plume/.next/server/chunks/Documents_00 - projet_plumeia_bfccc792._.js

module.exports=[18108,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={ActionDidNotRevalidate:function(){return i},ActionDidRevalidateDynamicOnly:function(){return s},ActionDidRevalidateStaticAndDynamic:function(){return o}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i=0,o=1,s=2},30568,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={MutableRequestCookiesAdapter:function(){return f},ReadonlyRequestCookiesError:function(){return l},RequestCookiesAdapter:function(){return u},appendMutableCookies:function(){return h},areCookiesMutableInCurrentPhase:function(){return m},createCookiesWithMutableAccessCheck:function(){return y},getModifiedCookieValues:function(){return p},responseCookiesToRequestCookies:function(){return w}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i=e.r(46518),o=e.r(71614),s=e.r(56704),c=e.r(18108);class l extends Error{constructor(){super("Cookies can only be modified in a Server Action or Route Handler. Read more: https://nextjs.org/docs/app/api-reference/functions/cookies#options")}static callable(){throw new l}}class u{static seal(e){return new Proxy(e,{get(e,t,r){switch(t){case"clear":case"delete":case"set":return l.callable;default:return o.ReflectAdapter.get(e,t,r)}}})}}let d=Symbol.for("next.mutated.cookies");function p(e){let t=e[d];return t&&Array.isArray(t)&&0!==t.length?t:[]}function h(e,t){let r=p(t);if(0===r.length)return!1;let n=new i.ResponseCookies(e),a=n.getAll();for(let e of r)n.set(e);for(let e of a)n.set(e);return!0}class f{static wrap(e,t){let r=new i.ResponseCookies(new Headers);for(let t of e.getAll())r.set(t);let n=[],a=new Set,l=()=>{let e=s.workAsyncStorage.getStore();if(e&&(e.pathWasRevalidated=c.ActionDidRevalidateStaticAndDynamic),n=r.getAll().filter(e=>a.has(e.name)),t){let e=[];for(let t of n){let r=new i.ResponseCookies(new Headers);r.set(t),e.push(r.toString())}t(e)}},u=new Proxy(r,{get(e,t,r){switch(t){case d:return n;case"delete":return function(...t){a.add("string"==typeof t[0]?t[0]:t[0].name);try{return e.delete(...t),u}finally{l()}};case"set":return function(...t){a.add("string"==typeof t[0]?t[0]:t[0].name);try{return e.set(...t),u}finally{l()}};default:return o.ReflectAdapter.get(e,t,r)}}});return u}}function y(e){let t=new Proxy(e.mutableCookies,{get(r,n,a){switch(n){case"delete":return function(...n){return g(e,"cookies().delete"),r.delete(...n),t};case"set":return function(...n){return g(e,"cookies().set"),r.set(...n),t};default:return o.ReflectAdapter.get(r,n,a)}}});return t}function m(e){return"action"===e.phase}function g(e,t){if(!m(e))throw new l}function w(e){let t=new i.RequestCookies(new Headers);for(let r of e.getAll())t.set(r);return t}},14546,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"createDedupedByCallsiteServerErrorLoggerDev",{enumerable:!0,get:function(){return c}});let n=function(e,t){if(e&&e.__esModule)return e;if(null===e||"object"!=typeof e&&"function"!=typeof e)return{default:e};var r=a(void 0);if(r&&r.has(e))return r.get(e);var n={__proto__:null},i=Object.defineProperty&&Object.getOwnPropertyDescriptor;for(var o in e)if("default"!==o&&Object.prototype.hasOwnProperty.call(e,o)){var s=i?Object.getOwnPropertyDescriptor(e,o):null;s&&(s.get||s.set)?Object.defineProperty(n,o,s):n[o]=e[o]}return n.default=e,r&&r.set(e,n),n}(e.r(4577));function a(e){if("function"!=typeof WeakMap)return null;var t=new WeakMap,r=new WeakMap;return(a=function(e){return e?r:t})(e)}let i={current:null},o="function"==typeof n.cache?n.cache:e=>e,s=console.warn;function c(e){return function(...t){s(e(...t))}}o(e=>{try{s(i.current)}finally{i.current=null}})},85169,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"cookies",{enumerable:!0,get:function(){return h}});let n=e.r(30568),a=e.r(46518),i=e.r(56704),o=e.r(32319),s=e.r(920),c=e.r(26629),l=e.r(35579),u=e.r(14546),d=e.r(72567),p=e.r(57814);function h(){let e="cookies",t=i.workAsyncStorage.getStore(),r=o.workUnitAsyncStorage.getStore();if(t){if(r&&"after"===r.phase&&!(0,d.isRequestAPICallableInsideAfter)())throw Object.defineProperty(Error(`Route ${t.route} used \`cookies()\` inside \`after()\`. This is not supported. If you need this data inside an \`after()\` callback, use \`cookies()\` outside of the callback. See more info here: https://nextjs.org/docs/canary/app/api-reference/functions/after`),"__NEXT_ERROR_CODE",{value:"E843",enumerable:!1,configurable:!0});if(t.forceStatic)return y(n.RequestCookiesAdapter.seal(new a.RequestCookies(new Headers({}))));if(t.dynamicShouldError)throw Object.defineProperty(new c.StaticGenBailoutError(`Route ${t.route} with \`dynamic = "error"\` couldn't be rendered statically because it used \`cookies()\`. See more info here: https://nextjs.org/docs/app/building-your-application/rendering/static-and-dynamic#dynamic-rendering`),"__NEXT_ERROR_CODE",{value:"E849",enumerable:!1,configurable:!0});if(r)switch(r.type){case"cache":let i=Object.defineProperty(Error(`Route ${t.route} used \`cookies()\` inside "use cache". Accessing Dynamic data sources inside a cache scope is not supported. If you need this data inside a cached function use \`cookies()\` outside of the cached function and pass the required dynamic data in as an argument. See more info here: https://nextjs.org/docs/messages/next-request-in-use-cache`),"__NEXT_ERROR_CODE",{value:"E831",enumerable:!1,configurable:!0});throw Error.captureStackTrace(i,h),t.invalidDynamicUsageError??=i,i;case"unstable-cache":throw Object.defineProperty(Error(`Route ${t.route} used \`cookies()\` inside a function cached with \`unstable_cache()\`. Accessing Dynamic data sources inside a cache scope is not supported. If you need this data inside a cached function use \`cookies()\` outside of the cached function and pass the required dynamic data in as an argument. See more info here: https://nextjs.org/docs/app/api-reference/functions/unstable_cache`),"__NEXT_ERROR_CODE",{value:"E846",enumerable:!1,configurable:!0});case"prerender":var u=t,m=r;let o=f.get(m);if(o)return o;let g=(0,l.makeHangingPromise)(m.renderSignal,u.route,"`cookies()`");return f.set(m,g),g;case"prerender-client":let w="`cookies`";throw Object.defineProperty(new p.InvariantError(`${w} must not be used within a Client Component. Next.js should be preventing ${w} from being included in Client Components statically, but did not in this case.`),"__NEXT_ERROR_CODE",{value:"E832",enumerable:!1,configurable:!0});case"prerender-ppr":return(0,s.postponeWithTracking)(t.route,e,r.dynamicTracking);case"prerender-legacy":return(0,s.throwToInterruptStaticGeneration)(e,t,r);case"prerender-runtime":return(0,s.delayUntilRuntimeStage)(r,y(r.cookies));case"private-cache":return y(r.cookies);case"request":return(0,s.trackDynamicDataInDynamicRender)(r),y((0,n.areCookiesMutableInCurrentPhase)(r)?r.userspaceMutableCookies:r.cookies)}}(0,o.throwForMissingRequestStore)(e)}e.r(96815);let f=new WeakMap;function y(e){let t=f.get(e);if(t)return t;let r=Promise.resolve(e);return f.set(e,r),r}(0,u.createDedupedByCallsiteServerErrorLoggerDev)(function(e,t){let r=e?`Route "${e}" `:"This route ";return Object.defineProperty(Error(`${r}used ${t}. \`cookies()\` returns a Promise and must be unwrapped with \`await\` or \`React.use()\` before accessing its properties. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis`),"__NEXT_ERROR_CODE",{value:"E830",enumerable:!1,configurable:!0})})},1849,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={HeadersAdapter:function(){return s},ReadonlyHeadersError:function(){return o}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i=e.r(71614);class o extends Error{constructor(){super("Headers cannot be modified. Read more: https://nextjs.org/docs/app/api-reference/functions/headers")}static callable(){throw new o}}class s extends Headers{constructor(e){super(),this.headers=new Proxy(e,{get(t,r,n){if("symbol"==typeof r)return i.ReflectAdapter.get(t,r,n);let a=r.toLowerCase(),o=Object.keys(e).find(e=>e.toLowerCase()===a);if(void 0!==o)return i.ReflectAdapter.get(t,o,n)},set(t,r,n,a){if("symbol"==typeof r)return i.ReflectAdapter.set(t,r,n,a);let o=r.toLowerCase(),s=Object.keys(e).find(e=>e.toLowerCase()===o);return i.ReflectAdapter.set(t,s??r,n,a)},has(t,r){if("symbol"==typeof r)return i.ReflectAdapter.has(t,r);let n=r.toLowerCase(),a=Object.keys(e).find(e=>e.toLowerCase()===n);return void 0!==a&&i.ReflectAdapter.has(t,a)},deleteProperty(t,r){if("symbol"==typeof r)return i.ReflectAdapter.deleteProperty(t,r);let n=r.toLowerCase(),a=Object.keys(e).find(e=>e.toLowerCase()===n);return void 0===a||i.ReflectAdapter.deleteProperty(t,a)}})}static seal(e){return new Proxy(e,{get(e,t,r){switch(t){case"append":case"delete":case"set":return o.callable;default:return i.ReflectAdapter.get(e,t,r)}}})}merge(e){return Array.isArray(e)?e.join(", "):e}static from(e){return e instanceof Headers?e:new s(e)}append(e,t){let r=this.headers[e];"string"==typeof r?this.headers[e]=[r,t]:Array.isArray(r)?r.push(t):this.headers[e]=t}delete(e){delete this.headers[e]}get(e){let t=this.headers[e];return void 0!==t?this.merge(t):null}has(e){return void 0!==this.headers[e]}set(e,t){this.headers[e]=t}forEach(e,t){for(let[r,n]of this.entries())e.call(t,n,r,this)}*entries(){for(let e of Object.keys(this.headers)){let t=e.toLowerCase(),r=this.get(t);yield[t,r]}}*keys(){for(let e of Object.keys(this.headers)){let t=e.toLowerCase();yield t}}*values(){for(let e of Object.keys(this.headers)){let t=this.get(e);yield t}}[Symbol.iterator](){return this.entries()}}},2397,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"headers",{enumerable:!0,get:function(){return p}});let n=e.r(1849),a=e.r(56704),i=e.r(32319),o=e.r(920),s=e.r(26629),c=e.r(35579),l=e.r(14546),u=e.r(72567),d=e.r(57814);function p(){let e="headers",t=a.workAsyncStorage.getStore(),r=i.workUnitAsyncStorage.getStore();if(t){if(r&&"after"===r.phase&&!(0,u.isRequestAPICallableInsideAfter)())throw Object.defineProperty(Error(`Route ${t.route} used \`headers()\` inside \`after()\`. This is not supported. If you need this data inside an \`after()\` callback, use \`headers()\` outside of the callback. See more info here: https://nextjs.org/docs/canary/app/api-reference/functions/after`),"__NEXT_ERROR_CODE",{value:"E839",enumerable:!1,configurable:!0});if(t.forceStatic)return f(n.HeadersAdapter.seal(new Headers({})));if(r)switch(r.type){case"cache":{let e=Object.defineProperty(Error(`Route ${t.route} used \`headers()\` inside "use cache". Accessing Dynamic data sources inside a cache scope is not supported. If you need this data inside a cached function use \`headers()\` outside of the cached function and pass the required dynamic data in as an argument. See more info here: https://nextjs.org/docs/messages/next-request-in-use-cache`),"__NEXT_ERROR_CODE",{value:"E833",enumerable:!1,configurable:!0});throw Error.captureStackTrace(e,p),t.invalidDynamicUsageError??=e,e}case"unstable-cache":throw Object.defineProperty(Error(`Route ${t.route} used \`headers()\` inside a function cached with \`unstable_cache()\`. Accessing Dynamic data sources inside a cache scope is not supported. If you need this data inside a cached function use \`headers()\` outside of the cached function and pass the required dynamic data in as an argument. See more info here: https://nextjs.org/docs/app/api-reference/functions/unstable_cache`),"__NEXT_ERROR_CODE",{value:"E838",enumerable:!1,configurable:!0})}if(t.dynamicShouldError)throw Object.defineProperty(new s.StaticGenBailoutError(`Route ${t.route} with \`dynamic = "error"\` couldn't be rendered statically because it used \`headers()\`. See more info here: https://nextjs.org/docs/app/building-your-application/rendering/static-and-dynamic#dynamic-rendering`),"__NEXT_ERROR_CODE",{value:"E828",enumerable:!1,configurable:!0});if(r)switch(r.type){case"prerender":var l=t,y=r;let a=h.get(y);if(a)return a;let i=(0,c.makeHangingPromise)(y.renderSignal,l.route,"`headers()`");return h.set(y,i),i;case"prerender-client":let m="`headers`";throw Object.defineProperty(new d.InvariantError(`${m} must not be used within a client component. Next.js should be preventing ${m} from being included in client components statically, but did not in this case.`),"__NEXT_ERROR_CODE",{value:"E693",enumerable:!1,configurable:!0});case"prerender-ppr":return(0,o.postponeWithTracking)(t.route,e,r.dynamicTracking);case"prerender-legacy":return(0,o.throwToInterruptStaticGeneration)(e,t,r);case"prerender-runtime":return(0,o.delayUntilRuntimeStage)(r,f(r.headers));case"private-cache":return f(r.headers);case"request":return(0,o.trackDynamicDataInDynamicRender)(r),f(r.headers)}}(0,i.throwForMissingRequestStore)(e)}e.r(96815);let h=new WeakMap;function f(e){let t=h.get(e);if(t)return t;let r=Promise.resolve(e);return h.set(e,r),r}(0,l.createDedupedByCallsiteServerErrorLoggerDev)(function(e,t){let r=e?`Route "${e}" `:"This route ";return Object.defineProperty(Error(`${r}used ${t}. \`headers()\` returns a Promise and must be unwrapped with \`await\` or \`React.use()\` before accessing its properties. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis`),"__NEXT_ERROR_CODE",{value:"E836",enumerable:!1,configurable:!0})})},35156,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"draftMode",{enumerable:!0,get:function(){return u}});let n=e.r(32319),a=e.r(56704),i=e.r(920),o=e.r(14546),s=e.r(26629),c=e.r(64234),l=e.r(57814);function u(){let e=a.workAsyncStorage.getStore(),t=n.workUnitAsyncStorage.getStore();switch((!e||!t)&&(0,n.throwForMissingRequestStore)("draftMode"),t.type){case"prerender-runtime":return(0,i.delayUntilRuntimeStage)(t,d(t.draftMode,e));case"request":return d(t.draftMode,e);case"cache":case"private-cache":case"unstable-cache":let r=(0,n.getDraftModeProviderForCacheScope)(e,t);if(r)return d(r,e);case"prerender":case"prerender-client":case"prerender-ppr":case"prerender-legacy":return d(null,e);default:return t}}function d(e,t){let r=h.get(e??p);return r||Promise.resolve(new f(e))}e.r(71614);let p={},h=new WeakMap;class f{constructor(e){this._provider=e}get isEnabled(){return null!==this._provider&&this._provider.isEnabled}enable(){y("draftMode().enable()",this.enable),null!==this._provider&&this._provider.enable()}disable(){y("draftMode().disable()",this.disable),null!==this._provider&&this._provider.disable()}}function y(e,t){let r=a.workAsyncStorage.getStore(),o=n.workUnitAsyncStorage.getStore();if(r){if((null==o?void 0:o.phase)==="after")throw Object.defineProperty(Error(`Route ${r.route} used "${e}" inside \`after()\`. The enabled status of \`draftMode()\` can be read inside \`after()\` but you cannot enable or disable \`draftMode()\`. See more info here: https://nextjs.org/docs/app/api-reference/functions/after`),"__NEXT_ERROR_CODE",{value:"E845",enumerable:!1,configurable:!0});if(r.dynamicShouldError)throw Object.defineProperty(new s.StaticGenBailoutError(`Route ${r.route} with \`dynamic = "error"\` couldn't be rendered statically because it used \`${e}\`. See more info here: https://nextjs.org/docs/app/building-your-application/rendering/static-and-dynamic#dynamic-rendering`),"__NEXT_ERROR_CODE",{value:"E553",enumerable:!1,configurable:!0});if(o)switch(o.type){case"cache":case"private-cache":{let n=Object.defineProperty(Error(`Route ${r.route} used "${e}" inside "use cache". The enabled status of \`draftMode()\` can be read in caches but you must not enable or disable \`draftMode()\` inside a cache. See more info here: https://nextjs.org/docs/messages/next-request-in-use-cache`),"__NEXT_ERROR_CODE",{value:"E829",enumerable:!1,configurable:!0});throw Error.captureStackTrace(n,t),r.invalidDynamicUsageError??=n,n}case"unstable-cache":throw Object.defineProperty(Error(`Route ${r.route} used "${e}" inside a function cached with \`unstable_cache()\`. The enabled status of \`draftMode()\` can be read in caches but you must not enable or disable \`draftMode()\` inside a cache. See more info here: https://nextjs.org/docs/app/api-reference/functions/unstable_cache`),"__NEXT_ERROR_CODE",{value:"E844",enumerable:!1,configurable:!0});case"prerender":case"prerender-runtime":{let t=Object.defineProperty(Error(`Route ${r.route} used ${e} without first calling \`await connection()\`. See more info here: https://nextjs.org/docs/messages/next-prerender-sync-headers`),"__NEXT_ERROR_CODE",{value:"E126",enumerable:!1,configurable:!0});return(0,i.abortAndThrowOnSynchronousRequestDataAccess)(r.route,e,t,o)}case"prerender-client":let n="`draftMode`";throw Object.defineProperty(new l.InvariantError(`${n} must not be used within a Client Component. Next.js should be preventing ${n} from being included in Client Components statically, but did not in this case.`),"__NEXT_ERROR_CODE",{value:"E832",enumerable:!1,configurable:!0});case"prerender-ppr":return(0,i.postponeWithTracking)(r.route,e,o.dynamicTracking);case"prerender-legacy":o.revalidate=0;let a=Object.defineProperty(new c.DynamicServerError(`Route ${r.route} couldn't be rendered statically because it used \`${e}\`. See more info here: https://nextjs.org/docs/messages/dynamic-server-error`),"__NEXT_ERROR_CODE",{value:"E558",enumerable:!1,configurable:!0});throw r.dynamicUsageDescription=e,r.dynamicUsageStack=a.stack,a;case"request":(0,i.trackDynamicDataInDynamicRender)(o)}}}(0,o.createDedupedByCallsiteServerErrorLoggerDev)(function(e,t){let r=e?`Route "${e}" `:"This route ";return Object.defineProperty(Error(`${r}used ${t}. \`draftMode()\` returns a Promise and must be unwrapped with \`await\` or \`React.use()\` before accessing its properties. Learn more: https://nextjs.org/docs/messages/sync-dynamic-apis`),"__NEXT_ERROR_CODE",{value:"E835",enumerable:!1,configurable:!0})})},29212,(e,t,r)=>{t.exports.cookies=e.r(85169).cookies,t.exports.headers=e.r(2397).headers,t.exports.draftMode=e.r(35156).draftMode},48969,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"ReadonlyURLSearchParams",{enumerable:!0,get:function(){return a}});class n extends Error{constructor(){super("Method unavailable on `ReadonlyURLSearchParams`. Read more: https://nextjs.org/docs/app/api-reference/functions/use-search-params#updating-searchparams")}}class a extends URLSearchParams{append(){throw new n}delete(){throw new n}set(){throw new n}sort(){throw new n}}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},95728,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"RedirectStatusCode",{enumerable:!0,get:function(){return a}});var n,a=((n={})[n.SeeOther=303]="SeeOther",n[n.TemporaryRedirect=307]="TemporaryRedirect",n[n.PermanentRedirect=308]="PermanentRedirect",n);("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},43847,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n,a={REDIRECT_ERROR_CODE:function(){return s},RedirectType:function(){return c},isRedirectError:function(){return l}};for(var i in a)Object.defineProperty(r,i,{enumerable:!0,get:a[i]});let o=e.r(95728),s="NEXT_REDIRECT";var c=((n={}).push="push",n.replace="replace",n);function l(e){if("object"!=typeof e||null===e||!("digest"in e)||"string"!=typeof e.digest)return!1;let t=e.digest.split(";"),[r,n]=t,a=t.slice(2,-2).join(";"),i=Number(t.at(-2));return r===s&&("replace"===n||"push"===n)&&"string"==typeof a&&!isNaN(i)&&i in o.RedirectStatusCode}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},38114,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={getRedirectError:function(){return c},getRedirectStatusCodeFromError:function(){return h},getRedirectTypeFromError:function(){return p},getURLFromRedirectError:function(){return d},permanentRedirect:function(){return u},redirect:function(){return l}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i=e.r(95728),o=e.r(43847),s=e.r(20635).actionAsyncStorage;function c(e,t,r=i.RedirectStatusCode.TemporaryRedirect){let n=Object.defineProperty(Error(o.REDIRECT_ERROR_CODE),"__NEXT_ERROR_CODE",{value:"E394",enumerable:!1,configurable:!0});return n.digest=`${o.REDIRECT_ERROR_CODE};${t};${e};${r};`,n}function l(e,t){throw c(e,t??=s?.getStore()?.isAction?o.RedirectType.push:o.RedirectType.replace,i.RedirectStatusCode.TemporaryRedirect)}function u(e,t=o.RedirectType.replace){throw c(e,t,i.RedirectStatusCode.PermanentRedirect)}function d(e){return(0,o.isRedirectError)(e)?e.digest.split(";").slice(2,-2).join(";"):null}function p(e){if(!(0,o.isRedirectError)(e))throw Object.defineProperty(Error("Not a redirect error"),"__NEXT_ERROR_CODE",{value:"E260",enumerable:!1,configurable:!0});return e.digest.split(";",2)[1]}function h(e){if(!(0,o.isRedirectError)(e))throw Object.defineProperty(Error("Not a redirect error"),"__NEXT_ERROR_CODE",{value:"E260",enumerable:!1,configurable:!0});return Number(e.digest.split(";").at(-2))}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},42292,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={HTTPAccessErrorStatus:function(){return i},HTTP_ERROR_FALLBACK_ERROR_CODE:function(){return s},getAccessFallbackErrorTypeByStatus:function(){return u},getAccessFallbackHTTPStatus:function(){return l},isHTTPAccessFallbackError:function(){return c}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i={NOT_FOUND:404,FORBIDDEN:403,UNAUTHORIZED:401},o=new Set(Object.values(i)),s="NEXT_HTTP_ERROR_FALLBACK";function c(e){if("object"!=typeof e||null===e||!("digest"in e)||"string"!=typeof e.digest)return!1;let[t,r]=e.digest.split(";");return t===s&&o.has(Number(r))}function l(e){return Number(e.digest.split(";")[1])}function u(e){switch(e){case 401:return"unauthorized";case 403:return"forbidden";case 404:return"not-found";default:return}}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},15084,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"notFound",{enumerable:!0,get:function(){return i}});let n=e.r(42292),a=`${n.HTTP_ERROR_FALLBACK_ERROR_CODE};404`;function i(){let e=Object.defineProperty(Error(a),"__NEXT_ERROR_CODE",{value:"E394",enumerable:!1,configurable:!0});throw e.digest=a,e}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},83219,(e,t,r)=>{"use strict";function n(){throw Object.defineProperty(Error("`forbidden()` is experimental and only allowed to be enabled when `experimental.authInterrupts` is enabled."),"__NEXT_ERROR_CODE",{value:"E488",enumerable:!1,configurable:!0})}Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"forbidden",{enumerable:!0,get:function(){return n}}),e.r(42292).HTTP_ERROR_FALLBACK_ERROR_CODE,("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},58941,(e,t,r)=>{"use strict";function n(){throw Object.defineProperty(Error("`unauthorized()` is experimental and only allowed to be used when `experimental.authInterrupts` is enabled."),"__NEXT_ERROR_CODE",{value:"E411",enumerable:!1,configurable:!0})}Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"unauthorized",{enumerable:!0,get:function(){return n}}),e.r(42292).HTTP_ERROR_FALLBACK_ERROR_CODE,("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},71325,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"isPostpone",{enumerable:!0,get:function(){return a}});let n=Symbol.for("react.postpone");function a(e){return"object"==typeof e&&null!==e&&e.$$typeof===n}},89727,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"isNextRouterError",{enumerable:!0,get:function(){return i}});let n=e.r(42292),a=e.r(43847);function i(e){return(0,a.isRedirectError)(e)||(0,n.isHTTPAccessFallbackError)(e)}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},28252,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"unstable_rethrow",{enumerable:!0,get:function(){return function e(t){if((0,o.isNextRouterError)(t)||(0,i.isBailoutToCSRError)(t)||(0,c.isDynamicServerError)(t)||(0,s.isDynamicPostpone)(t)||(0,a.isPostpone)(t)||(0,n.isHangingPromiseRejectionError)(t)||(0,s.isPrerenderInterruptedError)(t))throw t;t instanceof Error&&"cause"in t&&e(t.cause)}}});let n=e.r(35579),a=e.r(71325),i=e.r(41768),o=e.r(89727),s=e.r(920),c=e.r(64234);("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},12092,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0}),Object.defineProperty(r,"unstable_rethrow",{enumerable:!0,get:function(){return n}});let n=e.r(28252).unstable_rethrow;("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},85644,(e,t,r)=>{"use strict";Object.defineProperty(r,"__esModule",{value:!0});var n={ReadonlyURLSearchParams:function(){return i.ReadonlyURLSearchParams},RedirectType:function(){return s.RedirectType},forbidden:function(){return l.forbidden},notFound:function(){return c.notFound},permanentRedirect:function(){return o.permanentRedirect},redirect:function(){return o.redirect},unauthorized:function(){return u.unauthorized},unstable_isUnrecognizedActionError:function(){return p},unstable_rethrow:function(){return d.unstable_rethrow}};for(var a in n)Object.defineProperty(r,a,{enumerable:!0,get:n[a]});let i=e.r(48969),o=e.r(38114),s=e.r(43847),c=e.r(15084),l=e.r(83219),u=e.r(58941),d=e.r(12092);function p(){throw Object.defineProperty(Error("`unstable_isUnrecognizedActionError` can only be used on the client."),"__NEXT_ERROR_CODE",{value:"E776",enumerable:!1,configurable:!0})}("function"==typeof r.default||"object"==typeof r.default&&null!==r.default)&&void 0===r.default.__esModule&&(Object.defineProperty(r.default,"__esModule",{value:!0}),Object.assign(r.default,r),t.exports=r.default)},50508,e=>{"use strict";let t,r,n,a,i,o;var s=function(e,t,r,n,a){if("m"===n)throw TypeError("Private method is not writable");if("a"===n&&!a)throw TypeError("Private accessor was defined without a setter");if("function"==typeof t?e!==t||!a:!t.has(e))throw TypeError("Cannot write private member to an object whose class did not declare it");return"a"===n?a.call(e,r):a?a.value=r:t.set(e,r),r},c=function(e,t,r,n){if("a"===r&&!n)throw TypeError("Private accessor was defined without a getter");if("function"==typeof t?e!==t||!n:!t.has(e))throw TypeError("Cannot read private member from an object whose class did not declare it");return"m"===r?n:"a"===r?n.call(e):n?n.value:t.get(e)};function l(e){let t=e?"__Secure-":"";return{sessionToken:{name:`${t}authjs.session-token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e}},callbackUrl:{name:`${t}authjs.callback-url`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e}},csrfToken:{name:`${e?"__Host-":""}authjs.csrf-token`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e}},pkceCodeVerifier:{name:`${t}authjs.pkce.code_verifier`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e,maxAge:900}},state:{name:`${t}authjs.state`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e,maxAge:900}},nonce:{name:`${t}authjs.nonce`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e}},webauthnChallenge:{name:`${t}authjs.challenge`,options:{httpOnly:!0,sameSite:"lax",path:"/",secure:e,maxAge:900}}}}class u{constructor(e,t,r){if(rc.add(this),rl.set(this,{}),ru.set(this,void 0),rd.set(this,void 0),s(this,rd,r,"f"),s(this,ru,e,"f"),!t)return;const{name:n}=e;for(const[e,r]of Object.entries(t))e.startsWith(n)&&r&&(c(this,rl,"f")[e]=r)}get value(){return Object.keys(c(this,rl,"f")).sort((e,t)=>parseInt(e.split(".").pop()||"0")-parseInt(t.split(".").pop()||"0")).map(e=>c(this,rl,"f")[e]).join("")}chunk(e,t){let r=c(this,rc,"m",rh).call(this);for(let n of c(this,rc,"m",rp).call(this,{name:c(this,ru,"f").name,value:e,options:{...c(this,ru,"f").options,...t}}))r[n.name]=n;return Object.values(r)}clean(){return Object.values(c(this,rc,"m",rh).call(this))}}rl=new WeakMap,ru=new WeakMap,rd=new WeakMap,rc=new WeakSet,rp=function(e){let t=Math.ceil(e.value.length/3936);if(1===t)return c(this,rl,"f")[e.name]=e.value,[e];let r=[];for(let n=0;n<t;n++){let t=`${e.name}.${n}`,a=e.value.substr(3936*n,3936);r.push({...e,name:t,value:a}),c(this,rl,"f")[t]=a}return c(this,rd,"f").debug("CHUNKING_SESSION_COOKIE",{message:"Session cookie exceeds allowed 4096 bytes.",emptyCookieSize:160,valueSize:e.value.length,chunks:r.map(e=>e.value.length+160)}),r},rh=function(){let e={};for(let t in c(this,rl,"f"))delete c(this,rl,"f")?.[t],e[t]={name:t,value:"",options:{...c(this,ru,"f").options,maxAge:0}};return e};class d extends Error{constructor(e,t){e instanceof Error?super(void 0,{cause:{err:e,...e.cause,...t}}):"string"==typeof e?(t instanceof Error&&(t={err:t,...t.cause}),super(e,t)):super(void 0,e),this.name=this.constructor.name,this.type=this.constructor.type??"AuthError",this.kind=this.constructor.kind??"error",Error.captureStackTrace?.(this,this.constructor);const r=`https://errors.authjs.dev#${this.type.toLowerCase()}`;this.message+=`${this.message?". ":""}Read more at ${r}`}}class p extends d{}p.kind="signIn";class h extends d{}h.type="AdapterError";class f extends d{}f.type="AccessDenied";class y extends d{}y.type="CallbackRouteError";class m extends d{}m.type="ErrorPageLoop";class g extends d{}g.type="EventError";class w extends d{}w.type="InvalidCallbackUrl";class b extends p{constructor(){super(...arguments),this.code="credentials"}}b.type="CredentialsSignin";class _ extends d{}_.type="InvalidEndpoints";class v extends d{}v.type="InvalidCheck";class k extends d{}k.type="JWTSessionError";class E extends d{}E.type="MissingAdapter";class A extends d{}A.type="MissingAdapterMethods";class S extends d{}S.type="MissingAuthorize";class R extends d{}R.type="MissingSecret";class x extends p{}x.type="OAuthAccountNotLinked";class T extends p{}T.type="OAuthCallbackError";class P extends d{}P.type="OAuthProfileParseError";class C extends d{}C.type="SessionTokenError";class O extends d{}O.type="SignOutError";class U extends d{}U.type="UnknownAction";class j extends d{}j.type="UnsupportedStrategy";class $ extends d{}$.type="InvalidProvider";class I extends d{}I.type="UntrustedHost";class H extends d{}H.type="Verification";class D extends p{}D.type="MissingCSRF";let W=new Set(["CredentialsSignin","OAuthAccountNotLinked","OAuthCallbackError","AccessDenied","Verification","MissingCSRF","AccountNotLinked","WebAuthnVerificationError"]);class K extends d{}K.type="DuplicateConditionalUI";class M extends d{}M.type="MissingWebAuthnAutocomplete";class L extends d{}L.type="WebAuthnVerificationError";class N extends p{}N.type="AccountNotLinked";class J extends d{}J.type="ExperimentalFeatureNotEnabled";let B=!1;function z(e,t){try{return/^https?:/.test(new URL(e,e.startsWith("/")?t:void 0).protocol)}catch{return!1}}let F=!1,q=!1,V=!1,G=["createVerificationToken","useVerificationToken","getUserByEmail"],X=["createUser","getUser","getUserByEmail","getUserByAccount","updateUser","linkAccount","createSession","getSessionAndUser","updateSession","deleteSession"],Z=["createUser","getUser","linkAccount","getAccount","getAuthenticator","createAuthenticator","listAuthenticatorsByUserId","updateAuthenticatorCounter"];var Y=e.i(54799);"function"!=typeof Y.hkdf||process.versions.electron||(t=async(...e)=>new Promise((t,r)=>{Y.hkdf(...e,(e,n)=>{e?r(e):t(new Uint8Array(n))})}));let Q=async(e,r,n,a,i)=>(t||((e,t,r,n,a)=>{let i=parseInt(e.substr(3),10)>>3||20,o=(0,Y.createHmac)(e,r.byteLength?r:new Uint8Array(i)).update(t).digest(),s=Math.ceil(a/i),c=new Uint8Array(i*s+n.byteLength+1),l=0,u=0;for(let t=1;t<=s;t++)c.set(n,u),c[u+n.byteLength]=t,c.set((0,Y.createHmac)(e,o).update(c.subarray(l,u+n.byteLength+1)).digest(),u),l=u,u+=i;return c.slice(0,a)}))(e,r,n,a,i);function ee(e,t){if("string"==typeof e)return new TextEncoder().encode(e);if(!(e instanceof Uint8Array))throw TypeError(`"${t}"" must be an instance of Uint8Array or a string`);return e}async function et(e,t,r,n,a){return Q(function(e){switch(e){case"sha256":case"sha384":case"sha512":case"sha1":return e;default:throw TypeError('unsupported "digest" value')}}(e),function(e){let t=ee(e,"ikm");if(!t.byteLength)throw TypeError('"ikm" must be at least one byte in length');return t}(t),ee(r,"salt"),function(e){let t=ee(e,"info");if(t.byteLength>1024)throw TypeError('"info" must not contain more than 1024 bytes');return t}(n),function(e,t){if("number"!=typeof e||!Number.isInteger(e)||e<1)throw TypeError('"keylen" must be a positive integer');if(e>255*(parseInt(t.substr(3),10)>>3||20))throw TypeError('"keylen" too large');return e}(a,e))}let er=new TextEncoder,en=new TextDecoder;function ea(...e){let t=new Uint8Array(e.reduce((e,{length:t})=>e+t,0)),r=0;for(let n of e)t.set(n,r),r+=n.length;return t}function ei(e,t,r){if(t<0||t>=0x100000000)throw RangeError(`value must be >= 0 and <= ${0x100000000-1}. Received ${t}`);e.set([t>>>24,t>>>16,t>>>8,255&t],r)}function eo(e){let t=Math.floor(e/0x100000000),r=new Uint8Array(8);return ei(r,t,0),ei(r,e%0x100000000,4),r}function es(e){let t=new Uint8Array(4);return ei(t,e),t}function ec(e){let t=new Uint8Array(e.length);for(let r=0;r<e.length;r++){let n=e.charCodeAt(r);if(n>127)throw TypeError("non-ASCII string encountered in encode()");t[r]=n}return t}function el(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64("string"==typeof e?e:en.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=en.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/");try{var r=t;if(Uint8Array.fromBase64)return Uint8Array.fromBase64(r);let e=atob(r),n=new Uint8Array(e.length);for(let t=0;t<e.length;t++)n[t]=e.charCodeAt(t);return n}catch{throw TypeError("The input to be decoded is not correctly encoded.")}}function eu(e){let t=e;return("string"==typeof t&&(t=er.encode(t)),Uint8Array.prototype.toBase64)?t.toBase64({alphabet:"base64url",omitPadding:!0}):(function(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=[];for(let r=0;r<e.length;r+=32768)t.push(String.fromCharCode.apply(null,e.subarray(r,r+32768)));return btoa(t.join(""))})(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}e.s(["decode",()=>el,"encode",()=>eu],12018);let ed=Symbol();class ep extends Error{static code="ERR_JOSE_GENERIC";code="ERR_JOSE_GENERIC";constructor(e,t){super(e,t),this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}}class eh extends ep{static code="ERR_JWT_CLAIM_VALIDATION_FAILED";code="ERR_JWT_CLAIM_VALIDATION_FAILED";claim;reason;payload;constructor(e,t,r="unspecified",n="unspecified"){super(e,{cause:{claim:r,reason:n,payload:t}}),this.claim=r,this.reason=n,this.payload=t}}class ef extends ep{static code="ERR_JWT_EXPIRED";code="ERR_JWT_EXPIRED";claim;reason;payload;constructor(e,t,r="unspecified",n="unspecified"){super(e,{cause:{claim:r,reason:n,payload:t}}),this.claim=r,this.reason=n,this.payload=t}}class ey extends ep{static code="ERR_JOSE_ALG_NOT_ALLOWED";code="ERR_JOSE_ALG_NOT_ALLOWED"}class em extends ep{static code="ERR_JOSE_NOT_SUPPORTED";code="ERR_JOSE_NOT_SUPPORTED"}class eg extends ep{static code="ERR_JWE_DECRYPTION_FAILED";code="ERR_JWE_DECRYPTION_FAILED";constructor(e="decryption operation failed",t){super(e,t)}}class ew extends ep{static code="ERR_JWE_INVALID";code="ERR_JWE_INVALID"}class eb extends ep{static code="ERR_JWT_INVALID";code="ERR_JWT_INVALID"}class e_ extends ep{static code="ERR_JWK_INVALID";code="ERR_JWK_INVALID"}class ev extends ep{[Symbol.asyncIterator];static code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";constructor(e="multiple matching keys found in the JSON Web Key Set",t){super(e,t)}}function ek(e){switch(e){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new em(`Unsupported JWE Algorithm: ${e}`)}}function eE(e,t){if(t.length<<3!==ek(e))throw new ew("Invalid Initialization Vector length")}function eA(e,t){let r=e.byteLength<<3;if(r!==t)throw new ew(`Invalid Content Encryption Key length. Expected ${t} bits, got ${r} bits`)}let eS=(e,t="algorithm.name")=>TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`);function eR(e,t,r){switch(t){case"A128GCM":case"A192GCM":case"A256GCM":{if("AES-GCM"!==e.algorithm.name)throw eS("AES-GCM");let r=parseInt(t.slice(1,4),10);if(e.algorithm.length!==r)throw eS(r,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if("AES-KW"!==e.algorithm.name)throw eS("AES-KW");let r=parseInt(t.slice(1,4),10);if(e.algorithm.length!==r)throw eS(r,"algorithm.length");break}case"ECDH":switch(e.algorithm.name){case"ECDH":case"X25519":break;default:throw eS("ECDH or X25519")}break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if("PBKDF2"!==e.algorithm.name)throw eS("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if("RSA-OAEP"!==e.algorithm.name)throw eS("RSA-OAEP");let r=parseInt(t.slice(9),10)||1;if(parseInt(e.algorithm.hash.name.slice(4),10)!==r)throw eS(`SHA-${r}`,"algorithm.hash");break}default:throw TypeError("CryptoKey does not support this operation")}if(r&&!e.usages.includes(r))throw TypeError(`CryptoKey does not support this operation, its usages must include ${r}.`)}function ex(e,t,...r){if((r=r.filter(Boolean)).length>2){let t=r.pop();e+=`one of type ${r.join(", ")}, or ${t}.`}else 2===r.length?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return null==t?e+=` Received ${t}`:"function"==typeof t&&t.name?e+=` Received function ${t.name}`:"object"==typeof t&&null!=t&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}let eT=(e,...t)=>ex("Key must be ",e,...t),eP=(e,t,...r)=>ex(`Key for the ${e} algorithm must be `,t,...r);function eC(e){if(!eO(e))throw Error("CryptoKey instance expected")}let eO=e=>{if(e?.[Symbol.toStringTag]==="CryptoKey")return!0;try{return e instanceof CryptoKey}catch{return!1}},eU=e=>e?.[Symbol.toStringTag]==="KeyObject",ej=e=>eO(e)||eU(e);async function e$(e,t,r,n,a){if(!(r instanceof Uint8Array))throw TypeError(eT(r,"Uint8Array"));let i=parseInt(e.slice(1,4),10),o=await crypto.subtle.importKey("raw",r.subarray(i>>3),"AES-CBC",!1,["encrypt"]),s=await crypto.subtle.importKey("raw",r.subarray(0,i>>3),{hash:`SHA-${i<<1}`,name:"HMAC"},!1,["sign"]),c=new Uint8Array(await crypto.subtle.encrypt({iv:n,name:"AES-CBC"},o,t)),l=ea(a,n,c,eo(a.length<<3));return{ciphertext:c,tag:new Uint8Array((await crypto.subtle.sign("HMAC",s,l)).slice(0,i>>3)),iv:n}}async function eI(e,t,r,n,a){let i;r instanceof Uint8Array?i=await crypto.subtle.importKey("raw",r,"AES-GCM",!1,["encrypt"]):(eR(r,e,"encrypt"),i=r);let o=new Uint8Array(await crypto.subtle.encrypt({additionalData:a,iv:n,name:"AES-GCM",tagLength:128},i,t)),s=o.slice(-16);return{ciphertext:o.slice(0,-16),tag:s,iv:n}}async function eH(e,t,r,n,a){if(!eO(r)&&!(r instanceof Uint8Array))throw TypeError(eT(r,"CryptoKey","KeyObject","Uint8Array","JSON Web Key"));if(n)eE(e,n);else n=crypto.getRandomValues(new Uint8Array(ek(e)>>3));switch(e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return r instanceof Uint8Array&&eA(r,parseInt(e.slice(-3),10)),e$(e,t,r,n,a);case"A128GCM":case"A192GCM":case"A256GCM":return r instanceof Uint8Array&&eA(r,parseInt(e.slice(1,4),10)),eI(e,t,r,n,a);default:throw new em("Unsupported JWE Content Encryption Algorithm")}}function eD(e,t){if(e.algorithm.length!==parseInt(t.slice(1,4),10))throw TypeError(`Invalid key size for alg: ${t}`)}function eW(e,t,r){return e instanceof Uint8Array?crypto.subtle.importKey("raw",e,"AES-KW",!0,[r]):(eR(e,t,r),e)}async function eK(e,t,r){let n=await eW(t,e,"wrapKey");eD(n,e);let a=await crypto.subtle.importKey("raw",r,{hash:"SHA-256",name:"HMAC"},!0,["sign"]);return new Uint8Array(await crypto.subtle.wrapKey("raw",a,n,"AES-KW"))}async function eM(e,t,r){let n=await eW(t,e,"unwrapKey");eD(n,e);let a=await crypto.subtle.unwrapKey("raw",r,n,"AES-KW",{hash:"SHA-256",name:"HMAC"},!0,["sign"]);return new Uint8Array(await crypto.subtle.exportKey("raw",a))}async function eL(e,t){let r=`SHA-${e.slice(-3)}`;return new Uint8Array(await crypto.subtle.digest(r,t))}function eN(e){return ea(es(e.length),e)}async function eJ(e,t,r){let n=t>>3,a=Math.ceil(n/32),i=new Uint8Array(32*a);for(let t=1;t<=a;t++){let n=new Uint8Array(4+e.length+r.length);n.set(es(t),0),n.set(e,4),n.set(r,4+e.length);let a=await eL("sha256",n);i.set(a,(t-1)*32)}return i.slice(0,n)}async function eB(e,t,r,n,a=new Uint8Array,i=new Uint8Array){var o;eR(e,"ECDH"),eR(t,"ECDH","deriveBits");let s=ea(eN(ec(r)),eN(a),eN(i),es(n),new Uint8Array);return eJ(new Uint8Array(await crypto.subtle.deriveBits({name:e.algorithm.name,public:e},t,"X25519"===(o=e).algorithm.name?256:Math.ceil(parseInt(o.algorithm.namedCurve.slice(-3),10)/8)<<3)),n,s)}function ez(e){switch(e.algorithm.namedCurve){case"P-256":case"P-384":case"P-521":return!0;default:return"X25519"===e.algorithm.name}}async function eF(e,t,r,n){if(!(e instanceof Uint8Array)||e.length<8)throw new ew("PBES2 Salt Input must be 8 or more octets");let a=ea(ec(t),Uint8Array.of(0),e),i=parseInt(t.slice(13,16),10),o={hash:`SHA-${t.slice(8,11)}`,iterations:r,name:"PBKDF2",salt:a},s=await (n instanceof Uint8Array?crypto.subtle.importKey("raw",n,"PBKDF2",!1,["deriveBits"]):(eR(n,t,"deriveBits"),n));return new Uint8Array(await crypto.subtle.deriveBits(o,s,i))}async function eq(e,t,r,n=2048,a=crypto.getRandomValues(new Uint8Array(16))){let i=await eF(a,e,n,t);return{encryptedKey:await eK(e.slice(-6),i,r),p2c:n,p2s:eu(a)}}async function eV(e,t,r,n,a){let i=await eF(a,e,n,t);return eM(e.slice(-6),i,r)}function eG(e,t){if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if("number"!=typeof r||r<2048)throw TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}}let eX=e=>{switch(e){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new em(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};async function eZ(e,t,r){return eR(t,e,"encrypt"),eG(e,t),new Uint8Array(await crypto.subtle.encrypt(eX(e),t,r))}async function eY(e,t,r){return eR(t,e,"decrypt"),eG(e,t),new Uint8Array(await crypto.subtle.decrypt(eX(e),t,r))}function eQ(e){if("object"!=typeof e||null===e||"[object Object]"!==Object.prototype.toString.call(e))return!1;if(null===Object.getPrototypeOf(e))return!0;let t=e;for(;null!==Object.getPrototypeOf(t);)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}let e0=e=>eQ(e)&&"string"==typeof e.kty;async function e1(e){if(!e.alg)throw TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=function(e){let t,r;switch(e.kty){case"AKP":switch(e.alg){case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new em('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"RSA":switch(e.alg){case"PS256":case"PS384":case"PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new em('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"EC":switch(e.alg){case"ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case"ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case"ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new em('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;case"OKP":switch(e.alg){case"Ed25519":case"EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new em('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break;default:throw new em('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:t,keyUsages:r}}(e),n={...e};return"AKP"!==n.kty&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??(!e.d&&!e.priv),e.key_ops??r)}let e2=async(e,t,n,a=!1)=>{let i=(r||=new WeakMap).get(e);if(i?.[n])return i[n];let o=await e1({...t,alg:n});return a&&Object.freeze(e),i?i[n]=o:r.set(e,{[n]:o}),o};async function e5(e,t){if(e instanceof Uint8Array||eO(e))return e;if(eU(e)){if("secret"===e.type)return e.export();if("toCryptoKey"in e&&"function"==typeof e.toCryptoKey)try{return((e,t)=>{let n,a=(r||=new WeakMap).get(e);if(a?.[t])return a[t];let i="public"===e.type,o=!!i;if("x25519"===e.asymmetricKeyType){switch(t){case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":break;default:throw TypeError("given KeyObject instance cannot be used for this algorithm")}n=e.toCryptoKey(e.asymmetricKeyType,o,i?[]:["deriveBits"])}if("ed25519"===e.asymmetricKeyType){if("EdDSA"!==t&&"Ed25519"!==t)throw TypeError("given KeyObject instance cannot be used for this algorithm");n=e.toCryptoKey(e.asymmetricKeyType,o,[i?"verify":"sign"])}switch(e.asymmetricKeyType){case"ml-dsa-44":case"ml-dsa-65":case"ml-dsa-87":if(t!==e.asymmetricKeyType.toUpperCase())throw TypeError("given KeyObject instance cannot be used for this algorithm");n=e.toCryptoKey(e.asymmetricKeyType,o,[i?"verify":"sign"])}if("rsa"===e.asymmetricKeyType){let r;switch(t){case"RSA-OAEP":r="SHA-1";break;case"RS256":case"PS256":case"RSA-OAEP-256":r="SHA-256";break;case"RS384":case"PS384":case"RSA-OAEP-384":r="SHA-384";break;case"RS512":case"PS512":case"RSA-OAEP-512":r="SHA-512";break;default:throw TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:r},o,i?["encrypt"]:["decrypt"]);n=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:r},o,[i?"verify":"sign"])}if("ec"===e.asymmetricKeyType){let r=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!r)throw TypeError("given KeyObject instance cannot be used for this algorithm");"ES256"===t&&"P-256"===r&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:r},o,[i?"verify":"sign"])),"ES384"===t&&"P-384"===r&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:r},o,[i?"verify":"sign"])),"ES512"===t&&"P-521"===r&&(n=e.toCryptoKey({name:"ECDSA",namedCurve:r},o,[i?"verify":"sign"])),t.startsWith("ECDH-ES")&&(n=e.toCryptoKey({name:"ECDH",namedCurve:r},o,i?[]:["deriveBits"]))}if(!n)throw TypeError("given KeyObject instance cannot be used for this algorithm");return a?a[t]=n:r.set(e,{[t]:n}),n})(e,t)}catch(e){if(e instanceof TypeError)throw e}let n=e.export({format:"jwk"});return e2(e,n,t)}if(e0(e))return e.k?el(e.k):e2(e,e,t,!0);throw Error("unreachable")}function e8(e){switch(e){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new em(`Unsupported JWE Algorithm: ${e}`)}}let e6=e=>crypto.getRandomValues(new Uint8Array(e8(e)>>3));async function e4(e){if(eU(e))if("secret"!==e.type)return e.export({format:"jwk"});else e=e.export();if(e instanceof Uint8Array)return{kty:"oct",k:eu(e)};if(!eO(e))throw TypeError(eT(e,"CryptoKey","KeyObject","Uint8Array"));if(!e.extractable)throw TypeError("non-extractable CryptoKey cannot be exported as a JWK");let{ext:t,key_ops:r,alg:n,use:a,...i}=await crypto.subtle.exportKey("jwk",e);return"AKP"===i.kty&&(i.alg=n),i}async function e3(e){return e4(e)}async function e9(e,t){if(!(e instanceof Uint8Array))throw TypeError("First argument must be a buffer");if(!(t instanceof Uint8Array))throw TypeError("Second argument must be a buffer");let r={name:"HMAC",hash:"SHA-256"},n=await crypto.subtle.generateKey(r,!1,["sign"]),a=new Uint8Array(await crypto.subtle.sign(r,n,e)),i=new Uint8Array(await crypto.subtle.sign(r,n,t)),o=0,s=-1;for(;++s<32;)o|=a[s]^i[s];return 0===o}async function e7(e,t,r,n,a,i){let o,s;if(!(t instanceof Uint8Array))throw TypeError(eT(t,"Uint8Array"));let c=parseInt(e.slice(1,4),10),l=await crypto.subtle.importKey("raw",t.subarray(c>>3),"AES-CBC",!1,["decrypt"]),u=await crypto.subtle.importKey("raw",t.subarray(0,c>>3),{hash:`SHA-${c<<1}`,name:"HMAC"},!1,["sign"]),d=ea(i,n,r,eo(i.length<<3)),p=new Uint8Array((await crypto.subtle.sign("HMAC",u,d)).slice(0,c>>3));try{o=await e9(a,p)}catch{}if(!o)throw new eg;try{s=new Uint8Array(await crypto.subtle.decrypt({iv:n,name:"AES-CBC"},l,r))}catch{}if(!s)throw new eg;return s}async function te(e,t,r,n,a,i){let o;t instanceof Uint8Array?o=await crypto.subtle.importKey("raw",t,"AES-GCM",!1,["decrypt"]):(eR(t,e,"decrypt"),o=t);try{return new Uint8Array(await crypto.subtle.decrypt({additionalData:i,iv:n,name:"AES-GCM",tagLength:128},o,ea(r,a)))}catch{throw new eg}}async function tt(e,t,r,n,a,i){if(!eO(t)&&!(t instanceof Uint8Array))throw TypeError(eT(t,"CryptoKey","KeyObject","Uint8Array","JSON Web Key"));if(!n)throw new ew("JWE Initialization Vector missing");if(!a)throw new ew("JWE Authentication Tag missing");switch(eE(e,n),e){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return t instanceof Uint8Array&&eA(t,parseInt(e.slice(-3),10)),e7(e,t,r,n,a,i);case"A128GCM":case"A192GCM":case"A256GCM":return t instanceof Uint8Array&&eA(t,parseInt(e.slice(1,4),10)),te(e,t,r,n,a,i);default:throw new em("Unsupported JWE Content Encryption Algorithm")}}async function tr(e,t,r,n){let a=e.slice(0,7),i=await eH(a,r,t,n,new Uint8Array);return{encryptedKey:i.ciphertext,iv:eu(i.iv),tag:eu(i.tag)}}async function tn(e,t,r,n,a){return tt(e.slice(0,7),t,r,n,a,new Uint8Array)}async function ta(e,t,r,n,a={}){let i,o,s;switch(e){case"dir":s=r;break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{let c;if(eC(r),!ez(r))throw new em("ECDH with the provided key is not allowed or not supported by your javascript runtime");let{apu:l,apv:u}=a;c=a.epk?await e5(a.epk,e):(await crypto.subtle.generateKey(r.algorithm,!0,["deriveBits"])).privateKey;let{x:d,y:p,crv:h,kty:f}=await e3(c),y=await eB(r,c,"ECDH-ES"===e?t:e,"ECDH-ES"===e?e8(t):parseInt(e.slice(-5,-2),10),l,u);if(o={epk:{x:d,crv:h,kty:f}},"EC"===f&&(o.epk.y=p),l&&(o.apu=eu(l)),u&&(o.apv=eu(u)),"ECDH-ES"===e){s=y;break}s=n||e6(t);let m=e.slice(-6);i=await eK(m,y,s);break}case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":s=n||e6(t),eC(r),i=await eZ(e,r,s);break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{s=n||e6(t);let{p2c:c,p2s:l}=a;({encryptedKey:i,...o}=await eq(e,r,s,c,l));break}case"A128KW":case"A192KW":case"A256KW":s=n||e6(t),i=await eK(e,r,s);break;case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{s=n||e6(t);let{iv:c}=a;({encryptedKey:i,...o}=await tr(e,r,s,c));break}default:throw new em('Invalid or unsupported "alg" (JWE Algorithm) header value')}return{cek:s,encryptedKey:i,parameters:o}}function ti(...e){let t,r=e.filter(Boolean);if(0===r.length||1===r.length)return!0;for(let e of r){let r=Object.keys(e);if(!t||0===t.size){t=new Set(r);continue}for(let e of r){if(t.has(e))return!1;t.add(e)}}return!0}function to(e,t,r,n,a){let i;if(void 0!==a.crit&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||void 0===n.crit)return new Set;if(!Array.isArray(n.crit)||0===n.crit.length||n.crit.some(e=>"string"!=typeof e||0===e.length))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');for(let o of(i=void 0!==r?new Map([...Object.entries(r),...t.entries()]):t,n.crit)){if(!i.has(o))throw new em(`Extension Header Parameter "${o}" is not recognized`);if(void 0===a[o])throw new e(`Extension Header Parameter "${o}" is missing`);if(i.get(o)&&void 0===n[o])throw new e(`Extension Header Parameter "${o}" MUST be integrity protected`)}return new Set(n.crit)}let ts=e=>e?.[Symbol.toStringTag],tc=(e,t,r)=>{if(void 0!==t.use){let e;switch(r){case"sign":case"verify":e="sig";break;case"encrypt":case"decrypt":e="enc"}if(t.use!==e)throw TypeError(`Invalid key for this operation, its "use" must be "${e}" when present`)}if(void 0!==t.alg&&t.alg!==e)throw TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(!0){case"sign"===r||"verify"===r:case"dir"===e:case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case/^A\d{3}(?:GCM)?(?:KW)?$/.test(e):n=!e.includes("GCM")&&e.endsWith("KW")?"encrypt"===r?"wrapKey":"unwrapKey":r;break;case"encrypt"===r&&e.startsWith("RSA"):n="wrapKey";break;case"decrypt"===r:n=e.startsWith("RSA")?"unwrapKey":"deriveBits"}if(n&&t.key_ops?.includes?.(n)===!1)throw TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return!0};function tl(e,t,r){switch(e.substring(0,2)){case"A1":case"A2":case"di":case"HS":case"PB":((e,t,r)=>{if(!(t instanceof Uint8Array)){if(e0(t)){if("oct"===t.kty&&"string"==typeof t.k&&tc(e,t,r))return;throw TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!ej(t))throw TypeError(eP(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if("secret"!==t.type)throw TypeError(`${ts(t)} instances for symmetric algorithms must be of type "secret"`)}})(e,t,r);break;default:((e,t,r)=>{if(e0(t))switch(r){case"decrypt":case"sign":if("oct"!==t.kty&&("AKP"===t.kty&&"string"==typeof t.priv||"string"==typeof t.d)&&tc(e,t,r))return;throw TypeError("JSON Web Key for this operation must be a private JWK");case"encrypt":case"verify":if("oct"!==t.kty&&void 0===t.d&&void 0===t.priv&&tc(e,t,r))return;throw TypeError("JSON Web Key for this operation must be a public JWK")}if(!ej(t))throw TypeError(eP(e,t,"CryptoKey","KeyObject","JSON Web Key"));if("secret"===t.type)throw TypeError(`${ts(t)} instances for asymmetric algorithms must not be of type "secret"`);if("public"===t.type)switch(r){case"sign":throw TypeError(`${ts(t)} instances for asymmetric algorithm signing must be of type "private"`);case"decrypt":throw TypeError(`${ts(t)} instances for asymmetric algorithm decryption must be of type "private"`)}if("private"===t.type)switch(r){case"verify":throw TypeError(`${ts(t)} instances for asymmetric algorithm verifying must be of type "public"`);case"encrypt":throw TypeError(`${ts(t)} instances for asymmetric algorithm encryption must be of type "public"`)}})(e,t,r)}}class tu{#e;#t;#r;#n;#a;#i;#o;#s;constructor(e){if(!(e instanceof Uint8Array))throw TypeError("plaintext must be an instance of Uint8Array");this.#e=e}setKeyManagementParameters(e){if(this.#s)throw TypeError("setKeyManagementParameters can only be called once");return this.#s=e,this}setProtectedHeader(e){if(this.#t)throw TypeError("setProtectedHeader can only be called once");return this.#t=e,this}setSharedUnprotectedHeader(e){if(this.#r)throw TypeError("setSharedUnprotectedHeader can only be called once");return this.#r=e,this}setUnprotectedHeader(e){if(this.#n)throw TypeError("setUnprotectedHeader can only be called once");return this.#n=e,this}setAdditionalAuthenticatedData(e){return this.#a=e,this}setContentEncryptionKey(e){if(this.#i)throw TypeError("setContentEncryptionKey can only be called once");return this.#i=e,this}setInitializationVector(e){if(this.#o)throw TypeError("setInitializationVector can only be called once");return this.#o=e,this}async encrypt(e,t){let r,n,a,i,o,s;if(!this.#t&&!this.#n&&!this.#r)throw new ew("either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()");if(!ti(this.#t,this.#n,this.#r))throw new ew("JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint");let c={...this.#t,...this.#n,...this.#r};if(to(ew,new Map,t?.crit,this.#t,c),void 0!==c.zip)throw new em('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');let{alg:l,enc:u}=c;if("string"!=typeof l||!l)throw new ew('JWE "alg" (Algorithm) Header Parameter missing or invalid');if("string"!=typeof u||!u)throw new ew('JWE "enc" (Encryption Algorithm) Header Parameter missing or invalid');if(this.#i&&("dir"===l||"ECDH-ES"===l))throw TypeError(`setContentEncryptionKey cannot be called with JWE "alg" (Algorithm) Header ${l}`);tl("dir"===l?u:l,e,"encrypt");{let a,i=await e5(e,l);({cek:n,encryptedKey:r,parameters:a}=await ta(l,u,i,this.#i,this.#s)),a&&(t&&ed in t?this.#n?this.#n={...this.#n,...a}:this.setUnprotectedHeader(a):this.#t?this.#t={...this.#t,...a}:this.setProtectedHeader(a))}if(this.#t?o=ec(i=eu(JSON.stringify(this.#t))):(i="",o=new Uint8Array),this.#a){let e=ec(s=eu(this.#a));a=ea(o,ec("."),e)}else a=o;let{ciphertext:d,tag:p,iv:h}=await eH(u,this.#e,n,this.#o,a),f={ciphertext:eu(d)};return h&&(f.iv=eu(h)),p&&(f.tag=eu(p)),r&&(f.encrypted_key=eu(r)),s&&(f.aad=s),this.#t&&(f.protected=i),this.#r&&(f.unprotected=this.#r),this.#n&&(f.header=this.#n),f}}class td{#c;constructor(e){this.#c=new tu(e)}setContentEncryptionKey(e){return this.#c.setContentEncryptionKey(e),this}setInitializationVector(e){return this.#c.setInitializationVector(e),this}setProtectedHeader(e){return this.#c.setProtectedHeader(e),this}setKeyManagementParameters(e){return this.#c.setKeyManagementParameters(e),this}async encrypt(e,t){let r=await this.#c.encrypt(e,t);return[r.protected,r.encrypted_key,r.iv,r.ciphertext,r.tag].join(".")}}let tp=e=>Math.floor(e.getTime()/1e3),th=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;function tf(e){let t,r=th.exec(e);if(!r||r[4]&&r[1])throw TypeError("Invalid time period format");let n=parseFloat(r[2]);switch(r[3].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":t=Math.round(n);break;case"minute":case"minutes":case"min":case"mins":case"m":t=Math.round(60*n);break;case"hour":case"hours":case"hr":case"hrs":case"h":t=Math.round(3600*n);break;case"day":case"days":case"d":t=Math.round(86400*n);break;case"week":case"weeks":case"w":t=Math.round(604800*n);break;default:t=Math.round(0x1e187e0*n)}return"-"===r[1]||"ago"===r[4]?-t:t}function ty(e,t){if(!Number.isFinite(t))throw TypeError(`Invalid ${e} input`);return t}let tm=e=>e.includes("/")?e.toLowerCase():`application/${e.toLowerCase()}`;class tg{#l;constructor(e){if(!eQ(e))throw TypeError("JWT Claims Set MUST be an object");this.#l=structuredClone(e)}data(){return er.encode(JSON.stringify(this.#l))}get iss(){return this.#l.iss}set iss(e){this.#l.iss=e}get sub(){return this.#l.sub}set sub(e){this.#l.sub=e}get aud(){return this.#l.aud}set aud(e){this.#l.aud=e}set jti(e){this.#l.jti=e}set nbf(e){"number"==typeof e?this.#l.nbf=ty("setNotBefore",e):e instanceof Date?this.#l.nbf=ty("setNotBefore",tp(e)):this.#l.nbf=tp(new Date)+tf(e)}set exp(e){"number"==typeof e?this.#l.exp=ty("setExpirationTime",e):e instanceof Date?this.#l.exp=ty("setExpirationTime",tp(e)):this.#l.exp=tp(new Date)+tf(e)}set iat(e){void 0===e?this.#l.iat=tp(new Date):e instanceof Date?this.#l.iat=ty("setIssuedAt",tp(e)):"string"==typeof e?this.#l.iat=ty("setIssuedAt",tp(new Date)+tf(e)):this.#l.iat=ty("setIssuedAt",e)}}class tw{#i;#o;#s;#t;#u;#d;#p;#h;constructor(e={}){this.#h=new tg(e)}setIssuer(e){return this.#h.iss=e,this}setSubject(e){return this.#h.sub=e,this}setAudience(e){return this.#h.aud=e,this}setJti(e){return this.#h.jti=e,this}setNotBefore(e){return this.#h.nbf=e,this}setExpirationTime(e){return this.#h.exp=e,this}setIssuedAt(e){return this.#h.iat=e,this}setProtectedHeader(e){if(this.#t)throw TypeError("setProtectedHeader can only be called once");return this.#t=e,this}setKeyManagementParameters(e){if(this.#s)throw TypeError("setKeyManagementParameters can only be called once");return this.#s=e,this}setContentEncryptionKey(e){if(this.#i)throw TypeError("setContentEncryptionKey can only be called once");return this.#i=e,this}setInitializationVector(e){if(this.#o)throw TypeError("setInitializationVector can only be called once");return this.#o=e,this}replicateIssuerAsHeader(){return this.#u=!0,this}replicateSubjectAsHeader(){return this.#d=!0,this}replicateAudienceAsHeader(){return this.#p=!0,this}async encrypt(e,t){let r=new td(this.#h.data());return this.#t&&(this.#u||this.#d||this.#p)&&(this.#t={...this.#t,iss:this.#u?this.#h.iss:void 0,sub:this.#d?this.#h.sub:void 0,aud:this.#p?this.#h.aud:void 0}),r.setProtectedHeader(this.#t),this.#o&&r.setInitializationVector(this.#o),this.#i&&r.setContentEncryptionKey(this.#i),this.#s&&r.setKeyManagementParameters(this.#s),r.encrypt(e,t)}}var tb=e.i(12018),tb=tb;let t_=(e,t)=>{if("string"!=typeof e||!e)throw new e_(`${t} missing or invalid`)};async function tv(e,t){let r,n;if(e0(e))r=e;else if(ej(e))r=await e3(e);else throw TypeError(eT(e,"CryptoKey","KeyObject","JSON Web Key"));if("sha256"!==(t??="sha256")&&"sha384"!==t&&"sha512"!==t)throw TypeError('digestAlgorithm must one of "sha256", "sha384", or "sha512"');switch(r.kty){case"AKP":t_(r.alg,'"alg" (Algorithm) Parameter'),t_(r.pub,'"pub" (Public key) Parameter'),n={alg:r.alg,kty:r.kty,pub:r.pub};break;case"EC":t_(r.crv,'"crv" (Curve) Parameter'),t_(r.x,'"x" (X Coordinate) Parameter'),t_(r.y,'"y" (Y Coordinate) Parameter'),n={crv:r.crv,kty:r.kty,x:r.x,y:r.y};break;case"OKP":t_(r.crv,'"crv" (Subtype of Key Pair) Parameter'),t_(r.x,'"x" (Public Key) Parameter'),n={crv:r.crv,kty:r.kty,x:r.x};break;case"RSA":t_(r.e,'"e" (Exponent) Parameter'),t_(r.n,'"n" (Modulus) Parameter'),n={e:r.e,kty:r.kty,n:r.n};break;case"oct":t_(r.k,'"k" (Key Value) Parameter'),n={k:r.k,kty:r.kty};break;default:throw new em('"kty" (Key Type) Parameter missing or unsupported')}let a=ec(JSON.stringify(n));return eu(await eL(t,a))}async function tk(e,t,r){let n;if(!eQ(e))throw TypeError("JWK must be an object");switch(t??=e.alg,n??=r?.extractable??e.ext,e.kty){case"oct":if("string"!=typeof e.k||!e.k)throw TypeError('missing "k" (Key Value) Parameter value');return el(e.k);case"RSA":if("oth"in e&&void 0!==e.oth)throw new em('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');return e1({...e,alg:t,ext:n});case"AKP":if("string"!=typeof e.alg||!e.alg)throw TypeError('missing "alg" (Algorithm) Parameter value');if(void 0!==t&&t!==e.alg)throw TypeError("JWK alg and alg option value mismatch");return e1({...e,ext:n});case"EC":case"OKP":return e1({...e,alg:t,ext:n});default:throw new em('Unsupported "kty" (Key Type) Parameter value')}}async function tE(e,t,r,n,a){switch(e){case"dir":if(void 0!==r)throw new ew("Encountered unexpected JWE Encrypted Key");return t;case"ECDH-ES":if(void 0!==r)throw new ew("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{let a,i;if(!eQ(n.epk))throw new ew('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(eC(t),!ez(t))throw new em("ECDH with the provided key is not allowed or not supported by your javascript runtime");let o=await tk(n.epk,e);if(eC(o),void 0!==n.apu){if("string"!=typeof n.apu)throw new ew('JOSE Header "apu" (Agreement PartyUInfo) invalid');try{a=el(n.apu)}catch{throw new ew("Failed to base64url decode the apu")}}if(void 0!==n.apv){if("string"!=typeof n.apv)throw new ew('JOSE Header "apv" (Agreement PartyVInfo) invalid');try{i=el(n.apv)}catch{throw new ew("Failed to base64url decode the apv")}}let s=await eB(o,t,"ECDH-ES"===e?n.enc:e,"ECDH-ES"===e?e8(n.enc):parseInt(e.slice(-5,-2),10),a,i);if("ECDH-ES"===e)return s;if(void 0===r)throw new ew("JWE Encrypted Key missing");return eM(e.slice(-6),s,r)}case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":if(void 0===r)throw new ew("JWE Encrypted Key missing");return eC(t),eY(e,t,r);case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{let i;if(void 0===r)throw new ew("JWE Encrypted Key missing");if("number"!=typeof n.p2c)throw new ew('JOSE Header "p2c" (PBES2 Count) missing or invalid');let o=a?.maxPBES2Count||1e4;if(n.p2c>o)throw new ew('JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds');if("string"!=typeof n.p2s)throw new ew('JOSE Header "p2s" (PBES2 Salt) missing or invalid');try{i=el(n.p2s)}catch{throw new ew("Failed to base64url decode the p2s")}return eV(e,t,r,n.p2c,i)}case"A128KW":case"A192KW":case"A256KW":if(void 0===r)throw new ew("JWE Encrypted Key missing");return eM(e,t,r);case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{let a,i;if(void 0===r)throw new ew("JWE Encrypted Key missing");if("string"!=typeof n.iv)throw new ew('JOSE Header "iv" (Initialization Vector) missing or invalid');if("string"!=typeof n.tag)throw new ew('JOSE Header "tag" (Authentication Tag) missing or invalid');try{a=el(n.iv)}catch{throw new ew("Failed to base64url decode the iv")}try{i=el(n.tag)}catch{throw new ew("Failed to base64url decode the tag")}return tn(e,t,r,a,i)}default:throw new em('Invalid or unsupported "alg" (JWE Algorithm) header value')}}function tA(e,t){if(void 0!==t&&(!Array.isArray(t)||t.some(e=>"string"!=typeof e)))throw TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)}async function tS(e,t,r){let n,a,i,o,s,c,l;if(!eQ(e))throw new ew("Flattened JWE must be an object");if(void 0===e.protected&&void 0===e.header&&void 0===e.unprotected)throw new ew("JOSE Header missing");if(void 0!==e.iv&&"string"!=typeof e.iv)throw new ew("JWE Initialization Vector incorrect type");if("string"!=typeof e.ciphertext)throw new ew("JWE Ciphertext missing or incorrect type");if(void 0!==e.tag&&"string"!=typeof e.tag)throw new ew("JWE Authentication Tag incorrect type");if(void 0!==e.protected&&"string"!=typeof e.protected)throw new ew("JWE Protected Header incorrect type");if(void 0!==e.encrypted_key&&"string"!=typeof e.encrypted_key)throw new ew("JWE Encrypted Key incorrect type");if(void 0!==e.aad&&"string"!=typeof e.aad)throw new ew("JWE AAD incorrect type");if(void 0!==e.header&&!eQ(e.header))throw new ew("JWE Shared Unprotected Header incorrect type");if(void 0!==e.unprotected&&!eQ(e.unprotected))throw new ew("JWE Per-Recipient Unprotected Header incorrect type");if(e.protected)try{let t=el(e.protected);n=JSON.parse(en.decode(t))}catch{throw new ew("JWE Protected Header is invalid")}if(!ti(n,e.header,e.unprotected))throw new ew("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");let u={...n,...e.header,...e.unprotected};if(to(ew,new Map,r?.crit,n,u),void 0!==u.zip)throw new em('JWE "zip" (Compression Algorithm) Header Parameter is not supported.');let{alg:d,enc:p}=u;if("string"!=typeof d||!d)throw new ew("missing JWE Algorithm (alg) in JWE Header");if("string"!=typeof p||!p)throw new ew("missing JWE Encryption Algorithm (enc) in JWE Header");let h=r&&tA("keyManagementAlgorithms",r.keyManagementAlgorithms),f=r&&tA("contentEncryptionAlgorithms",r.contentEncryptionAlgorithms);if(h&&!h.has(d)||!h&&d.startsWith("PBES2"))throw new ey('"alg" (Algorithm) Header Parameter value not allowed');if(f&&!f.has(p))throw new ey('"enc" (Encryption Algorithm) Header Parameter value not allowed');if(void 0!==e.encrypted_key)try{a=el(e.encrypted_key)}catch{throw new ew("Failed to base64url decode the encrypted_key")}let y=!1;"function"==typeof t&&(t=await t(n,e),y=!0),tl("dir"===d?p:d,t,"decrypt");let m=await e5(t,d);try{i=await tE(d,m,a,u,r)}catch(e){if(e instanceof TypeError||e instanceof ew||e instanceof em)throw e;i=e6(p)}if(void 0!==e.iv)try{o=el(e.iv)}catch{throw new ew("Failed to base64url decode the iv")}if(void 0!==e.tag)try{s=el(e.tag)}catch{throw new ew("Failed to base64url decode the tag")}let g=void 0!==e.protected?ec(e.protected):new Uint8Array;c=void 0!==e.aad?ea(g,ec("."),ec(e.aad)):g;try{l=el(e.ciphertext)}catch{throw new ew("Failed to base64url decode the ciphertext")}let w={plaintext:await tt(p,i,l,o,s,c)};if(void 0!==e.protected&&(w.protectedHeader=n),void 0!==e.aad)try{w.additionalAuthenticatedData=el(e.aad)}catch{throw new ew("Failed to base64url decode the aad")}return(void 0!==e.unprotected&&(w.sharedUnprotectedHeader=e.unprotected),void 0!==e.header&&(w.unprotectedHeader=e.header),y)?{...w,key:m}:w}async function tR(e,t,r){if(e instanceof Uint8Array&&(e=en.decode(e)),"string"!=typeof e)throw new ew("Compact JWE must be a string or Uint8Array");let{0:n,1:a,2:i,3:o,4:s,length:c}=e.split(".");if(5!==c)throw new ew("Invalid Compact JWE");let l=await tS({ciphertext:o,iv:i||void 0,protected:n,tag:s||void 0,encrypted_key:a||void 0},t,r),u={plaintext:l.plaintext,protectedHeader:l.protectedHeader};return"function"==typeof t?{...u,key:l.key}:u}async function tx(e,t,r){let n=await tR(e,t,r),a=function(e,t,r={}){var n,a;let i,o;try{i=JSON.parse(en.decode(t))}catch{}if(!eQ(i))throw new eb("JWT Claims Set must be a top-level JSON object");let{typ:s}=r;if(s&&("string"!=typeof e.typ||tm(e.typ)!==tm(s)))throw new eh('unexpected "typ" JWT header value',i,"typ","check_failed");let{requiredClaims:c=[],issuer:l,subject:u,audience:d,maxTokenAge:p}=r,h=[...c];for(let e of(void 0!==p&&h.push("iat"),void 0!==d&&h.push("aud"),void 0!==u&&h.push("sub"),void 0!==l&&h.push("iss"),new Set(h.reverse())))if(!(e in i))throw new eh(`missing required "${e}" claim`,i,e,"missing");if(l&&!(Array.isArray(l)?l:[l]).includes(i.iss))throw new eh('unexpected "iss" claim value',i,"iss","check_failed");if(u&&i.sub!==u)throw new eh('unexpected "sub" claim value',i,"sub","check_failed");if(d&&(n=i.aud,a="string"==typeof d?[d]:d,"string"==typeof n?!a.includes(n):!(Array.isArray(n)&&a.some(Set.prototype.has.bind(new Set(n))))))throw new eh('unexpected "aud" claim value',i,"aud","check_failed");switch(typeof r.clockTolerance){case"string":o=tf(r.clockTolerance);break;case"number":o=r.clockTolerance;break;case"undefined":o=0;break;default:throw TypeError("Invalid clockTolerance option type")}let{currentDate:f}=r,y=tp(f||new Date);if((void 0!==i.iat||p)&&"number"!=typeof i.iat)throw new eh('"iat" claim must be a number',i,"iat","invalid");if(void 0!==i.nbf){if("number"!=typeof i.nbf)throw new eh('"nbf" claim must be a number',i,"nbf","invalid");if(i.nbf>y+o)throw new eh('"nbf" claim timestamp check failed',i,"nbf","check_failed")}if(void 0!==i.exp){if("number"!=typeof i.exp)throw new eh('"exp" claim must be a number',i,"exp","invalid");if(i.exp<=y-o)throw new ef('"exp" claim timestamp check failed',i,"exp","check_failed")}if(p){let e=y-i.iat;if(e-o>("number"==typeof p?p:tf(p)))throw new ef('"iat" claim timestamp check failed (too far in the past)',i,"iat","check_failed");if(e<0-o)throw new eh('"iat" claim timestamp check failed (it should be in the past)',i,"iat","check_failed")}return i}(n.protectedHeader,n.plaintext,r),{protectedHeader:i}=n;if(void 0!==i.iss&&i.iss!==a.iss)throw new eh('replicated "iss" claim header parameter mismatch',a,"iss","mismatch");if(void 0!==i.sub&&i.sub!==a.sub)throw new eh('replicated "sub" claim header parameter mismatch',a,"sub","mismatch");if(void 0!==i.aud&&JSON.stringify(i.aud)!==JSON.stringify(a.aud))throw new eh('replicated "aud" claim header parameter mismatch',a,"aud","mismatch");let o={payload:a,protectedHeader:i};return"function"==typeof t?{...o,key:n.key}:o}let tT=/^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/,tP=/^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/,tC=/^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i,tO=/^[\u0020-\u003A\u003D-\u007E]*$/,tU=Object.prototype.toString,tj=((o=function(){}).prototype=Object.create(null),o);function t$(e,t){let r=new tj,n=e.length;if(n<2)return r;let a=t?.decode||tW,i=0;do{let t=e.indexOf("=",i);if(-1===t)break;let o=e.indexOf(";",i),s=-1===o?n:o;if(t>s){i=e.lastIndexOf(";",t-1)+1;continue}let c=tI(e,i,t),l=tH(e,t,c),u=e.slice(c,l);if(void 0===r[u]){let n=tI(e,t+1,s),i=tH(e,s,n),o=a(e.slice(n,i));r[u]=o}i=s+1}while(i<n)return r}function tI(e,t,r){do{let r=e.charCodeAt(t);if(32!==r&&9!==r)return t}while(++t<r)return r}function tH(e,t,r){for(;t>r;){let r=e.charCodeAt(--t);if(32!==r&&9!==r)return t+1}return r}function tD(e,t,r){let n=r?.encode||encodeURIComponent;if(!tT.test(e))throw TypeError(`argument name is invalid: ${e}`);let a=n(t);if(!tP.test(a))throw TypeError(`argument val is invalid: ${t}`);let i=e+"="+a;if(!r)return i;if(void 0!==r.maxAge){if(!Number.isInteger(r.maxAge))throw TypeError(`option maxAge is invalid: ${r.maxAge}`);i+="; Max-Age="+r.maxAge}if(r.domain){if(!tC.test(r.domain))throw TypeError(`option domain is invalid: ${r.domain}`);i+="; Domain="+r.domain}if(r.path){if(!tO.test(r.path))throw TypeError(`option path is invalid: ${r.path}`);i+="; Path="+r.path}if(r.expires){var o;if(o=r.expires,"[object Date]"!==tU.call(o)||!Number.isFinite(r.expires.valueOf()))throw TypeError(`option expires is invalid: ${r.expires}`);i+="; Expires="+r.expires.toUTCString()}if(r.httpOnly&&(i+="; HttpOnly"),r.secure&&(i+="; Secure"),r.partitioned&&(i+="; Partitioned"),r.priority)switch("string"==typeof r.priority?r.priority.toLowerCase():void 0){case"low":i+="; Priority=Low";break;case"medium":i+="; Priority=Medium";break;case"high":i+="; Priority=High";break;default:throw TypeError(`option priority is invalid: ${r.priority}`)}if(r.sameSite)switch("string"==typeof r.sameSite?r.sameSite.toLowerCase():r.sameSite){case!0:case"strict":i+="; SameSite=Strict";break;case"lax":i+="; SameSite=Lax";break;case"none":i+="; SameSite=None";break;default:throw TypeError(`option sameSite is invalid: ${r.sameSite}`)}return i}function tW(e){if(-1===e.indexOf("%"))return e;try{return decodeURIComponent(e)}catch(t){return e}}e.s(["parse",()=>t$,"serialize",()=>tD],42832);var tK=e.i(42832);let{parse:tM}=tK,tL="A256CBC-HS512";async function tN(e){let{token:t={},secret:r,maxAge:n=2592e3,salt:a}=e,i=Array.isArray(r)?r:[r],o=await tB(tL,i[0],a),s=await tv({kty:"oct",k:tb.encode(o)},`sha${o.byteLength<<3}`);return await new tw(t).setProtectedHeader({alg:"dir",enc:tL,kid:s}).setIssuedAt().setExpirationTime((Date.now()/1e3|0)+n).setJti(crypto.randomUUID()).encrypt(o)}async function tJ(e){let{token:t,secret:r,salt:n}=e,a=Array.isArray(r)?r:[r];if(!t)return null;let{payload:i}=await tx(t,async({kid:e,enc:t})=>{for(let r of a){let a=await tB(t,r,n);if(void 0===e||e===await tv({kty:"oct",k:tb.encode(a)},`sha${a.byteLength<<3}`))return a}throw Error("no matching decryption secret")},{clockTolerance:15,keyManagementAlgorithms:["dir"],contentEncryptionAlgorithms:[tL,"A256GCM"]});return i}async function tB(e,t,r){let n;switch(e){case"A256CBC-HS512":n=64;break;case"A256GCM":n=32;break;default:throw Error("Unsupported JWT Content Encryption Algorithm")}return await et("sha256",t,r,`Auth.js Generated Encryption Key (${r})`,n)}async function tz({options:e,paramValue:t,cookieValue:r}){let{url:n,callbacks:a}=e,i=n.origin;return t?i=await a.redirect({url:t,baseUrl:n.origin}):r&&(i=await a.redirect({url:r,baseUrl:n.origin})),{callbackUrl:i,callbackUrlCookie:i!==r?i:void 0}}let tF="\x1b[31m",tq="\x1b[0m",tV={error(e){let t=e instanceof d?e.type:e.name;if(console.error(`${tF}[auth][error]${tq} ${t}: ${e.message}`),e.cause&&"object"==typeof e.cause&&"err"in e.cause&&e.cause.err instanceof Error){let{err:t,...r}=e.cause;console.error(`${tF}[auth][cause]${tq}:`,t.stack),r&&console.error(`${tF}[auth][details]${tq}:`,JSON.stringify(r,null,2))}else e.stack&&console.error(e.stack.replace(/.*/,"").substring(1))},warn(e){console.warn(`\x1b[33m[auth][warn][${e}]${tq}`,"Read more: https://warnings.authjs.dev")},debug(e,t){console.log(`\x1b[90m[auth][debug]:${tq} ${e}`,JSON.stringify(t,null,2))}};function tG(e){let t={...tV};return e.debug||(t.debug=()=>{}),e.logger?.error&&(t.error=e.logger.error),e.logger?.warn&&(t.warn=e.logger.warn),e.logger?.debug&&(t.debug=e.logger.debug),e.logger??(e.logger=t),t}let tX=["providers","session","csrf","signin","signout","callback","verify-request","error","webauthn-options"],{parse:tZ,serialize:tY}=tK;async function tQ(e){if(!("body"in e)||!e.body||"POST"!==e.method)return;let t=e.headers.get("content-type");return t?.includes("application/json")?await e.json():t?.includes("application/x-www-form-urlencoded")?Object.fromEntries(new URLSearchParams(await e.text())):void 0}async function t0(e,t){try{if("GET"!==e.method&&"POST"!==e.method)throw new U("Only GET and POST requests are supported");t.basePath??(t.basePath="/auth");let r=new URL(e.url),{action:n,providerId:a}=function(e,t){let r=e.match(RegExp(`^${t}(.+)`));if(null===r)throw new U(`Cannot parse action at ${e}`);let n=r.at(-1).replace(/^\//,"").split("/").filter(Boolean);if(1!==n.length&&2!==n.length)throw new U(`Cannot parse action at ${e}`);let[a,i]=n;if(!tX.includes(a)||i&&!["signin","callback","webauthn-options"].includes(a))throw new U(`Cannot parse action at ${e}`);return{action:a,providerId:"undefined"==i?void 0:i}}(r.pathname,t.basePath);return{url:r,action:n,providerId:a,method:e.method,headers:Object.fromEntries(e.headers),body:e.body?await tQ(e):void 0,cookies:tZ(e.headers.get("cookie")??"")??{},error:r.searchParams.get("error")??void 0,query:Object.fromEntries(r.searchParams)}}catch(n){let r=tG(t);r.error(n),r.debug("request",e)}}function t1(e){let t=new Headers(e.headers);e.cookies?.forEach(e=>{let{name:r,value:n,options:a}=e,i=tY(r,n,a);t.has("Set-Cookie")?t.append("Set-Cookie",i):t.set("Set-Cookie",i)});let r=e.body;"application/json"===t.get("content-type")?r=JSON.stringify(e.body):"application/x-www-form-urlencoded"===t.get("content-type")&&(r=new URLSearchParams(e.body).toString());let n=new Response(r,{headers:t,status:e.redirect?302:e.status??200});return e.redirect&&n.headers.set("Location",e.redirect),n}async function t2(e){let t=new TextEncoder().encode(e);return Array.from(new Uint8Array(await crypto.subtle.digest("SHA-256",t))).map(e=>e.toString(16).padStart(2,"0")).join("").toString()}function t5(e){return Array.from(crypto.getRandomValues(new Uint8Array(e))).reduce((e,t)=>e+("0"+t.toString(16)).slice(-2),"")}async function t8({options:e,cookieValue:t,isPost:r,bodyValue:n}){if(t){let[a,i]=t.split("|");if(i===await t2(`${a}${e.secret}`))return{csrfTokenVerified:r&&a===n,csrfToken:a}}let a=t5(32),i=await t2(`${a}${e.secret}`);return{cookie:`${a}|${i}`,csrfToken:a}}function t6(e,t){if(!t)throw new D(`CSRF token was missing during an action ${e}`)}function t4(e){return null!==e&&"object"==typeof e}function t3(e,...t){if(!t.length)return e;let r=t.shift();if(t4(e)&&t4(r))for(let t in r)t4(r[t])?(t4(e[t])||(e[t]=Array.isArray(r[t])?[]:{}),t3(e[t],r[t])):void 0!==r[t]&&(e[t]=r[t]);return t3(e,...t)}let t9=Symbol("skip-csrf-check"),t7=Symbol("return-type-raw"),re=Symbol("custom-fetch"),rt=Symbol("conform-internal"),rr=e=>ra({id:e.sub??e.id??crypto.randomUUID(),name:e.name??e.nickname??e.preferred_username,email:e.email,image:e.picture}),rn=e=>ra({access_token:e.access_token,id_token:e.id_token,refresh_token:e.refresh_token,expires_at:e.expires_at,scope:e.scope,token_type:e.token_type,session_state:e.session_state});function ra(e){let t={};for(let[r,n]of Object.entries(e))void 0!==n&&(t[r]=n);return t}function ri(e,t){if(!e&&t)return;if("string"==typeof e)return{url:new URL(e)};let r=new URL(e?.url??"https://authjs.dev");if(e?.params!=null)for(let[t,n]of Object.entries(e.params))"claims"===t&&(n=JSON.stringify(n)),r.searchParams.set(t,String(n));return{url:r,request:e?.request,conform:e?.conform,...e?.clientPrivateKey?{clientPrivateKey:e?.clientPrivateKey}:null}}let ro={signIn:()=>!0,redirect:({url:e,baseUrl:t})=>e.startsWith("/")?`${t}${e}`:new URL(e).origin===t?e:t,session:({session:e})=>({user:{name:e.user?.name,email:e.user?.email,image:e.user?.image},expires:e.expires?.toISOString?.()??e.expires}),jwt:({token:e})=>e};async function rs({authOptions:e,providerId:t,action:r,url:n,cookies:a,callbackUrl:i,csrfToken:o,csrfDisabled:s,isPost:c}){var u,d;let p=tG(e),{providers:f,provider:y}=function(e){let{providerId:t,config:r}=e,n=new URL(r.basePath??"/auth",e.url.origin),a=r.providers.map(e=>{let t="function"==typeof e?e():e,{options:a,...i}=t,o=a?.id??i.id,s=t3(i,a,{signinUrl:`${n}/signin/${o}`,callbackUrl:`${n}/callback/${o}`});if("oauth"===t.type||"oidc"===t.type){var c;let e,t,n,i;s.redirectProxyUrl??(s.redirectProxyUrl=a?.redirectProxyUrl??r.redirectProxyUrl);let o=((c=s).issuer&&(c.wellKnown??(c.wellKnown=`${c.issuer}/.well-known/openid-configuration`)),(e=ri(c.authorization,c.issuer))&&!e.url?.searchParams.has("scope")&&e.url.searchParams.set("scope","openid profile email"),t=ri(c.token,c.issuer),n=ri(c.userinfo,c.issuer),i=c.checks??["pkce"],c.redirectProxyUrl&&(i.includes("state")||i.push("state"),c.redirectProxyUrl=`${c.redirectProxyUrl}/callback/${c.id}`),{...c,authorization:e,token:t,checks:i,userinfo:n,profile:c.profile??rr,account:c.account??rn});return o.authorization?.url.searchParams.get("response_mode")==="form_post"&&delete o.redirectProxyUrl,o[re]??(o[re]=a?.[re]),o}return s}),i=a.find(({id:e})=>e===t);if(t&&!i){let e=a.map(e=>e.id).join(", ");throw Error(`Provider with id "${t}" not found. Available providers: [${e}].`)}return{providers:a,provider:i}}({url:n,providerId:t,config:e}),m=!1;if((y?.type==="oauth"||y?.type==="oidc")&&y.redirectProxyUrl)try{m=new URL(y.redirectProxyUrl).origin===n.origin}catch{throw TypeError(`redirectProxyUrl must be a valid URL. Received: ${y.redirectProxyUrl}`)}let w={debug:!1,pages:{},theme:{colorScheme:"auto",logo:"",brandColor:"",buttonText:""},...e,url:n,action:r,provider:y,cookies:t3(l(e.useSecureCookies??"https:"===n.protocol),e.cookies),providers:f,session:{strategy:e.adapter?"database":"jwt",maxAge:2592e3,updateAge:86400,generateSessionToken:()=>crypto.randomUUID(),...e.session},jwt:{secret:e.secret,maxAge:e.session?.maxAge??2592e3,encode:tN,decode:tJ,...e.jwt},events:(u=e.events??{},d=p,Object.keys(u).reduce((e,t)=>(e[t]=async(...e)=>{try{let r=u[t];return await r(...e)}catch(e){d.error(new g(e))}},e),{})),adapter:function(e,t){if(e)return Object.keys(e).reduce((r,n)=>(r[n]=async(...r)=>{try{t.debug(`adapter_${n}`,{args:r});let a=e[n];return await a(...r)}catch(r){let e=new h(r);throw t.error(e),e}},r),{})}(e.adapter,p),callbacks:{...ro,...e.callbacks},logger:p,callbackUrl:n.origin,isOnRedirectProxy:m,experimental:{...e.experimental}},b=[];if(s)w.csrfTokenVerified=!0;else{let{csrfToken:e,cookie:t,csrfTokenVerified:r}=await t8({options:w,cookieValue:a?.[w.cookies.csrfToken.name],isPost:c,bodyValue:o});w.csrfToken=e,w.csrfTokenVerified=r,t&&b.push({name:w.cookies.csrfToken.name,value:t,options:w.cookies.csrfToken.options})}let{callbackUrl:_,callbackUrlCookie:v}=await tz({options:w,cookieValue:a?.[w.cookies.callbackUrl.name],paramValue:i});return w.callbackUrl=_,v&&b.push({name:w.cookies.callbackUrl.name,value:v,options:w.cookies.callbackUrl.options}),{options:w,cookies:b}}var rc,rl,ru,rd,rp,rh,rf,ry,rm,rg,rw,rb,r_,rv,rk,rE,rA={},rS=[],rR=/acit|ex(?:s|g|n|p|$)|rph|grid|ows|mnc|ntw|ine[ch]|zoo|^ord|itera/i,rx=Array.isArray;function rT(e,t){for(var r in t)e[r]=t[r];return e}function rP(e){e&&e.parentNode&&e.parentNode.removeChild(e)}function rC(e,t,r,n,a){var i={type:e,props:t,key:r,ref:n,__k:null,__:null,__b:0,__e:null,__d:void 0,__c:null,constructor:void 0,__v:null==a?++rm:a,__i:-1,__u:0};return null==a&&null!=ry.vnode&&ry.vnode(i),i}function rO(e){return e.children}function rU(e,t){this.props=e,this.context=t}function rj(e,t){if(null==t)return e.__?rj(e.__,e.__i+1):null;for(var r;t<e.__k.length;t++)if(null!=(r=e.__k[t])&&null!=r.__e)return r.__e;return"function"==typeof e.type?rj(e):null}function r$(e){(!e.__d&&(e.__d=!0)&&rg.push(e)&&!rI.__r++||rw!==ry.debounceRendering)&&((rw=ry.debounceRendering)||rb)(rI)}function rI(){var e,t,r,n,a,i,o,s;for(rg.sort(r_);e=rg.shift();)e.__d&&(t=rg.length,n=void 0,i=(a=(r=e).__v).__e,o=[],s=[],r.__P&&((n=rT({},a)).__v=a.__v+1,ry.vnode&&ry.vnode(n),rM(r.__P,n,a,r.__n,r.__P.namespaceURI,32&a.__u?[i]:null,o,null==i?rj(a):i,!!(32&a.__u),s),n.__v=a.__v,n.__.__k[n.__i]=n,function(e,t,r){t.__d=void 0;for(var n=0;n<r.length;n++)rL(r[n],r[++n],r[++n]);ry.__c&&ry.__c(t,e),e.some(function(t){try{e=t.__h,t.__h=[],e.some(function(e){e.call(t)})}catch(e){ry.__e(e,t.__v)}})}(o,n,s),n.__e!=i&&function e(t){var r,n;if(null!=(t=t.__)&&null!=t.__c){for(t.__e=t.__c.base=null,r=0;r<t.__k.length;r++)if(null!=(n=t.__k[r])&&null!=n.__e){t.__e=t.__c.base=n.__e;break}return e(t)}}(n)),rg.length>t&&rg.sort(r_));rI.__r=0}function rH(e,t,r,n,a,i,o,s,c,l,u){var d,p,h,f,y,m=n&&n.__k||rS,g=t.length;for(r.__d=c,function(e,t,r){var n,a,i,o,s,c=t.length,l=r.length,u=l,d=0;for(e.__k=[],n=0;n<c;n++)null!=(a=t[n])&&"boolean"!=typeof a&&"function"!=typeof a?(o=n+d,(a=e.__k[n]="string"==typeof a||"number"==typeof a||"bigint"==typeof a||a.constructor==String?rC(null,a,null,null,null):rx(a)?rC(rO,{children:a},null,null,null):void 0===a.constructor&&a.__b>0?rC(a.type,a.props,a.key,a.ref?a.ref:null,a.__v):a).__=e,a.__b=e.__b+1,i=null,-1!==(s=a.__i=function(e,t,r,n){var a=e.key,i=e.type,o=r-1,s=r+1,c=t[r];if(null===c||c&&a==c.key&&i===c.type&&0==(131072&c.__u))return r;if(n>+(null!=c&&0==(131072&c.__u)))for(;o>=0||s<t.length;){if(o>=0){if((c=t[o])&&0==(131072&c.__u)&&a==c.key&&i===c.type)return o;o--}if(s<t.length){if((c=t[s])&&0==(131072&c.__u)&&a==c.key&&i===c.type)return s;s++}}return -1}(a,r,o,u))&&(u--,(i=r[s])&&(i.__u|=131072)),null==i||null===i.__v?(-1==s&&d--,"function"!=typeof a.type&&(a.__u|=65536)):s!==o&&(s==o-1?d--:s==o+1?d++:(s>o?d--:d++,a.__u|=65536))):a=e.__k[n]=null;if(u)for(n=0;n<l;n++)null!=(i=r[n])&&0==(131072&i.__u)&&(i.__e==e.__d&&(e.__d=rj(i)),function e(t,r,n){var a,i;if(ry.unmount&&ry.unmount(t),(a=t.ref)&&(a.current&&a.current!==t.__e||rL(a,null,r)),null!=(a=t.__c)){if(a.componentWillUnmount)try{a.componentWillUnmount()}catch(e){ry.__e(e,r)}a.base=a.__P=null}if(a=t.__k)for(i=0;i<a.length;i++)a[i]&&e(a[i],r,n||"function"!=typeof t.type);n||rP(t.__e),t.__c=t.__=t.__e=t.__d=void 0}(i,i))}(r,t,m),c=r.__d,d=0;d<g;d++)null!=(h=r.__k[d])&&(p=-1===h.__i?rA:m[h.__i]||rA,h.__i=d,rM(e,h,p,a,i,o,s,c,l,u),f=h.__e,h.ref&&p.ref!=h.ref&&(p.ref&&rL(p.ref,null,h),u.push(h.ref,h.__c||f,h)),null==y&&null!=f&&(y=f),65536&h.__u||p.__k===h.__k?c=function e(t,r,n){var a,i;if("function"==typeof t.type){for(a=t.__k,i=0;a&&i<a.length;i++)a[i]&&(a[i].__=t,r=e(a[i],r,n));return r}t.__e!=r&&(r&&t.type&&!n.contains(r)&&(r=rj(t)),n.insertBefore(t.__e,r||null),r=t.__e);do r=r&&r.nextSibling;while(null!=r&&8===r.nodeType)return r}(h,c,e):"function"==typeof h.type&&void 0!==h.__d?c=h.__d:f&&(c=f.nextSibling),h.__d=void 0,h.__u&=-196609);r.__d=c,r.__e=y}function rD(e,t,r){"-"===t[0]?e.setProperty(t,null==r?"":r):e[t]=null==r?"":"number"!=typeof r||rR.test(t)?r:r+"px"}function rW(e,t,r,n,a){var i;e:if("style"===t)if("string"==typeof r)e.style.cssText=r;else{if("string"==typeof n&&(e.style.cssText=n=""),n)for(t in n)r&&t in r||rD(e.style,t,"");if(r)for(t in r)n&&r[t]===n[t]||rD(e.style,t,r[t])}else if("o"===t[0]&&"n"===t[1])i=t!==(t=t.replace(/(PointerCapture)$|Capture$/i,"$1")),t=t.toLowerCase()in e||"onFocusOut"===t||"onFocusIn"===t?t.toLowerCase().slice(2):t.slice(2),e.l||(e.l={}),e.l[t+i]=r,r?n?r.u=n.u:(r.u=rv,e.addEventListener(t,i?rE:rk,i)):e.removeEventListener(t,i?rE:rk,i);else{if("http://www.w3.org/2000/svg"==a)t=t.replace(/xlink(H|:h)/,"h").replace(/sName$/,"s");else if("width"!=t&&"height"!=t&&"href"!=t&&"list"!=t&&"form"!=t&&"tabIndex"!=t&&"download"!=t&&"rowSpan"!=t&&"colSpan"!=t&&"role"!=t&&"popover"!=t&&t in e)try{e[t]=null==r?"":r;break e}catch(e){}"function"==typeof r||(null==r||!1===r&&"-"!==t[4]?e.removeAttribute(t):e.setAttribute(t,"popover"==t&&1==r?"":r))}}function rK(e){return function(t){if(this.l){var r=this.l[t.type+e];if(null==t.t)t.t=rv++;else if(t.t<r.u)return;return r(ry.event?ry.event(t):t)}}}function rM(e,t,r,n,a,i,o,s,c,l){var u,d,p,h,f,y,m,g,w,b,_,v,k,E,A,S,R=t.type;if(void 0!==t.constructor)return null;128&r.__u&&(c=!!(32&r.__u),i=[s=t.__e=r.__e]),(u=ry.__b)&&u(t);e:if("function"==typeof R)try{if(g=t.props,w="prototype"in R&&R.prototype.render,b=(u=R.contextType)&&n[u.__c],_=u?b?b.props.value:u.__:n,r.__c?m=(d=t.__c=r.__c).__=d.__E:(w?t.__c=d=new R(g,_):(t.__c=d=new rU(g,_),d.constructor=R,d.render=rN),b&&b.sub(d),d.props=g,d.state||(d.state={}),d.context=_,d.__n=n,p=d.__d=!0,d.__h=[],d._sb=[]),w&&null==d.__s&&(d.__s=d.state),w&&null!=R.getDerivedStateFromProps&&(d.__s==d.state&&(d.__s=rT({},d.__s)),rT(d.__s,R.getDerivedStateFromProps(g,d.__s))),h=d.props,f=d.state,d.__v=t,p)w&&null==R.getDerivedStateFromProps&&null!=d.componentWillMount&&d.componentWillMount(),w&&null!=d.componentDidMount&&d.__h.push(d.componentDidMount);else{if(w&&null==R.getDerivedStateFromProps&&g!==h&&null!=d.componentWillReceiveProps&&d.componentWillReceiveProps(g,_),!d.__e&&(null!=d.shouldComponentUpdate&&!1===d.shouldComponentUpdate(g,d.__s,_)||t.__v===r.__v)){for(t.__v!==r.__v&&(d.props=g,d.state=d.__s,d.__d=!1),t.__e=r.__e,t.__k=r.__k,t.__k.some(function(e){e&&(e.__=t)}),v=0;v<d._sb.length;v++)d.__h.push(d._sb[v]);d._sb=[],d.__h.length&&o.push(d);break e}null!=d.componentWillUpdate&&d.componentWillUpdate(g,d.__s,_),w&&null!=d.componentDidUpdate&&d.__h.push(function(){d.componentDidUpdate(h,f,y)})}if(d.context=_,d.props=g,d.__P=e,d.__e=!1,k=ry.__r,E=0,w){for(d.state=d.__s,d.__d=!1,k&&k(t),u=d.render(d.props,d.state,d.context),A=0;A<d._sb.length;A++)d.__h.push(d._sb[A]);d._sb=[]}else do d.__d=!1,k&&k(t),u=d.render(d.props,d.state,d.context),d.state=d.__s;while(d.__d&&++E<25)d.state=d.__s,null!=d.getChildContext&&(n=rT(rT({},n),d.getChildContext())),w&&!p&&null!=d.getSnapshotBeforeUpdate&&(y=d.getSnapshotBeforeUpdate(h,f)),rH(e,rx(S=null!=u&&u.type===rO&&null==u.key?u.props.children:u)?S:[S],t,r,n,a,i,o,s,c,l),d.base=t.__e,t.__u&=-161,d.__h.length&&o.push(d),m&&(d.__E=d.__=null)}catch(e){if(t.__v=null,c||null!=i){for(t.__u|=c?160:128;s&&8===s.nodeType&&s.nextSibling;)s=s.nextSibling;i[i.indexOf(s)]=null,t.__e=s}else t.__e=r.__e,t.__k=r.__k;ry.__e(e,t,r)}else null==i&&t.__v===r.__v?(t.__k=r.__k,t.__e=r.__e):t.__e=function(e,t,r,n,a,i,o,s,c){var l,u,d,p,h,f,y,m=r.props,g=t.props,w=t.type;if("svg"===w?a="http://www.w3.org/2000/svg":"math"===w?a="http://www.w3.org/1998/Math/MathML":a||(a="http://www.w3.org/1999/xhtml"),null!=i){for(l=0;l<i.length;l++)if((h=i[l])&&"setAttribute"in h==!!w&&(w?h.localName===w:3===h.nodeType)){e=h,i[l]=null;break}}if(null==e){if(null===w)return document.createTextNode(g);e=document.createElementNS(a,w,g.is&&g),s&&(ry.__m&&ry.__m(t,i),s=!1),i=null}if(null===w)m===g||s&&e.data===g||(e.data=g);else{if(i=i&&rf.call(e.childNodes),m=r.props||rA,!s&&null!=i)for(m={},l=0;l<e.attributes.length;l++)m[(h=e.attributes[l]).name]=h.value;for(l in m)if(h=m[l],"children"==l);else if("dangerouslySetInnerHTML"==l)d=h;else if(!(l in g)){if("value"==l&&"defaultValue"in g||"checked"==l&&"defaultChecked"in g)continue;rW(e,l,null,h,a)}for(l in g)h=g[l],"children"==l?p=h:"dangerouslySetInnerHTML"==l?u=h:"value"==l?f=h:"checked"==l?y=h:s&&"function"!=typeof h||m[l]===h||rW(e,l,h,m[l],a);if(u)s||d&&(u.__html===d.__html||u.__html===e.innerHTML)||(e.innerHTML=u.__html),t.__k=[];else if(d&&(e.innerHTML=""),rH(e,rx(p)?p:[p],t,r,n,"foreignObject"===w?"http://www.w3.org/1999/xhtml":a,i,o,i?i[0]:r.__k&&rj(r,0),s,c),null!=i)for(l=i.length;l--;)rP(i[l]);s||(l="value","progress"===w&&null==f?e.removeAttribute("value"):void 0===f||f===e[l]&&("progress"!==w||f)&&("option"!==w||f===m[l])||rW(e,l,f,m[l],a),l="checked",void 0!==y&&y!==e[l]&&rW(e,l,y,m[l],a))}return e}(r.__e,t,r,n,a,i,o,c,l);(u=ry.diffed)&&u(t)}function rL(e,t,r){try{if("function"==typeof e){var n="function"==typeof e.__u;n&&e.__u(),n&&null==t||(e.__u=e(t))}else e.current=t}catch(e){ry.__e(e,r)}}function rN(e,t,r){return this.constructor(e,r)}rf=rS.slice,ry={__e:function(e,t,r,n){for(var a,i,o;t=t.__;)if((a=t.__c)&&!a.__)try{if((i=a.constructor)&&null!=i.getDerivedStateFromError&&(a.setState(i.getDerivedStateFromError(e)),o=a.__d),null!=a.componentDidCatch&&(a.componentDidCatch(e,n||{}),o=a.__d),o)return a.__E=a}catch(t){e=t}throw e}},rm=0,rU.prototype.setState=function(e,t){var r;r=null!=this.__s&&this.__s!==this.state?this.__s:this.__s=rT({},this.state),"function"==typeof e&&(e=e(rT({},r),this.props)),e&&rT(r,e),null!=e&&this.__v&&(t&&this._sb.push(t),r$(this))},rU.prototype.forceUpdate=function(e){this.__v&&(this.__e=!0,e&&this.__h.push(e),r$(this))},rU.prototype.render=rO,rg=[],rb="function"==typeof Promise?Promise.prototype.then.bind(Promise.resolve()):setTimeout,r_=function(e,t){return e.__v.__b-t.__v.__b},rI.__r=0,rv=0,rk=rK(!1),rE=rK(!0);var rJ=/[\s\n\\/='"\0<>]/,rB=/^(xlink|xmlns|xml)([A-Z])/,rz=/^accessK|^auto[A-Z]|^cell|^ch|^col|cont|cross|dateT|encT|form[A-Z]|frame|hrefL|inputM|maxL|minL|noV|playsI|popoverT|readO|rowS|src[A-Z]|tabI|useM|item[A-Z]/,rF=/^ac|^ali|arabic|basel|cap|clipPath$|clipRule$|color|dominant|enable|fill|flood|font|glyph[^R]|horiz|image|letter|lighting|marker[^WUH]|overline|panose|pointe|paint|rendering|shape|stop|strikethrough|stroke|text[^L]|transform|underline|unicode|units|^v[^i]|^w|^xH/,rq=new Set(["draggable","spellcheck"]),rV=/["&<]/;function rG(e){if(0===e.length||!1===rV.test(e))return e;for(var t=0,r=0,n="",a="";r<e.length;r++){switch(e.charCodeAt(r)){case 34:a="&quot;";break;case 38:a="&amp;";break;case 60:a="&lt;";break;default:continue}r!==t&&(n+=e.slice(t,r)),n+=a,t=r+1}return r!==t&&(n+=e.slice(t,r)),n}var rX={},rZ=new Set(["animation-iteration-count","border-image-outset","border-image-slice","border-image-width","box-flex","box-flex-group","box-ordinal-group","column-count","fill-opacity","flex","flex-grow","flex-negative","flex-order","flex-positive","flex-shrink","flood-opacity","font-weight","grid-column","grid-row","line-clamp","line-height","opacity","order","orphans","stop-opacity","stroke-dasharray","stroke-dashoffset","stroke-miterlimit","stroke-opacity","stroke-width","tab-size","widows","z-index","zoom"]),rY=/[A-Z]/g;function rQ(){this.__d=!0}function r0(e,t,r){if(!e.s){if(r instanceof r6){if(!r.s)return void(r.o=r0.bind(null,e,t));1&t&&(t=r.s),r=r.v}if(r&&r.then)return void r.then(r0.bind(null,e,t),r0.bind(null,e,2));e.s=t,e.v=r;let n=e.o;n&&n(e)}}var r1,r2,r5,r8,r6=function(){function e(){}return e.prototype.then=function(t,r){var n=new e,a=this.s;if(a){var i=1&a?t:r;if(i){try{r0(n,1,i(this.v))}catch(e){r0(n,2,e)}return n}return this}return this.o=function(e){try{var a=e.v;1&e.s?r0(n,1,t?t(a):a):r?r0(n,1,r(a)):r0(n,2,a)}catch(e){r0(n,2,e)}},n},e}(),r4={},r3=[],r9=Array.isArray,r7=Object.assign;function ne(e,t){var r,n=e.type,a=!0;return e.__c?(a=!1,(r=e.__c).state=r.__s):r=new n(e.props,t),e.__c=r,r.__v=e,r.props=e.props,r.context=t,r.__d=!0,null==r.state&&(r.state=r4),null==r.__s&&(r.__s=r.state),n.getDerivedStateFromProps?r.state=r7({},r.state,n.getDerivedStateFromProps(r.props,r.state)):a&&r.componentWillMount?(r.componentWillMount(),r.state=r.__s!==r.state?r.__s:r.state):!a&&r.componentWillUpdate&&r.componentWillUpdate(),r5&&r5(e),r.render(r.props,r.state,t)}var nt=new Set(["area","base","br","col","command","embed","hr","img","input","keygen","link","meta","param","source","track","wbr"]),nr=0;function nn(e,t,r,n,a,i){t||(t={});var o,s,c=t;"ref"in t&&(o=t.ref,delete t.ref);var l={type:e,props:c,key:r,ref:o,__k:null,__:null,__b:0,__e:null,__d:void 0,__c:null,constructor:void 0,__v:--nr,__i:-1,__u:0,__source:a,__self:i};if("function"==typeof e&&(o=e.defaultProps))for(s in o)void 0===c[s]&&(c[s]=o[s]);return ry.vnode&&ry.vnode(l),l}async function na(e,t){let r=window.SimpleWebAuthnBrowser;async function n(r){let n=new URL(`${e}/webauthn-options/${t}`);r&&n.searchParams.append("action",r),i().forEach(e=>{n.searchParams.append(e.name,e.value)});let a=await fetch(n);return a.ok?a.json():void console.error("Failed to fetch options",a)}function a(){let e=`#${t}-form`,r=document.querySelector(e);if(!r)throw Error(`Form '${e}' not found`);return r}function i(){return Array.from(a().querySelectorAll("input[data-form-field]"))}async function o(e,t){let r=a();if(e){let t=document.createElement("input");t.type="hidden",t.name="action",t.value=e,r.appendChild(t)}if(t){let e=document.createElement("input");e.type="hidden",e.name="data",e.value=JSON.stringify(t),r.appendChild(e)}return r.submit()}async function s(e,t){let n=await r.startAuthentication(e,t);return await o("authenticate",n)}async function c(e){i().forEach(e=>{if(e.required&&!e.value)throw Error(`Missing required field: ${e.name}`)});let t=await r.startRegistration(e);return await o("register",t)}async function l(){if(!r.browserSupportsWebAuthnAutofill())return;let e=await n("authenticate");if(!e)return void console.error("Failed to fetch option for autofill authentication");try{await s(e.options,!0)}catch(e){console.error(e)}}(async function(){let e=a();if(!r.browserSupportsWebAuthn()){e.style.display="none";return}e&&e.addEventListener("submit",async e=>{e.preventDefault();let t=await n(void 0);if(!t)return void console.error("Failed to fetch options for form submission");if("authenticate"===t.action)try{await s(t.options,!1)}catch(e){console.error(e)}else if("register"===t.action)try{await c(t.options)}catch(e){console.error(e)}})})(),l()}let ni={default:"Unable to sign in.",Signin:"Try signing in with a different account.",OAuthSignin:"Try signing in with a different account.",OAuthCallbackError:"Try signing in with a different account.",OAuthCreateAccount:"Try signing in with a different account.",EmailCreateAccount:"Try signing in with a different account.",Callback:"Try signing in with a different account.",OAuthAccountNotLinked:"To confirm your identity, sign in with the same account you used originally.",EmailSignin:"The e-mail could not be sent.",CredentialsSignin:"Sign in failed. Check the details you provided are correct.",SessionRequired:"Please sign in to access this page."},no=`:root {
  --border-width: 1px;
  --border-radius: 0.5rem;
  --color-error: #c94b4b;
  --color-info: #157efb;
  --color-info-hover: #0f6ddb;
  --color-info-text: #fff;
}

.__next-auth-theme-auto,
.__next-auth-theme-light {
  --color-background: #ececec;
  --color-background-hover: rgba(236, 236, 236, 0.8);
  --color-background-card: #fff;
  --color-text: #000;
  --color-primary: #444;
  --color-control-border: #bbb;
  --color-button-active-background: #f9f9f9;
  --color-button-active-border: #aaa;
  --color-separator: #ccc;
  --provider-bg: #fff;
  --provider-bg-hover: color-mix(
    in srgb,
    var(--provider-brand-color) 30%,
    #fff
  );
}

.__next-auth-theme-dark {
  --color-background: #161b22;
  --color-background-hover: rgba(22, 27, 34, 0.8);
  --color-background-card: #0d1117;
  --color-text: #fff;
  --color-primary: #ccc;
  --color-control-border: #555;
  --color-button-active-background: #060606;
  --color-button-active-border: #666;
  --color-separator: #444;
  --provider-bg: #161b22;
  --provider-bg-hover: color-mix(
    in srgb,
    var(--provider-brand-color) 30%,
    #000
  );
}

.__next-auth-theme-dark img[src$="42-school.svg"],
  .__next-auth-theme-dark img[src$="apple.svg"],
  .__next-auth-theme-dark img[src$="boxyhq-saml.svg"],
  .__next-auth-theme-dark img[src$="eveonline.svg"],
  .__next-auth-theme-dark img[src$="github.svg"],
  .__next-auth-theme-dark img[src$="mailchimp.svg"],
  .__next-auth-theme-dark img[src$="medium.svg"],
  .__next-auth-theme-dark img[src$="okta.svg"],
  .__next-auth-theme-dark img[src$="patreon.svg"],
  .__next-auth-theme-dark img[src$="ping-id.svg"],
  .__next-auth-theme-dark img[src$="roblox.svg"],
  .__next-auth-theme-dark img[src$="threads.svg"],
  .__next-auth-theme-dark img[src$="wikimedia.svg"] {
    filter: invert(1);
  }

.__next-auth-theme-dark #submitButton {
    background-color: var(--provider-bg, var(--color-info));
  }

@media (prefers-color-scheme: dark) {
  .__next-auth-theme-auto {
    --color-background: #161b22;
    --color-background-hover: rgba(22, 27, 34, 0.8);
    --color-background-card: #0d1117;
    --color-text: #fff;
    --color-primary: #ccc;
    --color-control-border: #555;
    --color-button-active-background: #060606;
    --color-button-active-border: #666;
    --color-separator: #444;
    --provider-bg: #161b22;
    --provider-bg-hover: color-mix(
      in srgb,
      var(--provider-brand-color) 30%,
      #000
    );
  }
    .__next-auth-theme-auto img[src$="42-school.svg"],
    .__next-auth-theme-auto img[src$="apple.svg"],
    .__next-auth-theme-auto img[src$="boxyhq-saml.svg"],
    .__next-auth-theme-auto img[src$="eveonline.svg"],
    .__next-auth-theme-auto img[src$="github.svg"],
    .__next-auth-theme-auto img[src$="mailchimp.svg"],
    .__next-auth-theme-auto img[src$="medium.svg"],
    .__next-auth-theme-auto img[src$="okta.svg"],
    .__next-auth-theme-auto img[src$="patreon.svg"],
    .__next-auth-theme-auto img[src$="ping-id.svg"],
    .__next-auth-theme-auto img[src$="roblox.svg"],
    .__next-auth-theme-auto img[src$="threads.svg"],
    .__next-auth-theme-auto img[src$="wikimedia.svg"] {
      filter: invert(1);
    }
    .__next-auth-theme-auto #submitButton {
      background-color: var(--provider-bg, var(--color-info));
    }
}

html {
  box-sizing: border-box;
}

*,
*:before,
*:after {
  box-sizing: inherit;
  margin: 0;
  padding: 0;
}

body {
  background-color: var(--color-background);
  margin: 0;
  padding: 0;
  font-family:
    ui-sans-serif,
    system-ui,
    -apple-system,
    BlinkMacSystemFont,
    "Segoe UI",
    Roboto,
    "Helvetica Neue",
    Arial,
    "Noto Sans",
    sans-serif,
    "Apple Color Emoji",
    "Segoe UI Emoji",
    "Segoe UI Symbol",
    "Noto Color Emoji";
}

h1 {
  margin-bottom: 1.5rem;
  padding: 0 1rem;
  font-weight: 400;
  color: var(--color-text);
}

p {
  margin-bottom: 1.5rem;
  padding: 0 1rem;
  color: var(--color-text);
}

form {
  margin: 0;
  padding: 0;
}

label {
  font-weight: 500;
  text-align: left;
  margin-bottom: 0.25rem;
  display: block;
  color: var(--color-text);
}

input[type] {
  box-sizing: border-box;
  display: block;
  width: 100%;
  padding: 0.5rem 1rem;
  border: var(--border-width) solid var(--color-control-border);
  background: var(--color-background-card);
  font-size: 1rem;
  border-radius: var(--border-radius);
  color: var(--color-text);
}

p {
  font-size: 1.1rem;
  line-height: 2rem;
}

a.button {
  text-decoration: none;
  line-height: 1rem;
}

a.button:link,
  a.button:visited {
    background-color: var(--color-background);
    color: var(--color-primary);
  }

button,
a.button {
  padding: 0.75rem 1rem;
  color: var(--provider-color, var(--color-primary));
  background-color: var(--provider-bg, var(--color-background));
  border: 1px solid #00000031;
  font-size: 0.9rem;
  height: 50px;
  border-radius: var(--border-radius);
  transition: background-color 250ms ease-in-out;
  font-weight: 300;
  position: relative;
  display: flex;
  align-items: center;
  justify-content: space-between;
}

:is(button,a.button):hover {
    background-color: var(--provider-bg-hover, var(--color-background-hover));
    cursor: pointer;
  }

:is(button,a.button):active {
    cursor: pointer;
  }

:is(button,a.button) span {
    color: var(--provider-bg);
  }

#submitButton {
  color: var(--button-text-color, var(--color-info-text));
  background-color: var(--brand-color, var(--color-info));
  width: 100%;
}

#submitButton:hover {
    background-color: var(
      --button-hover-bg,
      var(--color-info-hover)
    ) !important;
  }

a.site {
  color: var(--color-primary);
  text-decoration: none;
  font-size: 1rem;
  line-height: 2rem;
}

a.site:hover {
    text-decoration: underline;
  }

.page {
  position: absolute;
  width: 100%;
  height: 100%;
  display: grid;
  place-items: center;
  margin: 0;
  padding: 0;
  box-sizing: border-box;
}

.page > div {
    text-align: center;
  }

.error a.button {
    padding-left: 2rem;
    padding-right: 2rem;
    margin-top: 0.5rem;
  }

.error .message {
    margin-bottom: 1.5rem;
  }

.signin input[type="text"] {
    margin-left: auto;
    margin-right: auto;
    display: block;
  }

.signin hr {
    display: block;
    border: 0;
    border-top: 1px solid var(--color-separator);
    margin: 2rem auto 1rem auto;
    overflow: visible;
  }

.signin hr::before {
      content: "or";
      background: var(--color-background-card);
      color: #888;
      padding: 0 0.4rem;
      position: relative;
      top: -0.7rem;
    }

.signin .error {
    background: #f5f5f5;
    font-weight: 500;
    border-radius: 0.3rem;
    background: var(--color-error);
  }

.signin .error p {
      text-align: left;
      padding: 0.5rem 1rem;
      font-size: 0.9rem;
      line-height: 1.2rem;
      color: var(--color-info-text);
    }

.signin > div,
  .signin form {
    display: block;
  }

.signin > div input[type], .signin form input[type] {
      margin-bottom: 0.5rem;
    }

.signin > div button, .signin form button {
      width: 100%;
    }

.signin .provider + .provider {
    margin-top: 1rem;
  }

.logo {
  display: inline-block;
  max-width: 150px;
  margin: 1.25rem 0;
  max-height: 70px;
}

.card {
  background-color: var(--color-background-card);
  border-radius: 1rem;
  padding: 1.25rem 2rem;
}

.card .header {
    color: var(--color-primary);
  }

.card input[type]::-moz-placeholder {
    color: color-mix(
      in srgb,
      var(--color-text) 20%,
      var(--color-button-active-background)
    );
  }

.card input[type]::placeholder {
    color: color-mix(
      in srgb,
      var(--color-text) 20%,
      var(--color-button-active-background)
    );
  }

.card input[type] {
    background: color-mix(in srgb, var(--color-background-card) 95%, black);
  }

.section-header {
  color: var(--color-text);
}

@media screen and (min-width: 450px) {
  .card {
    margin: 2rem 0;
    width: 368px;
  }
}

@media screen and (max-width: 450px) {
  .card {
    margin: 1rem 0;
    width: 343px;
  }
}
`;function ns({html:e,title:t,status:r,cookies:n,theme:a,headTags:i}){return{cookies:n,status:r,headers:{"Content-Type":"text/html"},body:`<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>${no}</style><title>${t}</title>${i??""}</head><body class="__next-auth-theme-${a?.colorScheme??"auto"}"><div class="page">${function(e,t,r){var n=ry.__s;ry.__s=!0,r1=ry.__b,r2=ry.diffed,r5=ry.__r,r8=ry.unmount;var a=function(e,t,r){var n,a,i,o={};for(i in t)"key"==i?n=t[i]:"ref"==i?a=t[i]:o[i]=t[i];if(arguments.length>2&&(o.children=arguments.length>3?rf.call(arguments,2):r),"function"==typeof e&&null!=e.defaultProps)for(i in e.defaultProps)void 0===o[i]&&(o[i]=e.defaultProps[i]);return rC(e,o,n,a,null)}(rO,null);a.__k=[e];try{var i=function e(t,r,n,a,i,o,s){if(null==t||!0===t||!1===t||""===t)return"";var c=typeof t;if("object"!=c)return"function"==c?"":"string"==c?rG(t):t+"";if(r9(t)){var l,u="";i.__k=t;for(var d=0;d<t.length;d++){var p=t[d];if(null!=p&&"boolean"!=typeof p){var h,f=e(p,r,n,a,i,o,s);"string"==typeof f?u+=f:(l||(l=[]),u&&l.push(u),u="",r9(f)?(h=l).push.apply(h,f):l.push(f))}}return l?(u&&l.push(u),l):u}if(void 0!==t.constructor)return"";t.__=i,r1&&r1(t);var y=t.type,m=t.props;if("function"==typeof y){var g,w,b,_=r;if(y===rO){if("tpl"in m){for(var v="",k=0;k<m.tpl.length;k++)if(v+=m.tpl[k],m.exprs&&k<m.exprs.length){var E=m.exprs[k];if(null==E)continue;"object"==typeof E&&(void 0===E.constructor||r9(E))?v+=e(E,r,n,a,t,o,s):v+=E}return v}if("UNSTABLE_comment"in m)return"<!--"+rG(m.UNSTABLE_comment)+"-->";w=m.children}else{if(null!=(g=y.contextType)){var A=r[g.__c];_=A?A.props.value:g.__}var S=y.prototype&&"function"==typeof y.prototype.render;if(S)w=ne(t,_),b=t.__c;else{t.__c=b={__v:t,context:_,props:t.props,setState:rQ,forceUpdate:rQ,__d:!0,__h:[]};for(var R=0;b.__d&&R++<25;)b.__d=!1,r5&&r5(t),w=y.call(b,m,_);b.__d=!0}if(null!=b.getChildContext&&(r=r7({},r,b.getChildContext())),S&&ry.errorBoundaries&&(y.getDerivedStateFromError||b.componentDidCatch)){w=null!=w&&w.type===rO&&null==w.key&&null==w.props.tpl?w.props.children:w;try{return e(w,r,n,a,t,o,s)}catch(i){return y.getDerivedStateFromError&&(b.__s=y.getDerivedStateFromError(i)),b.componentDidCatch&&b.componentDidCatch(i,r4),b.__d?(w=ne(t,r),null!=(b=t.__c).getChildContext&&(r=r7({},r,b.getChildContext())),e(w=null!=w&&w.type===rO&&null==w.key&&null==w.props.tpl?w.props.children:w,r,n,a,t,o,s)):""}finally{r2&&r2(t),t.__=null,r8&&r8(t)}}}w=null!=w&&w.type===rO&&null==w.key&&null==w.props.tpl?w.props.children:w;try{var x=e(w,r,n,a,t,o,s);return r2&&r2(t),t.__=null,ry.unmount&&ry.unmount(t),x}catch(i){if(!o&&s&&s.onError){var T=s.onError(i,t,function(i){return e(i,r,n,a,t,o,s)});if(void 0!==T)return T;var P=ry.__e;return P&&P(i,t),""}if(!o||!i||"function"!=typeof i.then)throw i;return i.then(function i(){try{return e(w,r,n,a,t,o,s)}catch(c){if(!c||"function"!=typeof c.then)throw c;return c.then(function(){return e(w,r,n,a,t,o,s)},i)}})}}var C,O="<"+y,U="";for(var j in m){var $=m[j];if("function"!=typeof $||"class"===j||"className"===j){switch(j){case"children":C=$;continue;case"key":case"ref":case"__self":case"__source":continue;case"htmlFor":if("for"in m)continue;j="for";break;case"className":if("class"in m)continue;j="class";break;case"defaultChecked":j="checked";break;case"defaultSelected":j="selected";break;case"defaultValue":case"value":switch(j="value",y){case"textarea":C=$;continue;case"select":a=$;continue;case"option":a!=$||"selected"in m||(O+=" selected")}break;case"dangerouslySetInnerHTML":U=$&&$.__html;continue;case"style":"object"==typeof $&&($=function(e){var t="";for(var r in e){var n=e[r];if(null!=n&&""!==n){var a="-"==r[0]?r:rX[r]||(rX[r]=r.replace(rY,"-$&").toLowerCase()),i=";";"number"!=typeof n||a.startsWith("--")||rZ.has(a)||(i="px;"),t=t+a+":"+n+i}}return t||void 0}($));break;case"acceptCharset":j="accept-charset";break;case"httpEquiv":j="http-equiv";break;default:if(rB.test(j))j=j.replace(rB,"$1:$2").toLowerCase();else{if(rJ.test(j))continue;("-"===j[4]||rq.has(j))&&null!=$?$+="":n?rF.test(j)&&(j="panose1"===j?"panose-1":j.replace(/([A-Z])/g,"-$1").toLowerCase()):rz.test(j)&&(j=j.toLowerCase())}}null!=$&&!1!==$&&(O=!0===$||""===$?O+" "+j:O+" "+j+'="'+("string"==typeof $?rG($):$+"")+'"')}}if(rJ.test(y))throw Error(y+" is not a valid HTML tag name in "+O+">");if(U||("string"==typeof C?U=rG(C):null!=C&&!1!==C&&!0!==C&&(U=e(C,r,"svg"===y||"foreignObject"!==y&&n,a,t,o,s))),r2&&r2(t),t.__=null,r8&&r8(t),!U&&nt.has(y))return O+"/>";var I="</"+y+">",H=O+">";return r9(U)?[H].concat(U,[I]):"string"!=typeof U?[H,U,I]:H+U+I}(e,r4,!1,void 0,a,!1,void 0);return r9(i)?i.join(""):i}catch(e){if(e.then)throw Error('Use "renderToStringAsync" for suspenseful rendering.');throw e}finally{ry.__c&&ry.__c(e,r3),ry.__s=n,r3.length=0}}(e)}</div></body></html>`}}function nc(e){let{url:t,theme:r,query:n,cookies:a,pages:i,providers:o}=e;return{csrf:(e,t,r)=>e?(t.logger.warn("csrf-disabled"),r.push({name:t.cookies.csrfToken.name,value:"",options:{...t.cookies.csrfToken.options,maxAge:0}}),{status:404,cookies:r}):{headers:{"Content-Type":"application/json","Cache-Control":"private, no-cache, no-store",Expires:"0",Pragma:"no-cache"},body:{csrfToken:t.csrfToken},cookies:r},providers:e=>({headers:{"Content-Type":"application/json"},body:e.reduce((e,{id:t,name:r,type:n,signinUrl:a,callbackUrl:i})=>(e[t]={id:t,name:r,type:n,signinUrl:a,callbackUrl:i},e),{})}),signin(t,s){if(t)throw new U("Unsupported action");if(i?.signIn){let t=`${i.signIn}${i.signIn.includes("?")?"&":"?"}${new URLSearchParams({callbackUrl:e.callbackUrl??"/"})}`;return s&&(t=`${t}&${new URLSearchParams({error:s})}`),{redirect:t,cookies:a}}let c=o?.find(e=>"webauthn"===e.type&&e.enableConditionalUI&&!!e.simpleWebAuthnBrowserVersion),l="";if(c){let{simpleWebAuthnBrowserVersion:e}=c;l=`<script src="https://unpkg.com/@simplewebauthn/browser@${e}/dist/bundle/index.umd.min.js" crossorigin="anonymous"></script>`}return ns({cookies:a,theme:r,html:function(e){let{csrfToken:t,providers:r=[],callbackUrl:n,theme:a,email:i,error:o}=e;"u">typeof document&&a?.brandColor&&document.documentElement.style.setProperty("--brand-color",a.brandColor),"u">typeof document&&a?.buttonText&&document.documentElement.style.setProperty("--button-text-color",a.buttonText);let s=o&&(ni[o]??ni.default),c=r.find(e=>"webauthn"===e.type&&e.enableConditionalUI)?.id;return nn("div",{className:"signin",children:[a?.brandColor&&nn("style",{dangerouslySetInnerHTML:{__html:`:root {--brand-color: ${a.brandColor}}`}}),a?.buttonText&&nn("style",{dangerouslySetInnerHTML:{__html:`
        :root {
          --button-text-color: ${a.buttonText}
        }
      `}}),nn("div",{className:"card",children:[s&&nn("div",{className:"error",children:nn("p",{children:s})}),a?.logo&&nn("img",{src:a.logo,alt:"Logo",className:"logo"}),r.map((e,a)=>{let o,s,c;("oauth"===e.type||"oidc"===e.type)&&({bg:o="#fff",brandColor:s,logo:c=`https://authjs.dev/img/providers/${e.id}.svg`}=e.style??{});let l=s??o??"#fff";return nn("div",{className:"provider",children:["oauth"===e.type||"oidc"===e.type?nn("form",{action:e.signinUrl,method:"POST",children:[nn("input",{type:"hidden",name:"csrfToken",value:t}),n&&nn("input",{type:"hidden",name:"callbackUrl",value:n}),nn("button",{type:"submit",className:"button",style:{"--provider-brand-color":l},tabIndex:0,children:[nn("span",{style:{filter:"invert(1) grayscale(1) brightness(1.3) contrast(9000)","mix-blend-mode":"luminosity",opacity:.95},children:["Sign in with ",e.name]}),c&&nn("img",{loading:"lazy",height:24,src:c})]})]}):null,("email"===e.type||"credentials"===e.type||"webauthn"===e.type)&&a>0&&"email"!==r[a-1].type&&"credentials"!==r[a-1].type&&"webauthn"!==r[a-1].type&&nn("hr",{}),"email"===e.type&&nn("form",{action:e.signinUrl,method:"POST",children:[nn("input",{type:"hidden",name:"csrfToken",value:t}),nn("label",{className:"section-header",htmlFor:`input-email-for-${e.id}-provider`,children:"Email"}),nn("input",{id:`input-email-for-${e.id}-provider`,autoFocus:!0,type:"email",name:"email",value:i,placeholder:"email@example.com",required:!0}),nn("button",{id:"submitButton",type:"submit",tabIndex:0,children:["Sign in with ",e.name]})]}),"credentials"===e.type&&nn("form",{action:e.callbackUrl,method:"POST",children:[nn("input",{type:"hidden",name:"csrfToken",value:t}),Object.keys(e.credentials).map(t=>nn("div",{children:[nn("label",{className:"section-header",htmlFor:`input-${t}-for-${e.id}-provider`,children:e.credentials[t].label??t}),nn("input",{name:t,id:`input-${t}-for-${e.id}-provider`,type:e.credentials[t].type??"text",placeholder:e.credentials[t].placeholder??"",...e.credentials[t]})]},`input-group-${e.id}`)),nn("button",{id:"submitButton",type:"submit",tabIndex:0,children:["Sign in with ",e.name]})]}),"webauthn"===e.type&&nn("form",{action:e.callbackUrl,method:"POST",id:`${e.id}-form`,children:[nn("input",{type:"hidden",name:"csrfToken",value:t}),Object.keys(e.formFields).map(t=>nn("div",{children:[nn("label",{className:"section-header",htmlFor:`input-${t}-for-${e.id}-provider`,children:e.formFields[t].label??t}),nn("input",{name:t,"data-form-field":!0,id:`input-${t}-for-${e.id}-provider`,type:e.formFields[t].type??"text",placeholder:e.formFields[t].placeholder??"",...e.formFields[t]})]},`input-group-${e.id}`)),nn("button",{id:`submitButton-${e.id}`,type:"submit",tabIndex:0,children:["Sign in with ",e.name]})]}),("email"===e.type||"credentials"===e.type||"webauthn"===e.type)&&a+1<r.length&&nn("hr",{})]},e.id)})]}),c&&nn(rO,{children:nn("script",{dangerouslySetInnerHTML:{__html:`
const currentURL = window.location.href;
const authURL = currentURL.substring(0, currentURL.lastIndexOf('/'));
(${na})(authURL, "${c}");
`}})})]})}({csrfToken:e.csrfToken,providers:e.providers?.filter(e=>["email","oauth","oidc"].includes(e.type)||"credentials"===e.type&&e.credentials||"webauthn"===e.type&&e.formFields||!1),callbackUrl:e.callbackUrl,theme:e.theme,error:s,...n}),title:"Sign In",headTags:l})},signout:()=>i?.signOut?{redirect:i.signOut,cookies:a}:ns({cookies:a,theme:r,html:function(e){let{url:t,csrfToken:r,theme:n}=e;return nn("div",{className:"signout",children:[n?.brandColor&&nn("style",{dangerouslySetInnerHTML:{__html:`
        :root {
          --brand-color: ${n.brandColor}
        }
      `}}),n?.buttonText&&nn("style",{dangerouslySetInnerHTML:{__html:`
        :root {
          --button-text-color: ${n.buttonText}
        }
      `}}),nn("div",{className:"card",children:[n?.logo&&nn("img",{src:n.logo,alt:"Logo",className:"logo"}),nn("h1",{children:"Signout"}),nn("p",{children:"Are you sure you want to sign out?"}),nn("form",{action:t?.toString(),method:"POST",children:[nn("input",{type:"hidden",name:"csrfToken",value:r}),nn("button",{id:"submitButton",type:"submit",children:"Sign out"})]})]})]})}({csrfToken:e.csrfToken,url:t,theme:r}),title:"Sign Out"}),verifyRequest:e=>i?.verifyRequest?{redirect:`${i.verifyRequest}${t?.search??""}`,cookies:a}:ns({cookies:a,theme:r,html:function(e){let{url:t,theme:r}=e;return nn("div",{className:"verify-request",children:[r.brandColor&&nn("style",{dangerouslySetInnerHTML:{__html:`
        :root {
          --brand-color: ${r.brandColor}
        }
      `}}),nn("div",{className:"card",children:[r.logo&&nn("img",{src:r.logo,alt:"Logo",className:"logo"}),nn("h1",{children:"Check your email"}),nn("p",{children:"A sign in link has been sent to your email address."}),nn("p",{children:nn("a",{className:"site",href:t.origin,children:t.host})})]})]})}({url:t,theme:r,...e}),title:"Verify Request"}),error:e=>i?.error?{redirect:`${i.error}${i.error.includes("?")?"&":"?"}error=${e}`,cookies:a}:ns({cookies:a,theme:r,...function(e){let{url:t,error:r="default",theme:n}=e,a=`${t}/signin`,i={default:{status:200,heading:"Error",message:nn("p",{children:nn("a",{className:"site",href:t?.origin,children:t?.host})})},Configuration:{status:500,heading:"Server error",message:nn("div",{children:[nn("p",{children:"There is a problem with the server configuration."}),nn("p",{children:"Check the server logs for more information."})]})},AccessDenied:{status:403,heading:"Access Denied",message:nn("div",{children:[nn("p",{children:"You do not have permission to sign in."}),nn("p",{children:nn("a",{className:"button",href:a,children:"Sign in"})})]})},Verification:{status:403,heading:"Unable to sign in",message:nn("div",{children:[nn("p",{children:"The sign in link is no longer valid."}),nn("p",{children:"It may have been used already or it may have expired."})]}),signin:nn("a",{className:"button",href:a,children:"Sign in"})}},{status:o,heading:s,message:c,signin:l}=i[r]??i.default;return{status:o,html:nn("div",{className:"error",children:[n?.brandColor&&nn("style",{dangerouslySetInnerHTML:{__html:`
        :root {
          --brand-color: ${n?.brandColor}
        }
      `}}),nn("div",{className:"card",children:[n?.logo&&nn("img",{src:n?.logo,alt:"Logo",className:"logo"}),nn("h1",{children:s}),nn("div",{className:"message",children:c}),l]})]})}}({url:t,theme:r,error:e}),title:"Error"})}}function nl(e,t=Date.now()){return new Date(t+1e3*e)}async function nu(e,t,r,n){if(!r?.providerAccountId||!r.type)throw Error("Missing or invalid provider account");if(!["email","oauth","oidc","webauthn"].includes(r.type))throw Error("Provider not supported");let{adapter:a,jwt:i,events:o,session:{strategy:s,generateSessionToken:c}}=n;if(!a)return{user:t,account:r};let l=r,{createUser:u,updateUser:d,getUser:p,getUserByAccount:h,getUserByEmail:f,linkAccount:y,createSession:m,getSessionAndUser:g,deleteSession:w}=a,b=null,_=null,v=!1,k="jwt"===s;if(e)if(k)try{let t=n.cookies.sessionToken.name;(b=await i.decode({...i,token:e,salt:t}))&&"sub"in b&&b.sub&&(_=await p(b.sub))}catch{}else{let t=await g(e);t&&(b=t.session,_=t.user)}if("email"===l.type){let r=await f(t.email);return r?(_?.id!==r.id&&!k&&e&&await w(e),_=await d({id:r.id,emailVerified:new Date}),await o.updateUser?.({user:_})):(_=await u({...t,emailVerified:new Date}),await o.createUser?.({user:_}),v=!0),{session:b=k?{}:await m({sessionToken:c(),userId:_.id,expires:nl(n.session.maxAge)}),user:_,isNewUser:v}}if("webauthn"===l.type){let e=await h({providerAccountId:l.providerAccountId,provider:l.provider});if(e){if(_){if(e.id===_.id){let e={...l,userId:_.id};return{session:b,user:_,isNewUser:v,account:e}}throw new N("The account is already associated with another user",{provider:l.provider})}b=k?{}:await m({sessionToken:c(),userId:e.id,expires:nl(n.session.maxAge)});let t={...l,userId:e.id};return{session:b,user:e,isNewUser:v,account:t}}{if(_){await y({...l,userId:_.id}),await o.linkAccount?.({user:_,account:l,profile:t});let e={...l,userId:_.id};return{session:b,user:_,isNewUser:v,account:e}}if(t.email?await f(t.email):null)throw new N("Another account already exists with the same e-mail address",{provider:l.provider});_=await u({...t}),await o.createUser?.({user:_}),await y({...l,userId:_.id}),await o.linkAccount?.({user:_,account:l,profile:t}),b=k?{}:await m({sessionToken:c(),userId:_.id,expires:nl(n.session.maxAge)});let e={...l,userId:_.id};return{session:b,user:_,isNewUser:!0,account:e}}}let E=await h({providerAccountId:l.providerAccountId,provider:l.provider});if(E){if(_){if(E.id===_.id)return{session:b,user:_,isNewUser:v};throw new x("The account is already associated with another user",{provider:l.provider})}return{session:b=k?{}:await m({sessionToken:c(),userId:E.id,expires:nl(n.session.maxAge)}),user:E,isNewUser:v}}{let{provider:e}=n,{type:r,provider:a,providerAccountId:i,userId:s,...d}=l;if(l=Object.assign(e.account(d)??{},{providerAccountId:i,provider:a,type:r,userId:s}),_)return await y({...l,userId:_.id}),await o.linkAccount?.({user:_,account:l,profile:t}),{session:b,user:_,isNewUser:v};let p=t.email?await f(t.email):null;if(p){let e=n.provider;if(e?.allowDangerousEmailAccountLinking)_=p,v=!1;else throw new x("Another account already exists with the same e-mail address",{provider:l.provider})}else _=await u({...t,emailVerified:null}),v=!0;return await o.createUser?.({user:_}),await y({...l,userId:_.id}),await o.linkAccount?.({user:_,account:l,profile:t}),{session:b=k?{}:await m({sessionToken:c(),userId:_.id,expires:nl(n.session.maxAge)}),user:_,isNewUser:v}}}function nd(e,t){if(null==e)return!1;try{return e instanceof t||Object.getPrototypeOf(e)[Symbol.toStringTag]===t.prototype[Symbol.toStringTag]}catch{return!1}}("u"<typeof navigator||!navigator.userAgent?.startsWith?.("Mozilla/5.0 "))&&(n="oauth4webapi/v3.8.5");let np="ERR_INVALID_ARG_VALUE",nh="ERR_INVALID_ARG_TYPE";function nf(e,t,r){let n=TypeError(e,{cause:r});return Object.assign(n,{code:t}),n}let ny=Symbol(),nm=Symbol(),ng=Symbol(),nw=Symbol(),nb=Symbol(),n_=Symbol();Symbol();let nv=new TextEncoder,nk=new TextDecoder;function nE(e){return"string"==typeof e?nv.encode(e):nk.decode(e)}function nA(e){return"string"==typeof e?i(e):a(e)}a=Uint8Array.prototype.toBase64?e=>(e instanceof ArrayBuffer&&(e=new Uint8Array(e)),e.toBase64({alphabet:"base64url",omitPadding:!0})):e=>{e instanceof ArrayBuffer&&(e=new Uint8Array(e));let t=[];for(let r=0;r<e.byteLength;r+=32768)t.push(String.fromCharCode.apply(null,e.subarray(r,r+32768)));return btoa(t.join("")).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")},i=Uint8Array.fromBase64?e=>{try{return Uint8Array.fromBase64(e,{alphabet:"base64url"})}catch(e){throw nf("The input to be decoded is not correctly encoded.",np,e)}}:e=>{try{let t=atob(e.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"")),r=new Uint8Array(t.length);for(let e=0;e<t.length;e++)r[e]=t.charCodeAt(e);return r}catch(e){throw nf("The input to be decoded is not correctly encoded.",np,e)}};class nS extends Error{code;constructor(e,t){super(e,t),this.name=this.constructor.name,this.code=aR,Error.captureStackTrace?.(this,this.constructor)}}class nR extends Error{code;constructor(e,t){super(e,t),this.name=this.constructor.name,t?.code&&(this.code=t?.code),Error.captureStackTrace?.(this,this.constructor)}}function nx(e,t,r){return new nR(e,{code:t,cause:r})}function nT(e){return!(null===e||"object"!=typeof e||Array.isArray(e))}function nP(e){nd(e,Headers)&&(e=Object.fromEntries(e.entries()));let t=new Headers(e??{});if(n&&!t.has("user-agent")&&t.set("user-agent",n),t.has("authorization"))throw nf('"options.headers" must not include the "authorization" header name',np);return t}function nC(e,t){if(void 0!==t){if("function"==typeof t&&(t=t(e.href)),!(t instanceof AbortSignal))throw nf('"options.signal" must return or be an instance of AbortSignal',nh);return t}}function nO(e){return e.includes("//")?e.replace("//","/"):e}async function nU(e,t,r,n){if(!(e instanceof URL))throw nf(`"${t}" must be an instance of URL`,nh);nV(e,n?.[ny]!==!0);let a=r(new URL(e.href)),i=nP(n?.headers);return i.set("accept","application/json"),(n?.[nw]||fetch)(a.href,{body:void 0,headers:Object.fromEntries(i.entries()),method:"GET",redirect:"manual",signal:nC(a,n?.signal)})}async function nj(e,t){return nU(e,"issuerIdentifier",e=>{switch(t?.algorithm){case void 0:case"oidc":e.pathname=nO(`${e.pathname}/.well-known/openid-configuration`);break;case"oauth2":!function(e,t,r=!1){"/"===e.pathname?e.pathname=t:e.pathname=nO(`${t}/${r?e.pathname:e.pathname.replace(/(\/)$/,"")}`)}(e,".well-known/oauth-authorization-server");break;default:throw nf('"options.algorithm" must be "oidc" (default), or "oauth2"',np)}return e},t)}function n$(e,t,r,n,a){try{if("number"!=typeof e||!Number.isFinite(e))throw nf(`${r} must be a number`,nh,a);if(e>0)return;if(t){if(0!==e)throw nf(`${r} must be a non-negative number`,np,a);return}throw nf(`${r} must be a positive number`,np,a)}catch(e){if(n)throw nx(e.message,n,a);throw e}}function nI(e,t,r,n){try{if("string"!=typeof e)throw nf(`${t} must be a string`,nh,n);if(0===e.length)throw nf(`${t} must not be empty`,np,n)}catch(e){if(r)throw nx(e.message,r,n);throw e}}async function nH(e,t){if(!(e instanceof URL)&&e!==aV)throw nf('"expectedIssuerIdentifier" must be an instance of URL',nh);if(!nd(t,Response))throw nf('"response" must be an instance of Response',nh);if(200!==t.status)throw nx('"response" is not a conform Authorization Server Metadata response (unexpected HTTP status code)',aU,t);aM(t);let r=await aq(t);if(nI(r.issuer,'"response" body "issuer" property',aC,{body:r}),e!==aV&&new URL(r.issuer).href!==e.href)throw nx('"response" body "issuer" property does not match the expected value',aD,{expected:e.href,body:r,attribute:"issuer"});return r}function nD(e){var t=e,r="application/json";if(at(t)!==r)throw function(e,...t){let r='"response" content-type must be ';if(t.length>2){let e=t.pop();r+=`${t.join(", ")}, or ${e}`}else 2===t.length?r+=`${t[0]} or ${t[1]}`:r+=t[0];return nx(r,aO,e)}(t,r)}function nW(){return nA(crypto.getRandomValues(new Uint8Array(32)))}async function nK(e){return nI(e,"codeVerifier"),nA(await crypto.subtle.digest("SHA-256",nE(e)))}function nM(e){let t=e?.[nm];return"number"==typeof t&&Number.isFinite(t)?t:0}function nL(e){let t=e?.[ng];return"number"==typeof t&&Number.isFinite(t)&&-1!==Math.sign(t)?t:30}function nN(){return Math.floor(Date.now()/1e3)}function nJ(e){if("object"!=typeof e||null===e)throw nf('"as" must be an object',nh);nI(e.issuer,'"as.issuer"')}function nB(e){if("object"!=typeof e||null===e)throw nf('"client" must be an object',nh);nI(e.client_id,'"client.client_id"')}function nz(e,t){let r=nN()+nM(t);return{jti:nW(),aud:e.issuer,exp:r+60,iat:r,nbf:r,iss:t.client_id,sub:t.client_id}}async function nF(e,t,r){if(!r.usages.includes("sign"))throw nf('CryptoKey instances used for signing assertions must include "sign" in their "usages"',np);let n=`${nA(nE(JSON.stringify(e)))}.${nA(nE(JSON.stringify(t)))}`,a=nA(await crypto.subtle.sign(function(e){switch(e.algorithm.name){case"ECDSA":return{name:e.algorithm.name,hash:function(e){let{algorithm:t}=e;switch(t.namedCurve){case"P-256":return"SHA-256";case"P-384":return"SHA-384";case"P-521":return"SHA-512";default:throw new nS("unsupported ECDSA namedCurve",{cause:e})}}(e)};case"RSA-PSS":switch(aL(e),e.algorithm.hash.name){case"SHA-256":case"SHA-384":case"SHA-512":return{name:e.algorithm.name,saltLength:parseInt(e.algorithm.hash.name.slice(-3),10)>>3};default:throw new nS("unsupported RSA-PSS hash name",{cause:e})}case"RSASSA-PKCS1-v1_5":return aL(e),e.algorithm.name;case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":case"Ed25519":return e.algorithm.name}throw new nS("unsupported CryptoKey algorithm name",{cause:e})}(r),r,nE(n)));return`${n}.${a}`}let nq=URL.parse?(e,t)=>URL.parse(e,t):(e,t)=>{try{return new URL(e,t)}catch{return null}};function nV(e,t){if(t&&"https:"!==e.protocol)throw nx("only requests to HTTPS are allowed",aj,e);if("https:"!==e.protocol&&"http:"!==e.protocol)throw nx("only HTTP and HTTPS requests are allowed",a$,e)}function nG(e,t,r,n){let a;if("string"!=typeof e||!(a=nq(e)))throw nx(`authorization server metadata does not contain a valid ${r?`"as.mtls_endpoint_aliases.${t}"`:`"as.${t}"`}`,void 0===e?aW:aK,{attribute:r?`mtls_endpoint_aliases.${t}`:t});return nV(a,n),a}function nX(e,t,r,n){return r&&e.mtls_endpoint_aliases&&t in e.mtls_endpoint_aliases?nG(e.mtls_endpoint_aliases[t],t,r,n):nG(e[t],t,r,n)}class nZ extends Error{cause;code;error;status;error_description;response;constructor(e,t){super(e,t),this.name=this.constructor.name,this.code=aS,this.cause=t.cause,this.error=t.cause.error,this.status=t.response.status,this.error_description=t.cause.error_description,Object.defineProperty(this,"response",{enumerable:!1,value:t.response}),Error.captureStackTrace?.(this,this.constructor)}}class nY extends Error{cause;code;error;error_description;constructor(e,t){super(e,t),this.name=this.constructor.name,this.code=ax,this.cause=t.cause,this.error=t.cause.get("error"),this.error_description=t.cause.get("error_description")??void 0,Error.captureStackTrace?.(this,this.constructor)}}class nQ extends Error{cause;code;response;status;constructor(e,t){super(e,t),this.name=this.constructor.name,this.code=aA,this.cause=t.cause,this.status=t.response.status,this.response=t.response,Object.defineProperty(this,"response",{enumerable:!1}),Error.captureStackTrace?.(this,this.constructor)}}let n0="[a-zA-Z0-9!#$%&\\'\\*\\+\\-\\.\\^_`\\|~]+",n1=RegExp("^[,\\s]*("+n0+")"),n2=RegExp("^[,\\s]*("+n0+')\\s*=\\s*"((?:[^"\\\\]|\\\\[\\s\\S])*)"[,\\s]*(.*)'),n5=RegExp("^[,\\s]*"+("("+n0+")\\s*=\\s*(")+n0+")[,\\s]*(.*)"),n8=RegExp("^([a-zA-Z0-9\\-\\._\\~\\+\\/]+={0,2})(?:$|[,\\s])(.*)");async function n6(e){if(e.status>399&&e.status<500){aM(e),nD(e);try{let t=await e.clone().json();if(nT(t)&&"string"==typeof t.error&&t.error.length)return t}catch{}}}async function n4(e,t,r){if(e.status!==t){let t;if(al(e),t=await n6(e))throw await e.body?.cancel(),new nZ("server responded with an error in the response body",{cause:t,response:e});throw nx(`"response" is not a conform ${r} response (unexpected HTTP status code)`,aU,e)}}function n3(e){if(!af.has(e))throw nf('"options.DPoP" is not a valid DPoPHandle',np)}async function n9(e,t,r,n,a,i){if(nI(e,'"accessToken"'),!(r instanceof URL))throw nf('"url" must be an instance of URL',nh);nV(r,i?.[ny]!==!0),n=nP(n),i?.DPoP&&(n3(i.DPoP),await i.DPoP.addProof(r,n,t.toUpperCase(),e)),n.set("authorization",`${n.has("dpop")?"DPoP":"Bearer"} ${e}`);let o=await (i?.[nw]||fetch)(r.href,{duplex:nd(a,ReadableStream)?"half":void 0,body:a,headers:Object.fromEntries(n.entries()),method:t,redirect:"manual",signal:nC(r,i?.signal)});return i?.DPoP?.cacheNonce(o,r),o}async function n7(e,t,r,n){nJ(e),nB(t);let a=nX(e,"userinfo_endpoint",t.use_mtls_endpoint_aliases,n?.[ny]!==!0),i=nP(n?.headers);return t.userinfo_signed_response_alg?i.set("accept","application/jwt"):(i.set("accept","application/json"),i.append("accept","application/jwt")),n9(r,"GET",a,i,null,{...n,[nm]:nM(t)})}let ae=Symbol();function at(e){return e.headers.get("content-type")?.split(";")[0]}async function ar(e,t,r,n,a){let i;if(nJ(e),nB(t),!nd(n,Response))throw nf('"response" must be an instance of Response',nh);if(al(n),200!==n.status)throw nx('"response" is not a conform UserInfo Endpoint response (unexpected HTTP status code)',aU,n);if(aM(n),"application/jwt"===at(n)){let{claims:r,jwt:o}=await aN(await n.text(),aJ.bind(void 0,t.userinfo_signed_response_alg,e.userinfo_signing_alg_values_supported,void 0),nM(t),nL(t),a?.[n_]).then(au.bind(void 0,t.client_id)).then(ap.bind(void 0,e));ao.set(n,o),i=r}else{if(t.userinfo_signed_response_alg)throw nx("JWT UserInfo Response expected",aT,n);i=await aq(n)}if(nI(i.sub,'"response" body "sub" property',aC,{body:i}),r===ae);else if(nI(r,'"expectedSubject"'),i.sub!==r)throw nx('unexpected "response" body "sub" property value',aD,{expected:r,body:i,attribute:"sub"});return i}async function an(e,t,r,n,a,i,o){return await r(e,t,a,i),i.set("content-type","application/x-www-form-urlencoded;charset=UTF-8"),(o?.[nw]||fetch)(n.href,{body:a,headers:Object.fromEntries(i.entries()),method:"POST",redirect:"manual",signal:nC(n,o?.signal)})}async function aa(e,t,r,n,a,i){let o=nX(e,"token_endpoint",t.use_mtls_endpoint_aliases,i?.[ny]!==!0);a.set("grant_type",n);let s=nP(i?.headers);s.set("accept","application/json"),i?.DPoP!==void 0&&(n3(i.DPoP),await i.DPoP.addProof(o,s,"POST"));let c=await an(e,t,r,o,a,s,i);return i?.DPoP?.cacheNonce(c,o),c}let ai=new WeakMap,ao=new WeakMap;function as(e){if(!e.id_token)return;let t=ai.get(e);if(!t)throw nf('"ref" was already garbage collected or did not resolve from the proper sources',np);return t}async function ac(e,t,r,n,a,i){if(nJ(e),nB(t),!nd(r,Response))throw nf('"response" must be an instance of Response',nh);await n4(r,200,"Token Endpoint"),aM(r);let o=await aq(r);if(nI(o.access_token,'"response" body "access_token" property',aC,{body:o}),nI(o.token_type,'"response" body "token_type" property',aC,{body:o}),o.token_type=o.token_type.toLowerCase(),void 0!==o.expires_in){let e="number"!=typeof o.expires_in?parseFloat(o.expires_in):o.expires_in;n$(e,!0,'"response" body "expires_in" property',aC,{body:o}),o.expires_in=e}if(void 0!==o.refresh_token&&nI(o.refresh_token,'"response" body "refresh_token" property',aC,{body:o}),void 0!==o.scope&&"string"!=typeof o.scope)throw nx('"response" body "scope" property must be a string',aC,{body:o});if(void 0!==o.id_token){nI(o.id_token,'"response" body "id_token" property',aC,{body:o});let i=["aud","exp","iat","iss","sub"];!0===t.require_auth_time&&i.push("auth_time"),void 0!==t.default_max_age&&(n$(t.default_max_age,!0,'"client.default_max_age"'),i.push("auth_time")),n?.length&&i.push(...n);let{claims:s,jwt:c}=await aN(o.id_token,aJ.bind(void 0,t.id_token_signed_response_alg,e.id_token_signing_alg_values_supported,"RS256"),nM(t),nL(t),a).then(aw.bind(void 0,i)).then(ah.bind(void 0,e)).then(ad.bind(void 0,t.client_id));if(Array.isArray(s.aud)&&1!==s.aud.length){if(void 0===s.azp)throw nx('ID Token "aud" (audience) claim includes additional untrusted audiences',aH,{claims:s,claim:"aud"});if(s.azp!==t.client_id)throw nx('unexpected ID Token "azp" (authorized party) claim value',aH,{expected:t.client_id,claims:s,claim:"azp"})}void 0!==s.auth_time&&n$(s.auth_time,!0,'ID Token "auth_time" (authentication time)',aC,{claims:s}),ao.set(r,c),ai.set(o,s)}if(i?.[o.token_type]!==void 0)i[o.token_type](r,o);else if("dpop"!==o.token_type&&"bearer"!==o.token_type)throw new nS("unsupported `token_type` value",{cause:{body:o}});return o}function al(e){let t;if(t=function(e){if(!nd(e,Response))throw nf('"response" must be an instance of Response',nh);let t=e.headers.get("www-authenticate");if(null===t)return;let r=[],n=t;for(;n;){let e,t=n.match(n1),a=t?.["1"].toLowerCase();if(!a)return;let i=n.substring(t[0].length);if(i&&!i.match(/^[\s,]/))return;let o=i.match(/^\s+(.*)$/),s=!!o;n=o?o[1]:void 0;let c={};if(s)for(;n;){let r,a;if(t=n.match(n2)){if([,r,a,n]=t,a.includes("\\"))try{a=JSON.parse(`"${a}"`)}catch{}c[r.toLowerCase()]=a;continue}if(t=n.match(n5)){[,r,a,n]=t,c[r.toLowerCase()]=a;continue}if(t=n.match(n8)){if(Object.keys(c).length)break;[,e,n]=t;break}return}else n=i||void 0;let l={scheme:a,parameters:c};e&&(l.token68=e),r.push(l)}if(r.length)return r}(e))throw new nQ("server responded with a challenge in the WWW-Authenticate HTTP Header",{cause:t,response:e})}function au(e,t){return void 0!==t.claims.aud?ad(e,t):t}function ad(e,t){if(Array.isArray(t.claims.aud)){if(!t.claims.aud.includes(e))throw nx('unexpected JWT "aud" (audience) claim value',aH,{expected:e,claims:t.claims,claim:"aud"})}else if(t.claims.aud!==e)throw nx('unexpected JWT "aud" (audience) claim value',aH,{expected:e,claims:t.claims,claim:"aud"});return t}function ap(e,t){return void 0!==t.claims.iss?ah(e,t):t}function ah(e,t){let r=e[aG]?.(t)??e.issuer;if(t.claims.iss!==r)throw nx('unexpected JWT "iss" (issuer) claim value',aH,{expected:r,claims:t.claims,claim:"iss"});return t}let af=new WeakSet,ay=Symbol();async function am(e,t,r,n,a,i,o){if(nJ(e),nB(t),!af.has(n))throw nf('"callbackParameters" must be an instance of URLSearchParams obtained from "validateAuthResponse()", or "validateJwtAuthResponse()',np);nI(a,'"redirectUri"');let s=aB(n,"code");if(!s)throw nx('no authorization code in "callbackParameters"',aC);let c=new URLSearchParams(o?.additionalParameters);return c.set("redirect_uri",a),c.set("code",s),i!==ay&&(nI(i,'"codeVerifier"'),c.set("code_verifier",i)),aa(e,t,r,"authorization_code",c,o)}let ag={aud:"audience",c_hash:"code hash",client_id:"client id",exp:"expiration time",iat:"issued at",iss:"issuer",jti:"jwt id",nonce:"nonce",s_hash:"state hash",sub:"subject",ath:"access token hash",htm:"http method",htu:"http uri",cnf:"confirmation",auth_time:"authentication time"};function aw(e,t){for(let r of e)if(void 0===t.claims[r])throw nx(`JWT "${r}" (${ag[r]}) claim missing`,aC,{claims:t.claims});return t}let ab=Symbol(),a_=Symbol();async function av(e,t,r,n){return"string"==typeof n?.expectedNonce||"number"==typeof n?.maxAge||n?.requireIdToken?ak(e,t,r,n.expectedNonce,n.maxAge,n[n_],n.recognizedTokenTypes):aE(e,t,r,n?.[n_],n?.recognizedTokenTypes)}async function ak(e,t,r,n,a,i,o){let s=[];switch(n){case void 0:n=ab;break;case ab:break;default:nI(n,'"expectedNonce" argument'),s.push("nonce")}switch(a??=t.default_max_age){case void 0:a=a_;break;case a_:break;default:n$(a,!0,'"maxAge" argument'),s.push("auth_time")}let c=await ac(e,t,r,s,i,o);nI(c.id_token,'"response" body "id_token" property',aC,{body:c});let l=as(c);if(a!==a_){let e=nN()+nM(t),r=nL(t);if(l.auth_time+a<e-r)throw nx("too much time has elapsed since the last End-User authentication",aI,{claims:l,now:e,tolerance:r,claim:"auth_time"})}if(n===ab){if(void 0!==l.nonce)throw nx('unexpected ID Token "nonce" claim value',aH,{expected:void 0,claims:l,claim:"nonce"})}else if(l.nonce!==n)throw nx('unexpected ID Token "nonce" claim value',aH,{expected:n,claims:l,claim:"nonce"});return c}async function aE(e,t,r,n,a){let i=await ac(e,t,r,void 0,n,a),o=as(i);if(o){if(void 0!==t.default_max_age){n$(t.default_max_age,!0,'"client.default_max_age"');let e=nN()+nM(t),r=nL(t);if(o.auth_time+t.default_max_age<e-r)throw nx("too much time has elapsed since the last End-User authentication",aI,{claims:o,now:e,tolerance:r,claim:"auth_time"})}if(void 0!==o.nonce)throw nx('unexpected ID Token "nonce" claim value',aH,{expected:void 0,claims:o,claim:"nonce"})}return i}let aA="OAUTH_WWW_AUTHENTICATE_CHALLENGE",aS="OAUTH_RESPONSE_BODY_ERROR",aR="OAUTH_UNSUPPORTED_OPERATION",ax="OAUTH_AUTHORIZATION_RESPONSE_ERROR",aT="OAUTH_JWT_USERINFO_EXPECTED",aP="OAUTH_PARSE_ERROR",aC="OAUTH_INVALID_RESPONSE",aO="OAUTH_RESPONSE_IS_NOT_JSON",aU="OAUTH_RESPONSE_IS_NOT_CONFORM",aj="OAUTH_HTTP_REQUEST_FORBIDDEN",a$="OAUTH_REQUEST_PROTOCOL_FORBIDDEN",aI="OAUTH_JWT_TIMESTAMP_CHECK_FAILED",aH="OAUTH_JWT_CLAIM_COMPARISON_FAILED",aD="OAUTH_JSON_ATTRIBUTE_COMPARISON_FAILED",aW="OAUTH_MISSING_SERVER_METADATA",aK="OAUTH_INVALID_SERVER_METADATA";function aM(e){if(e.bodyUsed)throw nf('"response" body has been used already',np)}function aL(e){let{algorithm:t}=e;if("number"!=typeof t.modulusLength||t.modulusLength<2048)throw new nS(`unsupported ${t.name} modulusLength`,{cause:e})}async function aN(e,t,r,n,a){let i,o,{0:s,1:c,length:l}=e.split(".");if(5===l)if(void 0!==a)e=await a(e),{0:s,1:c,length:l}=e.split(".");else throw new nS("JWE decryption is not configured",{cause:e});if(3!==l)throw nx("Invalid JWT",aC,e);try{i=JSON.parse(nE(nA(s)))}catch(e){throw nx("failed to parse JWT Header body as base64url encoded JSON",aP,e)}if(!nT(i))throw nx("JWT Header must be a top level object",aC,e);if(t(i),void 0!==i.crit)throw new nS('no JWT "crit" header parameter extensions are supported',{cause:{header:i}});try{o=JSON.parse(nE(nA(c)))}catch(e){throw nx("failed to parse JWT Payload body as base64url encoded JSON",aP,e)}if(!nT(o))throw nx("JWT Payload must be a top level object",aC,e);let u=nN()+r;if(void 0!==o.exp){if("number"!=typeof o.exp)throw nx('unexpected JWT "exp" (expiration time) claim type',aC,{claims:o});if(o.exp<=u-n)throw nx('unexpected JWT "exp" (expiration time) claim value, expiration is past current timestamp',aI,{claims:o,now:u,tolerance:n,claim:"exp"})}if(void 0!==o.iat&&"number"!=typeof o.iat)throw nx('unexpected JWT "iat" (issued at) claim type',aC,{claims:o});if(void 0!==o.iss&&"string"!=typeof o.iss)throw nx('unexpected JWT "iss" (issuer) claim type',aC,{claims:o});if(void 0!==o.nbf){if("number"!=typeof o.nbf)throw nx('unexpected JWT "nbf" (not before) claim type',aC,{claims:o});if(o.nbf>u+n)throw nx('unexpected JWT "nbf" (not before) claim value',aI,{claims:o,now:u,tolerance:n,claim:"nbf"})}if(void 0!==o.aud&&"string"!=typeof o.aud&&!Array.isArray(o.aud))throw nx('unexpected JWT "aud" (audience) claim type',aC,{claims:o});return{header:i,claims:o,jwt:e}}function aJ(e,t,r,n){if(void 0!==e){if("string"==typeof e?n.alg!==e:!e.includes(n.alg))throw nx('unexpected JWT "alg" header parameter',aC,{header:n,expected:e,reason:"client configuration"});return}if(Array.isArray(t)){if(!t.includes(n.alg))throw nx('unexpected JWT "alg" header parameter',aC,{header:n,expected:t,reason:"authorization server metadata"});return}if(void 0!==r){if("string"==typeof r?n.alg!==r:"function"==typeof r?!r(n.alg):!r.includes(n.alg))throw nx('unexpected JWT "alg" header parameter',aC,{header:n,expected:r,reason:"default value"});return}throw nx('missing client or server configuration to verify used JWT "alg" header parameter',void 0,{client:e,issuer:t,fallback:r})}function aB(e,t){let{0:r,length:n}=e.getAll(t);if(n>1)throw nx(`"${t}" parameter must be provided only once`,aC);return r}let az=Symbol(),aF=Symbol();async function aq(e,t=nD){let r;try{r=await e.json()}catch(r){throw t(e),nx('failed to parse "response" body as JSON',aP,r)}if(!nT(r))throw nx('"response" body must be a top level object',aC,{body:r});return r}let aV=Symbol(),aG=Symbol();async function aX(e,t,r){let{cookies:n,logger:a}=r,i=n[e],o=new Date;o.setTime(o.getTime()+9e5),a.debug(`CREATE_${e.toUpperCase()}`,{name:i.name,payload:t,COOKIE_TTL:900,expires:o});let s=await tN({...r.jwt,maxAge:900,token:{value:t},salt:i.name}),c={...i.options,expires:o};return{name:i.name,value:s,options:c}}async function aZ(e,t,r){try{let{logger:n,cookies:a,jwt:i}=r;if(n.debug(`PARSE_${e.toUpperCase()}`,{cookie:t}),!t)throw new v(`${e} cookie was missing`);let o=await tJ({...i,token:t,salt:a[e].name});if(o?.value)return o.value;throw Error("Invalid cookie")}catch(t){throw new v(`${e} value could not be parsed`,{cause:t})}}function aY(e,t,r){let{logger:n,cookies:a}=t,i=a[e];n.debug(`CLEAR_${e.toUpperCase()}`,{cookie:i}),r.push({name:i.name,value:"",options:{...a[e].options,maxAge:0}})}function aQ(e,t){return async function(r,n,a){let{provider:i,logger:o}=a;if(!i?.checks?.includes(e))return;let s=r?.[a.cookies[t].name];o.debug(`USE_${t.toUpperCase()}`,{value:s});let c=await aZ(t,s,a);return aY(t,a,n),c}}let a0={async create(e){let t=nW(),r=await nK(t);return{cookie:await aX("pkceCodeVerifier",t,e),value:r}},use:aQ("pkce","pkceCodeVerifier")},a1="encodedState",a2={async create(e,t){let{provider:r}=e;if(!r.checks.includes("state")){if(t)throw new v("State data was provided but the provider is not configured to use state");return}let n={origin:t,random:nW()},a=await tN({secret:e.jwt.secret,token:n,salt:a1,maxAge:900});return{cookie:await aX("state",a,e),value:a}},use:aQ("state","state"),async decode(e,t){try{t.logger.debug("DECODE_STATE",{state:e});let r=await tJ({secret:t.jwt.secret,token:e,salt:a1});if(r)return r;throw Error("Invalid state")}catch(e){throw new v("State could not be decoded",{cause:e})}}},a5={async create(e){if(!e.provider.checks.includes("nonce"))return;let t=nW();return{cookie:await aX("nonce",t,e),value:t}},use:aQ("nonce","nonce")},a8="encodedWebauthnChallenge",a6={create:async(e,t,r)=>({cookie:await aX("webauthnChallenge",await tN({secret:e.jwt.secret,token:{challenge:t,registerData:r},salt:a8,maxAge:900}),e)}),async use(e,t,r){let n=t?.[e.cookies.webauthnChallenge.name],a=await aZ("webauthnChallenge",n,e),i=await tJ({secret:e.jwt.secret,token:a,salt:a8});if(aY("webauthnChallenge",e,r),!i)throw new v("WebAuthn challenge was missing");return i}};function a4(e){return encodeURIComponent(e).replace(/%20/g,"+")}async function a3(e,t,r){var n,a;let i,o,s,c,l,{logger:u,provider:d}=r,{token:p,userinfo:h}=d;if(p?.url&&"authjs.dev"!==p.url.host||h?.url&&"authjs.dev"!==h.url.host)i={issuer:d.issuer??"https://authjs.dev",token_endpoint:p?.url.toString(),userinfo_endpoint:h?.url.toString()};else{let e=new URL(d.issuer),t=await nj(e,{[ny]:!0,[nw]:d[re]});if(!(i=await nH(e,t)).token_endpoint)throw TypeError("TODO: Authorization server did not provide a token endpoint.");if(!i.userinfo_endpoint)throw TypeError("TODO: Authorization server did not provide a userinfo endpoint.")}let f={client_id:d.clientId,...d.client};switch(f.token_endpoint_auth_method){case void 0:case"client_secret_basic":o=(e,t,r,n)=>{var a,i;let o,s,c;n.set("authorization",(a=d.clientId,i=d.clientSecret,o=a4(a),s=a4(i),c=btoa(`${o}:${s}`),`Basic ${c}`))};break;case"client_secret_post":nI(n=d.clientSecret,'"clientSecret"'),o=(e,t,r,a)=>{r.set("client_id",t.client_id),r.set("client_secret",n)};break;case"client_secret_jwt":nI(a=d.clientSecret,'"clientSecret"'),l=void 0,o=async(e,t,r,n)=>{c||=await crypto.subtle.importKey("raw",nE(a),{hash:"SHA-256",name:"HMAC"},!1,["sign"]);let i={alg:"HS256"},o=nz(e,t);l?.(i,o);let s=`${nA(nE(JSON.stringify(i)))}.${nA(nE(JSON.stringify(o)))}`,u=await crypto.subtle.sign(c.algorithm,c,nE(s));r.set("client_id",t.client_id),r.set("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),r.set("client_assertion",`${s}.${nA(new Uint8Array(u))}`)};break;case"private_key_jwt":o=function(e,t){let{key:r,kid:n}=e instanceof CryptoKey?{key:e}:e?.key instanceof CryptoKey?(void 0!==e.kid&&nI(e.kid,'"kid"'),{key:e.key,kid:e.kid}):{};var a='"clientPrivateKey.key"';if(!(r instanceof CryptoKey))throw nf(`${a} must be a CryptoKey`,nh);if("private"!==r.type)throw nf(`${a} must be a private CryptoKey`,np);return async(e,a,i,o)=>{let s={alg:function(e){switch(e.algorithm.name){case"RSA-PSS":switch(e.algorithm.hash.name){case"SHA-256":return"PS256";case"SHA-384":return"PS384";case"SHA-512":return"PS512";default:throw new nS("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}case"RSASSA-PKCS1-v1_5":switch(e.algorithm.hash.name){case"SHA-256":return"RS256";case"SHA-384":return"RS384";case"SHA-512":return"RS512";default:throw new nS("unsupported RsaHashedKeyAlgorithm hash name",{cause:e})}case"ECDSA":switch(e.algorithm.namedCurve){case"P-256":return"ES256";case"P-384":return"ES384";case"P-521":return"ES512";default:throw new nS("unsupported EcKeyAlgorithm namedCurve",{cause:e})}case"Ed25519":case"ML-DSA-44":case"ML-DSA-65":case"ML-DSA-87":return e.algorithm.name;case"EdDSA":return"Ed25519";default:throw new nS("unsupported CryptoKey algorithm name",{cause:e})}}(r),kid:n},c=nz(e,a);t?.[nb]?.(s,c),i.set("client_id",a.client_id),i.set("client_assertion_type","urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),i.set("client_assertion",await nF(s,c,r))}}(d.token.clientPrivateKey,{[nb](e,t){t.aud=[i.issuer,i.token_endpoint]}});break;case"none":o=(e,t,r,n)=>{r.set("client_id",t.client_id)};break;default:throw Error("unsupported client authentication method")}let y=[],m=await a2.use(t,y,r);try{s=function(e,t,r,n){var a;if(nJ(e),nB(t),r instanceof URL&&(r=r.searchParams),!(r instanceof URLSearchParams))throw nf('"parameters" must be an instance of URLSearchParams, or URL',nh);if(aB(r,"response"))throw nx('"parameters" contains a JARM response, use validateJwtAuthResponse() instead of validateAuthResponse()',aC,{parameters:r});let i=aB(r,"iss"),o=aB(r,"state");if(!i&&e.authorization_response_iss_parameter_supported)throw nx('response parameter "iss" (issuer) missing',aC,{parameters:r});if(i&&i!==e.issuer)throw nx('unexpected "iss" (issuer) response parameter value',aC,{expected:e.issuer,parameters:r});switch(n){case void 0:case aF:if(void 0!==o)throw nx('unexpected "state" response parameter encountered',aC,{expected:void 0,parameters:r});break;case az:break;default:if(nI(n,'"expectedState" argument'),o!==n)throw nx(void 0===o?'response parameter "state" missing':'unexpected "state" response parameter value',aC,{expected:n,parameters:r})}if(aB(r,"error"))throw new nY("authorization response from the server is an error",{cause:r});let s=aB(r,"id_token"),c=aB(r,"token");if(void 0!==s||void 0!==c)throw new nS("implicit and hybrid flows are not supported");return a=new URLSearchParams(r),af.add(a),a}(i,f,new URLSearchParams(e),d.checks.includes("state")?m:az)}catch(e){if(e instanceof nY){let t={providerId:d.id,...Object.fromEntries(e.cause.entries())};throw u.debug("OAuthCallbackError",t),new T("OAuth Provider returned an error",t)}throw e}let g=await a0.use(t,y,r),w=d.callbackUrl;!r.isOnRedirectProxy&&d.redirectProxyUrl&&(w=d.redirectProxyUrl);let b=await am(i,f,o,s,w,g??"decoy",{[ny]:!0,[nw]:(...e)=>(d.checks.includes("pkce")||e[1].body.delete("code_verifier"),(d[re]??fetch)(...e))});d.token?.conform&&(b=await d.token.conform(b.clone())??b);let _={},v="oidc"===d.type;if(d[rt])switch(d.id){case"microsoft-entra-id":case"azure-ad":{let e=await b.clone().json();if(e.error){let t={providerId:d.id,...e};throw new T(`OAuth Provider returned an error: ${e.error}`,t)}let{tid:t}=function(e){let t,r;if("string"!=typeof e)throw new eb("JWTs must use Compact JWS serialization, JWT must be a string");let{1:n,length:a}=e.split(".");if(5===a)throw new eb("Only JWTs using Compact JWS serialization can be decoded");if(3!==a)throw new eb("Invalid JWT");if(!n)throw new eb("JWTs must contain a payload");try{t=el(n)}catch{throw new eb("Failed to base64url decode the payload")}try{r=JSON.parse(en.decode(t))}catch{throw new eb("Failed to parse the decoded payload as JSON")}if(!eQ(r))throw new eb("Invalid JWT Claims Set");return r}(e.id_token);if("string"==typeof t){let e=i.issuer?.match(/microsoftonline\.com\/(\w+)\/v2\.0/)?.[1]??"common",r=new URL(i.issuer.replace(e,t)),n=await nj(r,{[nw]:d[re]});i=await nH(r,n)}}}let k=await av(i,f,b,{expectedNonce:await a5.use(t,y,r),requireIdToken:v});if(v){let t=as(k);if(_=t,d[rt]&&"apple"===d.id)try{_.user=JSON.parse(e?.user)}catch{}if(!1===d.idToken){let e=await n7(i,f,k.access_token,{[nw]:d[re],[ny]:!0});_=await ar(i,f,t.sub,e)}}else if(h?.request){let e=await h.request({tokens:k,provider:d});e instanceof Object&&(_=e)}else if(h?.url){let e=await n7(i,f,k.access_token,{[nw]:d[re],[ny]:!0});_=await e.json()}else throw TypeError("No userinfo endpoint configured");return k.expires_in&&(k.expires_at=Math.floor(Date.now()/1e3)+Number(k.expires_in)),{...await a9(_,d,k,u),profile:_,cookies:y}}async function a9(e,t,r,n){try{let n=await t.profile(e,r);return{user:{...n,id:crypto.randomUUID(),email:n.email?.toLowerCase()},account:{...r,provider:t.id,type:t.type,providerAccountId:n.id??crypto.randomUUID()}}}catch(r){n.debug("getProfile error details",e),n.error(new P(r,{provider:t.id}))}}async function a7(e,t,r,n){let a=await ii(e,t,r),{cookie:i}=await a6.create(e,a.challenge,r);return{status:200,cookies:[...n??[],i],body:{action:"register",options:a},headers:{"Content-Type":"application/json"}}}async function ie(e,t,r,n){let a=await ia(e,t,r),{cookie:i}=await a6.create(e,a.challenge);return{status:200,cookies:[...n??[],i],body:{action:"authenticate",options:a},headers:{"Content-Type":"application/json"}}}async function it(e,t,r){let n,{adapter:a,provider:i}=e,o=t.body&&"string"==typeof t.body.data?JSON.parse(t.body.data):void 0;if(!o||"object"!=typeof o||!("id"in o)||"string"!=typeof o.id)throw new d("Invalid WebAuthn Authentication response");let s=ic(is(o.id)),c=await a.getAuthenticator(s);if(!c)throw new d(`WebAuthn authenticator not found in database: ${JSON.stringify({credentialID:s})}`);let{challenge:l}=await a6.use(e,t.cookies,r);try{var u;let r=i.getRelayingParty(e,t);n=await i.simpleWebAuthn.verifyAuthenticationResponse({...i.verifyAuthenticationOptions,expectedChallenge:l,response:o,authenticator:{...u=c,credentialDeviceType:u.credentialDeviceType,transports:il(u.transports),credentialID:is(u.credentialID),credentialPublicKey:is(u.credentialPublicKey)},expectedOrigin:r.origin,expectedRPID:r.id})}catch(e){throw new L(e)}let{verified:p,authenticationInfo:f}=n;if(!p)throw new L("WebAuthn authentication response could not be verified");try{let{newCounter:e}=f;await a.updateAuthenticatorCounter(c.credentialID,e)}catch(e){throw new h(`Failed to update authenticator counter. This may cause future authentication attempts to fail. ${JSON.stringify({credentialID:s,oldCounter:c.counter,newCounter:f.newCounter})}`,e)}let y=await a.getAccount(c.providerAccountId,i.id);if(!y)throw new d(`WebAuthn account not found in database: ${JSON.stringify({credentialID:s,providerAccountId:c.providerAccountId})}`);let m=await a.getUser(y.userId);if(!m)throw new d(`WebAuthn user not found in database: ${JSON.stringify({credentialID:s,providerAccountId:c.providerAccountId,userID:y.userId})}`);return{account:y,user:m}}async function ir(e,t,r){var n;let a,{provider:i}=e,o=t.body&&"string"==typeof t.body.data?JSON.parse(t.body.data):void 0;if(!o||"object"!=typeof o||!("id"in o)||"string"!=typeof o.id)throw new d("Invalid WebAuthn Registration response");let{challenge:s,registerData:c}=await a6.use(e,t.cookies,r);if(!c)throw new d("Missing user registration data in WebAuthn challenge cookie");try{let r=i.getRelayingParty(e,t);a=await i.simpleWebAuthn.verifyRegistrationResponse({...i.verifyRegistrationOptions,expectedChallenge:s,response:o,expectedOrigin:r.origin,expectedRPID:r.id})}catch(e){throw new L(e)}if(!a.verified||!a.registrationInfo)throw new L("WebAuthn registration response could not be verified");let l={providerAccountId:ic(a.registrationInfo.credentialID),provider:e.provider.id,type:i.type},u={providerAccountId:l.providerAccountId,counter:a.registrationInfo.counter,credentialID:ic(a.registrationInfo.credentialID),credentialPublicKey:ic(a.registrationInfo.credentialPublicKey),credentialBackedUp:a.registrationInfo.credentialBackedUp,credentialDeviceType:a.registrationInfo.credentialDeviceType,transports:(n=o.response.transports,n?.join(","))};return{user:c,account:l,authenticator:u}}async function ia(e,t,r){let{provider:n,adapter:a}=e,i=r&&r.id?await a.listAuthenticatorsByUserId(r.id):null,o=n.getRelayingParty(e,t);return await n.simpleWebAuthn.generateAuthenticationOptions({...n.authenticationOptions,rpID:o.id,allowCredentials:i?.map(e=>({id:is(e.credentialID),type:"public-key",transports:il(e.transports)}))})}async function ii(e,t,r){let{provider:n,adapter:a}=e,i=r.id?await a.listAuthenticatorsByUserId(r.id):null,o=t5(32),s=n.getRelayingParty(e,t);return await n.simpleWebAuthn.generateRegistrationOptions({...n.registrationOptions,userID:o,userName:r.email,userDisplayName:r.name??void 0,rpID:s.id,rpName:s.name,excludeCredentials:i?.map(e=>({id:is(e.credentialID),type:"public-key",transports:il(e.transports)}))})}function io(e){let{provider:t,adapter:r}=e;if(!r)throw new E("An adapter is required for the WebAuthn provider");if(!t||"webauthn"!==t.type)throw new $("Provider must be WebAuthn");return{...e,provider:t,adapter:r}}function is(e){return new Uint8Array(Buffer.from(e,"base64"))}function ic(e){return Buffer.from(e).toString("base64")}function il(e){return e?e.split(","):void 0}async function iu(e,t,r,n){if(!t.provider)throw new $("Callback route called without provider");let{query:a,body:i,method:o,headers:s}=e,{provider:c,adapter:l,url:u,callbackUrl:p,pages:h,jwt:f,events:m,callbacks:g,session:{strategy:w,maxAge:_},logger:v}=t,k="jwt"===w;try{if("oauth"===c.type||"oidc"===c.type){let o,s=c.authorization?.url.searchParams.get("response_mode")==="form_post"?i:a;if(t.isOnRedirectProxy&&s?.state){let e=await a2.decode(s.state,t);if(e?.origin&&new URL(e.origin).origin!==t.url.origin){let t=`${e.origin}?${new URLSearchParams(s)}`;return v.debug("Proxy redirecting to",t),{redirect:t,cookies:n}}}let d=await a3(s,e.cookies,t);d.cookies.length&&n.push(...d.cookies),v.debug("authorization result",d);let{user:y,account:w,profile:b}=d;if(!y||!w||!b)return{redirect:`${u}/signin`,cookies:n};if(l){let{getUserByAccount:e}=l;o=await e({providerAccountId:w.providerAccountId,provider:c.id})}let E=await id({user:o??y,account:w,profile:b},t);if(E)return{redirect:E,cookies:n};let{user:A,session:S,isNewUser:R}=await nu(r.value,y,w,t);if(k){let e={name:A.name,email:A.email,picture:A.image,sub:A.id?.toString()},a=await g.jwt({token:e,user:A,account:w,profile:b,isNewUser:R,trigger:R?"signUp":"signIn"});if(null===a)n.push(...r.clean());else{let e=t.cookies.sessionToken.name,i=await f.encode({...f,token:a,salt:e}),o=new Date;o.setTime(o.getTime()+1e3*_);let s=r.chunk(i,{expires:o});n.push(...s)}}else n.push({name:t.cookies.sessionToken.name,value:S.sessionToken,options:{...t.cookies.sessionToken.options,expires:S.expires}});if(await m.signIn?.({user:A,account:w,profile:b,isNewUser:R}),R&&h.newUser)return{redirect:`${h.newUser}${h.newUser.includes("?")?"&":"?"}${new URLSearchParams({callbackUrl:p})}`,cookies:n};return{redirect:p,cookies:n}}if("email"===c.type){let e=a?.token,i=a?.email;if(!e){let t=TypeError("Missing token. The sign-in URL was manually opened without token or the link was not sent correctly in the email.",{cause:{hasToken:!!e}});throw t.name="Configuration",t}let o=c.secret??t.secret,s=await l.useVerificationToken({identifier:i,token:await t2(`${e}${o}`)}),u=!!s,d=u&&s.expires.valueOf()<Date.now();if(!u||d||i&&s.identifier!==i)throw new H({hasInvite:u,expired:d});let{identifier:y}=s,w=await l.getUserByEmail(y)??{id:crypto.randomUUID(),email:y,emailVerified:null},b={providerAccountId:w.email,userId:w.id,type:"email",provider:c.id},v=await id({user:w,account:b},t);if(v)return{redirect:v,cookies:n};let{user:E,session:A,isNewUser:S}=await nu(r.value,w,b,t);if(k){let e={name:E.name,email:E.email,picture:E.image,sub:E.id?.toString()},a=await g.jwt({token:e,user:E,account:b,isNewUser:S,trigger:S?"signUp":"signIn"});if(null===a)n.push(...r.clean());else{let e=t.cookies.sessionToken.name,i=await f.encode({...f,token:a,salt:e}),o=new Date;o.setTime(o.getTime()+1e3*_);let s=r.chunk(i,{expires:o});n.push(...s)}}else n.push({name:t.cookies.sessionToken.name,value:A.sessionToken,options:{...t.cookies.sessionToken.options,expires:A.expires}});if(await m.signIn?.({user:E,account:b,isNewUser:S}),S&&h.newUser)return{redirect:`${h.newUser}${h.newUser.includes("?")?"&":"?"}${new URLSearchParams({callbackUrl:p})}`,cookies:n};return{redirect:p,cookies:n}}if("credentials"===c.type&&"POST"===o){let e=i??{};Object.entries(a??{}).forEach(([e,t])=>u.searchParams.set(e,t));let l=await c.authorize(e,new Request(u,{headers:s,method:o,body:JSON.stringify(i)}));if(l)l.id=l.id?.toString()??crypto.randomUUID();else throw new b;let d={providerAccountId:l.id,type:"credentials",provider:c.id},h=await id({user:l,account:d,credentials:e},t);if(h)return{redirect:h,cookies:n};let y={name:l.name,email:l.email,picture:l.image,sub:l.id},w=await g.jwt({token:y,user:l,account:d,isNewUser:!1,trigger:"signIn"});if(null===w)n.push(...r.clean());else{let e=t.cookies.sessionToken.name,a=await f.encode({...f,token:w,salt:e}),i=new Date;i.setTime(i.getTime()+1e3*_);let o=r.chunk(a,{expires:i});n.push(...o)}return await m.signIn?.({user:l,account:d}),{redirect:p,cookies:n}}else if("webauthn"===c.type&&"POST"===o){let a,i,o,s=e.body?.action;if("string"!=typeof s||"authenticate"!==s&&"register"!==s)throw new d("Invalid action parameter");let c=io(t);switch(s){case"authenticate":{let t=await it(c,e,n);a=t.user,i=t.account;break}case"register":{let r=await ir(t,e,n);a=r.user,i=r.account,o=r.authenticator}}await id({user:a,account:i},t);let{user:l,isNewUser:u,session:y,account:w}=await nu(r.value,a,i,t);if(!w)throw new d("Error creating or finding account");if(o&&l.id&&await c.adapter.createAuthenticator({...o,userId:l.id}),k){let e={name:l.name,email:l.email,picture:l.image,sub:l.id?.toString()},a=await g.jwt({token:e,user:l,account:w,isNewUser:u,trigger:u?"signUp":"signIn"});if(null===a)n.push(...r.clean());else{let e=t.cookies.sessionToken.name,i=await f.encode({...f,token:a,salt:e}),o=new Date;o.setTime(o.getTime()+1e3*_);let s=r.chunk(i,{expires:o});n.push(...s)}}else n.push({name:t.cookies.sessionToken.name,value:y.sessionToken,options:{...t.cookies.sessionToken.options,expires:y.expires}});if(await m.signIn?.({user:l,account:w,isNewUser:u}),u&&h.newUser)return{redirect:`${h.newUser}${h.newUser.includes("?")?"&":"?"}${new URLSearchParams({callbackUrl:p})}`,cookies:n};return{redirect:p,cookies:n}}throw new $(`Callback for provider type (${c.type}) is not supported`)}catch(t){if(t instanceof d)throw t;let e=new y(t,{provider:c.id});throw v.debug("callback route error details",{method:o,query:a,body:i}),e}}async function id(e,t){let r,{signIn:n,redirect:a}=t.callbacks;try{r=await n(e)}catch(e){if(e instanceof d)throw e;throw new f(e)}if(!r)throw new f("AccessDenied");if("string"==typeof r)return await a({url:r,baseUrl:t.url.origin})}async function ip(e,t,r,n,a){let{adapter:i,jwt:o,events:s,callbacks:c,logger:l,session:{strategy:u,maxAge:d}}=e,p={body:null,headers:{"Content-Type":"application/json",...!n&&{"Cache-Control":"private, no-cache, no-store",Expires:"0",Pragma:"no-cache"}},cookies:r},h=t.value;if(!h)return p;if("jwt"===u){try{let r=e.cookies.sessionToken.name,i=await o.decode({...o,token:h,salt:r});if(!i)throw Error("Invalid JWT");let l=await c.jwt({token:i,...n&&{trigger:"update"},session:a}),u=nl(d);if(null!==l){let e={user:{name:l.name,email:l.email,image:l.picture},expires:u.toISOString()},n=await c.session({session:e,token:l});p.body=n;let a=await o.encode({...o,token:l,salt:r}),i=t.chunk(a,{expires:u});p.cookies?.push(...i),await s.session?.({session:n,token:l})}else p.cookies?.push(...t.clean())}catch(e){l.error(new k(e)),p.cookies?.push(...t.clean())}return p}try{let{getSessionAndUser:r,deleteSession:o,updateSession:l}=i,u=await r(h);if(u&&u.session.expires.valueOf()<Date.now()&&(await o(h),u=null),u){let{user:t,session:r}=u,i=e.session.updateAge,o=r.expires.valueOf()-1e3*d+1e3*i,f=nl(d);o<=Date.now()&&await l({sessionToken:h,expires:f});let y=await c.session({session:{...r,user:t},user:t,newSession:a,...n?{trigger:"update"}:{}});p.body=y,p.cookies?.push({name:e.cookies.sessionToken.name,value:h,options:{...e.cookies.sessionToken.options,expires:f}}),await s.session?.({session:y})}else h&&p.cookies?.push(...t.clean())}catch(e){l.error(new C(e))}return p}async function ih(e,t){let r,n,{logger:a,provider:i}=t,o=i.authorization?.url;if(!o||"authjs.dev"===o.host){let e=new URL(i.issuer),t=await nj(e,{[nw]:i[re],[ny]:!0}),r=await nH(e,t).catch(t=>{if(!(t instanceof TypeError)||"Invalid URL"!==t.message)throw t;throw TypeError(`Discovery request responded with an invalid issuer. expected: ${e}`)});if(!r.authorization_endpoint)throw TypeError("Authorization server did not provide an authorization endpoint.");o=new URL(r.authorization_endpoint)}let s=o.searchParams,c=i.callbackUrl;!t.isOnRedirectProxy&&i.redirectProxyUrl&&(c=i.redirectProxyUrl,n=i.callbackUrl,a.debug("using redirect proxy",{redirect_uri:c,data:n}));let l=Object.assign({response_type:"code",client_id:i.clientId,redirect_uri:c,...i.authorization?.params},Object.fromEntries(i.authorization?.url.searchParams??[]),e);for(let e in l)s.set(e,l[e]);let u=[];i.authorization?.url.searchParams.get("response_mode")==="form_post"&&(t.cookies.state.options.sameSite="none",t.cookies.state.options.secure=!0,t.cookies.nonce.options.sameSite="none",t.cookies.nonce.options.secure=!0);let d=await a2.create(t,n);if(d&&(s.set("state",d.value),u.push(d.cookie)),i.checks?.includes("pkce"))if(r&&!r.code_challenge_methods_supported?.includes("S256"))"oidc"===i.type&&(i.checks=["nonce"]);else{let{value:e,cookie:r}=await a0.create(t);s.set("code_challenge",e),s.set("code_challenge_method","S256"),u.push(r)}let p=await a5.create(t);return p&&(s.set("nonce",p.value),u.push(p.cookie)),"oidc"!==i.type||o.searchParams.has("scope")||o.searchParams.set("scope","openid profile email"),a.debug("authorization url is ready",{url:o,cookies:u,provider:i}),{redirect:o.toString(),cookies:u}}async function iy(e,t){let r,{body:n}=e,{provider:a,callbacks:i,adapter:o}=t,s=(a.normalizeIdentifier??function(e){if(!e)throw Error("Missing email from request body.");let[t,r]=e.toLowerCase().trim().split("@");return r=r.split(",")[0],`${t}@${r}`})(n?.email),c={id:crypto.randomUUID(),email:s,emailVerified:null},l=await o.getUserByEmail(s)??c,u={providerAccountId:s,userId:l.id,type:"email",provider:a.id};try{r=await i.signIn({user:l,account:u,email:{verificationRequest:!0}})}catch(e){throw new f(e)}if(!r)throw new f("AccessDenied");if("string"==typeof r)return{redirect:await i.redirect({url:r,baseUrl:t.url.origin})};let{callbackUrl:d,theme:p}=t,h=await a.generateVerificationToken?.()??t5(32),y=new Date(Date.now()+(a.maxAge??86400)*1e3),m=a.secret??t.secret,g=new URL(t.basePath,t.url.origin),w=a.sendVerificationRequest({identifier:s,token:h,expires:y,url:`${g}/callback/${a.id}?${new URLSearchParams({callbackUrl:d,token:h,email:s})}`,provider:a,theme:p,request:new Request(e.url,{headers:e.headers,method:e.method,body:"POST"===e.method?JSON.stringify(e.body??{}):void 0})}),b=o.createVerificationToken?.({identifier:s,token:await t2(`${h}${m}`),expires:y});return await Promise.all([w,b]),{redirect:`${g}/verify-request?${new URLSearchParams({provider:a.id,type:a.type})}`}}async function im(e,t,r){let n=`${r.url.origin}${r.basePath}/signin`;if(!r.provider)return{redirect:n,cookies:t};switch(r.provider.type){case"oauth":case"oidc":{let{redirect:n,cookies:a}=await ih(e.query,r);return a&&t.push(...a),{redirect:n,cookies:t}}case"email":return{...await iy(e,r),cookies:t};default:return{redirect:n,cookies:t}}}async function ig(e,t,r){let{jwt:n,events:a,callbackUrl:i,logger:o,session:s}=r,c=t.value;if(!c)return{redirect:i,cookies:e};try{if("jwt"===s.strategy){let e=r.cookies.sessionToken.name,t=await n.decode({...n,token:c,salt:e});await a.signOut?.({token:t})}else{let e=await r.adapter?.deleteSession(c);await a.signOut?.({session:e})}}catch(e){o.error(new O(e))}return e.push(...t.clean()),{redirect:i,cookies:e}}async function iw(e,t){let{adapter:r,jwt:n,session:{strategy:a}}=e,i=t.value;if(!i)return null;if("jwt"===a){let t=e.cookies.sessionToken.name,r=await n.decode({...n,token:i,salt:t});if(r&&r.sub)return{id:r.sub,name:r.name,email:r.email,image:r.picture}}else{let e=await r?.getSessionAndUser(i);if(e)return e.user}return null}async function ib(e,t,r,n){let a=io(t),{provider:i}=a,{action:o}=e.query??{};if("register"!==o&&"authenticate"!==o&&void 0!==o)return{status:400,body:{error:"Invalid action"},cookies:n,headers:{"Content-Type":"application/json"}};let s=await iw(t,r),c=s?{user:s,exists:!0}:await i.getUserInfo(t,e),l=c?.user;switch(function(e,t,r){let{user:n,exists:a=!1}=r??{};switch(e){case"authenticate":return"authenticate";case"register":if(n&&t===a)return"register";break;case void 0:if(!t)if(!n)return"authenticate";else if(a)return"authenticate";else return"register"}return null}(o,!!s,c)){case"authenticate":return ie(a,e,l,n);case"register":if("string"==typeof l?.email)return a7(a,e,l,n);break;default:return{status:400,body:{error:"Invalid request"},cookies:n,headers:{"Content-Type":"application/json"}}}}async function i_(e,t){let{action:r,providerId:n,error:a,method:i}=e,o=t.skipCSRFCheck===t9,{options:s,cookies:c}=await rs({authOptions:t,action:r,providerId:n,url:e.url,callbackUrl:e.body?.callbackUrl??e.query?.callbackUrl,csrfToken:e.body?.csrfToken,cookies:e.cookies,isPost:"POST"===i,csrfDisabled:o}),l=new u(s.cookies.sessionToken,e.cookies,s.logger);if("GET"===i){let t=nc({...s,query:e.query,cookies:c});switch(r){case"callback":return await iu(e,s,l,c);case"csrf":return t.csrf(o,s,c);case"error":return t.error(a);case"providers":return t.providers(s.providers);case"session":return await ip(s,l,c);case"signin":return t.signin(n,a);case"signout":return t.signout();case"verify-request":return t.verifyRequest();case"webauthn-options":return await ib(e,s,l,c)}}else{let{csrfTokenVerified:t}=s;switch(r){case"callback":return"credentials"===s.provider.type&&t6(r,t),await iu(e,s,l,c);case"session":return t6(r,t),await ip(s,l,c,!0,e.body?.data);case"signin":return t6(r,t),await im(e,c,s);case"signout":return t6(r,t),await ig(c,l,s)}}throw new U(`Cannot handle action: ${r}`)}function iv(e,t,r,n,a){let i,o=a?.basePath,s=n.AUTH_URL??n.NEXTAUTH_URL;if(s)i=new URL(s),o&&"/"!==o&&"/"!==i.pathname&&(i.pathname!==o&&tG(a).warn("env-url-basepath-mismatch"),i.pathname="/");else{let e=r.get("x-forwarded-host")??r.get("host"),n=r.get("x-forwarded-proto")??t??"https",a=n.endsWith(":")?n:n+":";i=new URL(`${a}//${e}`)}let c=i.toString().replace(/\/$/,"");if(o){let t=o?.replace(/(^\/|\/$)/g,"")??"";return new URL(`${c}/${t}/${e}`)}return new URL(`${c}/${e}`)}async function ik(e,t){let r=tG(t),n=await t0(e,t);if(!n)return Response.json("Bad request.",{status:400});let a=function(e,t){let{url:r}=e,n=[];if(!B&&t.debug&&n.push("debug-enabled"),!t.trustHost)return new I(`Host must be trusted. URL was: ${e.url}`);if(!t.secret?.length)return new R("Please define a `secret`");let a=e.query?.callbackUrl;if(a&&!z(a,r.origin))return new w(`Invalid callback URL. Received: ${a}`);let{callbackUrl:i}=l(t.useSecureCookies??"https:"===r.protocol),o=e.cookies?.[t.cookies?.callbackUrl?.name??i.name];if(o&&!z(o,r.origin))return new w(`Invalid callback URL. Received: ${o}`);let s=!1;for(let e of t.providers){let t="function"==typeof e?e():e;if(("oauth"===t.type||"oidc"===t.type)&&!(t.issuer??t.options?.issuer)){let e,{authorization:r,token:n,userinfo:a}=t;if("string"==typeof r||r?.url?"string"==typeof n||n?.url?"string"==typeof a||a?.url||(e="userinfo"):e="token":e="authorization",e)return new _(`Provider "${t.id}" is missing both \`issuer\` and \`${e}\` endpoint config. At least one of them is required`)}if("credentials"===t.type)F=!0;else if("email"===t.type)q=!0;else if("webauthn"===t.type){var c;if(V=!0,t.simpleWebAuthnBrowserVersion&&(c=t.simpleWebAuthnBrowserVersion,!/^v\d+(?:\.\d+){0,2}$/.test(c)))return new d(`Invalid provider config for "${t.id}": simpleWebAuthnBrowserVersion "${t.simpleWebAuthnBrowserVersion}" must be a valid semver string.`);if(t.enableConditionalUI){if(s)return new K("Multiple webauthn providers have 'enableConditionalUI' set to True. Only one provider can have this option enabled at a time");if(s=!0,!Object.values(t.formFields).some(e=>e.autocomplete&&e.autocomplete.toString().indexOf("webauthn")>-1))return new M(`Provider "${t.id}" has 'enableConditionalUI' set to True, but none of its formFields have 'webauthn' in their autocomplete param`)}}}if(F){let e=t.session?.strategy==="database",r=!t.providers.some(e=>"credentials"!==("function"==typeof e?e():e).type);if(e&&r)return new j("Signing in with credentials only supported if JWT strategy is enabled");if(t.providers.some(e=>{let t="function"==typeof e?e():e;return"credentials"===t.type&&!t.authorize}))return new S("Must define an authorize() handler to use credentials authentication provider")}let{adapter:u,session:p}=t,h=[];if(q||p?.strategy==="database"||!p?.strategy&&u)if(q){if(!u)return new E("Email login requires an adapter");h.push(...G)}else{if(!u)return new E("Database session requires an adapter");h.push(...X)}if(V){if(!t.experimental?.enableWebAuthn)return new J("WebAuthn is an experimental feature. To enable it, set `experimental.enableWebAuthn` to `true` in your config");if(n.push("experimental-webauthn"),!u)return new E("WebAuthn requires an adapter");h.push(...Z)}if(u){let e=h.filter(e=>!(e in u));if(e.length)return new A(`Required adapter methods were missing: ${e.join(", ")}`)}return B||(B=!0),n}(n,t);if(Array.isArray(a))a.forEach(r.warn);else if(a){if(r.error(a),!new Set(["signin","signout","error","verify-request"]).has(n.action)||"GET"!==n.method)return Response.json({message:"There was a problem with the server configuration. Check the server logs for more information."},{status:500});let{pages:e,theme:i}=t,o=e?.error&&n.url.searchParams.get("callbackUrl")?.startsWith(e.error);if(!e?.error||o)return o&&r.error(new m(`The error page ${e?.error} should not require authentication`)),t1(nc({theme:i}).error("Configuration"));let s=`${n.url.origin}${e.error}?error=Configuration`;return Response.redirect(s)}let i=e.headers?.has("X-Auth-Return-Redirect"),o=t.raw===t7;try{let e=await i_(n,t);if(o)return e;let r=t1(e),a=r.headers.get("Location");if(!i||!a)return r;return Response.json({url:a},{headers:r.headers})}catch(p){r.error(p);let a=p instanceof d;if(a&&o&&!i)throw p;if("POST"===e.method&&"session"===n.action)return Response.json(null,{status:400});let s=new URLSearchParams({error:p instanceof d&&W.has(p.type)?p.type:"Configuration"});p instanceof b&&s.set("code",p.code);let c=a&&p.kind||"error",l=t.pages?.[c]??`${t.basePath}/${c.toLowerCase()}`,u=`${n.url.origin}${l}?${s}`;if(i)return Response.json({url:u});return Response.redirect(u)}}var iE=e.i(53649);function iA(e){let t=process.env.AUTH_URL??process.env.NEXTAUTH_URL;if(!t)return e;let{origin:r}=new URL(t),{href:n,origin:a}=e.nextUrl;return new iE.NextRequest(n.replace(a,r),e)}function iS(e){try{e.secret??(e.secret=process.env.AUTH_SECRET??process.env.NEXTAUTH_SECRET);let t=process.env.AUTH_URL??process.env.NEXTAUTH_URL;if(!t)return;let{pathname:r}=new URL(t);if("/"===r)return;e.basePath||(e.basePath=r)}catch{}finally{e.basePath||(e.basePath="/api/auth"),function(e,t,r=!1){try{let n=e.AUTH_URL;n&&(t.basePath?r||tG(t).warn("env-url-basepath-redundant"):t.basePath=new URL(n).pathname)}catch{}finally{t.basePath??(t.basePath="/auth")}if(!t.secret?.length){t.secret=[];let r=e.AUTH_SECRET;for(let n of(r&&t.secret.push(r),[1,2,3])){let r=e[`AUTH_SECRET_${n}`];r&&t.secret.unshift(r)}}t.redirectProxyUrl??(t.redirectProxyUrl=e.AUTH_REDIRECT_PROXY_URL),t.trustHost??(t.trustHost=!!(e.AUTH_URL??e.AUTH_TRUST_HOST??e.VERCEL??e.CF_PAGES??"production"!==e.NODE_ENV)),t.providers=t.providers.map(t=>{let{id:r}="function"==typeof t?t({}):t,n=r.toUpperCase().replace(/-/g,"_"),a=e[`AUTH_${n}_ID`],i=e[`AUTH_${n}_SECRET`],o=e[`AUTH_${n}_ISSUER`],s=e[`AUTH_${n}_KEY`],c="function"==typeof t?t({clientId:a,clientSecret:i,issuer:o,apiKey:s}):t;return"oauth"===c.type||"oidc"===c.type?(c.clientId??(c.clientId=a),c.clientSecret??(c.clientSecret=i),c.issuer??(c.issuer=o)):"email"===c.type&&(c.apiKey??(c.apiKey=s)),c})}(process.env,e,!0)}}var iR=e.i(29212);async function ix(e,t){return ik(new Request(iv("session",e.get("x-forwarded-proto"),e,process.env,t),{headers:{cookie:e.get("cookie")??""}}),{...t,callbacks:{...t.callbacks,async session(...e){let r=await t.callbacks?.session?.(...e)??{...e[0].session,expires:e[0].session.expires?.toISOString?.()??e[0].session.expires};return{user:e[0].user??e[0].token,...r}}}})}function iT(e){return"function"==typeof e}function iP(e,t){return"function"==typeof e?async(...r)=>{if(!r.length){let r=await (0,iR.headers)(),n=await e(void 0);return t?.(n),ix(r,n).then(e=>e.json())}if(r[0]instanceof Request){let n=r[0],a=r[1],i=await e(n);return t?.(i),iC([n,a],i)}if(iT(r[0])){let n=r[0];return async(...r)=>{let a=await e(r[0]);return t?.(a),iC(r,a,n)}}let n="req"in r[0]?r[0].req:r[0],a="res"in r[0]?r[0].res:r[1],i=await e(n);return t?.(i),ix(new Headers(n.headers),i).then(async e=>{let t=await e.json();for(let t of e.headers.getSetCookie())"headers"in a?a.headers.append("set-cookie",t):a.appendHeader("set-cookie",t);return t})}:(...t)=>{if(!t.length)return Promise.resolve((0,iR.headers)()).then(t=>ix(t,e).then(e=>e.json()));if(t[0]instanceof Request)return iC([t[0],t[1]],e);if(iT(t[0])){let r=t[0];return async(...t)=>iC(t,e,r).then(e=>e)}let r="req"in t[0]?t[0].req:t[0],n="res"in t[0]?t[0].res:t[1];return ix(new Headers(r.headers),e).then(async e=>{let t=await e.json();for(let t of e.headers.getSetCookie())"headers"in n?n.headers.append("set-cookie",t):n.appendHeader("set-cookie",t);return t})}}async function iC(e,t,r){let n=iA(e[0]),a=await ix(n.headers,t),i=await a.json(),o=!0;t.callbacks?.authorized&&(o=await t.callbacks.authorized({request:n,auth:i}));let s=iE.NextResponse.next?.();if(o instanceof Response){var c,l,u;let e,r;s=o;let a=o.headers.get("Location"),{pathname:i}=n.nextUrl;a&&(c=i,l=new URL(a).pathname,u=t,e=l.replace(`${c}/`,""),r=Object.values(u.pages??{}),(iO.has(e)||r.includes(l))&&l===c)&&(o=!0)}else if(r)n.auth=i,s=await r(n,e[1])??iE.NextResponse.next();else if(!o){let e=t.pages?.signIn??`${t.basePath}/signin`;if(n.nextUrl.pathname!==e){let t=n.nextUrl.clone();t.pathname=e,t.searchParams.set("callbackUrl",n.nextUrl.href),s=iE.NextResponse.redirect(t)}}let d=new Response(s?.body,s);for(let e of a.headers.getSetCookie())d.headers.append("set-cookie",e);return d}let iO=new Set(["providers","session","csrf","signin","signout","callback","verify-request","error"]);var iU=e.i(85644);async function ij(e,t={},r,n){let a=new Headers(await (0,iR.headers)()),{redirect:i=!0,redirectTo:o,...s}=t instanceof FormData?Object.fromEntries(t):t,c=o?.toString()??a.get("Referer")??"/",l=iv("signin",a.get("x-forwarded-proto"),a,process.env,n);if(!e)return l.searchParams.append("callbackUrl",c),i&&(0,iU.redirect)(l.toString()),l.toString();let u=`${l}/${e}?${new URLSearchParams(r)}`,d={};for(let t of n.providers){let{options:r,...n}="function"==typeof t?t():t,a=r?.id??n.id;if(a===e){d={id:a,type:r?.type??n.type};break}}if(!d.id){let e=`${l}?${new URLSearchParams({callbackUrl:c})}`;return i&&(0,iU.redirect)(e),e}"credentials"===d.type&&(u=u.replace("signin","callback")),a.set("Content-Type","application/x-www-form-urlencoded");let p=new Request(u,{method:"POST",headers:a,body:new URLSearchParams({...s,callbackUrl:c})}),h=await ik(p,{...n,raw:t7,skipCSRFCheck:t9}),f=await (0,iR.cookies)();for(let e of h?.cookies??[])f.set(e.name,e.value,e.options);let y=(h instanceof Response?h.headers.get("Location"):h.redirect)??u;return i?(0,iU.redirect)(y):y}async function i$(e,t){let r=new Headers(await (0,iR.headers)());r.set("Content-Type","application/x-www-form-urlencoded");let n=iv("signout",r.get("x-forwarded-proto"),r,process.env,t),a=new URLSearchParams({callbackUrl:e?.redirectTo??r.get("Referer")??"/"}),i=new Request(n,{method:"POST",headers:r,body:a}),o=await ik(i,{...t,raw:t7,skipCSRFCheck:t9}),s=await (0,iR.cookies)();for(let e of o?.cookies??[])s.set(e.name,e.value,e.options);return e?.redirect??!0?(0,iU.redirect)(o.redirect):o}async function iI(e,t){let r=new Headers(await (0,iR.headers)());r.set("Content-Type","application/json");let n=new Request(iv("session",r.get("x-forwarded-proto"),r,process.env,t),{method:"POST",headers:r,body:JSON.stringify({data:e})}),a=await ik(n,{...t,raw:t7,skipCSRFCheck:t9}),i=await (0,iR.cookies)();for(let e of a?.cookies??[])i.set(e.name,e.value,e.options);return a.body}var iH=e.i(87746);let{handlers:iD,signIn:iW,signOut:iK,auth:iM}=function(e){if("function"==typeof e){let t=async t=>{let r=await e(t);return iS(r),ik(iA(t),r)};return{handlers:{GET:t,POST:t},auth:iP(e,e=>iS(e)),signIn:async(t,r,n)=>{let a=await e(void 0);return iS(a),ij(t,r,n,a)},signOut:async t=>{let r=await e(void 0);return iS(r),i$(t,r)},unstable_update:async t=>{let r=await e(void 0);return iS(r),iI(t,r)}}}iS(e);let t=t=>ik(iA(t),e);return{handlers:{GET:t,POST:t},auth:iP(e),signIn:(t,r,n)=>ij(t,r,n,e),signOut:t=>i$(t,e),unstable_update:t=>iI(t,e)}}({providers:[{id:"credentials",name:"Credentials",type:"credentials",credentials:{},authorize:()=>null,options:{name:"credentials",credentials:{email:{label:"Email",type:"email"},password:{label:"Password",type:"password"}},async authorize(t){if(!t?.email||!t?.password)return null;let{default:r}=await e.A(59498),n=r(),a=await n.user.findUnique({where:{email:t.email}});return a&&await iH.default.compare(t.password,a.hashedPassword)?{id:a.id,email:a.email,name:a.name}:null}}}],session:{strategy:"jwt"},callbacks:{jwt:async({token:e,user:t})=>(t&&(e.id=t.id),e),session:async({session:e,token:t})=>(e.user&&t.id&&(e.user.id=t.id),e)},pages:{signIn:"/"}});e.s(["auth",0,iM,"handlers",0,iD],50508)}];

//# sourceMappingURL=Documents_00%20-%20projet_plumeia_bfccc792._.js.map