(a),!0}catch(a){return!1}}(A),C=B?await z(A):null,D={response:x,responseText:A,request:v,error:kM(kL({},C),{status:x.status,statusText:x.statusText})};for(let a of l.onError)a&&await a(kM(kL({},D),{response:(null==(i=null==b?void 0:b.hookOptions)?void 0:i.cloneResponse)?x.clone():x}));if(null==b?void 0:b.retry){let c=function(a){if("number"==typeof a)return new kP({type:"linear",attempts:a,delay:1e3});switch(a.type){case"linear":return new kP(a);case"exponential":return new kQ(a);default:throw Error("Invalid retry strategy")}}(b.retry),d=null!=(j=b.retryAttempt)?j:0;if(await c.shouldAttemptRetry(d,x)){for(let a of l.onRetry)a&&await a(y);let e=c.getDelay(d);return await new Promise(a=>setTimeout(a,e)),await kZ(a,kM(kL({},b),{retryAttempt:d+1}))}}if(null==b?void 0:b.throw)throw new kN(x.status,x.statusText,B?C:A);return{data:null,error:kM(kL({},C),{status:x.status,statusText:x.statusText})}};async function k$({refreshToken:a,options:b,tokenEndpoint:c,authentication:d,extraParams:e}){let{body:f,headers:g}=await function({refreshToken:a,options:b,authentication:c,extraParams:d,resource:e}){let f=new URLSearchParams,g={"content-type":"application/x-www-form-urlencoded",accept:"application/json"};if(f.set("grant_type","refresh_token"),f.set("refresh_token",a),"basic"===c){let a=Array.isArray(b.clientId)?b.clientId[0]:b.clientId;a?g.authorization="Basic "+hK.encode(`${a}:${b.clientSecret??""}`):g.authorization="Basic "+hK.encode(`:${b.clientSecret??""}`)}else{let a=Array.isArray(b.clientId)?b.clientId[0]:b.clientId;f.set("client_id",a),b.clientSecret&&f.set("client_secret",b.clientSecret)}if(e)if("string"==typeof e)f.append("resource",e);else for(let a of e)f.append("resource",a);if(d)for(let[a,b]of Object.entries(d))f.set(a,b);return{body:f,headers:g}}({refreshToken:a,options:b,authentication:d,extraParams:e}),{data:h,error:i}=await kZ(c,{method:"POST",body:f,headers:g});if(i)throw i;let j={accessToken:h.access_token,refreshToken:h.refresh_token,tokenType:h.token_type,scopes:h.scope?.split(" "),idToken:h.id_token};return h.expires_in&&(j.accessTokenExpiresAt=new Date(new Date().getTime()+1e3*h.expires_in)),h.refresh_token_expires_in&&(j.refreshTokenExpiresAt=new Date(new Date().getTime()+1e3*h.refresh_token_expires_in)),j}function k_(a){return bE(a)}class k0{#o;#p=new WeakMap;constructor(a){if(!function(a){return a&&"object"==typeof a&&Array.isArray(a.keys)&&a.keys.every(k_)}(a))throw new aZ("JSON Web Key Set malformed");this.#o=structuredClone(a)}jwks(){return this.#o}async getKey(a,b){let{alg:c,kid:d}={...a,...b?.header},e=function(a){switch("string"==typeof a&&a.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";case"ML":return"AKP";default:throw new aT('Unsupported "alg" value for a JSON Web Key Set')}}(c),f=this.#o.keys.filter(a=>{let b=e===a.kty;if(b&&"string"==typeof d&&(b=d===a.kid),b&&("string"==typeof a.alg||"AKP"===e)&&(b=c===a.alg),b&&"string"==typeof a.use&&(b="sig"===a.use),b&&Array.isArray(a.key_ops)&&(b=a.key_ops.includes("verify")),b)switch(c){case"ES256":b="P-256"===a.crv;break;case"ES384":b="P-384"===a.crv;break;case"ES512":b="P-521"===a.crv;break;case"Ed25519":case"EdDSA":b="Ed25519"===a.crv}return b}),{0:g,length:h}=f;if(0===h)throw new a$;if(1!==h){let a=new a_,b=this.#p;throw a[Symbol.asyncIterator]=async function*(){for(let a of f)try{yield await k1(b,a,c)}catch{}},a}return k1(this.#p,g,c)}}async function k1(a,b,c){let d=a.get(b)||a.set(b,{}).get(b);if(void 0===d[c]){let a=await bM({...b,ext:!0},c);if(a instanceof Uint8Array||"public"!==a.type)throw new aZ("JSON Web Key Set members must be public keys");d[c]=a}return d[c]}function k2(a){let b=new k0(a),c=async(a,c)=>b.getKey(a,c);return Object.defineProperties(c,{jwks:{value:()=>structuredClone(b.jwks()),enumerable:!1,configurable:!1,writable:!1}}),c}("u"<typeof navigator||!navigator.userAgent?.startsWith?.("Mozilla/5.0 "))&&(c="jose/v6.2.3");let k3=Symbol();async function k4(a,b,c,d=fetch){let e=await d(a,{method:"GET",signal:c,redirect:"manual",headers:b}).catch(a=>{if("TimeoutError"===a.name)throw new a0;throw a});if(200!==e.status)throw new aP("Expected 200 OK from the JSON Web Key Set HTTP response");try{return await e.json()}catch{throw new aP("Failed to parse the JSON Web Key Set HTTP response as JSON")}}let k5=Symbol();class k6{#q;#r;#s;#t;#u;#v;#w;#x;#y;#z;constructor(a,b){if(!(a instanceof URL))throw TypeError("url must be an instance of URL");this.#q=new URL(a.href),this.#r="number"==typeof b?.timeoutDuration?b?.timeoutDuration:5e3,this.#s="number"==typeof b?.cooldownDuration?b?.cooldownDuration:3e4,this.#t="number"==typeof b?.cacheMaxAge?b?.cacheMaxAge:6e5,this.#w=new Headers(b?.headers),c&&!this.#w.has("User-Agent")&&this.#w.set("User-Agent",c),this.#w.has("accept")||(this.#w.set("accept","application/json"),this.#w.append("accept","application/jwk-set+json")),this.#x=b?.[k3],b?.[k5]!==void 0&&(this.#z=b?.[k5],function(a,b){return!("object"!=typeof a||null===a||!("uat"in a)||"number"!=typeof a.uat||Date.now()-a.uat>=b)&&"jwks"in a&&!!bE(a.jwks)&&!!Array.isArray(a.jwks.keys)&&!!Array.prototype.every.call(a.jwks.keys,bE)}(b?.[k5],this.#t)&&(this.#u=this.#z.uat,this.#y=k2(this.#z.jwks)))}pendingFetch(){return!!this.#v}coolingDown(){return"number"==typeof this.#u&&Date.now()<this.#u+this.#s}fresh(){return"number"==typeof this.#u&&Date.now()<this.#u+this.#t}jwks(){return this.#y?.jwks()}async getKey(a,b){this.#y&&this.fresh()||await this.reload();try{return await this.#y(a,b)}catch(c){if(c instanceof a$&&!1===this.coolingDown())return await this.reload(),this.#y(a,b);throw c}}async reload(){this.#v&&("u">typeof WebSocketPair||"u">typeof navigator&&"Cloudflare-Workers"===navigator.userAgent||"u">typeof EdgeRuntime&&"vercel"===EdgeRuntime)&&(this.#v=void 0),this.#v||=k4(this.#q.href,this.#w,AbortSignal.timeout(this.#r),this.#x).then(a=>{this.#y=k2(a),this.#z&&(this.#z.uat=Date.now(),this.#z.jwks=a),this.#u=Date.now(),this.#v=void 0}).catch(a=>{throw this.#v=void 0,a}),await this.#v}}async function k7({code:a,codeVerifier:b,redirectURI:c,options:d,authentication:e,deviceId:f,headers:g,additionalParams:h={},resource:i}){return k8({code:a,codeVerifier:b,redirectURI:c,options:d="function"==typeof d?await d():d,authentication:e,deviceId:f,headers:g,additionalParams:h,resource:i})}function k8({code:a,codeVerifier:b,redirectURI:c,options:d,authentication:e,deviceId:f,headers:g,additionalParams:h={},resource:i}){let j=new URLSearchParams,k={"content-type":"application/x-www-form-urlencoded",accept:"application/json",...g};if(j.set("grant_type","authorization_code"),j.set("code",a),b&&j.set("code_verifier",b),d.clientKey&&j.set("client_key",d.clientKey),f&&j.set("device_id",f),j.set("redirect_uri",d.redirectURI||c),i)if("string"==typeof i)j.append("resource",i);else for(let a of i)j.append("resource",a);if("basic"===e){let a=Array.isArray(d.clientId)?d.clientId[0]:d.clientId;k.authorization=`Basic ${hK.encode(`${a}:${d.clientSecret??""}`)}`}else{let a=Array.isArray(d.clientId)?d.clientId[0]:d.clientId;j.set("client_id",a),d.clientSecret&&j.set("client_secret",d.clientSecret)}for(let[a,b]of Object.entries(h))j.has(a)||j.append(a,b);return{body:j,headers:k}}async function k9({code:a,codeVerifier:b,redirectURI:c,options:d,tokenEndpoint:e,authentication:f,deviceId:g,headers:h,additionalParams:i={},resource:j}){let{body:k,headers:l}=await k7({code:a,codeVerifier:b,redirectURI:c,options:d,authentication:f,deviceId:g,headers:h,additionalParams:i,resource:j}),{data:m,error:n}=await kZ(e,{method:"POST",body:k,headers:l});if(n)throw n;return kA(m)}function la(a){let b,c;if("string"!=typeof a)throw new aX("JWTs must use Compact JWS serialization, JWT must be a string");let{1:d,length:e}=a.split(".");if(5===e)throw new aX("Only JWTs using Compact JWS serialization can be decoded");if(3!==e)throw new aX("Invalid JWT");if(!d)throw new aX("JWTs must contain a payload");try{b=aC(d)}catch{throw new aX("Failed to base64url decode the payload")}try{c=JSON.parse(aw.decode(b))}catch{throw new aX("Failed to parse the decoded payload as JSON")}if(!bE(c))throw new aX("Invalid JWT Claims Set");return c}async function lb(a){let b=new TextEncoder().encode(a);return Array.from(new Uint8Array(await crypto.subtle.digest("SHA-256",b))).map(a=>a.toString(16).padStart(2,"0")).join("")}async function lc(a,b){return"string"==typeof a&&(a===b||a===await lb(b))}let ld=async a=>{let{data:b}=await kZ("https://appleid.apple.com/auth/keys");if(!b?.keys)throw new y.APIError("BAD_REQUEST",{message:"Keys not found"});let c=b.keys.find(b=>b.kid===a);if(!c)throw Error(`JWK with kid ${a} not found`);return await bM(c,c.alg)},le=async(a,b,c)=>{let d=`https://cognito-idp.${b}.amazonaws.com/${c}/.well-known/jwks.json`;try{let{data:b}=await kZ(d);if(!b?.keys)throw new y.APIError("BAD_REQUEST",{message:"Keys not found"});let c=b.keys.find(b=>b.kid===a);if(!c)throw Error(`JWK with kid ${a} not found`);return await bM(c,c.alg)}catch(a){throw w.logger.error("Failed to fetch Cognito public key:",a),a}},lf=(a="")=>a.split("://").map(a=>a.replace(/\/{2,}/g,"/")).join("://"),lg=async a=>{let{data:b}=await kZ("https://www.googleapis.com/oauth2/v3/certs");if(!b?.keys)throw new y.APIError("BAD_REQUEST",{message:"Keys not found"});let c=b.keys.find(b=>b.kid===a);if(!c)throw Error(`JWK with kid ${a} not found`);return await bM(c,c.alg)},lh=async(a,b,c)=>{let{data:d}=await kZ(`${c}/${b}/discovery/v2.0/keys`);if(!d?.keys)throw new y.APIError("BAD_REQUEST",{message:"Keys not found"});let e=d.keys.find(b=>b.kid===a);if(!e)throw Error(`JWK with kid ${a} not found`);return await bM(e,e.alg)},li="https://backboard.railway.com/oauth/token",lj={apple:a=>{let b="https://appleid.apple.com/auth/token";return{id:"apple",name:"Apple",async createAuthorizationURL({state:b,scopes:c,redirectURI:d}){if(!kB(a.clientId)||!a.clientSecret)throw w.logger.error("Client ID and client secret are required for Apple. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");let e=a.disableDefaultScope?[]:["email","name"];return a.scope&&e.push(...a.scope),c&&e.push(...c),await kD({id:"apple",options:a,authorizationEndpoint:"https://appleid.apple.com/auth/authorize",scopes:e,state:b,redirectURI:d,responseMode:"form_post",responseType:"code id_token"})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);try{let{kid:d,alg:e}=cg(b);if(!d||!e)return!1;let{payload:f}=await cn(b,await ld(d),{algorithms:[e],issuer:"https://appleid.apple.com",audience:a.audience&&a.audience.length?a.audience:a.appBundleIdentifier?a.appBundleIdentifier:a.clientId,maxTokenAge:"1h"});if(["email_verified","is_private_email"].forEach(a=>{void 0!==f[a]&&(f[a]=!!f[a])}),c&&!await lc(f.nonce,c))return!1;return!!f}catch{return!1}},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:a,tokenEndpoint:b}),async getUserInfo(b){let c;if(a.getUserInfo)return a.getUserInfo(b);if(!b.idToken)return null;let d=la(b.idToken);if(!d)return null;c=b.user?.name?`${b.user.name.firstName||""} ${b.user.name.lastName||""}`.trim():d.name||"";let e="boolean"==typeof d.email_verified?d.email_verified:"true"===d.email_verified,f={...d,name:c},g=await a.mapProfileToUser?.(f);return{user:{id:d.sub,name:f.name,emailVerified:e,email:d.email,...g},data:f}},options:a}},atlassian:a=>{let b="https://auth.atlassian.com/oauth/token";return{id:"atlassian",name:"Atlassian",async createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){if(!a.clientId||!a.clientSecret)throw w.logger.error("Client Id and Secret are required for Atlassian"),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(!d)throw new y.BetterAuthError("codeVerifier is required for Atlassian");let f=a.disableDefaultScope?[]:["read:jira-user","offline_access"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"atlassian",options:a,authorizationEndpoint:"https://auth.atlassian.com/authorize",scopes:f,state:b,codeVerifier:d,redirectURI:e,additionalParams:{audience:"api.atlassian.com"},prompt:a.prompt})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.accessToken)return null;try{let{data:c}=await kZ("https://api.atlassian.com/me",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(!c)return null;let d=await a.mapProfileToUser?.(c);return{user:{id:c.account_id,name:c.name,email:c.email,image:c.picture,emailVerified:!1,...d},data:c}}catch(a){return w.logger.error("Failed to fetch user info from Figma:",a),null}},options:a}},cognito:a=>{if(!a.domain||!a.region||!a.userPoolId)throw w.logger.error("Domain, region and userPoolId are required for Amazon Cognito. Make sure to provide them in the options."),new y.BetterAuthError("DOMAIN_AND_REGION_REQUIRED");let b=a.domain.replace(/^https?:\/\//,""),c=`https://${b}/oauth2/authorize`,d=`https://${b}/oauth2/token`,e=`https://${b}/oauth2/userinfo`;return{id:"cognito",name:"Cognito",async createAuthorizationURL({state:b,scopes:d,codeVerifier:e,redirectURI:f}){if(!kB(a.clientId))throw w.logger.error("ClientId is required for Amazon Cognito. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(a.requireClientSecret&&!a.clientSecret)throw w.logger.error("Client Secret is required when requireClientSecret is true. Make sure to provide it in the options."),new y.BetterAuthError("CLIENT_SECRET_REQUIRED");let g=a.disableDefaultScope?[]:["openid","profile","email"];a.scope&&g.push(...a.scope),d&&g.push(...d);let h=await kD({id:"cognito",options:{...a},authorizationEndpoint:c,scopes:g,state:b,codeVerifier:e,redirectURI:f,prompt:a.prompt}),i=h.searchParams.get("scope");if(i){h.searchParams.delete("scope");let a=encodeURIComponent(i),b=h.toString(),c=b.includes("?")?"&":"?";return new URL(`${b}${c}scope=${a}`)}return h},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:e})=>k9({code:b,codeVerifier:c,redirectURI:e,options:a,tokenEndpoint:d}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:d}),async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);try{let{kid:d,alg:e}=cg(b);if(!d||!e)return!1;let f=await le(d,a.region,a.userPoolId),g=`https://cognito-idp.${a.region}.amazonaws.com/${a.userPoolId}`,{payload:h}=await cn(b,f,{algorithms:[e],issuer:g,audience:a.clientId,maxTokenAge:"1h"});if(c&&h.nonce!==c)return!1;return!0}catch(a){return w.logger.error("Failed to verify ID token:",a),!1}},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(b.idToken)try{let c=la(b.idToken);if(!c)return null;let d=c.name||c.given_name||c.username||"",e={...c,name:d},f=await a.mapProfileToUser?.(e);return{user:{id:c.sub,name:e.name,email:c.email,image:c.picture,emailVerified:c.email_verified,...f},data:e}}catch(a){w.logger.error("Failed to decode ID token:",a)}if(b.accessToken)try{let{data:c}=await kZ(e,{headers:{Authorization:`Bearer ${b.accessToken}`}});if(c){let b=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name||c.given_name||c.username||"",email:c.email,image:c.picture,emailVerified:c.email_verified,...b},data:c}}}catch(a){w.logger.error("Failed to fetch user info from Cognito:",a)}return null},options:a}},discord:a=>{let b="https://discord.com/api/oauth2/token";return{id:"discord",name:"Discord",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["identify","email"];c&&e.push(...c),a.scope&&e.push(...a.scope);let f=e.includes("bot")&&void 0!==a.permissions?`&permissions=${a.permissions}`:"";return new URL(`https://discord.com/api/oauth2/authorize?scope=${e.join("+")}&response_type=code&client_id=${a.clientId}&redirect_uri=${encodeURIComponent(a.redirectURI||d)}&state=${b}&prompt=${a.prompt||"none"}${f}`)},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://discord.com/api/users/@me",{headers:{authorization:`Bearer ${b.accessToken}`}});if(d)return null;if(null===c.avatar)c.image_url=`https://cdn.discordapp.com/embed/avatars/${"0"===c.discriminator?Number(BigInt(c.id)>>BigInt(22))%6:parseInt(c.discriminator)%5}.png`;else{let a=c.avatar.startsWith("a_")?"gif":"png";c.image_url=`https://cdn.discordapp.com/avatars/${c.id}/${c.avatar}.${a}`}let e=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.global_name||c.username||"",email:c.email,emailVerified:c.verified,image:c.image_url,...e},data:c}},options:a}},facebook:a=>({id:"facebook",name:"Facebook",async createAuthorizationURL({state:b,scopes:c,redirectURI:d,loginHint:e}){if(!kB(a.clientId)||!a.clientSecret)throw w.logger.error("Client ID and client secret are required for Facebook. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");let f=a.disableDefaultScope?[]:["email","public_profile"];return a.scope&&f.push(...a.scope),c&&f.push(...c),await kD({id:"facebook",options:a,authorizationEndpoint:"https://www.facebook.com/v24.0/dialog/oauth",scopes:f,state:b,redirectURI:d,loginHint:e,additionalParams:a.configId?{config_id:a.configId}:{}})},validateAuthorizationCode:async({code:b,redirectURI:c})=>k9({code:b,redirectURI:c,options:a,tokenEndpoint:"https://graph.facebook.com/v24.0/oauth/access_token"}),async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);if(3===b.split(".").length)try{var d;let e,f,{payload:g}=await cn(b,(d=new URL("https://limited.facebook.com/.well-known/oauth/openid/jwks/"),e=new k6(d,void 0),f=async(a,b)=>e.getKey(a,b),Object.defineProperties(f,{coolingDown:{get:()=>e.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>e.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>e.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>e.pendingFetch(),enumerable:!0,configurable:!1},jwks:{value:()=>e.jwks(),enumerable:!0,configurable:!1,writable:!1}}),f),{algorithms:["RS256"],audience:a.clientId,issuer:"https://www.facebook.com"});if(c&&g.nonce!==c)return!1;return!!g}catch{return!1}return!0},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:"https://graph.facebook.com/v24.0/oauth/access_token"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(b.idToken&&3===b.idToken.split(".").length){let c=la(b.idToken),d={id:c.sub,name:c.name,email:c.email,picture:{data:{url:c.picture,height:100,width:100,is_silhouette:!1}}},e=await a.mapProfileToUser?.({...d,email_verified:!1});return{user:{...d,emailVerified:!1,...e},data:c}}let{data:c,error:d}=await kZ("https://graph.facebook.com/me?fields="+["id","name","email","picture",...a?.fields||[]].join(","),{auth:{type:"Bearer",token:b.accessToken}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.name,email:c.email,image:c.picture.data.url,emailVerified:c.email_verified??!1,...e},data:c}},options:a}),figma:a=>{let b="https://api.figma.com/v1/oauth/token";return{id:"figma",name:"Figma",async createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){if(!a.clientId||!a.clientSecret)throw w.logger.error("Client Id and Client Secret are required for Figma. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(!d)throw new y.BetterAuthError("codeVerifier is required for Figma");let f=a.disableDefaultScope?[]:["current_user:read"];return a.scope&&f.push(...a.scope),c&&f.push(...c),await kD({id:"figma",options:a,authorizationEndpoint:"https://www.figma.com/oauth",scopes:f,state:b,codeVerifier:d,redirectURI:e})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b,authentication:"basic"}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b,authentication:"basic"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);try{let{data:c}=await kZ("https://api.figma.com/v1/me",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(!c)return w.logger.error("Failed to fetch user from Figma"),null;let d=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.handle,email:c.email,image:c.img_url,emailVerified:!1,...d},data:c}}catch(a){return w.logger.error("Failed to fetch user info from Figma:",a),null}},options:a}},github:a=>{let b="https://github.com/login/oauth/access_token";return{id:"github",name:"GitHub",createAuthorizationURL({state:b,scopes:c,loginHint:d,codeVerifier:e,redirectURI:f}){let g=a.disableDefaultScope?[]:["read:user","user:email"];return a.scope&&g.push(...a.scope),c&&g.push(...c),kD({id:"github",options:a,authorizationEndpoint:"https://github.com/login/oauth/authorize",scopes:g,state:b,codeVerifier:e,redirectURI:f,loginHint:d,prompt:a.prompt})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>{let{body:f,headers:g}=k8({code:c,codeVerifier:d,redirectURI:e,options:a}),{data:h,error:i}=await kZ(b,{method:"POST",body:f,headers:g});return i?(w.logger.error("GitHub OAuth token exchange failed:",i),null):"error"in h?(w.logger.error("GitHub OAuth token exchange failed:",h),null):kA(h)},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.github.com/user",{headers:{"User-Agent":"better-auth",authorization:`Bearer ${b.accessToken}`}});if(d)return null;let{data:e}=await kZ("https://api.github.com/user/emails",{headers:{Authorization:`Bearer ${b.accessToken}`,"User-Agent":"better-auth"}});!c.email&&e&&(c.email=(e.find(a=>a.primary)??e[0])?.email);let f=e?.find(a=>a.email===c.email)?.verified??!1,g=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.name||c.login||"",email:c.email,image:c.avatar_url,emailVerified:f,...g},data:c}},options:a}},microsoft:a=>{let b=a.tenantId||"common",c=a.authority||"https://login.microsoftonline.com",d=`${c}/${b}/oauth2/v2.0/authorize`,e=`${c}/${b}/oauth2/v2.0/token`;return{id:"microsoft",name:"Microsoft EntraID",createAuthorizationURL(b){if(!kB(a.clientId))throw w.logger.error("Client Id is required for Microsoft Entra ID. Make sure to provide it in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");let c=a.disableDefaultScope?[]:["openid","profile","email","User.Read","offline_access"];return a.scope&&c.push(...a.scope),b.scopes&&c.push(...b.scopes),kD({id:"microsoft",options:a,authorizationEndpoint:d,state:b.state,codeVerifier:b.codeVerifier,scopes:c,redirectURI:b.redirectURI,prompt:a.prompt,loginHint:b.loginHint})},validateAuthorizationCode:({code:b,codeVerifier:c,redirectURI:d})=>k9({code:b,codeVerifier:c,redirectURI:d,options:a,tokenEndpoint:e}),async verifyIdToken(d,e){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(d,e);try{let{kid:f,alg:g}=cg(d);if(!f||!g)return!1;let h=await lh(f,b,c),i={algorithms:[g],audience:a.clientId,maxTokenAge:"1h"};"common"!==b&&"organizations"!==b&&"consumers"!==b&&(i.issuer=`${c}/${b}/v2.0`);let{payload:j}=await cn(d,h,i);if(e&&j.nonce!==e)return!1;return!0}catch(a){return w.logger.error("Failed to verify ID token:",a),!1}},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.idToken)return null;let c=la(b.idToken),d=a.profilePhotoSize||48;await kZ(`https://graph.microsoft.com/v1.0/me/photos/${d}x${d}/$value`,{headers:{Authorization:`Bearer ${b.accessToken}`},async onResponse(b){if(!a.disableProfilePhoto&&b.response.ok)try{let a=await b.response.clone().arrayBuffer();c.picture=`data:image/jpeg;base64, ${hK.encode(a)}`}catch(a){w.logger.error(a&&"object"==typeof a&&"name"in a?a.name:"",a)}}});let e=await a.mapProfileToUser?.(c),f=void 0!==c.email_verified?c.email_verified:!!(c.email&&(c.verified_primary_email?.includes(c.email)||c.verified_secondary_email?.includes(c.email)));return{user:{id:c.sub,name:c.name,email:c.email,image:c.picture,emailVerified:f,...e},data:c}},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>{let c=a.disableDefaultScope?[]:["openid","profile","email","User.Read","offline_access"];return a.scope&&c.push(...a.scope),k$({refreshToken:b,options:{clientId:a.clientId,clientSecret:a.clientSecret},extraParams:{scope:c.join(" ")},tokenEndpoint:e})},options:a}},google:a=>({id:"google",name:"Google",async createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e,loginHint:f,display:g}){if(!kB(a.clientId)||!a.clientSecret)throw w.logger.error("Client Id and Client Secret is required for Google. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(!d)throw new y.BetterAuthError("codeVerifier is required for Google");let h=a.disableDefaultScope?[]:["email","profile","openid"];return a.scope&&h.push(...a.scope),c&&h.push(...c),await kD({id:"google",options:a,authorizationEndpoint:"https://accounts.google.com/o/oauth2/v2/auth",scopes:h,state:b,codeVerifier:d,redirectURI:e,prompt:a.prompt,accessType:a.accessType,display:g||a.display,loginHint:f,hd:a.hd,additionalParams:{include_granted_scopes:"true"}})},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:d})=>k9({code:b,codeVerifier:c,redirectURI:d,options:a,tokenEndpoint:"https://oauth2.googleapis.com/token"}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:"https://oauth2.googleapis.com/token"}),async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);try{let{kid:d,alg:e}=cg(b);if(!d||!e)return!1;let{payload:f}=await cn(b,await lg(d),{algorithms:[e],issuer:["https://accounts.google.com","accounts.google.com"],audience:a.clientId,maxTokenAge:"1h"});if(c&&f.nonce!==c)return!1;return!0}catch{return!1}},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.idToken)return null;let c=la(b.idToken),d=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name,email:c.email,image:c.picture,emailVerified:c.email_verified,...d},data:c}},options:a}),huggingface:a=>{let b="https://huggingface.co/oauth/token";return{id:"huggingface",name:"Hugging Face",createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["openid","profile","email"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"huggingface",options:a,authorizationEndpoint:"https://huggingface.co/oauth/authorize",scopes:f,state:b,codeVerifier:d,redirectURI:e})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://huggingface.co/oauth/userinfo",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name||c.preferred_username||"",email:c.email,image:c.picture,emailVerified:c.email_verified??!1,...e},data:c}},options:a}},slack:a=>{let b="https://slack.com/api/openid.connect.token";return{id:"slack",name:"Slack",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["openid","profile","email"];c&&e.push(...c),a.scope&&e.push(...a.scope);let f=new URL("https://slack.com/openid/connect/authorize");return f.searchParams.set("scope",e.join(" ")),f.searchParams.set("response_type","code"),f.searchParams.set("client_id",a.clientId),f.searchParams.set("redirect_uri",a.redirectURI||d),f.searchParams.set("state",b),f},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://slack.com/api/openid.connect.userInfo",{headers:{authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c["https://slack.com/user_id"],name:c.name||"",email:c.email,emailVerified:c.email_verified,image:c.picture||c["https://slack.com/user_image_512"],...e},data:c}},options:a}},spotify:a=>{let b="https://accounts.spotify.com/api/token";return{id:"spotify",name:"Spotify",createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["user-read-email"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"spotify",options:a,authorizationEndpoint:"https://accounts.spotify.com/authorize",scopes:f,state:b,codeVerifier:d,redirectURI:e})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.spotify.com/v1/me",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.display_name,email:c.email,image:c.images[0]?.url,emailVerified:!1,...e},data:c}},options:a}},twitch:a=>{let b="https://id.twitch.tv/oauth2/token";return{id:"twitch",name:"Twitch",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["user:read:email","openid"];return a.scope&&e.push(...a.scope),c&&e.push(...c),kD({id:"twitch",redirectURI:d,options:a,authorizationEndpoint:"https://id.twitch.tv/oauth2/authorize",scopes:e,state:b,claims:a.claims||["email","email_verified","preferred_username","picture"]})},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let c=b.idToken;if(!c)return w.logger.error("No idToken found in token"),null;let d=la(c),e=await a.mapProfileToUser?.(d);return{user:{id:d.sub,name:d.preferred_username,email:d.email,image:d.picture,emailVerified:d.email_verified,...e},data:d}},options:a}},twitter:a=>{let b="https://api.x.com/2/oauth2/token";return{id:"twitter",name:"Twitter",createAuthorizationURL(b){let c=a.disableDefaultScope?[]:["users.read","tweet.read","offline.access","users.email"];return a.scope&&c.push(...a.scope),b.scopes&&c.push(...b.scopes),kD({id:"twitter",options:a,authorizationEndpoint:"https://x.com/i/oauth2/authorize",scopes:c,state:b.state,codeVerifier:b.codeVerifier,redirectURI:b.redirectURI})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,authentication:"basic",redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},authentication:"basic",tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.x.com/2/users/me?user.fields=profile_image_url",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let{data:e,error:f}=await kZ("https://api.x.com/2/users/me?user.fields=confirmed_email",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}}),g=!1;!f&&e?.data?.confirmed_email&&(c.data.email=e.data.confirmed_email,g=!0);let h=await a.mapProfileToUser?.(c);return{user:{id:c.data.id,name:c.data.name,email:c.data.email||c.data.username||null,image:c.data.profile_image_url,emailVerified:g,...h},data:c}},options:a}},dropbox:a=>{let b="https://api.dropboxapi.com/oauth2/token";return{id:"dropbox",name:"Dropbox",createAuthorizationURL:async({state:b,scopes:c,codeVerifier:d,redirectURI:e})=>{let f=a.disableDefaultScope?[]:["account_info.read"];a.scope&&f.push(...a.scope),c&&f.push(...c);let g={};return a.accessType&&(g.token_access_type=a.accessType),await kD({id:"dropbox",options:a,authorizationEndpoint:"https://www.dropbox.com/oauth2/authorize",scopes:f,state:b,redirectURI:e,codeVerifier:d,additionalParams:g})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>await k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.dropboxapi.com/2/users/get_current_account",{method:"POST",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.account_id,name:c.name?.display_name,email:c.email,emailVerified:c.email_verified||!1,image:c.profile_photo_url,...e},data:c}},options:a}},kick:a=>({id:"kick",name:"Kick",createAuthorizationURL({state:b,scopes:c,redirectURI:d,codeVerifier:e}){let f=a.disableDefaultScope?[]:["user:read"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"kick",redirectURI:d,options:a,authorizationEndpoint:"https://id.kick.com/oauth/authorize",scopes:f,codeVerifier:e,state:b})},validateAuthorizationCode:async({code:b,redirectURI:c,codeVerifier:d})=>k9({code:b,redirectURI:c,options:a,tokenEndpoint:"https://id.kick.com/oauth/token",codeVerifier:d}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientSecret:a.clientSecret},tokenEndpoint:"https://id.kick.com/oauth/token"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.kick.com/public/v1/users",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=c.data[0],f=await a.mapProfileToUser?.(e);return{user:{id:e.user_id,name:e.name,email:e.email,image:e.profile_picture,emailVerified:!1,...f},data:e}},options:a}),linear:a=>{let b="https://api.linear.app/oauth/token";return{id:"linear",name:"Linear",createAuthorizationURL({state:b,scopes:c,loginHint:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["read"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"linear",options:a,authorizationEndpoint:"https://linear.app/oauth/authorize",scopes:f,state:b,redirectURI:e,loginHint:d})},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.linear.app/graphql",{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${b.accessToken}`},body:JSON.stringify({query:`
|
|
66
|
+
query {
|
|
67
|
+
viewer {
|
|
68
|
+
id
|
|
69
|
+
name
|
|
70
|
+
email
|
|
71
|
+
avatarUrl
|
|
72
|
+
active
|
|
73
|
+
createdAt
|
|
74
|
+
updatedAt
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
`})});if(d||!c?.data?.viewer)return null;let e=c.data.viewer,f=await a.mapProfileToUser?.(e);return{user:{id:c.data.viewer.id,name:c.data.viewer.name,email:c.data.viewer.email,image:c.data.viewer.avatarUrl,emailVerified:!1,...f},data:e}},options:a}},linkedin:a=>{let b="https://www.linkedin.com/oauth/v2/accessToken";return{id:"linkedin",name:"Linkedin",createAuthorizationURL:async({state:b,scopes:c,redirectURI:d,loginHint:e})=>{let f=a.disableDefaultScope?[]:["profile","email","openid"];return a.scope&&f.push(...a.scope),c&&f.push(...c),await kD({id:"linkedin",options:a,authorizationEndpoint:"https://www.linkedin.com/oauth/v2/authorization",scopes:f,state:b,loginHint:e,redirectURI:d})},validateAuthorizationCode:async({code:c,redirectURI:d})=>await k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.linkedin.com/v2/userinfo",{method:"GET",headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name,email:c.email,emailVerified:c.email_verified??!1,image:c.picture,...e},data:c}},options:a}},gitlab:a=>{let b,{authorizationEndpoint:c,tokenEndpoint:d,userinfoEndpoint:e}=(b=a.issuer||"https://gitlab.com",{authorizationEndpoint:lf(`${b}/oauth/authorize`),tokenEndpoint:lf(`${b}/oauth/token`),userinfoEndpoint:lf(`${b}/api/v4/user`)}),f="gitlab";return{id:f,name:"Gitlab",createAuthorizationURL:async({state:b,scopes:d,codeVerifier:e,loginHint:g,redirectURI:h})=>{let i=a.disableDefaultScope?[]:["read_user"];return a.scope&&i.push(...a.scope),d&&i.push(...d),await kD({id:f,options:a,authorizationEndpoint:c,scopes:i,state:b,redirectURI:h,codeVerifier:e,loginHint:g})},validateAuthorizationCode:async({code:b,redirectURI:c,codeVerifier:e})=>k9({code:b,redirectURI:c,options:a,codeVerifier:e,tokenEndpoint:d}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:d}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ(e,{headers:{authorization:`Bearer ${b.accessToken}`}});if(d||"active"!==c.state||c.locked)return null;let f=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.name??c.username??"",email:c.email,image:c.avatar_url,emailVerified:c.email_verified??!1,...f},data:c}},options:a}},tiktok:a=>{let b="https://open.tiktokapis.com/v2/oauth/token/";return{id:"tiktok",name:"TikTok",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["user.info.profile"];return a.scope&&e.push(...a.scope),c&&e.push(...c),new URL(`https://www.tiktok.com/v2/auth/authorize?scope=${e.join(",")}&response_type=code&client_key=${a.clientKey}&redirect_uri=${encodeURIComponent(a.redirectURI||d)}&state=${b}`)},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:a.redirectURI||d,options:{clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientSecret:a.clientSecret},tokenEndpoint:b,authentication:"post",extraParams:{client_key:a.clientKey}}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://open.tiktokapis.com/v2/user/info/?fields=open_id,avatar_large_url,display_name,username",{headers:{authorization:`Bearer ${b.accessToken}`}});return d?null:{user:{email:c.data.user.email||c.data.user.username,id:c.data.user.open_id,name:c.data.user.display_name||c.data.user.username||"",image:c.data.user.avatar_large_url,emailVerified:!1},data:c}},options:a}},reddit:a=>({id:"reddit",name:"Reddit",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["identity"];return a.scope&&e.push(...a.scope),c&&e.push(...c),kD({id:"reddit",options:a,authorizationEndpoint:"https://www.reddit.com/api/v1/authorize",scopes:e,state:b,redirectURI:d,duration:a.duration})},validateAuthorizationCode:async({code:b,redirectURI:c})=>{let d=new URLSearchParams({grant_type:"authorization_code",code:b,redirect_uri:a.redirectURI||c}),{data:e,error:f}=await kZ("https://www.reddit.com/api/v1/access_token",{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded",accept:"text/plain","user-agent":"better-auth",Authorization:`Basic ${hK.encode(`${a.clientId}:${a.clientSecret}`)}`},body:d.toString()});if(f)throw f;return kA(e)},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},authentication:"basic",tokenEndpoint:"https://www.reddit.com/api/v1/access_token"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://oauth.reddit.com/api/v1/me",{headers:{Authorization:`Bearer ${b.accessToken}`,"User-Agent":"better-auth"}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.name,email:c.oauth_client_id,emailVerified:c.has_verified_email,image:c.icon_img?.split("?")[0],...e},data:c}},options:a}),roblox:a=>{let b="https://apis.roblox.com/oauth/v1/token";return{id:"roblox",name:"Roblox",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["openid","profile"];return a.scope&&e.push(...a.scope),c&&e.push(...c),new URL(`https://apis.roblox.com/oauth/v1/authorize?scope=${e.join("+")}&response_type=code&client_id=${a.clientId}&redirect_uri=${encodeURIComponent(a.redirectURI||d)}&state=${b}&prompt=${a.prompt||"select_account consent"}`)},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:a.redirectURI||d,options:a,tokenEndpoint:b,authentication:"post"}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://apis.roblox.com/oauth/v1/userinfo",{headers:{authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.nickname||c.preferred_username||"",image:c.picture,email:c.preferred_username||null,emailVerified:!1,...e},data:{...c}}},options:a}},salesforce:a=>{let b=(a.environment??"production")==="sandbox",c=a.loginUrl?`https://${a.loginUrl}/services/oauth2/authorize`:b?"https://test.salesforce.com/services/oauth2/authorize":"https://login.salesforce.com/services/oauth2/authorize",d=a.loginUrl?`https://${a.loginUrl}/services/oauth2/token`:b?"https://test.salesforce.com/services/oauth2/token":"https://login.salesforce.com/services/oauth2/token",e=a.loginUrl?`https://${a.loginUrl}/services/oauth2/userinfo`:b?"https://test.salesforce.com/services/oauth2/userinfo":"https://login.salesforce.com/services/oauth2/userinfo";return{id:"salesforce",name:"Salesforce",async createAuthorizationURL({state:b,scopes:d,codeVerifier:e,redirectURI:f}){if(!a.clientId||!a.clientSecret)throw w.logger.error("Client Id and Client Secret are required for Salesforce. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(!e)throw new y.BetterAuthError("codeVerifier is required for Salesforce");let g=a.disableDefaultScope?[]:["openid","email","profile"];return a.scope&&g.push(...a.scope),d&&g.push(...d),kD({id:"salesforce",options:a,authorizationEndpoint:c,scopes:g,state:b,codeVerifier:e,redirectURI:a.redirectURI||f})},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:e})=>k9({code:b,codeVerifier:c,redirectURI:a.redirectURI||e,options:a,tokenEndpoint:d}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientSecret:a.clientSecret},tokenEndpoint:d}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);try{let{data:c}=await kZ(e,{headers:{Authorization:`Bearer ${b.accessToken}`}});if(!c)return w.logger.error("Failed to fetch user info from Salesforce"),null;let d=await a.mapProfileToUser?.(c);return{user:{id:c.user_id,name:c.name,email:c.email,image:c.photos?.picture||c.photos?.thumbnail,emailVerified:c.email_verified??!1,...d},data:c}}catch(a){return w.logger.error("Failed to fetch user info from Salesforce:",a),null}},options:a}},vk:a=>{let b="https://id.vk.com/oauth2/auth";return{id:"vk",name:"VK",async createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["email","phone"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"vk",options:a,authorizationEndpoint:"https://id.vk.com/authorize",scopes:f,state:b,redirectURI:e,codeVerifier:d})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e,deviceId:f})=>k9({code:c,codeVerifier:d,redirectURI:a.redirectURI||e,options:a,deviceId:f,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.accessToken)return null;let c=new URLSearchParams({access_token:b.accessToken,client_id:a.clientId}).toString(),{data:d,error:e}=await kZ("https://id.vk.com/oauth2/user_info",{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:c});if(e)return null;let f=await a.mapProfileToUser?.(d);return d.user.email||f?.email?{user:{id:d.user.user_id,first_name:d.user.first_name,last_name:d.user.last_name,email:d.user.email,image:d.user.avatar,emailVerified:!1,birthday:d.user.birthday,sex:d.user.sex,name:`${d.user.first_name} ${d.user.last_name}`,...f},data:d}:null},options:a}},zoom:a=>{let b={pkce:!0,...a};return{id:"zoom",name:"Zoom",createAuthorizationURL:async({state:a,redirectURI:c,codeVerifier:d})=>{let e=new URLSearchParams({response_type:"code",redirect_uri:b.redirectURI?b.redirectURI:c,client_id:b.clientId,state:a});if(b.pkce){let a=await kC(d);e.set("code_challenge_method","S256"),e.set("code_challenge",a)}let f=new URL("https://zoom.us/oauth/authorize");return f.search=e.toString(),f},validateAuthorizationCode:async({code:a,redirectURI:c,codeVerifier:d})=>k9({code:a,redirectURI:b.redirectURI||c,codeVerifier:d,options:b,tokenEndpoint:"https://zoom.us/oauth/token",authentication:"post"}),refreshAccessToken:b.refreshAccessToken?b.refreshAccessToken:async a=>k$({refreshToken:a,options:{clientId:b.clientId,clientKey:b.clientKey,clientSecret:b.clientSecret},tokenEndpoint:"https://zoom.us/oauth/token"}),async getUserInfo(a){if(b.getUserInfo)return b.getUserInfo(a);let{data:c,error:d}=await kZ("https://api.zoom.us/v2/users/me",{headers:{authorization:`Bearer ${a.accessToken}`}});if(d)return null;let e=await b.mapProfileToUser?.(c);return{user:{id:c.id,name:c.display_name,image:c.pic_url,email:c.email,emailVerified:!!c.verified,...e},data:{...c}}}}},notion:a=>{let b="https://api.notion.com/v1/oauth/token";return{id:"notion",name:"Notion",createAuthorizationURL({state:b,scopes:c,loginHint:d,redirectURI:e}){let f=(a.disableDefaultScope,[]);return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"notion",options:a,authorizationEndpoint:"https://api.notion.com/v1/oauth/authorize",scopes:f,state:b,redirectURI:e,loginHint:d,additionalParams:{owner:"user"}})},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b,authentication:"basic"}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.notion.com/v1/users/me",{headers:{Authorization:`Bearer ${b.accessToken}`,"Notion-Version":"2022-06-28"}});if(d||!c)return null;let e=c.bot?.owner?.user;if(!e)return null;let f=await a.mapProfileToUser?.(e);return{user:{id:e.id,name:e.name||"",email:e.person?.email||null,image:e.avatar_url,emailVerified:!1,...f},data:e}},options:a}},kakao:a=>{let b="https://kauth.kakao.com/oauth/token";return{id:"kakao",name:"Kakao",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["account_email","profile_image","profile_nickname"];return a.scope&&e.push(...a.scope),c&&e.push(...c),kD({id:"kakao",options:a,authorizationEndpoint:"https://kauth.kakao.com/oauth/authorize",scopes:e,state:b,redirectURI:d})},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://kapi.kakao.com/v2/user/me",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(d||!c)return null;let e=await a.mapProfileToUser?.(c),f=c.kakao_account||{},g=f.profile||{};return{user:{id:String(c.id),name:g.nickname||f.name||"",email:f.email,image:g.profile_image_url||g.thumbnail_image_url,emailVerified:!!f.is_email_valid&&!!f.is_email_verified,...e},data:c}},options:a}},naver:a=>{let b="https://nid.naver.com/oauth2.0/token";return{id:"naver",name:"Naver",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["profile","email"];return a.scope&&e.push(...a.scope),c&&e.push(...c),kD({id:"naver",options:a,authorizationEndpoint:"https://nid.naver.com/oauth2.0/authorize",scopes:e,state:b,redirectURI:d})},validateAuthorizationCode:async({code:c,redirectURI:d})=>k9({code:c,redirectURI:d,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://openapi.naver.com/v1/nid/me",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(d||!c||"00"!==c.resultcode)return null;let e=await a.mapProfileToUser?.(c),f=c.response||{};return{user:{id:f.id,name:f.name||f.nickname||"",email:f.email,image:f.profile_image,emailVerified:!1,...e},data:c}},options:a}},line:a=>{let b="https://api.line.me/oauth2/v2.1/token";return{id:"line",name:"LINE",async createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e,loginHint:f}){let g=a.disableDefaultScope?[]:["openid","profile","email"];return a.scope&&g.push(...a.scope),c&&g.push(...c),await kD({id:"line",options:a,authorizationEndpoint:"https://access.line.me/oauth2/v2.1/authorize",scopes:g,state:b,codeVerifier:d,redirectURI:e,loginHint:f})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientSecret:a.clientSecret},tokenEndpoint:b}),async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);let d=new URLSearchParams;d.set("id_token",b),d.set("client_id",a.clientId),c&&d.set("nonce",c);let{data:e,error:f}=await kZ("https://api.line.me/oauth2/v2.1/verify",{method:"POST",headers:{"content-type":"application/x-www-form-urlencoded"},body:d});return!f&&!!e&&e.aud===a.clientId&&(!e.nonce||e.nonce===c)},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let c=null;if(b.idToken)try{c=la(b.idToken)}catch{}if(!c){let{data:a}=await kZ("https://api.line.me/oauth2/v2.1/userinfo",{headers:{authorization:`Bearer ${b.accessToken}`}});c=a||null}if(!c)return null;let d=await a.mapProfileToUser?.(c),e=c.sub||c.userId,f=c.name||c.displayName||"",g=c.picture||c.pictureUrl||void 0;return{user:{id:e,name:f,email:c.email,image:g,emailVerified:!1,...d},data:c}},options:a}},paybin:a=>{let b=a.issuer||"https://idp.paybin.io",c=`${b}/oauth2/authorize`,d=`${b}/oauth2/token`;return{id:"paybin",name:"Paybin",async createAuthorizationURL({state:b,scopes:d,codeVerifier:e,redirectURI:f,loginHint:g}){if(!a.clientId||!a.clientSecret)throw w.logger.error("Client Id and Client Secret is required for Paybin. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");if(!e)throw new y.BetterAuthError("codeVerifier is required for Paybin");let h=a.disableDefaultScope?[]:["openid","email","profile"];return a.scope&&h.push(...a.scope),d&&h.push(...d),await kD({id:"paybin",options:a,authorizationEndpoint:c,scopes:h,state:b,codeVerifier:e,redirectURI:f,prompt:a.prompt,loginHint:g})},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:e})=>k9({code:b,codeVerifier:c,redirectURI:e,options:a,tokenEndpoint:d}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:d}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.idToken)return null;let c=la(b.idToken),d=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name||c.preferred_username||"",email:c.email,image:c.picture,emailVerified:c.email_verified||!1,...d},data:c}},options:a}},paypal:a=>{let b="sandbox"===(a.environment||"sandbox"),c=b?"https://www.sandbox.paypal.com/signin/authorize":"https://www.paypal.com/signin/authorize",d=b?"https://api-m.sandbox.paypal.com/v1/oauth2/token":"https://api-m.paypal.com/v1/oauth2/token",e=b?"https://api-m.sandbox.paypal.com/v1/identity/oauth2/userinfo":"https://api-m.paypal.com/v1/identity/oauth2/userinfo";return{id:"paypal",name:"PayPal",async createAuthorizationURL({state:b,codeVerifier:d,redirectURI:e}){if(!a.clientId||!a.clientSecret)throw w.logger.error("Client Id and Client Secret is required for PayPal. Make sure to provide them in the options."),new y.BetterAuthError("CLIENT_ID_AND_SECRET_REQUIRED");return await kD({id:"paypal",options:a,authorizationEndpoint:c,scopes:[],state:b,codeVerifier:d,redirectURI:e,prompt:a.prompt})},validateAuthorizationCode:async({code:b,redirectURI:c})=>{let e=hK.encode(`${a.clientId}:${a.clientSecret}`);try{let a=await kZ(d,{method:"POST",headers:{Authorization:`Basic ${e}`,Accept:"application/json","Accept-Language":"en_US","Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"authorization_code",code:b,redirect_uri:c}).toString()});if(!a.data)throw new y.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN");let f=a.data;return{accessToken:f.access_token,refreshToken:f.refresh_token,accessTokenExpiresAt:f.expires_in?new Date(Date.now()+1e3*f.expires_in):void 0,idToken:f.id_token}}catch(a){throw w.logger.error("PayPal token exchange failed:",a),new y.BetterAuthError("FAILED_TO_GET_ACCESS_TOKEN")}},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>{let c=hK.encode(`${a.clientId}:${a.clientSecret}`);try{let a=await kZ(d,{method:"POST",headers:{Authorization:`Basic ${c}`,Accept:"application/json","Accept-Language":"en_US","Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"refresh_token",refresh_token:b}).toString()});if(!a.data)throw new y.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN");let e=a.data;return{accessToken:e.access_token,refreshToken:e.refresh_token,accessTokenExpiresAt:e.expires_in?new Date(Date.now()+1e3*e.expires_in):void 0}}catch(a){throw w.logger.error("PayPal token refresh failed:",a),new y.BetterAuthError("FAILED_TO_REFRESH_ACCESS_TOKEN")}},async verifyIdToken(b,c){if(a.disableIdTokenSignIn)return!1;if(a.verifyIdToken)return a.verifyIdToken(b,c);try{return!!la(b).sub}catch(a){return w.logger.error("Failed to verify PayPal ID token:",a),!1}},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);if(!b.accessToken)return w.logger.error("Access token is required to fetch PayPal user info"),null;try{let c=await kZ(`${e}?schema=paypalv1.1`,{headers:{Authorization:`Bearer ${b.accessToken}`,Accept:"application/json"}});if(!c.data)return w.logger.error("Failed to fetch user info from PayPal"),null;let d=c.data,f=await a.mapProfileToUser?.(d);return{user:{id:d.user_id,name:d.name,email:d.email,image:d.picture,emailVerified:d.email_verified,...f},data:d}}catch(a){return w.logger.error("Failed to fetch user info from PayPal:",a),null}},options:a}},polar:a=>{let b="https://api.polar.sh/v1/oauth2/token";return{id:"polar",name:"Polar",createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["openid","profile","email"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"polar",options:a,authorizationEndpoint:"https://polar.sh/oauth2/authorize",scopes:f,state:b,codeVerifier:d,redirectURI:e,prompt:a.prompt})},validateAuthorizationCode:async({code:c,codeVerifier:d,redirectURI:e})=>k9({code:c,codeVerifier:d,redirectURI:e,options:a,tokenEndpoint:b}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async c=>k$({refreshToken:c,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:b}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.polar.sh/v1/oauth2/userinfo",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(d)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.id,name:c.public_name||c.username||"",email:c.email,image:c.avatar_url,emailVerified:c.email_verified??!1,...e},data:c}},options:a}},railway:a=>({id:"railway",name:"Railway",createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f=a.disableDefaultScope?[]:["openid","email","profile"];return a.scope&&f.push(...a.scope),c&&f.push(...c),kD({id:"railway",options:a,authorizationEndpoint:"https://backboard.railway.com/oauth/auth",scopes:f,state:b,codeVerifier:d,redirectURI:e})},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:d})=>k9({code:b,codeVerifier:c,redirectURI:d,options:a,tokenEndpoint:li,authentication:"basic"}),refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>k$({refreshToken:b,options:{clientId:a.clientId,clientKey:a.clientKey,clientSecret:a.clientSecret},tokenEndpoint:li,authentication:"basic"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://backboard.railway.com/oauth/me",{headers:{authorization:`Bearer ${b.accessToken}`}});if(d||!c)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name,email:c.email,image:c.picture,emailVerified:!1,...e},data:c}},options:a}),vercel:a=>({id:"vercel",name:"Vercel",createAuthorizationURL({state:b,scopes:c,codeVerifier:d,redirectURI:e}){let f;if(!d)throw new y.BetterAuthError("codeVerifier is required for Vercel");return(void 0!==a.scope||void 0!==c)&&(f=[],a.scope&&f.push(...a.scope),c&&f.push(...c)),kD({id:"vercel",options:a,authorizationEndpoint:"https://vercel.com/oauth/authorize",scopes:f,state:b,codeVerifier:d,redirectURI:e})},validateAuthorizationCode:async({code:b,codeVerifier:c,redirectURI:d})=>k9({code:b,codeVerifier:c,redirectURI:d,options:a,tokenEndpoint:"https://api.vercel.com/login/oauth/token"}),async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let{data:c,error:d}=await kZ("https://api.vercel.com/login/oauth/userinfo",{headers:{Authorization:`Bearer ${b.accessToken}`}});if(d||!c)return null;let e=await a.mapProfileToUser?.(c);return{user:{id:c.sub,name:c.name??c.preferred_username??"",email:c.email,image:c.picture,emailVerified:c.email_verified??!1,...e},data:c}},options:a}),wechat:a=>({id:"wechat",name:"WeChat",createAuthorizationURL({state:b,scopes:c,redirectURI:d}){let e=a.disableDefaultScope?[]:["snsapi_login"];a.scope&&e.push(...a.scope),c&&e.push(...c);let f=new URL("https://open.weixin.qq.com/connect/qrconnect");return f.searchParams.set("scope",e.join(",")),f.searchParams.set("response_type","code"),f.searchParams.set("appid",a.clientId),f.searchParams.set("redirect_uri",a.redirectURI||d),f.searchParams.set("state",b),f.searchParams.set("lang",a.lang||"cn"),f.hash="wechat_redirect",f},validateAuthorizationCode:async({code:b})=>{let{data:c,error:d}=await kZ("https://api.weixin.qq.com/sns/oauth2/access_token?"+new URLSearchParams({appid:a.clientId,secret:a.clientSecret,code:b,grant_type:"authorization_code"}).toString(),{method:"GET"});if(d||!c||c.errcode)throw Error(`Failed to validate authorization code: ${c?.errmsg||d?.message||"Unknown error"}`);return{tokenType:"Bearer",accessToken:c.access_token,refreshToken:c.refresh_token,accessTokenExpiresAt:new Date(Date.now()+1e3*c.expires_in),scopes:c.scope.split(","),openid:c.openid,unionid:c.unionid}},refreshAccessToken:a.refreshAccessToken?a.refreshAccessToken:async b=>{let{data:c,error:d}=await kZ("https://api.weixin.qq.com/sns/oauth2/refresh_token?"+new URLSearchParams({appid:a.clientId,grant_type:"refresh_token",refresh_token:b}).toString(),{method:"GET"});if(d||!c||c.errcode)throw Error(`Failed to refresh access token: ${c?.errmsg||d?.message||"Unknown error"}`);return{tokenType:"Bearer",accessToken:c.access_token,refreshToken:c.refresh_token,accessTokenExpiresAt:new Date(Date.now()+1e3*c.expires_in),scopes:c.scope.split(",")}},async getUserInfo(b){if(a.getUserInfo)return a.getUserInfo(b);let c=b.openid;if(!c)return null;let{data:d,error:e}=await kZ("https://api.weixin.qq.com/sns/userinfo?"+new URLSearchParams({access_token:b.accessToken||"",openid:c,lang:"zh_CN"}).toString(),{method:"GET"});if(e||!d||d.errcode)return null;let f=await a.mapProfileToUser?.(d);return{user:{id:d.unionid||d.openid||c,name:d.nickname,email:d.email||null,image:d.headimgurl,emailVerified:!1,...f},data:d}},options:a})},lk=hi(Object.keys(lj)).or(gD()),ll=jg("/list-accounts",{method:"GET",use:[jH],metadata:{openapi:{operationId:"listUserAccounts",description:"List all accounts linked to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{type:"object",properties:{id:{type:"string"},providerId:{type:"string"},createdAt:{type:"string",format:"date-time"},updatedAt:{type:"string",format:"date-time"},accountId:{type:"string"},userId:{type:"string"},scopes:{type:"array",items:{type:"string"}}},required:["id","providerId","createdAt","updatedAt","accountId","userId","scopes"]}}}}}}}}},async a=>{let b=a.context.session,c=await a.context.internalAdapter.findAccounts(b.user.id);return a.json(c.map(b=>{let{scope:c,...d}=function(a,b){let{accessToken:c,refreshToken:d,idToken:e,accessTokenExpiresAt:f,refreshTokenExpiresAt:g,password:h,...i}=cy(b,cA(a,"account","output"));return i}(a.context.options,b);return{...d,scopes:c?.split(",")||[]}}))}),lm=jg("/link-social",{method:"POST",requireHeaders:!0,body:hc({callbackURL:gD().meta({description:"The URL to redirect to after the user has signed in"}).optional(),provider:lk,idToken:hc({token:gD(),nonce:gD().optional(),accessToken:gD().optional(),refreshToken:gD().optional(),scopes:ha(gD()).optional()}).optional(),requestSignUp:g1().optional(),scopes:ha(gD()).meta({description:"Additional scopes to request from the provider"}).optional(),errorCallbackURL:gD().meta({description:"The URL to redirect to if there is an error during the link process"}).optional(),disableRedirect:g1().meta({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),additionalData:hg(gD(),g4()).optional()}),use:[jH],metadata:{openapi:{description:"Link a social account to the user",operationId:"linkSocialAccount",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{url:{type:"string",description:"The authorization URL to redirect the user to"},redirect:{type:"boolean",description:"Indicates if the user should be redirected to the authorization URL"},status:{type:"boolean"}},required:["redirect"]}}}}}}}},async a=>{let b=a.context.session,c=await iE(a.context.socialProviders,{value:a.body.provider});if(!c)throw a.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:a.body.provider}),y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.PROVIDER_NOT_FOUND);if(a.body.idToken){if(!c.verifyIdToken)throw a.context.logger.error("Provider does not support id token verification",{provider:a.body.provider}),y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED);let{token:d,nonce:e}=a.body.idToken;if(!await c.verifyIdToken(d,e))throw a.context.logger.error("Invalid id token",{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_TOKEN);let f=await c.getUserInfo({idToken:d,accessToken:a.body.idToken.accessToken,refreshToken:a.body.idToken.refreshToken});if(!f||!f?.user)throw a.context.logger.error("Failed to get user info",{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.FAILED_TO_GET_USER_INFO);let g=String(f.user.id);if(!f.user.email)throw a.context.logger.error(jO(a.body.provider,{source:"id_token"}),{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.USER_EMAIL_NOT_FOUND);if((await a.context.internalAdapter.findAccounts(b.user.id)).find(a=>a.providerId===c.id&&a.accountId===g))return a.json({url:"",status:!0,redirect:!1});if(!a.context.trustedProviders.includes(c.id)&&!f.user.emailVerified||a.context.options.account?.accountLinking?.enabled===!1)throw y.APIError.from("UNAUTHORIZED",{message:"Account not linked - linking not allowed",code:"LINKING_NOT_ALLOWED"});if(f.user.email?.toLowerCase()!==b.user.email.toLowerCase()&&a.context.options.account?.accountLinking?.allowDifferentEmails!==!0)throw y.APIError.from("UNAUTHORIZED",{message:"Account not linked - different emails not allowed",code:"LINKING_DIFFERENT_EMAILS_NOT_ALLOWED"});try{await a.context.internalAdapter.createAccount({userId:b.user.id,providerId:c.id,accountId:g,accessToken:a.body.idToken.accessToken,idToken:d,refreshToken:a.body.idToken.refreshToken,scope:a.body.idToken.scopes?.join(",")})}catch(a){throw y.APIError.from("EXPECTATION_FAILED",{message:"Account not linked - unable to create account",code:"LINKING_FAILED"})}if(a.context.options.account?.accountLinking?.updateUserInfoOnLink===!0)try{await a.context.internalAdapter.updateUser(b.user.id,{name:f.user?.name,image:f.user?.image})}catch(a){console.warn("Could not update user - "+a.toString())}return a.json({url:"",status:!0,redirect:!1})}let d=await kw(a,{userId:b.user.id,email:b.user.email},a.body.additionalData),e=await c.createAuthorizationURL({state:d.state,codeVerifier:d.codeVerifier,redirectURI:`${a.context.baseURL}/callback/${c.id}`,scopes:a.body.scopes});return a.body.disableRedirect||a.setHeader("Location",e.toString()),a.json({url:e.toString(),redirect:!a.body.disableRedirect})}),ln=jg("/unlink-account",{method:"POST",body:hc({providerId:gD(),accountId:gD().optional()}),use:[jJ],metadata:{openapi:{description:"Unlink an account",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async a=>{let{providerId:b,accountId:c}=a.body,d=await a.context.internalAdapter.findAccounts(a.context.session.user.id);if(1===d.length&&!a.context.options.account?.accountLinking?.allowUnlinkingAll)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.FAILED_TO_UNLINK_LAST_ACCOUNT);let e=d.find(a=>c?a.accountId===c&&a.providerId===b:a.providerId===b);if(!e)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);return await a.context.internalAdapter.deleteAccount(e.id),a.json({status:!0})}),lo=jg("/get-access-token",{method:"POST",body:hc({providerId:gD().meta({description:"The provider ID for the OAuth provider"}),accountId:gD().meta({description:"The account ID associated with the refresh token"}).optional(),userId:gD().meta({description:"The user ID associated with the account"}).optional()}),metadata:{openapi:{description:"Get a valid access token, doing a refresh if needed",responses:{200:{description:"A Valid access token",content:{"application/json":{schema:{type:"object",properties:{tokenType:{type:"string"},idToken:{type:"string"},accessToken:{type:"string"},accessTokenExpiresAt:{type:"string",format:"date-time"}}}}}},400:{description:"Invalid refresh token or provider configuration"}}}}},async a=>{let b,{providerId:c,accountId:d,userId:e}=a.body||{},f=a.request,g=await jG(a);if(f&&!g)throw a.error("UNAUTHORIZED");let h=g?.user?.id||e;if(!h)throw a.error("UNAUTHORIZED");let i=await iE(a.context.socialProviders,{value:c});if(!i)throw y.APIError.from("BAD_REQUEST",{message:`Provider ${c} is not supported.`,code:"PROVIDER_NOT_SUPPORTED"});let j=await hF(a);if(!(b=j&&j.userId===h&&c===j.providerId&&(!d||j.accountId===d)?j:(await a.context.internalAdapter.findAccounts(h)).find(a=>d?a.accountId===d&&a.providerId===c:a.providerId===c)))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);try{let c=null,d=b.accessTokenExpiresAt&&new Date(b.accessTokenExpiresAt).getTime()-Date.now()<5e3;if(b.refreshToken&&d&&i.refreshAccessToken){let d=await ky(b.refreshToken,a.context);c=await i.refreshAccessToken(d);let e={accessToken:await kz(c?.accessToken,a.context),accessTokenExpiresAt:c?.accessTokenExpiresAt,refreshToken:c?.refreshToken?await kz(c.refreshToken,a.context):b.refreshToken,refreshTokenExpiresAt:c?.refreshTokenExpiresAt??b.refreshTokenExpiresAt,idToken:c?.idToken||b.idToken},f=null;b.id&&(f=await a.context.internalAdapter.updateAccount(b.id,e)),a.context.options.account?.storeAccountCookie&&await hE(a,{...b,...f??e})}let e=c?.accessTokenExpiresAt?"string"==typeof c.accessTokenExpiresAt?new Date(c.accessTokenExpiresAt):c.accessTokenExpiresAt:b.accessTokenExpiresAt?"string"==typeof b.accessTokenExpiresAt?new Date(b.accessTokenExpiresAt):b.accessTokenExpiresAt:void 0,f={accessToken:c?.accessToken??await ky(b.accessToken??"",a.context),accessTokenExpiresAt:e,scopes:b.scope?.split(",")??[],idToken:c?.idToken??b.idToken??void 0};return a.json(f)}catch(a){throw y.APIError.from("BAD_REQUEST",{message:"Failed to get a valid access token",code:"FAILED_TO_GET_ACCESS_TOKEN"})}}),lp=jg("/refresh-token",{method:"POST",body:hc({providerId:gD().meta({description:"The provider ID for the OAuth provider"}),accountId:gD().meta({description:"The account ID associated with the refresh token"}).optional(),userId:gD().meta({description:"The user ID associated with the account"}).optional()}),metadata:{openapi:{description:"Refresh the access token using a refresh token",responses:{200:{description:"Access token refreshed successfully",content:{"application/json":{schema:{type:"object",properties:{tokenType:{type:"string"},idToken:{type:"string"},accessToken:{type:"string"},refreshToken:{type:"string"},accessTokenExpiresAt:{type:"string",format:"date-time"},refreshTokenExpiresAt:{type:"string",format:"date-time"}}}}}},400:{description:"Invalid refresh token or provider configuration"}}}}},async a=>{let b,c,{providerId:d,accountId:e,userId:f}=a.body,g=a.request,h=await jG(a);if(g&&!h)throw a.error("UNAUTHORIZED");let i=h?.user?.id||f;if(!i)throw y.APIError.from("BAD_REQUEST",{message:"Either userId or session is required",code:"USER_ID_OR_SESSION_REQUIRED"});let j=await iE(a.context.socialProviders,{value:d});if(!j)throw y.APIError.from("BAD_REQUEST",{message:`Provider ${d} is not supported.`,code:"PROVIDER_NOT_SUPPORTED"});if(!j.refreshAccessToken)throw y.APIError.from("BAD_REQUEST",{message:`Provider ${d} does not support token refreshing.`,code:"TOKEN_REFRESH_NOT_SUPPORTED"});let k=await hF(a);if(!(b=k&&k.userId===i&&(!d||d===k?.providerId)?k:(await a.context.internalAdapter.findAccounts(i)).find(a=>e?a.accountId===e&&a.providerId===d:a.providerId===d)))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);if(!(c=k&&d===k.providerId?k.refreshToken??void 0:b.refreshToken??void 0))throw y.APIError.from("BAD_REQUEST",{message:"Refresh token not found",code:"REFRESH_TOKEN_NOT_FOUND"});try{let e=await ky(c,a.context),f=await j.refreshAccessToken(e),g=f.refreshToken?await kz(f.refreshToken,a.context):c,h=f.refreshTokenExpiresAt??b.refreshTokenExpiresAt;if(b.id){let c={...b||{},accessToken:await kz(f.accessToken,a.context),refreshToken:g,accessTokenExpiresAt:f.accessTokenExpiresAt,refreshTokenExpiresAt:h,scope:f.scopes?.join(",")||b.scope,idToken:f.idToken||b.idToken};await a.context.internalAdapter.updateAccount(b.id,c)}return k&&d===k.providerId&&a.context.options.account?.storeAccountCookie&&await hE(a,{...k,accessToken:await kz(f.accessToken,a.context),refreshToken:g,accessTokenExpiresAt:f.accessTokenExpiresAt,refreshTokenExpiresAt:h,scope:f.scopes?.join(",")||k.scope,idToken:f.idToken||k.idToken}),a.json({accessToken:f.accessToken,refreshToken:f.refreshToken??e,accessTokenExpiresAt:f.accessTokenExpiresAt,refreshTokenExpiresAt:h,scope:f.scopes?.join(",")||b.scope,idToken:f.idToken||b.idToken,providerId:b.providerId,accountId:b.accountId})}catch(a){throw y.APIError.from("BAD_REQUEST",{message:"Failed to refresh access token",code:"FAILED_TO_REFRESH_ACCESS_TOKEN"})}}),lq=jg("/account-info",{method:"GET",use:[jH],metadata:{openapi:{description:"Get the account info provided by the provider",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object",properties:{id:{type:"string"},name:{type:"string"},email:{type:"string"},image:{type:"string"},emailVerified:{type:"boolean"}},required:["id","emailVerified"]},data:{type:"object",properties:{},additionalProperties:!0}},required:["user","data"],additionalProperties:!1}}}}}}},query:hl(hc({accountId:gD().meta({description:"The provider given account id for which to get the account info"}).optional()}))},async a=>{let b,c=a.query?.accountId;if(c){let d=await a.context.internalAdapter.findAccount(c);d&&(b=d)}else if(a.context.options.account?.storeAccountCookie){let c=await hF(a);c&&(b=c)}if(!b||b.userId!==a.context.session.user.id)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.ACCOUNT_NOT_FOUND);let d=await iE(a.context.socialProviders,{value:b.providerId});if(!d)throw y.APIError.from("INTERNAL_SERVER_ERROR",{message:`Provider account provider is ${b.providerId} but it is not configured`,code:"PROVIDER_NOT_CONFIGURED"});let e=await lo({...a,method:"POST",body:{accountId:b.accountId,providerId:b.providerId},returnHeaders:!1,returnStatus:!1});if(!e.accessToken)throw y.APIError.from("BAD_REQUEST",{message:"Access token not found",code:"ACCESS_TOKEN_NOT_FOUND"});let f=await d.getUserInfo({...e,accessToken:e.accessToken});return a.json(f)});async function lr(a,b,c,d=3600,e){return await co({email:b.toLowerCase(),updateTo:c?.toLowerCase(),...e},a,d)}async function ls(a,b){if(!a.context.options.emailVerification?.sendVerificationEmail)throw a.context.logger.error("Verification email isn't enabled."),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.VERIFICATION_EMAIL_NOT_ENABLED);let c=await lr(a.context.secret,b.email,void 0,a.context.options.emailVerification?.expiresIn),d=a.body.callbackURL?encodeURIComponent(a.body.callbackURL):encodeURIComponent("/"),e=`${a.context.baseURL}/verify-email?token=${c}&callbackURL=${d}`;await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:b,url:e,token:c},a.request?.clone()))}let lt=jg("/send-verification-email",{method:"POST",operationId:"sendVerificationEmail",cloneRequest:!0,body:hc({email:fY(gF,void 0).meta({description:"The email to send the verification email to"}),callbackURL:gD().meta({description:"The URL to use for email verification callback"}).optional()}),metadata:{openapi:{operationId:"sendVerificationEmail",description:"Send a verification email to the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{email:{type:"string",description:"The email to send the verification email to",example:"user@example.com"},callbackURL:{type:"string",description:"The URL to use for email verification callback",example:"https://example.com/callback",nullable:!0}},required:["email"]}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean",description:"Indicates if the email was sent successfully",example:!0}}}}}},400:{description:"Bad Request",content:{"application/json":{schema:{type:"object",properties:{message:{type:"string",description:"Error message",example:"Verification email isn't enabled"}}}}}}}}}},async a=>{if(!a.context.options.emailVerification?.sendVerificationEmail)throw a.context.logger.error("Verification email isn't enabled."),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.VERIFICATION_EMAIL_NOT_ENABLED);let{email:b}=a.body,c=await jG(a);if(!c){let c=await a.context.internalAdapter.findUserByEmail(b);return!c||c.user.emailVerified?await lr(a.context.secret,b,void 0,a.context.options.emailVerification?.expiresIn):await ls(a,c.user),a.json({status:!0})}if(c?.user.email.toLowerCase()!==b.toLowerCase())throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.EMAIL_MISMATCH);if(c?.user.emailVerified)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.EMAIL_ALREADY_VERIFIED);return await ls(a,c.user),a.json({status:!0})}),lu=jg("/verify-email",{method:"GET",operationId:"verifyEmail",query:hc({token:gD().meta({description:"The token to verify the email"}),callbackURL:gD().meta({description:"The URL to redirect to after email verification"}).optional()}),use:[jm(a=>a.query.callbackURL)],metadata:{openapi:{description:"Verify the email of the user",parameters:[{name:"token",in:"query",description:"The token to verify the email",required:!0,schema:{type:"string"}},{name:"callbackURL",in:"query",description:"The URL to redirect to after email verification",required:!1,schema:{type:"string"}}],responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object",$ref:"#/components/schemas/User"},status:{type:"boolean",description:"Indicates if the email was verified successfully"}},required:["user","status"]}}}}}}}},async a=>{let b;function c(b){if(a.query.callbackURL){if(a.query.callbackURL.includes("?"))throw a.redirect(`${a.query.callbackURL}&error=${b.code}`);throw a.redirect(`${a.query.callbackURL}?error=${b.code}`)}throw y.APIError.from("UNAUTHORIZED",b)}let{token:d}=a.query;try{b=await cn(d,new TextEncoder().encode(a.context.secret),{algorithms:["HS256"]})}catch(a){if(a instanceof aR)return c(cx.BASE_ERROR_CODES.TOKEN_EXPIRED);return c(cx.BASE_ERROR_CODES.INVALID_TOKEN)}let e=hc({email:fY(gF,void 0),updateTo:gD().optional(),requestType:gD().optional()}).parse(b.payload),f=await a.context.internalAdapter.findUserByEmail(e.email);if(!f)return c(cx.BASE_ERROR_CODES.USER_NOT_FOUND);if(e.updateTo){let b=await jG(a);if(b&&b.user.email!==e.email)return c(cx.BASE_ERROR_CODES.INVALID_USER);switch(e.requestType){case"change-email-confirmation":{let b=await lr(a.context.secret,e.email,e.updateTo,a.context.options.emailVerification?.expiresIn,{requestType:"change-email-verification"}),c=a.query.callbackURL?encodeURIComponent(a.query.callbackURL):encodeURIComponent("/"),d=`${a.context.baseURL}/verify-email?token=${b}&callbackURL=${c}`;if(a.context.options.emailVerification?.sendVerificationEmail&&await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:{...f.user,email:e.updateTo},url:d,token:b},a.request?.clone())),a.query.callbackURL)throw a.redirect(a.query.callbackURL);return a.json({status:!0})}case"change-email-verification":{let c=b;if(!c){let b=await a.context.internalAdapter.createSession(f.user.id);if(!b)throw y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);c={session:b,user:f.user}}let d=await a.context.internalAdapter.updateUserByEmail(e.email,{email:e.updateTo,emailVerified:!0});if(a.context.options.emailVerification?.afterEmailVerification&&await a.context.options.emailVerification.afterEmailVerification(d,a.request),await hT(a,{session:c.session,user:{...c.user,email:e.updateTo,emailVerified:!0}}),a.query.callbackURL)throw a.redirect(a.query.callbackURL);return a.json({status:!0,user:cB(a.context.options,d)})}default:{let c=b;if(!c){let b=await a.context.internalAdapter.createSession(f.user.id);if(!b)throw y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);c={session:b,user:f.user}}let d=await a.context.internalAdapter.updateUserByEmail(e.email,{email:e.updateTo,emailVerified:!1}),g=await lr(a.context.secret,e.updateTo),h=a.query.callbackURL?encodeURIComponent(a.query.callbackURL):encodeURIComponent("/");if(a.context.options.emailVerification?.sendVerificationEmail&&await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:d,url:`${a.context.baseURL}/verify-email?token=${g}&callbackURL=${h}`,token:g},a.request?.clone())),await hT(a,{session:c.session,user:{...c.user,email:e.updateTo,emailVerified:!1}}),a.query.callbackURL)throw a.redirect(a.query.callbackURL);return a.json({status:!0,user:cB(a.context.options,d)})}}}if(f.user.emailVerified){if(a.query.callbackURL)throw a.redirect(a.query.callbackURL);return a.json({status:!0,user:null})}a.context.options.emailVerification?.beforeEmailVerification&&await a.context.options.emailVerification.beforeEmailVerification(f.user,a.request);let g=await a.context.internalAdapter.updateUserByEmail(e.email,{emailVerified:!0});if(a.context.options.emailVerification?.afterEmailVerification&&await a.context.options.emailVerification.afterEmailVerification(g,a.request),a.context.options.emailVerification?.autoSignInAfterVerification){let b=await jG(a);if(b&&b.user.email===e.email)await hT(a,{session:b.session,user:{...b.user,emailVerified:!0}});else{let b=await a.context.internalAdapter.createSession(f.user.id);if(!b)throw y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);await hT(a,{session:b,user:{...f.user,emailVerified:!0}})}}if(a.query.callbackURL)throw a.redirect(a.query.callbackURL);return a.json({status:!0,user:null})});async function lv(a,b){let{userInfo:c,account:d,callbackURL:e,disableSignUp:f,overrideUserInfo:g}=b,h=await a.context.internalAdapter.findOAuthUser(c.email.toLowerCase(),d.accountId,d.providerId).catch(b=>{w.logger.error("Better auth was unable to query your database.\nError: ",b),jN(a,a.context.options.onAPIError?.errorURL||`${a.context.baseURL}/error`,"internal_server_error")}),i=h?.user,j=!i;if(h){let e=h.linkedAccount??h.accounts.find(a=>a.providerId===d.providerId&&a.accountId===d.accountId);if(e){let b=a.context.options.account?.updateAccountOnSignIn!==!1?Object.fromEntries(Object.entries({idToken:d.idToken,accessToken:await kz(d.accessToken,a.context),refreshToken:await kz(d.refreshToken,a.context),accessTokenExpiresAt:d.accessTokenExpiresAt,refreshTokenExpiresAt:d.refreshTokenExpiresAt,scope:d.scope}).filter(([a,b])=>void 0!==b)):{};a.context.options.account?.storeAccountCookie&&await hE(a,{...e,...b}),Object.keys(b).length>0&&await a.context.internalAdapter.updateAccount(e.id,b),c.emailVerified&&!h.user.emailVerified&&c.email.toLowerCase()===h.user.email&&await a.context.internalAdapter.updateUser(h.user.id,{emailVerified:!0})}else{let e=a.context.options.account?.accountLinking,f=b.isTrustedProvider||a.context.trustedProviders.includes(d.providerId),g=e?.requireLocalEmailVerified??!0;if(!f&&!c.emailVerified||g&&!h.user.emailVerified||e?.enabled===!1||e?.disableImplicitLinking===!0)return(0,E.isDevelopment)()&&w.logger.warn(`User already exist but account isn't linked to ${d.providerId}. To read more about how account linking works in Better Auth see https://www.better-auth.com/docs/concepts/users-accounts#account-linking.`),{error:"account not linked",data:null};try{await a.context.internalAdapter.linkAccount({providerId:d.providerId,accountId:c.id.toString(),userId:h.user.id,accessToken:await kz(d.accessToken,a.context),refreshToken:await kz(d.refreshToken,a.context),idToken:d.idToken,accessTokenExpiresAt:d.accessTokenExpiresAt,refreshTokenExpiresAt:d.refreshTokenExpiresAt,scope:d.scope})}catch(a){return w.logger.error("Unable to link account",a),{error:"unable to link account",data:null}}c.emailVerified&&!h.user.emailVerified&&c.email.toLowerCase()===h.user.email&&await a.context.internalAdapter.updateUser(h.user.id,{emailVerified:!0})}if(g){let{id:b,...d}=c;i=await a.context.internalAdapter.updateUser(h.user.id,{...d,email:c.email.toLowerCase(),emailVerified:c.email.toLowerCase()===h.user.email&&h.user.emailVerified||c.emailVerified})}}else{if(f)return{error:"signup disabled",data:null,isRegister:!1};try{let{id:b,...f}=c,g={accessToken:await kz(d.accessToken,a.context),refreshToken:await kz(d.refreshToken,a.context),idToken:d.idToken,accessTokenExpiresAt:d.accessTokenExpiresAt,refreshTokenExpiresAt:d.refreshTokenExpiresAt,scope:d.scope,providerId:d.providerId,accountId:c.id.toString()},{user:h,account:j}=await a.context.internalAdapter.createOAuthUser({...f,email:c.email.toLowerCase()},g);if(i=h,a.context.options.account?.storeAccountCookie&&await hE(a,j),!c.emailVerified&&i&&a.context.options.emailVerification?.sendOnSignUp&&a.context.options.emailVerification?.sendVerificationEmail){let b=await lr(a.context.secret,i.email,void 0,a.context.options.emailVerification?.expiresIn),c=`${a.context.baseURL}/verify-email?token=${b}&callbackURL=${encodeURIComponent(e||"/")}`;await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:i,url:c,token:b},a.request))}}catch(a){if(w.logger.error(a),jc(a))return{error:a.message,data:null,isRegister:!1};return{error:"unable to create user",data:null,isRegister:!1}}}if(!i)return{error:"unable to create user",data:null,isRegister:!1};let k=await a.context.internalAdapter.createSession(i.id);return k?{data:{session:k,user:i},error:null,isRegister:j}:{error:"unable to create session",data:null,isRegister:!1}}let lw={scope:"server"},lx=hc({code:gD().optional(),error:gD().optional(),device_id:gD().optional(),error_description:gD().optional(),state:gD().optional(),user:gD().optional()}),ly=jg("/callback/:id",{method:["GET","POST"],operationId:"handleOAuthCallback",body:lx.optional(),query:lx.optional(),metadata:{...lw,allowedMediaTypes:["application/x-www-form-urlencoded","application/json"]}},async a=>{let b,c,d,e,f=a.context.options.onAPIError?.errorURL||`${a.context.baseURL}/error`;if("POST"===a.method){let b=a.body?lx.parse(a.body):{},c=a.query?lx.parse(a.query):{},d=lx.parse({...b,...c}),e=new URLSearchParams;for(let[a,b]of Object.entries(d))null!=b&&e.set(a,String(b));let f=`${a.context.baseURL}/callback/${a.params.id}?${e.toString()}`;throw a.redirect(f)}try{if("GET"===a.method)b=lx.parse(a.query);else if("POST"===a.method)b=lx.parse(a.body);else throw Error("Unsupported method")}catch(b){a.context.logger.error("INVALID_CALLBACK_REQUEST",b),jN(a,f,"invalid_callback_request")}let{code:g,error:h,error_description:i,device_id:j,user:k}=b,{codeVerifier:l,callbackURL:m,link:n,errorURL:o,newUserURL:p,requestSignUp:q}=await kx(a),r=o??f;h&&jN(a,r,h,i),g||(a.context.logger.error("Code not found"),jN(a,r,"no_code"));let s=await iE(a.context.socialProviders,{value:a.params.id});s||(a.context.logger.error("Oauth provider with id",a.params.id,"not found"),jN(a,r,"oauth_provider_not_found"));try{c=await s.validateAuthorizationCode({code:g,codeVerifier:l,deviceId:j,redirectURI:`${a.context.baseURL}/callback/${s.id}`})}catch(b){a.context.logger.error("",b),jN(a,r,"invalid_code")}c||jN(a,r,"invalid_code");let t=k?(0,cP.safeJSONParse)(k):null,u=await s.getUserInfo({...c,user:t??void 0}).then(a=>a?.user);u&&void 0!==u.id&&null!==u.id||(a.context.logger.error("Unable to get user info"),jN(a,r,"unable_to_get_user_info"));let v=String(u.id);if(m||(a.context.logger.error("No callback URL found"),jN(a,r,"no_callback_url")),n){let b;(a.context.trustedProviders.includes(s.id)||u.emailVerified)&&a.context.options.account?.accountLinking?.enabled!==!1||(a.context.logger.error("Unable to link account - untrusted provider"),jN(a,r,"unable_to_link_account")),u.email?.toLowerCase()!==n.email.toLowerCase()&&a.context.options.account?.accountLinking?.allowDifferentEmails!==!0&&jN(a,r,"email_doesn't_match");let d=await a.context.internalAdapter.findAccountByProviderId(v,s.id);if(d){d.userId.toString()!==n.userId.toString()&&jN(a,r,"account_already_linked_to_different_user");let b=Object.fromEntries(Object.entries({accessToken:await kz(c.accessToken,a.context),refreshToken:await kz(c.refreshToken,a.context),idToken:c.idToken,accessTokenExpiresAt:c.accessTokenExpiresAt,refreshTokenExpiresAt:c.refreshTokenExpiresAt,scope:c.scopes?.join(",")}).filter(([a,b])=>void 0!==b));await a.context.internalAdapter.updateAccount(d.id,b)}else await a.context.internalAdapter.createAccount({userId:n.userId,providerId:s.id,accountId:v,...c,accessToken:await kz(c.accessToken,a.context),refreshToken:await kz(c.refreshToken,a.context),scope:c.scopes?.join(",")})||jN(a,r,"unable_to_link_account");try{b=m.toString()}catch{b=m}throw a.redirect(b)}u.email||(a.context.logger.error(jO(s.id)),jN(a,r,"email_not_found"));let w={providerId:s.id,accountId:v,...c,scope:c.scopes?.join(",")};try{d=await lv(a,{userInfo:{...u,id:v,email:u.email,name:u.name||""},account:w,callbackURL:m,disableSignUp:s.disableImplicitSignUp&&!q||s.options?.disableSignUp,overrideUserInfo:s.options?.overrideUserInfoOnSignIn})}catch(b){throw jc(b)&&b.body?.code&&jN(a,r,b.body.code,b.body.message),b}d.error&&(a.context.logger.error(d.error.split(" ").join("_")),jN(a,r,d.error.split(" ").join("_")));let{session:x,user:y}=d.data;await hT(a,{session:x,user:y});try{e=(d.isRegister&&p||m).toString()}catch{e=d.isRegister&&p||m}throw a.redirect(e)});function lz(a){return a.replace(/</g,"<").replace(/>/g,">").replace(/"/g,""").replace(/'/g,"'").replace(/&(?!amp;|lt;|gt;|quot;|#39;|#x[0-9a-fA-F]+;|#[0-9]+;)/g,"&")}let lA=jg("/error",{method:"GET",metadata:{...lw,openapi:{description:"Displays an error page",responses:{200:{description:"Success",content:{"text/html":{schema:{type:"string",description:"The HTML content of the error page"}}}}}}}},async a=>{let b=new URL(a.request?.url||""),c=b.searchParams.get("error")||"UNKNOWN",d=b.searchParams.get("error_description")||null,e=/^[\'A-Za-z0-9_-]+$/.test(c||"")?c:"UNKNOWN",f=d?lz(d):null,g=new URLSearchParams;g.set("error",e),d&&g.set("error_description",d);let h=a.context.options,i=h.onAPIError?.errorURL;return i?new Response(null,{status:302,headers:{Location:`${i}${i.includes("?")?"&":"?"}${g.toString()}`}}):E.isProduction&&!h.onAPIError?.customizeDefaultErrorPage?new Response(null,{status:302,headers:{Location:`/?${g.toString()}`}}):new Response(((a,b="Unknown",c=null)=>{let d=a.onAPIError?.customizeDefaultErrorPage;return`<!DOCTYPE html>
|
|
78
|
+
<html lang="en">
|
|
79
|
+
<head>
|
|
80
|
+
<meta charset="UTF-8" />
|
|
81
|
+
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
82
|
+
<title>Error</title>
|
|
83
|
+
<style>
|
|
84
|
+
* {
|
|
85
|
+
box-sizing: border-box;
|
|
86
|
+
}
|
|
87
|
+
body {
|
|
88
|
+
font-family: ${d?.font?.defaultFamily||"-apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif"};
|
|
89
|
+
background: ${d?.colors?.background||"var(--background)"};
|
|
90
|
+
color: var(--foreground);
|
|
91
|
+
margin: 0;
|
|
92
|
+
}
|
|
93
|
+
:root,
|
|
94
|
+
:host {
|
|
95
|
+
--spacing: 0.25rem;
|
|
96
|
+
--container-md: 28rem;
|
|
97
|
+
--text-sm: ${d?.size?.textSm||"0.875rem"};
|
|
98
|
+
--text-sm--line-height: calc(1.25 / 0.875);
|
|
99
|
+
--text-2xl: ${d?.size?.text2xl||"1.5rem"};
|
|
100
|
+
--text-2xl--line-height: calc(2 / 1.5);
|
|
101
|
+
--text-4xl: ${d?.size?.text4xl||"2.25rem"};
|
|
102
|
+
--text-4xl--line-height: calc(2.5 / 2.25);
|
|
103
|
+
--text-6xl: ${d?.size?.text6xl||"3rem"};
|
|
104
|
+
--text-6xl--line-height: 1;
|
|
105
|
+
--font-weight-medium: 500;
|
|
106
|
+
--font-weight-semibold: 600;
|
|
107
|
+
--font-weight-bold: 700;
|
|
108
|
+
--default-transition-duration: 150ms;
|
|
109
|
+
--default-transition-timing-function: cubic-bezier(0.4, 0, 0.2, 1);
|
|
110
|
+
--radius: ${d?.size?.radiusSm||"0.625rem"};
|
|
111
|
+
--default-mono-font-family: ${d?.font?.monoFamily||"var(--font-geist-mono)"};
|
|
112
|
+
--primary: ${d?.colors?.primary||"black"};
|
|
113
|
+
--primary-foreground: ${d?.colors?.primaryForeground||"white"};
|
|
114
|
+
--background: ${d?.colors?.background||"white"};
|
|
115
|
+
--foreground: ${d?.colors?.foreground||"oklch(0.271 0 0)"};
|
|
116
|
+
--border: ${d?.colors?.border||"oklch(0.89 0 0)"};
|
|
117
|
+
--destructive: ${d?.colors?.destructive||"oklch(0.55 0.15 25.723)"};
|
|
118
|
+
--muted-foreground: ${d?.colors?.mutedForeground||"oklch(0.545 0 0)"};
|
|
119
|
+
--corner-border: ${d?.colors?.cornerBorder||"#404040"};
|
|
120
|
+
}
|
|
121
|
+
|
|
122
|
+
button, .btn {
|
|
123
|
+
cursor: pointer;
|
|
124
|
+
background: none;
|
|
125
|
+
border: none;
|
|
126
|
+
color: inherit;
|
|
127
|
+
font: inherit;
|
|
128
|
+
transition: all var(--default-transition-duration)
|
|
129
|
+
var(--default-transition-timing-function);
|
|
130
|
+
}
|
|
131
|
+
button:hover, .btn:hover {
|
|
132
|
+
opacity: 0.8;
|
|
133
|
+
}
|
|
134
|
+
|
|
135
|
+
@media (prefers-color-scheme: dark) {
|
|
136
|
+
:root,
|
|
137
|
+
:host {
|
|
138
|
+
--primary: ${d?.colors?.primary||"white"};
|
|
139
|
+
--primary-foreground: ${d?.colors?.primaryForeground||"black"};
|
|
140
|
+
--background: ${d?.colors?.background||"oklch(0.15 0 0)"};
|
|
141
|
+
--foreground: ${d?.colors?.foreground||"oklch(0.98 0 0)"};
|
|
142
|
+
--border: ${d?.colors?.border||"oklch(0.27 0 0)"};
|
|
143
|
+
--destructive: ${d?.colors?.destructive||"oklch(0.65 0.15 25.723)"};
|
|
144
|
+
--muted-foreground: ${d?.colors?.mutedForeground||"oklch(0.65 0 0)"};
|
|
145
|
+
--corner-border: ${d?.colors?.cornerBorder||"#a0a0a0"};
|
|
146
|
+
}
|
|
147
|
+
}
|
|
148
|
+
@media (max-width: 640px) {
|
|
149
|
+
:root, :host {
|
|
150
|
+
--text-6xl: 2.5rem;
|
|
151
|
+
--text-2xl: 1.25rem;
|
|
152
|
+
--text-sm: 0.8125rem;
|
|
153
|
+
}
|
|
154
|
+
}
|
|
155
|
+
@media (max-width: 480px) {
|
|
156
|
+
:root, :host {
|
|
157
|
+
--text-6xl: 2rem;
|
|
158
|
+
--text-2xl: 1.125rem;
|
|
159
|
+
}
|
|
160
|
+
}
|
|
161
|
+
</style>
|
|
162
|
+
</head>
|
|
163
|
+
<body style="width: 100vw; min-height: 100vh; overflow-x: hidden; overflow-y: auto;">
|
|
164
|
+
<div
|
|
165
|
+
style="
|
|
166
|
+
display: flex;
|
|
167
|
+
flex-direction: column;
|
|
168
|
+
align-items: center;
|
|
169
|
+
justify-content: center;
|
|
170
|
+
gap: 1.5rem;
|
|
171
|
+
position: relative;
|
|
172
|
+
width: 100%;
|
|
173
|
+
min-height: 100vh;
|
|
174
|
+
padding: 1rem;
|
|
175
|
+
"
|
|
176
|
+
>
|
|
177
|
+
${d?.disableBackgroundGrid?"":`
|
|
178
|
+
<div
|
|
179
|
+
style="
|
|
180
|
+
position: absolute;
|
|
181
|
+
inset: 0;
|
|
182
|
+
background-image: linear-gradient(to right, ${d?.colors?.gridColor||"var(--border)"} 1px, transparent 1px),
|
|
183
|
+
linear-gradient(to bottom, ${d?.colors?.gridColor||"var(--border)"} 1px, transparent 1px);
|
|
184
|
+
background-size: 40px 40px;
|
|
185
|
+
opacity: 0.6;
|
|
186
|
+
pointer-events: none;
|
|
187
|
+
width: 100vw;
|
|
188
|
+
height: 100vh;
|
|
189
|
+
"
|
|
190
|
+
></div>
|
|
191
|
+
<div
|
|
192
|
+
style="
|
|
193
|
+
position: absolute;
|
|
194
|
+
inset: 0;
|
|
195
|
+
display: flex;
|
|
196
|
+
align-items: center;
|
|
197
|
+
justify-content: center;
|
|
198
|
+
background: ${d?.colors?.background||"var(--background)"};
|
|
199
|
+
mask-image: radial-gradient(ellipse at center, transparent 20%, black);
|
|
200
|
+
-webkit-mask-image: radial-gradient(ellipse at center, transparent 20%, black);
|
|
201
|
+
pointer-events: none;
|
|
202
|
+
"
|
|
203
|
+
></div>
|
|
204
|
+
`}
|
|
205
|
+
|
|
206
|
+
<div
|
|
207
|
+
style="
|
|
208
|
+
position: relative;
|
|
209
|
+
z-index: 10;
|
|
210
|
+
border: 2px solid var(--border);
|
|
211
|
+
background: ${d?.colors?.cardBackground||"var(--background)"};
|
|
212
|
+
padding: 1.5rem;
|
|
213
|
+
max-width: 42rem;
|
|
214
|
+
width: 100%;
|
|
215
|
+
"
|
|
216
|
+
>
|
|
217
|
+
${d?.disableCornerDecorations?"":`
|
|
218
|
+
<!-- Corner decorations -->
|
|
219
|
+
<div
|
|
220
|
+
style="
|
|
221
|
+
position: absolute;
|
|
222
|
+
top: -2px;
|
|
223
|
+
left: -2px;
|
|
224
|
+
width: 2rem;
|
|
225
|
+
height: 2rem;
|
|
226
|
+
border-top: 4px solid var(--corner-border);
|
|
227
|
+
border-left: 4px solid var(--corner-border);
|
|
228
|
+
"
|
|
229
|
+
></div>
|
|
230
|
+
<div
|
|
231
|
+
style="
|
|
232
|
+
position: absolute;
|
|
233
|
+
top: -2px;
|
|
234
|
+
right: -2px;
|
|
235
|
+
width: 2rem;
|
|
236
|
+
height: 2rem;
|
|
237
|
+
border-top: 4px solid var(--corner-border);
|
|
238
|
+
border-right: 4px solid var(--corner-border);
|
|
239
|
+
"
|
|
240
|
+
></div>
|
|
241
|
+
|
|
242
|
+
<div
|
|
243
|
+
style="
|
|
244
|
+
position: absolute;
|
|
245
|
+
bottom: -2px;
|
|
246
|
+
left: -2px;
|
|
247
|
+
width: 2rem;
|
|
248
|
+
height: 2rem;
|
|
249
|
+
border-bottom: 4px solid var(--corner-border);
|
|
250
|
+
border-left: 4px solid var(--corner-border);
|
|
251
|
+
"
|
|
252
|
+
></div>
|
|
253
|
+
<div
|
|
254
|
+
style="
|
|
255
|
+
position: absolute;
|
|
256
|
+
bottom: -2px;
|
|
257
|
+
right: -2px;
|
|
258
|
+
width: 2rem;
|
|
259
|
+
height: 2rem;
|
|
260
|
+
border-bottom: 4px solid var(--corner-border);
|
|
261
|
+
border-right: 4px solid var(--corner-border);
|
|
262
|
+
"
|
|
263
|
+
></div>`}
|
|
264
|
+
|
|
265
|
+
<div style="text-align: center; margin-bottom: 1.5rem;">
|
|
266
|
+
<div style="margin-bottom: 1.5rem;">
|
|
267
|
+
<div
|
|
268
|
+
style="
|
|
269
|
+
display: inline-block;
|
|
270
|
+
border: 2px solid ${d?.disableTitleBorder?"transparent":d?.colors?.titleBorder||"var(--destructive)"};
|
|
271
|
+
padding: 0.375rem 1rem;
|
|
272
|
+
"
|
|
273
|
+
>
|
|
274
|
+
<h1
|
|
275
|
+
style="
|
|
276
|
+
font-size: var(--text-6xl);
|
|
277
|
+
font-weight: var(--font-weight-semibold);
|
|
278
|
+
color: ${d?.colors?.titleColor||"var(--foreground)"};
|
|
279
|
+
letter-spacing: -0.02em;
|
|
280
|
+
margin: 0;
|
|
281
|
+
"
|
|
282
|
+
>
|
|
283
|
+
ERROR
|
|
284
|
+
</h1>
|
|
285
|
+
</div>
|
|
286
|
+
<div
|
|
287
|
+
style="
|
|
288
|
+
height: 2px;
|
|
289
|
+
background-color: var(--border);
|
|
290
|
+
width: calc(100% + 3rem);
|
|
291
|
+
margin-left: -1.5rem;
|
|
292
|
+
margin-top: 1.5rem;
|
|
293
|
+
"
|
|
294
|
+
></div>
|
|
295
|
+
</div>
|
|
296
|
+
|
|
297
|
+
<h2
|
|
298
|
+
style="
|
|
299
|
+
font-size: var(--text-2xl);
|
|
300
|
+
font-weight: var(--font-weight-semibold);
|
|
301
|
+
color: var(--foreground);
|
|
302
|
+
margin: 0 0 1rem;
|
|
303
|
+
"
|
|
304
|
+
>
|
|
305
|
+
Something went wrong
|
|
306
|
+
</h2>
|
|
307
|
+
|
|
308
|
+
<div
|
|
309
|
+
style="
|
|
310
|
+
display: inline-flex;
|
|
311
|
+
align-items: center;
|
|
312
|
+
gap: 0.5rem;
|
|
313
|
+
border: 2px solid var(--border);
|
|
314
|
+
background-color: var(--muted);
|
|
315
|
+
padding: 0.375rem 0.75rem;
|
|
316
|
+
margin: 0 0 1rem;
|
|
317
|
+
flex-wrap: wrap;
|
|
318
|
+
justify-content: center;
|
|
319
|
+
"
|
|
320
|
+
>
|
|
321
|
+
<span
|
|
322
|
+
style="
|
|
323
|
+
font-size: 0.75rem;
|
|
324
|
+
color: var(--muted-foreground);
|
|
325
|
+
font-weight: var(--font-weight-semibold);
|
|
326
|
+
"
|
|
327
|
+
>
|
|
328
|
+
CODE:
|
|
329
|
+
</span>
|
|
330
|
+
<span
|
|
331
|
+
style="
|
|
332
|
+
font-size: var(--text-sm);
|
|
333
|
+
font-family: var(--default-mono-font-family, monospace);
|
|
334
|
+
color: var(--foreground);
|
|
335
|
+
word-break: break-all;
|
|
336
|
+
"
|
|
337
|
+
>
|
|
338
|
+
${lz(b)}
|
|
339
|
+
</span>
|
|
340
|
+
</div>
|
|
341
|
+
|
|
342
|
+
<p
|
|
343
|
+
style="
|
|
344
|
+
color: var(--muted-foreground);
|
|
345
|
+
max-width: 28rem;
|
|
346
|
+
margin: 0 auto;
|
|
347
|
+
font-size: var(--text-sm);
|
|
348
|
+
line-height: 1.5;
|
|
349
|
+
text-wrap: pretty;
|
|
350
|
+
"
|
|
351
|
+
>
|
|
352
|
+
${!c?`We encountered an unexpected error. Please try again or return to the home page. If you're a developer, you can find <a href='https://better-auth.com/docs/reference/errors/${encodeURIComponent(b)}' target='_blank' rel="noopener noreferrer" style='color: var(--foreground); text-decoration: underline;'>more information about the error</a>.`:c}
|
|
353
|
+
</p>
|
|
354
|
+
</div>
|
|
355
|
+
|
|
356
|
+
<div
|
|
357
|
+
style="
|
|
358
|
+
display: flex;
|
|
359
|
+
gap: 0.75rem;
|
|
360
|
+
margin-top: 1.5rem;
|
|
361
|
+
justify-content: center;
|
|
362
|
+
flex-wrap: wrap;
|
|
363
|
+
"
|
|
364
|
+
>
|
|
365
|
+
<a
|
|
366
|
+
href="/"
|
|
367
|
+
style="
|
|
368
|
+
text-decoration: none;
|
|
369
|
+
"
|
|
370
|
+
>
|
|
371
|
+
<div
|
|
372
|
+
style="
|
|
373
|
+
border: 2px solid var(--border);
|
|
374
|
+
background: var(--primary);
|
|
375
|
+
color: var(--primary-foreground);
|
|
376
|
+
padding: 0.5rem 1rem;
|
|
377
|
+
border-radius: 0;
|
|
378
|
+
white-space: nowrap;
|
|
379
|
+
"
|
|
380
|
+
class="btn"
|
|
381
|
+
>
|
|
382
|
+
Go Home
|
|
383
|
+
</div>
|
|
384
|
+
</a>
|
|
385
|
+
<a
|
|
386
|
+
href="https://better-auth.com/docs/reference/errors/${encodeURIComponent(b)}?askai=${encodeURIComponent(`What does the error code ${b} mean?`)}"
|
|
387
|
+
target="_blank"
|
|
388
|
+
rel="noopener noreferrer"
|
|
389
|
+
style="
|
|
390
|
+
text-decoration: none;
|
|
391
|
+
"
|
|
392
|
+
>
|
|
393
|
+
<div
|
|
394
|
+
style="
|
|
395
|
+
border: 2px solid var(--border);
|
|
396
|
+
background: transparent;
|
|
397
|
+
color: var(--foreground);
|
|
398
|
+
padding: 0.5rem 1rem;
|
|
399
|
+
border-radius: 0;
|
|
400
|
+
white-space: nowrap;
|
|
401
|
+
"
|
|
402
|
+
class="btn"
|
|
403
|
+
>
|
|
404
|
+
Ask AI
|
|
405
|
+
</div>
|
|
406
|
+
</a>
|
|
407
|
+
</div>
|
|
408
|
+
</div>
|
|
409
|
+
</div>
|
|
410
|
+
</body>
|
|
411
|
+
</html>`})(a.context.options,e,f),{headers:{"Content-Type":"text/html"}})}),lB=jg("/ok",{method:"GET",metadata:{...lw,openapi:{description:"Check if the API is working",responses:{200:{description:"API is working",content:{"application/json":{schema:{type:"object",properties:{ok:{type:"boolean",description:"Indicates if the API is working"}},required:["ok"]}}}}}}}},async a=>a.json({ok:!0}));function lC(a,b,c){let d=b?new URL(b,a.baseURL):new URL(`${a.baseURL}/error`);return c&&Object.entries(c).forEach(([a,b])=>d.searchParams.set(a,b)),d.href}let lD=jg("/request-password-reset",{method:"POST",body:hc({email:fY(gF,void 0).meta({description:"The email address of the user to send a password reset email to"}),redirectTo:gD().meta({description:"The URL to redirect the user to reset their password. If the token isn't valid or expired, it'll be redirected with a query parameter `?error=INVALID_TOKEN`. If the token is valid, it'll be redirected with a query parameter `?token=VALID_TOKEN"}).optional()}),metadata:{openapi:{operationId:"requestPasswordReset",description:"Send a password reset email to the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"},message:{type:"string"}}}}}}}}},use:[jm(a=>a.body.redirectTo)]},async a=>{if(!a.context.options.emailAndPassword?.sendResetPassword)throw a.context.logger.error("Reset password isn't enabled.Please pass an emailAndPassword.sendResetPassword function in your auth config!"),y.APIError.from("BAD_REQUEST",{message:"Reset password isn't enabled",code:"RESET_PASSWORD_DISABLED"});let{email:b,redirectTo:c}=a.body,d=await a.context.internalAdapter.findUserByEmail(b,{includeAccounts:!0});if(!d)return(0,io.generateId)(24),await a.context.internalAdapter.findVerificationValue("dummy-verification-token"),a.context.logger.error("Reset Password: User not found",{email:b}),a.json({status:!0,message:"If this email exists in our system, check your email for the reset link"});let e=cG(a.context.options.emailAndPassword.resetPasswordTokenExpiresIn||3600,"sec"),f=(0,io.generateId)(24);await a.context.internalAdapter.createVerificationValue({value:d.user.id,identifier:`reset-password:${f}`,expiresAt:e});let g=c?encodeURIComponent(c):"",h=`${a.context.baseURL}/reset-password/${f}?callbackURL=${g}`;return await a.context.runInBackgroundOrAwait(a.context.options.emailAndPassword.sendResetPassword({user:d.user,url:h,token:f},a.request)),a.json({status:!0,message:"If this email exists in our system, check your email for the reset link"})}),lE=jg("/reset-password/:token",{method:"GET",operationId:"resetPasswordCallback",query:hc({callbackURL:gD().meta({description:"The URL to redirect the user to reset their password"})}),use:[jm(a=>a.query.callbackURL)],metadata:{openapi:{operationId:"resetPasswordCallback",description:"Redirects the user to the callback URL with the token",parameters:[{name:"token",in:"path",required:!0,description:"The token to reset the password",schema:{type:"string"}},{name:"callbackURL",in:"query",required:!0,description:"The URL to redirect the user to reset their password",schema:{type:"string"}}],responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string"}}}}}}}}}},async a=>{var b,c;let d,{token:e}=a.params,{callbackURL:f}=a.query;if(!e||!f)throw a.redirect(lC(a.context,f,{error:"INVALID_TOKEN"}));let g=await a.context.internalAdapter.findVerificationValue(`reset-password:${e}`);if(!g||g.expiresAt<new Date)throw a.redirect(lC(a.context,f,{error:"INVALID_TOKEN"}));throw a.redirect((b=a.context,c={token:e},d=new URL(f,b.baseURL),c&&Object.entries(c).forEach(([a,b])=>d.searchParams.set(a,b)),d.href))}),lF=jg("/reset-password",{method:"POST",operationId:"resetPassword",query:hc({token:gD().optional()}).optional(),body:hc({newPassword:gD().meta({description:"The new password to set"}),token:gD().meta({description:"The token to reset the password"}).optional()}),metadata:{openapi:{operationId:"resetPassword",description:"Reset the password for a user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}}},async a=>{let b=a.body.token||a.query?.token;if(!b)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_TOKEN);let{newPassword:c}=a.body,d=a.context.password?.config.minPasswordLength,e=a.context.password?.config.maxPasswordLength;if(c.length<d)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_SHORT);if(c.length>e)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_LONG);let f=`reset-password:${b}`,g=await a.context.internalAdapter.findVerificationValue(f);if(!g||g.expiresAt<new Date)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_TOKEN);let h=g.value,i=await a.context.password.hash(c);if((await a.context.internalAdapter.findAccounts(h)).find(a=>"credential"===a.providerId)?await a.context.internalAdapter.updatePassword(h,i):await a.context.internalAdapter.createAccount({userId:h,providerId:"credential",password:i,accountId:h}),await a.context.internalAdapter.deleteVerificationByIdentifier(f),a.context.options.emailAndPassword?.onPasswordReset){let b=await a.context.internalAdapter.findUserById(h);b&&await a.context.options.emailAndPassword.onPasswordReset({user:b},a.request)}return a.context.options.emailAndPassword?.revokeSessionsOnPasswordReset&&await a.context.internalAdapter.deleteSessions(h),a.json({status:!0})}),lG=jg("/verify-password",{method:"POST",body:hc({password:gD().meta({description:"The password to verify"})}),metadata:{scope:"server",openapi:{operationId:"verifyPassword",description:"Verify the current user's password",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{status:{type:"boolean"}}}}}}}}},use:[jI]},async a=>{let{password:b}=a.body,c=a.context.session;if(!await iG(a,{password:b,userId:c.user.id}))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD);return a.json({status:!0})}),lH=hc({callbackURL:gD().meta({description:"Callback URL to redirect to after the user has signed in"}).optional(),newUserCallbackURL:gD().optional(),errorCallbackURL:gD().meta({description:"Callback URL to redirect to if an error happens"}).optional(),provider:lk,disableRedirect:g1().meta({description:"Disable automatic redirection to the provider. Useful for handling the redirection yourself"}).optional(),idToken:hl(hc({token:gD().meta({description:"ID token from the provider"}),nonce:gD().meta({description:"Nonce used to generate the token"}).optional(),accessToken:gD().meta({description:"Access token from the provider"}).optional(),refreshToken:gD().meta({description:"Refresh token from the provider"}).optional(),expiresAt:gZ().meta({description:"Expiry date of the token"}).optional(),user:hc({name:hc({firstName:gD().optional(),lastName:gD().optional()}).optional(),email:gD().optional()}).meta({description:"The user object from the provider. Only available for some providers like Apple."}).optional()})),scopes:ha(gD()).meta({description:"Array of scopes to request from the provider. This will override the default scopes passed."}).optional(),requestSignUp:g1().meta({description:"Explicitly request sign-up. Useful when disableImplicitSignUp is true for this provider"}).optional(),loginHint:gD().meta({description:"The login hint to use for the authorization code request"}).optional(),additionalData:hg(gD(),g4()).optional().meta({description:"Additional data to be passed through the OAuth flow"})}),lI=jg("/sign-out",{method:"POST",operationId:"signOut",requireHeaders:!0,metadata:{openapi:{operationId:"signOut",description:"Sign out the current user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean"}}}}}}}}}},async a=>{let b=await a.getSignedCookie(a.context.authCookies.sessionToken.name,a.context.secret);if(b)try{await a.context.internalAdapter.deleteSession(b)}catch(b){a.context.logger.error("Failed to delete session from database",b)}return hV(a),a.json({success:!0})}),lJ=hc({name:gD(),email:fY(gF,void 0),password:gD().nonempty(),image:gD().optional(),callbackURL:gD().optional(),rememberMe:g1().optional()}).and(hg(gD(),g4())),lK=hg(gD().meta({description:"Field name must be a string"}),g4()),lL=hg(gD().meta({description:"Field name must be a string"}),g4()),lM=jg("/change-password",{method:"POST",operationId:"changePassword",body:hc({newPassword:gD().meta({description:"The new password to set"}),currentPassword:gD().meta({description:"The current password is required"}),revokeOtherSessions:g1().meta({description:"Must be a boolean value"}).optional()}),use:[jI],metadata:{openapi:{operationId:"changePassword",description:"Change the password of the user",responses:{200:{description:"Password successfully changed",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string",nullable:!0,description:"New session token if other sessions were revoked"},user:{type:"object",properties:{id:{type:"string",description:"The unique identifier of the user"},email:{type:"string",format:"email",description:"The email address of the user"},name:{type:"string",description:"The name of the user"},image:{type:"string",format:"uri",nullable:!0,description:"The profile image URL of the user"},emailVerified:{type:"boolean",description:"Whether the email has been verified"},createdAt:{type:"string",format:"date-time",description:"When the user was created"},updatedAt:{type:"string",format:"date-time",description:"When the user was last updated"}},required:["id","email","name","emailVerified","createdAt","updatedAt"]}},required:["user"]}}}}}}}},async a=>{let{newPassword:b,currentPassword:c,revokeOtherSessions:d}=a.body,e=a.context.session,f=a.context.password.config.minPasswordLength;if(b.length<f)throw a.context.logger.error("Password is too short"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_SHORT);let g=a.context.password.config.maxPasswordLength;if(b.length>g)throw a.context.logger.error("Password is too long"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_LONG);let h=(await a.context.internalAdapter.findAccounts(e.user.id)).find(a=>"credential"===a.providerId&&a.password);if(!h||!h.password)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.CREDENTIAL_ACCOUNT_NOT_FOUND);let i=await a.context.password.hash(b);if(!await a.context.password.verify({hash:h.password,password:c}))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD);await a.context.internalAdapter.updateAccount(h.id,{password:i});let j=null;if(d){await a.context.internalAdapter.deleteSessions(e.user.id);let b=await a.context.internalAdapter.createSession(e.user.id);if(!b)throw y.APIError.from("INTERNAL_SERVER_ERROR",cx.BASE_ERROR_CODES.FAILED_TO_GET_SESSION);await hT(a,{session:b,user:e.user}),j=b.token}return a.json({token:j,user:cB(a.context.options,e.user)})}),lN=jg({method:"POST",body:hc({newPassword:gD().meta({description:"The new password to set is required"})}),use:[jI]},async a=>{let{newPassword:b}=a.body,c=a.context.session,d=a.context.password.config.minPasswordLength;if(b.length<d)throw a.context.logger.error("Password is too short"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_SHORT);let e=a.context.password.config.maxPasswordLength;if(b.length>e)throw a.context.logger.error("Password is too long"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_LONG);let f=(await a.context.internalAdapter.findAccounts(c.user.id)).find(a=>"credential"===a.providerId&&a.password),g=await a.context.password.hash(b);if(!f)return await a.context.internalAdapter.linkAccount({userId:c.user.id,providerId:"credential",accountId:c.user.id,password:g}),a.json({status:!0});throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_ALREADY_SET)}),lO=jg("/delete-user",{method:"POST",use:[jI],body:hc({callbackURL:gD().meta({description:"The callback URL to redirect to after the user is deleted"}).optional(),password:gD().meta({description:"The password of the user is required to delete the user"}).optional(),token:gD().meta({description:"The token to delete the user is required"}).optional()}),metadata:{openapi:{operationId:"deleteUser",description:"Delete the user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{callbackURL:{type:"string",description:"The callback URL to redirect to after the user is deleted"},password:{type:"string",description:"The user's password. Required if session is not fresh"},token:{type:"string",description:"The deletion verification token"}}}}}},responses:{200:{description:"User deletion processed successfully",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean",description:"Indicates if the operation was successful"},message:{type:"string",enum:["User deleted","Verification email sent"],description:"Status message of the deletion process"}},required:["success","message"]}}}}}}}},async a=>{if(!a.context.options.user?.deleteUser?.enabled)throw a.context.logger.error("Delete user is disabled. Enable it in the options"),y.APIError.fromStatus("NOT_FOUND");let b=a.context.session;if(a.body.password){let c=(await a.context.internalAdapter.findAccounts(b.user.id)).find(a=>"credential"===a.providerId&&a.password);if(!c||!c.password)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.CREDENTIAL_ACCOUNT_NOT_FOUND);if(!await a.context.password.verify({hash:c.password,password:a.body.password}))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD)}if(a.body.token)return await lP({...a,query:{token:a.body.token}}),a.json({success:!0,message:"User deleted"});if(a.context.options.user.deleteUser?.sendDeleteAccountVerification){let c=jQ(32,"0-9","a-z");await a.context.internalAdapter.createVerificationValue({value:b.user.id,identifier:`delete-account-${c}`,expiresAt:new Date(Date.now()+1e3*(a.context.options.user.deleteUser?.deleteTokenExpiresIn||86400))});let d=`${a.context.baseURL}/delete-user/callback?token=${c}&callbackURL=${encodeURIComponent(a.body.callbackURL||"/")}`;return await a.context.runInBackgroundOrAwait(a.context.options.user.deleteUser.sendDeleteAccountVerification({user:b.user,url:d,token:c},a.request)),a.json({success:!0,message:"Verification email sent"})}if(!a.body.password&&0!==a.context.sessionConfig.freshAge){let c=new Date(b.session.createdAt).getTime(),d=1e3*a.context.sessionConfig.freshAge;if(Date.now()-c>=d)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.SESSION_EXPIRED)}let c=a.context.options.user.deleteUser?.beforeDelete;c&&await c(b.user,a.request),await a.context.internalAdapter.deleteUser(b.user.id),await a.context.internalAdapter.deleteSessions(b.user.id),hV(a);let d=a.context.options.user.deleteUser?.afterDelete;return d&&await d(b.user,a.request),a.json({success:!0,message:"User deleted"})}),lP=jg("/delete-user/callback",{method:"GET",query:hc({token:gD().meta({description:"The token to verify the deletion request"}),callbackURL:gD().meta({description:"The URL to redirect to after deletion"}).optional()}),use:[jm(a=>a.query.callbackURL)],metadata:{openapi:{description:"Callback to complete user deletion with verification token",responses:{200:{description:"User successfully deleted",content:{"application/json":{schema:{type:"object",properties:{success:{type:"boolean",description:"Indicates if the deletion was successful"},message:{type:"string",enum:["User deleted"],description:"Confirmation message"}},required:["success","message"]}}}}}}}},async a=>{if(!a.context.options.user?.deleteUser?.enabled)throw a.context.logger.error("Delete user is disabled. Enable it in the options"),y.APIError.from("NOT_FOUND",{message:"Not found",code:"NOT_FOUND"});let b=await jG(a);if(!b)throw y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.FAILED_TO_GET_USER_INFO);let c=await a.context.internalAdapter.findVerificationValue(`delete-account-${a.query.token}`);if(!c||c.expiresAt<new Date||c.value!==b.user.id)throw y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.INVALID_TOKEN);let d=a.context.options.user.deleteUser?.beforeDelete;d&&await d(b.user,a.request),await a.context.internalAdapter.deleteUser(b.user.id),await a.context.internalAdapter.deleteSessions(b.user.id),await a.context.internalAdapter.deleteAccounts(b.user.id),await a.context.internalAdapter.deleteVerificationByIdentifier(`delete-account-${a.query.token}`),hV(a);let e=a.context.options.user.deleteUser?.afterDelete;if(e&&await e(b.user,a.request),a.query.callbackURL)throw a.redirect(a.query.callbackURL||"/");return a.json({success:!0,message:"User deleted"})}),lQ=jg("/change-email",{method:"POST",body:hc({newEmail:fY(gF,void 0).meta({description:"The new email address to set must be a valid email address"}),callbackURL:gD().meta({description:"The URL to redirect to after email verification"}).optional()}),use:[jI],metadata:{openapi:{operationId:"changeEmail",responses:{200:{description:"Email change request processed successfully",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object",$ref:"#/components/schemas/User"},status:{type:"boolean",description:"Indicates if the request was successful"},message:{type:"string",enum:["Email updated","Verification email sent"],description:"Status message of the email change process",nullable:!0}},required:["status"]}}}}}}}},async a=>{if(!a.context.options.user?.changeEmail?.enabled)throw a.context.logger.error("Change email is disabled."),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.CHANGE_EMAIL_DISABLED);let b=a.body.newEmail.toLowerCase();if(b===a.context.session.user.email)throw a.context.logger.error("Email is the same"),y.APIError.fromStatus("BAD_REQUEST",{message:"Email is the same"});let c=!0!==a.context.session.user.emailVerified&&a.context.options.user.changeEmail.updateEmailWithoutVerification,d=a.context.options.emailVerification?.sendVerificationEmail,e=d&&a.context.session.user.emailVerified&&a.context.options.user.changeEmail.sendChangeEmailConfirmation;if(!c&&!e&&!d)throw a.context.logger.error("Verification email isn't enabled."),y.APIError.fromStatus("BAD_REQUEST",{message:"Verification email isn't enabled"});if(await a.context.internalAdapter.findUserByEmail(b))return await lr(a.context.secret,a.context.session.user.email,b,a.context.options.emailVerification?.expiresIn),a.context.logger.info("Change email attempt for existing email"),a.json({status:!0});if(c){if(await a.context.internalAdapter.updateUserByEmail(a.context.session.user.email,{email:b}),await hT(a,{session:a.context.session.session,user:{...a.context.session.user,email:b}}),d){let c=await lr(a.context.secret,b,void 0,a.context.options.emailVerification?.expiresIn),e=`${a.context.baseURL}/verify-email?token=${c}&callbackURL=${encodeURIComponent(a.body.callbackURL||"/")}`;await a.context.runInBackgroundOrAwait(d({user:{...a.context.session.user,email:b},url:e,token:c},a.request))}return a.json({status:!0})}if(e){let c=await lr(a.context.secret,a.context.session.user.email,b,a.context.options.emailVerification?.expiresIn,{requestType:"change-email-confirmation"}),d=`${a.context.baseURL}/verify-email?token=${c}&callbackURL=${encodeURIComponent(a.body.callbackURL||"/")}`;return await a.context.runInBackgroundOrAwait(e({user:a.context.session.user,newEmail:b,url:d,token:c},a.request)),a.json({status:!0})}if(!d)throw a.context.logger.error("Verification email isn't enabled."),y.APIError.fromStatus("BAD_REQUEST",{message:"Verification email isn't enabled"});let f=await lr(a.context.secret,a.context.session.user.email,b,a.context.options.emailVerification?.expiresIn,{requestType:"change-email-verification"}),g=`${a.context.baseURL}/verify-email?token=${f}&callbackURL=${encodeURIComponent(a.body.callbackURL||"/")}`;return await a.context.runInBackgroundOrAwait(d({user:{...a.context.session.user,email:b},url:g,token:f},a.request)),a.json({status:!0})}),lR=is((a,b,c)=>{if(Array.isArray(a[b])&&Array.isArray(c))return a[b]=c,!0}),lS=new WeakMap;async function lT(a,b){if(a.baseURL)return a;let c=function(a){if(L(a?.request))return a.request;if(!a?.headers)return;let b=a.headers instanceof Headers?a.headers:new Headers(a.headers);if(b.has("host")||b.has("x-forwarded-host"))return b}(b),d=a.options.baseURL,e=K(d)&&!!d.fallback;if(void 0===c&&!e)throw new y.APIError("INTERNAL_SERVER_ERROR",{message:"Dynamic baseURL could not be resolved for this direct auth.api call. Pass `headers: request.headers` (or `request`) to the call, or add `fallback` to your baseURL config."});try{return await iD(a,c,iC(a.options))}catch(a){if(a instanceof y.BetterAuthError)throw new y.APIError("INTERNAL_SERVER_ERROR",{message:a.message});throw a}}async function lU(a,b,c,d){let e={};for(let f of b){let b=!1;try{b=f.matcher(a)}catch(c){let b=lS.get(f.handler)??"unknown";throw a.context.logger.error(`An error occurred during ${b} hook matcher execution:`,c),new y.APIError("INTERNAL_SERVER_ERROR",{message:"An error occurred during hook matcher execution. Check the logs for more details."})}if(b){let b=lS.get(f.handler)??"unknown",g=c.path??"/:virtual",h=await (0,im.withSpan)(`hook before ${g} ${b}`,{[ik]:"before",[ii.ATTR_HTTP_ROUTE]:g,[il]:b,[ij]:d},()=>f.handler({...a,returnHeaders:!1})).catch(b=>{throw jc(b)&&(0,w.shouldPublishLog)(a.context.logger.level,"debug")&&(b.stack=b.errorStack),b});if(h&&"object"==typeof h){if("context"in h&&"object"==typeof h.context){let{headers:a,...b}=h.context;a instanceof Headers&&(e.headers?a.forEach((a,b)=>{e.headers?.set(b,a)}):e.headers=a),e=lR(b,e);continue}return h}}}return{context:e}}async function lV(a,b,c,d){for(let e of b)if(e.matcher(a)){let b=lS.get(e.handler)??"unknown",f=c.path??"/:virtual",g=await (0,im.withSpan)(`hook after ${f} ${b}`,{[ik]:"after",[ii.ATTR_HTTP_ROUTE]:f,[il]:b,[ij]:d},()=>e.handler(a)).catch(b=>{if(jc(b)){let c=b[iI.kAPIErrorHeaderSymbol];return(0,w.shouldPublishLog)(a.context.logger.level,"debug")&&(b.stack=b.errorStack),{response:b,headers:c||(b.headers?new Headers(b.headers):null)}}throw b});g.headers&&g.headers.forEach((b,c)=>{a.context.responseHeaders?"set-cookie"===c.toLowerCase()?a.context.responseHeaders.append(c,b):a.context.responseHeaders.set(c,b):a.context.responseHeaders=new Headers({[c]:b})}),g.response&&(a.context.returned=g.response)}return{response:a.context.returned,headers:a.context.responseHeaders}}function lW(a,b){let c=b.plugins?.reduce((a,b)=>({...a,...b.endpoints}),{})??{},d=b.plugins?.map(b=>b.middlewares?.map(c=>{let d=async d=>{let e=await a;return(0,im.withSpan)(`middleware ${c.path} ${b.id}`,{[ik]:"middleware",[ii.ATTR_HTTP_ROUTE]:c.path,[il]:`plugin:${b.id}`},()=>c.middleware({...d,context:{...e,...d.context}}))};return d.options=c.middleware.options,{path:c.path,middleware:d}})).filter(a=>void 0!==a).flat()||[];return{api:function(a,b){let c={};for(let[d,e]of Object.entries(a))c[d]=async a=>{let c=function(a,b){if(!a?.options)return b;let c=a.options;return c.operationId??c.metadata?.openapi?.operationId??b}(e,d),f=e?.options?.method,g=Array.isArray(f)?f[0]:f,h=async()=>{let d=await b,f=a?.method??a?.request?.method??g??"?",h=e.path??"/:virtual",i=K(d.options.baseURL)?await lT(d,a):d,j={...a,context:{...i,returned:void 0,responseHeaders:void 0,session:null},path:e.path,headers:a?.headers?new Headers(a?.headers):void 0},k=L(a?.request),l=a?.asResponse??k;return(0,im.withSpan)(`${f} ${h}`,{[ii.ATTR_HTTP_ROUTE]:h,[ij]:c},async()=>ih(j,async()=>{let{beforeHooks:b,afterHooks:d}=function(a){let b=a.options.plugins||[],c=[],d=[],e=a.options.hooks?.before;e&&(lS.set(e,"user"),c.push({matcher:()=>!0,handler:e}));let f=a.options.hooks?.after;f&&(lS.set(f,"user"),d.push({matcher:()=>!0,handler:f}));let g=b.flatMap(a=>(a.hooks?.before??[]).map(b=>(lS.set(b.handler,`plugin:${a.id}`),b))),h=b.flatMap(a=>(a.hooks?.after??[]).map(b=>(lS.set(b.handler,`plugin:${a.id}`),b)));return g.length&&c.push(...g),h.length&&d.push(...h),{beforeHooks:c,afterHooks:d}}(i),f=await lU(j,b,e,c);if("context"in f&&f.context&&"object"==typeof f.context){let{headers:a,...b}=f.context;a&&a.forEach((a,b)=>{j.headers.set(b,a)}),j=lR(b,j)}else if(f)return l?iQ(f,{headers:a?.headers}):a?.returnHeaders?{headers:a?.headers,response:f}:f;j.asResponse=!1,j.returnHeaders=!0,j.returnStatus=!0;let g=await ih(j,()=>(0,im.withSpan)(`handler ${h}`,{[ii.ATTR_HTTP_ROUTE]:h,[ij]:c},()=>e(j))).catch(a=>{if(jc(a)){let b=a[iI.kAPIErrorHeaderSymbol],c=a.headers&&a.headers!==b?new Headers(a.headers):null,d=null;return(b||c)&&(d=new Headers,b?.forEach((a,b)=>{d.append(b,a)}),c?.forEach((a,b)=>{"set-cookie"===b.toLowerCase()?d.append(b,a):d.set(b,a)})),{response:a,status:a.statusCode,headers:d}}throw a});if(g&&g instanceof Response)return g;j.context.returned=g.response,j.context.responseHeaders=g.headers;let k=await lV(j,d,e,c);if(k.response&&(g.response=k.response),jc(g.response)&&(0,w.shouldPublishLog)(i.logger.level,"debug")&&(g.response.stack=g.response.errorStack),jc(g.response)&&!l)throw g.headers&&Object.defineProperty(g.response,iI.kAPIErrorHeaderSymbol,{enumerable:!1,configurable:!0,writable:!1,value:g.headers}),g.response;return l?iQ(g.response,{headers:g.headers,status:g.status}):a?.returnHeaders?a?.returnStatus?{headers:g.headers,response:g.response,status:g.status}:{headers:g.headers,response:g.response}:a?.returnStatus?{response:g.response,status:g.status}:g.response}))};return await jx()?h():jz(new WeakMap,h)},c[d].path=e.path,c[d].options=e.options;return c}({signInSocial:jg("/sign-in/social",{method:"POST",operationId:"socialSignIn",body:lH,metadata:{$Infer:{body:{},returned:{}},openapi:{description:"Sign in with a social provider",operationId:"socialSignIn",responses:{200:{description:"Success - Returns session details (idToken branch) or an authorize URL (redirect branch)",content:{"application/json":{schema:{type:"object",description:"Returns session details when idToken is provided, or an authorize URL otherwise",properties:{token:{type:"string"},user:{type:"object",$ref:"#/components/schemas/User"},url:{type:"string"},redirect:{type:"boolean"}},required:["redirect"]}}}}}}}},async a=>{let b=await iE(a.context.socialProviders,{value:a.body.provider});if(!b)throw a.context.logger.error("Provider not found. Make sure to add the provider in your auth config",{provider:a.body.provider}),y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.PROVIDER_NOT_FOUND);if(a.body.idToken){if(!b.verifyIdToken)throw a.context.logger.error("Provider does not support id token verification",{provider:a.body.provider}),y.APIError.from("NOT_FOUND",cx.BASE_ERROR_CODES.ID_TOKEN_NOT_SUPPORTED);let{token:c,nonce:d}=a.body.idToken;if(!await b.verifyIdToken(c,d))throw a.context.logger.error("Invalid id token",{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_TOKEN);let e=await b.getUserInfo({idToken:c,accessToken:a.body.idToken.accessToken,refreshToken:a.body.idToken.refreshToken,user:a.body.idToken.user});if(!e||!e?.user)throw a.context.logger.error("Failed to get user info",{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.FAILED_TO_GET_USER_INFO);if(!e.user.email)throw a.context.logger.error(jO(a.body.provider,{source:"id_token"}),{provider:a.body.provider}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.USER_EMAIL_NOT_FOUND);let f=await lv(a,{userInfo:{...e.user,email:e.user.email,id:String(e.user.id),name:e.user.name||"",image:e.user.image,emailVerified:e.user.emailVerified||!1},account:{providerId:b.id,accountId:String(e.user.id),accessToken:a.body.idToken.accessToken},callbackURL:a.body.callbackURL,disableSignUp:b.disableImplicitSignUp&&!a.body.requestSignUp||b.disableSignUp});if(f.error)throw y.APIError.from("UNAUTHORIZED",{message:f.error,code:"OAUTH_LINK_ERROR"});return await hT(a,f.data),a.json({redirect:!1,token:f.data.session.token,url:void 0,user:cB(a.context.options,f.data.user)})}let{codeVerifier:c,state:d}=await kw(a,void 0,a.body.additionalData),e=await b.createAuthorizationURL({state:d,codeVerifier:c,redirectURI:`${a.context.baseURL}/callback/${b.id}`,scopes:a.body.scopes,loginHint:a.body.loginHint});return a.body.disableRedirect||a.setHeader("Location",e.toString()),a.json({url:e.toString(),redirect:!a.body.disableRedirect})}),callbackOAuth:ly,getSession:jF(),signOut:lI,signUpEmail:jg("/sign-up/email",{method:"POST",operationId:"signUpWithEmailAndPassword",use:[jo],body:lJ,cloneRequest:!0,metadata:{allowedMediaTypes:["application/x-www-form-urlencoded","application/json"],$Infer:{body:{},returned:{}},openapi:{operationId:"signUpWithEmailAndPassword",description:"Sign up a user using email and password",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},email:{type:"string",description:"The email of the user"},password:{type:"string",description:"The password of the user"},image:{type:"string",description:"The profile image URL of the user"},callbackURL:{type:"string",description:"The URL to use for email verification callback"},rememberMe:{type:"boolean",description:"If this is false, the session will not be remembered. Default is `true`."}},required:["name","email","password"]}}}},responses:{200:{description:"Successfully created user",content:{"application/json":{schema:{type:"object",properties:{token:{type:"string",nullable:!0,description:"Authentication token for the session"},user:{type:"object",properties:{id:{type:"string",description:"The unique identifier of the user"},email:{type:"string",format:"email",description:"The email address of the user"},name:{type:"string",description:"The name of the user"},image:{type:"string",format:"uri",nullable:!0,description:"The profile image URL of the user"},emailVerified:{type:"boolean",description:"Whether the email has been verified"},createdAt:{type:"string",format:"date-time",description:"When the user was created"},updatedAt:{type:"string",format:"date-time",description:"When the user was last updated"}},required:["id","email","name","emailVerified","createdAt","updatedAt"]}},required:["user"]}}}},422:{description:"Unprocessable Entity. User already exists or failed to create user.",content:{"application/json":{schema:{type:"object",properties:{message:{type:"string"}}}}}}}}}},async a=>ic(a.context.adapter,async()=>{let b;if(!a.context.options.emailAndPassword?.enabled||a.context.options.emailAndPassword?.disableSignUp)throw y.APIError.from("BAD_REQUEST",{message:"Email and password sign up is not enabled",code:"EMAIL_PASSWORD_SIGN_UP_DISABLED"});let c=a.body,{name:d,email:e,password:f,image:g,callbackURL:h,rememberMe:i,...j}=c;if(!fY(gF,void 0).safeParse(e).success)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_EMAIL);if(!f||"string"!=typeof f)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_PASSWORD);let k=a.context.password.config.minPasswordLength;if(f.length<k)throw a.context.logger.error("Password is too short"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_SHORT);let l=a.context.password.config.maxPasswordLength;if(f.length>l)throw a.context.logger.error("Password is too long"),y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.PASSWORD_TOO_LONG);let m=a.context.options.emailAndPassword.requireEmailVerification||!1===a.context.options.emailAndPassword.autoSignIn,n=!1===a.context.options.emailAndPassword.autoSignIn||m,o=cF(a.context.options,j,"create"),p=e.toLowerCase(),q=await a.context.internalAdapter.findUserByEmail(p);if(q?.user){if(a.context.logger.info(`Sign-up attempt for existing email: ${e}`),m){let b;await a.context.password.hash(f),a.context.options.emailAndPassword?.onExistingUserSignUp&&await a.context.runInBackgroundOrAwait(a.context.options.emailAndPassword.onExistingUserSignUp({user:q.user},a.request?.clone()));let c=new Date,e=a.context.generateId({model:"user"})||(0,io.generateId)(),h={name:d,email:p,emailVerified:!1,image:g??null,createdAt:c,updatedAt:c},i=a.context.options.emailAndPassword?.customSyntheticUser;if(i){let c=Object.keys(a.context.options.user?.additionalFields??{}),d={};for(let a of c)a in o&&(d[a]=o[a]);let f=i({coreFields:h,additionalFields:d,id:e});b=cC(a.context.options,f)}else b=cC(a.context.options,{...h,...o,id:e});return a.json({token:null,user:cB(a.context.options,b)})}throw y.APIError.from("UNPROCESSABLE_ENTITY",cx.BASE_ERROR_CODES.USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL)}let r=await a.context.password.hash(f);try{if(!(b=await a.context.internalAdapter.createUser({email:p,name:d,image:g,...o,emailVerified:!1})))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_USER)}catch(b){if((0,E.isDevelopment)()&&a.context.logger.error("Failed to create user",b),jc(b))throw b;throw a.context.logger?.error("Failed to create user",b),y.APIError.from("UNPROCESSABLE_ENTITY",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_USER)}if(!b)throw y.APIError.from("UNPROCESSABLE_ENTITY",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_USER);if(await a.context.internalAdapter.linkAccount({userId:b.id,providerId:"credential",accountId:b.id,password:r}),a.context.options.emailVerification?.sendOnSignUp??a.context.options.emailAndPassword.requireEmailVerification){let d=await lr(a.context.secret,b.email,void 0,a.context.options.emailVerification?.expiresIn),e=c.callbackURL?encodeURIComponent(c.callbackURL):encodeURIComponent("/"),f=`${a.context.baseURL}/verify-email?token=${d}&callbackURL=${e}`;a.context.options.emailVerification?.sendVerificationEmail&&await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:b,url:f,token:d},a.request?.clone()))}if(n)return a.json({token:null,user:cB(a.context.options,b)});let s=await a.context.internalAdapter.createSession(b.id,!1===i);if(!s)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);return await hT(a,{session:s,user:b},!1===i),a.json({token:s.token,user:cB(a.context.options,b)})})),signInEmail:jg("/sign-in/email",{method:"POST",operationId:"signInEmail",use:[jo],cloneRequest:!0,body:hc({email:gD().meta({description:"Email of the user"}),password:gD().meta({description:"Password of the user"}),callbackURL:gD().meta({description:"Callback URL to use as a redirect for email verification"}).optional(),rememberMe:g1().meta({description:"If this is false, the session will not be remembered. Default is `true`."}).default(!0).optional()}),metadata:{allowedMediaTypes:["application/x-www-form-urlencoded","application/json"],$Infer:{body:{},returned:{}},openapi:{operationId:"signInEmail",description:"Sign in with email and password",responses:{200:{description:"Success - Returns either session details or redirect URL",content:{"application/json":{schema:{type:"object",description:"Session response when idToken is provided",properties:{redirect:{type:"boolean",enum:[!1]},token:{type:"string",description:"Session token"},url:{type:"string",nullable:!0},user:{type:"object",$ref:"#/components/schemas/User"}},required:["redirect","token","user"]}}}}}}}},async a=>{if(!a.context.options?.emailAndPassword?.enabled)throw a.context.logger.error("Email and password is not enabled. Make sure to enable it in the options on you `auth.ts` file. Check `https://better-auth.com/docs/authentication/email-password` for more!"),y.APIError.from("BAD_REQUEST",{code:"EMAIL_PASSWORD_DISABLED",message:"Email and password is not enabled"});let{email:b,password:c}=a.body;if(!fY(gF,void 0).safeParse(b).success)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.INVALID_EMAIL);let d=await a.context.internalAdapter.findUserByEmail(b,{includeAccounts:!0});if(!d)throw await a.context.password.hash(c),a.context.logger.error("User not found",{email:b}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD);let e=d.accounts.find(a=>"credential"===a.providerId);if(!e)throw await a.context.password.hash(c),a.context.logger.error("Credential account not found",{email:b}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD);let f=e?.password;if(!f)throw await a.context.password.hash(c),a.context.logger.error("Password not found",{email:b}),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD);if(!await a.context.password.verify({hash:f,password:c}))throw a.context.logger.error("Invalid password"),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.INVALID_EMAIL_OR_PASSWORD);if(a.context.options?.emailAndPassword?.requireEmailVerification&&!d.user.emailVerified){if(!a.context.options?.emailVerification?.sendVerificationEmail)throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.EMAIL_NOT_VERIFIED);if(a.context.options?.emailVerification?.sendOnSignIn){let b=await lr(a.context.secret,d.user.email,void 0,a.context.options.emailVerification?.expiresIn),c=a.body.callbackURL?encodeURIComponent(a.body.callbackURL):encodeURIComponent("/"),e=`${a.context.baseURL}/verify-email?token=${b}&callbackURL=${c}`;await a.context.runInBackgroundOrAwait(a.context.options.emailVerification.sendVerificationEmail({user:d.user,url:e,token:b},a.request?.clone()))}throw y.APIError.from("FORBIDDEN",cx.BASE_ERROR_CODES.EMAIL_NOT_VERIFIED)}let g=await a.context.internalAdapter.createSession(d.user.id,!1===a.body.rememberMe);if(!g)throw a.context.logger.error("Failed to create session"),y.APIError.from("UNAUTHORIZED",cx.BASE_ERROR_CODES.FAILED_TO_CREATE_SESSION);return await hT(a,{session:g,user:d.user},!1===a.body.rememberMe),a.body.callbackURL&&a.setHeader("Location",a.body.callbackURL),a.json({redirect:!!a.body.callbackURL,token:g.token,url:a.body.callbackURL,user:cB(a.context.options,d.user)})}),resetPassword:lF,verifyPassword:lG,verifyEmail:lu,sendVerificationEmail:lt,changeEmail:lQ,changePassword:lM,setPassword:lN,updateSession:jg("/update-session",{method:"POST",operationId:"updateSession",body:lK,use:[jH],metadata:{$Infer:{body:{}},openapi:{operationId:"updateSession",description:"Update the current session",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{session:{type:"object",$ref:"#/components/schemas/Session"}}}}}}}}}},async a=>{var b;let c=a.body;if("object"!=typeof c||Array.isArray(c))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.BODY_MUST_BE_AN_OBJECT);let d=a.context.session,e=(b=a.context.options,cE(c,{fields:cA(b,"session","input"),action:"update"}));if(0===Object.keys(e).length)throw y.APIError.fromStatus("BAD_REQUEST",{message:"No fields to update"});let f=await a.context.internalAdapter.updateSession(d.session.token,{...e,updatedAt:new Date})??{...d.session,...e,updatedAt:new Date};return await hT(a,{session:f,user:d.user}),a.json({session:cD(a.context.options,f)})}),updateUser:jg("/update-user",{method:"POST",operationId:"updateUser",body:lL,use:[jH],metadata:{$Infer:{body:{}},openapi:{operationId:"updateUser",description:"Update the current user",requestBody:{content:{"application/json":{schema:{type:"object",properties:{name:{type:"string",description:"The name of the user"},image:{type:"string",description:"The image of the user",nullable:!0}}}}}},responses:{200:{description:"Success",content:{"application/json":{schema:{type:"object",properties:{user:{type:"object",$ref:"#/components/schemas/User"}}}}}}}}}},async a=>{let b=a.body;if("object"!=typeof b||Array.isArray(b))throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.BODY_MUST_BE_AN_OBJECT);if(b.email)throw y.APIError.from("BAD_REQUEST",cx.BASE_ERROR_CODES.EMAIL_CAN_NOT_BE_UPDATED);let{name:c,image:d,...e}=b,f=a.context.session,g=cF(a.context.options,e,"update");if(void 0===d&&void 0===c&&0===Object.keys(g).length)throw y.APIError.fromStatus("BAD_REQUEST",{message:"No fields to update"});let h=await a.context.internalAdapter.updateUser(f.user.id,{name:c,image:d,...g})??{...f.user,...void 0!==c&&{name:c},...void 0!==d&&{image:d},...g};return await hT(a,{session:f.session,user:h}),a.json({status:!0})}),deleteUser:lO,requestPasswordReset:lD,requestPasswordResetCallback:lE,listSessions:jg("/list-sessions",{method:"GET",operationId:"listUserSessions",use:[jH],requireHeaders:!0,metadata:{openapi:{operationId:"listUserSessions",description:"List all active sessions for the user",responses:{200:{description:"Success",content:{"application/json":{schema:{type:"array",items:{$ref:"#/components/schemas/Session"}}}}}}}}},async a=>{try{let b=(await a.context.internalAdapter.listSessions(a.context.session.user.id,{onlyActiveSessions:!0})).filter(a=>a.expiresAt>new Date);return a.json(b.map(b=>cD(a.context.options,b)))}catch(b){throw a.context.logger.error(b),a.error("INTERNAL_SERVER_ERROR")}}),revokeSession:jK,revokeSessions:jL,revokeOtherSessions:jM,linkSocialAccount:lm,listUserAccounts:ll,deleteUserCallback:lP,unlinkAccount:ln,refreshToken:lp,getAccessToken:lo,accountInfo:lq,...c,ok:lB,error:lA},a),middlewares:d}}var lX=a.i(902157),lY=a.i(912714),lZ=a.i(660526),l$=a.i(750227);async function l_(a,b){return{database:b?.database,adapter:b?.adapter,emailVerification:{sendVerificationEmail:!!a.emailVerification?.sendVerificationEmail,sendOnSignUp:!!a.emailVerification?.sendOnSignUp,sendOnSignIn:!!a.emailVerification?.sendOnSignIn,autoSignInAfterVerification:!!a.emailVerification?.autoSignInAfterVerification,expiresIn:a.emailVerification?.expiresIn,beforeEmailVerification:!!a.emailVerification?.beforeEmailVerification,afterEmailVerification:!!a.emailVerification?.afterEmailVerification},emailAndPassword:{enabled:!!a.emailAndPassword?.enabled,disableSignUp:!!a.emailAndPassword?.disableSignUp,requireEmailVerification:!!a.emailAndPassword?.requireEmailVerification,maxPasswordLength:a.emailAndPassword?.maxPasswordLength,minPasswordLength:a.emailAndPassword?.minPasswordLength,sendResetPassword:!!a.emailAndPassword?.sendResetPassword,resetPasswordTokenExpiresIn:a.emailAndPassword?.resetPasswordTokenExpiresIn,onPasswordReset:!!a.emailAndPassword?.onPasswordReset,password:{hash:!!a.emailAndPassword?.password?.hash,verify:!!a.emailAndPassword?.password?.verify},autoSignIn:!!a.emailAndPassword?.autoSignIn,revokeSessionsOnPasswordReset:!!a.emailAndPassword?.revokeSessionsOnPasswordReset},socialProviders:await Promise.all(Object.keys(a.socialProviders||{}).map(async b=>{let c=a.socialProviders?.[b];if(!c)return{};let d="function"==typeof c?await c():c;return{id:b,mapProfileToUser:!!d.mapProfileToUser,disableDefaultScope:!!d.disableDefaultScope,disableIdTokenSignIn:!!d.disableIdTokenSignIn,disableImplicitSignUp:d.disableImplicitSignUp,disableSignUp:d.disableSignUp,getUserInfo:!!d.getUserInfo,overrideUserInfoOnSignIn:!!d.overrideUserInfoOnSignIn,prompt:d.prompt,verifyIdToken:!!d.verifyIdToken,scope:d.scope,refreshAccessToken:!!d.refreshAccessToken}})),plugins:a.plugins?.map(a=>a.id.toString()),user:{modelName:a.user?.modelName,fields:a.user?.fields,additionalFields:a.user?.additionalFields,changeEmail:{enabled:a.user?.changeEmail?.enabled,sendChangeEmailConfirmation:!!a.user?.changeEmail?.sendChangeEmailConfirmation}},verification:{modelName:a.verification?.modelName,disableCleanup:a.verification?.disableCleanup,fields:a.verification?.fields},session:{modelName:a.session?.modelName,additionalFields:a.session?.additionalFields,cookieCache:{enabled:a.session?.cookieCache?.enabled,maxAge:a.session?.cookieCache?.maxAge,strategy:a.session?.cookieCache?.strategy},disableSessionRefresh:a.session?.disableSessionRefresh,expiresIn:a.session?.expiresIn,fields:a.session?.fields,freshAge:a.session?.freshAge,preserveSessionInDatabase:a.session?.preserveSessionInDatabase,storeSessionInDatabase:a.session?.storeSessionInDatabase,updateAge:a.session?.updateAge},account:{modelName:a.account?.modelName,fields:a.account?.fields,encryptOAuthTokens:a.account?.encryptOAuthTokens,updateAccountOnSignIn:a.account?.updateAccountOnSignIn,accountLinking:{enabled:a.account?.accountLinking?.enabled,trustedProviders:a.account?.accountLinking?.trustedProviders,updateUserInfoOnLink:a.account?.accountLinking?.updateUserInfoOnLink,allowUnlinkingAll:a.account?.accountLinking?.allowUnlinkingAll}},hooks:{after:!!a.hooks?.after,before:!!a.hooks?.before},secondaryStorage:!!a.secondaryStorage,advanced:{cookiePrefix:!!a.advanced?.cookiePrefix,cookies:!!a.advanced?.cookies,crossSubDomainCookies:{domain:!!a.advanced?.crossSubDomainCookies?.domain,enabled:a.advanced?.crossSubDomainCookies?.enabled,additionalCookies:a.advanced?.crossSubDomainCookies?.additionalCookies},database:{generateId:a.advanced?.database?.generateId,defaultFindManyLimit:a.advanced?.database?.defaultFindManyLimit},useSecureCookies:a.advanced?.useSecureCookies,ipAddress:{disableIpTracking:a.advanced?.ipAddress?.disableIpTracking,ipAddressHeaders:a.advanced?.ipAddress?.ipAddressHeaders},disableCSRFCheck:a.advanced?.disableCSRFCheck,cookieAttributes:{expires:a.advanced?.defaultCookieAttributes?.expires,secure:a.advanced?.defaultCookieAttributes?.secure,sameSite:a.advanced?.defaultCookieAttributes?.sameSite,domain:!!a.advanced?.defaultCookieAttributes?.domain,path:a.advanced?.defaultCookieAttributes?.path,httpOnly:a.advanced?.defaultCookieAttributes?.httpOnly}},trustedOrigins:a.trustedOrigins?.length,rateLimit:{storage:a.rateLimit?.storage,modelName:a.rateLimit?.modelName,window:a.rateLimit?.window,customStorage:!!a.rateLimit?.customStorage,enabled:a.rateLimit?.enabled,max:a.rateLimit?.max},onAPIError:{errorURL:a.onAPIError?.errorURL,onError:!!a.onAPIError?.onError,throw:a.onAPIError?.throw},logger:{disabled:a.logger?.disabled,level:a.logger?.level,log:!!a.logger?.log},databaseHooks:{user:{create:{after:!!a.databaseHooks?.user?.create?.after,before:!!a.databaseHooks?.user?.create?.before},update:{after:!!a.databaseHooks?.user?.update?.after,before:!!a.databaseHooks?.user?.update?.before}},session:{create:{after:!!a.databaseHooks?.session?.create?.after,before:!!a.databaseHooks?.session?.create?.before},update:{after:!!a.databaseHooks?.session?.update?.after,before:!!a.databaseHooks?.session?.update?.before}},account:{create:{after:!!a.databaseHooks?.account?.create?.after,before:!!a.databaseHooks?.account?.create?.before},update:{after:!!a.databaseHooks?.account?.update?.after,before:!!a.databaseHooks?.account?.update?.before}},verification:{create:{after:!!a.databaseHooks?.verification?.create?.after,before:!!a.databaseHooks?.verification?.create?.before},update:{after:!!a.databaseHooks?.verification?.update?.after,before:!!a.databaseHooks?.verification?.update?.before}}}}}async function l0(a){let b=await h$("SHA-256").digest(a);return hK.encode(b)}async function l1(){if(d)return d;try{let a=process.cwd();if(!a)return;let b=await lY.default.readFile(l$.default.join(a,"package.json"),"utf-8");return d=JSON.parse(b)}catch{}}async function l2(a){if(d)return d.dependencies?.[a]||d.devDependencies?.[a]||d.peerDependencies?.[a];try{let b=process.cwd();if(!b)throw Error("no-cwd");let c=l$.default.join(b,"node_modules",a,"package.json"),d=await lY.default.readFile(c,"utf-8");return JSON.parse(d).version||await l3(a)||void 0}catch{}return l3(a)}async function l3(a){let b=await l1();if(b)return({...b.dependencies,...b.devDependencies,...b.peerDependencies})[a]}async function l4(){return(await l1())?.name}async function l5(){try{let a,b,c=lZ.default.cpus();return{deploymentVendor:(a=process.env,(b=(...b)=>b.some(b=>!!a[b]))("CF_PAGES","CF_PAGES_URL","CF_ACCOUNT_ID")||"u">typeof navigator&&"Cloudflare-Workers"===navigator.userAgent?"cloudflare":b("VERCEL","VERCEL_URL","VERCEL_ENV")?"vercel":b("NETLIFY","NETLIFY_URL")?"netlify":b("RENDER","RENDER_URL","RENDER_INTERNAL_HOSTNAME","RENDER_SERVICE_ID")?"render":b("AWS_LAMBDA_FUNCTION_NAME","AWS_EXECUTION_ENV","LAMBDA_TASK_ROOT")?"aws":b("GOOGLE_CLOUD_FUNCTION_NAME","GOOGLE_CLOUD_PROJECT","GCP_PROJECT","K_SERVICE")?"gcp":b("AZURE_FUNCTION_NAME","FUNCTIONS_WORKER_RUNTIME","WEBSITE_INSTANCE_ID","WEBSITE_SITE_NAME")?"azure":b("DENO_DEPLOYMENT_ID","DENO_REGION")?"deno-deploy":b("FLY_APP_NAME","FLY_REGION","FLY_ALLOC_ID")?"fly-io":b("RAILWAY_STATIC_URL","RAILWAY_ENVIRONMENT_NAME")?"railway":b("DYNO","HEROKU_APP_NAME")?"heroku":b("DO_DEPLOYMENT_ID","DO_APP_NAME","DIGITALOCEAN")?"digitalocean":b("KOYEB","KOYEB_DEPLOYMENT_ID","KOYEB_APP_NAME")?"koyeb":null),systemPlatform:lZ.default.platform(),systemRelease:lZ.default.release(),systemArchitecture:lZ.default.arch(),cpuCount:c.length,cpuModel:c.length?c[0].model:null,cpuSpeed:c.length?c[0].speed:null,memory:lZ.default.totalmem(),isWSL:await mb(),isDocker:await l8(),isTTY:process.stdout?process.stdout.isTTY:null}}catch{return{systemPlatform:null,systemRelease:null,systemArchitecture:null,cpuCount:null,cpuModel:null,cpuSpeed:null,memory:null,isWSL:null,isDocker:null,isTTY:null}}}async function l6(){try{return lX.default.statSync("/.dockerenv"),!0}catch{return!1}}async function l7(){try{return lX.default.readFileSync("/proc/self/cgroup","utf8").includes("docker")}catch{return!1}}async function l8(){return void 0===e&&(e=await l6()||await l7()),e}let l9=async()=>{try{return lX.default.statSync("/run/.containerenv"),!0}catch{return!1}};async function ma(){return void 0===f&&(f=await l9()||await l8()),f}async function mb(){try{if(lZ.default.release().toLowerCase().includes("microsoft")){if(await ma())return!1;return!0}return!!lX.default.readFileSync("/proc/version","utf8").toLowerCase().includes("microsoft")&&!await ma()}catch{return!1}}let mc=null;async function md(a){if(mc)return mc;let b=await l4();return b?mc=await l0(a?a+b:b):a?mc=await l0(a):mc=(0,jP.createRandomStringGenerator)("a-z","A-Z","0-9")(32)}async function me(){for(let[a,b]of Object.entries({pg:"postgresql",mysql:"mysql",mariadb:"mariadb",sqlite3:"sqlite","better-sqlite3":"sqlite","@prisma/client":"prisma",mongoose:"mongodb",mongodb:"mongodb","drizzle-orm":"drizzle"})){let c=await l2(a);if(c)return{name:b,version:c}}}async function mf(){for(let[a,b]of Object.entries({next:"next",nuxt:"nuxt","react-router":"react-router",astro:"astro","@sveltejs/kit":"sveltekit","solid-start":"solid-start","tanstack-start":"tanstack-start",hono:"hono",express:"express",elysia:"elysia",expo:"expo"})){let c=await l2(a);if(c)return{name:b,version:c}}}let mg=async function(){};async function mh(a,b){let c,d=a.telemetry?.debug||(0,E.getBooleanEnvVar)("BETTER_AUTH_TELEMETRY_DEBUG",!1),e=E.ENV.BETTER_AUTH_TELEMETRY_ENDPOINT;if(!e&&!b?.customTrack)return{publish:mg};let f=async a=>{b?.customTrack?await b.customTrack(a).catch(w.logger.error):e&&(d?w.logger.info("telemetry event",JSON.stringify(a,null,2)):await kZ(e,{method:"POST",body:a}).catch(w.logger.error))},g=async()=>{let c=a.telemetry?.enabled!==void 0&&a.telemetry.enabled;return((0,E.getBooleanEnvVar)("BETTER_AUTH_TELEMETRY",!1)||c)&&(b?.skipTestCheck||!(0,E.isTest)())},h=await g();return h&&(c=await md("string"==typeof a.baseURL?a.baseURL:void 0),f({type:"init",payload:{config:await l_(a,b),runtime:"u">typeof Deno?{name:"deno",version:Deno?.version?.deno??null}:"u">typeof Bun?{name:"bun",version:Bun?.version??null}:"u">typeof process&&process?.versions?.node?{name:"node",version:process.versions.node??null}:{name:"edge",version:null},database:await me(),framework:await mf(),environment:"production"===(0,E.getEnvVar)("NODE_ENV")?"production":"false"!==E.env.CI&&("BUILD_ID"in E.env||"BUILD_NUMBER"in E.env||"CI"in E.env||"CI_APP_ID"in E.env||"CI_BUILD_ID"in E.env||"CI_BUILD_NUMBER"in E.env||"CI_NAME"in E.env||"CONTINUOUS_INTEGRATION"in E.env||"RUN_ID"in E.env)?"ci":(0,E.isTest)()?"test":"development",systemInfo:await l5(),packageManager:function(){let a=E.env.npm_config_user_agent;if(!a)return;let b=a.split(" ")[0],c=b.lastIndexOf("/"),d=b.substring(0,c);return{name:"npminstall"===d?"cnpm":d,version:b.substring(c+1)}}()},anonymousId:c})),{publish:async b=>{h&&(c||(c=await md("string"==typeof a.baseURL?a.baseURL:void 0)),await f({type:b.type,payload:b.payload,anonymousId:c}))}}}async function mi(a,b,c){let d,e,f,g;b.database||(b=it(b,{session:{cookieCache:{enabled:!0,strategy:"jwe",refreshCache:!0,maxAge:b.session?.expiresIn||604800}},account:{storeStateStrategy:"cookie",storeAccountCookie:!0}}));let h=b.plugins||[],i=(o=b,o.advanced?.crossSubDomainCookies?.enabled,[]),j=(0,w.createLogger)(b.logger),k=K(b.baseURL);if(K(b.baseURL)){let{allowedHosts:a}=b.baseURL;if(!a||0===a.length)throw new y.BetterAuthError('baseURL.allowedHosts cannot be empty. Provide at least one allowed host pattern (e.g., ["myapp.com", "*.vercel.app"]).')}let l=k?void 0:I("string"==typeof b.baseURL?b.baseURL:void 0,b.basePath);l||k||j.warn("[better-auth] Base URL could not be determined. Please set a valid base URL using the baseURL config option or the BETTER_AUTH_URL environment variable. Without this, callbacks and redirects may not work correctly."),"memory"===a.id&&b.advanced?.database?.generateId===!1&&j.error(`[better-auth] Misconfiguration detected.
|
|
412
|
+
You are using the memory DB with generateId: false.
|
|
413
|
+
This will cause no id to be generated for any model.
|
|
414
|
+
Most of the features of Better Auth will not work correctly.`);let m=b.secrets??((p=E.env.BETTER_AUTH_SECRETS)?p.split(",").map(a=>{let b=(a=a.trim()).indexOf(":");if(-1===b)throw new y.BetterAuthError(`Invalid BETTER_AUTH_SECRETS entry: "${a}". Expected format: "<version>:<secret>"`);let c=parseInt(a.slice(0,b),10);if(!Number.isInteger(c)||c<0)throw new y.BetterAuthError(`Invalid version in BETTER_AUTH_SECRETS: "${a.slice(0,b)}". Version must be a non-negative integer.`);let d=a.slice(b+1).trim();if(!d)throw new y.BetterAuthError(`Empty secret value for version ${c} in BETTER_AUTH_SECRETS.`);return{version:c,value:d}}):null),n=b.secret||E.env.BETTER_AUTH_SECRET||E.env.AUTH_SECRET||"";if(m)!function(a,b){var c;let d;if(0===a.length)throw new y.BetterAuthError("`secrets` array must contain at least one entry.");let e=new Set;for(let b of a){let a=parseInt(String(b.version),10);if(!Number.isInteger(a)||a<0||String(a)!==String(b.version).trim())throw new y.BetterAuthError(`Invalid version ${b.version} in \`secrets\`. Version must be a non-negative integer.`);if(!b.value)throw new y.BetterAuthError(`Empty secret value for version ${a} in \`secrets\`.`);if(e.has(a))throw new y.BetterAuthError(`Duplicate version ${a} in \`secrets\`. Each version must be unique.`);e.add(a)}let f=a[0];f.value.length<32&&b.warn(`[better-auth] Warning: the current secret (version ${f.version}) should be at least 32 characters long for adequate security.`),120>(0===(d=new Set(c=f.value).size)?0:Math.log2(Math.pow(d,c.length)))&&b.warn("[better-auth] Warning: the current secret appears low-entropy. Use a randomly generated secret for production.")}(m,j),d=m[0].value,e=function(a,b){let c=new Map;for(let b of a)c.set(parseInt(String(b.version),10),b.value);return{keys:c,currentVersion:parseInt(String(a[0].version),10),legacySecret:b&&"better-auth-secret-12345678901234567890"!==b?b:void 0}}(m,n);else{var o,p,q=d=n||"better-auth-secret-12345678901234567890";let a="better-auth-secret-12345678901234567890"===q;if(!(0,E.isTest)()){let b;if(a&&E.isProduction)throw new y.BetterAuthError("You are using the default secret. Please set `BETTER_AUTH_SECRET` in your environment variables or pass `secret` in your auth config.");if(!q)throw new y.BetterAuthError("BETTER_AUTH_SECRET is missing. Set it in your environment or pass `secret` to betterAuth({ secret }).");q.length<32&&j.warn("[better-auth] Warning: your BETTER_AUTH_SECRET should be at least 32 characters long for adequate security. Generate one with `npx auth secret` or `openssl rand -base64 32`."),120>(0===(b=new Set(q).size)?0:Math.log2(Math.pow(b,q.length)))&&j.warn("[better-auth] Warning: your BETTER_AUTH_SECRET appears low-entropy. Use a randomly generated secret for production.")}e=d}!function(a,b){let c=new Map;a.plugins?.forEach(a=>{if(a.endpoints){for(let[b,d]of Object.entries(a.endpoints))if(d&&"path"in d&&"string"==typeof d.path){let e=d.path,f=[];d.options&&"method"in d.options&&(Array.isArray(d.options.method)?f=d.options.method:"string"==typeof d.options.method&&(f=[d.options.method])),0===f.length&&(f=["*"]),c.has(e)||c.set(e,[]),c.get(e).push({pluginId:a.id,endpointKey:b,methods:f})}}});let d=[];for(let[a,b]of c.entries())if(b.length>1){let c=new Map,e=!1;for(let a of b)for(let d of a.methods)c.has(d)||c.set(d,[]),c.get(d).push(a.pluginId),c.get(d).length>1&&(e=!0),"*"===d&&b.length>1?e=!0:"*"!==d&&c.has("*")&&(e=!0);if(e){let e=[...new Set(b.map(a=>a.pluginId))],f=[];for(let[a,d]of c.entries())(d.length>1||"*"===a&&b.length>1||"*"!==a&&c.has("*"))&&f.push(a);d.push({path:a,plugins:e,conflictingMethods:f})}}if(d.length>0){let a=d.map(a=>` - "${a.path}" [${a.conflictingMethods.join(", ")}] used by plugins: ${a.plugins.join(", ")}`).join("\n");b.error(`Endpoint path conflicts detected! Multiple plugins are trying to use the same endpoint paths with conflicting HTTP methods:
|
|
415
|
+
${a}
|
|
416
|
+
|
|
417
|
+
To resolve this, you can:
|
|
418
|
+
1. Use only one of the conflicting plugins
|
|
419
|
+
2. Configure the plugins to use different paths (if supported)
|
|
420
|
+
3. Ensure plugins use different HTTP methods for the same path
|
|
421
|
+
`)}}(b={...b,secret:d,baseURL:k?b.baseURL:l?new URL(l).origin:"",basePath:b.basePath||"/api/auth",plugins:h.concat(i)},j);let r=hR(b),s=(0,v.getAuthTables)(b),t=(await Promise.all(Object.entries(b.socialProviders||{}).map(async([a,b])=>{let c="function"==typeof b?await b():b;if(null==c||!1===c.enabled)return null;c.clientId||j.warn(`Social provider ${a} is missing clientId or clientSecret`);let d=lj[a](c);return d.disableImplicitSignUp=c.disableImplicitSignUp,d}))).filter(a=>null!==a),u=({model:a,size:c})=>{if("function"==typeof b.advanced?.generateId)return b.advanced.generateId({model:a,size:c});let d=b?.advanced?.database?.generateId;return"function"==typeof d?d({model:a,size:c}):"uuid"===d?crypto.randomUUID():"serial"!==d&&!1!==d&&(0,io.generateId)(c)},{publish:x}=await mh(b,{adapter:a.id,database:"function"==typeof b.database?"adapter":c(b.database)}),z=new Set(b.plugins.map(a=>a.id)),A=await iB(b),B=await iF(b),C={appName:b.appName||"Better Auth",baseURL:l||"",version:h6().version,socialProviders:t,options:b,oauthConfig:{storeStateStrategy:b.account?.storeStateStrategy||(b.database?"database":"cookie"),skipStateCookieCheck:!!b.account?.skipStateCookieCheck},tables:s,trustedOrigins:A,trustedProviders:B,isTrustedOrigin(a,b){return this.trustedOrigins.some(c=>N(a,c,b))},sessionConfig:{updateAge:b.session?.updateAge!==void 0?b.session.updateAge:86400,expiresIn:b.session?.expiresIn||604800,freshAge:b.session?.freshAge===void 0?86400:b.session.freshAge,cookieRefreshCache:(f=b.session?.cookieCache?.refreshCache,g=b.session?.cookieCache?.maxAge||300,(b.database||b.secondaryStorage)&&f?(j.warn("[better-auth] `session.cookieCache.refreshCache` is enabled while `database` or `secondaryStorage` is configured. `refreshCache` is meant for stateless (DB-less) setups. Disabling `refreshCache` — remove it from your config to silence this warning."),!1):!1!==f&&void 0!==f&&(!0===f?{enabled:!0,updateAge:Math.floor(.2*g)}:{enabled:!0,updateAge:void 0!==f.updateAge?f.updateAge:Math.floor(.2*g)}))},secret:d,secretConfig:e,rateLimit:{...b.rateLimit,enabled:b.rateLimit?.enabled??E.isProduction,window:b.rateLimit?.window||10,max:b.rateLimit?.max||100,storage:b.rateLimit?.storage||(b.secondaryStorage?"secondary-storage":"memory")},authCookies:r,logger:j,generateId:u,session:null,secondaryStorage:b.secondaryStorage,password:{hash:b.emailAndPassword?.password?.hash||R,verify:b.emailAndPassword?.password?.verify||T,config:{minPasswordLength:b.emailAndPassword?.minPasswordLength||8,maxPasswordLength:b.emailAndPassword?.maxPasswordLength||128},checkPassword:iH},setNewSession(a){this.newSession=a},newSession:null,adapter:a,internalAdapter:iq(a,{options:b,logger:j,hooks:b.databaseHooks?[{source:"user",hooks:b.databaseHooks}]:[],generateId:u}),createAuthCookie:hQ(b),async runMigrations(){throw new y.BetterAuthError("runMigrations will be set by the specific init implementation")},publishTelemetry:x,skipCSRFCheck:!!b.advanced?.disableCSRFCheck,skipOriginCheck:b.advanced?.disableOriginCheck!==void 0?b.advanced.disableOriginCheck:!!(0,E.isTest)(),runInBackground:b.advanced?.backgroundTasks?.handler??(a=>{a.catch(()=>{})}),async runInBackgroundOrAwait(a){try{b.advanced?.backgroundTasks?.handler?a instanceof Promise&&b.advanced.backgroundTasks.handler(a.catch(a=>{j.error("Failed to run background task:",a)})):await a}catch(a){j.error("Failed to run background task:",a)}},getPlugin:a=>b.plugins.find(b=>b.id===a)??null,hasPlugin:a=>z.has(a)},D=iA(C);return O(D)&&await D,C}var mj=a.i(607669);let mk=async a=>{let b=await z(a),c=await mi(b,a,a=>(0,mj.getKyselyDatabaseType)(a)||"unknown");return c.runMigrations=async function(){if(!a.database||"updateMany"in a.database)throw new y.BetterAuthError("Database is not provided or it's an adapter. Migrations are only supported with a database instance.");let{runMigrations:b}=await (0,A.getMigrations)(a);await b()},c};var ml=a.i(286607);async function mm(){try{let a=await (0,lY.readFile)(l$.default.join(lZ.default.homedir(),".wiki-viewer","config.json"),"utf8");return JSON.parse(a)}catch{return{}}}function mn(a){return(a??"").split(",").map(a=>a.trim().toLowerCase()).filter(Boolean)}async function mo(){let a=await mm();return{emails:a.allowedEmails&&a.allowedEmails.length>0?a.allowedEmails.map(a=>a.trim().toLowerCase()).filter(Boolean):mn(process.env.AUTH_ALLOWED_EMAILS),domains:a.allowedDomains&&a.allowedDomains.length>0?a.allowedDomains.map(a=>a.trim().toLowerCase()).filter(Boolean):mn(process.env.AUTH_ALLOWED_DOMAIN)}}async function mp(a){let{emails:b,domains:c}=await mo();if(0===b.length&&0===c.length)return!0;let d=a.toLowerCase();if(b.includes(d))return!0;let e=d.lastIndexOf("@");return!!(e>=0&&c.includes(d.slice(e+1)))}if("phase-production-build"!==process.env.NEXT_PHASE&&"1"!==process.env.WIKI_ALLOW_INSECURE){let a=process.env.BETTER_AUTH_URL??"";if(!a)throw Error("BETTER_AUTH_URL is required in production. Set it to https://your-domain so cookies and OAuth callbacks resolve correctly. Set WIKI_ALLOW_INSECURE=1 to bypass (development only).");if(!a.startsWith("https://"))throw Error(`BETTER_AUTH_URL must be https:// in production (got: ${a}). Set WIKI_ALLOW_INSECURE=1 to bypass (development only).`)}let mq=l$.default.join(process.env.HOME??lZ.default.homedir(),".wiki-viewer");(0,lX.mkdirSync)(mq,{recursive:!0});let mr=l$.default.join(mq,"auth.db"),ms=l$.default.join(mq,"auth.secret"),mt=new ml.default(mr);mt.pragma("journal_mode = WAL");let mu={};process.env.GOOGLE_CLIENT_ID&&process.env.GOOGLE_CLIENT_SECRET&&(mu.google={clientId:process.env.GOOGLE_CLIENT_ID,clientSecret:process.env.GOOGLE_CLIENT_SECRET});let mv=Object.keys(mu).length>0,mw="1"===process.env.AUTH_DISABLE_PASSWORD||"true"===process.env.AUTH_DISABLE_PASSWORD,mx=!(mw&&mv);mw&&!mv&&console.warn("[wiki-viewer] AUTH_DISABLE_PASSWORD is set but no social provider is configured. Keeping email/password enabled so you are not locked out. Configure GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET to disable password auth.");let my=(process.env.AUTH_TRUSTED_PROVIDERS??"").split(",").map(a=>a.trim()).filter(Boolean),mz=((a,b)=>{let c=b(a),{api:d}=lW(c,a);return{handler:async b=>{let d,e=await c,f=e.options.basePath||"/api/auth";if(K(a.baseURL))d=await iD(e,b,iC(e.options));else{if(d=e,!e.options.baseURL){let a=I(void 0,f,b,void 0,e.options.advanced?.trustedProxyHeaders);if(a)e.baseURL=a,e.options.baseURL=J(e.baseURL)||void 0;else throw new y.BetterAuthError("Could not get base URL from request. Please provide a valid base URL.")}d.trustedOrigins=await iB(e.options,b),d.trustedProviders=await iF(e.options,b)}let{handler:g}=((a,b)=>{let{api:c,middlewares:d}=lW(a,b),e=new URL(a.baseURL).pathname;return((a,b)=>{if(!b?.openapi?.disabled){let c={path:"/api/reference",...b?.openapi};a.openapi=i0(c.path,{method:"GET"},async b=>{let d,e;return new Response((d=await i6(a),e=c.scalar,`<!doctype html>
|
|
422
|
+
<html>
|
|
423
|
+
<head>
|
|
424
|
+
<title>Scalar API Reference</title>
|
|
425
|
+
<meta charset="utf-8" />
|
|
426
|
+
<meta
|
|
427
|
+
name="viewport"
|
|
428
|
+
content="width=device-width, initial-scale=1" />
|
|
429
|
+
</head>
|
|
430
|
+
<body>
|
|
431
|
+
<script
|
|
432
|
+
id="api-reference"
|
|
433
|
+
type="application/json">
|
|
434
|
+
${JSON.stringify(d)}
|
|
435
|
+
</script>
|
|
436
|
+
<script>
|
|
437
|
+
var configuration = {
|
|
438
|
+
favicon: ${e?.logo?`data:image/svg+xml;utf8,${encodeURIComponent(e.logo)}`:void 0} ,
|
|
439
|
+
theme: ${e?.theme||"saturn"},
|
|
440
|
+
metaData: {
|
|
441
|
+
title: ${e?.title||"Open API Reference"},
|
|
442
|
+
description: ${e?.description||"Better Call Open API"},
|
|
443
|
+
}
|
|
444
|
+
}
|
|
445
|
+
document.getElementById('api-reference').dataset.configuration =
|
|
446
|
+
JSON.stringify(configuration)
|
|
447
|
+
</script>
|
|
448
|
+
<script src="https://cdn.jsdelivr.net/npm/@scalar/api-reference"></script>
|
|
449
|
+
</body>
|
|
450
|
+
</html>`),{headers:{"Content-Type":"text/html"}})})}let c=i8(),d=i8();for(let b of Object.values(a))if(!(!b.options||!b.path||b.options?.metadata?.SERVER_ONLY))for(let a of Array.isArray(b.options?.method)?b.options.method:[b.options?.method])jb(c,a,b.path,b);if(b?.routerMiddleware?.length)for(let{path:a,middleware:c}of b.routerMiddleware)jb(d,"*",a,c);let e=async a=>{let e=new URL(a.url),f=e.pathname,g=b?.basePath&&"/"!==b.basePath?f.split(b.basePath).reduce((a,c,d)=>(0!==d&&(d>1?a.push(`${b.basePath}${c}`):a.push(c)),a),[]).join(""):e.pathname;if(!g?.length||/\/{2,}/.test(g))return new Response(null,{status:404,statusText:"Not Found"});let h=function(a,b="",c){47===c.charCodeAt(c.length-1)&&(c=c.slice(0,-1));let d=a.static[c];if(d&&d.methods){let a=d.methods[b]||d.methods[""];if(void 0!==a)return a[0]}let e=i9(c),f=function a(b,c,d,e,f){if(f===e.length){if(c.methods){let a=c.methods[d]||c.methods[""];if(a)return a}if(c.param&&c.param.methods){let a=c.param.methods[d]||c.param.methods[""];if(a){let b=a[0].paramsMap;if(b?.[b?.length-1]?.[2])return a}}if(c.wildcard&&c.wildcard.methods){let a=c.wildcard.methods[d]||c.wildcard.methods[""];if(a){let b=a[0].paramsMap;if(b?.[b?.length-1]?.[2])return a}}return}let g=e[f];if(c.static){let h=c.static[g];if(h){let c=a(b,h,d,e,f+1);if(c)return c}}if(c.param){let h=a(b,c.param,d,e,f+1);if(h){if(c.param.hasRegexParam){let a=h.find(a=>a.paramsRegexp[f]?.test(g))||h.find(a=>!a.paramsRegexp[f]);return a?[a]:void 0}return h}}if(c.wildcard&&c.wildcard.methods)return c.wildcard.methods[d]||c.wildcard.methods[""]}(a,a.root,b,e,0)?.[0];if(void 0!==f)return{data:f.data,params:f.paramsMap?ja(e,f.paramsMap):void 0}}(c,a.method,g);if(g.endsWith("/")!==h?.data?.path?.endsWith("/")&&!b?.skipTrailingSlashes||!h?.data)return new Response(null,{status:404,statusText:"Not Found"});let i={};e.searchParams.forEach((a,b)=>{b in i?Array.isArray(i[b])?i[b].push(a):i[b]=[i[b],a]:i[b]=a});let j=h.data;try{let c=j.options.metadata?.allowedMediaTypes||b?.allowedMediaTypes,e={path:g,method:a.method,headers:a.headers,params:h.params?JSON.parse(JSON.stringify(h.params)):{},request:a,body:j.options.disableBody?void 0:await iK(j.options.cloneRequest?a.clone():a,c),query:i,_flag:"router",asResponse:!0,context:b?.routerContext},f=function(a,b="",c){47===c.charCodeAt(c.length-1)&&(c=c.slice(0,-1));let d=i9(c);return(function a(b,c,d,e,f,g=[]){let h=e[f];if(c.wildcard&&c.wildcard.methods){let a=c.wildcard.methods[d]||c.wildcard.methods[""];a&&g.push(...a)}if(c.param&&(a(b,c.param,d,e,f+1,g),f===e.length&&c.param.methods)){let a=c.param.methods[d]||c.param.methods[""];if(a){let b=a[0].paramsMap;b?.[b?.length-1]?.[2]&&g.push(...a)}}let i=c.static?.[h];if(i&&a(b,i,d,e,f+1,g),f===e.length&&c.methods){let a=c.methods[d]||c.methods[""];a&&g.push(...a)}return g})(a,a.root,b,d,0).map(a=>({data:a.data,params:a.paramsMap?ja(d,a.paramsMap):void 0}))}(d,"*",g);if(f?.length)for(let{data:a,params:b}of f){let c=await a({...e,params:b,asResponse:!1});if(c instanceof Response)return c}return await j(e)}catch(c){if(b?.onError)try{let d=await b.onError(c,a);if(d instanceof Response)return iQ(d)}catch(a){if(iL(a))return iQ(a);throw a}if(b?.throwError)throw c;if(iL(c))return iQ(c);return console.error("# SERVER_ERROR: ",c),new Response(null,{status:500,statusText:"Internal Server Error"})}};return{handler:async a=>{let c=await b?.onRequest?.(a);if(c instanceof Response)return c;let d=iN(c)?c:a,f=await e(d),g=await b?.onResponse?.(f,d);return g instanceof Response?g:f},endpoints:a}})(c,{routerContext:a,openapi:{disabled:!0},basePath:e,routerMiddleware:[{path:"/**",middleware:jl},...d],allowedMediaTypes:["application/json"],skipTrailingSlashes:b.advanced?.skipTrailingSlashes??!1,async onRequest(b){let c=a.options.disabledPaths||[],d=jh(b.url,e);if(c.includes(d))return new Response("Not Found",{status:404});let f=b;for(let b of a.options.plugins||[])if(b.onRequest){let c=await (0,im.withSpan)(`onRequest ${b.id}`,{[ik]:"onRequest",[il]:`plugin:${b.id}`},()=>b.onRequest(f,a));if(c&&"response"in c)return c.response;c&&"request"in c&&(f=c.request)}return await ju(f,a)||f},async onResponse(b,c){for(let d of(await jv(c,a),a.options.plugins||[]))if(d.onResponse){let c=await (0,im.withSpan)(`onResponse ${d.id}`,{[ik]:"onResponse",[il]:`plugin:${d.id}`,[ii.ATTR_HTTP_RESPONSE_STATUS_CODE]:b.status},()=>d.onResponse(b,a));if(c)return c.response}return b},onError(c){if(jc(c)&&"FOUND"===c.status)return;if(b.onAPIError?.throw)throw c;if(b.onAPIError?.onError)return void b.onAPIError.onError(c,a);let d=b.logger?.level,e="error"===d||"warn"===d||"debug"===d?w.logger:void 0;if(b.logger?.disabled!==!0){if(c&&"object"==typeof c&&"message"in c&&"string"==typeof c.message&&(c.message.includes("no column")||c.message.includes("column")||c.message.includes("relation")||c.message.includes("table")||c.message.includes("does not exist")))return void a.logger?.error(c.message);jc(c)?("INTERNAL_SERVER_ERROR"===c.status&&a.logger.error(c.status,c),e?.error(c.message)):a.logger?.error(c&&"object"==typeof c&&"name"in c?c.name:"",c)}}})})(d,a);return ib(d.adapter,()=>g(b))},api:d,options:a,$context:c,$ERROR_CODES:{...a.plugins?.reduce((a,b)=>b.$ERROR_CODES?{...a,...b.$ERROR_CODES}:a,{}),...cx.BASE_ERROR_CODES}}})({database:mt,secret:function(){if(process.env.BETTER_AUTH_SECRET)return process.env.BETTER_AUTH_SECRET;if((0,lX.existsSync)(ms))return(0,lX.readFileSync)(ms,"utf-8").trim();let a=(0,P.randomBytes)(32).toString("base64");(0,lX.writeFileSync)(ms,a,{mode:384});try{(0,lX.chmodSync)(ms,384)}catch{}return a}(),baseURL:process.env.BETTER_AUTH_URL,account:{accountLinking:{enabled:!0,...my.length?{trustedProviders:my,requireLocalEmailVerified:!1}:{}}},emailAndPassword:{enabled:mx,requireEmailVerification:!1,autoSignIn:!0},rateLimit:{enabled:!0,window:60,max:100,customRules:{"/sign-in/email":{window:60,max:20},"/sign-up/email":{window:60,max:10}}},socialProviders:mu,databaseHooks:{user:{create:{before:async a=>{if(!await mp(a.email))throw Error("SIGNUP_NOT_ALLOWED");return{data:a}}}}},plugins:[(m=!1,{id:"next-cookies",version:"1.6.12",hooks:{before:[{matcher:a=>"/get-session"===a.path,handler:je(async b=>{let c;if(m||(!function(a,b){let c=a.options.plugins||[];if(0===c.length)return;let d=c.findIndex(a=>a.id===b);-1===d||c.slice(d+1).some(a=>a.hooks&&Array.isArray(a.hooks.after)&&a.hooks.after.length>0)&&a.logger.warn(`[better-auth] Cookie integration plugin "${b}" should be placed last in the plugins array. Plugins with \`hooks.after\` running after it may set cookies that are not forwarded to the framework cookie store. Move your cookie integration plugin to the end of the \`plugins\` array to avoid missing \`Set-Cookie\` headers.`)}(b.context,"next-cookies"),m=!0),"_flag"in b&&"router"===b._flag)return;try{let{headers:b}=await a.A(793033);c=await b()}catch{return}let d="1"===c.get("RSC"),e=!!c.get("next-action");d&&!e&&await jE(!0)})}],after:[{matcher:a=>!0,handler:je(async b=>{let c=b.context.responseHeaders;if((!("_flag"in b)||"router"!==b._flag)&&c instanceof Headers){let b,d,e=c?.get("set-cookie");if(!e)return;let f=(d=new Map,cJ(e).forEach(a=>{let[b,...c]=a.split(";").map(a=>a.trim()),[e,...f]=(b||"").split("="),g=cM(f.join("="));if(!e)return;let h={value:cI(g)};c.forEach(a=>{let[b,...c]=a.split("="),d=c.join("="),e=b.trim().toLowerCase();switch(e){case"max-age":h["max-age"]=d?parseInt(d.trim(),10):void 0;break;case"expires":h.expires=d?new Date(d.trim()):void 0;break;case"domain":h.domain=d?d.trim():void 0;break;case"path":h.path=d?d.trim():void 0;break;case"secure":h.secure=!0;break;case"httponly":h.httponly=!0;break;case"samesite":h.samesite=d?d.trim().toLowerCase():void 0;break;case"partitioned":h.partitioned=!0;break;default:h[e]=!d||d.trim()}}),d.set(e,h)}),d);try{let{cookies:c}=await a.A(793033);b=await c()}catch(a){if(a instanceof Error&&(a.message.startsWith("`cookies` was called outside a request scope.")||a.message.includes("Cannot find module")))return;throw a}f.forEach((a,c)=>{if(c)try{b.set(c,a.value,{maxAge:a["max-age"],expires:a.expires,domain:a.domain,path:a.path,secure:a.secure,httpOnly:a.httponly,sameSite:a.samesite,partitioned:a.partitioned})}catch{}});return}})}]}})],trustedOrigins:(n=(process.env.WIKI_OWNER_HOSTS??"").split(",").map(a=>a.trim()).filter(Boolean),o=["",":3000",":3003"],Array.from(new Set(["http://localhost:3000","http://localhost:3003",...n.flatMap(a=>o.flatMap(b=>[`http://${a}${b}`,`https://${a}${b}`]))])))},mk),mA=Symbol.for("wiki-viewer.better-auth.migration-promise"),mB=globalThis;mB[mA]||(mB[mA]=(async()=>{let b=await a.A(160417),{runMigrations:c}=await b.getMigrations(mz.options);await c()})()),a.s(["default",0,function(){let a=!!(process.env.GOOGLE_CLIENT_ID&&process.env.GOOGLE_CLIENT_SECRET);return(0,t.jsx)(u.default,{initialPasswordAuth:mx,initialGoogle:a})},"dynamic",0,"force-dynamic"],244925)},101289,a=>{a.n(a.i(244925))}];
|
|
451
|
+
|
|
452
|
+
//# sourceMappingURL=src_app_signin_00yk0vm._.js.map
|