woodsportal-client-sdk 4.0.7-dev.1 → 4.0.7-dev.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/angular/index.js +6 -6
- package/dist/adapters/react/index.js +6 -6
- package/dist/adapters/vue/index.js +6 -6
- package/dist/auth-interceptor-policy-CKXBTGBT.js +5 -0
- package/dist/{auth-interceptor-policy-LU2L5NJM.js.map → auth-interceptor-policy-CKXBTGBT.js.map} +1 -1
- package/dist/auth-utils-LT4JXJER.js +5 -0
- package/dist/{auth-utils-Z5P6SMLJ.js.map → auth-utils-LT4JXJER.js.map} +1 -1
- package/dist/{chunk-HAXXPW65.js → chunk-4T7P7OOA.js} +17 -8
- package/dist/chunk-4T7P7OOA.js.map +1 -0
- package/dist/{chunk-B2OVKOJU.js → chunk-5NONTYJA.js} +171 -7
- package/dist/chunk-5NONTYJA.js.map +1 -0
- package/dist/{chunk-OFPD644E.js → chunk-5UVVTUWX.js} +4 -4
- package/dist/{chunk-OFPD644E.js.map → chunk-5UVVTUWX.js.map} +1 -1
- package/dist/{chunk-YNOZWRK3.js → chunk-6XIX6R4X.js} +7 -4
- package/dist/chunk-6XIX6R4X.js.map +1 -0
- package/dist/{chunk-6YOL5LPB.js → chunk-6Z7RU2LA.js} +7 -7
- package/dist/{chunk-6YOL5LPB.js.map → chunk-6Z7RU2LA.js.map} +1 -1
- package/dist/{chunk-BURJ2NUL.js → chunk-7ODPBDQ4.js} +3 -3
- package/dist/{chunk-BURJ2NUL.js.map → chunk-7ODPBDQ4.js.map} +1 -1
- package/dist/{chunk-PFOSN7EB.js → chunk-GATTD2GK.js} +57 -10
- package/dist/chunk-GATTD2GK.js.map +1 -0
- package/dist/{chunk-GUYIJ4ZE.js → chunk-PRGN3FF6.js} +3 -3
- package/dist/{chunk-GUYIJ4ZE.js.map → chunk-PRGN3FF6.js.map} +1 -1
- package/dist/{chunk-FJAOCLB4.js → chunk-RLVOYGDZ.js} +23 -6
- package/dist/chunk-RLVOYGDZ.js.map +1 -0
- package/dist/{chunk-BKT4MFQM.js → chunk-UDAPRD7Z.js} +15 -5
- package/dist/chunk-UDAPRD7Z.js.map +1 -0
- package/dist/{chunk-WNE4LSVH.js → chunk-VVEC7N45.js} +67 -30
- package/dist/chunk-VVEC7N45.js.map +1 -0
- package/dist/cross-tab-session-RGHJ3TRW.js +9 -0
- package/dist/{cross-tab-session-TUFJ6KU7.js.map → cross-tab-session-RGHJ3TRW.js.map} +1 -1
- package/dist/entries/auth.d.ts +3 -2
- package/dist/entries/auth.js +8 -8
- package/dist/entries/auth.js.map +1 -1
- package/dist/entries/crm.d.ts +2 -2
- package/dist/entries/crm.js +9 -7
- package/dist/entries/crm.js.map +1 -1
- package/dist/{http-errors-Bwhj6cfB.d.ts → http-errors-CCCQECil.d.ts} +19 -2
- package/dist/index.d.ts +15 -4
- package/dist/index.js +15 -13
- package/dist/index.js.map +1 -1
- package/dist/{cache-purge-Ca4idzyy.d.ts → pipeline-ui-DbEzI_v1.d.ts} +13 -1
- package/dist/storage-migration-2NVJ3GNQ.js +4 -0
- package/dist/{storage-migration-BY2QL6YD.js.map → storage-migration-2NVJ3GNQ.js.map} +1 -1
- package/package.json +1 -1
- package/dist/auth-interceptor-policy-LU2L5NJM.js +0 -5
- package/dist/auth-utils-Z5P6SMLJ.js +0 -5
- package/dist/chunk-B2OVKOJU.js.map +0 -1
- package/dist/chunk-BKT4MFQM.js.map +0 -1
- package/dist/chunk-FJAOCLB4.js.map +0 -1
- package/dist/chunk-HAXXPW65.js.map +0 -1
- package/dist/chunk-PFOSN7EB.js.map +0 -1
- package/dist/chunk-WNE4LSVH.js.map +0 -1
- package/dist/chunk-YNOZWRK3.js.map +0 -1
- package/dist/cross-tab-session-TUFJ6KU7.js +0 -9
- package/dist/refresh-lock-JQVP4YOS.js +0 -72
- package/dist/refresh-lock-JQVP4YOS.js.map +0 -1
- package/dist/storage-migration-BY2QL6YD.js +0 -4
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { bindStoreWithActions } from '../../chunk-AYTO6ND7.js';
|
|
2
|
-
import { createAdapterHooks } from '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
4
|
-
import '../../chunk-
|
|
5
|
-
import '../../chunk-
|
|
6
|
-
import '../../chunk-
|
|
7
|
-
import '../../chunk-
|
|
2
|
+
import { createAdapterHooks } from '../../chunk-5UVVTUWX.js';
|
|
3
|
+
import '../../chunk-7ODPBDQ4.js';
|
|
4
|
+
import '../../chunk-GATTD2GK.js';
|
|
5
|
+
import '../../chunk-5NONTYJA.js';
|
|
6
|
+
import '../../chunk-6XIX6R4X.js';
|
|
7
|
+
import '../../chunk-UDAPRD7Z.js';
|
|
8
8
|
import { inject, DestroyRef, signal } from '@angular/core';
|
|
9
9
|
|
|
10
10
|
function createAngularStoreComposable(store, actions) {
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { createAdapterHooks } from '../../chunk-
|
|
2
|
-
import '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
4
|
-
import '../../chunk-
|
|
5
|
-
import '../../chunk-
|
|
6
|
-
import '../../chunk-
|
|
1
|
+
import { createAdapterHooks } from '../../chunk-5UVVTUWX.js';
|
|
2
|
+
import '../../chunk-7ODPBDQ4.js';
|
|
3
|
+
import '../../chunk-GATTD2GK.js';
|
|
4
|
+
import '../../chunk-5NONTYJA.js';
|
|
5
|
+
import '../../chunk-6XIX6R4X.js';
|
|
6
|
+
import '../../chunk-UDAPRD7Z.js';
|
|
7
7
|
import { useSyncExternalStore } from 'react';
|
|
8
8
|
|
|
9
9
|
function createReactStoreComposable(store, actions) {
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
import { bindStoreWithActions } from '../../chunk-AYTO6ND7.js';
|
|
2
|
-
import { createAdapterHooks } from '../../chunk-
|
|
3
|
-
import '../../chunk-
|
|
4
|
-
import '../../chunk-
|
|
5
|
-
import '../../chunk-
|
|
6
|
-
import '../../chunk-
|
|
7
|
-
import '../../chunk-
|
|
2
|
+
import { createAdapterHooks } from '../../chunk-5UVVTUWX.js';
|
|
3
|
+
import '../../chunk-7ODPBDQ4.js';
|
|
4
|
+
import '../../chunk-GATTD2GK.js';
|
|
5
|
+
import '../../chunk-5NONTYJA.js';
|
|
6
|
+
import '../../chunk-6XIX6R4X.js';
|
|
7
|
+
import '../../chunk-UDAPRD7Z.js';
|
|
8
8
|
import { reactive, onScopeDispose } from 'vue';
|
|
9
9
|
|
|
10
10
|
function createVueStoreComposable(store, actions) {
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { isOptionalAuthFailureUrl, isRefreshEndpointUrl, isSessionProbeUrl, persistAuthError, readPersistedAuthError, resolveAuthErrorAction } from './chunk-PRGN3FF6.js';
|
|
2
|
+
import './chunk-COHBSTHF.js';
|
|
3
|
+
import './chunk-UDAPRD7Z.js';
|
|
4
|
+
//# sourceMappingURL=auth-interceptor-policy-CKXBTGBT.js.map
|
|
5
|
+
//# sourceMappingURL=auth-interceptor-policy-CKXBTGBT.js.map
|
package/dist/{auth-interceptor-policy-LU2L5NJM.js.map → auth-interceptor-policy-CKXBTGBT.js.map}
RENAMED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":[],"names":[],"mappings":"","file":"auth-interceptor-policy-
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"auth-interceptor-policy-CKXBTGBT.js"}
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { clearRefreshToken, getPortal, getProfile, getRefreshToken, getSubscriptionType, setAccessToken, setLoggedInDetails, setPortal, setProfileDetails, setRefreshToken, setSubscriptionType } from './chunk-5NONTYJA.js';
|
|
2
|
+
import './chunk-6XIX6R4X.js';
|
|
3
|
+
import './chunk-UDAPRD7Z.js';
|
|
4
|
+
//# sourceMappingURL=auth-utils-LT4JXJER.js.map
|
|
5
|
+
//# sourceMappingURL=auth-utils-LT4JXJER.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":[],"names":[],"mappings":"","file":"auth-utils-
|
|
1
|
+
{"version":3,"sources":[],"names":[],"mappings":"","file":"auth-utils-LT4JXJER.js"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { getAuthRefreshToken, createMutation, Client } from './chunk-
|
|
2
|
-
import { getParam, actions6 } from './chunk-
|
|
3
|
-
import { hasRefreshSession, isAccessTokenExpired, hydrateSessionRefreshState, clearSessionRefreshExhaustedState, resetSessionAuthState, isRefreshInFlight, isSessionRefreshExhausted, didLastRefreshFail, hasValidAccessToken, isExpiresAccessToken, isAuthenticateApp, isAuthenticated, clearAccessToken, getAccessToken, refreshSession, getRefreshToken,
|
|
4
|
-
import { isCookieExpired, clearClientAuthCookies } from './chunk-
|
|
1
|
+
import { getAuthRefreshToken, createMutation, Client } from './chunk-VVEC7N45.js';
|
|
2
|
+
import { getParam, actions6 } from './chunk-GATTD2GK.js';
|
|
3
|
+
import { hasRefreshSession, isAccessTokenExpired, hydrateSessionRefreshState, clearSessionRefreshExhaustedState, resetSessionAuthState, isRefreshInFlight, isSessionRefreshExhausted, didLastRefreshFail, hasValidAccessToken, isExpiresAccessToken, isAuthenticateApp, isAuthenticated, clearAccessToken, setAccessToken, getAccessToken, refreshSession, getRefreshToken, clearRefreshToken, storeMfaPendingAccessToken, logger, setPortal, setSubscriptionType, setRefreshToken, setLoggedInDetails, setConfig, clearMfaPendingAccessToken } from './chunk-5NONTYJA.js';
|
|
4
|
+
import { isCookieExpired, clearClientAuthCookies } from './chunk-6XIX6R4X.js';
|
|
5
5
|
|
|
6
6
|
// src/main/core/auth/session-contract.ts
|
|
7
7
|
function hasValidAccess(input) {
|
|
@@ -65,6 +65,7 @@ async function completeLoginSession(response) {
|
|
|
65
65
|
await setLoggedInDetails(body);
|
|
66
66
|
actions6.setProfile(response?.data != null ? response : { data: body });
|
|
67
67
|
setConfig.setDevPortalId(currentPortalId);
|
|
68
|
+
clearMfaPendingAccessToken("c");
|
|
68
69
|
return response;
|
|
69
70
|
}
|
|
70
71
|
async function applyLoginResponse(response) {
|
|
@@ -74,7 +75,9 @@ async function applyLoginResponse(response) {
|
|
|
74
75
|
const token = tokenData?.token;
|
|
75
76
|
const expiresIn = tokenData?.expiresIn;
|
|
76
77
|
if (token) {
|
|
78
|
+
clearRefreshToken();
|
|
77
79
|
await setAccessToken(token, expiresIn);
|
|
80
|
+
storeMfaPendingAccessToken(token, expiresIn, "c");
|
|
78
81
|
}
|
|
79
82
|
return response;
|
|
80
83
|
}
|
|
@@ -616,6 +619,7 @@ var authApi = {
|
|
|
616
619
|
refreshSession,
|
|
617
620
|
refreshAccessToken: getAuthRefreshToken,
|
|
618
621
|
getAccessToken,
|
|
622
|
+
setAccessToken,
|
|
619
623
|
clearAccessToken,
|
|
620
624
|
isAuthenticated,
|
|
621
625
|
isAuthenticateApp,
|
|
@@ -654,14 +658,19 @@ var authApi = {
|
|
|
654
658
|
};
|
|
655
659
|
|
|
656
660
|
// src/main/core/auth/bootstrap-contract.ts
|
|
657
|
-
function recoverMfaGateOnBoot(input) {
|
|
661
|
+
async function recoverMfaGateOnBoot(input) {
|
|
658
662
|
const hasContext = input.hasMfaContext();
|
|
659
|
-
|
|
663
|
+
let hasToken = input.hasAccessToken();
|
|
660
664
|
const hasRefresh = input.hasRefreshToken();
|
|
661
665
|
if (hasContext && hasToken) {
|
|
662
666
|
return "pending";
|
|
663
667
|
}
|
|
664
668
|
if (hasContext && !hasToken) {
|
|
669
|
+
const hydrated = await input.tryHydrateMfaAccessToken?.();
|
|
670
|
+
hasToken = input.hasAccessToken();
|
|
671
|
+
if (hydrated && hasToken) {
|
|
672
|
+
return "pending";
|
|
673
|
+
}
|
|
665
674
|
input.clearMfaOrphan();
|
|
666
675
|
return "orphan_cleared";
|
|
667
676
|
}
|
|
@@ -724,5 +733,5 @@ function resolveAuthRouteAction(input) {
|
|
|
724
733
|
}
|
|
725
734
|
|
|
726
735
|
export { authApi, hasAuthenticatedAccess, hasValidAccess, isFullyAuthenticated, isMfaPendingSession, recoverMfaGateOnBoot, resolveAuthRouteAction };
|
|
727
|
-
//# sourceMappingURL=chunk-
|
|
728
|
-
//# sourceMappingURL=chunk-
|
|
736
|
+
//# sourceMappingURL=chunk-4T7P7OOA.js.map
|
|
737
|
+
//# sourceMappingURL=chunk-4T7P7OOA.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/main/core/auth/session-contract.ts","../src/main/core/http/session-persistence-error.ts","../src/main/core/http/login-session.ts","../src/main/features/auth/api/authentication.ts","../src/main/features/auth/api/mfa.ts","../src/main/features/auth/api/security.ts","../src/main/features/auth/api/login-bootstrap.ts","../src/main/features/auth/api/sso.ts","../src/main/features/auth/api/users.ts","../src/main/api/nested-auth-api.ts","../src/main/core/auth/bootstrap-contract.ts","../src/main/core/auth/route-guard-contract.ts"],"names":["actions"],"mappings":";;;;;;AAgBO,SAAS,eAAe,KAAA,EAAsC;AACjE,EAAA,OAAO,KAAA,CAAM,cAAA,EAAe,IAAK,CAAC,MAAM,oBAAA,EAAqB;AACjE;AAEO,SAAS,qBAAqB,KAAA,EAAsC;AACvE,EAAA,IAAI,KAAA,CAAM,gBAAe,EAAG;AACxB,IAAA,OAAO,KAAA;AAAA,EACX;AACA,EAAA,IAAI,cAAA,CAAe,KAAK,CAAA,EAAG;AACvB,IAAA,OAAO,IAAA;AAAA,EACX;AACA,EAAA,OAAO,MAAM,iBAAA,EAAkB;AACnC;AAEO,SAAS,oBAAoB,KAAA,EAAsC;AACtE,EAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,YAAA,IAAgB,CAAA;AACzC;AAEO,SAAS,uBAAuB,KAAA,EAAsC;AACzE,EAAA,IAAI,KAAA,CAAM,gBAAe,EAAG;AACxB,IAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,cAAA,EAAgB,CAAA;AAAA,EACzC;AACA,EAAA,OAAO,eAAe,KAAK,CAAA;AAC/B;;;ACtCO,IAAM,uBAAA,GAAN,cAAsC,KAAA,CAAM;AAAA,EAC/C,YAAY,OAAA,EAAiB;AACzB,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AAAA,EAChB;AACJ,CAAA;;;ACCA,SAAS,gBAAgB,QAAA,EAAoC;AACzD,EAAA,OAAQ,QAAA,EAAU,IAAA,IAAQ,QAAA,IAAY,EAAC;AAC3C;AAMA,eAAsB,qBAAqB,QAAA,EAA6B;AACpE,EAAA,MAAM,IAAA,GAAO,gBAAgB,QAAQ,CAAA;AACrC,EAAA,MAAM,SAAA,GAAiB,IAAA,EAAM,SAAA,IAAa,EAAC;AAC3C,EAAA,MAAM,eAAA,GAAuB,IAAA,EAAM,eAAA,IAAmB,EAAC;AACvD,EAAA,MAAM,aAAA,GAAqB,eAAA,EAAiB,aAAA,IAAiB,EAAC;AAC9D,EAAA,MAAM,eAAA,GAAuB,eAAe,QAAA,IAAY,IAAA;AACxD,EAAA,MAAM,gBAAA,GAAmB,iBAAiB,gBAAA,IAAoB,OAAA;AAE9D,EAAA,MAAM,QAAQ,SAAA,EAAW,KAAA;AACzB,EAAA,MAAM,eAAe,SAAA,EAAW,YAAA;AAChC,EAAA,MAAM,YAAY,SAAA,EAAW,SAAA;AAC7B,EAAA,MAAM,mBAAmB,SAAA,EAAW,gBAAA;AACpC,EAAA,MAAM,aAAa,SAAA,EAAW,gBAAA;AAE9B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACrC,IAAA,MAAA,CAAO,MAAM,MAAA,EAAQ,oCAAA,EAAsC,EAAE,SAAA,EAAW,wBAAwB,CAAA;AAChG,IAAA,MAAM,IAAI,wBAAwB,oEAAoE,CAAA;AAAA,EAC1G;AAEA,EAAA,IAAI,CAAC,YAAA,IAAgB,OAAO,YAAA,KAAiB,QAAA,EAAU;AACnD,IAAA,MAAA,CAAO,MAAM,MAAA,EAAQ,qCAAA,EAAuC,EAAE,SAAA,EAAW,wBAAwB,CAAA;AACjG,IAAA,MAAM,IAAI,wBAAwB,qEAAqE,CAAA;AAAA,EAC3G;AAEA,EAAA,SAAA,CAAU,aAAa,CAAA;AACvB,EAAA,mBAAA,CAAoB,gBAAgB,CAAA;AACpC,EAAA,MAAM,cAAA,CAAe,OAAO,SAAS,CAAA;AACrC,EAAA,MAAM,eAAA,CAAgB,YAAA,EAAc,gBAAA,IAAoB,UAAU,CAAA;AAClE,EAAA,MAAM,mBAAmB,IAAI,CAAA;AAC7B,EAAAA,QAAA,CAAY,UAAA,CAAW,UAAU,IAAA,IAAQ,IAAA,GAAO,WAAW,EAAE,IAAA,EAAM,MAAM,CAAA;AAEzE,EAAA,SAAA,CAAU,eAAe,eAAe,CAAA;AAExC,EAAA,0BAAA,CAA2B,GAAG,CAAA;AAE9B,EAAA,OAAO,QAAA;AACX;AAOA,eAAsB,mBAAmB,QAAA,EAA6B;AAClE,EAAA,MAAM,IAAA,GAAO,gBAAgB,QAAQ,CAAA;AACrC,EAAA,IAAI,IAAA,EAAM,sBAAsB,IAAA,EAAM;AAClC,IAAA,MAAM,SAAA,GAAiB,IAAA,EAAM,SAAA,IAAa,EAAC;AAC3C,IAAA,MAAM,QAAQ,SAAA,EAAW,KAAA;AACzB,IAAA,MAAM,YAAY,SAAA,EAAW,SAAA;AAC7B,IAAA,IAAI,KAAA,EAAO;AACP,MAAA,iBAAA,EAAkB;AAClB,MAAA,MAAM,cAAA,CAAe,OAAO,SAAS,CAAA;AACrC,MAAA,0BAAA,CAA2B,KAAA,EAAO,WAAW,GAAG,CAAA;AAAA,IACpD;AACA,IAAA,OAAO,QAAA;AAAA,EACX;AACA,EAAA,OAAO,qBAAqB,QAAQ,CAAA;AACxC;;;ACvDO,SAAS,SAAS,OAAA,EAAqC;AAC1D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAqC,OAAO,OAAA,KAAiB;AACvF,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,SAAS,OAAO,CAAA;AAClE,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,QAAA,EAAU,MAAA;AAAA,IACV;AAAA,GACJ;AACJ;AAQO,SAAS,MAAM,OAAA,EAAmD;AACrE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAgD,OAAO,OAAA,KAAiB;AAClG,IAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,cAAA,CAAe,MAAM,OAAO,CAAA;AAC3D,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,KAAA,EAAO,MAAA;AAAA,IACP;AAAA,GACJ;AACJ;AAuBO,SAAS,QAAQ,OAAA,EAAmD;AACvE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAsD,OAAO,OAAA,KAAY;AACnG,IAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,cAAA,CAAe,QAAQ,OAAQ,CAAA;AAC9D,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,OAAA,EAAS,MAAA;AAAA,IACT;AAAA,GACJ;AACJ;AAEO,SAAS,cAAc,OAAA,EAAmD;AAC7E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAwD,OAAO,OAAA,KAAmC;AAC5H,IAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,cAAA,CAAe,cAAc,OAAQ,CAAA;AACpE,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,aAAA,EAAe,MAAA;AAAA,IACf;AAAA,GACJ;AACJ;AAEO,SAAS,SAAS,OAAA,EAAqC;AAC1D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAyB,OAAO,OAAA,KAAiB;AAC3E,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,SAAS,OAAO,CAAA;AAClE,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,QAAA,EAAU,MAAA;AAAA,IACV;AAAA,GACJ;AACJ;AAEO,SAAS,YAAY,OAAA,EAAqC;AAC7D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAwC,OAAO,OAAA,KAAiB;AAC1F,IAAA,MAAM,kBAAA,GAAyC,WAAW,EAAC;AAC3D,IAAA,MAAM,KAAA,GAAa,SAAS,OAAO,CAAA;AACnC,IAAA,IAAI,CAAC,kBAAA,EAAoB,KAAA,EAAO,kBAAA,CAAmB,KAAA,GAAQ,KAAA;AAC3D,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,YAAY,kBAAkB,CAAA;AAChF,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,WAAA,EAAa,MAAA;AAAA,IACb;AAAA,GACJ;AACJ;AAEO,SAAS,yBAAyB,OAAA,EAAqC;AAC1E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAqD,OAAO,OAAA,KAAiB;AACvG,IAAA,MAAM,+BAAA,GAAmE,WAAW,EAAC;AACrF,IAAA,MAAM,KAAA,GAAa,SAAS,OAAO,CAAA;AACnC,IAAA,IAAI,CAAC,+BAAA,EAAiC,KAAA,EAAO,+BAAA,CAAgC,KAAA,GAAQ,KAAA;AACrF,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,yBAAyB,+BAA+B,CAAA;AAC1G,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,wBAAA,EAA0B,MAAA;AAAA,IAC1B;AAAA,GACJ;AACJ;AAEO,SAAS,cAAc,OAAA,EAAqC;AAC/D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA0C,OAAO,OAAA,KAAiB;AAC5F,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,cAAc,OAAO,CAAA;AACvE,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,aAAA,EAAe,MAAA;AAAA,IACf;AAAA,GACJ;AACJ;AAEO,SAAS,eAAe,OAAA,EAAqC;AAChE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA2C,OAAO,OAAA,KAAiB;AAC7F,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,eAAe,OAAO,CAAA;AACxE,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,cAAA,EAAgB,MAAA;AAAA,IAChB;AAAA,GACJ;AACJ;AAEO,SAAS,OAAO,OAAA,EAAqC;AACxD,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,eAAe,YAAY;AACrD,IAAA,IAAI;AACA,MAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,MAAA,EAAO;AACzD,MAAA,OAAO,QAAA;AAAA,IACX,CAAA,SAAE;AACE,MAAA,gBAAA,EAAiB;AACjB,MAAA,sBAAA,EAAuB;AAAA,IAC3B;AAAA,EACJ,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,MAAA,EAAQ,MAAA;AAAA,IACR;AAAA,GACJ;AACJ;AAEO,SAAS,qBAAqB,OAAA,EAAqC;AACtE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAyB,OAAO,OAAA,KAAiB;AAC3E,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,qBAAqB,OAAO,CAAA;AAC9E,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,oBAAA,EAAsB,MAAA;AAAA,IACtB;AAAA,GACJ;AACJ;AAEO,SAAS,kBAAkB,OAAA,EAAqC;AACnE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAyB,OAAO,OAAA,KAAiB;AAC3E,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,kBAAkB,OAAO,CAAA;AAC3E,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,iBAAA,EAAmB,MAAA;AAAA,IACnB;AAAA,GACJ;AACJ;AAEO,SAAS,YAAY,OAAA,EAAqC;AAC7D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAyB,OAAO,OAAA,KAAiB;AAC3E,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,YAAY,OAAO,CAAA;AACrE,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,WAAA,EAAa,MAAA;AAAA,IACb;AAAA,GACJ;AACJ;;;AChMO,SAAS,UAAU,OAAA,EAAmD;AACzE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA4D,OAAO,OAAA,KAAuC;AACpI,IAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,cAAA,CAAe,UAAU,OAAQ,CAAA;AAChE,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,EAAW,MAAA,EAAQ,SAAA,EAAU;AAClD;AAQO,SAAS,WAAW,OAAA,EAAqC;AAC5D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAgC,MAAA,CAAO,GAAA,CAAI,eAAe,OAAQ,CAAA;AAAA,IACzE;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,OAAA,EAAS,MAAA,EAAQ,UAAA,EAAY,QAAQ,SAAA,EAAU;AACpE;AAQO,SAAS,sBAAsB,OAAA,EAAqC;AACvE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAA8C,MAAA,CAAO,GAAA,CAAI,sBAAsB,OAAQ,CAAA;AAAA,IAC9F;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,qBAAA,EAAuB,MAAA,EAAQ,SAAA,EAAU;AAC9D;AASO,SAAS,qBAAqB,OAAA,EAAmD;AACpF,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAA6C;AAChD,MAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,GAAA,CAAI,qBAAqB,OAAQ,CAAA;AAChE,MAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,MAAA,OAAO,QAAA;AAAA,IACX,CAAA;AAAA,IACA;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,oBAAA,EAAsB,MAAA,EAAQ,SAAA,EAAU;AAC7D;AAQO,SAAS,aAAa,OAAA,EAAqD;AAC9E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAa,MAAM,MAAA,CAAO,GAAA,CAAI,UAAU,OAAO,CAAA;AAAA,IACtD;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,SAAA,EAAW,MAAA,EAAQ,YAAA,EAAc,QAAQ,SAAA,EAAU;AACxE;AAQO,SAAS,kBAAkB,OAAA,EAAqC;AACnE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAoD;AACvD,MAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,OAAA;AAC9B,MAAA,OAAO,OAAO,GAAA,CAAI,cAAA,CAAe,IAAA,EAAM,EAAE,UAAU,CAAA;AAAA,IACvD,CAAA;AAAA,IACA;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,cAAA,EAAgB,MAAA,EAAQ,iBAAA,EAAmB,QAAQ,SAAA,EAAU;AAClF;AAQO,SAAS,iBAAiB,OAAA,EAAqC;AAClE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA8D,OAAO,OAAA,KAAY;AAC3G,IAAA,MAAM,EAAE,UAAU,GAAG,IAAA,KAAS,OAAA,IAAW,EAAE,OAAO,EAAA,EAAG;AACrD,IAAA,OAAO,MAAA,CAAO,IAAI,gBAAA,CAAiB,IAAA,EAAM,YAAY,IAAA,GAAO,EAAE,QAAA,EAAS,GAAI,MAAS,CAAA;AAAA,EACxF,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,gBAAA,EAAkB,MAAA,EAAQ,SAAA,EAAU;AACzD;AAQO,SAAS,mBAAmB,OAAA,EAAqC;AACpE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAgE,OAAO,OAAA,KAAY;AAC7G,IAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,WAAW,EAAE,KAAA,EAAO,EAAA,EAAI,IAAA,EAAM,EAAA,EAAG;AAC/D,IAAA,OAAO,MAAA,CAAO,IAAI,kBAAA,CAAmB,IAAA,EAAM,YAAY,IAAA,GAAO,EAAE,QAAA,EAAS,GAAI,MAAS,CAAA;AAAA,EAC1F,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,kBAAA,EAAoB,MAAA,EAAQ,SAAA,EAAU;AAC3D;AAQO,SAAS,gBAAgB,OAAA,EAAqC;AACjE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAgD,OAAO,OAAA,KAAY,MAAA,CAAO,GAAA,CAAI,eAAA,CAAgB,OAAO,CAAA,EAAG,OAAO,CAAA;AAE7I,EAAA,OAAO,EAAE,MAAA,EAAQ,eAAA,EAAiB,MAAA,EAAQ,SAAA,EAAU;AACxD;AAQO,SAAS,iBAAiB,OAAA,EAAqC;AAClE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAsC,MAAA,CAAO,GAAA,CAAI,iBAAiB,OAAQ,CAAA;AAAA,IACjF;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,gBAAA,EAAkB,MAAA,EAAQ,SAAA,EAAU;AACzD;AAQO,SAAS,YAAY,OAAA,EAAqC;AAC7D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAyD,OAAO,OAAA,KAAkD;AAC5I,IAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,OAAA;AAC9B,IAAA,OAAO,OAAO,GAAA,CAAI,WAAA,CAAY,IAAA,EAAM,EAAE,UAAU,CAAA;AAAA,EACpD,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,WAAA,EAAa,MAAA,EAAQ,SAAA,EAAU;AACpD;AAOO,SAAS,cAAc,OAAA,EAAqC;AAC/D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAoD;AACvD,MAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,OAAA;AAC9B,MAAA,OAAO,OAAO,GAAA,CAAI,aAAA,CAAc,IAAA,EAAM,EAAE,UAAU,CAAA;AAAA,IACtD,CAAA;AAAA,IACA;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,aAAA,EAAe,MAAA,EAAQ,SAAA,EAAU;AACtD;AAOO,SAAS,sBAAsB,OAAA,EAAwD;AAC1F,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAA4D;AAC/D,MAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,OAAA;AAC9B,MAAA,OAAO,OAAO,GAAA,CAAI,qBAAA,CAAsB,IAAA,EAAM,EAAE,UAAU,CAAA;AAAA,IAC9D,CAAA;AAAA,IACA;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,qBAAA,EAAuB,MAAA,EAAQ,SAAA,EAAU;AAC9D;AAOO,SAAS,UAAU,OAAA,EAAqC;AAC3D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAuD,OAAO,OAAA,KAAgD;AACxI,IAAA,MAAM,EAAE,QAAA,EAAU,GAAG,IAAA,EAAK,GAAI,OAAA;AAC9B,IAAA,OAAO,OAAO,GAAA,CAAI,MAAA,CAAO,IAAA,EAAM,EAAE,UAAU,CAAA;AAAA,EAC/C,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,MAAA,EAAQ,SAAA,EAAW,QAAQ,SAAA,EAAU;AAClE;AAQO,SAAS,wBAAwB,OAAA,EAAqC;AACzE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,GAAA,CAAI,wBAAwB,OAAO,CAAA;AAAA,IAC7D;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,uBAAA,EAAyB,MAAA,EAAQ,SAAA,EAAU;AAChE;AAQO,SAAS,uBAAuB,OAAA,EAAqC;AACxE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAoC,MAAA,CAAO,GAAA,CAAI,uBAAuB,OAAQ,CAAA;AAAA,IACrF;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,sBAAA,EAAwB,MAAA,EAAQ,SAAA,EAAU;AAC/D;AAQO,SAAS,oBAAoB,OAAA,EAAqC;AACrE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAgD,OAAO,OAAA,KAAY,MAAA,CAAO,GAAA,CAAI,mBAAA,CAAoB,OAAO,CAAA,EAAG,OAAO,CAAA;AAEjJ,EAAA,OAAO,EAAE,MAAA,EAAQ,mBAAA,EAAqB,MAAA,EAAQ,SAAA,EAAU;AAC5D;AAQO,SAAS,mBAAmB,OAAA,EAAqC;AACpE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAoC,MAAA,CAAO,GAAA,CAAI,mBAAmB,OAAQ,CAAA;AAAA,IACjF;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,kBAAA,EAAoB,MAAA,EAAQ,SAAA,EAAU;AAC3D;AAQO,SAAS,wBAAwB,OAAA,EAAqC;AACzE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,GAAA,CAAI,wBAAwB,OAAO,CAAA;AAAA,IAC7D;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,uBAAA,EAAyB,MAAA,EAAQ,SAAA,EAAU;AAChE;AAQO,SAAS,yBAAyB,OAAA,EAAqC;AAC1E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAuE;AAC1E,MAAA,MAAM,EAAE,kBAAA,EAAoB,QAAA,EAAS,GAAI,OAAA;AACzC,MAAA,OAAO,OAAO,GAAA,CAAI,wBAAA,CAAyB,kBAAA,EAAoB,EAAE,UAAU,CAAA;AAAA,IAC/E,CAAA;AAAA,IACA;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,wBAAA,EAA0B,MAAA,EAAQ,SAAA,EAAU;AACjE;AAQO,SAAS,oBAAoB,OAAA,EAAqC;AACrE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAyC,MAAA,CAAO,GAAA,CAAI,oBAAoB,OAAQ,CAAA;AAAA,IACvF;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,mBAAA,EAAqB,MAAA,EAAQ,SAAA,EAAU;AAC5D;AASO,SAAS,mBAAmB,OAAA,EAAmD;AAClF,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA6D,OAAO,OAAA,KAAwC;AACtI,IAAA,MAAM,QAAA,GAAY,MAAM,MAAA,CAAO,GAAA,CAAI,mBAAmB,OAAQ,CAAA;AAC9D,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO,EAAE,MAAA,EAAQ,kBAAA,EAAoB,MAAA,EAAQ,SAAA,EAAU;AAC3D;;;AC7VO,SAAS,oBAAoB,OAAA,EAAqC;AACrE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,QAAA,CAAS,YAAY,OAAO,CAAA;AAAA,IACtD;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,WAAA,EAAa,MAAA,EAAQ,mBAAA,EAAqB,QAAQ,SAAA,EAAU;AACjF;AAQO,SAAS,yBAAyB,OAAA,EAAqC;AAC1E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,QAAA,CAAS,iBAAiB,OAAO,CAAA;AAAA,IAC3D;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,gBAAA,EAAkB,MAAA,EAAQ,wBAAA,EAA0B,QAAQ,SAAA,EAAU;AAC3F;AAQO,SAAS,oBAAoB,OAAA,EAAqC;AACrE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,QAAA,CAAS,YAAY,OAAO,CAAA;AAAA,IACtD;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,WAAA,EAAa,MAAA,EAAQ,mBAAA,EAAqB,QAAQ,SAAA,EAAU;AACjF;AAQO,SAAS,sBAAsB,OAAA,EAAqC;AACvE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAA2C,MAAA,CAAO,QAAA,CAAS,cAAc,OAAQ,CAAA;AAAA,IACxF;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,aAAA,EAAe,MAAA,EAAQ,qBAAA,EAAuB,QAAQ,SAAA,EAAU;AACrF;AAQO,SAAS,4BAA4B,OAAA,EAAqC;AAC7E,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA;AAAA,IAC1B,OAAO,OAAA,KAAY,MAAA,CAAO,QAAA,CAAS,mBAAA,CAAoB,SAAS,YAAY,CAAA;AAAA,IAC5E;AAAA,GACJ;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,mBAAA,EAAqB,MAAA,EAAQ,2BAAA,EAA6B,QAAQ,SAAA,EAAU;AACjG;;;AChFO,SAAS,kBAAkB,OAAA,EAA8E;AAC5G,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAe,OAAO,OAAA,KAAoD;AACpG,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,cAAA,CAAe,kBAAkB,OAAO,CAAA;AAC3E,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,iBAAA,EAAmB,MAAA;AAAA,IACnB;AAAA,GACJ;AACJ;;;ACVO,SAAS,cAAc,OAAA,EAAqC;AAC/D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,eAAe,YAAY;AACrD,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,GAAA,CAAI,aAAA,EAAc;AACrD,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,UAAA,EAAY,MAAA;AAAA,IACZ,aAAA,EAAe,MAAA;AAAA,IACf;AAAA,GACJ;AACJ;AAEO,SAAS,eAAe,OAAA,EAAqC;AAChE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAqC,OAAO,OAAA,KAAiB;AACvF,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,GAAA,CAAI,eAAe,OAAO,CAAA;AAC7D,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,WAAA,EAAa,MAAA;AAAA,IACb,cAAA,EAAgB,MAAA;AAAA,IAChB;AAAA,GACJ;AACJ;AAEO,SAAS,YAAY,OAAA,EAAqC;AAC7D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAqC,OAAO,OAAA,KAAiB;AACvF,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,GAAA,CAAI,YAAY,OAAO,CAAA;AAC1D,IAAA,MAAM,mBAAmB,QAAQ,CAAA;AACjC,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,QAAA,EAAU,MAAA;AAAA,IACV,WAAA,EAAa,MAAA;AAAA,IACb;AAAA,GACJ;AACJ;;;ACzCA,IAAI,iBAAA,GAAyC,IAAA;AAE7C,eAAe,WAAA,GAAc;AACzB,EAAA,IAAI,CAAC,iBAAA,EAAmB;AACpB,IAAA,iBAAA,GAAoB,MAAA,CAAO,IAAA,CAAK,EAAA,EAAG,CAAE,QAAQ,MAAM;AAC/C,MAAA,iBAAA,GAAoB,IAAA;AAAA,IACxB,CAAC,CAAA;AAAA,EACL;AACA,EAAA,OAAO,iBAAA;AACX;AAEO,SAAS,GAAG,OAAA,EAAqC;AACpD,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,eAAe,YAAY;AACrD,IAAA,MAAM,QAAA,GAAgB,MAAM,WAAA,EAAY;AACxC,IAAAA,QAAA,CAAY,WAAW,QAAQ,CAAA;AAC/B,IAAA,OAAO,QAAA,EAAU,IAAA;AAAA,EACrB,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,EAAA,EAAI,MAAA;AAAA,IACJ;AAAA,GACJ;AACJ;AAEO,SAAS,QAAQ,OAAA,EAAqC;AACzD,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAe,OAAO,OAAA,KAAiB;AACjE,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,IAAA,CAAK,QAAQ,OAAO,CAAA;AACvD,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,OAAA,EAAS,MAAA;AAAA,IACT;AAAA,GACJ;AACJ;AAEO,SAAS,cAAc,OAAA,EAAqC;AAC/D,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAAe,OAAO,OAAA,KAAiB;AACjE,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,IAAA,CAAK,cAAc,OAAO,CAAA;AAC7D,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,aAAA,EAAe,MAAA;AAAA,IACf,aAAA,EAAe,MAAA;AAAA,IACf;AAAA,GACJ;AACJ;AAKO,SAAS,eAAe,OAAA,EAAqC;AAChE,EAAA,MAAM,EAAE,MAAA,EAAQ,SAAA,EAAU,GAAI,cAAA,CAA2C,OAAO,OAAA,KAAiB;AAC7F,IAAA,MAAM,QAAA,GAAgB,MAAM,MAAA,CAAO,IAAA,CAAK,eAAe,OAAO,CAAA;AAC9D,IAAA,OAAO,QAAA;AAAA,EACX,GAAG,OAAO,CAAA;AAEV,EAAA,OAAO;AAAA,IACH,MAAA;AAAA,IACA,cAAA,EAAgB,MAAA;AAAA,IAChB;AAAA,GACJ;AACJ;;;ACMO,IAAM,OAAA,GAAU;AAAA,EACnB,QAAA;AAAA,EACA,KAAA;AAAA,EACA,aAAA;AAAA,EACA,OAAA;AAAA,EACA,MAAA;AAAA,EACA,QAAA;AAAA,EACA,WAAA;AAAA,EACA,oBAAA;AAAA,EACA,cAAA;AAAA,EACA,aAAA;AAAA,EACA,wBAAA;AAAA,EACA,iBAAA;AAAA,EACA,WAAA;AAAA,EACA,cAAA;AAAA,EACA,EAAA;AAAA,EACA,OAAA;AAAA,EACA,aAAA,EAAe,aAAA;AAAA,EACf,GAAA,EAAK;AAAA,IACD,SAAA;AAAA,IACA,OAAA,EAAS,UAAA;AAAA,IACT,qBAAA;AAAA,IACA,oBAAA;AAAA,IACA,SAAA,EAAW,YAAA;AAAA,IACX,cAAA,EAAgB,iBAAA;AAAA,IAChB,gBAAA;AAAA,IACA,kBAAA;AAAA,IACA,eAAA;AAAA,IACA,gBAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,qBAAA;AAAA,IACA,MAAA,EAAQ,SAAA;AAAA,IACR,SAAA;AAAA,IACA,uBAAA;AAAA,IACA,sBAAA;AAAA,IACA,mBAAA;AAAA,IACA,kBAAA;AAAA,IACA,uBAAA;AAAA,IACA,wBAAA;AAAA,IACA,mBAAA;AAAA,IACA;AAAA,GACJ;AAAA,EACA,QAAA,EAAU;AAAA,IACN,WAAA,EAAa,mBAAA;AAAA,IACb,gBAAA,EAAkB,wBAAA;AAAA,IAClB,WAAA,EAAa,mBAAA;AAAA,IACb,aAAA,EAAe,qBAAA;AAAA,IACf,mBAAA,EAAqB;AAAA,GACzB;AAAA,EACA,cAAA,EAAgB,iBAAA;AAAA,EAChB,GAAA,EAAK;AAAA,IACD,UAAA,EAAY,aAAA;AAAA,IACZ,WAAA,EAAa,cAAA;AAAA,IACb,QAAA,EAAU;AAAA,GACd;AAAA,EACA,OAAA,EAAS;AAAA,IACL,eAAA;AAAA,IACA,cAAA;AAAA,IACA,kBAAA,EAAoB,mBAAA;AAAA,IACpB,cAAA;AAAA,IACA,cAAA;AAAA,IACA,gBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,oBAAA;AAAA,IACA,oBAAA;AAAA,IACA,eAAA;AAAA,IACA,iBAAA;AAAA,IACA,mBAAA;AAAA,IACA,kBAAA;AAAA,IACA,yBAAA;AAAA,IACA,iBAAA;AAAA,IACA,qBAAA;AAAA,IACA,iCAAA;AAAA,IACA,0BAAA;AAAA,IACA,UAAU,OAA6B;AAAA,MACnC,cAAA,EAAgB,MAAM,OAAA,CAAQ,cAAA,EAAgB,CAAA;AAAA,MAC9C,oBAAA;AAAA,MACA;AAAA,KACJ,CAAA;AAAA,IACA,oBAAA,EAAsB,MAClB,oBAAA,CAA6B;AAAA,MACzB,cAAA,EAAgB,MAAM,OAAA,CAAQ,cAAA,EAAgB,CAAA;AAAA,MAC9C,oBAAA;AAAA,MACA;AAAA,KACH,CAAA;AAAA,IACL,sBAAA,EAAwB,MACpB,sBAAA,CAA+B;AAAA,MAC3B,cAAA,EAAgB,MAAM,OAAA,CAAQ,cAAA,EAAgB,CAAA;AAAA,MAC9C,oBAAA;AAAA,MACA;AAAA,KACH,CAAA;AAAA,IACL,cAAA,EAAgB,MACZ,cAAA,CAAe;AAAA,MACX,cAAA,EAAgB,MAAM,OAAA,CAAQ,cAAA,EAAgB,CAAA;AAAA,MAC9C,oBAAA;AAAA,MACA;AAAA,KACH;AAAA;AAEb;;;ACjKA,eAAsB,qBAAqB,KAAA,EAA6D;AACpG,EAAA,MAAM,UAAA,GAAa,MAAM,aAAA,EAAc;AACvC,EAAA,IAAI,QAAA,GAAW,MAAM,cAAA,EAAe;AACpC,EAAA,MAAM,UAAA,GAAa,MAAM,eAAA,EAAgB;AAEzC,EAAA,IAAI,cAAc,QAAA,EAAU;AACxB,IAAA,OAAO,SAAA;AAAA,EACX;AAEA,EAAA,IAAI,UAAA,IAAc,CAAC,QAAA,EAAU;AACzB,IAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,wBAAA,IAA2B;AACxD,IAAA,QAAA,GAAW,MAAM,cAAA,EAAe;AAChC,IAAA,IAAI,YAAY,QAAA,EAAU;AACtB,MAAA,OAAO,SAAA;AAAA,IACX;AACA,IAAA,KAAA,CAAM,cAAA,EAAe;AACrB,IAAA,OAAO,gBAAA;AAAA,EACX;AAEA,EAAA,IAAI,QAAA,IAAY,CAAC,UAAA,IAAc,CAAC,UAAA,EAAY;AACxC,IAAA,KAAA,CAAM,qBAAA,EAAsB;AAC5B,IAAA,OAAO,qBAAA;AAAA,EACX;AAEA,EAAA,OAAO,MAAA;AACX;;;ACbO,SAAS,uBAAuB,KAAA,EAAqD;AACxF,EAAA,MAAM;AAAA,IACF,QAAA;AAAA,IACA,iBAAA;AAAA,IACA,OAAA;AAAA,IACA,MAAA;AAAA,IACA,QAAA;AAAA,IACA,WAAA,GAAc,KAAA;AAAA,IACd,gBAAA,GAAmB,KAAA;AAAA,IACnB,uBAAA,GAA0B;AAAA,GAC9B,GAAI,KAAA;AAEJ,EAAA,IAAI,WAAA,EAAa;AACb,IAAA,OAAO,EAAE,MAAM,OAAA,EAAQ;AAAA,EAC3B;AAEA,EAAA,IAAI,mBAAA,CAAoB,OAAO,CAAA,EAAG;AAC9B,IAAA,IAAI,aAAa,QAAA,EAAU;AACvB,MAAA,OAAO,EAAE,MAAM,OAAA,EAAQ;AAAA,IAC3B;AACA,IAAA,OAAO,EAAE,MAAM,cAAA,EAAe;AAAA,EAClC;AAEA,EAAA,IAAI,gBAAA,IAAoB,CAAC,uBAAA,EAAyB;AAC9C,IAAA,OAAO,EAAE,MAAM,aAAA,EAAc;AAAA,EACjC;AAEA,EAAA,IAAI,uBAAA,IAA2B,CAAC,cAAA,CAAe,OAAO,CAAA,EAAG;AACrD,IAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC7B,MAAA,OAAO,EAAE,MAAM,OAAA,EAAQ;AAAA,IAC3B;AACA,IAAA,OAAO,EAAE,MAAM,gBAAA,EAAiB;AAAA,EACpC;AAEA,EAAA,MAAM,aAAA,GAAgB,qBAAqB,OAAO,CAAA;AAElD,EAAA,IAAI,CAAC,aAAA,EAAe;AAChB,IAAA,IAAI,iBAAA,CAAkB,QAAQ,CAAA,EAAG;AAC7B,MAAA,OAAO,EAAE,MAAM,OAAA,EAAQ;AAAA,IAC3B;AACA,IAAA,OAAO,EAAE,MAAM,gBAAA,EAAiB;AAAA,EACpC;AAEA,EAAA,IAAI,MAAA,EAAQ;AACR,IAAA,IAAI,MAAA,CAAO,kBAAkB,KAAA,EAAO;AAChC,MAAA,OAAO,EAAE,IAAA,EAAM,iBAAA,EAAmB,IAAA,EAAM,cAAA,EAAe;AAAA,IAC3D;AACA,IAAA,IAAI,CAAC,OAAO,KAAA,EAAO;AACf,MAAA,OAAO,EAAE,IAAA,EAAM,iBAAA,EAAmB,IAAA,EAAM,YAAA,EAAa;AAAA,IACzD;AACA,IAAA,IAAI,CAAC,OAAO,QAAA,EAAU;AAClB,MAAA,OAAO,EAAE,IAAA,EAAM,iBAAA,EAAmB,IAAA,EAAM,eAAA,EAAgB;AAAA,IAC5D;AAAA,EACJ;AAEA,EAAA,OAAO,EAAE,MAAM,OAAA,EAAQ;AAC3B","file":"chunk-4T7P7OOA.js","sourcesContent":["/**\n * Shared session predicates for client and admin portals.\n * Apps supply lane-specific refresh hints (cookie name / timing cookie).\n */\n\nexport type SessionContractInput = {\n /** In-memory access JWT present. */\n hasAccessToken: () => boolean\n /** Access JWT expired or within proactive refresh buffer. */\n isAccessTokenExpired: () => boolean\n /** Refresh session still valid (cookie / timing hint). */\n hasRefreshSession: () => boolean\n /** MFA gate: temp JWT + pending context. */\n isMfaPending?: () => boolean\n}\n\nexport function hasValidAccess(input: SessionContractInput): boolean {\n return input.hasAccessToken() && !input.isAccessTokenExpired()\n}\n\nexport function isFullyAuthenticated(input: SessionContractInput): boolean {\n if (input.isMfaPending?.()) {\n return false\n }\n if (hasValidAccess(input)) {\n return true\n }\n return input.hasRefreshSession()\n}\n\nexport function isMfaPendingSession(input: SessionContractInput): boolean {\n return Boolean(input.isMfaPending?.())\n}\n\nexport function hasAuthenticatedAccess(input: SessionContractInput): boolean {\n if (input.isMfaPending?.()) {\n return Boolean(input.hasAccessToken())\n }\n return hasValidAccess(input)\n}\n","/** Thrown when a full login response cannot be persisted (e.g. missing refresh token). */\nexport class SessionPersistenceError extends Error {\n constructor(message: string) {\n super(message)\n this.name = 'SessionPersistenceError'\n }\n}\n","import { setPortal, setSubscriptionType, setAccessToken, setRefreshToken, setLoggedInDetails, clearRefreshToken } from './auth-utils'\nimport { setConfig } from '../utils/hub-context'\nimport { actions as userActions } from '../../state/crm/use-user'\nimport { SessionPersistenceError } from './session-persistence-error'\nimport { logger } from '../logging/logger'\nimport { clearMfaPendingAccessToken, storeMfaPendingAccessToken } from '../auth/mfa-pending-token-storage.js'\n\nfunction unwrapLoginBody(response: any): Record<string, any> {\n return (response?.data ?? response ?? {}) as Record<string, any>\n}\n\n/**\n * Persists a full authenticated session (access + refresh tokens, portal, login details).\n * Use after successful login or MFA verify when `twoFactorRequired` is false.\n */\nexport async function completeLoginSession(response: any): Promise<any> {\n const body = unwrapLoginBody(response)\n const tokenData: any = body?.tokenData || {}\n const loggedInDetails: any = body?.loggedInDetails || {}\n const currentPortal: any = loggedInDetails?.currentPortal || {}\n const currentPortalId: any = currentPortal?.portalId || null\n const subscriptionType = loggedInDetails?.subscriptionType || 'BASIC'\n\n const token = tokenData?.token\n const refreshToken = tokenData?.refreshToken\n const expiresIn = tokenData?.expiresIn\n const refreshExpiresAt = tokenData?.refreshExpiresAt\n const rExpiresIn = tokenData?.refreshExpiresIn\n\n if (!token || typeof token !== 'string') {\n logger.error('auth', 'login session missing access token', { operation: 'completeLoginSession' })\n throw new SessionPersistenceError('Session persistence failed: missing access token in login response')\n }\n\n if (!refreshToken || typeof refreshToken !== 'string') {\n logger.error('auth', 'login session missing refresh token', { operation: 'completeLoginSession' })\n throw new SessionPersistenceError('Session persistence failed: missing refresh token in login response')\n }\n\n setPortal(currentPortal)\n setSubscriptionType(subscriptionType)\n await setAccessToken(token, expiresIn)\n await setRefreshToken(refreshToken, refreshExpiresAt ?? rExpiresIn)\n await setLoggedInDetails(body)\n userActions.setProfile(response?.data != null ? response : { data: body })\n\n setConfig.setDevPortalId(currentPortalId)\n\n clearMfaPendingAccessToken('c')\n\n return response\n}\n\n/**\n * Applies login/MFA-step response token rules:\n * - MFA pending: temp access JWT only (no refresh until verify completes)\n * - Full session: {@link completeLoginSession}\n */\nexport async function applyLoginResponse(response: any): Promise<any> {\n const data = unwrapLoginBody(response)\n if (data?.twoFactorRequired === true) {\n const tokenData: any = data?.tokenData || {}\n const token = tokenData?.token\n const expiresIn = tokenData?.expiresIn\n if (token) {\n clearRefreshToken()\n await setAccessToken(token, expiresIn)\n storeMfaPendingAccessToken(token, expiresIn, 'c')\n }\n return response\n }\n return completeLoginSession(response)\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport type {\n LoginPayload,\n LoginResponseData,\n MutationOptions,\n PreLoginPayload,\n ForgetPasswordPayload,\n VerifyEmailPayload,\n ResetPasswordVerifyTokenPayload,\n ResetPasswordPayload\n} from '../../../core/types'\nimport { createMutation } from '../../../core/mutation/createMutation'\nimport { applyLoginResponse } from '../../../core/http/login-session'\nimport { getParam } from '../../../core/utils/param'\nimport { clearClientAuthCookies } from '../../../core/utils/cookie'\nimport { clearAccessToken } from '../../../core/http/token-store'\n\nexport function preLogin(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PreLoginPayload, any>(async (payload: any) => {\n const response: any = await Client.authentication.preLogin(payload)\n return response\n }, options)\n\n return {\n mutate,\n preLogin: mutate,\n isLoading\n }\n}\n\n/**\n * Password login for the client portal.\n *\n * **API:** `POST /api/auth/login?hubId={hubId}`\n * **Session:** When `twoFactorRequired` is true, stores only the temp access JWT (no refresh until MFA completes).\n */\nexport function login(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<LoginPayload, LoginResponseData>(async (payload: any) => {\n const response = (await Client.authentication.login(payload)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n }, options)\n\n return {\n mutate,\n login: mutate,\n isLoading\n }\n}\n\nexport interface ClientSessionPayload {\n accessToken: string\n refreshToken?: string\n}\n\n/**\n * Exchange a management/deep-link token for a portal client session.\n *\n * **API:** `POST /api/auth/client-session`\n * **Auth:** Bearer access token header; optional refresh token in body.\n */\nexport interface AuthHandoffPayload {\n code: string\n hubId: number\n}\n\n/**\n * Redeem a one-time admin portal handoff code for a full client session.\n *\n * **API:** `POST /api/auth/handoff?hubId={hubId}`\n */\nexport function handoff(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<AuthHandoffPayload, LoginResponseData>(async (payload) => {\n const response = (await Client.authentication.handoff(payload!)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n }, options)\n\n return {\n mutate,\n handoff: mutate,\n isLoading\n }\n}\n\nexport function clientSession(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<ClientSessionPayload, LoginResponseData>(async (payload?: ClientSessionPayload) => {\n const response = (await Client.authentication.clientSession(payload!)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n }, options)\n\n return {\n mutate,\n clientSession: mutate,\n isLoading\n }\n}\n\nexport function register(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<any, any>(async (payload: any) => {\n const response: any = await Client.authentication.register(payload)\n return response\n }, options)\n\n return {\n mutate,\n register: mutate,\n isLoading\n }\n}\n\nexport function verifyEmail(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<VerifyEmailPayload, any>(async (payload: any) => {\n const verifyEmailPayload: VerifyEmailPayload = payload || {}\n const token: any = getParam('token')\n if (!verifyEmailPayload?.token) verifyEmailPayload.token = token\n const response: any = await Client.authentication.verifyEmail(verifyEmailPayload)\n return response\n }, options)\n\n return {\n mutate,\n verifyEmail: mutate,\n isLoading\n }\n}\n\nexport function resetPasswordVerifyToken(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<ResetPasswordVerifyTokenPayload, any>(async (payload: any) => {\n const resetPasswordVerifyTokenPayload: ResetPasswordVerifyTokenPayload = payload || {}\n const token: any = getParam('token')\n if (!resetPasswordVerifyTokenPayload?.token) resetPasswordVerifyTokenPayload.token = token\n const response: any = await Client.authentication.resetPasswordVerifyToken(resetPasswordVerifyTokenPayload)\n return response\n }, options)\n\n return {\n mutate,\n resetPasswordVerifyToken: mutate,\n isLoading\n }\n}\n\nexport function resetPassword(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<ResetPasswordPayload, any>(async (payload: any) => {\n const response: any = await Client.authentication.resetPassword(payload)\n return response\n }, options)\n\n return {\n mutate,\n resetPassword: mutate,\n isLoading\n }\n}\n\nexport function forgetPassword(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<ForgetPasswordPayload, any>(async (payload: any) => {\n const response: any = await Client.authentication.forgetPassword(payload)\n return response\n }, options)\n\n return {\n mutate,\n forgetPassword: mutate,\n isLoading\n }\n}\n\nexport function logout(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation(async () => {\n try {\n const response: any = await Client.authentication.logout()\n return response\n } finally {\n clearAccessToken()\n clearClientAuthCookies()\n }\n }, options)\n\n return {\n mutate,\n logout: mutate,\n isLoading\n }\n}\n\nexport function registerExistingUser(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<any, any>(async (payload: any) => {\n const response: any = await Client.authentication.registerExistingUser(payload)\n return response\n }, options)\n\n return {\n mutate,\n registerExistingUser: mutate,\n isLoading\n }\n}\n\nexport function verifyEmailResend(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<any, any>(async (payload: any) => {\n const response: any = await Client.authentication.verifyEmailResend(payload)\n return response\n }, options)\n\n return {\n mutate,\n verifyEmailResend: mutate,\n isLoading\n }\n}\n\nexport function resendEmail(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<any, any>(async (payload: any) => {\n const response: any = await Client.authentication.resendEmail(payload)\n return response\n }, options)\n\n return {\n mutate,\n resendEmail: mutate,\n isLoading\n }\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport { createMutation } from '../../../core/mutation/createMutation'\nimport { applyLoginResponse } from '../../../core/http/login-session'\nimport type {\n LoginResponseData,\n MfaEnrollmentStatus,\n MfaOtpSendRequest,\n MfaPendingPasskeyOptionsRequest,\n MfaPendingPasskeyVerifyRequest,\n MfaPreferenceRequest,\n MfaStatusQuery,\n MutationOptions,\n PasskeyLoginOptionsRequest,\n PasskeyLoginVerifyRequest,\n PhoneVerifyConfirmRequest,\n PhoneVerifyStartRequest,\n BackupCodesRegenerateRequest,\n MfaBackupCodesResponse,\n MfaOptOutRequest,\n PhoneUnverifyRequest,\n TotpDisableRequest,\n TotpEnrollVerifyRequest,\n TwoFaVerificationRequest,\n WebAuthnVerifyRequest\n} from '../../../core/types'\n\n/**\n * Complete the MFA login step after `api.login()` returned `twoFactorRequired: true`.\n *\n * **API:** `POST /api/auth/verify-otp?hubId={hubId}`\n * **Auth:** Bearer temp JWT; body `{ token, otp, method }` (`EMAIL_OTP` | `SMS_OTP` | `TOTP` | `BACKUP_CODE`).\n * **Session:** On success persists full access + refresh tokens (skips when still MFA-pending).\n */\nexport function verifyOtp(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<TwoFaVerificationRequest, LoginResponseData>(async (payload?: TwoFaVerificationRequest) => {\n const response = (await Client.authentication.verifyOtp(payload!)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n }, options)\n\n return { mutate, verifyOtp: mutate, isLoading }\n}\n\n/**\n * Resend OTP or switch to email/SMS on the MFA login gate.\n *\n * **API:** `POST /api/auth/mfa/pending/otp/send`\n * **Auth:** Bearer temp JWT; body `{ token, method }`.\n */\nexport function sendMfaOtp(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaOtpSendRequest, any>(\n async (payload?: MfaOtpSendRequest) => Client.mfa.sendPendingOtp(payload!),\n options\n )\n\n return { mutate, sendOtp: mutate, sendMfaOtp: mutate, isLoading }\n}\n\n/**\n * Start WebAuthn ceremony for passkey as second factor during login.\n *\n * **API:** `POST /api/auth/mfa/pending/passkey/authenticate/options`\n * **Auth:** Bearer temp JWT; body `{ token, portalId? }`.\n */\nexport function pendingPasskeyOptions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaPendingPasskeyOptionsRequest, any>(\n async (payload?: MfaPendingPasskeyOptionsRequest) => Client.mfa.pendingPasskeyOptions(payload!),\n options\n )\n\n return { mutate, pendingPasskeyOptions: mutate, isLoading }\n}\n\n/**\n * Finish passkey MFA-step and complete login when successful.\n *\n * **API:** `POST /api/auth/mfa/pending/passkey/authenticate/verify?hubId={hubId}`\n * **Auth:** Bearer temp JWT; body `{ token, challengeId, credential, portalId? }`.\n * **Session:** On success persists full access + refresh tokens.\n */\nexport function pendingPasskeyVerify(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<MfaPendingPasskeyVerifyRequest, LoginResponseData>(\n async (payload?: MfaPendingPasskeyVerifyRequest) => {\n const response = (await Client.mfa.pendingPasskeyVerify(payload!)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n },\n options\n )\n\n return { mutate, pendingPasskeyVerify: mutate, isLoading }\n}\n\n/**\n * MFA enrollment and policy snapshot for the security settings UI.\n *\n * **API:** `GET /api/auth/mfa/status?portalId={portalId}`\n * **Auth:** Bearer access JWT (full session).\n */\nexport function getMfaStatus(options?: MutationOptions<MfaEnrollmentStatus, any>) {\n const { mutate, isLoading } = createMutation<MfaStatusQuery | undefined, MfaEnrollmentStatus>(\n async (payload) => (await Client.mfa.getStatus(payload)) as MfaEnrollmentStatus,\n options\n )\n\n return { mutate, getStatus: mutate, getMfaStatus: mutate, isLoading }\n}\n\n/**\n * Set the user's default MFA method for this hub/portal scope.\n *\n * **API:** `PUT /api/auth/mfa/preferences?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ defaultMethod }`.\n */\nexport function setMfaPreferences(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaPreferenceRequest & MfaStatusQuery, any>(\n async (payload?: MfaPreferenceRequest & MfaStatusQuery) => {\n const { portalId, ...data } = payload!\n return Client.mfa.setPreferences(data, { portalId })\n },\n options\n )\n\n return { mutate, setPreferences: mutate, setMfaPreferences: mutate, isLoading }\n}\n\n/**\n * Send OTP to verify the user's phone number (enables SMS OTP at login).\n *\n * **API:** `POST /api/auth/mfa/phone/verify/start?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ phone }` (E.164, e.g. `+14155552671`).\n */\nexport function startPhoneVerify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PhoneVerifyStartRequest & MfaStatusQuery, any>(async (payload) => {\n const { portalId, ...data } = payload ?? { phone: '' }\n return Client.mfa.startPhoneVerify(data, portalId != null ? { portalId } : undefined)\n }, options)\n\n return { mutate, startPhoneVerify: mutate, isLoading }\n}\n\n/**\n * Confirm phone verification with the OTP code.\n *\n * **API:** `POST /api/auth/mfa/phone/verify/confirm?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ phone, code }`.\n */\nexport function confirmPhoneVerify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PhoneVerifyConfirmRequest & MfaStatusQuery, any>(async (payload) => {\n const { portalId, ...data } = payload ?? { phone: '', code: '' }\n return Client.mfa.confirmPhoneVerify(data, portalId != null ? { portalId } : undefined)\n }, options)\n\n return { mutate, confirmPhoneVerify: mutate, isLoading }\n}\n\n/**\n * Start TOTP authenticator enrollment for the current portal scope.\n *\n * **API:** `POST /api/auth/mfa/totp/enroll/start?portalId={portalId}`\n * **Auth:** Bearer access JWT. Returns `secret`, `otpauthUri`, `scopeKey`.\n */\nexport function totpEnrollStart(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaStatusQuery | undefined, any>(async (payload) => Client.mfa.totpEnrollStart(payload), options)\n\n return { mutate, totpEnrollStart: mutate, isLoading }\n}\n\n/**\n * Confirm TOTP enrollment and receive one-time backup codes.\n *\n * **API:** `POST /api/auth/mfa/totp/enroll/verify?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ code, portalId? }`.\n */\nexport function totpEnrollVerify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<TotpEnrollVerifyRequest, any>(\n async (payload?: TotpEnrollVerifyRequest) => Client.mfa.totpEnrollVerify(payload!),\n options\n )\n\n return { mutate, totpEnrollVerify: mutate, isLoading }\n}\n\n/**\n * Disable TOTP for the current scope (requires current password).\n *\n * **API:** `POST /api/auth/mfa/totp/disable`\n * **Auth:** Bearer access JWT; body `{ password }`.\n */\nexport function totpDisable(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<TotpDisableRequest & MfaStatusQuery, any>(async (payload?: TotpDisableRequest & MfaStatusQuery) => {\n const { portalId, ...data } = payload!\n return Client.mfa.totpDisable(data, { portalId })\n }, options)\n\n return { mutate, totpDisable: mutate, isLoading }\n}\n\n/**\n * Remove SMS MFA by clearing phone verification for the current scope.\n *\n * **API:** `POST /api/auth/mfa/phone/unverify?portalId={portalId}`\n */\nexport function phoneUnverify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PhoneUnverifyRequest & MfaStatusQuery, any>(\n async (payload?: PhoneUnverifyRequest & MfaStatusQuery) => {\n const { portalId, ...data } = payload!\n return Client.mfa.phoneUnverify(data, { portalId })\n },\n options\n )\n\n return { mutate, phoneUnverify: mutate, isLoading }\n}\n\n/**\n * Regenerate backup codes (password + TOTP step-up). Plaintext codes returned once.\n *\n * **API:** `POST /api/auth/mfa/backup-codes/regenerate?portalId={portalId}`\n */\nexport function backupCodesRegenerate(options?: MutationOptions<MfaBackupCodesResponse, any>) {\n const { mutate, isLoading } = createMutation<BackupCodesRegenerateRequest & MfaStatusQuery, MfaBackupCodesResponse>(\n async (payload?: BackupCodesRegenerateRequest & MfaStatusQuery) => {\n const { portalId, ...data } = payload!\n return Client.mfa.backupCodesRegenerate(data, { portalId })\n },\n options\n )\n\n return { mutate, backupCodesRegenerate: mutate, isLoading }\n}\n\n/**\n * Turn off all voluntary MFA enrollments when policy allows.\n *\n * **API:** `POST /api/auth/mfa/opt-out?portalId={portalId}`\n */\nexport function mfaOptOut(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaOptOutRequest & MfaStatusQuery, any>(async (payload?: MfaOptOutRequest & MfaStatusQuery) => {\n const { portalId, ...data } = payload!\n return Client.mfa.optOut(data, { portalId })\n }, options)\n\n return { mutate, optOut: mutate, mfaOptOut: mutate, isLoading }\n}\n\n/**\n * Start passkey (WebAuthn) registration ceremony.\n *\n * **API:** `POST /api/auth/mfa/webauthn/register/options?portalId={portalId}`\n * **Auth:** Bearer access JWT.\n */\nexport function webauthnRegisterOptions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaStatusQuery | undefined, any>(\n async (payload) => Client.mfa.webauthnRegisterOptions(payload),\n options\n )\n\n return { mutate, webauthnRegisterOptions: mutate, isLoading }\n}\n\n/**\n * Complete passkey registration after `@simplewebauthn/browser` ceremony.\n *\n * **API:** `POST /api/auth/mfa/webauthn/register/verify?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ challengeId, credential, nickname?, portalId? }`.\n */\nexport function webauthnRegisterVerify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<WebAuthnVerifyRequest, any>(\n async (payload?: WebAuthnVerifyRequest) => Client.mfa.webauthnRegisterVerify(payload!),\n options\n )\n\n return { mutate, webauthnRegisterVerify: mutate, isLoading }\n}\n\n/**\n * Start passkey authentication ceremony while logged in (re-verify).\n *\n * **API:** `POST /api/auth/mfa/webauthn/authenticate/options?portalId={portalId}`\n * **Auth:** Bearer access JWT.\n */\nexport function webauthnAuthOptions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaStatusQuery | undefined, any>(async (payload) => Client.mfa.webauthnAuthOptions(payload), options)\n\n return { mutate, webauthnAuthOptions: mutate, isLoading }\n}\n\n/**\n * Complete logged-in passkey re-verification.\n *\n * **API:** `POST /api/auth/mfa/webauthn/authenticate/verify?portalId={portalId}`\n * **Auth:** Bearer access JWT; body `{ challengeId, credential, portalId? }`.\n */\nexport function webauthnAuthVerify(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<WebAuthnVerifyRequest, any>(\n async (payload?: WebAuthnVerifyRequest) => Client.mfa.webauthnAuthVerify(payload!),\n options\n )\n\n return { mutate, webauthnAuthVerify: mutate, isLoading }\n}\n\n/**\n * List passkeys registered for the portal scope.\n *\n * **API:** `GET /api/auth/mfa/webauthn/credentials?portalId={portalId}`\n * **Auth:** Bearer access JWT.\n */\nexport function listWebauthnCredentials(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<MfaStatusQuery | undefined, any>(\n async (payload) => Client.mfa.listWebauthnCredentials(payload),\n options\n )\n\n return { mutate, listWebauthnCredentials: mutate, isLoading }\n}\n\n/**\n * Remove a registered passkey.\n *\n * **API:** `DELETE /api/auth/mfa/webauthn/credentials/{credentialRecordId}?portalId={portalId}`\n * **Auth:** Bearer access JWT.\n */\nexport function deleteWebauthnCredential(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<{ credentialRecordId: string | number } & MfaStatusQuery, any>(\n async (payload?: { credentialRecordId: string | number } & MfaStatusQuery) => {\n const { credentialRecordId, portalId } = payload!\n return Client.mfa.deleteWebauthnCredential(credentialRecordId, { portalId })\n },\n options\n )\n\n return { mutate, deleteWebauthnCredential: mutate, isLoading }\n}\n\n/**\n * Start passwordless passkey login (when `PASSKEY_PRIMARY` is allowed).\n *\n * **API:** `POST /api/auth/passkey/login/options?hubId={hubId}`\n * **Auth:** Public; body `{ email, hubId?, portalId? }`.\n */\nexport function passkeyLoginOptions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PasskeyLoginOptionsRequest, any>(\n async (payload?: PasskeyLoginOptionsRequest) => Client.mfa.passkeyLoginOptions(payload!),\n options\n )\n\n return { mutate, passkeyLoginOptions: mutate, isLoading }\n}\n\n/**\n * Finish passwordless passkey login; may return `twoFactorRequired` if policy requires MFA.\n *\n * **API:** `POST /api/auth/passkey/login/verify?hubId={hubId}`\n * **Auth:** Public; body `{ challengeId, credential, portalId? }`.\n * **Session:** Applies MFA-aware token rules via {@link applyLoginResponse}.\n */\nexport function passkeyLoginVerify(options?: MutationOptions<LoginResponseData, any>) {\n const { mutate, isLoading } = createMutation<PasskeyLoginVerifyRequest, LoginResponseData>(async (payload?: PasskeyLoginVerifyRequest) => {\n const response = (await Client.mfa.passkeyLoginVerify(payload!)) as LoginResponseData\n await applyLoginResponse(response)\n return response\n }, options)\n\n return { mutate, passkeyLoginVerify: mutate, isLoading }\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport { createMutation } from '../../../core/mutation/createMutation'\nimport type {\n MutationOptions,\n RevokeSecuritySessionPayload,\n SecurityLoginActivityQuery,\n SecurityOverviewQuery,\n SecuritySessionsQuery\n} from '../../../core/types'\n\n/**\n * Security settings overview (password age, MFA methods, policy flags).\n * Use this for the Security page — not `api.me()` + `api.getMfaStatus()`.\n *\n * **API:** `GET /api/auth/security/overview?portalId={portalId}`\n * **Auth:** Bearer access JWT.\n */\nexport function getSecurityOverview(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<SecurityOverviewQuery | undefined, any>(\n async (payload) => Client.security.getOverview(payload),\n options\n )\n\n return { mutate, getOverview: mutate, getSecurityOverview: mutate, isLoading }\n}\n\n/**\n * Paginated login activity for the Security page.\n *\n * **API:** `GET /api/auth/security/login-activity?page=&limit=&sort=`\n * **Auth:** Bearer access JWT.\n */\nexport function getSecurityLoginActivity(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<SecurityLoginActivityQuery | undefined, any>(\n async (payload) => Client.security.getLoginActivity(payload),\n options\n )\n\n return { mutate, getLoginActivity: mutate, getSecurityLoginActivity: mutate, isLoading }\n}\n\n/**\n * List active sessions (refresh-token families) for the Security page.\n *\n * **API:** `GET /api/auth/security/sessions?currentFamilyId=`\n * **Auth:** Bearer access JWT; optional `refreshToken` in payload → `X-Refresh-Token` header to mark current session.\n */\nexport function getSecuritySessions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<SecuritySessionsQuery | undefined, any>(\n async (payload) => Client.security.getSessions(payload),\n options\n )\n\n return { mutate, getSessions: mutate, getSecuritySessions: mutate, isLoading }\n}\n\n/**\n * Sign out a single device/session by `familyId`.\n *\n * **API:** `POST /api/auth/security/sessions/{familyId}/revoke`\n * **Auth:** Bearer access JWT; optional `refreshToken` in payload.\n */\nexport function revokeSecuritySession(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<RevokeSecuritySessionPayload, any>(\n async (payload?: RevokeSecuritySessionPayload) => Client.security.revokeSession(payload!),\n options\n )\n\n return { mutate, revokeSession: mutate, revokeSecuritySession: mutate, isLoading }\n}\n\n/**\n * Sign out all other devices; keeps the current session when `refreshToken` is provided.\n *\n * **API:** `POST /api/auth/security/sessions/revoke-others`\n * **Auth:** Bearer access JWT; optional `refreshToken` in payload → `X-Refresh-Token` header.\n */\nexport function revokeOtherSecuritySessions(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<{ refreshToken?: string } | undefined, any>(\n async (payload) => Client.security.revokeOtherSessions(payload?.refreshToken),\n options\n )\n\n return { mutate, revokeOtherSessions: mutate, revokeOtherSecuritySessions: mutate, isLoading }\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport type { MutationOptions } from '../../../core/types'\nimport { createMutation } from '../../../core/mutation/createMutation'\n\nexport function getLoginBootstrap(options?: MutationOptions<any, { hubId?: number; portalId?: number } | void>) {\n const { mutate, isLoading } = createMutation(async (payload?: { hubId?: number; portalId?: number }) => {\n const response: any = await Client.authentication.getLoginBootstrap(payload)\n return response\n }, options)\n\n return {\n mutate,\n getLoginBootstrap: mutate,\n isLoading\n }\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport type { MutationOptions, PreLoginPayload } from '../../../core/types'\nimport { createMutation } from '../../../core/mutation/createMutation'\nimport { applyLoginResponse } from '../../../core/http/login-session'\n\nexport function getSsoDetails(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation(async () => {\n const response: any = await Client.sso.getSsoDetails()\n return response\n }, options)\n\n return {\n mutate,\n getDetails: mutate,\n getSsoDetails: mutate,\n isLoading\n }\n}\n\nexport function generateSsoUrl(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PreLoginPayload, any>(async (payload: any) => {\n const response: any = await Client.sso.generateSsoUrl(payload)\n return response\n }, options)\n\n return {\n mutate,\n generateUrl: mutate,\n generateSsoUrl: mutate,\n isLoading\n }\n}\n\nexport function ssoCallback(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<PreLoginPayload, any>(async (payload: any) => {\n const response: any = await Client.sso.ssoCallback(payload)\n await applyLoginResponse(response)\n return response\n }, options)\n\n return {\n mutate,\n callback: mutate,\n ssoCallback: mutate,\n isLoading\n }\n}\n","import { Client } from '../../../core/http/client-assembler'\nimport type { ChangePasswordPayload, MutationOptions } from '../../../core/types'\nimport { createMutation } from '../../../core/mutation/createMutation'\nimport { actions as userActions } from '../../../state/crm/use-user'\n\nlet meRequestInFlight: Promise<any> | null = null\n\nasync function fetchMeOnce() {\n if (!meRequestInFlight) {\n meRequestInFlight = Client.user.me().finally(() => {\n meRequestInFlight = null\n })\n }\n return meRequestInFlight\n}\n\nexport function me(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation(async () => {\n const response: any = await fetchMeOnce()\n userActions.setProfile(response)\n return response?.data\n }, options)\n\n return {\n mutate,\n me: mutate,\n isLoading\n }\n}\n\nexport function profile(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation(async (paylaod: any) => {\n const response: any = await Client.user.profile(paylaod)\n return response\n }, options)\n\n return {\n mutate,\n profile: mutate,\n isLoading\n }\n}\n\nexport function profileUpdate(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation(async (paylaod: any) => {\n const response: any = await Client.user.profileUpdate(paylaod)\n return response\n }, options)\n\n return {\n mutate,\n updateProfile: mutate,\n profileUpdate: mutate,\n isLoading\n }\n}\n\n/** @deprecated Use {@link profileUpdate} — same factory; 3.0 nested key is `updateProfile`. */\nexport const updateProfile = profileUpdate\n\nexport function changePassword(options?: MutationOptions<any, any>) {\n const { mutate, isLoading } = createMutation<ChangePasswordPayload, any>(async (payload: any) => {\n const response: any = await Client.user.changePassword(payload)\n return response\n }, options)\n\n return {\n mutate,\n changePassword: mutate,\n isLoading\n }\n}\n","import {\n preLogin,\n login,\n clientSession,\n handoff,\n register,\n verifyEmail,\n forgetPassword,\n logout,\n resetPasswordVerifyToken,\n resetPassword,\n registerExistingUser,\n verifyEmailResend,\n resendEmail\n} from '../features/auth/api/authentication'\nimport {\n verifyOtp,\n sendMfaOtp,\n pendingPasskeyOptions,\n pendingPasskeyVerify,\n getMfaStatus,\n setMfaPreferences,\n startPhoneVerify,\n confirmPhoneVerify,\n totpEnrollStart,\n totpEnrollVerify,\n totpDisable,\n phoneUnverify,\n backupCodesRegenerate,\n mfaOptOut,\n webauthnRegisterOptions,\n webauthnRegisterVerify,\n webauthnAuthOptions,\n webauthnAuthVerify,\n listWebauthnCredentials,\n deleteWebauthnCredential,\n passkeyLoginOptions,\n passkeyLoginVerify\n} from '../features/auth/api/mfa'\nimport {\n getSecurityOverview,\n getSecurityLoginActivity,\n getSecuritySessions,\n revokeSecuritySession,\n revokeOtherSecuritySessions\n} from '../features/auth/api/security'\nimport { getLoginBootstrap } from '../features/auth/api/login-bootstrap'\nimport { getSsoDetails, generateSsoUrl, ssoCallback } from '../features/auth/api/sso'\nimport { changePassword, me, profile, profileUpdate } from '../features/auth/api/users'\nimport { getRefreshToken, setAccessToken as persistAccessToken } from '../core/http/auth-utils'\nimport { getAuthRefreshToken } from '../core/http/http-client'\nimport {\n clearAccessToken,\n didLastRefreshFail,\n getAccessToken,\n isAuthenticateApp,\n isAuthenticated,\n isExpiresAccessToken,\n isAccessTokenExpired,\n hasRefreshSession,\n hasValidAccessToken,\n isRefreshInFlight,\n isSessionRefreshExhausted,\n refreshSession,\n resetSessionAuthState,\n clearSessionRefreshExhaustedState,\n hydrateSessionRefreshState\n} from '../core/http/token-store'\nimport { isCookieExpired } from '../core/utils/cookie'\nimport {\n hasValidAccess,\n isFullyAuthenticated as isFullyAuthenticatedContract,\n hasAuthenticatedAccess as hasAuthenticatedAccessContract,\n type SessionContractInput\n} from '../core/auth/session-contract'\n\n/** Canonical nested auth API (SDK 3.0). */\nexport const authApi = {\n preLogin,\n login,\n clientSession,\n handoff,\n logout,\n register,\n verifyEmail,\n registerExistingUser,\n forgetPassword,\n resetPassword,\n resetPasswordVerifyToken,\n verifyEmailResend,\n resendEmail,\n changePassword,\n me,\n profile,\n updateProfile: profileUpdate,\n mfa: {\n verifyOtp,\n sendOtp: sendMfaOtp,\n pendingPasskeyOptions,\n pendingPasskeyVerify,\n getStatus: getMfaStatus,\n setPreferences: setMfaPreferences,\n startPhoneVerify,\n confirmPhoneVerify,\n totpEnrollStart,\n totpEnrollVerify,\n totpDisable,\n phoneUnverify,\n backupCodesRegenerate,\n optOut: mfaOptOut,\n mfaOptOut,\n webauthnRegisterOptions,\n webauthnRegisterVerify,\n webauthnAuthOptions,\n webauthnAuthVerify,\n listWebauthnCredentials,\n deleteWebauthnCredential,\n passkeyLoginOptions,\n passkeyLoginVerify\n },\n security: {\n getOverview: getSecurityOverview,\n getLoginActivity: getSecurityLoginActivity,\n getSessions: getSecuritySessions,\n revokeSession: revokeSecuritySession,\n revokeOtherSessions: revokeOtherSecuritySessions\n },\n loginBootstrap: getLoginBootstrap,\n sso: {\n getDetails: getSsoDetails,\n generateUrl: generateSsoUrl,\n callback: ssoCallback\n },\n session: {\n getRefreshToken,\n refreshSession,\n refreshAccessToken: getAuthRefreshToken,\n getAccessToken,\n setAccessToken: persistAccessToken,\n clearAccessToken,\n isAuthenticated,\n isAuthenticateApp,\n isAccessTokenExpired,\n isExpiresAccessToken,\n isCookieExpired,\n hasRefreshSession,\n hasValidAccessToken,\n didLastRefreshFail,\n isSessionRefreshExhausted,\n isRefreshInFlight,\n resetSessionAuthState,\n clearSessionRefreshExhaustedState,\n hydrateSessionRefreshState,\n contract: (): SessionContractInput => ({\n hasAccessToken: () => Boolean(getAccessToken()),\n isAccessTokenExpired: isAccessTokenExpired,\n hasRefreshSession\n }),\n isFullyAuthenticated: () =>\n isFullyAuthenticatedContract({\n hasAccessToken: () => Boolean(getAccessToken()),\n isAccessTokenExpired: isAccessTokenExpired,\n hasRefreshSession\n }),\n hasAuthenticatedAccess: () =>\n hasAuthenticatedAccessContract({\n hasAccessToken: () => Boolean(getAccessToken()),\n isAccessTokenExpired: isAccessTokenExpired,\n hasRefreshSession\n }),\n hasValidAccess: () =>\n hasValidAccess({\n hasAccessToken: () => Boolean(getAccessToken()),\n isAccessTokenExpired: isAccessTokenExpired,\n hasRefreshSession\n })\n }\n}\n","export type MfaBootRecoveryResult = 'pending' | 'orphan_cleared' | 'stale_token_cleared' | 'none'\n\nexport type MfaBootRecoveryInput = {\n hasMfaContext: () => boolean\n hasAccessToken: () => boolean\n hasRefreshToken: () => boolean\n clearMfaOrphan: () => void\n clearStaleAccessToken: () => void\n /** Restore temp MFA JWT from sessionStorage after refresh. Return true when hydrated. */\n tryHydrateMfaAccessToken?: () => boolean | Promise<boolean>\n}\n\n/**\n * Normalize MFA gate state on cold load before the router mounts.\n * When sessionStorage holds a valid temp MFA JWT, hydrates in-memory access token so MFA can resume.\n */\nexport async function recoverMfaGateOnBoot(input: MfaBootRecoveryInput): Promise<MfaBootRecoveryResult> {\n const hasContext = input.hasMfaContext()\n let hasToken = input.hasAccessToken()\n const hasRefresh = input.hasRefreshToken()\n\n if (hasContext && hasToken) {\n return 'pending'\n }\n\n if (hasContext && !hasToken) {\n const hydrated = await input.tryHydrateMfaAccessToken?.()\n hasToken = input.hasAccessToken()\n if (hydrated && hasToken) {\n return 'pending'\n }\n input.clearMfaOrphan()\n return 'orphan_cleared'\n }\n\n if (hasToken && !hasContext && !hasRefresh) {\n input.clearStaleAccessToken()\n return 'stale_token_cleared'\n }\n\n return 'none'\n}\n\nexport type { VisibilityRefreshOptions } from '../http/visibility-refresh-scheduler.js'\nexport { startVisibilityRefreshScheduler, stopVisibilityRefreshScheduler } from '../http/visibility-refresh-scheduler.js'\n","import { hasValidAccess, isFullyAuthenticated, isMfaPendingSession, type SessionContractInput } from './session-contract.js'\n\nexport type AuthRouteAction =\n | { kind: 'allow' }\n | { kind: 'show_loader' }\n | { kind: 'redirect_login'; returnUrl?: string }\n | { kind: 'redirect_mfa' }\n | { kind: 'redirect_funnel'; step: 'email_verify' | 'hub_select' | 'portal_select' }\n\nexport type AuthFunnelState = {\n emailVerified?: boolean\n hubId?: number | string | null\n portalId?: number | string | null\n}\n\nexport type ResolveAuthRouteActionInput = {\n pathname: string\n isPublicAuthRoute: (pathname: string) => boolean\n session: SessionContractInput\n funnel?: AuthFunnelState\n mfaRoute: string\n previewMode?: boolean\n /** When refresh hint exists but access token missing — session restoring. */\n sessionRestoring?: boolean\n /** Refresh already failed — do not show restoring loader; redirect to login. */\n sessionRefreshExhausted?: boolean\n}\n\nexport function resolveAuthRouteAction(input: ResolveAuthRouteActionInput): AuthRouteAction {\n const {\n pathname,\n isPublicAuthRoute,\n session,\n funnel,\n mfaRoute,\n previewMode = false,\n sessionRestoring = false,\n sessionRefreshExhausted = false\n } = input\n\n if (previewMode) {\n return { kind: 'allow' }\n }\n\n if (isMfaPendingSession(session)) {\n if (pathname === mfaRoute) {\n return { kind: 'allow' }\n }\n return { kind: 'redirect_mfa' }\n }\n\n if (sessionRestoring && !sessionRefreshExhausted) {\n return { kind: 'show_loader' }\n }\n\n if (sessionRefreshExhausted && !hasValidAccess(session)) {\n if (isPublicAuthRoute(pathname)) {\n return { kind: 'allow' }\n }\n return { kind: 'redirect_login' }\n }\n\n const authenticated = isFullyAuthenticated(session)\n\n if (!authenticated) {\n if (isPublicAuthRoute(pathname)) {\n return { kind: 'allow' }\n }\n return { kind: 'redirect_login' }\n }\n\n if (funnel) {\n if (funnel.emailVerified === false) {\n return { kind: 'redirect_funnel', step: 'email_verify' }\n }\n if (!funnel.hubId) {\n return { kind: 'redirect_funnel', step: 'hub_select' }\n }\n if (!funnel.portalId) {\n return { kind: 'redirect_funnel', step: 'portal_select' }\n }\n }\n\n return { kind: 'allow' }\n}\n"]}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import { WP_STORAGE_KEYS, wpClientIframeRefreshKey, wpClientIframeRefreshExpKey } from './chunk-
|
|
1
|
+
import { isCookieExpired, getStorageKeys, getCookie, isCorruptCookieRawValue, stringifyCookieValue, setCookie, parseCookieJson, removeCookie } from './chunk-6XIX6R4X.js';
|
|
2
|
+
import { WP_STORAGE_KEYS, wpClientIframeRefreshKey, wpClientIframeRefreshExpKey } from './chunk-UDAPRD7Z.js';
|
|
3
3
|
import axios from 'axios';
|
|
4
4
|
|
|
5
5
|
// src/main/core/utils/constants.ts
|
|
@@ -307,6 +307,156 @@ var logger = {
|
|
|
307
307
|
}
|
|
308
308
|
};
|
|
309
309
|
|
|
310
|
+
// src/main/core/auth/mfa-pending-token-storage.ts
|
|
311
|
+
function keysForLane(lane) {
|
|
312
|
+
const mfa = lane === "a" ? WP_STORAGE_KEYS.a.mfa : WP_STORAGE_KEYS.c.mfa;
|
|
313
|
+
return {
|
|
314
|
+
token: mfa.pendingToken,
|
|
315
|
+
exp: mfa.pendingTokenExp
|
|
316
|
+
};
|
|
317
|
+
}
|
|
318
|
+
function readExpiresAt(raw) {
|
|
319
|
+
if (raw == null || raw === "") {
|
|
320
|
+
return null;
|
|
321
|
+
}
|
|
322
|
+
const parsed = Number(raw);
|
|
323
|
+
return Number.isFinite(parsed) ? parsed : null;
|
|
324
|
+
}
|
|
325
|
+
function getSessionStorage() {
|
|
326
|
+
if (typeof globalThis === "undefined") {
|
|
327
|
+
return null;
|
|
328
|
+
}
|
|
329
|
+
try {
|
|
330
|
+
if (globalThis.sessionStorage != null) {
|
|
331
|
+
return globalThis.sessionStorage;
|
|
332
|
+
}
|
|
333
|
+
const win = globalThis.window;
|
|
334
|
+
return win?.sessionStorage ?? null;
|
|
335
|
+
} catch {
|
|
336
|
+
return null;
|
|
337
|
+
}
|
|
338
|
+
}
|
|
339
|
+
function storeMfaPendingAccessToken(token, expiresInSeconds, lane = "c") {
|
|
340
|
+
const storage2 = getSessionStorage();
|
|
341
|
+
if (!storage2) {
|
|
342
|
+
return;
|
|
343
|
+
}
|
|
344
|
+
if (!token || typeof token !== "string") {
|
|
345
|
+
return;
|
|
346
|
+
}
|
|
347
|
+
const keys = keysForLane(lane);
|
|
348
|
+
const expiresAt = typeof expiresInSeconds === "number" && expiresInSeconds > 0 ? Date.now() + expiresInSeconds * 1e3 : Date.now() + 15 * 60 * 1e3;
|
|
349
|
+
try {
|
|
350
|
+
storage2.setItem(keys.token, token);
|
|
351
|
+
storage2.setItem(keys.exp, String(expiresAt));
|
|
352
|
+
} catch {
|
|
353
|
+
}
|
|
354
|
+
}
|
|
355
|
+
function readMfaPendingAccessToken(lane = "c") {
|
|
356
|
+
const storage2 = getSessionStorage();
|
|
357
|
+
if (!storage2) {
|
|
358
|
+
return null;
|
|
359
|
+
}
|
|
360
|
+
const keys = keysForLane(lane);
|
|
361
|
+
try {
|
|
362
|
+
const token = storage2.getItem(keys.token);
|
|
363
|
+
if (!token) {
|
|
364
|
+
return null;
|
|
365
|
+
}
|
|
366
|
+
const expiresAt = readExpiresAt(storage2.getItem(keys.exp));
|
|
367
|
+
if (expiresAt == null || Date.now() >= expiresAt) {
|
|
368
|
+
clearMfaPendingAccessToken(lane);
|
|
369
|
+
return null;
|
|
370
|
+
}
|
|
371
|
+
return { token, expiresAt };
|
|
372
|
+
} catch {
|
|
373
|
+
return null;
|
|
374
|
+
}
|
|
375
|
+
}
|
|
376
|
+
function clearMfaPendingAccessToken(lane = "c") {
|
|
377
|
+
const storage2 = getSessionStorage();
|
|
378
|
+
if (!storage2) {
|
|
379
|
+
return;
|
|
380
|
+
}
|
|
381
|
+
const keys = keysForLane(lane);
|
|
382
|
+
try {
|
|
383
|
+
storage2.removeItem(keys.token);
|
|
384
|
+
storage2.removeItem(keys.exp);
|
|
385
|
+
} catch {
|
|
386
|
+
}
|
|
387
|
+
}
|
|
388
|
+
function isMfaPendingAccessSession(lane = "c") {
|
|
389
|
+
return readMfaPendingAccessToken(lane) != null;
|
|
390
|
+
}
|
|
391
|
+
async function hydrateMfaPendingAccessToken(input) {
|
|
392
|
+
const lane = input.lane ?? "c";
|
|
393
|
+
const pending = readMfaPendingAccessToken(lane);
|
|
394
|
+
if (!pending) {
|
|
395
|
+
return false;
|
|
396
|
+
}
|
|
397
|
+
const ttlSeconds = Math.max(1, Math.floor((pending.expiresAt - Date.now()) / 1e3));
|
|
398
|
+
await input.setAccessToken(pending.token, ttlSeconds);
|
|
399
|
+
return true;
|
|
400
|
+
}
|
|
401
|
+
|
|
402
|
+
// src/main/core/http/refresh-lock.ts
|
|
403
|
+
var LOCK_NAME = "wp.client.auth.refresh";
|
|
404
|
+
var STORAGE_LOCK_KEY = WP_STORAGE_KEYS.c.auth.refreshLock;
|
|
405
|
+
var LOCK_TTL_MS = 3e4;
|
|
406
|
+
async function withNavigatorLock(fn) {
|
|
407
|
+
if (typeof navigator !== "undefined" && navigator.locks?.request) {
|
|
408
|
+
return navigator.locks.request(LOCK_NAME, fn);
|
|
409
|
+
}
|
|
410
|
+
return fn();
|
|
411
|
+
}
|
|
412
|
+
function tryAcquireStorageLock() {
|
|
413
|
+
if (typeof window === "undefined" || !window.localStorage) {
|
|
414
|
+
return true;
|
|
415
|
+
}
|
|
416
|
+
try {
|
|
417
|
+
const raw = window.localStorage.getItem(STORAGE_LOCK_KEY);
|
|
418
|
+
const now = Date.now();
|
|
419
|
+
if (raw) {
|
|
420
|
+
const ts = Number(raw);
|
|
421
|
+
if (Number.isFinite(ts) && now - ts < LOCK_TTL_MS) {
|
|
422
|
+
return false;
|
|
423
|
+
}
|
|
424
|
+
}
|
|
425
|
+
window.localStorage.setItem(STORAGE_LOCK_KEY, String(now));
|
|
426
|
+
return true;
|
|
427
|
+
} catch {
|
|
428
|
+
return true;
|
|
429
|
+
}
|
|
430
|
+
}
|
|
431
|
+
function releaseStorageLock() {
|
|
432
|
+
if (typeof window === "undefined" || !window.localStorage) {
|
|
433
|
+
return;
|
|
434
|
+
}
|
|
435
|
+
try {
|
|
436
|
+
window.localStorage.removeItem(STORAGE_LOCK_KEY);
|
|
437
|
+
} catch {
|
|
438
|
+
}
|
|
439
|
+
}
|
|
440
|
+
async function waitForStorageLock(maxWaitMs = LOCK_TTL_MS) {
|
|
441
|
+
const start = Date.now();
|
|
442
|
+
while (Date.now() - start < maxWaitMs) {
|
|
443
|
+
if (tryAcquireStorageLock()) {
|
|
444
|
+
return;
|
|
445
|
+
}
|
|
446
|
+
await new Promise((r) => setTimeout(r, 200));
|
|
447
|
+
}
|
|
448
|
+
}
|
|
449
|
+
async function withRefreshLock(fn) {
|
|
450
|
+
return withNavigatorLock(async () => {
|
|
451
|
+
await waitForStorageLock();
|
|
452
|
+
try {
|
|
453
|
+
return await fn();
|
|
454
|
+
} finally {
|
|
455
|
+
releaseStorageLock();
|
|
456
|
+
}
|
|
457
|
+
});
|
|
458
|
+
}
|
|
459
|
+
|
|
310
460
|
// src/main/core/http/token-store.ts
|
|
311
461
|
var accessToken = null;
|
|
312
462
|
var tokenExpiresAt = null;
|
|
@@ -442,6 +592,9 @@ function isRefreshInFlight() {
|
|
|
442
592
|
}
|
|
443
593
|
async function refreshSession(options = {}) {
|
|
444
594
|
const { force = false } = options;
|
|
595
|
+
if (isMfaPendingAccessSession("c") || isMfaPendingAccessSession("a")) {
|
|
596
|
+
return;
|
|
597
|
+
}
|
|
445
598
|
if (!force && lastSuccessfulRefreshAt != null && Date.now() - lastSuccessfulRefreshAt < MIN_PROACTIVE_REFRESH_INTERVAL_MS) {
|
|
446
599
|
return;
|
|
447
600
|
}
|
|
@@ -450,9 +603,8 @@ async function refreshSession(options = {}) {
|
|
|
450
603
|
}
|
|
451
604
|
if (!refreshPromise) {
|
|
452
605
|
refreshPromise = (async () => {
|
|
453
|
-
const { withRefreshLock } = await import('./refresh-lock-JQVP4YOS.js');
|
|
454
606
|
await withRefreshLock(async () => {
|
|
455
|
-
const { getRefreshToken: getRefreshToken2 } = await import('./auth-utils-
|
|
607
|
+
const { getRefreshToken: getRefreshToken2 } = await import('./auth-utils-LT4JXJER.js');
|
|
456
608
|
const refreshToken = getRefreshToken2();
|
|
457
609
|
if (!refreshToken) {
|
|
458
610
|
markRefreshFailed();
|
|
@@ -481,6 +633,9 @@ async function refreshSession(options = {}) {
|
|
|
481
633
|
await refreshPromise;
|
|
482
634
|
}
|
|
483
635
|
async function ensureValidRefresh() {
|
|
636
|
+
if (isMfaPendingAccessSession("c") || isMfaPendingAccessSession("a")) {
|
|
637
|
+
return;
|
|
638
|
+
}
|
|
484
639
|
if (!isExpiresAccessToken()) {
|
|
485
640
|
return;
|
|
486
641
|
}
|
|
@@ -621,6 +776,15 @@ function getRefreshToken() {
|
|
|
621
776
|
}
|
|
622
777
|
return null;
|
|
623
778
|
}
|
|
779
|
+
function clearRefreshToken() {
|
|
780
|
+
const key = getStorageKeys().refreshToken;
|
|
781
|
+
if (key) {
|
|
782
|
+
removeCookie(key);
|
|
783
|
+
}
|
|
784
|
+
if (isIframeStorageMode()) {
|
|
785
|
+
writeIframeRefreshToken("", 0);
|
|
786
|
+
}
|
|
787
|
+
}
|
|
624
788
|
function getPortal() {
|
|
625
789
|
return parseCookieJson(getStorageKeys().portal);
|
|
626
790
|
}
|
|
@@ -628,6 +792,6 @@ function getSubscriptionType() {
|
|
|
628
792
|
return parseCookieJson(getStorageKeys().subscriptionType);
|
|
629
793
|
}
|
|
630
794
|
|
|
631
|
-
export { DEV_API_URL, DEV_PORTAL_ID, HUBSPOT_DATA, HUB_ID, clearAccessToken, clearSessionRefreshExhaustedState, config, configureLogger, didLastRefreshFail, ensureValidRefresh, getAccessToken, getPortal, getProfile, getRefreshToken, getSubscriptionType, hasRefreshSession, hasValidAccessToken, hydrateSessionRefreshState, isAccessTokenExpired, isAuthenticateApp, isAuthenticated, isExpiresAccessToken, isHttpTracingEnabled, isRefreshInFlight, isSessionRefreshExhausted, logger, refreshSession, resetSessionAuthState, sanitizeAxiosErrorData, setAccessToken, setConfig, setIframeStorageMode, setLoggedInDetails, setPortal, setProfileDetails, setRefreshBufferSeconds, setRefreshCallback, setRefreshToken, setRuntimeHttpClientHubContext, setSessionLifecycleListener, setSubscriptionType, storAccessToken, storage };
|
|
632
|
-
//# sourceMappingURL=chunk-
|
|
633
|
-
//# sourceMappingURL=chunk-
|
|
795
|
+
export { DEV_API_URL, DEV_PORTAL_ID, HUBSPOT_DATA, HUB_ID, clearAccessToken, clearMfaPendingAccessToken, clearRefreshToken, clearSessionRefreshExhaustedState, config, configureLogger, didLastRefreshFail, ensureValidRefresh, getAccessToken, getPortal, getProfile, getRefreshToken, getSubscriptionType, hasRefreshSession, hasValidAccessToken, hydrateMfaPendingAccessToken, hydrateSessionRefreshState, isAccessTokenExpired, isAuthenticateApp, isAuthenticated, isExpiresAccessToken, isHttpTracingEnabled, isMfaPendingAccessSession, isRefreshInFlight, isSessionRefreshExhausted, logger, readMfaPendingAccessToken, refreshSession, resetSessionAuthState, sanitizeAxiosErrorData, setAccessToken, setConfig, setIframeStorageMode, setLoggedInDetails, setPortal, setProfileDetails, setRefreshBufferSeconds, setRefreshCallback, setRefreshToken, setRuntimeHttpClientHubContext, setSessionLifecycleListener, setSubscriptionType, storAccessToken, storage, storeMfaPendingAccessToken };
|
|
796
|
+
//# sourceMappingURL=chunk-5NONTYJA.js.map
|
|
797
|
+
//# sourceMappingURL=chunk-5NONTYJA.js.map
|