From a9fa1a0a0fe7d0fa11a59ec89e4fb7cb33caa1f5 Mon Sep 17 00:00:00 2001 From: Damien Coles Date: Mon, 26 Jan 2026 11:15:52 -0500 Subject: [PATCH] public-ready-init --- .env.example | 14 + .gitignore | 2 + ORY_SDK_MIGRATION_GUIDE.md | 402 + PRODUCTION-DEPLOYMENT.md | 597 ++ README.md | 273 + nexus-5-auth-frontend/.dockerignore | 32 + nexus-5-auth-frontend/.gitignore | 24 + nexus-5-auth-frontend/.npmrc | 1 + nexus-5-auth-frontend/.prettierignore | 9 + nexus-5-auth-frontend/.prettierrc | 16 + nexus-5-auth-frontend/Dockerfile | 63 + nexus-5-auth-frontend/docker-compose.yml | 28 + nexus-5-auth-frontend/eslint.config.js | 41 + nexus-5-auth-frontend/package-lock.json | 4925 +++++++++++ nexus-5-auth-frontend/package.json | 45 + nexus-5-auth-frontend/src/app.css | 314 + nexus-5-auth-frontend/src/app.d.ts | 13 + nexus-5-auth-frontend/src/app.html | 12 + .../src/lib/assets/favicon.svg | 1 + .../src/lib/components/FlowForm.svelte | 284 + .../src/lib/components/FormField.svelte | 243 + .../lib/components/SettingsProfileForm.svelte | 159 + .../modals/IdentityCreateModal.svelte | 118 + .../modals/IdentityDetailsModal.svelte | 116 + .../modals/IdentityEditModal.svelte | 183 + .../modals/IdentitySessionsModal.svelte | 122 + .../modals/MessageDetailsModal.svelte | 40 + .../modals/SessionDetailsModal.svelte | 40 + nexus-5-auth-frontend/src/lib/flows.ts | 96 + .../src/lib/kratos-server.ts | 11 + nexus-5-auth-frontend/src/lib/kratos.ts | 24 + .../src/lib/stores/theme.svelte.ts | 79 + nexus-5-auth-frontend/src/lib/utils.ts | 52 + .../src/routes/+layout.server.ts | 23 + .../src/routes/+layout.svelte | 187 + nexus-5-auth-frontend/src/routes/+page.svelte | 135 + .../src/routes/admin/+page.server.ts | 31 + .../src/routes/admin/+page.svelte | 1444 +++ .../src/routes/error/+page.server.ts | 22 + .../src/routes/error/+page.svelte | 49 + .../src/routes/login/+page.svelte | 77 + .../src/routes/logout/+server.ts | 56 + .../src/routes/recovery/+page.server.ts | 76 + .../src/routes/recovery/+page.svelte | 49 + .../src/routes/registration/+page.svelte | 71 + .../src/routes/settings/+page.server.ts | 21 + .../src/routes/settings/+page.svelte | 82 + .../src/routes/verification/+page.server.ts | 77 + .../src/routes/verification/+page.svelte | 42 + nexus-5-auth-frontend/static/robots.txt | 3 + nexus-5-auth-frontend/svelte.config.js | 12 + nexus-5-auth-frontend/tsconfig.json | 19 + nexus-5-auth-frontend/vite.config.ts | 7 + nexus-5-auth-kratos/.dockerignore | 0 nexus-5-auth-kratos/.gitignore | 5 + nexus-5-auth-kratos/Dockerfile | 32 + .../config/identity.schema.json | 58 + .../config/identity.v2.schema.json | 81 + nexus-5-auth-kratos/config/kratos.yml | 162 + ...recovery_code_valid.email.body.html.gotmpl | 79 + ...ery_code_valid.email.body.plaintext.gotmpl | 19 + .../recovery_code_valid.email.subject.gotmpl | 1 + .../recovery_invalid.email.body.gotmpl | 10 + .../recovery_invalid.email.subject.gotmpl | 1 + .../recovery_valid.email.body.gotmpl | 12 + .../recovery_valid.email.subject.gotmpl | 1 + ...fication_code_valid.email.body.html.gotmpl | 97 + ...ion_code_valid.email.body.plaintext.gotmpl | 20 + ...rification_code_valid.email.subject.gotmpl | 1 + nexus-5-auth-kratos/docker-compose.yml | 122 + nexus-5-auth-kratos/openapi.json | 7706 +++++++++++++++++ nexus-5-auth-oathkeeper/.dockerignore | 0 nexus-5-auth-oathkeeper/.gitignore | 7 + nexus-5-auth-oathkeeper/Dockerfile | 41 + .../config/access-rules/chat.yml | 6 + .../config/access-rules/django.yml | 124 + .../config/access-rules/kratos-admin.yml | 48 + .../config/access-rules/kratos-public.yml | 115 + nexus-5-auth-oathkeeper/config/oathkeeper.yml | 140 + nexus-5-auth-oathkeeper/docker-compose.yml | 30 + nexus-5-auth-oathkeeper/openapi.json | 588 ++ nexus-5-auth-oathkeeper/scripts/entrypoint.sh | 30 + .../scripts/generate-jwks.sh | 26 + 83 files changed, 20424 insertions(+) create mode 100644 .env.example create mode 100644 .gitignore create mode 100644 ORY_SDK_MIGRATION_GUIDE.md create mode 100644 PRODUCTION-DEPLOYMENT.md create mode 100644 README.md create mode 100644 nexus-5-auth-frontend/.dockerignore create mode 100644 nexus-5-auth-frontend/.gitignore create mode 100644 nexus-5-auth-frontend/.npmrc create mode 100644 nexus-5-auth-frontend/.prettierignore create mode 100644 nexus-5-auth-frontend/.prettierrc create mode 100644 nexus-5-auth-frontend/Dockerfile create mode 100644 nexus-5-auth-frontend/docker-compose.yml create mode 100644 nexus-5-auth-frontend/eslint.config.js create mode 100644 nexus-5-auth-frontend/package-lock.json create mode 100644 nexus-5-auth-frontend/package.json create mode 100644 nexus-5-auth-frontend/src/app.css create mode 100644 nexus-5-auth-frontend/src/app.d.ts create mode 100644 nexus-5-auth-frontend/src/app.html create mode 100644 nexus-5-auth-frontend/src/lib/assets/favicon.svg create mode 100644 nexus-5-auth-frontend/src/lib/components/FlowForm.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/FormField.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/SettingsProfileForm.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/IdentityCreateModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/IdentityDetailsModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/IdentityEditModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/IdentitySessionsModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/MessageDetailsModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/components/modals/SessionDetailsModal.svelte create mode 100644 nexus-5-auth-frontend/src/lib/flows.ts create mode 100644 nexus-5-auth-frontend/src/lib/kratos-server.ts create mode 100644 nexus-5-auth-frontend/src/lib/kratos.ts create mode 100644 nexus-5-auth-frontend/src/lib/stores/theme.svelte.ts create mode 100644 nexus-5-auth-frontend/src/lib/utils.ts create mode 100644 nexus-5-auth-frontend/src/routes/+layout.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/+layout.svelte create mode 100644 nexus-5-auth-frontend/src/routes/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/admin/+page.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/admin/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/error/+page.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/error/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/login/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/logout/+server.ts create mode 100644 nexus-5-auth-frontend/src/routes/recovery/+page.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/recovery/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/registration/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/settings/+page.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/settings/+page.svelte create mode 100644 nexus-5-auth-frontend/src/routes/verification/+page.server.ts create mode 100644 nexus-5-auth-frontend/src/routes/verification/+page.svelte create mode 100644 nexus-5-auth-frontend/static/robots.txt create mode 100644 nexus-5-auth-frontend/svelte.config.js create mode 100644 nexus-5-auth-frontend/tsconfig.json create mode 100644 nexus-5-auth-frontend/vite.config.ts create mode 100644 nexus-5-auth-kratos/.dockerignore create mode 100644 nexus-5-auth-kratos/.gitignore create mode 100644 nexus-5-auth-kratos/Dockerfile create mode 100644 nexus-5-auth-kratos/config/identity.schema.json create mode 100644 nexus-5-auth-kratos/config/identity.v2.schema.json create mode 100644 nexus-5-auth-kratos/config/kratos.yml create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.html.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.plaintext.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.subject.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_invalid.email.body.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_invalid.email.subject.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_valid.email.body.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/recovery_valid.email.subject.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.html.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.plaintext.gotmpl create mode 100644 nexus-5-auth-kratos/courier-templates/verification_code_valid.email.subject.gotmpl create mode 100644 nexus-5-auth-kratos/docker-compose.yml create mode 100644 nexus-5-auth-kratos/openapi.json create mode 100644 nexus-5-auth-oathkeeper/.dockerignore create mode 100644 nexus-5-auth-oathkeeper/.gitignore create mode 100644 nexus-5-auth-oathkeeper/Dockerfile create mode 100644 nexus-5-auth-oathkeeper/config/access-rules/chat.yml create mode 100644 nexus-5-auth-oathkeeper/config/access-rules/django.yml create mode 100644 nexus-5-auth-oathkeeper/config/access-rules/kratos-admin.yml create mode 100644 nexus-5-auth-oathkeeper/config/access-rules/kratos-public.yml create mode 100644 nexus-5-auth-oathkeeper/config/oathkeeper.yml create mode 100644 nexus-5-auth-oathkeeper/docker-compose.yml create mode 100644 nexus-5-auth-oathkeeper/openapi.json create mode 100644 nexus-5-auth-oathkeeper/scripts/entrypoint.sh create mode 100755 nexus-5-auth-oathkeeper/scripts/generate-jwks.sh diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..7ec7c6b --- /dev/null +++ b/.env.example @@ -0,0 +1,14 @@ +# Kratos +KRATOS_DSN=postgres://user:password@localhost:5432/kratos +KRATOS_SECRETS_DEFAULT=your-32-character-secret-here +KRATOS_SECRETS_COOKIE=your-32-character-cookie-secret + +# SMTP Configuration +SMTP_CONNECTION_URI=smtp://user:password@smtp.example.com:587 + +# Frontend +PUBLIC_KRATOS_URL=http://localhost:4433 +PUBLIC_KRATOS_BROWSER_URL=http://localhost:4433 + +# Oathkeeper +OATHKEEPER_MUTATOR_ID_TOKEN_JWKS_URL=file:///etc/jwks.json diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8cc0286 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/ory-sdk/ +.idea diff --git a/ORY_SDK_MIGRATION_GUIDE.md b/ORY_SDK_MIGRATION_GUIDE.md new file mode 100644 index 0000000..40494bd --- /dev/null +++ b/ORY_SDK_MIGRATION_GUIDE.md @@ -0,0 +1,402 @@ +# πŸš€ **Ory SDK Migration Guide** +**Fixing CSRF Issues by Using the SDK Properly** +*Created: October 17, 2025* + +## πŸ“‹ **Problem Analysis** + +### **Current Issue** +The frontend has been manually handling forms with `fetch()` and `FormData`, which causes CSRF token mismatches because: + +1. **Form submission uses `application/x-www-form-urlencoded`** +2. **Manual CSRF token handling** leads to cookie accumulation +3. **SDK expects `application/json`** with automatic CSRF management + +### **Why Admin Works vs Settings Fails** +- **Admin Interface**: Uses `kratosAdminClient.methodName()` β†’ JSON payloads β†’ βœ… Works +- **Settings Forms**: Uses manual `fetch()` β†’ Form-encoded data β†’ ❌ CSRF errors + +--- + +## πŸ”§ **The Solution: Proper SDK Usage** + +### **Core Principle** +Stop using manual `fetch()` calls. Use the Ory SDK methods which handle CSRF automatically. + +--- + +## πŸ“š **SDK Method Reference** + +### **Available Methods** +```typescript +// Flow Creation (usually browser redirects) +kratosClient.createBrowserLoginFlow() +kratosClient.createBrowserRegistrationFlow() +kratosClient.createBrowserSettingsFlow() +kratosClient.createBrowserRecoveryFlow() + +// Flow Data Fetching +kratosClient.getLoginFlow({ id: flowId }) +kratosClient.getRegistrationFlow({ id: flowId }) +kratosClient.getSettingsFlow({ id: flowId }) +kratosClient.getRecoveryFlow({ id: flowId }) + +// Flow Submission (the key ones!) +kratosClient.updateLoginFlow({ flow: flowId, updateLoginFlowBody: data }) +kratosClient.updateRegistrationFlow({ flow: flowId, updateRegistrationFlowBody: data }) +kratosClient.updateSettingsFlow({ flow: flowId, updateSettingsFlowBody: data }) +kratosClient.updateRecoveryFlow({ flow: flowId, updateRecoveryFlowBody: data }) +``` + +--- + +## πŸ—οΈ **Migration Pattern** + +### **1. Form Data Conversion** +```typescript +// Helper function to convert FormData to JSON +const formDataToJson = (formData: FormData): Record => { + const json: Record = {}; + + for (const [key, value] of formData.entries()) { + // Skip CSRF token - SDK handles this automatically + if (key === 'csrf_token') continue; + + // Handle method field (used by Kratos to determine which action to take) + if (key === 'method') { + json.method = value; + continue; + } + + // Handle nested object notation (e.g., traits.email, traits.name.first) + if (key.includes('.')) { + setNestedProperty(json, key, value); + } else { + json[key] = value; + } + } + + return json; +}; + +// Helper for nested properties +const setNestedProperty = (obj: any, path: string, value: any) => { + const keys = path.split('.'); + let current = obj; + + for (let i = 0; i < keys.length - 1; i++) { + const key = keys[i]; + if (!(key in current)) { + current[key] = {}; + } + current = current[key]; + } + + current[keys[keys.length - 1]] = value; +}; +``` + +### **2. Settings Form Handler (Before β†’ After)** + +**❌ BEFORE (Manual fetch - causes CSRF issues)** +```typescript +// OLD WAY - DON'T USE +async function handleSubmit(event: Event) { + event.preventDefault(); + const form = event.target as HTMLFormElement; + const formData = new FormData(form); + + const response = await fetch(flow.ui.action, { + method: 'POST', + body: formData, // ← Form-encoded data + credentials: 'include', + headers: { + 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' + } + }); + // ... handle response +} +``` + +**βœ… AFTER (SDK method - handles CSRF automatically)** +```typescript +// NEW WAY - USE THIS +import { kratosClient } from '$lib/kratos'; + +async function handleSubmit(event: Event) { + event.preventDefault(); + const form = event.target as HTMLFormElement; + const formData = new FormData(form); + + // Convert form data to JSON + const updateBody = formDataToJson(formData); + + try { + // Use SDK method - handles CSRF automatically via JSON + cookies + const { data } = await kratosClient.updateSettingsFlow({ + flow: flowId, + updateSettingsFlowBody: updateBody + }); + + // Handle success + if (data.redirect_browser_to) { + window.location.href = data.redirect_browser_to; + } else { + // Show success message or reload + window.location.reload(); + } + + } catch (error: any) { + console.error('Settings update failed:', error); + + // Handle specific errors + if (error.response?.status === 410) { + // Flow expired, restart + window.location.href = `${PUBLIC_KRATOS_URL}/self-service/settings/browser`; + } else if (error.response?.data?.ui) { + // Update flow with validation errors + flow = error.response.data; + } + } +} +``` + +--- + +## πŸ“ **Implementation Steps** + +### **Step 1: Update FlowForm Component** +```typescript +// src/lib/components/FlowForm.svelte + + + +
+ {#each nodes as node (node.attributes)} + + {/each} + +``` + +### **Step 2: Update Individual Page Components** +```typescript +// src/routes/settings/+page.svelte + + + +{#if flow} + + + +{/if} +``` + +--- + +## 🎯 **Key Benefits** + +### **βœ… What This Fixes** +1. **No more CSRF errors** - SDK handles tokens automatically +2. **No cookie accumulation** - Proper JSON-based API usage +3. **Better error handling** - Structured error responses +4. **Type safety** - Full TypeScript support +5. **Consistency** - Same pattern as admin interface + +### **πŸ“Š Comparison** + +| Aspect | Manual Fetch (Old) | SDK Methods (New) | +|--------|-------------------|-------------------| +| **Content-Type** | `application/x-www-form-urlencoded` | `application/json` | +| **CSRF Handling** | Manual form fields | Automatic via cookies | +| **Error Handling** | Manual response parsing | Structured exceptions | +| **Type Safety** | None | Full TypeScript | +| **Cookie Management** | Manual/broken | Automatic | + +--- + +## 🚨 **Migration Checklist** + +- [ ] **Remove `clearCsrfCookies()` calls** - No longer needed +- [ ] **Update FlowForm component** - Use SDK methods instead of fetch +- [ ] **Update all page components** - Use SDK for flow fetching +- [ ] **Remove manual CSRF handling** - SDK does this automatically +- [ ] **Test all flows** - Login, Registration, Settings, Recovery +- [ ] **Remove unused utilities** - Clean up old cookie management code + +--- + +## πŸ”„ **Testing Strategy** + +### **Before Deployment** +1. **Clear all browser cookies** for your domain +2. **Test complete user journey**: + - Registration β†’ Login β†’ Settings update β†’ Logout +3. **Verify no CSRF errors** in browser console +4. **Check network tab** - Should see JSON payloads, not form data + +### **Production Validation** +1. **Monitor error logs** for any remaining CSRF issues +2. **Test across different browsers** (Chrome, Firefox, Safari) +3. **Verify admin interface** still works (should be unchanged) + +--- + +## πŸ“š **Additional Resources** + +- [Ory Kratos Self-Service Flows](https://www.ory.sh/docs/kratos/self-service) +- [TypeScript SDK Documentation](https://github.com/ory/sdk/tree/master/clients/client/typescript) +- [Flow UI Integration Guide](https://www.ory.sh/docs/kratos/self-service/flows/user-settings) + +--- + +*This migration will eliminate your CSRF issues completely by using the Ory SDK as intended. The SDK's JSON-based approach with automatic CSRF handling is the official, supported pattern.* \ No newline at end of file diff --git a/PRODUCTION-DEPLOYMENT.md b/PRODUCTION-DEPLOYMENT.md new file mode 100644 index 0000000..3082e97 --- /dev/null +++ b/PRODUCTION-DEPLOYMENT.md @@ -0,0 +1,597 @@ +# Production Deployment Checklist + +## Architecture Overview + +**Production Domains:** +- Frontend: `https://account.example.com` +- Oathkeeper Proxy: `https://auth.example.com` (port 4455) +- Django API: `https://api.example.com` +- Kratos: Internal only (ports 4433/4434) +- Oathkeeper API: Internal only (port 4456) + +**All services run on the same VM**, so internal communication uses localhost/docker network. + +--- + +## Pre-Deployment Checklist + +### 1. Security Hardening + +#### Kratos Secrets +```bash +# Generate new secrets for production +openssl rand -hex 16 # SECRETS_DEFAULT +openssl rand -hex 16 # SECRETS_COOKIE +openssl rand -hex 16 # SECRETS_CIPHER +``` + +Update in `nexus-5-auth-kratos/.env.production`: +- [ ] `SECRETS_DEFAULT` - New random value +- [ ] `SECRETS_COOKIE` - New random value +- [ ] `SECRETS_CIPHER` - New random value + +#### Database Passwords +- [ ] Change `POSTGRES_PASSWORD` in `nexus-5-auth-kratos/.env.production` +- [ ] Update `KRATOS_DSN` with the new URL-encoded password + +#### SMTP Configuration +- [ ] Verify SMTP credentials in `nexus-5-auth-kratos/config/kratos.yml` (line 128) +- [ ] Consider using environment variable instead of hardcoded value + +### 2. SSL/TLS Configuration + +#### Oathkeeper (https://auth.example.com) +- [ ] Configure reverse proxy (nginx/caddy) for SSL termination +- [ ] Install SSL certificate for `auth.example.com` +- [ ] Configure proxy to forward to `localhost:4455` + +#### Frontend (https://account.example.com) +- [ ] Configure reverse proxy for SSL termination +- [ ] Install SSL certificate for `account.example.com` +- [ ] Configure proxy to forward to SvelteKit server (typically port 3000 or 5173) + +#### CORS Configuration +Verify Oathkeeper CORS is configured (`nexus-5-auth-oathkeeper/config/oathkeeper.yml`): +- [x] `https://account.example.com` in allowed_origins +- [x] `https://auth.example.com` in allowed_origins +- [x] `https://api.example.com` in allowed_origins +- [x] `allow_credentials: true` + +### 3. Environment Files + +#### Replace .env files with production versions: +```bash +# Kratos +cp nexus-5-auth-kratos/.env.production nexus-5-auth-kratos/.env + +# Oathkeeper +cp nexus-5-auth-oathkeeper/.env.production nexus-5-auth-oathkeeper/.env + +# Frontend +cp nexus-5-auth-frontend/.env.production nexus-5-auth-frontend/.env +``` + +#### Verify all environment variables: +- [ ] `nexus-5-auth-kratos/.env` +- [ ] `nexus-5-auth-oathkeeper/.env` +- [ ] `nexus-5-auth-frontend/.env` + +--- + +## Deployment Steps + +### 1. Database Setup + +```bash +cd nexus-5-auth-kratos + +# Start PostgreSQL +docker compose up -d postgres + +# Wait for PostgreSQL to be ready +docker compose logs -f postgres +# Wait for "database system is ready to accept connections" + +# Run Kratos migrations +docker compose run --rm kratos migrate sql -e --yes +``` + +### 2. Deploy Kratos + +```bash +cd nexus-5-auth-kratos + +# Build and start Kratos +docker compose up -d kratos + +# Verify it's running +docker compose ps +docker compose logs kratos + +# Test health endpoint +curl http://localhost:4433/health/ready +``` + +**Expected response:** +```json +{"status": "ok"} +``` + +### 3. Deploy Oathkeeper + +```bash +cd nexus-5-auth-oathkeeper + +# Rebuild with updated config +docker compose build oathkeeper + +# Start Oathkeeper +docker compose up -d oathkeeper + +# Verify it's running +docker compose ps +docker compose logs oathkeeper + +# Test health endpoint +curl http://localhost:4456/health/ready +``` + +**Expected response:** +```json +{"status": "ok"} +``` + +### 4. Test Access Rules + +```bash +# List all configured rules +curl http://localhost:4456/rules | jq . + +# Verify rule count (should be 9 rules) +curl -s http://localhost:4456/rules | jq 'length' +``` + +**Expected rules:** +1. `kratos:self-service` +2. `kratos:admin:identities` +3. `kratos:admin:recovery` +4. `kratos:admin:courier` +5. `kratos:admin:sessions` +6. `kratos:sessions:api` +7. `django:api:public` +8. `django:api:protected` +9. `django:api:v1` + +### 5. Deploy Frontend + +#### Option A: Docker Deployment (Recommended) + +```bash +cd nexus-5-auth-frontend + +# Copy production environment +cp .env.production .env + +# Ensure ory-network exists +docker network create ory-network 2>/dev/null || true + +# Build and start +docker compose up -d + +# Verify it's running +docker compose ps +docker compose logs frontend + +# Test health endpoint +curl http://localhost:3000/ +``` + +**Expected response:** HTML page content + +#### Option B: PM2 Deployment + +```bash +cd nexus-5-auth-frontend + +# Install dependencies +npm install + +# Copy production environment +cp .env.production .env + +# Build for production +npm run build + +# Deploy with PM2 +pm2 start npm --name "nexus-auth-frontend" -- start +pm2 save +``` + +#### Option C: Direct Node Deployment + +```bash +cd nexus-5-auth-frontend + +# Install dependencies +npm install + +# Copy production environment +cp .env.production .env + +# Build for production +npm run build + +# Start with node +node build +``` + +### 6. Configure Reverse Proxy + +#### Example Nginx Configuration + +**File: `/etc/nginx/sites-available/auth.example.com`** +```nginx +server { + listen 443 ssl http2; + server_name auth.example.com; + + ssl_certificate /path/to/ssl/cert.pem; + ssl_certificate_key /path/to/ssl/key.pem; + + location / { + proxy_pass http://localhost:4455; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support (if needed) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} +``` + +**File: `/etc/nginx/sites-available/account.example.com`** +```nginx +server { + listen 443 ssl http2; + server_name account.example.com; + + ssl_certificate /path/to/ssl/cert.pem; + ssl_certificate_key /path/to/ssl/key.pem; + + location / { + proxy_pass http://localhost:3000; # Adjust to your SvelteKit port + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket support for HMR (disable in production) + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} +``` + +Enable sites and reload nginx: +```bash +sudo ln -s /etc/nginx/sites-available/auth.example.com /etc/nginx/sites-enabled/ +sudo ln -s /etc/nginx/sites-available/account.example.com /etc/nginx/sites-enabled/ +sudo nginx -t +sudo systemctl reload nginx +``` + +--- + +## Post-Deployment Testing + +### 1. Health Checks + +```bash +# Kratos public API +curl https://auth.example.com/health/ready + +# Kratos admin API (through Oathkeeper - requires auth) +curl https://auth.example.com/admin/identities + +# Oathkeeper API (internal) +curl http://localhost:4456/health/ready +``` + +### 2. Frontend Testing + +Visit `https://account.example.com` and test: +- [ ] Registration flow +- [ ] Login flow +- [ ] Email verification +- [ ] Password recovery +- [ ] Settings page +- [ ] Admin dashboard (identity management) +- [ ] Session management +- [ ] Logout + +### 3. WebAuthn Testing + +- [ ] Register with passkey/security key +- [ ] Login with passkey/security key +- [ ] TOTP (authenticator app) setup +- [ ] TOTP login + +### 4. API Testing + +Test Django integration (once you have an authenticated session): + +```bash +# Public API (no auth) +curl https://auth.example.com/api/public/ + +# Protected API (with session cookie) +curl -b cookies.txt https://auth.example.com/api/protected/ + +# Bearer token API +curl -H "Authorization: Bearer YOUR_TOKEN" https://auth.example.com/api/v1/ +``` + +### 5. Verify Headers Forwarded to Django + +Create a test identity and check headers received by Django: + +**Expected headers from Oathkeeper:** +``` +X-User-ID: +X-User-Email: user@example.com +X-User-First-Name: John +X-User-Last-Name: Doe +X-User-Phone: +1234567890 +X-User-Profile-Type: team|customer +X-Django-Profile-ID: +X-Customer-ID: +``` + +--- + +## Django Backend Integration + +### 1. Update Django Settings + +Add trusted headers and CORS configuration: + +```python +# settings.py + +# Oathkeeper proxy headers +USE_X_FORWARDED_HOST = True +USE_X_FORWARDED_PORT = True +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + +# CORS settings +CORS_ALLOWED_ORIGINS = [ + "https://account.example.com", + "https://auth.example.com", +] +CORS_ALLOW_CREDENTIALS = True + +# Session/Cookie settings +SESSION_COOKIE_DOMAIN = '.example.com' +CSRF_COOKIE_DOMAIN = '.example.com' +SESSION_COOKIE_SECURE = True +CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SAMESITE = 'Lax' +CSRF_COOKIE_SAMESITE = 'Lax' +``` + +### 2. Create Authentication Middleware + +```python +# middleware/kratos_auth.py + +class KratosAuthMiddleware: + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + # Extract Kratos identity from headers + user_id = request.META.get('HTTP_X_USER_ID') + user_email = request.META.get('HTTP_X_USER_EMAIL') + first_name = request.META.get('HTTP_X_USER_FIRST_NAME') + last_name = request.META.get('HTTP_X_USER_LAST_NAME') + phone = request.META.get('HTTP_X_USER_PHONE') + profile_type = request.META.get('HTTP_X_USER_PROFILE_TYPE') + django_profile_id = request.META.get('HTTP_X_DJANGO_PROFILE_ID') + customer_id = request.META.get('HTTP_X_CUSTOMER_ID') + + if user_id and user_email: + # Look up or create user based on Kratos identity + # Attach to request.user or request.kratos_user + pass + + response = self.get_response(request) + return response +``` + +Add to `MIDDLEWARE` in settings.py: +```python +MIDDLEWARE = [ + # ... other middleware + 'your_app.middleware.kratos_auth.KratosAuthMiddleware', +] +``` + +### 3. Sync Identity on Registration + +When a user registers in Kratos, sync to Django: + +**Option A: Webhook (recommended)** +- Configure Kratos webhook to call Django API on identity creation +- Django creates corresponding TeamProfile/CustomerProfile +- Returns django_profile_id to be stored in Kratos metadata_public + +**Option B: Poll/Manual Sync** +- Periodic task to sync new Kratos identities to Django +- Less real-time but simpler to implement + +--- + +## Monitoring & Logging + +### 1. Log Aggregation + +Collect logs from all services: +```bash +# Kratos logs +docker compose -f nexus-5-auth-kratos/docker-compose.yml logs -f kratos + +# Oathkeeper logs +docker compose -f nexus-5-auth-oathkeeper/docker-compose.yml logs -f oathkeeper + +# Frontend logs (if using PM2) +pm2 logs nexus-auth-frontend +``` + +### 2. Metrics to Monitor + +- [ ] Kratos health endpoint: `GET /health/ready` +- [ ] Oathkeeper health endpoint: `GET /health/ready` +- [ ] Database connection pool usage +- [ ] Session count +- [ ] Identity count +- [ ] Failed login attempts +- [ ] Email delivery failures + +### 3. Set Log Levels + +**Production log levels:** +- Kratos: `LOG_LEVEL=info` +- Oathkeeper: `log.level=info` +- Frontend: Configure in SvelteKit + +--- + +## Backup & Recovery + +### 1. Database Backups + +```bash +# Backup Kratos database +docker compose -f nexus-5-auth-kratos/docker-compose.yml exec postgres \ + pg_dump -U kratos kratos > kratos-backup-$(date +%Y%m%d).sql + +# Restore +docker compose -f nexus-5-auth-kratos/docker-compose.yml exec -T postgres \ + psql -U kratos kratos < kratos-backup-20251014.sql +``` + +### 2. Configuration Backups + +- [ ] Backup `nexus-5-auth-kratos/config/` +- [ ] Backup `nexus-5-auth-oathkeeper/config/` +- [ ] Backup `.env` files (encrypted storage!) +- [ ] Backup JWKS keys: `nexus-5-auth-oathkeeper/config/id_token.jwks.json` + +--- + +## Rollback Plan + +If issues occur in production: + +### 1. Quick Rollback +```bash +# Stop services +docker compose down + +# Revert to previous .env +git checkout HEAD~1 nexus-5-auth-*/ + +# Restart with old config +docker compose up -d +``` + +### 2. Database Rollback +```bash +# Restore from backup +docker compose exec -T postgres psql -U kratos kratos < kratos-backup-YYYYMMDD.sql +``` + +--- + +## Security Checklist + +- [ ] All secrets rotated for production +- [ ] SSL certificates installed and valid +- [ ] HTTPS enforced on all domains +- [ ] Database passwords strong and unique +- [ ] SMTP credentials secured +- [ ] Cookie domain set to `.example.com` +- [ ] Session cookies marked as Secure +- [ ] CORS properly configured +- [ ] Admin API requires authentication +- [ ] Rate limiting configured (if needed) +- [ ] Firewall rules: Only 443/80 exposed publicly +- [ ] Internal ports (4433, 4434, 4456, 5432) blocked from external access + +--- + +## Support & Troubleshooting + +### Common Issues + +**Issue: "Cookie not being set"** +- Check `session.cookie.domain` in kratos.yml is `example.com` +- Verify HTTPS is working +- Check browser dev tools > Application > Cookies + +**Issue: "CORS errors"** +- Verify Oathkeeper CORS config includes all domains +- Check `allow_credentials: true` +- Verify Origin header matches allowed_origins + +**Issue: "Redirect loop"** +- Check `preserve_host` settings in access rules +- Verify Kratos `allowed_return_urls` includes production domains + +**Issue: "WebAuthn not working"** +- Verify `webauthn.config.rp.id` is `example.com` +- Check `webauthn.config.rp.origins` includes production URLs +- Ensure HTTPS is working (WebAuthn requires secure context) + +### Debug Commands + +```bash +# Check Oathkeeper rules +curl http://localhost:4456/rules | jq . + +# Check Kratos sessions +curl -H "Cookie: ory_kratos_session=..." http://localhost:4433/sessions/whoami + +# Test Oathkeeper decision API +curl -H "Cookie: ory_kratos_session=..." http://localhost:4455/decisions/admin/identities + +# View Kratos configuration +docker compose exec kratos cat /etc/kratos/kratos.yml +``` + +--- + +## Production Deployment Complete! πŸŽ‰ + +Once all checklist items are complete, your Nexus 5 Auth system is production-ready with: + +βœ… Ory Kratos for identity management +βœ… Ory Oathkeeper for authentication & authorization +βœ… SvelteKit frontend with admin dashboard +βœ… Full Django integration with custom headers +βœ… Secure session management across subdomains +βœ… WebAuthn/TOTP support +βœ… Email verification & recovery +βœ… Complete API endpoint coverage + +**Next Steps:** +1. Monitor logs for the first 24 hours +2. Test all user flows in production +3. Set up automated backups +4. Configure monitoring/alerting +5. Document any environment-specific configurations diff --git a/README.md b/README.md new file mode 100644 index 0000000..0bc4e16 --- /dev/null +++ b/README.md @@ -0,0 +1,273 @@ +# Nexus 5 Auth + +Enterprise authentication infrastructure for the Nexus 5 platform using Ory Kratos for identity management and Ory Oathkeeper for API gateway/authorization. + +## Overview + +This repository contains the authentication stack configuration for Nexus 5: + +- **nexus-5-auth-kratos**: Ory Kratos identity server configuration +- **nexus-5-auth-oathkeeper**: Ory Oathkeeper API gateway configuration +- **nexus-5-auth-frontend**: SvelteKit-based authentication UI + +## Why Ory? + +### Improvements Over Previous Auth Approaches + +| Feature | Nexus 1-3 (JWT) | Nexus 4 (Rust JWT) | Nexus 5 (Ory) | +|---------|-----------------|--------------------| --------------| +| **Identity Management** | Django User model | Custom User entity | Dedicated identity server | +| **Session Management** | Stateless JWT | Stateless JWT | Server-side sessions | +| **MFA Support** | None | None | Built-in TOTP/WebAuthn | +| **Password Recovery** | Custom implementation | Custom implementation | Built-in flows | +| **Email Verification** | Custom implementation | None | Built-in flows | +| **Admin UI** | Django Admin | None | Full admin capabilities | +| **API Protection** | Middleware checks | Middleware checks | Zero-trust gateway | + +### Key Benefits + +1. **Security**: Battle-tested, open-source identity infrastructure +2. **Separation of Concerns**: Auth logic separate from business logic +3. **Scalability**: Stateless gateway, horizontally scalable identity server +4. **Standards Compliance**: OAuth2, OpenID Connect ready +5. **Self-Hosted**: Full control over identity data + +## Architecture + +``` + β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” + β”‚ Auth Frontend β”‚ + β”‚ (SvelteKit) β”‚ + β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜ + β”‚ + β–Ό +β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” +β”‚ Client │───▢│ Oathkeeper │───▢│ Kratos β”‚ +β”‚ (Browser) β”‚ β”‚ (API Gateway) β”‚ β”‚ (Identity Mgmt) β”‚ +β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ + β”‚ + β–Ό + β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” + β”‚ Nexus 5 API β”‚ + β”‚ (Django) β”‚ + β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ +``` + +## Components + +### Ory Kratos (`nexus-5-auth-kratos/`) + +Identity management server handling: +- User registration and login +- Password recovery +- Email verification +- Profile management +- Session management + +**Key Files:** +- `config/kratos.yml` - Main Kratos configuration +- `config/identity.schema.json` - User identity schema +- `courier-templates/` - Email templates + +### Ory Oathkeeper (`nexus-5-auth-oathkeeper/`) + +API gateway providing: +- Request authentication +- JWT token injection for backend services +- Access rule management +- Zero-trust API protection + +**Key Files:** +- `config/oathkeeper.yml` - Main Oathkeeper configuration +- `config/access-rules/*.yml` - Route-specific access rules + +### Auth Frontend (`nexus-5-auth-frontend/`) + +SvelteKit application providing: +- Login/Registration forms +- Password recovery flow +- Email verification flow +- Profile settings +- Admin identity management + +## Quick Start + +### Prerequisites +- Docker and Docker Compose +- Node.js 18+ (for frontend development) + +### Development Setup + +```bash +# Start Kratos +cd nexus-5-auth-kratos +docker-compose up -d + +# Start Oathkeeper +cd ../nexus-5-auth-oathkeeper +docker-compose up -d + +# Start Frontend +cd ../nexus-5-auth-frontend +npm install +npm run dev +``` + +### Configuration + +#### Kratos Configuration + +Edit `nexus-5-auth-kratos/config/kratos.yml`: + +```yaml +serve: + public: + base_url: https://auth.example.com + admin: + base_url: http://kratos:4434 + +selfservice: + default_browser_return_url: https://app.example.com + +courier: + smtp: + connection_uri: smtp://user:pass@smtp.example.com:587 +``` + +#### Oathkeeper Configuration + +Edit `nexus-5-auth-oathkeeper/config/oathkeeper.yml`: + +```yaml +serve: + proxy: + port: 4455 + api: + port: 4456 + +authenticators: + cookie_session: + config: + check_session_url: http://kratos:4433/sessions/whoami + +authorizers: + allow: + enabled: true + +mutators: + header: + enabled: true + config: + headers: + X-User-Id: "{{ print .Subject }}" +``` + +## Identity Schema + +The identity schema defines user attributes: + +```json +{ + "$id": "https://example.com/identity.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "User", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "Email" + }, + "name": { + "type": "object", + "properties": { + "first": { "type": "string" }, + "last": { "type": "string" } + } + } + }, + "required": ["email"] + } + } +} +``` + +## Access Rules + +Access rules define how requests are authenticated and authorized: + +```yaml +# Django API protected routes +- id: "django:graphql" + upstream: + url: "http://nexus-api:8000" + match: + url: "https://api.example.com/graphql/<**>" + methods: ["POST", "OPTIONS"] + authenticators: + - handler: cookie_session + authorizer: + handler: allow + mutators: + - handler: header +``` + +## Email Templates + +Customize email templates in `nexus-5-auth-kratos/courier-templates/`: + +- `verification_code_valid.email.*.gotmpl` - Email verification +- `recovery_code_valid.email.*.gotmpl` - Password recovery +- `recovery_valid.email.*.gotmpl` - Recovery link + +## Frontend Routes + +The auth frontend provides these routes: + +- `/login` - User login +- `/registration` - New user registration +- `/recovery` - Password recovery +- `/verification` - Email verification +- `/settings` - Profile settings +- `/admin` - Identity administration + +## Production Deployment + +### Security Checklist + +1. Generate strong secrets for Kratos and Oathkeeper +2. Use HTTPS for all endpoints +3. Configure secure cookie settings +4. Set up proper CORS origins +5. Enable rate limiting +6. Configure email delivery (SMTP or API) +7. Set up database backups for Kratos + +### Environment Variables + +```bash +# Kratos +KRATOS_DSN=postgres://user:pass@host:5432/kratos +KRATOS_SECRETS_DEFAULT=your-32-char-secret +KRATOS_SECRETS_COOKIE=your-32-char-cookie-secret + +# Oathkeeper +OATHKEEPER_MUTATOR_ID_TOKEN_JWKS_URL=file:///etc/jwks.json + +# Frontend +PUBLIC_KRATOS_URL=https://auth.example.com +``` + +## Related Repositories + +- **nexus-5**: Main Django API server +- **nexus-5-frontend-***: Application frontends +- **nexus-5-emailer**: Email microservice +- **nexus-5-scheduler**: Calendar integration + +## License + +MIT License - See LICENSE file for details. diff --git a/nexus-5-auth-frontend/.dockerignore b/nexus-5-auth-frontend/.dockerignore new file mode 100644 index 0000000..be692a1 --- /dev/null +++ b/nexus-5-auth-frontend/.dockerignore @@ -0,0 +1,32 @@ +# Dependencies +node_modules +.pnp +.pnp.js + +# Testing +coverage + +# Build outputs +.svelte-kit +build +dist + +# Misc +.DS_Store +*.pem +.env.local +.env.development.local +.env.test.local + +# Debug +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# IDE +.vscode +.idea + +# Git +.git +.gitignore diff --git a/nexus-5-auth-frontend/.gitignore b/nexus-5-auth-frontend/.gitignore new file mode 100644 index 0000000..3c225d3 --- /dev/null +++ b/nexus-5-auth-frontend/.gitignore @@ -0,0 +1,24 @@ +node_modules + +# Output +.output +.vercel +.netlify +.wrangler +/.svelte-kit +/build + +# OS +.DS_Store +Thumbs.db + +# Env +.env +.env.* +!.env.example +!.env.test + +# Vite +vite.config.js.timestamp-* +vite.config.ts.timestamp-* +/.env.example diff --git a/nexus-5-auth-frontend/.npmrc b/nexus-5-auth-frontend/.npmrc new file mode 100644 index 0000000..b6f27f1 --- /dev/null +++ b/nexus-5-auth-frontend/.npmrc @@ -0,0 +1 @@ +engine-strict=true diff --git a/nexus-5-auth-frontend/.prettierignore b/nexus-5-auth-frontend/.prettierignore new file mode 100644 index 0000000..7d74fe2 --- /dev/null +++ b/nexus-5-auth-frontend/.prettierignore @@ -0,0 +1,9 @@ +# Package Managers +package-lock.json +pnpm-lock.yaml +yarn.lock +bun.lock +bun.lockb + +# Miscellaneous +/static/ diff --git a/nexus-5-auth-frontend/.prettierrc b/nexus-5-auth-frontend/.prettierrc new file mode 100644 index 0000000..8103a0b --- /dev/null +++ b/nexus-5-auth-frontend/.prettierrc @@ -0,0 +1,16 @@ +{ + "useTabs": true, + "singleQuote": true, + "trailingComma": "none", + "printWidth": 100, + "plugins": ["prettier-plugin-svelte", "prettier-plugin-tailwindcss"], + "overrides": [ + { + "files": "*.svelte", + "options": { + "parser": "svelte" + } + } + ], + "tailwindStylesheet": "./src/app.css" +} diff --git a/nexus-5-auth-frontend/Dockerfile b/nexus-5-auth-frontend/Dockerfile new file mode 100644 index 0000000..866e6b3 --- /dev/null +++ b/nexus-5-auth-frontend/Dockerfile @@ -0,0 +1,63 @@ +# ==================================== +# Build Stage +# ==================================== +FROM node:20-alpine AS builder + +# Set working directory +WORKDIR /app + +# Copy package files +COPY package*.json ./ + +# Install dependencies (including devDependencies for build) +RUN npm ci + +# Copy source code and configuration +COPY . . + +# Copy environment file (will use production .env) +COPY .env .env + +# Build the SvelteKit application +RUN npm run build + +# Prune dev dependencies +RUN npm prune --production + +# ==================================== +# Production Stage +# ==================================== +FROM node:20-alpine + +# Install curl for health checks +RUN apk add --no-cache curl + +# Set working directory +WORKDIR /app + +# Copy built application from builder +COPY --from=builder /app/build ./build +COPY --from=builder /app/node_modules ./node_modules +COPY --from=builder /app/package.json ./package.json +COPY --from=builder /app/.env ./.env + +# Create non-root user +RUN addgroup -g 1001 -S nodejs && \ + adduser -S sveltekit -u 1001 && \ + chown -R sveltekit:nodejs /app + +# Switch to non-root user +USER sveltekit + +# Expose port 3000 +EXPOSE 3000 + +# Health check +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ + CMD curl -f http://localhost:3000/ || exit 1 + +# Set environment variable for production +ENV NODE_ENV=production + +# Start the application +CMD ["node", "build"] diff --git a/nexus-5-auth-frontend/docker-compose.yml b/nexus-5-auth-frontend/docker-compose.yml new file mode 100644 index 0000000..e001f6d --- /dev/null +++ b/nexus-5-auth-frontend/docker-compose.yml @@ -0,0 +1,28 @@ +services: + frontend: + build: + context: . + dockerfile: Dockerfile + container_name: nexus-auth-frontend + restart: unless-stopped + ports: + - '${FRONTEND_PORT:-3000}:3000' + environment: + - NODE_ENV=production + - PUBLIC_KRATOS_URL=${PUBLIC_KRATOS_URL} + - KRATOS_SERVER_URL=${KRATOS_SERVER_URL} + - ORIGIN=${ORIGIN} + - ADMIN_USER_ID=${ADMIN_USER_ID} + networks: + - ory-network + healthcheck: + test: ['CMD', 'curl', '-f', 'http://localhost:3000/'] + interval: 30s + timeout: 5s + retries: 5 + start_period: 10s + +networks: + ory-network: + external: true + name: ory-network diff --git a/nexus-5-auth-frontend/eslint.config.js b/nexus-5-auth-frontend/eslint.config.js new file mode 100644 index 0000000..2c49fa6 --- /dev/null +++ b/nexus-5-auth-frontend/eslint.config.js @@ -0,0 +1,41 @@ +import prettier from 'eslint-config-prettier'; +import { fileURLToPath } from 'node:url'; +import { includeIgnoreFile } from '@eslint/compat'; +import js from '@eslint/js'; +import svelte from 'eslint-plugin-svelte'; +import { defineConfig } from 'eslint/config'; +import globals from 'globals'; +import ts from 'typescript-eslint'; +import svelteConfig from './svelte.config.js'; + +const gitignorePath = fileURLToPath(new URL('./.gitignore', import.meta.url)); + +export default defineConfig( + includeIgnoreFile(gitignorePath), + js.configs.recommended, + ...ts.configs.recommended, + ...svelte.configs.recommended, + prettier, + ...svelte.configs.prettier, + { + languageOptions: { + globals: { ...globals.browser, ...globals.node } + }, + rules: { + // typescript-eslint strongly recommend that you do not use the no-undef lint rule on TypeScript projects. + // see: https://typescript-eslint.io/troubleshooting/faqs/eslint/#i-get-errors-from-the-no-undef-rule-about-global-variables-not-being-defined-even-though-there-are-no-typescript-errors + 'no-undef': 'off' + } + }, + { + files: ['**/*.svelte', '**/*.svelte.ts', '**/*.svelte.js'], + languageOptions: { + parserOptions: { + projectService: true, + extraFileExtensions: ['.svelte'], + parser: ts.parser, + svelteConfig + } + } + } +); diff --git a/nexus-5-auth-frontend/package-lock.json b/nexus-5-auth-frontend/package-lock.json new file mode 100644 index 0000000..173a490 --- /dev/null +++ b/nexus-5-auth-frontend/package-lock.json @@ -0,0 +1,4925 @@ +{ + "name": "nexus-5-auth-frontend", + "version": "0.0.1", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "nexus-5-auth-frontend", + "version": "0.0.1", + "dependencies": { + "@ory/client": "^1.22.5", + "axios": "^1.12.2", + "flowbite-svelte": "^1.17.4" + }, + "devDependencies": { + "@eslint/compat": "^1.4.0", + "@eslint/js": "^9.36.0", + "@sveltejs/adapter-node": "^5.3.2", + "@sveltejs/kit": "^2.43.2", + "@sveltejs/vite-plugin-svelte": "^6.2.0", + "@tailwindcss/forms": "^0.5.10", + "@tailwindcss/typography": "^0.5.18", + "@tailwindcss/vite": "^4.1.13", + "@types/node": "^22", + "eslint": "^9.36.0", + "eslint-config-prettier": "^10.1.8", + "eslint-plugin-svelte": "^3.12.4", + "globals": "^16.4.0", + "prettier": "^3.6.2", + "prettier-plugin-svelte": "^3.4.0", + "prettier-plugin-tailwindcss": "^0.6.14", + "svelte": "^5.39.5", + "svelte-check": "^4.3.2", + "tailwindcss": "^4.1.13", + "typescript": "^5.9.2", + "typescript-eslint": "^8.44.1", + "vite": "^7.1.7" + } + }, + "node_modules/@esbuild/aix-ppc64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz", + "integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "aix" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz", + "integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz", + "integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/android-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz", + "integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz", + "integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/darwin-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz", + "integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz", + "integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/freebsd-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz", + "integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz", + "integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz", + "integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ia32": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz", + "integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-loong64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz", + "integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-mips64el": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz", + "integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==", + "cpu": [ + "mips64el" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-ppc64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz", + "integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-riscv64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz", + "integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-s390x": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz", + "integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/linux-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz", + "integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz", + "integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/netbsd-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz", + "integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz", + "integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openbsd-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz", + "integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openbsd" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/openharmony-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz", + "integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/sunos-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz", + "integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "sunos" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-arm64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz", + "integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-ia32": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz", + "integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@esbuild/win32-x64": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz", + "integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">=18" + } + }, + "node_modules/@eslint-community/eslint-utils": { + "version": "4.9.0", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz", + "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "eslint-visitor-keys": "^3.4.3" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" + } + }, + "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", + "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint-community/regexpp": { + "version": "4.12.1", + "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz", + "integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } + }, + "node_modules/@eslint/compat": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/@eslint/compat/-/compat-1.4.0.tgz", + "integrity": "sha512-DEzm5dKeDBPm3r08Ixli/0cmxr8LkRdwxMRUIJBlSCpAwSrvFEJpVBzV+66JhDxiaqKxnRzCXhtiMiczF7Hglg==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/core": "^0.16.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "peerDependencies": { + "eslint": "^8.40 || 9" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true + } + } + }, + "node_modules/@eslint/config-array": { + "version": "0.21.0", + "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.0.tgz", + "integrity": "sha512-ENIdc4iLu0d93HeYirvKmrzshzofPw6VkZRKQGe9Nv46ZnWUzcF1xV01dcvEg/1wXUR61OmmlSfyeyO7EvjLxQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/object-schema": "^2.1.6", + "debug": "^4.3.1", + "minimatch": "^3.1.2" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/config-helpers": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.4.0.tgz", + "integrity": "sha512-WUFvV4WoIwW8Bv0KeKCIIEgdSiFOsulyN0xrMu+7z43q/hkOLXjvb5u7UC9jDxvRzcrbEmuZBX5yJZz1741jog==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/core": "^0.16.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/core": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/@eslint/core/-/core-0.16.0.tgz", + "integrity": "sha512-nmC8/totwobIiFcGkDza3GIKfAw1+hLiYVrh3I1nIomQ8PEr5cxg34jnkmGawul/ep52wGRAcyeDCNtWKSOj4Q==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@types/json-schema": "^7.0.15" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.1.tgz", + "integrity": "sha512-gtF186CXhIl1p4pJNGZw8Yc6RlshoePRvE0X91oPGb3vZ8pM3qOS9W9NGPat9LziaBV7XrJWGylNQXkGcnM3IQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^10.0.1", + "globals": "^14.0.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint/eslintrc/node_modules/globals": { + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz", + "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@eslint/js": { + "version": "9.37.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz", + "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://eslint.org/donate" + } + }, + "node_modules/@eslint/object-schema": { + "version": "2.1.6", + "resolved": "https://registry.npmjs.org/@eslint/object-schema/-/object-schema-2.1.6.tgz", + "integrity": "sha512-RBMg5FRL0I0gs51M/guSAj5/e14VQ4tpZnQNWwuDT66P14I43ItmPfIZRhO9fUVIPOAQXU47atlywZ/czoqFPA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@eslint/plugin-kit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/@eslint/plugin-kit/-/plugin-kit-0.4.0.tgz", + "integrity": "sha512-sB5uyeq+dwCWyPi31B2gQlVlo+j5brPlWx4yZBrEaRo/nhdDE8Xke1gsGgtiBdaBTxuTkceLVuVt/pclrasb0A==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@eslint/core": "^0.16.0", + "levn": "^0.4.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + } + }, + "node_modules/@floating-ui/core": { + "version": "1.7.3", + "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.3.tgz", + "integrity": "sha512-sGnvb5dmrJaKEZ+LDIpguvdX3bDlEllmv4/ClQ9awcmCZrlx5jQyyMWFM5kBI+EyNOCDDiKk8il0zeuX3Zlg/w==", + "license": "MIT", + "dependencies": { + "@floating-ui/utils": "^0.2.10" + } + }, + "node_modules/@floating-ui/dom": { + "version": "1.7.4", + "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.7.4.tgz", + "integrity": "sha512-OOchDgh4F2CchOX94cRVqhvy7b3AFb+/rQXyswmzmGakRfkMgoWVjfnLWkRirfLEfuD4ysVW16eXzwt3jHIzKA==", + "license": "MIT", + "dependencies": { + "@floating-ui/core": "^1.7.3", + "@floating-ui/utils": "^0.2.10" + } + }, + "node_modules/@floating-ui/utils": { + "version": "0.2.10", + "resolved": "https://registry.npmjs.org/@floating-ui/utils/-/utils-0.2.10.tgz", + "integrity": "sha512-aGTxbpbg8/b5JfU1HXSrbH3wXZuLPJcNEcZQFMxLs3oSzgtVu6nFPkbbGGUvBcUjKV2YyB9Wxxabo+HEH9tcRQ==", + "license": "MIT" + }, + "node_modules/@humanfs/core": { + "version": "0.19.1", + "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz", + "integrity": "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@humanfs/node": { + "version": "0.16.7", + "resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.7.tgz", + "integrity": "sha512-/zUx+yOsIrG4Y43Eh2peDeKCxlRt/gET6aHfaKpuq267qXdYDFViVHfMaLyygZOnl0kGWxFIgsBy8QFuTLUXEQ==", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@humanfs/core": "^0.19.1", + "@humanwhocodes/retry": "^0.4.0" + }, + "engines": { + "node": ">=18.18.0" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/retry": { + "version": "0.4.3", + "resolved": "https://registry.npmjs.org/@humanwhocodes/retry/-/retry-0.4.3.tgz", + "integrity": "sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=18.18" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@isaacs/fs-minipass": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz", + "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==", + "dev": true, + "license": "ISC", + "dependencies": { + "minipass": "^7.0.4" + }, + "engines": { + "node": ">=18.0.0" + } + }, + "node_modules/@jridgewell/gen-mapping": { + "version": "0.3.13", + "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.13.tgz", + "integrity": "sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.0", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/remapping": { + "version": "2.3.5", + "resolved": "https://registry.npmjs.org/@jridgewell/remapping/-/remapping-2.3.5.tgz", + "integrity": "sha512-LI9u/+laYG4Ds1TDKSJW2YPrIlcVYOwi2fUC6xB43lueCjgxV4lffOCZCtYFiH6TNOX+tQKXx97T4IKHbhyHEQ==", + "license": "MIT", + "dependencies": { + "@jridgewell/gen-mapping": "^0.3.5", + "@jridgewell/trace-mapping": "^0.3.24" + } + }, + "node_modules/@jridgewell/resolve-uri": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", + "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", + "license": "MIT", + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/@jridgewell/sourcemap-codec": { + "version": "1.5.5", + "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.5.tgz", + "integrity": "sha512-cYQ9310grqxueWbl+WuIUIaiUaDcj7WOq5fVhEljNVgRfOUhY9fy2zTvfoqWsnebh8Sl70VScFbICvJnLKB0Og==", + "license": "MIT" + }, + "node_modules/@jridgewell/trace-mapping": { + "version": "0.3.31", + "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.31.tgz", + "integrity": "sha512-zzNR+SdQSDJzc8joaeP8QQoCQr8NuYx2dIIytl1QeBEZHJ9uW6hebsrYgbz8hJwUQao3TWCMtmfV8Nu1twOLAw==", + "license": "MIT", + "dependencies": { + "@jridgewell/resolve-uri": "^3.1.0", + "@jridgewell/sourcemap-codec": "^1.4.14" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@ory/client": { + "version": "1.22.5", + "resolved": "https://registry.npmjs.org/@ory/client/-/client-1.22.5.tgz", + "integrity": "sha512-uSiQrpWkzFRL66B9nlPlTNes8KJylsjV495cEHnfCMdAX2eCtkKHSKj0D2IYY7Y6iEFQBX7aMYJZ6OmnMC4LWA==", + "license": "Apache-2.0", + "dependencies": { + "axios": "^1.6.1" + } + }, + "node_modules/@polka/url": { + "version": "1.0.0-next.29", + "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.29.tgz", + "integrity": "sha512-wwQAWhWSuHaag8c4q/KN/vCoeOJYshAIvMQwD4GpSb3OiZklFfvAgmj0VCBBImRpuF/aFgIRzllXlVX93Jevww==", + "dev": true, + "license": "MIT" + }, + "node_modules/@popperjs/core": { + "version": "2.11.8", + "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", + "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==", + "license": "MIT", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/popperjs" + } + }, + "node_modules/@rollup/plugin-commonjs": { + "version": "28.0.6", + "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-28.0.6.tgz", + "integrity": "sha512-XSQB1K7FUU5QP+3lOQmVCE3I0FcbbNvmNT4VJSj93iUjayaARrTQeoRdiYQoftAJBLrR9t2agwAd3ekaTgHNlw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@rollup/pluginutils": "^5.0.1", + "commondir": "^1.0.1", + "estree-walker": "^2.0.2", + "fdir": "^6.2.0", + "is-reference": "1.2.1", + "magic-string": "^0.30.3", + "picomatch": "^4.0.2" + }, + "engines": { + "node": ">=16.0.0 || 14 >= 14.17" + }, + "peerDependencies": { + "rollup": "^2.68.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/@rollup/plugin-json": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/@rollup/plugin-json/-/plugin-json-6.1.0.tgz", + "integrity": "sha512-EGI2te5ENk1coGeADSIwZ7G2Q8CJS2sF120T7jLw4xFw9n7wIOXHo+kIYRAoVpJAN+kmqZSoO3Fp4JtoNF4ReA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@rollup/pluginutils": "^5.1.0" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/@rollup/plugin-node-resolve": { + "version": "16.0.2", + "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-16.0.2.tgz", + "integrity": "sha512-tCtHJ2BlhSoK4cCs25NMXfV7EALKr0jyasmqVCq3y9cBrKdmJhtsy1iTz36Xhk/O+pDJbzawxF4K6ZblqCnITQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@rollup/pluginutils": "^5.0.1", + "@types/resolve": "1.20.2", + "deepmerge": "^4.2.2", + "is-module": "^1.0.0", + "resolve": "^1.22.1" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^2.78.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/@rollup/pluginutils": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.3.0.tgz", + "integrity": "sha512-5EdhGZtnu3V88ces7s53hhfK5KSASnJZv8Lulpc04cWO3REESroJXg73DFsOmgbU2BhwV0E20bu2IDZb3VKW4Q==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-walker": "^2.0.2", + "picomatch": "^4.0.2" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/@rollup/rollup-android-arm-eabi": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.52.4.tgz", + "integrity": "sha512-BTm2qKNnWIQ5auf4deoetINJm2JzvihvGb9R6K/ETwKLql/Bb3Eg2H1FBp1gUb4YGbydMA3jcmQTR73q7J+GAA==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-android-arm64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.52.4.tgz", + "integrity": "sha512-P9LDQiC5vpgGFgz7GSM6dKPCiqR3XYN1WwJKA4/BUVDjHpYsf3iBEmVz62uyq20NGYbiGPR5cNHI7T1HqxNs2w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ] + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.52.4.tgz", + "integrity": "sha512-QRWSW+bVccAvZF6cbNZBJwAehmvG9NwfWHwMy4GbWi/BQIA/laTIktebT2ipVjNncqE6GLPxOok5hsECgAxGZg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.52.4.tgz", + "integrity": "sha512-hZgP05pResAkRJxL1b+7yxCnXPGsXU0fG9Yfd6dUaoGk+FhdPKCJ5L1Sumyxn8kvw8Qi5PvQ8ulenUbRjzeCTw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-freebsd-arm64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.52.4.tgz", + "integrity": "sha512-xmc30VshuBNUd58Xk4TKAEcRZHaXlV+tCxIXELiE9sQuK3kG8ZFgSPi57UBJt8/ogfhAF5Oz4ZSUBN77weM+mQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-freebsd-x64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.52.4.tgz", + "integrity": "sha512-WdSLpZFjOEqNZGmHflxyifolwAiZmDQzuOzIq9L27ButpCVpD7KzTRtEG1I0wMPFyiyUdOO+4t8GvrnBLQSwpw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ] + }, + "node_modules/@rollup/rollup-linux-arm-gnueabihf": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.52.4.tgz", + "integrity": "sha512-xRiOu9Of1FZ4SxVbB0iEDXc4ddIcjCv2aj03dmW8UrZIW7aIQ9jVJdLBIhxBI+MaTnGAKyvMwPwQnoOEvP7FgQ==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm-musleabihf": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.52.4.tgz", + "integrity": "sha512-FbhM2p9TJAmEIEhIgzR4soUcsW49e9veAQCziwbR+XWB2zqJ12b4i/+hel9yLiD8pLncDH4fKIPIbt5238341Q==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.52.4.tgz", + "integrity": "sha512-4n4gVwhPHR9q/g8lKCyz0yuaD0MvDf7dV4f9tHt0C73Mp8h38UCtSCSE6R9iBlTbXlmA8CjpsZoujhszefqueg==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.52.4.tgz", + "integrity": "sha512-u0n17nGA0nvi/11gcZKsjkLj1QIpAuPFQbR48Subo7SmZJnGxDpspyw2kbpuoQnyK+9pwf3pAoEXerJs/8Mi9g==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-loong64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.52.4.tgz", + "integrity": "sha512-0G2c2lpYtbTuXo8KEJkDkClE/+/2AFPdPAbmaHoE870foRFs4pBrDehilMcrSScrN/fB/1HTaWO4bqw+ewBzMQ==", + "cpu": [ + "loong64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-ppc64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.52.4.tgz", + "integrity": "sha512-teSACug1GyZHmPDv14VNbvZFX779UqWTsd7KtTM9JIZRDI5NUwYSIS30kzI8m06gOPB//jtpqlhmraQ68b5X2g==", + "cpu": [ + "ppc64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.52.4.tgz", + "integrity": "sha512-/MOEW3aHjjs1p4Pw1Xk4+3egRevx8Ji9N6HUIA1Ifh8Q+cg9dremvFCUbOX2Zebz80BwJIgCBUemjqhU5XI5Eg==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-riscv64-musl": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.52.4.tgz", + "integrity": "sha512-1HHmsRyh845QDpEWzOFtMCph5Ts+9+yllCrREuBR/vg2RogAQGGBRC8lDPrPOMnrdOJ+mt1WLMOC2Kao/UwcvA==", + "cpu": [ + "riscv64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-s390x-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.52.4.tgz", + "integrity": "sha512-seoeZp4L/6D1MUyjWkOMRU6/iLmCU2EjbMTyAG4oIOs1/I82Y5lTeaxW0KBfkUdHAWN7j25bpkt0rjnOgAcQcA==", + "cpu": [ + "s390x" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.52.4.tgz", + "integrity": "sha512-Wi6AXf0k0L7E2gteNsNHUs7UMwCIhsCTs6+tqQ5GPwVRWMaflqGec4Sd8n6+FNFDw9vGcReqk2KzBDhCa1DLYg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.52.4.tgz", + "integrity": "sha512-dtBZYjDmCQ9hW+WgEkaffvRRCKm767wWhxsFW3Lw86VXz/uJRuD438/XvbZT//B96Vs8oTA8Q4A0AfHbrxP9zw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-openharmony-arm64": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.52.4.tgz", + "integrity": "sha512-1ox+GqgRWqaB1RnyZXL8PD6E5f7YyRUJYnCqKpNzxzP0TkaUh112NDrR9Tt+C8rJ4x5G9Mk8PQR3o7Ku2RKqKA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "openharmony" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.52.4.tgz", + "integrity": "sha512-8GKr640PdFNXwzIE0IrkMWUNUomILLkfeHjXBi/nUvFlpZP+FA8BKGKpacjW6OUUHaNI6sUURxR2U2g78FOHWQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-ia32-msvc": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.52.4.tgz", + "integrity": "sha512-AIy/jdJ7WtJ/F6EcfOb2GjR9UweO0n43jNObQMb6oGxkYTfLcnN7vYYpG+CN3lLxrQkzWnMOoNSHTW54pgbVxw==", + "cpu": [ + "ia32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-gnu": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.52.4.tgz", + "integrity": "sha512-UF9KfsH9yEam0UjTwAgdK0anlQ7c8/pWPU2yVjyWcF1I1thABt6WXE47cI71pGiZ8wGvxohBoLnxM04L/wj8mQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.52.4.tgz", + "integrity": "sha512-bf9PtUa0u8IXDVxzRToFQKsNCRz9qLYfR/MpECxl4mRoWYjAeFjgxj1XdZr2M/GNVpT05p+LgQOHopYDlUu6/w==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@standard-schema/spec": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.0.0.tgz", + "integrity": "sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@sveltejs/acorn-typescript": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/@sveltejs/acorn-typescript/-/acorn-typescript-1.0.6.tgz", + "integrity": "sha512-4awhxtMh4cx9blePWl10HRHj8Iivtqj+2QdDCSMDzxG+XKa9+VCNupQuCuvzEhYPzZSrX+0gC+0lHA/0fFKKQQ==", + "license": "MIT", + "peerDependencies": { + "acorn": "^8.9.0" + } + }, + "node_modules/@sveltejs/adapter-node": { + "version": "5.3.3", + "resolved": "https://registry.npmjs.org/@sveltejs/adapter-node/-/adapter-node-5.3.3.tgz", + "integrity": "sha512-SRDVuFBkmpKGsA9b0wYaCrrSChq2Yv5Dv8g7WiZcs8E69vdQNRamN0DzQV9/rEixvuRkojATLADNeQ+6FeyVNQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@rollup/plugin-commonjs": "^28.0.1", + "@rollup/plugin-json": "^6.1.0", + "@rollup/plugin-node-resolve": "^16.0.0", + "rollup": "^4.9.5" + }, + "peerDependencies": { + "@sveltejs/kit": "^2.4.0" + } + }, + "node_modules/@sveltejs/kit": { + "version": "2.46.4", + "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.46.4.tgz", + "integrity": "sha512-J1fd80WokLzIm6EAV7z7C2+/C02qVAX645LZomARARTRJkbbJSY1Jln3wtBZYibUB8c9/5Z6xqLAV39VdbtWCQ==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@standard-schema/spec": "^1.0.0", + "@sveltejs/acorn-typescript": "^1.0.5", + "@types/cookie": "^0.6.0", + "acorn": "^8.14.1", + "cookie": "^0.6.0", + "devalue": "^5.3.2", + "esm-env": "^1.2.2", + "kleur": "^4.1.5", + "magic-string": "^0.30.5", + "mrmime": "^2.0.0", + "sade": "^1.8.1", + "set-cookie-parser": "^2.6.0", + "sirv": "^3.0.0" + }, + "bin": { + "svelte-kit": "svelte-kit.js" + }, + "engines": { + "node": ">=18.13" + }, + "peerDependencies": { + "@opentelemetry/api": "^1.0.0", + "@sveltejs/vite-plugin-svelte": "^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0", + "svelte": "^4.0.0 || ^5.0.0-next.0", + "vite": "^5.0.3 || ^6.0.0 || ^7.0.0-beta.0" + }, + "peerDependenciesMeta": { + "@opentelemetry/api": { + "optional": true + } + } + }, + "node_modules/@sveltejs/vite-plugin-svelte": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte/-/vite-plugin-svelte-6.2.1.tgz", + "integrity": "sha512-YZs/OSKOQAQCnJvM/P+F1URotNnYNeU3P2s4oIpzm1uFaqUEqRxUB0g5ejMjEb5Gjb9/PiBI5Ktrq4rUUF8UVQ==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@sveltejs/vite-plugin-svelte-inspector": "^5.0.0", + "debug": "^4.4.1", + "deepmerge": "^4.3.1", + "magic-string": "^0.30.17", + "vitefu": "^1.1.1" + }, + "engines": { + "node": "^20.19 || ^22.12 || >=24" + }, + "peerDependencies": { + "svelte": "^5.0.0", + "vite": "^6.3.0 || ^7.0.0" + } + }, + "node_modules/@sveltejs/vite-plugin-svelte-inspector": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte-inspector/-/vite-plugin-svelte-inspector-5.0.1.tgz", + "integrity": "sha512-ubWshlMk4bc8mkwWbg6vNvCeT7lGQojE3ijDh3QTR6Zr/R+GXxsGbyH4PExEPpiFmqPhYiVSVmHBjUcVc1JIrA==", + "dev": true, + "license": "MIT", + "dependencies": { + "debug": "^4.4.1" + }, + "engines": { + "node": "^20.19 || ^22.12 || >=24" + }, + "peerDependencies": { + "@sveltejs/vite-plugin-svelte": "^6.0.0-next.0", + "svelte": "^5.0.0", + "vite": "^6.3.0 || ^7.0.0" + } + }, + "node_modules/@svgdotjs/svg.draggable.js": { + "version": "3.0.6", + "resolved": "https://registry.npmjs.org/@svgdotjs/svg.draggable.js/-/svg.draggable.js-3.0.6.tgz", + "integrity": "sha512-7iJFm9lL3C40HQcqzEfezK2l+dW2CpoVY3b77KQGqc8GXWa6LhhmX5Ckv7alQfUXBuZbjpICZ+Dvq1czlGx7gA==", + "license": "MIT", + "peerDependencies": { + "@svgdotjs/svg.js": "^3.2.4" + } + }, + "node_modules/@svgdotjs/svg.filter.js": { + "version": "3.0.9", + "resolved": "https://registry.npmjs.org/@svgdotjs/svg.filter.js/-/svg.filter.js-3.0.9.tgz", + "integrity": "sha512-/69XMRCDoam2HgC4ldHIaDgeQf1ViHIsa0Ld4uWgiXtZ+E24DWHe/9Ib6kbNiZ7WRIdlVokUDR1Fg0kjIpkfbw==", + "license": "MIT", + "dependencies": { + "@svgdotjs/svg.js": "^3.2.4" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/@svgdotjs/svg.js": { + "version": "3.2.5", + "resolved": "https://registry.npmjs.org/@svgdotjs/svg.js/-/svg.js-3.2.5.tgz", + "integrity": "sha512-/VNHWYhNu+BS7ktbYoVGrCmsXDh+chFMaONMwGNdIBcFHrWqk2jY8fNyr3DLdtQUIalvkPfM554ZSFa3dm3nxQ==", + "license": "MIT", + "peer": true, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/Fuzzyma" + } + }, + "node_modules/@svgdotjs/svg.resize.js": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@svgdotjs/svg.resize.js/-/svg.resize.js-2.0.5.tgz", + "integrity": "sha512-4heRW4B1QrJeENfi7326lUPYBCevj78FJs8kfeDxn5st0IYPIRXoTtOSYvTzFWgaWWXd3YCDE6ao4fmv91RthA==", + "license": "MIT", + "engines": { + "node": ">= 14.18" + }, + "peerDependencies": { + "@svgdotjs/svg.js": "^3.2.4", + "@svgdotjs/svg.select.js": "^4.0.1" + } + }, + "node_modules/@svgdotjs/svg.select.js": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/@svgdotjs/svg.select.js/-/svg.select.js-4.0.3.tgz", + "integrity": "sha512-qkMgso1sd2hXKd1FZ1weO7ANq12sNmQJeGDjs46QwDVsxSRcHmvWKL2NDF7Yimpwf3sl5esOLkPqtV2bQ3v/Jg==", + "license": "MIT", + "peer": true, + "engines": { + "node": ">= 14.18" + }, + "peerDependencies": { + "@svgdotjs/svg.js": "^3.2.4" + } + }, + "node_modules/@tailwindcss/forms": { + "version": "0.5.10", + "resolved": "https://registry.npmjs.org/@tailwindcss/forms/-/forms-0.5.10.tgz", + "integrity": "sha512-utI1ONF6uf/pPNO68kmN1b8rEwNXv3czukalo8VtJH8ksIkZXr3Q3VYudZLkCsDd4Wku120uF02hYK25XGPorw==", + "dev": true, + "license": "MIT", + "dependencies": { + "mini-svg-data-uri": "^1.2.3" + }, + "peerDependencies": { + "tailwindcss": ">=3.0.0 || >= 3.0.0-alpha.1 || >= 4.0.0-alpha.20 || >= 4.0.0-beta.1" + } + }, + "node_modules/@tailwindcss/node": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.1.14.tgz", + "integrity": "sha512-hpz+8vFk3Ic2xssIA3e01R6jkmsAhvkQdXlEbRTk6S10xDAtiQiM3FyvZVGsucefq764euO/b8WUW9ysLdThHw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/remapping": "^2.3.4", + "enhanced-resolve": "^5.18.3", + "jiti": "^2.6.0", + "lightningcss": "1.30.1", + "magic-string": "^0.30.19", + "source-map-js": "^1.2.1", + "tailwindcss": "4.1.14" + } + }, + "node_modules/@tailwindcss/oxide": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.14.tgz", + "integrity": "sha512-23yx+VUbBwCg2x5XWdB8+1lkPajzLmALEfMb51zZUBYaYVPDQvBSD/WYDqiVyBIo2BZFa3yw1Rpy3G2Jp+K0dw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "dependencies": { + "detect-libc": "^2.0.4", + "tar": "^7.5.1" + }, + "engines": { + "node": ">= 10" + }, + "optionalDependencies": { + "@tailwindcss/oxide-android-arm64": "4.1.14", + "@tailwindcss/oxide-darwin-arm64": "4.1.14", + "@tailwindcss/oxide-darwin-x64": "4.1.14", + "@tailwindcss/oxide-freebsd-x64": "4.1.14", + "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.14", + "@tailwindcss/oxide-linux-arm64-gnu": "4.1.14", + "@tailwindcss/oxide-linux-arm64-musl": "4.1.14", + "@tailwindcss/oxide-linux-x64-gnu": "4.1.14", + "@tailwindcss/oxide-linux-x64-musl": "4.1.14", + "@tailwindcss/oxide-wasm32-wasi": "4.1.14", + "@tailwindcss/oxide-win32-arm64-msvc": "4.1.14", + "@tailwindcss/oxide-win32-x64-msvc": "4.1.14" + } + }, + "node_modules/@tailwindcss/oxide-android-arm64": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.1.14.tgz", + "integrity": "sha512-a94ifZrGwMvbdeAxWoSuGcIl6/DOP5cdxagid7xJv6bwFp3oebp7y2ImYsnZBMTwjn5Ev5xESvS3FFYUGgPODQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-darwin-arm64": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.1.14.tgz", + "integrity": "sha512-HkFP/CqfSh09xCnrPJA7jud7hij5ahKyWomrC3oiO2U9i0UjP17o9pJbxUN0IJ471GTQQmzwhp0DEcpbp4MZTA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-darwin-x64": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.1.14.tgz", + "integrity": "sha512-eVNaWmCgdLf5iv6Qd3s7JI5SEFBFRtfm6W0mphJYXgvnDEAZ5sZzqmI06bK6xo0IErDHdTA5/t7d4eTfWbWOFw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-freebsd-x64": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.1.14.tgz", + "integrity": "sha512-QWLoRXNikEuqtNb0dhQN6wsSVVjX6dmUFzuuiL09ZeXju25dsei2uIPl71y2Ic6QbNBsB4scwBoFnlBfabHkEw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm-gnueabihf": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.1.14.tgz", + "integrity": "sha512-VB4gjQni9+F0VCASU+L8zSIyjrLLsy03sjcR3bM0V2g4SNamo0FakZFKyUQ96ZVwGK4CaJsc9zd/obQy74o0Fw==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-gnu": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.1.14.tgz", + "integrity": "sha512-qaEy0dIZ6d9vyLnmeg24yzA8XuEAD9WjpM5nIM1sUgQ/Zv7cVkharPDQcmm/t/TvXoKo/0knI3me3AGfdx6w1w==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-arm64-musl": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.1.14.tgz", + "integrity": "sha512-ISZjT44s59O8xKsPEIesiIydMG/sCXoMBCqsphDm/WcbnuWLxxb+GcvSIIA5NjUw6F8Tex7s5/LM2yDy8RqYBQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-gnu": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.1.14.tgz", + "integrity": "sha512-02c6JhLPJj10L2caH4U0zF8Hji4dOeahmuMl23stk0MU1wfd1OraE7rOloidSF8W5JTHkFdVo/O7uRUJJnUAJg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-linux-x64-musl": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.1.14.tgz", + "integrity": "sha512-TNGeLiN1XS66kQhxHG/7wMeQDOoL0S33x9BgmydbrWAb9Qw0KYdd8o1ifx4HOGDWhVmJ+Ul+JQ7lyknQFilO3Q==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-wasm32-wasi": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.1.14.tgz", + "integrity": "sha512-uZYAsaW/jS/IYkd6EWPJKW/NlPNSkWkBlaeVBi/WsFQNP05/bzkebUL8FH1pdsqx4f2fH/bWFcUABOM9nfiJkQ==", + "bundleDependencies": [ + "@napi-rs/wasm-runtime", + "@emnapi/core", + "@emnapi/runtime", + "@tybys/wasm-util", + "@emnapi/wasi-threads", + "tslib" + ], + "cpu": [ + "wasm32" + ], + "dev": true, + "license": "MIT", + "optional": true, + "dependencies": { + "@emnapi/core": "^1.5.0", + "@emnapi/runtime": "^1.5.0", + "@emnapi/wasi-threads": "^1.1.0", + "@napi-rs/wasm-runtime": "^1.0.5", + "@tybys/wasm-util": "^0.10.1", + "tslib": "^2.4.0" + }, + "engines": { + "node": ">=14.0.0" + } + }, + "node_modules/@tailwindcss/oxide-win32-arm64-msvc": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.14.tgz", + "integrity": "sha512-Az0RnnkcvRqsuoLH2Z4n3JfAef0wElgzHD5Aky/e+0tBUxUhIeIqFBTMNQvmMRSP15fWwmvjBxZ3Q8RhsDnxAA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/oxide-win32-x64-msvc": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.1.14.tgz", + "integrity": "sha512-ttblVGHgf68kEE4om1n/n44I0yGPkCPbLsqzjvybhpwa6mKKtgFfAzy6btc3HRmuW7nHe0OOrSeNP9sQmmH9XA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@tailwindcss/typography": { + "version": "0.5.19", + "resolved": "https://registry.npmjs.org/@tailwindcss/typography/-/typography-0.5.19.tgz", + "integrity": "sha512-w31dd8HOx3k9vPtcQh5QHP9GwKcgbMp87j58qi6xgiBnFFtKEAgCWnDw4qUT8aHwkCp8bKvb/KGKWWHedP0AAg==", + "dev": true, + "license": "MIT", + "dependencies": { + "postcss-selector-parser": "6.0.10" + }, + "peerDependencies": { + "tailwindcss": ">=3.0.0 || insiders || >=4.0.0-alpha.20 || >=4.0.0-beta.1" + } + }, + "node_modules/@tailwindcss/vite": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/@tailwindcss/vite/-/vite-4.1.14.tgz", + "integrity": "sha512-BoFUoU0XqgCUS1UXWhmDJroKKhNXeDzD7/XwabjkDIAbMnc4ULn5e2FuEuBbhZ6ENZoSYzKlzvZ44Yr6EUDUSA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@tailwindcss/node": "4.1.14", + "@tailwindcss/oxide": "4.1.14", + "tailwindcss": "4.1.14" + }, + "peerDependencies": { + "vite": "^5.2.0 || ^6 || ^7" + } + }, + "node_modules/@types/cookie": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/estree": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz", + "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", + "license": "MIT" + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", + "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "22.18.9", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.18.9.tgz", + "integrity": "sha512-5yBtK0k/q8PjkMXbTfeIEP/XVYnz1R9qZJ3yUicdEW7ppdDJfe+MqXEhpqDL3mtn4Wvs1u0KLEG0RXzCgNpsSg==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "undici-types": "~6.21.0" + } + }, + "node_modules/@types/resolve": { + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz", + "integrity": "sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==", + "license": "MIT" + }, + "node_modules/@typescript-eslint/eslint-plugin": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.0.tgz", + "integrity": "sha512-hA8gxBq4ukonVXPy0OKhiaUh/68D0E88GSmtC1iAEnGaieuDi38LhS7jdCHRLi6ErJBNDGCzvh5EnzdPwUc0DA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/regexpp": "^4.10.0", + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/type-utils": "8.46.0", + "@typescript-eslint/utils": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", + "graphemer": "^1.4.0", + "ignore": "^7.0.0", + "natural-compare": "^1.4.0", + "ts-api-utils": "^2.1.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^8.46.0", + "eslint": "^8.57.0 || ^9.0.0", + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz", + "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/@typescript-eslint/parser": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz", + "integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", + "debug": "^4.3.4" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0", + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/project-service": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.0.tgz", + "integrity": "sha512-OEhec0mH+U5Je2NZOeK1AbVCdm0ChyapAyTeXVIYTPXDJ3F07+cu87PPXcGoYqZ7M9YJVvFnfpGg1UmCIqM+QQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/tsconfig-utils": "^8.46.0", + "@typescript-eslint/types": "^8.46.0", + "debug": "^4.3.4" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/scope-manager": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz", + "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/tsconfig-utils": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.0.tgz", + "integrity": "sha512-WrYXKGAHY836/N7zoK/kzi6p8tXFhasHh8ocFL9VZSAkvH956gfeRfcnhs3xzRy8qQ/dq3q44v1jvQieMFg2cw==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.0.tgz", + "integrity": "sha512-hy+lvYV1lZpVs2jRaEYvgCblZxUoJiPyCemwbQZ+NGulWkQRy0HRPYAoef/CNSzaLt+MLvMptZsHXHlkEilaeg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0", + "@typescript-eslint/utils": "8.46.0", + "debug": "^4.3.4", + "ts-api-utils": "^2.1.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0", + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/types": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz", + "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/typescript-estree": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz", + "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/project-service": "8.46.0", + "@typescript-eslint/tsconfig-utils": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", + "debug": "^4.3.4", + "fast-glob": "^3.3.2", + "is-glob": "^4.0.3", + "minimatch": "^9.0.4", + "semver": "^7.6.0", + "ts-api-utils": "^2.1.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz", + "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { + "version": "9.0.5", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz", + "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/utils": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.0.tgz", + "integrity": "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.7.0", + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0", + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/@typescript-eslint/visitor-keys": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz", + "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "8.46.0", + "eslint-visitor-keys": "^4.2.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@yr/monotone-cubic-spline": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/@yr/monotone-cubic-spline/-/monotone-cubic-spline-1.0.3.tgz", + "integrity": "sha512-FQXkOta0XBSUPHndIKON2Y9JeQz5ZeMqLYZVVK93FliNBFm7LNMIZmY6FrMEB9XPcDbE2bekMbZD6kzDkxwYjA==", + "license": "MIT" + }, + "node_modules/acorn": { + "version": "8.15.0", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", + "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", + "license": "MIT", + "peer": true, + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "dev": true, + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dev": true, + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/apexcharts": { + "version": "5.3.5", + "resolved": "https://registry.npmjs.org/apexcharts/-/apexcharts-5.3.5.tgz", + "integrity": "sha512-I04DY/WBZbJgJD2uixeV5EzyiL+J5LgKQXEu8rctqAwyRmKv44aDVeofJoLdTJe3ao4r2KEQfCgtVzXn6pqirg==", + "license": "SEE LICENSE IN LICENSE", + "dependencies": { + "@svgdotjs/svg.draggable.js": "^3.0.4", + "@svgdotjs/svg.filter.js": "^3.0.8", + "@svgdotjs/svg.js": "^3.2.4", + "@svgdotjs/svg.resize.js": "^2.0.2", + "@svgdotjs/svg.select.js": "^4.0.1", + "@yr/monotone-cubic-spline": "^1.0.3" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", + "dev": true, + "license": "Python-2.0" + }, + "node_modules/aria-query": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.2.tgz", + "integrity": "sha512-COROpnaoap1E2F000S62r6A60uHZnmlvomhfyT2DlTcrY1OrBKn2UhH7qn5wTC9zMvD0AY7csdPSNwKP+7WiQw==", + "license": "Apache-2.0", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==", + "license": "MIT" + }, + "node_modules/axios": { + "version": "1.12.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz", + "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==", + "license": "MIT", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.4", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/axobject-query": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-4.1.0.tgz", + "integrity": "sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ==", + "license": "Apache-2.0", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/chokidar": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-4.0.3.tgz", + "integrity": "sha512-Qgzu8kfBvo+cA4962jnP1KkS6Dop5NS6g7R5LFYJr4b8Ub94PPQXUksCw9PvXoeXPRRddRNC5C1JQUR2SMGtnA==", + "dev": true, + "license": "MIT", + "dependencies": { + "readdirp": "^4.0.1" + }, + "engines": { + "node": ">= 14.16.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/chownr": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz", + "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": ">=18" + } + }, + "node_modules/clsx": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/clsx/-/clsx-2.1.1.tgz", + "integrity": "sha512-eYm0QWBtUrBWZWG0d386OGAw16Z995PiOVo2B7bjWSbHedGl5e0ZWaq65kOGgUSNesEIDkB9ISbTg/JK9dhCZA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", + "dev": true, + "license": "MIT" + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "license": "MIT", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/commondir": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", + "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==", + "dev": true, + "license": "MIT" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true, + "license": "MIT" + }, + "node_modules/cookie": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", + "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/cssesc": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", + "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", + "dev": true, + "license": "MIT", + "bin": { + "cssesc": "bin/cssesc" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/date-fns": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz", + "integrity": "sha512-Ukq0owbQXxa/U3EGtsdVBkR1w7KOQ5gIBqdH2hkvknzZPYvBxb/aa6E8L7tmjFtkwZBu3UXBbjIgPo/Ez4xaNg==", + "license": "MIT", + "funding": { + "type": "github", + "url": "https://github.com/sponsors/kossnocorp" + } + }, + "node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/deepmerge": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", + "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "license": "MIT", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/detect-libc": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.2.tgz", + "integrity": "sha512-Btj2BOOO83o3WyH59e8MgXsxEQVcarkUOpEYrubB0urwnN10yQ364rsiByU11nZlqWYZm05i/of7io4mzihBtQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=8" + } + }, + "node_modules/devalue": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.3.2.tgz", + "integrity": "sha512-UDsjUbpQn9kvm68slnrs+mfxwFkIflOhkanmyabZ8zOYk8SMEIbJ3TK+88g70hSIeytu4y18f0z/hYHMTrXIWw==", + "dev": true, + "license": "MIT" + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/enhanced-resolve": { + "version": "5.18.3", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz", + "integrity": "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww==", + "dev": true, + "license": "MIT", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/esbuild": { + "version": "0.25.10", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz", + "integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "bin": { + "esbuild": "bin/esbuild" + }, + "engines": { + "node": ">=18" + }, + "optionalDependencies": { + "@esbuild/aix-ppc64": "0.25.10", + "@esbuild/android-arm": "0.25.10", + "@esbuild/android-arm64": "0.25.10", + "@esbuild/android-x64": "0.25.10", + "@esbuild/darwin-arm64": "0.25.10", + "@esbuild/darwin-x64": "0.25.10", + "@esbuild/freebsd-arm64": "0.25.10", + "@esbuild/freebsd-x64": "0.25.10", + "@esbuild/linux-arm": "0.25.10", + "@esbuild/linux-arm64": "0.25.10", + "@esbuild/linux-ia32": "0.25.10", + "@esbuild/linux-loong64": "0.25.10", + "@esbuild/linux-mips64el": "0.25.10", + "@esbuild/linux-ppc64": "0.25.10", + "@esbuild/linux-riscv64": "0.25.10", + "@esbuild/linux-s390x": "0.25.10", + "@esbuild/linux-x64": "0.25.10", + "@esbuild/netbsd-arm64": "0.25.10", + "@esbuild/netbsd-x64": "0.25.10", + "@esbuild/openbsd-arm64": "0.25.10", + "@esbuild/openbsd-x64": "0.25.10", + "@esbuild/openharmony-arm64": "0.25.10", + "@esbuild/sunos-x64": "0.25.10", + "@esbuild/win32-arm64": "0.25.10", + "@esbuild/win32-ia32": "0.25.10", + "@esbuild/win32-x64": "0.25.10" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "9.37.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.37.0.tgz", + "integrity": "sha512-XyLmROnACWqSxiGYArdef1fItQd47weqB7iwtfr9JHwRrqIXZdcFMvvEcL9xHCmL0SNsOvF0c42lWyM1U5dgig==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@eslint-community/eslint-utils": "^4.8.0", + "@eslint-community/regexpp": "^4.12.1", + "@eslint/config-array": "^0.21.0", + "@eslint/config-helpers": "^0.4.0", + "@eslint/core": "^0.16.0", + "@eslint/eslintrc": "^3.3.1", + "@eslint/js": "9.37.0", + "@eslint/plugin-kit": "^0.4.0", + "@humanfs/node": "^0.16.6", + "@humanwhocodes/module-importer": "^1.0.1", + "@humanwhocodes/retry": "^0.4.2", + "@types/estree": "^1.0.6", + "@types/json-schema": "^7.0.15", + "ajv": "^6.12.4", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.6", + "debug": "^4.3.2", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^8.4.0", + "eslint-visitor-keys": "^4.2.1", + "espree": "^10.4.0", + "esquery": "^1.5.0", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^8.0.0", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "ignore": "^5.2.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.3" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://eslint.org/donate" + }, + "peerDependencies": { + "jiti": "*" + }, + "peerDependenciesMeta": { + "jiti": { + "optional": true + } + } + }, + "node_modules/eslint-config-prettier": { + "version": "10.1.8", + "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-10.1.8.tgz", + "integrity": "sha512-82GZUjRS0p/jganf6q1rEO25VSoHH0hKPCTrgillPjdI/3bgBhAE1QzHrHTizjpRvy6pGAvKjDJtk2pF9NDq8w==", + "dev": true, + "license": "MIT", + "bin": { + "eslint-config-prettier": "bin/cli.js" + }, + "funding": { + "url": "https://opencollective.com/eslint-config-prettier" + }, + "peerDependencies": { + "eslint": ">=7.0.0" + } + }, + "node_modules/eslint-plugin-svelte": { + "version": "3.12.4", + "resolved": "https://registry.npmjs.org/eslint-plugin-svelte/-/eslint-plugin-svelte-3.12.4.tgz", + "integrity": "sha512-hD7wPe+vrPgx3U2X2b/wyTMtWobm660PygMGKrWWYTc9lvtY8DpNFDaU2CJQn1szLjGbn/aJ3g8WiXuKakrEkw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.6.1", + "@jridgewell/sourcemap-codec": "^1.5.0", + "esutils": "^2.0.3", + "globals": "^16.0.0", + "known-css-properties": "^0.37.0", + "postcss": "^8.4.49", + "postcss-load-config": "^3.1.4", + "postcss-safe-parser": "^7.0.0", + "semver": "^7.6.3", + "svelte-eslint-parser": "^1.3.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://github.com/sponsors/ota-meshi" + }, + "peerDependencies": { + "eslint": "^8.57.1 || ^9.0.0", + "svelte": "^3.37.0 || ^4.0.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "svelte": { + "optional": true + } + } + }, + "node_modules/eslint-scope": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-8.4.0.tgz", + "integrity": "sha512-sNXOfKCn74rt8RICKMvJS7XKV/Xk9kA7DyJr8mJik3S7Cwgy3qlkkmyS2uQB3jiJg6VNdZd/pDBJu0nvG2NlTg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "4.2.1", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-4.2.1.tgz", + "integrity": "sha512-Uhdk5sfqcee/9H/rCOJikYz67o0a2Tw2hGRPOG2Y1R2dg7brRe1uG0yaNQDHu+TO/uQPF/5eCapvYSmHUjt7JQ==", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esm-env": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/esm-env/-/esm-env-1.2.2.tgz", + "integrity": "sha512-Epxrv+Nr/CaL4ZcFGPJIYLWFom+YeV1DqMLHJoEd9SYRxNbaFruBwfEX/kkHUJf55j2+TUbmDcmuilbP1TmXHA==", + "license": "MIT" + }, + "node_modules/espree": { + "version": "10.4.0", + "resolved": "https://registry.npmjs.org/espree/-/espree-10.4.0.tgz", + "integrity": "sha512-j6PAQ2uUr79PZhBjP5C5fhl8e39FmRnOjsD5lGnWrFU8i2G776tBK7+nP8KuQUTTyAZUwfQqXAgrVH5MbH9CYQ==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "acorn": "^8.15.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^4.2.1" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esquery": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz", + "integrity": "sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrap": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/esrap/-/esrap-2.1.0.tgz", + "integrity": "sha512-yzmPNpl7TBbMRC5Lj2JlJZNPml0tzqoqP5B1JXycNUwtqma9AKCO0M2wHrdgsHcy1WRW7S9rJknAMtByg3usgA==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.4.15" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estree-walker": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz", + "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==", + "license": "MIT" + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.3.tgz", + "integrity": "sha512-7MptL8U0cqcFdzIzwOTHoilX9x5BrNqye7Z/LuC7kCMRio1EMSyqRK3BEAUD7sXRq4iT4AzTVuZdhgQ2TCvYLg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.8" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-glob/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==", + "dev": true, + "license": "MIT" + }, + "node_modules/fastq": { + "version": "1.19.1", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz", + "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==", + "dev": true, + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/fdir": { + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, + "peerDependencies": { + "picomatch": "^3 || ^4" + }, + "peerDependenciesMeta": { + "picomatch": { + "optional": true + } + } + }, + "node_modules/file-entry-cache": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-8.0.0.tgz", + "integrity": "sha512-XXTUwCvisa5oacNGRP9SfNtYBNAMi+RPwBFmblZEF7N7swHYQS6/Zfk7SRwx4D5j3CH211YNRco1DEMNVfZCnQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "flat-cache": "^4.0.0" + }, + "engines": { + "node": ">=16.0.0" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dev": true, + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-4.0.1.tgz", + "integrity": "sha512-f7ccFPK3SXFHpx15UIGyRJ/FJQctuKZ0zVuN3frBo4HnK3cay9VEW0R6yPYFHC0AgqhukPzKjq22t5DmAyqGyw==", + "dev": true, + "license": "MIT", + "dependencies": { + "flatted": "^3.2.9", + "keyv": "^4.5.4" + }, + "engines": { + "node": ">=16" + } + }, + "node_modules/flatted": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz", + "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==", + "dev": true, + "license": "ISC" + }, + "node_modules/flowbite": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/flowbite/-/flowbite-3.1.2.tgz", + "integrity": "sha512-MkwSgbbybCYgMC+go6Da5idEKUFfMqc/AmSjm/2ZbdmvoKf5frLPq/eIhXc9P+rC8t9boZtUXzHDgt5whZ6A/Q==", + "license": "MIT", + "dependencies": { + "@popperjs/core": "^2.9.3", + "flowbite-datepicker": "^1.3.1", + "mini-svg-data-uri": "^1.4.3", + "postcss": "^8.5.1" + } + }, + "node_modules/flowbite-datepicker": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/flowbite-datepicker/-/flowbite-datepicker-1.3.2.tgz", + "integrity": "sha512-6Nfm0MCVX3mpaR7YSCjmEO2GO8CDt6CX8ZpQnGdeu03WUCWtEPQ/uy0PUiNtIJjJZWnX0Cm3H55MOhbD1g+E/g==", + "license": "MIT", + "dependencies": { + "@rollup/plugin-node-resolve": "^15.2.3", + "flowbite": "^2.0.0" + } + }, + "node_modules/flowbite-datepicker/node_modules/@rollup/plugin-node-resolve": { + "version": "15.3.1", + "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.3.1.tgz", + "integrity": "sha512-tgg6b91pAybXHJQMAAwW9VuWBO6Thi+q7BCNARLwSqlmsHz0XYURtGvh/AuwSADXSI4h/2uHbs7s4FzlZDGSGA==", + "license": "MIT", + "dependencies": { + "@rollup/pluginutils": "^5.0.1", + "@types/resolve": "1.20.2", + "deepmerge": "^4.2.2", + "is-module": "^1.0.0", + "resolve": "^1.22.1" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^2.78.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/flowbite-datepicker/node_modules/flowbite": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/flowbite/-/flowbite-2.5.2.tgz", + "integrity": "sha512-kwFD3n8/YW4EG8GlY3Od9IoKND97kitO+/ejISHSqpn3vw2i5K/+ZI8Jm2V+KC4fGdnfi0XZ+TzYqQb4Q1LshA==", + "license": "MIT", + "dependencies": { + "@popperjs/core": "^2.9.3", + "flowbite-datepicker": "^1.3.0", + "mini-svg-data-uri": "^1.4.3" + } + }, + "node_modules/flowbite-svelte": { + "version": "1.17.4", + "resolved": "https://registry.npmjs.org/flowbite-svelte/-/flowbite-svelte-1.17.4.tgz", + "integrity": "sha512-z8e7wJZHgYN+vE6yQT/jH/U3+TkH57UdX52dBg7R2oLkhQFjgA5nAzPqeOPF46+3wZy5mJIFpZ9czxKeCQx0wg==", + "license": "MIT", + "dependencies": { + "@floating-ui/dom": "^1.7.4", + "@floating-ui/utils": "^0.2.10", + "apexcharts": "^5.3.5", + "clsx": "^2.1.1", + "date-fns": "^4.1.0", + "esm-env": "^1.2.2", + "flowbite": "^3.1.2", + "tailwind-merge": "^3.3.1", + "tailwind-variants": "^3.1.1" + }, + "peerDependencies": { + "svelte": "^5.29.0", + "tailwindcss": "^4.1.4" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.11", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", + "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz", + "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==", + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "16.4.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-16.4.0.tgz", + "integrity": "sha512-ob/2LcVVaVGCYN+r14cnwnoDPUufjiYgSqRhiFD0Q1iI4Odora5RE8Iv1D24hAz5oMophRGkGz+yuvQmmUMnMw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", + "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", + "dev": true, + "license": "ISC" + }, + "node_modules/graphemer": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", + "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==", + "dev": true, + "license": "MIT" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "license": "MIT", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ignore": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", + "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz", + "integrity": "sha512-TR3KfrTZTYLPB6jUjfx6MF9WcWrHL9su5TObK4ZkYgBdWKPOFoSoQIdEuTuR82pmtxH2spWG9h6etwfr1pLBqQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/is-core-module": { + "version": "2.16.1", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.16.1.tgz", + "integrity": "sha512-UfoeMA6fIJ8wTYFEUjelnaGI67v6+N7qXJEvQuIGa99l4xsCruSYOVSQ0uPANn4dAzm8lkYPaKLrrijLq7x23w==", + "license": "MIT", + "dependencies": { + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-module": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/is-module/-/is-module-1.0.0.tgz", + "integrity": "sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g==", + "license": "MIT" + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-reference": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-1.2.1.tgz", + "integrity": "sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "*" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", + "dev": true, + "license": "ISC" + }, + "node_modules/jiti": { + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.6.1.tgz", + "integrity": "sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==", + "dev": true, + "license": "MIT", + "bin": { + "jiti": "lib/jiti-cli.mjs" + } + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/json-buffer": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", + "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", + "dev": true, + "license": "MIT" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/keyv": { + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", + "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", + "dev": true, + "license": "MIT", + "dependencies": { + "json-buffer": "3.0.1" + } + }, + "node_modules/kleur": { + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz", + "integrity": "sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/known-css-properties": { + "version": "0.37.0", + "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.37.0.tgz", + "integrity": "sha512-JCDrsP4Z1Sb9JwG0aJ8Eo2r7k4Ou5MwmThS/6lcIe1ICyb7UBJKGRIUUdqc2ASdE/42lgz6zFUnzAIhtXnBVrQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/lightningcss": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.30.1.tgz", + "integrity": "sha512-xi6IyHML+c9+Q3W0S4fCQJOym42pyurFiJUHEcEyHS0CeKzia4yZDEsLlqOFykxOdHpNy0NmvVO31vcSqAxJCg==", + "dev": true, + "license": "MPL-2.0", + "dependencies": { + "detect-libc": "^2.0.3" + }, + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + }, + "optionalDependencies": { + "lightningcss-darwin-arm64": "1.30.1", + "lightningcss-darwin-x64": "1.30.1", + "lightningcss-freebsd-x64": "1.30.1", + "lightningcss-linux-arm-gnueabihf": "1.30.1", + "lightningcss-linux-arm64-gnu": "1.30.1", + "lightningcss-linux-arm64-musl": "1.30.1", + "lightningcss-linux-x64-gnu": "1.30.1", + "lightningcss-linux-x64-musl": "1.30.1", + "lightningcss-win32-arm64-msvc": "1.30.1", + "lightningcss-win32-x64-msvc": "1.30.1" + } + }, + "node_modules/lightningcss-darwin-arm64": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.30.1.tgz", + "integrity": "sha512-c8JK7hyE65X1MHMN+Viq9n11RRC7hgin3HhYKhrMyaXflk5GVplZ60IxyoVtzILeKr+xAJwg6zK6sjTBJ0FKYQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-darwin-x64": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.30.1.tgz", + "integrity": "sha512-k1EvjakfumAQoTfcXUcHQZhSpLlkAuEkdMBsI/ivWw9hL+7FtilQc0Cy3hrx0AAQrVtQAbMI7YjCgYgvn37PzA==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-freebsd-x64": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.30.1.tgz", + "integrity": "sha512-kmW6UGCGg2PcyUE59K5r0kWfKPAVy4SltVeut+umLCFoJ53RdCUWxcRDzO1eTaxf/7Q2H7LTquFHPL5R+Gjyig==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm-gnueabihf": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.30.1.tgz", + "integrity": "sha512-MjxUShl1v8pit+6D/zSPq9S9dQ2NPFSQwGvxBCYaBYLPlCWuPh9/t1MRS8iUaR8i+a6w7aps+B4N0S1TYP/R+Q==", + "cpu": [ + "arm" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-gnu": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.30.1.tgz", + "integrity": "sha512-gB72maP8rmrKsnKYy8XUuXi/4OctJiuQjcuqWNlJQ6jZiWqtPvqFziskH3hnajfvKB27ynbVCucKSm2rkQp4Bw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-arm64-musl": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.30.1.tgz", + "integrity": "sha512-jmUQVx4331m6LIX+0wUhBbmMX7TCfjF5FoOH6SD1CttzuYlGNVpA7QnrmLxrsub43ClTINfGSYyHe2HWeLl5CQ==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-gnu": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.30.1.tgz", + "integrity": "sha512-piWx3z4wN8J8z3+O5kO74+yr6ze/dKmPnI7vLqfSqI8bccaTGY5xiSGVIJBDd5K5BHlvVLpUB3S2YCfelyJ1bw==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-linux-x64-musl": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.30.1.tgz", + "integrity": "sha512-rRomAK7eIkL+tHY0YPxbc5Dra2gXlI63HL+v1Pdi1a3sC+tJTcFrHX+E86sulgAXeI7rSzDYhPSeHHjqFhqfeQ==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-arm64-msvc": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.30.1.tgz", + "integrity": "sha512-mSL4rqPi4iXq5YVqzSsJgMVFENoa4nGTT/GjO2c0Yl9OuQfPsIfncvLrEW6RbbB24WtZ3xP/2CCmI3tNkNV4oA==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lightningcss-win32-x64-msvc": { + "version": "1.30.1", + "resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.30.1.tgz", + "integrity": "sha512-PVqXh48wh4T53F/1CCu8PIPCxLzWyCnn/9T5W1Jpmdy5h9Cwd+0YQS6/LwhHXSafuc61/xg9Lv5OrCby6a++jg==", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MPL-2.0", + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 12.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/parcel" + } + }, + "node_modules/lilconfig": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", + "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/locate-character": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/locate-character/-/locate-character-3.0.0.tgz", + "integrity": "sha512-SW13ws7BjaeJ6p7Q6CO2nchbYEc3X3J6WrmTTDto7yMPqVSZTUyY5Tjbid+Ab8gLnATtygYtiDIJGQRRn2ZOiA==", + "license": "MIT" + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/magic-string": { + "version": "0.30.19", + "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.19.tgz", + "integrity": "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw==", + "license": "MIT", + "dependencies": { + "@jridgewell/sourcemap-codec": "^1.5.5" + } + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dev": true, + "license": "MIT", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/micromatch/node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mini-svg-data-uri": { + "version": "1.4.4", + "resolved": "https://registry.npmjs.org/mini-svg-data-uri/-/mini-svg-data-uri-1.4.4.tgz", + "integrity": "sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==", + "license": "MIT", + "bin": { + "mini-svg-data-uri": "cli.js" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minipass": { + "version": "7.1.2", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", + "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">=16 || 14 >=14.17" + } + }, + "node_modules/minizlib": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.1.0.tgz", + "integrity": "sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==", + "dev": true, + "license": "MIT", + "dependencies": { + "minipass": "^7.1.2" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/mri": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz", + "integrity": "sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/mrmime": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.1.tgz", + "integrity": "sha512-Y3wQdFg2Va6etvQ5I82yUhGdsKrcYox6p7FfL1LbK2J4V01F9TGlepTIhnK24t7koZibmg82KGglhA1XK5IsLQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + } + }, + "node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/nanoid": { + "version": "3.3.11", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", + "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", + "dev": true, + "license": "MIT" + }, + "node_modules/optionator": { + "version": "0.9.4", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", + "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", + "dev": true, + "license": "MIT", + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dev": true, + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", + "license": "MIT" + }, + "node_modules/picocolors": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz", + "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==", + "license": "ISC" + }, + "node_modules/picomatch": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/postcss": { + "version": "8.5.6", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", + "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "peer": true, + "dependencies": { + "nanoid": "^3.3.11", + "picocolors": "^1.1.1", + "source-map-js": "^1.2.1" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/postcss-load-config": { + "version": "3.1.4", + "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", + "integrity": "sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==", + "dev": true, + "license": "MIT", + "dependencies": { + "lilconfig": "^2.0.5", + "yaml": "^1.10.2" + }, + "engines": { + "node": ">= 10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + "peerDependencies": { + "postcss": ">=8.0.9", + "ts-node": ">=9.0.0" + }, + "peerDependenciesMeta": { + "postcss": { + "optional": true + }, + "ts-node": { + "optional": true + } + } + }, + "node_modules/postcss-load-config/node_modules/yaml": { + "version": "1.10.2", + "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", + "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", + "dev": true, + "license": "ISC", + "engines": { + "node": ">= 6" + } + }, + "node_modules/postcss-safe-parser": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-7.0.1.tgz", + "integrity": "sha512-0AioNCJZ2DPYz5ABT6bddIqlhgwhpHZ/l65YAYo0BCIn0xiDpsnTHz0gnoTGk0OXZW0JRs+cDwL8u/teRdz+8A==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss-safe-parser" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "engines": { + "node": ">=18.0" + }, + "peerDependencies": { + "postcss": "^8.4.31" + } + }, + "node_modules/postcss-scss": { + "version": "4.0.9", + "resolved": "https://registry.npmjs.org/postcss-scss/-/postcss-scss-4.0.9.tgz", + "integrity": "sha512-AjKOeiwAitL/MXxQW2DliT28EKukvvbEWx3LBmJIRN8KfBGZbRTxNYW0kSqi1COiTZ57nZ9NW06S6ux//N1c9A==", + "dev": true, + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss-scss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], + "license": "MIT", + "engines": { + "node": ">=12.0" + }, + "peerDependencies": { + "postcss": "^8.4.29" + } + }, + "node_modules/postcss-selector-parser": { + "version": "6.0.10", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.10.tgz", + "integrity": "sha512-IQ7TZdoaqbT+LCpShg46jnZVlhWD2w6iQYAcYXfHARZ7X1t/UGhhceQDs5X0cGqKvYlHNOuv7Oa1xmb0oQuA3w==", + "dev": true, + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/prettier": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.6.2.tgz", + "integrity": "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==", + "dev": true, + "license": "MIT", + "peer": true, + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/prettier-plugin-svelte": { + "version": "3.4.0", + "resolved": "https://registry.npmjs.org/prettier-plugin-svelte/-/prettier-plugin-svelte-3.4.0.tgz", + "integrity": "sha512-pn1ra/0mPObzqoIQn/vUTR3ZZI6UuZ0sHqMK5x2jMLGrs53h0sXhkVuDcrlssHwIMk7FYrMjHBPoUSyyEEDlBQ==", + "dev": true, + "license": "MIT", + "peer": true, + "peerDependencies": { + "prettier": "^3.0.0", + "svelte": "^3.2.0 || ^4.0.0-next.0 || ^5.0.0-next.0" + } + }, + "node_modules/prettier-plugin-tailwindcss": { + "version": "0.6.14", + "resolved": "https://registry.npmjs.org/prettier-plugin-tailwindcss/-/prettier-plugin-tailwindcss-0.6.14.tgz", + "integrity": "sha512-pi2e/+ZygeIqntN+vC573BcW5Cve8zUB0SSAGxqpB4f96boZF4M3phPVoOFCeypwkpRYdi7+jQ5YJJUwrkGUAg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=14.21.3" + }, + "peerDependencies": { + "@ianvs/prettier-plugin-sort-imports": "*", + "@prettier/plugin-hermes": "*", + "@prettier/plugin-oxc": "*", + "@prettier/plugin-pug": "*", + "@shopify/prettier-plugin-liquid": "*", + "@trivago/prettier-plugin-sort-imports": "*", + "@zackad/prettier-plugin-twig": "*", + "prettier": "^3.0", + "prettier-plugin-astro": "*", + "prettier-plugin-css-order": "*", + "prettier-plugin-import-sort": "*", + "prettier-plugin-jsdoc": "*", + "prettier-plugin-marko": "*", + "prettier-plugin-multiline-arrays": "*", + "prettier-plugin-organize-attributes": "*", + "prettier-plugin-organize-imports": "*", + "prettier-plugin-sort-imports": "*", + "prettier-plugin-style-order": "*", + "prettier-plugin-svelte": "*" + }, + "peerDependenciesMeta": { + "@ianvs/prettier-plugin-sort-imports": { + "optional": true + }, + "@prettier/plugin-hermes": { + "optional": true + }, + "@prettier/plugin-oxc": { + "optional": true + }, + "@prettier/plugin-pug": { + "optional": true + }, + "@shopify/prettier-plugin-liquid": { + "optional": true + }, + "@trivago/prettier-plugin-sort-imports": { + "optional": true + }, + "@zackad/prettier-plugin-twig": { + "optional": true + }, + "prettier-plugin-astro": { + "optional": true + }, + "prettier-plugin-css-order": { + "optional": true + }, + "prettier-plugin-import-sort": { + "optional": true + }, + "prettier-plugin-jsdoc": { + "optional": true + }, + "prettier-plugin-marko": { + "optional": true + }, + "prettier-plugin-multiline-arrays": { + "optional": true + }, + "prettier-plugin-organize-attributes": { + "optional": true + }, + "prettier-plugin-organize-imports": { + "optional": true + }, + "prettier-plugin-sort-imports": { + "optional": true + }, + "prettier-plugin-style-order": { + "optional": true + }, + "prettier-plugin-svelte": { + "optional": true + } + } + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "license": "MIT" + }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/readdirp": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-4.1.2.tgz", + "integrity": "sha512-GDhwkLfywWL2s6vEjyhri+eXmfH6j1L7JE27WhqLeYzoh/A3DBaYGEj2H/HFZCn/kMfim73FXxEJTw06WtxQwg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 14.18.0" + }, + "funding": { + "type": "individual", + "url": "https://paulmillr.com/funding/" + } + }, + "node_modules/resolve": { + "version": "1.22.10", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz", + "integrity": "sha512-NPRy+/ncIMeDlTAsuqwKIiferiawhefFJtkNSW0qZJEqMEb+qBt/77B/jGeeek+F0uOeN05CDa6HXbbIgtVX4w==", + "license": "MIT", + "dependencies": { + "is-core-module": "^2.16.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/reusify": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.1.0.tgz", + "integrity": "sha512-g6QUff04oZpHs0eG5p83rFLhHeV00ug/Yf9nZM6fLeUrPguBTkTQOdpAWWspMh55TZfVQDPaN3NQJfbVRAxdIw==", + "dev": true, + "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rollup": { + "version": "4.52.4", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.52.4.tgz", + "integrity": "sha512-CLEVl+MnPAiKh5pl4dEWSyMTpuflgNQiLGhMv8ezD5W/qP8AKvmYpCOKRRNOh7oRKnauBZ4SyeYkMS+1VSyKwQ==", + "devOptional": true, + "license": "MIT", + "peer": true, + "dependencies": { + "@types/estree": "1.0.8" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.52.4", + "@rollup/rollup-android-arm64": "4.52.4", + "@rollup/rollup-darwin-arm64": "4.52.4", + "@rollup/rollup-darwin-x64": "4.52.4", + "@rollup/rollup-freebsd-arm64": "4.52.4", + "@rollup/rollup-freebsd-x64": "4.52.4", + "@rollup/rollup-linux-arm-gnueabihf": "4.52.4", + "@rollup/rollup-linux-arm-musleabihf": "4.52.4", + "@rollup/rollup-linux-arm64-gnu": "4.52.4", + "@rollup/rollup-linux-arm64-musl": "4.52.4", + "@rollup/rollup-linux-loong64-gnu": "4.52.4", + "@rollup/rollup-linux-ppc64-gnu": "4.52.4", + "@rollup/rollup-linux-riscv64-gnu": "4.52.4", + "@rollup/rollup-linux-riscv64-musl": "4.52.4", + "@rollup/rollup-linux-s390x-gnu": "4.52.4", + "@rollup/rollup-linux-x64-gnu": "4.52.4", + "@rollup/rollup-linux-x64-musl": "4.52.4", + "@rollup/rollup-openharmony-arm64": "4.52.4", + "@rollup/rollup-win32-arm64-msvc": "4.52.4", + "@rollup/rollup-win32-ia32-msvc": "4.52.4", + "@rollup/rollup-win32-x64-gnu": "4.52.4", + "@rollup/rollup-win32-x64-msvc": "4.52.4", + "fsevents": "~2.3.2" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/sade": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/sade/-/sade-1.8.1.tgz", + "integrity": "sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==", + "dev": true, + "license": "MIT", + "dependencies": { + "mri": "^1.1.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/semver": { + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", + "dev": true, + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/set-cookie-parser": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz", + "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dev": true, + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/sirv": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/sirv/-/sirv-3.0.2.tgz", + "integrity": "sha512-2wcC/oGxHis/BoHkkPwldgiPSYcpZK3JU28WoMVv55yHJgcZ8rlXvuG9iZggz+sU1d4bRgIGASwyWqjxu3FM0g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@polka/url": "^1.0.0-next.24", + "mrmime": "^2.0.0", + "totalist": "^3.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/source-map-js": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz", + "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==", + "license": "BSD-3-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/svelte": { + "version": "5.39.11", + "resolved": "https://registry.npmjs.org/svelte/-/svelte-5.39.11.tgz", + "integrity": "sha512-8MxWVm2+3YwrFbPaxOlT1bbMi6OTenrAgks6soZfiaS8Fptk4EVyRIFhJc3RpO264EeSNwgjWAdki0ufg4zkGw==", + "license": "MIT", + "peer": true, + "dependencies": { + "@jridgewell/remapping": "^2.3.4", + "@jridgewell/sourcemap-codec": "^1.5.0", + "@sveltejs/acorn-typescript": "^1.0.5", + "@types/estree": "^1.0.5", + "acorn": "^8.12.1", + "aria-query": "^5.3.1", + "axobject-query": "^4.1.0", + "clsx": "^2.1.1", + "esm-env": "^1.2.1", + "esrap": "^2.1.0", + "is-reference": "^3.0.3", + "locate-character": "^3.0.0", + "magic-string": "^0.30.11", + "zimmerframe": "^1.1.2" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/svelte-check": { + "version": "4.3.3", + "resolved": "https://registry.npmjs.org/svelte-check/-/svelte-check-4.3.3.tgz", + "integrity": "sha512-RYP0bEwenDXzfv0P1sKAwjZSlaRyqBn0Fz1TVni58lqyEiqgwztTpmodJrGzP6ZT2aHl4MbTvWP6gbmQ3FOnBg==", + "dev": true, + "license": "MIT", + "dependencies": { + "@jridgewell/trace-mapping": "^0.3.25", + "chokidar": "^4.0.1", + "fdir": "^6.2.0", + "picocolors": "^1.0.0", + "sade": "^1.7.4" + }, + "bin": { + "svelte-check": "bin/svelte-check" + }, + "engines": { + "node": ">= 18.0.0" + }, + "peerDependencies": { + "svelte": "^4.0.0 || ^5.0.0-next.0", + "typescript": ">=5.0.0" + } + }, + "node_modules/svelte-eslint-parser": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/svelte-eslint-parser/-/svelte-eslint-parser-1.3.3.tgz", + "integrity": "sha512-oTrDR8Z7Wnguut7QH3YKh7JR19xv1seB/bz4dxU5J/86eJtZOU4eh0/jZq4dy6tAlz/KROxnkRQspv5ZEt7t+Q==", + "dev": true, + "license": "MIT", + "dependencies": { + "eslint-scope": "^8.2.0", + "eslint-visitor-keys": "^4.0.0", + "espree": "^10.0.0", + "postcss": "^8.4.49", + "postcss-scss": "^4.0.9", + "postcss-selector-parser": "^7.0.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "url": "https://github.com/sponsors/ota-meshi" + }, + "peerDependencies": { + "svelte": "^3.37.0 || ^4.0.0 || ^5.0.0" + }, + "peerDependenciesMeta": { + "svelte": { + "optional": true + } + } + }, + "node_modules/svelte-eslint-parser/node_modules/postcss-selector-parser": { + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", + "dev": true, + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/svelte/node_modules/is-reference": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-3.0.3.tgz", + "integrity": "sha512-ixkJoqQvAP88E6wLydLGGqCJsrFUnqoH6HnaczB8XmDH1oaWU+xxdptvikTgaEhtZ53Ky6YXiBuUI2WXLMCwjw==", + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.6" + } + }, + "node_modules/tailwind-merge": { + "version": "3.3.1", + "resolved": "https://registry.npmjs.org/tailwind-merge/-/tailwind-merge-3.3.1.tgz", + "integrity": "sha512-gBXpgUm/3rp1lMZZrM/w7D8GKqshif0zAymAhbCyIt8KMe+0v9DQ7cdYLR4FHH/cKpdTXb+A/tKKU3eolfsI+g==", + "license": "MIT", + "peer": true, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/dcastil" + } + }, + "node_modules/tailwind-variants": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/tailwind-variants/-/tailwind-variants-3.1.1.tgz", + "integrity": "sha512-ftLXe3krnqkMHsuBTEmaVUXYovXtPyTK7ckEfDRXS8PBZx0bAUas+A0jYxuKA5b8qg++wvQ3d2MQ7l/xeZxbZQ==", + "license": "MIT", + "engines": { + "node": ">=16.x", + "pnpm": ">=7.x" + }, + "peerDependencies": { + "tailwind-merge": ">=3.0.0", + "tailwindcss": "*" + }, + "peerDependenciesMeta": { + "tailwind-merge": { + "optional": true + } + } + }, + "node_modules/tailwindcss": { + "version": "4.1.14", + "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.14.tgz", + "integrity": "sha512-b7pCxjGO98LnxVkKjaZSDeNuljC4ueKUddjENJOADtubtdo8llTaJy7HwBMeLNSSo2N5QIAgklslK1+Ir8r6CA==", + "license": "MIT", + "peer": true + }, + "node_modules/tapable": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz", + "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/webpack" + } + }, + "node_modules/tar": { + "version": "7.5.1", + "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.1.tgz", + "integrity": "sha512-nlGpxf+hv0v7GkWBK2V9spgactGOp0qvfWRxUMjqHyzrt3SgwE48DIv/FhqPHJYLHpgW1opq3nERbz5Anq7n1g==", + "dev": true, + "license": "ISC", + "dependencies": { + "@isaacs/fs-minipass": "^4.0.0", + "chownr": "^3.0.0", + "minipass": "^7.1.2", + "minizlib": "^3.1.0", + "yallist": "^5.0.0" + }, + "engines": { + "node": ">=18" + } + }, + "node_modules/tinyglobby": { + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "fdir": "^6.5.0", + "picomatch": "^4.0.3" + }, + "engines": { + "node": ">=12.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/SuperchupuDev" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/totalist": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz", + "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/ts-api-utils": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz", + "integrity": "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=18.12" + }, + "peerDependencies": { + "typescript": ">=4.8.4" + } + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/typescript": { + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", + "dev": true, + "license": "Apache-2.0", + "peer": true, + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/typescript-eslint": { + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.46.0.tgz", + "integrity": "sha512-6+ZrB6y2bT2DX3K+Qd9vn7OFOJR+xSLDj+Aw/N3zBwUt27uTw2sw2TE2+UcY1RiyBZkaGbTkVg9SSdPNUG6aUw==", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/eslint-plugin": "8.46.0", + "@typescript-eslint/parser": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0", + "@typescript-eslint/utils": "8.46.0" + }, + "engines": { + "node": "^18.18.0 || ^20.9.0 || >=21.1.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.57.0 || ^9.0.0", + "typescript": ">=4.8.4 <6.0.0" + } + }, + "node_modules/undici-types": { + "version": "6.21.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz", + "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==", + "dev": true, + "license": "MIT" + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "dev": true, + "license": "MIT" + }, + "node_modules/vite": { + "version": "7.1.9", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.9.tgz", + "integrity": "sha512-4nVGliEpxmhCL8DslSAUdxlB6+SMrhB0a1v5ijlh1xB1nEPuy1mxaHxysVucLHuWryAxLWg6a5ei+U4TLn/rFg==", + "dev": true, + "license": "MIT", + "peer": true, + "dependencies": { + "esbuild": "^0.25.0", + "fdir": "^6.5.0", + "picomatch": "^4.0.3", + "postcss": "^8.5.6", + "rollup": "^4.43.0", + "tinyglobby": "^0.2.15" + }, + "bin": { + "vite": "bin/vite.js" + }, + "engines": { + "node": "^20.19.0 || >=22.12.0" + }, + "funding": { + "url": "https://github.com/vitejs/vite?sponsor=1" + }, + "optionalDependencies": { + "fsevents": "~2.3.3" + }, + "peerDependencies": { + "@types/node": "^20.19.0 || >=22.12.0", + "jiti": ">=1.21.0", + "less": "^4.0.0", + "lightningcss": "^1.21.0", + "sass": "^1.70.0", + "sass-embedded": "^1.70.0", + "stylus": ">=0.54.8", + "sugarss": "^5.0.0", + "terser": "^5.16.0", + "tsx": "^4.8.1", + "yaml": "^2.4.2" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + }, + "jiti": { + "optional": true + }, + "less": { + "optional": true + }, + "lightningcss": { + "optional": true + }, + "sass": { + "optional": true + }, + "sass-embedded": { + "optional": true + }, + "stylus": { + "optional": true + }, + "sugarss": { + "optional": true + }, + "terser": { + "optional": true + }, + "tsx": { + "optional": true + }, + "yaml": { + "optional": true + } + } + }, + "node_modules/vitefu": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/vitefu/-/vitefu-1.1.1.tgz", + "integrity": "sha512-B/Fegf3i8zh0yFbpzZ21amWzHmuNlLlmJT6n7bu5e+pCHUKQIfXSYokrqOBGEMMe9UG2sostKQF9mml/vYaWJQ==", + "dev": true, + "license": "MIT", + "workspaces": [ + "tests/deps/*", + "tests/projects/*", + "tests/projects/workspace/packages/*" + ], + "peerDependencies": { + "vite": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0-beta.0" + }, + "peerDependenciesMeta": { + "vite": { + "optional": true + } + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dev": true, + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/word-wrap": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", + "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/yallist": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz", + "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": ">=18" + } + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/zimmerframe": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/zimmerframe/-/zimmerframe-1.1.4.tgz", + "integrity": "sha512-B58NGBEoc8Y9MWWCQGl/gq9xBCe4IiKM0a2x7GZdQKOW5Exr8S1W24J6OgM1njK8xCRGvAJIL/MxXHf6SkmQKQ==", + "license": "MIT" + } + } +} diff --git a/nexus-5-auth-frontend/package.json b/nexus-5-auth-frontend/package.json new file mode 100644 index 0000000..0a74b5f --- /dev/null +++ b/nexus-5-auth-frontend/package.json @@ -0,0 +1,45 @@ +{ + "name": "nexus-5-auth-frontend", + "private": true, + "version": "0.0.1", + "type": "module", + "scripts": { + "dev": "vite dev", + "build": "vite build", + "preview": "vite preview", + "prepare": "svelte-kit sync || echo ''", + "check": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json", + "check:watch": "svelte-kit sync && svelte-check --tsconfig ./tsconfig.json --watch", + "format": "prettier --write .", + "lint": "prettier --check . && eslint ." + }, + "devDependencies": { + "@eslint/compat": "^1.4.0", + "@eslint/js": "^9.36.0", + "@sveltejs/adapter-node": "^5.3.2", + "@sveltejs/kit": "^2.43.2", + "@sveltejs/vite-plugin-svelte": "^6.2.0", + "@tailwindcss/forms": "^0.5.10", + "@tailwindcss/typography": "^0.5.18", + "@tailwindcss/vite": "^4.1.13", + "@types/node": "^22", + "eslint": "^9.36.0", + "eslint-config-prettier": "^10.1.8", + "eslint-plugin-svelte": "^3.12.4", + "globals": "^16.4.0", + "prettier": "^3.6.2", + "prettier-plugin-svelte": "^3.4.0", + "prettier-plugin-tailwindcss": "^0.6.14", + "svelte": "^5.39.5", + "svelte-check": "^4.3.2", + "tailwindcss": "^4.1.13", + "typescript": "^5.9.2", + "typescript-eslint": "^8.44.1", + "vite": "^7.1.7" + }, + "dependencies": { + "@ory/client": "^1.22.5", + "axios": "^1.12.2", + "flowbite-svelte": "^1.17.4" + } +} diff --git a/nexus-5-auth-frontend/src/app.css b/nexus-5-auth-frontend/src/app.css new file mode 100644 index 0000000..60856a0 --- /dev/null +++ b/nexus-5-auth-frontend/src/app.css @@ -0,0 +1,314 @@ +@import 'tailwindcss'; +@plugin '@tailwindcss/forms'; +@plugin '@tailwindcss/typography'; + +/* ============================================ + THEME COLOR SYSTEM + ============================================ + Primary: Blue + Secondary: Green + Primary Accent: Orange + Secondary Accent: Purple + Alert/Error: Red + Warning: Yellow + Success: Green (distinct from secondary) + ============================================ */ + +@theme { + /* Primary - Blue (muted/professional) */ + --color-primary-50: #f0f6fc; + --color-primary-100: #dbe8f7; + --color-primary-200: #bdd4f0; + --color-primary-300: #8fb8e5; + --color-primary-400: #5a94d6; + --color-primary-500: #3b78c4; + --color-primary-600: #2d5fa6; + --color-primary-700: #274d87; + --color-primary-800: #254270; + --color-primary-900: #23395e; + --color-primary-950: #18253f; + + /* Secondary - Green (muted/professional) */ + --color-secondary-50: #f2f8f4; + --color-secondary-100: #e0efe4; + --color-secondary-200: #c3dfcc; + --color-secondary-300: #96c7a6; + --color-secondary-400: #65a97b; + --color-secondary-500: #458c5e; + --color-secondary-600: #33714a; + --color-secondary-700: #2a5b3d; + --color-secondary-800: #244933; + --color-secondary-900: #1f3c2b; + --color-secondary-950: #102118; + + /* Accent Primary - Orange (muted/professional) */ + --color-accent-50: #fdf6f0; + --color-accent-100: #fbe9db; + --color-accent-200: #f6d0b6; + --color-accent-300: #f0b088; + --color-accent-400: #e88958; + --color-accent-500: #e16a36; + --color-accent-600: #d2522b; + --color-accent-700: #ae3f26; + --color-accent-800: #8b3425; + --color-accent-900: #712e22; + --color-accent-950: #3d1510; + + /* Accent Secondary - Purple (muted/professional) */ + --color-accent2-50: #f6f4fb; + --color-accent2-100: #ede9f7; + --color-accent2-200: #ddd5f0; + --color-accent2-300: #c5b6e4; + --color-accent2-400: #a78fd4; + --color-accent2-500: #8b6bc2; + --color-accent2-600: #7652ab; + --color-accent2-700: #634391; + --color-accent2-800: #533978; + --color-accent2-900: #463162; + --color-accent2-950: #2c1c42; + + /* Error/Alert - Red (muted/professional) */ + --color-error-50: #fdf3f3; + --color-error-100: #fce4e4; + --color-error-200: #fbcdcd; + --color-error-300: #f6a8a8; + --color-error-400: #ee7676; + --color-error-500: #e14a4a; + --color-error-600: #cd2d2d; + --color-error-700: #ac2323; + --color-error-800: #8e2121; + --color-error-900: #772222; + --color-error-950: #400d0d; + + /* Warning - Yellow (muted/professional) */ + --color-warning-50: #fdfaeb; + --color-warning-100: #faf2c9; + --color-warning-200: #f5e394; + --color-warning-300: #efd05b; + --color-warning-400: #e8bb30; + --color-warning-500: #d8a01d; + --color-warning-600: #ba7c16; + --color-warning-700: #955916; + --color-warning-800: #7b4619; + --color-warning-900: #693a1a; + --color-warning-950: #3d1e0a; + + /* Success - Green (distinct from secondary, muted) */ + --color-success-50: #f0fdf2; + --color-success-100: #dcfce2; + --color-success-200: #bbf7c6; + --color-success-300: #86ef9b; + --color-success-400: #4ade6a; + --color-success-500: #22c546; + --color-success-600: #16a336; + --color-success-700: #16802e; + --color-success-800: #176528; + --color-success-900: #155324; + --color-success-950: #052e10; + + /* Neutral/Surface colors for theming */ + --color-surface-50: #f8fafc; + --color-surface-100: #f1f5f9; + --color-surface-200: #e2e8f0; + --color-surface-300: #cbd5e1; + --color-surface-400: #94a3b8; + --color-surface-500: #64748b; + --color-surface-600: #475569; + --color-surface-700: #334155; + --color-surface-800: #1e293b; + --color-surface-900: #0f172a; + --color-surface-950: #020617; +} + +/* ============================================ + LIGHT THEME (default) + ============================================ */ +:root { + color-scheme: light; + + /* Background colors - subtle blue tint for softer appearance */ + --theme-bg: var(--color-primary-50); + --theme-bg-secondary: #e8f0f8; + --theme-bg-tertiary: var(--color-primary-100); + + /* Text colors */ + --theme-text: var(--color-surface-900); + --theme-text-secondary: var(--color-surface-600); + --theme-text-muted: var(--color-surface-400); + + /* Border colors */ + --theme-border: var(--color-surface-200); + --theme-border-hover: var(--color-surface-300); + + /* Interactive states */ + --theme-hover: var(--color-primary-100); + --theme-active: var(--color-primary-200); + + /* Shadows */ + --theme-shadow: 0 1px 3px 0 rgb(0 0 0 / 0.1), 0 1px 2px -1px rgb(0 0 0 / 0.1); + --theme-shadow-md: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1); + --theme-shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1); + + /* Card/Panel backgrounds - subtle blue tint to match overall theme */ + --theme-card: #f5f8fc; + --theme-card-hover: #edf2f9; +} + +/* ============================================ + DARK THEME + ============================================ */ +.dark { + color-scheme: dark; + + /* Background colors */ + --theme-bg: var(--color-surface-900); + --theme-bg-secondary: var(--color-surface-800); + --theme-bg-tertiary: var(--color-surface-700); + + /* Text colors */ + --theme-text: var(--color-surface-50); + --theme-text-secondary: var(--color-surface-300); + --theme-text-muted: var(--color-surface-500); + + /* Border colors */ + --theme-border: var(--color-surface-700); + --theme-border-hover: var(--color-surface-600); + + /* Interactive states */ + --theme-hover: var(--color-surface-800); + --theme-active: var(--color-surface-700); + + /* Shadows (more subtle in dark mode) */ + --theme-shadow: 0 1px 3px 0 rgb(0 0 0 / 0.3), 0 1px 2px -1px rgb(0 0 0 / 0.3); + --theme-shadow-md: 0 4px 6px -1px rgb(0 0 0 / 0.3), 0 2px 4px -2px rgb(0 0 0 / 0.3); + --theme-shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.3), 0 4px 6px -4px rgb(0 0 0 / 0.3); + + /* Card/Panel backgrounds */ + --theme-card: var(--color-surface-800); + --theme-card-hover: var(--color-surface-700); +} + +/* ============================================ + BASE STYLES + ============================================ */ +html { + background-color: var(--theme-bg); + color: var(--theme-text); + transition: + background-color 0.2s ease, + color 0.2s ease; +} + +body { + background-color: var(--theme-bg); + min-height: 100vh; +} + +/* ============================================ + UTILITY CLASSES + ============================================ */ +@utility bg-theme { + background-color: var(--theme-bg); +} + +@utility bg-theme-secondary { + background-color: var(--theme-bg-secondary); +} + +@utility bg-theme-tertiary { + background-color: var(--theme-bg-tertiary); +} + +@utility bg-theme-card { + background-color: var(--theme-card); +} + +@utility text-theme { + color: var(--theme-text); +} + +@utility text-theme-secondary { + color: var(--theme-text-secondary); +} + +@utility text-theme-muted { + color: var(--theme-text-muted); +} + +@utility border-theme { + border-color: var(--theme-border); +} + +@utility border-theme-hover { + border-color: var(--theme-border-hover); +} + +@utility shadow-theme { + box-shadow: var(--theme-shadow); +} + +@utility shadow-theme-md { + box-shadow: var(--theme-shadow-md); +} + +@utility shadow-theme-lg { + box-shadow: var(--theme-shadow-lg); +} + +/* ============================================ + COMPONENT STYLES + ============================================ */ + +/* Cards */ +@utility card { + @apply rounded-lg border; + border-color: var(--theme-border); + background-color: var(--theme-card); +} + +@utility card-padded { + @apply rounded-lg border p-6; + border-color: var(--theme-border); + background-color: var(--theme-card); +} + +/* Buttons */ +@utility btn-primary { + @apply inline-block rounded-lg bg-primary-500 px-4 py-2 font-medium text-white transition-colors hover:bg-primary-600 active:bg-primary-700; +} + +@utility btn-danger { + @apply inline-block rounded-lg bg-error-600 px-4 py-2 text-sm font-medium text-white transition-colors hover:bg-error-700 active:bg-error-800; +} + +/* Form Input Borders (for checkboxes, radios) */ +@utility border-input { + @apply border-surface-300 dark:border-surface-600; +} + +/* Interactive hover/active - unifies hover states */ +@utility interactive { + @apply transition-colors hover:bg-black/5 active:bg-black/10 dark:hover:bg-white/10 dark:active:bg-white/15; +} + +/* Alert utilities */ +@utility alert-error { + @apply rounded-lg border border-error-400 bg-error-50 p-3 text-sm text-error-700 dark:border-error-600 dark:bg-error-900/20 dark:text-error-400; +} + +@utility alert-success { + @apply rounded-lg border border-success-400 bg-success-50 p-3 text-sm text-success-700 dark:border-success-600 dark:bg-success-900/20 dark:text-success-400; +} + +/* Form utilities */ +@utility input-base { + @apply w-full rounded-lg border border-theme bg-theme px-3 py-2 text-theme placeholder:text-theme-muted focus:border-primary-500 focus:ring-1 focus:ring-primary-500 disabled:cursor-not-allowed disabled:opacity-50; +} + +@utility textarea-base { + @apply w-full rounded-lg border border-theme bg-theme px-3 py-2 text-theme placeholder:text-theme-muted focus:border-primary-500 focus:ring-1 focus:ring-primary-500 disabled:cursor-not-allowed disabled:opacity-50; +} + +@utility form-label { + @apply mb-1.5 block text-sm font-medium text-theme; +} diff --git a/nexus-5-auth-frontend/src/app.d.ts b/nexus-5-auth-frontend/src/app.d.ts new file mode 100644 index 0000000..da08e6d --- /dev/null +++ b/nexus-5-auth-frontend/src/app.d.ts @@ -0,0 +1,13 @@ +// See https://svelte.dev/docs/kit/types#app.d.ts +// for information about these interfaces +declare global { + namespace App { + // interface Error {} + // interface Locals {} + // interface PageData {} + // interface PageState {} + // interface Platform {} + } +} + +export {}; diff --git a/nexus-5-auth-frontend/src/app.html b/nexus-5-auth-frontend/src/app.html new file mode 100644 index 0000000..d501564 --- /dev/null +++ b/nexus-5-auth-frontend/src/app.html @@ -0,0 +1,12 @@ + + + + + + NexAuth + %sveltekit.head% + + +
%sveltekit.body%
+ + diff --git a/nexus-5-auth-frontend/src/lib/assets/favicon.svg b/nexus-5-auth-frontend/src/lib/assets/favicon.svg new file mode 100644 index 0000000..cc5dc66 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/assets/favicon.svg @@ -0,0 +1 @@ +svelte-logo \ No newline at end of file diff --git a/nexus-5-auth-frontend/src/lib/components/FlowForm.svelte b/nexus-5-auth-frontend/src/lib/components/FlowForm.svelte new file mode 100644 index 0000000..2dd1c20 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/FlowForm.svelte @@ -0,0 +1,284 @@ + + +
+ {#if messages.length > 0} +
+ {#each messages as message} + {#if message.type === 'error'} +
+ {message.text} +
+ {:else if message.type === 'success'} +
+ {message.text} +
+ {:else} +
+ {message.text} +
+ {/if} + {/each} +
+ {/if} + +
+ + {#if hasPasswordField && usernameValue()} + + {/if} + {#each nodes as node (node.attributes)} + + {/each} + +
diff --git a/nexus-5-auth-frontend/src/lib/components/FormField.svelte b/nexus-5-auth-frontend/src/lib/components/FormField.svelte new file mode 100644 index 0000000..a9dd4b8 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/FormField.svelte @@ -0,0 +1,243 @@ + + +{#if shouldHideField()} + +{:else} +
+ {#if node.type === 'script' && scriptAttrs} + + {:else if node.type === 'img' && imageAttrs} + +
+ {#if label} +

{label}

+ {/if} + QR Code +
+ {:else if node.type === 'text' && textAttrs} + +
+

{textAttrs.text.text}

+
+ {:else if node.type === 'input' && inputAttrs} + + {#if inputAttrs.type === 'hidden'} + + {:else if inputAttrs.type === 'submit' || inputAttrs.type === 'button'} + + {:else if isProfileTypeSelect()} + + + + {:else if inputAttrs.type === 'checkbox'} +
+ + +
+ {:else} + + + + {/if} + {/if} + + {#if messages.length > 0} +
+ {#each messages as message} +

+ {message.text} +

+ {/each} +
+ {/if} +
+{/if} + + diff --git a/nexus-5-auth-frontend/src/lib/components/SettingsProfileForm.svelte b/nexus-5-auth-frontend/src/lib/components/SettingsProfileForm.svelte new file mode 100644 index 0000000..26e8c48 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/SettingsProfileForm.svelte @@ -0,0 +1,159 @@ + + +
+ + + + {#if error} +
+

{error}

+
+ {/if} + + {#if success} +
+

Profile updated successfully!

+
+ {/if} + + +
+ + +
+ + +
+ + +
+ + +
+ + +
+ + +
+ + +
+ + + +
diff --git a/nexus-5-auth-frontend/src/lib/components/modals/IdentityCreateModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/IdentityCreateModal.svelte new file mode 100644 index 0000000..5769bbb --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/IdentityCreateModal.svelte @@ -0,0 +1,118 @@ + + + + {#snippet header()} +

Create New Identity

+ {/snippet} + +
+ {#if error} +
+

{error}

+
+ {/if} + +
+
+ + +
+ +
+
+ + +
+
+ + +
+
+ +
+ + +
+
+
+ + {#snippet footer()} + + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/components/modals/IdentityDetailsModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/IdentityDetailsModal.svelte new file mode 100644 index 0000000..b0ad93d --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/IdentityDetailsModal.svelte @@ -0,0 +1,116 @@ + + + + {#snippet header()} +

Identity Details

+ {/snippet} + +
+ +
+
+ Email +

{identity?.traits?.email || 'N/A'}

+
+
+ Name +

+ {#if identity?.traits?.name} + {identity.traits.name.first || ''} {identity.traits.name.last || ''} + {:else} + N/A + {/if} +

+
+
+ State +

{identity?.state || 'N/A'}

+
+
+ Created +

+ {identity?.created_at ? new Date(identity.created_at).toLocaleString() : 'N/A'} +

+
+
+ + + {#if identity?.credentials} +
+

Authentication Methods

+
+ {#each Object.entries(identity.credentials) as [type, credential]} +
+
+
+ {type} + {#if credential.identifiers && credential.identifiers.length > 0} +
+ {#each credential.identifiers as identifier} + {identifier} + {/each} +
+ {/if} + {#if credential.created_at} +

+ Added {new Date(credential.created_at).toLocaleDateString()} +

+ {/if} +
+ {#if type !== 'password' && type !== 'code'} + + {/if} +
+
+ {/each} +
+
+ {/if} + + +
+ + View Raw JSON + +
+ 
{JSON.stringify(identity, null, 2)}
+
+
+
+ + {#snippet footer()} + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/components/modals/IdentityEditModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/IdentityEditModal.svelte new file mode 100644 index 0000000..0c87241 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/IdentityEditModal.svelte @@ -0,0 +1,183 @@ + + + + {#snippet header()} +

Edit Identity

+ {/snippet} + +
+ {#if error} +
+

{error}

+
+ {/if} + + {#if identity} +
+ +
+ + +
+ + +
+
+ + +
+
+ + +
+
+ + +
+ + +

Optional

+
+ + +
+ + +

Determines account type and permissions

+
+ + +
+ + +
+ + +
+

System Metadata (Public)

+

+ Read-only for users, editable by admin. Links to Django backend. +

+ +
+
+ + +
+
+
+
+ {/if} +
+ + {#snippet footer()} + + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/components/modals/IdentitySessionsModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/IdentitySessionsModal.svelte new file mode 100644 index 0000000..4f77825 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/IdentitySessionsModal.svelte @@ -0,0 +1,122 @@ + + + + {#snippet header()} +
+

+ Sessions for {data?.identity.traits?.email || 'User'} +

+

+ {data?.sessions.length || 0} active + {data?.sessions.length === 1 ? 'session' : 'sessions'} +

+
+ {/snippet} + +
+ {#if data && data.sessions.length === 0} +

No active sessions for this user.

+ {:else if data} +
+ + + + + + + + + + + {#each data.sessions as session (session.id)} + + + + + + + {/each} + +
+ Session ID + + Issued At + + Expires At + + Actions +
+ {session.id.substring(0, 12)}... + + {new Date(session.issued_at || '').toLocaleString()} + + {new Date(session.expires_at || '').toLocaleString()} + + + + +
+
+ {/if} +
+ + {#snippet footer()} + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/components/modals/MessageDetailsModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/MessageDetailsModal.svelte new file mode 100644 index 0000000..9b4d0d8 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/MessageDetailsModal.svelte @@ -0,0 +1,40 @@ + + + + {#snippet header()} +

Message Details

+ {/snippet} + +
+ 
{JSON.stringify(message, null, 2)}
+
+ + {#snippet footer()} + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/components/modals/SessionDetailsModal.svelte b/nexus-5-auth-frontend/src/lib/components/modals/SessionDetailsModal.svelte new file mode 100644 index 0000000..6117d21 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/components/modals/SessionDetailsModal.svelte @@ -0,0 +1,40 @@ + + + + {#snippet header()} +

Session Details

+ {/snippet} + +
+ 
{JSON.stringify(session, null, 2)}
+
+ + {#snippet footer()} + + {/snippet} + diff --git a/nexus-5-auth-frontend/src/lib/flows.ts b/nexus-5-auth-frontend/src/lib/flows.ts new file mode 100644 index 0000000..48b8e73 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/flows.ts @@ -0,0 +1,96 @@ +import { kratosServerClient } from './kratos-server'; +import type { + LoginFlow, + RegistrationFlow, + RecoveryFlow, + VerificationFlow, + SettingsFlow +} from '@ory/client'; + +// Utility to (a) get flow if id present, (b) create the new browser flow if not, and +// (c) transparently re-init on stale/expired/forbidden flows similar to Ory Kratos UI +async function getOrCreateFlow< + T extends LoginFlow | RegistrationFlow | RecoveryFlow | VerificationFlow | SettingsFlow +>(params: { + flowId: string | null; + create: () => Promise; + get: () => Promise; + redirectBasePath: string; // e.g. '/login' + searchParams?: URLSearchParams; + excludeParams?: string[]; // Additional params to exclude from redirect (e.g., 'code' for verification/recovery) +}): Promise<{ flow: T; redirectTo?: string }> { + const { flowId, create, get, redirectBasePath, searchParams, excludeParams = [] } = params; + const buildRedirect = (flow: T) => { + const sp = new URLSearchParams(); + // Parameters to exclude from redirect URL + const excluded = new Set(['flow', ...excludeParams]); + // Only copy non-excluded search params + if (searchParams) { + for (const [key, value] of searchParams.entries()) { + if (!excluded.has(key)) { + sp.set(key, value); + } + } + } + sp.set('flow', flow.id); + return `${redirectBasePath}?${sp.toString()}`; + }; + + try { + if (flowId) { + const flow = await get(); + return { flow }; + } + + const flow = await create(); + return { flow, redirectTo: buildRedirect(flow) }; + } catch (e: any) { + // Handle common Kratos flow errors by re-initializing the flow + // 410 (Gone) - flow expired; 403 (Forbidden) - CSRF or not allowed; 400 (Bad Request) - invalid id + if ([410, 403, 400].includes(e?.status || e?.response?.status)) { + try { + const flow = await create(); + return { flow, redirectTo: buildRedirect(flow) }; + } catch (ee: any) { + throw ee; + } + } + throw e; + } +} + +export async function loadRecoveryFlow(flowId: string | null, searchParams?: URLSearchParams) { + return getOrCreateFlow({ + flowId, + create: async () => (await kratosServerClient.createBrowserRecoveryFlow()).data, + get: async () => (await kratosServerClient.getRecoveryFlow({ id: flowId! })).data, + redirectBasePath: '/recovery', + searchParams, + excludeParams: ['code'] // Don't preserve recovery codes across flow recreations + }); +} + +export async function loadVerificationFlow(flowId: string | null, searchParams?: URLSearchParams) { + return getOrCreateFlow({ + flowId, + create: async () => (await kratosServerClient.createBrowserVerificationFlow()).data, + get: async () => (await kratosServerClient.getVerificationFlow({ id: flowId! })).data, + redirectBasePath: '/verification', + searchParams, + excludeParams: ['code'] // Don't preserve verification codes across flow recreations + }); +} + +export async function loadSettingsFlow( + flowId: string | null, + cookie: string, + searchParams?: URLSearchParams +) { + return getOrCreateFlow({ + flowId, + create: async () => (await kratosServerClient.createBrowserSettingsFlow({ cookie })).data, + get: async () => (await kratosServerClient.getSettingsFlow({ id: flowId!, cookie })).data, + redirectBasePath: '/settings', + searchParams + }); +} diff --git a/nexus-5-auth-frontend/src/lib/kratos-server.ts b/nexus-5-auth-frontend/src/lib/kratos-server.ts new file mode 100644 index 0000000..d76d47f --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/kratos-server.ts @@ -0,0 +1,11 @@ +import { Configuration, FrontendApi } from '@ory/client'; +import { PUBLIC_KRATOS_URL } from '$env/static/public'; +import { KRATOS_SERVER_URL } from '$env/static/private'; + +// Server-side client (without browser-specific settings) +// Used only for session validation in server-side loaders +export const kratosServerClient = new FrontendApi( + new Configuration({ + basePath: KRATOS_SERVER_URL || PUBLIC_KRATOS_URL || 'http://localhost:4455' + }) +); diff --git a/nexus-5-auth-frontend/src/lib/kratos.ts b/nexus-5-auth-frontend/src/lib/kratos.ts new file mode 100644 index 0000000..6f682fa --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/kratos.ts @@ -0,0 +1,24 @@ +import { Configuration, FrontendApi, IdentityApi } from '@ory/client'; +import { PUBLIC_KRATOS_URL } from '$env/static/public'; + +// Browser-side client (with credentials) +// All browser calls (including admin API) go through Oathkeeper at PUBLIC_KRATOS_URL +export const kratosClient = new FrontendApi( + new Configuration({ + basePath: PUBLIC_KRATOS_URL || 'http://localhost:4455', + baseOptions: { + withCredentials: true + } + }) +); + +// Admin client for administrative operations (with credentials) +// Uses the same proxy but with IdentityApi for admin operations +export const kratosAdminClient = new IdentityApi( + new Configuration({ + basePath: PUBLIC_KRATOS_URL || 'http://localhost:4455', + baseOptions: { + withCredentials: true + } + }) +); diff --git a/nexus-5-auth-frontend/src/lib/stores/theme.svelte.ts b/nexus-5-auth-frontend/src/lib/stores/theme.svelte.ts new file mode 100644 index 0000000..b631a7a --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/stores/theme.svelte.ts @@ -0,0 +1,79 @@ +import { browser } from '$app/environment'; + +type Theme = 'light' | 'dark' | 'system'; + +const STORAGE_KEY = 'theme-preference'; + +function getSystemTheme(): 'light' | 'dark' { + if (!browser) return 'light'; + return window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light'; +} + +function getStoredTheme(): Theme { + if (!browser) return 'system'; + const stored = localStorage.getItem(STORAGE_KEY); + if (stored === 'light' || stored === 'dark' || stored === 'system') { + return stored; + } + return 'system'; +} + +function createThemeStore() { + let preference = $state(getStoredTheme()); + let resolved = $derived<'light' | 'dark'>( + preference === 'system' ? getSystemTheme() : preference + ); + + function applyTheme(theme: 'light' | 'dark') { + if (!browser) return; + document.documentElement.classList.remove('light', 'dark'); + document.documentElement.classList.add(theme); + } + + function setTheme(theme: Theme) { + preference = theme; + + if (browser) { + localStorage.setItem(STORAGE_KEY, theme); + applyTheme(resolved); + } + } + + function toggle() { + const newTheme = resolved === 'light' ? 'dark' : 'light'; + setTheme(newTheme); + } + + function init() { + if (!browser) return; + + applyTheme(resolved); + + const mediaQuery = window.matchMedia('(prefers-color-scheme: dark)'); + const handleChange = (e: MediaQueryListEvent) => { + if (preference === 'system') { + resolved = e.matches ? 'dark' : 'light'; + applyTheme(resolved); + } + }; + + mediaQuery.addEventListener('change', handleChange); + } + + return { + get preference() { + return preference; + }, + get resolved() { + return resolved; + }, + get isDark() { + return resolved === 'dark'; + }, + setTheme, + toggle, + init + }; +} + +export const theme = createThemeStore(); diff --git a/nexus-5-auth-frontend/src/lib/utils.ts b/nexus-5-auth-frontend/src/lib/utils.ts new file mode 100644 index 0000000..2afef26 --- /dev/null +++ b/nexus-5-auth-frontend/src/lib/utils.ts @@ -0,0 +1,52 @@ +import type { UiNode, UiNodeInputAttributes } from '@ory/client'; + +export function getNodeLabel(node: UiNode): string { + const attrs = node.attributes as UiNodeInputAttributes; + if (node.meta.label?.text) { + return node.meta.label.text; + } + return attrs.name || ''; +} + +export function filterNodesByGroups(nodes: UiNode[], ...groups: string[]): UiNode[] { + return nodes.filter((node) => groups.includes(node.group)); +} + +/** + * Helper function to set nested property in an object using dot notation + * Example: setNestedProperty(obj, 'traits.name.first', 'John') + */ +export function setNestedProperty(obj: any, path: string, value: any): void { + const keys = path.split('.'); + let current = obj; + + for (let i = 0; i < keys.length - 1; i++) { + const key = keys[i]; + if (!(key in current)) { + current[key] = {}; + } + current = current[key]; + } + + current[keys[keys.length - 1]] = value; +} + +/** + * Convert FormData to JSON object for Ory SDK submission + * This handles nested properties (like traits.email, traits.name.first) + * and includes the csrf_token which must be present in JSON requests + */ +export function formDataToJson(formData: FormData): Record { + const json: Record = {}; + + for (const [key, value] of formData.entries()) { + // Handle nested object notation (e.g., traits.email, traits.name.first) + if (key.includes('.')) { + setNestedProperty(json, key, value); + } else { + json[key] = value; + } + } + + return json; +} diff --git a/nexus-5-auth-frontend/src/routes/+layout.server.ts b/nexus-5-auth-frontend/src/routes/+layout.server.ts new file mode 100644 index 0000000..2e69348 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/+layout.server.ts @@ -0,0 +1,23 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import { ADMIN_USER_ID } from '$env/static/private'; +import type { LayoutServerLoad } from './$types'; + +export const load: LayoutServerLoad = async ({ cookies }) => { + try { + const sessionToken = cookies.get('ory_kratos_session'); + + if (!sessionToken) { + return { session: null, isAdmin: false }; + } + + const { data: session } = await kratosServerClient.toSession({ + cookie: `ory_kratos_session=${sessionToken}` + }); + + const isAdmin = session?.identity?.id === ADMIN_USER_ID; + + return { session, isAdmin }; + } catch { + return { session: null, isAdmin: false }; + } +}; diff --git a/nexus-5-auth-frontend/src/routes/+layout.svelte b/nexus-5-auth-frontend/src/routes/+layout.svelte new file mode 100644 index 0000000..a072944 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/+layout.svelte @@ -0,0 +1,187 @@ + + +
+ + + + {#if menuOpen} + + + + +
+
+ +
+ + Home + + {#if data.session} + + Settings + + {#if data.isAdmin} + + Admin + + {/if} + {/if} +
+
+
+ {/if} + +
+ {@render children()} +
+
diff --git a/nexus-5-auth-frontend/src/routes/+page.svelte b/nexus-5-auth-frontend/src/routes/+page.svelte new file mode 100644 index 0000000..50b5f92 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/+page.svelte @@ -0,0 +1,135 @@ + + + + Home - Nexus Nexus + + +{#if session} +
+
+

Welcome back!

+ +
+
+

Account Information

+
+
+
Email
+
{traits?.email || 'Not set'}
+
+ {#if traits?.name?.first || traits?.name?.last} +
+
Name
+
+ {traits.name.first} + {traits.name.last} +
+
+ {/if} +
+
User ID
+
{identity?.id}
+
+
+
Session Active
+
+ {session.active ? 'Yes' : 'No'} +
+
+ {#if session.expires_at} +
+
Session Expires
+
+ {new Date(session.expires_at).toLocaleString()} +
+
+ {/if} +
+
Authentication Level
+
+ {session.authenticator_assurance_level === 'aal2' + ? 'Two-Factor' + : 'Single-Factor'} +
+
+
+
+ + {#if session.authentication_methods && session.authentication_methods.length > 0} +
+

Authentication Methods

+
    + {#each session.authentication_methods as method} +
  • + + {method.method} (completed at {new Date( + method.completed_at || '' + ).toLocaleString()}) +
    • + {/each} +
+
+ {/if} + +
+ + Manage Account Settings + +
+
+
+
+{:else} +
+

+ Welcome to Nexus Nexus +

+

+ A secure authentication platform built with Ory Kratos and SvelteKit +

+
+ + Get started + + + Sign in + +
+ +
+
+

Secure Authentication

+

+ Powered by Ory Kratos with support for passwords, 2FA, and passwordless login +

+
+
+

Account Recovery

+

+ Easy password recovery and email verification flows to keep your account secure +

+
+
+

Self-Service Settings

+

+ Manage your profile, change passwords, and configure two-factor authentication +

+
+
+
+{/if} diff --git a/nexus-5-auth-frontend/src/routes/admin/+page.server.ts b/nexus-5-auth-frontend/src/routes/admin/+page.server.ts new file mode 100644 index 0000000..c5a0cd0 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/admin/+page.server.ts @@ -0,0 +1,31 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import { redirect } from '@sveltejs/kit'; +import { ADMIN_USER_ID } from '$env/static/private'; +import type { PageServerLoad } from './$types'; + +export const load: PageServerLoad = async ({ cookies }) => { + const sessionToken = cookies.get('ory_kratos_session'); + + if (!sessionToken) { + redirect(303, '/login?return_to=/admin'); + } + + try { + const { data: session } = await kratosServerClient.toSession({ + cookie: `ory_kratos_session=${sessionToken}` + }); + + // Check if the user is the admin + if (session.identity?.id !== ADMIN_USER_ID) { + redirect(303, '/?error=unauthorized'); + } + + return { + session, + isAdmin: true + }; + } catch { + // If session validation fails, redirect to login + redirect(303, '/login?return_to=/admin'); + } +}; diff --git a/nexus-5-auth-frontend/src/routes/admin/+page.svelte b/nexus-5-auth-frontend/src/routes/admin/+page.svelte new file mode 100644 index 0000000..5f4b2bb --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/admin/+page.svelte @@ -0,0 +1,1444 @@ + + + + Admin Dashboard - Nexus Nexus + + +
+
+
+

Admin Dashboard

+

+ Logged in as: {data.session?.identity?.traits?.email || 'Unknown'} +

+
+ + +
+ +
+ + + {#if activeTab === 'identities'} +
+
+
+

User Identities

+
+ + + +
+
+
+ +
+
+ +
+ {#if identityLoading} +

Loading identities...

+ {:else if identityError} +
+

{identityError}

+
+ {:else if filteredIdentities.length === 0} +

No identities found.

+ {:else} +
+ + + + + + + + + + + + + {#each filteredIdentities as identity (identity.id)} + + + + + + + + + {/each} + +
+ Email + + Name + + Verified + + Created + + State + + Actions +
+ {identity.traits?.email || 'N/A'} + + {#if identity.traits?.name} + {identity.traits.name.first || ''} {identity.traits.name.last || ''} + {:else} + N/A + {/if} + + {#if hasUnverifiedEmail(identity)} + + Unverified + + {:else} + + Verified + + {/if} + + {new Date(identity.created_at || '').toLocaleDateString()} + + + {identity.state || 'unknown'} + + + + + {#if hasUnverifiedEmail(identity)} + + {/if} + + + +
+
+ + + {#if browser && !identitySearch} +
+
+ Page {identityPage + 1} ({identities.length} identities) +
+
+ + +
+
+ {/if} + {/if} +
+
+ {/if} + + + {#if activeTab === 'sessions'} +
+
+
+

Active Sessions

+ +
+
+ +
+ {#if sessionLoading} +

Loading sessions...

+ {:else if sessionError} +
+

{sessionError}

+
+ {:else if sessions.length === 0} +

No active sessions found.

+ {:else} +
+ + + + + + + + + + + + {#each sessions as session (session.id)} + + + + + + + + {/each} + +
+ User Email + + Session ID + + Issued At + + Expires At + + Actions +
+ {session.identity?.traits?.email || 'N/A'} + + {session.id.substring(0, 8)}... + + {new Date(session.issued_at || '').toLocaleString()} + + {new Date(session.expires_at || '').toLocaleString()} + + + + +
+
+ + + {#if browser} +
+
+ Page {sessionPage + 1} ({sessions.length} sessions) +
+
+ + +
+
+ {/if} + {/if} +
+
+ {/if} + + + {#if activeTab === 'recovery'} +
+
+

Account Recovery

+

Generate recovery links or codes for users

+
+ +
+
+
+ + +
+ +
+ + +
+ + + + {#if recoveryError} +
+

{recoveryError}

+
+ {/if} + + {#if recoveryResult} +
+

+ Recovery generated successfully! +

+
+ 
{JSON.stringify(
+											recoveryResult,
+											null,
+											2
+										)}
+
+ +
+ {/if} +
+
+
+ {/if} + + + {#if activeTab === 'courier'} +
+
+
+

Courier Messages

+ +
+
+ + +
+
+ +
+ {#if courierLoading} +

Loading messages...

+ {:else if courierError} +
+

{courierError}

+
+ {:else if courierMessages.length === 0} +

No messages found.

+ {:else} +
+ + + + + + + + + + + + + {#each courierMessages as message (message.id)} + + + + + + + + + {/each} + +
+ Recipient + + Subject + + Type + + Status + + Created + + Actions +
+ {message.recipient || 'N/A'} + + {message.subject || 'N/A'} + + {message.template_type || message.channel || 'N/A'} + + + {message.status || 'unknown'} + + + {message.created_at ? new Date(message.created_at).toLocaleString() : 'N/A'} + + +
+
+ + + {#if browser} +
+
+ {courierMessages.length} messages + {#if courierPageToken} + + {/if} +
+ +
+ {/if} + {/if} +
+
+ {/if} + + + {#if activeTab === 'batch'} +
+
+

Batch Identity Operations

+

+ Create multiple identities at once by providing JSON data +

+
+ +
+
+
+ +

+ Provide an array of identity objects. Each identity should have schema_id and + traits. +

+ +
+ + + + {#if batchError} +
+

{batchError}

+
+ {/if} + + {#if batchResult} +
+

+ Batch operation completed successfully! +

+
+ 
{JSON.stringify(
+											batchResult,
+											null,
+											2
+										)}
+
+ +
+ {/if} + +
+

Example JSON Format

+ 
{`[
+  {
+    "schema_id": "default",
+    "traits": {
+      "email": "user@example.com",
+      "name": {
+        "first": "First",
+        "last": "Last"
+      }
+    }
+  }
+]`}
+
+
+
+
+ {/if} +
+
+ + + + + + + + + + + { + selectedSession = session; + identitySessionsModal = null; + }} + onExtendSession={extendSession} + onDeleteSession={deleteSession} +/> + + diff --git a/nexus-5-auth-frontend/src/routes/error/+page.server.ts b/nexus-5-auth-frontend/src/routes/error/+page.server.ts new file mode 100644 index 0000000..6e2887f --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/error/+page.server.ts @@ -0,0 +1,22 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import type { PageServerLoad } from './$types'; + +export const load: PageServerLoad = async ({ url }) => { + const flowId = url.searchParams.get('id'); + + if (!flowId) { + return { + errorMessage: 'An error occurred. Please try again.' + }; + } + + try { + const { data: flow } = await kratosServerClient.getFlowError({ id: flowId }); + return { flow }; + } catch (error) { + console.error('Error flow error:', error); + return { + errorMessage: 'An error occurred. Please try again.' + }; + } +}; diff --git a/nexus-5-auth-frontend/src/routes/error/+page.svelte b/nexus-5-auth-frontend/src/routes/error/+page.svelte new file mode 100644 index 0000000..bd11fe8 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/error/+page.svelte @@ -0,0 +1,49 @@ + + + + Error - Nexus Nexus + + +
+
+
+
+
+ +
+
+

Error

+
+

{errorMessage}

+ {#if errorDetails?.reason} +

{errorDetails.reason}

+ {/if} +
+
+ + Go back home + +
+
+
+
+
+
diff --git a/nexus-5-auth-frontend/src/routes/login/+page.svelte b/nexus-5-auth-frontend/src/routes/login/+page.svelte new file mode 100644 index 0000000..a36503f --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/login/+page.svelte @@ -0,0 +1,77 @@ + + + + Login - Nexus Nexus + + +
+
+

+ Sign in to your account +

+
+ +
+
+ {#if loading} +

Loading...

+ {:else if error} +
+

{error}

+
+

+ Try again +

+ {:else if flow} + + {:else} +
+

Failed to load login form

+
+ {/if} +
+ +

+ Don't have an account? + + Register here + +

+ +

+ + Forgot your password? + +

+
+
diff --git a/nexus-5-auth-frontend/src/routes/logout/+server.ts b/nexus-5-auth-frontend/src/routes/logout/+server.ts new file mode 100644 index 0000000..4ab5267 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/logout/+server.ts @@ -0,0 +1,56 @@ +import { redirect } from '@sveltejs/kit'; +import type { RequestHandler } from './$types'; +import { PUBLIC_KRATOS_URL } from '$env/static/public'; + +export const POST: RequestHandler = async ({ cookies, fetch, request }) => { + const formData = await request.formData(); + const returnTo = formData.get('return_to')?.toString() || 'https://account.example.com'; + + try { + const sessionToken = cookies.get('ory_kratos_session'); + + if (sessionToken) { + // Create a logout flow through Oathkeeper with return_to parameter + const logoutUrl = new URL(`${PUBLIC_KRATOS_URL}/self-service/logout/browser`); + logoutUrl.searchParams.set('return_to', returnTo); + + const response = await fetch(logoutUrl.toString(), { + method: 'GET', + headers: { + cookie: `ory_kratos_session=${sessionToken}` + }, + redirect: 'manual' + }); + + // Get the logout token from response + if (response.status === 200) { + const data = await response.json(); + if (data.logout_url) { + // Execute logout - this will redirect to return_to after logout + await fetch(data.logout_url, { + method: 'GET', + headers: { + cookie: `ory_kratos_session=${sessionToken}` + } + }); + } + } + } + + // Clear cookie on the server side with matching attributes + cookies.delete('ory_kratos_session', { + path: '/', + domain: '.example.com' + }); + } catch (error) { + console.error('Logout error:', error); + // Continue to redirect even if logout fails + } + + // Redirect to the return_to URL or default to login page + if (returnTo && returnTo !== 'https://account.example.com') { + throw redirect(303, returnTo); + } + + throw redirect(303, '/login'); +}; diff --git a/nexus-5-auth-frontend/src/routes/recovery/+page.server.ts b/nexus-5-auth-frontend/src/routes/recovery/+page.server.ts new file mode 100644 index 0000000..542af1b --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/recovery/+page.server.ts @@ -0,0 +1,76 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import { redirect } from '@sveltejs/kit'; +import { PUBLIC_KRATOS_URL } from '$env/static/public'; +import type { PageServerLoad } from './$types'; + +export const load: PageServerLoad = async ({ url, request }) => { + const flowId = url.searchParams.get('flow'); + const code = url.searchParams.get('code'); + + // If no flow ID, redirect to Kratos to create the flow (with proper CSRF cookie handling) + if (!flowId) { + throw redirect(303, `${PUBLIC_KRATOS_URL}/self-service/recovery/browser`); + } + + // Load the existing flow + const cookie = request.headers.get('cookie') || undefined; + let flow; + + try { + const result = await kratosServerClient.getRecoveryFlow({ id: flowId, cookie }); + flow = result.data; + } catch (error: any) { + // If flow is expired/invalid, redirect to create a new one + if ([410, 403, 400].includes(error?.status || error?.response?.status)) { + throw redirect(303, `${PUBLIC_KRATOS_URL}/self-service/recovery/browser`); + } + throw error; + } + + // If we have a valid flow and code, auto-submit the recovery code + if (flow && code) { + try { + const result = await kratosServerClient.updateRecoveryFlow({ + flow: flow.id, + updateRecoveryFlowBody: { + method: 'code', + code: code + } + }); + + // Recovery code submitted successfully + // Check if Kratos wants us to redirect somewhere (usually to settings to set new password) + if (result.data && (result.data as any).redirect_browser_to) { + throw redirect(303, (result.data as any).redirect_browser_to); + } + + // Otherwise update the flow with the result + flow = result.data; + } catch (error: any) { + // Re-throw if this is a redirect (SvelteKit internal) + if (error?.status === 303 || error?.location) { + throw error; + } + + console.error('Auto recovery failed:', error); + + // If Kratos returned an updated flow with error messages, use it + if (error.response?.data?.ui) { + flow = error.response.data; + } else { + // Add a user-friendly error message to the flow UI + if (!flow.ui.messages) { + flow.ui.messages = []; + } + flow.ui.messages.push({ + id: 4060001, + text: 'The recovery code has expired or is invalid. Please request a new recovery email by entering your email address below.', + type: 'error', + context: {} + }); + } + } + } + + return { flow }; +}; diff --git a/nexus-5-auth-frontend/src/routes/recovery/+page.svelte b/nexus-5-auth-frontend/src/routes/recovery/+page.svelte new file mode 100644 index 0000000..3be27c4 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/recovery/+page.svelte @@ -0,0 +1,49 @@ + + + + Password Recovery - Nexus Nexus + + +
+
+

+ {heading} +

+

+ {description} +

+
+ +
+
+ +
+ +

+ Remember your password? + + Sign in here + +

+
+
diff --git a/nexus-5-auth-frontend/src/routes/registration/+page.svelte b/nexus-5-auth-frontend/src/routes/registration/+page.svelte new file mode 100644 index 0000000..d22f5f2 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/registration/+page.svelte @@ -0,0 +1,71 @@ + + + + Register - Nexus Nexus + + +
+
+

+ Create your account +

+
+ +
+
+ {#if loading} +

Loading...

+ {:else if error} +
+

{error}

+
+

+ Try again +

+ {:else if flow} + + {:else} +
+

Failed to load registration form

+
+ {/if} +
+ +

+ Already have an account? + + Sign in here + +

+
+
diff --git a/nexus-5-auth-frontend/src/routes/settings/+page.server.ts b/nexus-5-auth-frontend/src/routes/settings/+page.server.ts new file mode 100644 index 0000000..b9e3932 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/settings/+page.server.ts @@ -0,0 +1,21 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import { redirect } from '@sveltejs/kit'; +import type { PageServerLoad } from './$types'; + +// Only validate session on the server. Do NOT create/fetch the settings flow here +// so that Kratos' Set-Cookie (csrf) reaches the browser directly when the flow +// is initialized client-side. +export const load: PageServerLoad = async ({ cookies }) => { + const sessionToken = cookies.get('ory_kratos_session'); + if (!sessionToken) { + throw redirect(303, '/login'); + } + + const sessionCookie = `ory_kratos_session=${sessionToken}`; + try { + await kratosServerClient.toSession({ cookie: sessionCookie }); + } catch { + throw redirect(303, '/login'); + } + return {}; +}; diff --git a/nexus-5-auth-frontend/src/routes/settings/+page.svelte b/nexus-5-auth-frontend/src/routes/settings/+page.svelte new file mode 100644 index 0000000..77cfece --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/settings/+page.svelte @@ -0,0 +1,82 @@ + + + + Settings - Nexus Nexus + + +
+

Account Settings

+ + {#if isUpdated} +
+

Your settings have been updated successfully!

+
+ {/if} + + {#if isLoading} +
+

Loading settings…

+
+ {:else if flow} +
+

Profile Settings

+

Update your personal information

+ +
+ +
+

Password

+ +
+ +
+

Authenticator App (TOTP)

+

+ Use an authenticator app like Google Authenticator, Authy, or 1Password to generate verification codes. +

+ +
+ +
+

Security Keys & Biometrics (WebAuthn)

+

+ Use hardware security keys (like YubiKey) or biometric authentication (like Face ID or Touch ID) for enhanced security. +

+ +
+ {/if} +
diff --git a/nexus-5-auth-frontend/src/routes/verification/+page.server.ts b/nexus-5-auth-frontend/src/routes/verification/+page.server.ts new file mode 100644 index 0000000..71e84e2 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/verification/+page.server.ts @@ -0,0 +1,77 @@ +import { kratosServerClient } from '$lib/kratos-server'; +import { redirect } from '@sveltejs/kit'; +import { PUBLIC_KRATOS_URL } from '$env/static/public'; +import type { PageServerLoad } from './$types'; + +export const load: PageServerLoad = async ({ url, request }) => { + const flowId = url.searchParams.get('flow'); + const code = url.searchParams.get('code'); + + // If no flow ID, redirect to Kratos to create the flow (with proper CSRF cookie handling) + if (!flowId) { + throw redirect(303, `${PUBLIC_KRATOS_URL}/self-service/verification/browser`); + } + + // Load the existing flow + const cookie = request.headers.get('cookie') || undefined; + let flow; + + try { + const result = await kratosServerClient.getVerificationFlow({ id: flowId, cookie }); + flow = result.data; + } catch (error: any) { + // If flow is expired/invalid, redirect to create a new one + if ([410, 403, 400].includes(error?.status || error?.response?.status)) { + throw redirect(303, `${PUBLIC_KRATOS_URL}/self-service/verification/browser`); + } + throw error; + } + + // If we have a valid flow and code, auto-submit the verification + if (flow && code) { + try { + const result = await kratosServerClient.updateVerificationFlow({ + flow: flow.id, + updateVerificationFlowBody: { + method: 'code', + code: code + }, + cookie // Pass session cookie so Kratos can associate verification with authenticated user + }); + + // Verification code submitted successfully + // Check if Kratos wants us to redirect somewhere + if (result.data && (result.data as any).redirect_browser_to) { + throw redirect(303, (result.data as any).redirect_browser_to); + } + + // Otherwise redirect to home + throw redirect(303, '/'); + } catch (error: any) { + // Re-throw if this is a redirect (SvelteKit internal) + if (error?.status === 303 || error?.location) { + throw error; + } + + console.error('Auto verification failed:', error); + + // If Kratos returned an updated flow with error messages, use it + if (error.response?.data?.ui) { + flow = error.response.data; + } else { + // Add a user-friendly error message to the flow UI + if (!flow.ui.messages) { + flow.ui.messages = []; + } + flow.ui.messages.push({ + id: 4070001, + text: 'The verification code has expired or is invalid. Please request a new verification email by entering your email address below.', + type: 'error', + context: {} + }); + } + } + } + + return { flow }; +}; diff --git a/nexus-5-auth-frontend/src/routes/verification/+page.svelte b/nexus-5-auth-frontend/src/routes/verification/+page.svelte new file mode 100644 index 0000000..8449d47 --- /dev/null +++ b/nexus-5-auth-frontend/src/routes/verification/+page.svelte @@ -0,0 +1,42 @@ + + + + Email Verification - Nexus Nexus + + +
+
+

+ {heading} +

+

+ {description} +

+
+ +
+
+ +
+
+
diff --git a/nexus-5-auth-frontend/static/robots.txt b/nexus-5-auth-frontend/static/robots.txt new file mode 100644 index 0000000..b6dd667 --- /dev/null +++ b/nexus-5-auth-frontend/static/robots.txt @@ -0,0 +1,3 @@ +# allow crawling everything by default +User-agent: * +Disallow: diff --git a/nexus-5-auth-frontend/svelte.config.js b/nexus-5-auth-frontend/svelte.config.js new file mode 100644 index 0000000..03c17f2 --- /dev/null +++ b/nexus-5-auth-frontend/svelte.config.js @@ -0,0 +1,12 @@ +import adapter from '@sveltejs/adapter-node'; +import { vitePreprocess } from '@sveltejs/vite-plugin-svelte'; + +/** @type {import('@sveltejs/kit').Config} */ +const config = { + // Consult https://svelte.dev/docs/kit/integrations + // for more information about preprocessors + preprocess: vitePreprocess(), + kit: { adapter: adapter() } +}; + +export default config; diff --git a/nexus-5-auth-frontend/tsconfig.json b/nexus-5-auth-frontend/tsconfig.json new file mode 100644 index 0000000..a5567ee --- /dev/null +++ b/nexus-5-auth-frontend/tsconfig.json @@ -0,0 +1,19 @@ +{ + "extends": "./.svelte-kit/tsconfig.json", + "compilerOptions": { + "allowJs": true, + "checkJs": true, + "esModuleInterop": true, + "forceConsistentCasingInFileNames": true, + "resolveJsonModule": true, + "skipLibCheck": true, + "sourceMap": true, + "strict": true, + "moduleResolution": "bundler" + } + // Path aliases are handled by https://svelte.dev/docs/kit/configuration#alias + // except $lib which is handled by https://svelte.dev/docs/kit/configuration#files + // + // To make changes to top-level options such as include and exclude, we recommend extending + // the generated config; see https://svelte.dev/docs/kit/configuration#typescript +} diff --git a/nexus-5-auth-frontend/vite.config.ts b/nexus-5-auth-frontend/vite.config.ts new file mode 100644 index 0000000..2d35c4f --- /dev/null +++ b/nexus-5-auth-frontend/vite.config.ts @@ -0,0 +1,7 @@ +import tailwindcss from '@tailwindcss/vite'; +import { sveltekit } from '@sveltejs/kit/vite'; +import { defineConfig } from 'vite'; + +export default defineConfig({ + plugins: [tailwindcss(), sveltekit()] +}); diff --git a/nexus-5-auth-kratos/.dockerignore b/nexus-5-auth-kratos/.dockerignore new file mode 100644 index 0000000..e69de29 diff --git a/nexus-5-auth-kratos/.gitignore b/nexus-5-auth-kratos/.gitignore new file mode 100644 index 0000000..66b9767 --- /dev/null +++ b/nexus-5-auth-kratos/.gitignore @@ -0,0 +1,5 @@ +.env +.env.dev +.env.prod +/.env.production +/.env.development \ No newline at end of file diff --git a/nexus-5-auth-kratos/Dockerfile b/nexus-5-auth-kratos/Dockerfile new file mode 100644 index 0000000..7c0c35a --- /dev/null +++ b/nexus-5-auth-kratos/Dockerfile @@ -0,0 +1,32 @@ +ARG KRATOS_VERSION=v1.1.0 +FROM oryd/kratos:${KRATOS_VERSION} + +# Switch to root to install packages +USER root + +# Install additional tools if needed +RUN apk add --no-cache curl wget + +# Set working directory +WORKDIR /etc/kratos + +# Copy configuration files +COPY config/kratos.yml /etc/kratos/kratos.yml +COPY config/identity.schema.json /etc/kratos/identity.schema.json +COPY config/identity.v2.schema.json /etc/kratos/identity.v2.schema.json + +# Validate configuration syntax at build time (optional) +RUN kratos help serve || true + +# Switch back to non-root user for runtime +USER ory + +# Expose ports +EXPOSE 4433 4434 + +# Health check +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ + CMD curl -f -s http://localhost:4433/health/ready > /dev/null || exit 1 + +# Default command +CMD ["serve", "--config", "/etc/kratos/kratos.yml"] \ No newline at end of file diff --git a/nexus-5-auth-kratos/config/identity.schema.json b/nexus-5-auth-kratos/config/identity.schema.json new file mode 100644 index 0000000..77f43a7 --- /dev/null +++ b/nexus-5-auth-kratos/config/identity.schema.json @@ -0,0 +1,58 @@ +{ + "$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Person", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "E-Mail", + "minLength": 3, + "maxLength": 320, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + }, + "webauthn": { + "identifier": true + }, + "totp": { + "account_name": true + } + }, + "verification": { + "via": "email" + }, + "recovery": { + "via": "email" + } + } + }, + "name": { + "type": "object", + "properties": { + "first": { + "type": "string", + "title": "First Name", + "minLength": 1, + "maxLength": 100 + }, + "last": { + "type": "string", + "title": "Last Name", + "minLength": 1, + "maxLength": 100 + } + } + } + }, + "required": ["email"], + "additionalProperties": false + } + } +} \ No newline at end of file diff --git a/nexus-5-auth-kratos/config/identity.v2.schema.json b/nexus-5-auth-kratos/config/identity.v2.schema.json new file mode 100644 index 0000000..35146f5 --- /dev/null +++ b/nexus-5-auth-kratos/config/identity.v2.schema.json @@ -0,0 +1,81 @@ +{ + "$id": "https://schemas.nexus.local/nexus-identity.json", + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Nexus Profile", + "type": "object", + "properties": { + "traits": { + "type": "object", + "properties": { + "email": { + "type": "string", + "format": "email", + "title": "E-Mail", + "minLength": 3, + "maxLength": 320, + "ory.sh/kratos": { + "credentials": { + "password": { + "identifier": true + }, + "webauthn": { + "identifier": true + }, + "totp": { + "account_name": true + } + }, + "verification": { + "via": "email" + }, + "recovery": { + "via": "email" + } + } + }, + "name": { + "type": "object", + "properties": { + "first": { + "type": "string", + "title": "First Name", + "minLength": 1, + "maxLength": 100 + }, + "last": { + "type": "string", + "title": "Last Name", + "minLength": 1, + "maxLength": 100 + } + }, + "required": ["first", "last"] + }, + "phone": { + "type": "string", + "title": "Phone Number", + "pattern": "^[0-9\\s+()-]*$", + "maxLength": 30 + }, + "profile_type": { + "type": "string", + "title": "Profile Type", + "enum": ["team", "customer"], + "description": "Determines whether this is a team member or customer profile" + } + }, + "required": ["email", "name", "profile_type"], + "additionalProperties": false + }, + "metadata_public": { + "type": "object", + "properties": { + "django_profile_id": { + "type": "string", + "title": "Nexus Profile ID", + "description": "UUID of the linked Django profile (TeamProfile or CustomerProfile)" + } + } + } + } +} diff --git a/nexus-5-auth-kratos/config/kratos.yml b/nexus-5-auth-kratos/config/kratos.yml new file mode 100644 index 0000000..1ca45ef --- /dev/null +++ b/nexus-5-auth-kratos/config/kratos.yml @@ -0,0 +1,162 @@ +version: v1.1.0 + +dsn: env://DSN + +serve: + public: + base_url: env://SERVE_PUBLIC_BASE_URL + cors: + enabled: false + # CORS is handled by Oathkeeper proxy to avoid duplicate headers + admin: + base_url: env://SERVE_ADMIN_BASE_URL + +selfservice: + default_browser_return_url: https://account.example.com + allowed_return_urls: + - https://account.example.com + - https://auth.example.com + - https://app.example.com + - https://admin.example.com + - http://localhost:5173 + - https://local.example.com:5173 + - http://localhost:4455 + + methods: + password: + enabled: true + config: + haveibeenpwned_enabled: true + min_password_length: 8 + identifier_similarity_check_enabled: true + + totp: + enabled: true + config: + issuer: Nexus Nexus + + webauthn: + enabled: true + config: + rp: + display_name: Nexus Nexus + id: example.com + origins: + - https://account.example.com + - https://auth.example.com + - https://app.example.com + - https://admin.example.com + - http://localhost:5173 + - https://local.example.com:5173 + - http://localhost:4455 + + link: + enabled: true + + code: + enabled: true + + flows: + error: + ui_url: https://account.example.com/error + + settings: + ui_url: https://account.example.com/settings + privileged_session_max_age: 15m + required_aal: highest_available + + recovery: + enabled: true + ui_url: https://account.example.com/recovery + use: code + lifespan: 4h # Extended to give users more time to recover their account + after: + default_browser_return_url: https://account.example.com/settings + + verification: + enabled: true + ui_url: https://account.example.com/verification + use: code + lifespan: 24h # Extended to give users a full day to verify their email + after: + default_browser_return_url: https://account.example.com/ + + logout: + after: + default_browser_return_url: https://account.example.com/login + + login: + ui_url: https://account.example.com/login + lifespan: 10m + + registration: + lifespan: 10m + ui_url: https://account.example.com/registration + after: + default_browser_return_url: https://account.example.com/ + password: + hooks: + - hook: session + +log: + level: env://LOG_LEVEL + format: text + leak_sensitive_values: false + +secrets: + cookie: + - env://SECRETS_COOKIE + cipher: + - env://SECRETS_CIPHER + default: + - env://SECRETS_DEFAULT + +ciphers: + algorithm: xchacha20-poly1305 + +hashers: + algorithm: bcrypt + bcrypt: + cost: 12 + +identity: + default_schema_id: nexus-v2 + schemas: + - id: default + url: file:///etc/kratos/identity.schema.json + - id: nexus-v2 + url: file:///etc/kratos/identity.v2.schema.json + +cookies: + domain: .example.com + same_site: Lax + # Leading dot allows cookies to be shared across subdomains (account.example.com <-> auth.example.com) + +session: + lifespan: 24h + earliest_possible_extend: 1h + cookie: + domain: .example.com + same_site: Lax + persistent: true + +courier: + smtp: + connection_uri: env://COURIER_SMTP_CONNECTION_URI + from_address: env://COURIER_SMTP_FROM_ADDRESS + from_name: env://COURIER_SMTP_FROM_NAME + templates: + verification_code: + valid: + email: + body: + html: file:///etc/kratos/courier-templates/verification_code_valid.email.body.html.gotmpl + plaintext: file:///etc/kratos/courier-templates/verification_code_valid.email.body.plaintext.gotmpl + subject: file:///etc/kratos/courier-templates/verification_code_valid.email.subject.gotmpl + recovery_code: + valid: + email: + body: + html: file:///etc/kratos/courier-templates/recovery_code_valid.email.body.html.gotmpl + plaintext: file:///etc/kratos/courier-templates/recovery_code_valid.email.body.plaintext.gotmpl + subject: file:///etc/kratos/courier-templates/recovery_code_valid.email.subject.gotmpl diff --git a/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.html.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.html.gotmpl new file mode 100644 index 0000000..9bbf221 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.html.gotmpl @@ -0,0 +1,79 @@ + + + + + + Recover Your Account + + + + + + +
+ + + + + + + + + + + + + + + +
+

Account Recovery

+
+

+ Hi, +

+ +

+ You requested to recover access to your account. +

+ +

+ Your recovery code is: +

+ + + + + + +
+ {{ .RecoveryCode }} +
+ +

+ To use this code: +

+ +
    +
  1. Return to the recovery page in your browser
    2. +
  2. Enter the code above when prompted
    3. +
  3. Follow the instructions to set a new password
    4. +
+ +

+ Note: This code will expire in 4 hours. +

+ +

+ If you did not request this recovery, please ignore this email. +

+
+

+ Best regards,
+ Nexus Nexus +

+
+ +
+ + diff --git a/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.plaintext.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.plaintext.gotmpl new file mode 100644 index 0000000..03acb4c --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.body.plaintext.gotmpl @@ -0,0 +1,19 @@ +Hi, + +You requested to recover access to your account. + +Your recovery code is: + +{{ .RecoveryCode }} + +To use this code: +1. Return to the recovery page in your browser +2. Enter the code above when prompted +3. Follow the instructions to set a new password + +This code will expire in 4 hours. + +If you did not request this recovery, please ignore this email. + +Best regards, +Nexus Nexus diff --git a/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.subject.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.subject.gotmpl new file mode 100644 index 0000000..a4788ac --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_code_valid.email.subject.gotmpl @@ -0,0 +1 @@ +Recover access to your Nexus Nexus account \ No newline at end of file diff --git a/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.body.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.body.gotmpl new file mode 100644 index 0000000..a1faa08 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.body.gotmpl @@ -0,0 +1,10 @@ +Hi, + +someone requested to recover your account, but the email address is not associated with any account. + +If this was you, please make sure you are using the correct email address. + +If this was not you, please ignore this email. + +Best regards, +Nexus Nexus diff --git a/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.subject.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.subject.gotmpl new file mode 100644 index 0000000..0bfdb89 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_invalid.email.subject.gotmpl @@ -0,0 +1 @@ +Account recovery attempted diff --git a/nexus-5-auth-kratos/courier-templates/recovery_valid.email.body.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_valid.email.body.gotmpl new file mode 100644 index 0000000..8e0e076 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_valid.email.body.gotmpl @@ -0,0 +1,12 @@ +Hi, + +you requested to recover access to your account. + +Please click the following link to recover your account: + +{{ .RecoveryURL }} + +If this was not you, please ignore this email. + +Best regards, +Nexus Nexus diff --git a/nexus-5-auth-kratos/courier-templates/recovery_valid.email.subject.gotmpl b/nexus-5-auth-kratos/courier-templates/recovery_valid.email.subject.gotmpl new file mode 100644 index 0000000..b61c2b2 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/recovery_valid.email.subject.gotmpl @@ -0,0 +1 @@ +Recover your Nexus Nexus account diff --git a/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.html.gotmpl b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.html.gotmpl new file mode 100644 index 0000000..069f845 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.html.gotmpl @@ -0,0 +1,97 @@ + + + + + + Verify Your Email + + + + + + +
+ + + + + + + + + + + + + + + +
+

Verify Your Email

+
+

+ Hi, +

+ +

+ Thank you for creating your account! +

+ +

+ Your verification code is: +

+ + + + + + +
+ {{ .VerificationCode }} +
+ +

+ To verify your email, click the button below: +

+ + + + + + +
+ Verify Email Address +
+ +

+ Then enter the code above when prompted. +

+ +

+ Note: This code will expire in 24 hours. +

+ +

+ If you did not create this account, please ignore this email. +

+
+

+ Best regards,
+ Nexus Nexus +

+
+ + + + + + +
+

+ If the button doesn't work, copy and paste this link into your browser:
+ {{ .VerificationURL }} +

+
+
+ + diff --git a/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.plaintext.gotmpl b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.plaintext.gotmpl new file mode 100644 index 0000000..c615e78 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.body.plaintext.gotmpl @@ -0,0 +1,20 @@ +Hi, + +Thank you for creating your account! + +Your verification code is: + +{{ .VerificationCode }} + +To verify your email, click the link below: + +{{ .VerificationURL }} + +Then enter the code above when prompted. + +This code will expire in 24 hours. + +If you did not create this account, please ignore this email. + +Best regards, +Nexus Nexus diff --git a/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.subject.gotmpl b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.subject.gotmpl new file mode 100644 index 0000000..631c191 --- /dev/null +++ b/nexus-5-auth-kratos/courier-templates/verification_code_valid.email.subject.gotmpl @@ -0,0 +1 @@ +Please verify your Nexus Nexus account \ No newline at end of file diff --git a/nexus-5-auth-kratos/docker-compose.yml b/nexus-5-auth-kratos/docker-compose.yml new file mode 100644 index 0000000..b55ab6a --- /dev/null +++ b/nexus-5-auth-kratos/docker-compose.yml @@ -0,0 +1,122 @@ +services: + postgres: + image: postgres:${POSTGRES_VERSION:-14}-alpine + container_name: kratos-postgres + restart: unless-stopped + environment: + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_HOST_AUTH_METHOD: ${POSTGRES_HOST_AUTH_METHOD:-scram-sha-256} + volumes: + - postgres-data:/var/lib/postgresql/data + networks: + - kratos-internal + - ory-network + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] + interval: 10s + timeout: 5s + retries: 5 + # Port mapping removed - Kratos only needs internal network access + + kratos-migrate: + build: + context: . + dockerfile: Dockerfile + args: + KRATOS_VERSION: ${KRATOS_VERSION} + container_name: kratos-migrate + environment: + DSN: ${KRATOS_DSN} + command: migrate sql -e --yes --config /etc/kratos/kratos.yml + networks: + - kratos-internal + depends_on: + postgres: + condition: service_healthy + restart: on-failure + + kratos: + build: + context: . + dockerfile: Dockerfile + args: + KRATOS_VERSION: ${KRATOS_VERSION} + container_name: kratos + restart: unless-stopped + ports: + - "${KRATOS_PUBLIC_PORT:-4433}:4433" + - "${KRATOS_ADMIN_PORT:-4434}:4434" + volumes: + - ./courier-templates:/etc/kratos/courier-templates:ro + environment: + DSN: ${KRATOS_DSN} + SECRETS_DEFAULT: ${SECRETS_DEFAULT} + SECRETS_COOKIE: ${SECRETS_COOKIE} + SECRETS_CIPHER: ${SECRETS_CIPHER} + LOG_LEVEL: ${LOG_LEVEL:-info} + SERVE_PUBLIC_BASE_URL: ${KRATOS_PUBLIC_URL} + SERVE_ADMIN_BASE_URL: ${KRATOS_ADMIN_URL} + CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS} + COURIER_SMTP_CONNECTION_URI: ${COURIER_SMTP_CONNECTION_URI} + COURIER_SMTP_FROM_ADDRESS: ${COURIER_SMTP_FROM_ADDRESS} + COURIER_SMTP_FROM_NAME: ${COURIER_SMTP_FROM_NAME} + command: serve --config /etc/kratos/kratos.yml ${KRATOS_DEV_MODE} + networks: + - kratos-internal + - ory-network + depends_on: + kratos-migrate: + condition: service_completed_successfully + postgres: + condition: service_healthy + + + kratos-courier: + build: + context: . + dockerfile: Dockerfile + args: + KRATOS_VERSION: ${KRATOS_VERSION} + container_name: kratos-courier + restart: unless-stopped + volumes: + - ./courier-templates:/etc/kratos/courier-templates:ro + environment: + DSN: ${KRATOS_DSN} + SECRETS_DEFAULT: ${SECRETS_DEFAULT} + SECRETS_COOKIE: ${SECRETS_COOKIE} + SECRETS_CIPHER: ${SECRETS_CIPHER} + LOG_LEVEL: ${LOG_LEVEL:-info} + SERVE_PUBLIC_BASE_URL: ${KRATOS_PUBLIC_URL} + SERVE_ADMIN_BASE_URL: ${KRATOS_ADMIN_URL} + COURIER_SMTP_CONNECTION_URI: ${COURIER_SMTP_CONNECTION_URI} + COURIER_SMTP_FROM_ADDRESS: ${COURIER_SMTP_FROM_ADDRESS} + COURIER_SMTP_FROM_NAME: ${COURIER_SMTP_FROM_NAME} + command: courier watch --config /etc/kratos/kratos.yml + healthcheck: + test: ["CMD", "true"] + interval: 30s + timeout: 10s + retries: 1 + networks: + - kratos-internal + - ory-network + depends_on: + kratos-migrate: + condition: service_completed_successfully + postgres: + condition: service_healthy + + +networks: + kratos-internal: + driver: bridge + ory-network: + external: true + name: ory-network + +volumes: + postgres-data: + driver: local diff --git a/nexus-5-auth-kratos/openapi.json b/nexus-5-auth-kratos/openapi.json new file mode 100644 index 0000000..c539889 --- /dev/null +++ b/nexus-5-auth-kratos/openapi.json @@ -0,0 +1,7706 @@ +{ + "components": { + "responses": { + "emptyResponse": { + "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 204." + }, + "identitySchemas": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identitySchemas" + } + } + }, + "description": "List Identity JSON Schemas Response" + }, + "listCourierMessages": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/message" + }, + "type": "array" + } + } + }, + "description": "Paginated Courier Message List Response" + }, + "listIdentities": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/identity" + }, + "type": "array" + } + } + }, + "description": "Paginated Identity List Response" + }, + "listIdentitySessions": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/session" + }, + "type": "array" + } + } + }, + "description": "List Identity Sessions Response" + }, + "listMySessions": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/session" + }, + "type": "array" + } + } + }, + "description": "List My Session Response" + }, + "listSessions": { + "content": { + "application/json": { + "schema": { + "items": { + "$ref": "#/components/schemas/session" + }, + "type": "array" + } + } + }, + "description": "Session List Response\n\nThe response given when listing sessions in an administrative context." + } + }, + "schemas": { + "CodeChannel": { + "type": "string" + }, + "DefaultError": {}, + "Duration": { + "description": "A Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.", + "format": "int64", + "type": "integer" + }, + "ID": { + "format": "int64", + "type": "integer" + }, + "JSONRawMessage": { + "title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.", + "type": "object" + }, + "NullBool": { + "nullable": true, + "type": "boolean" + }, + "NullInt": { + "nullable": true, + "type": "integer" + }, + "NullString": { + "nullable": true, + "type": "string" + }, + "NullTime": { + "format": "date-time", + "nullable": true, + "type": "string" + }, + "NullUUID": { + "format": "uuid4", + "nullable": true, + "type": "string" + }, + "OAuth2Client": { + "properties": { + "AdditionalProperties": { + "additionalProperties": {}, + "type": "object" + }, + "access_token_strategy": { + "description": "OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens Setting the stragegy here overrides the global setting in `strategies.access_token`.", + "type": "string" + }, + "allowed_cors_origins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "audience": { + "items": { + "type": "string" + }, + "type": "array" + }, + "authorization_code_grant_access_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "authorization_code_grant_id_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "authorization_code_grant_refresh_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "backchannel_logout_session_required": { + "description": "OpenID Connect Back-Channel Logout Session Required Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout Token to identify the RP session with the OP when the backchannel_logout_uri is used. If omitted, the default value is false.", + "type": "boolean" + }, + "backchannel_logout_uri": { + "description": "OpenID Connect Back-Channel Logout URI RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.", + "type": "string" + }, + "client_credentials_grant_access_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "client_id": { + "description": "OAuth 2.0 Client ID The ID is immutable. If no ID is provided, a UUID4 will be generated.", + "type": "string" + }, + "client_name": { + "description": "OAuth 2.0 Client Name The human-readable name of the client to be presented to the end-user during authorization.", + "type": "string" + }, + "client_secret": { + "description": "OAuth 2.0 Client Secret The secret will be included in the create request as cleartext, and then never again. The secret is kept in hashed format and is not recoverable once lost.", + "type": "string" + }, + "client_secret_expires_at": { + "description": "OAuth 2.0 Client Secret Expires At The field is currently not supported and its value is always 0.", + "format": "int64", + "type": "integer" + }, + "client_uri": { + "description": "OAuth 2.0 Client URI ClientURI is a URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.", + "type": "string" + }, + "contacts": { + "items": { + "type": "string" + }, + "type": "array" + }, + "created_at": { + "description": "OAuth 2.0 Client Creation Date CreatedAt returns the timestamp of the client's creation.", + "format": "date-time", + "type": "string" + }, + "frontchannel_logout_session_required": { + "description": "OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false.", + "type": "boolean" + }, + "frontchannel_logout_uri": { + "description": "OpenID Connect Front-Channel Logout URI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be.", + "type": "string" + }, + "grant_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "implicit_grant_access_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "implicit_grant_id_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "jwks": { + "description": "OAuth 2.0 Client JSON Web Key Set Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter is intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for instance, by native applications that might not have a location to host the contents of the JWK Set. If a Client can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks parameters MUST NOT be used together." + }, + "jwks_uri": { + "description": "OAuth 2.0 Client JSON Web Key Set URL URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.", + "type": "string" + }, + "jwt_bearer_grant_access_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "logo_uri": { + "description": "OAuth 2.0 Client Logo URI A URL string referencing the client's logo.", + "type": "string" + }, + "metadata": {}, + "owner": { + "description": "OAuth 2.0 Client Owner Owner is a string identifying the owner of the OAuth 2.0 Client.", + "type": "string" + }, + "policy_uri": { + "description": "OAuth 2.0 Client Policy URI PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.", + "type": "string" + }, + "post_logout_redirect_uris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "redirect_uris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "refresh_token_grant_access_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "refresh_token_grant_id_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "refresh_token_grant_refresh_token_lifespan": { + "description": "Specify a time duration in milliseconds, seconds, minutes, hours.", + "type": "string" + }, + "registration_access_token": { + "description": "OpenID Connect Dynamic Client Registration Access Token RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client. It is sent when creating a client using Dynamic Client Registration.", + "type": "string" + }, + "registration_client_uri": { + "description": "OpenID Connect Dynamic Client Registration URL RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.", + "type": "string" + }, + "request_object_signing_alg": { + "description": "OpenID Connect Request Object Signing Algorithm JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm.", + "type": "string" + }, + "request_uris": { + "items": { + "type": "string" + }, + "type": "array" + }, + "response_types": { + "items": { + "type": "string" + }, + "type": "array" + }, + "scope": { + "description": "OAuth 2.0 Client Scope Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.", + "type": "string" + }, + "sector_identifier_uri": { + "description": "OpenID Connect Sector Identifier URI URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.", + "type": "string" + }, + "skip_consent": { + "description": "SkipConsent skips the consent screen for this client. This field can only be set from the admin API.", + "type": "boolean" + }, + "skip_logout_consent": { + "description": "SkipLogoutConsent skips the logout consent screen for this client. This field can only be set from the admin API.", + "type": "boolean" + }, + "subject_type": { + "description": "OpenID Connect Subject Type The `subject_types_supported` Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.", + "type": "string" + }, + "token_endpoint_auth_method": { + "description": "OAuth 2.0 Token Endpoint Authentication Method Requested Client Authentication method for the Token Endpoint. The options are: `client_secret_basic`: (default) Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` encoded in the HTTP Authorization header. `client_secret_post`: Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` in the HTTP body. `private_key_jwt`: Use JSON Web Tokens to authenticate the client. `none`: Used for public clients (native apps, mobile apps) which can not have secrets.", + "type": "string" + }, + "token_endpoint_auth_signing_alg": { + "description": "OAuth 2.0 Token Endpoint Signing Algorithm Requested Client Authentication signing algorithm for the Token Endpoint.", + "type": "string" + }, + "tos_uri": { + "description": "OAuth 2.0 Client Terms of Service URI A URL string pointing to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.", + "type": "string" + }, + "updated_at": { + "description": "OAuth 2.0 Client Last Update Date UpdatedAt returns the timestamp of the last update.", + "format": "date-time", + "type": "string" + }, + "userinfo_signed_response_alg": { + "description": "OpenID Connect Request Userinfo Signed Response Algorithm JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.", + "type": "string" + } + }, + "title": "OAuth2Client OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.", + "type": "object" + }, + "OAuth2ConsentRequestOpenIDConnectContext": { + "description": "OAuth2ConsentRequestOpenIDConnectContext struct for OAuth2ConsentRequestOpenIDConnectContext", + "properties": { + "AdditionalProperties": { + "additionalProperties": {}, + "type": "object" + }, + "acr_values": { + "description": "ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required. OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.", + "items": { + "type": "string" + }, + "type": "array" + }, + "display": { + "description": "Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \\\"feature phone\\\" type display. The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.", + "type": "string" + }, + "id_token_hint_claims": { + "additionalProperties": {}, + "description": "IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.", + "type": "object" + }, + "login_hint": { + "description": "LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional.", + "type": "string" + }, + "ui_locales": { + "description": "UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \\\"fr-CA fr en\\\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "OAuth2LoginChallengeParams": { + "type": "object" + }, + "OAuth2LoginRequest": { + "description": "OAuth2LoginRequest struct for OAuth2LoginRequest", + "properties": { + "AdditionalProperties": { + "additionalProperties": {}, + "type": "object" + }, + "challenge": { + "description": "ID is the identifier (\\\"login challenge\\\") of the login request. It is used to identify the session.", + "type": "string" + }, + "client": { + "$ref": "#/components/schemas/OAuth2Client" + }, + "oidc_context": { + "$ref": "#/components/schemas/OAuth2ConsentRequestOpenIDConnectContext" + }, + "request_url": { + "description": "RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.", + "type": "string" + }, + "requested_access_token_audience": { + "items": { + "type": "string" + }, + "type": "array" + }, + "requested_scope": { + "items": { + "type": "string" + }, + "type": "array" + }, + "session_id": { + "description": "SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \\\"sid\\\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user.", + "type": "string" + }, + "skip": { + "description": "Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL. This feature allows you to update / set session information.", + "type": "boolean" + }, + "subject": { + "description": "Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail.", + "type": "string" + } + }, + "type": "object" + }, + "RecoveryAddressType": { + "title": "RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.", + "type": "string" + }, + "Time": { + "format": "date-time", + "type": "string" + }, + "UUID": { + "format": "uuid4", + "type": "string" + }, + "authenticatorAssuranceLevel": { + "description": "The authenticator assurance level can be one of \"aal1\", \"aal2\", or \"aal3\". A higher number means that it is harder\nfor an attacker to compromise the account.\n\nGenerally, \"aal1\" implies that one authentication factor was used while AAL2 implies that two factors (e.g.\npassword + TOTP) have been used.\n\nTo learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials", + "enum": [ + "aal0", + "aal1", + "aal2", + "aal3" + ], + "title": "Authenticator Assurance Level (AAL)", + "type": "string" + }, + "batchPatchIdentitiesResponse": { + "description": "Patch identities response", + "properties": { + "identities": { + "description": "The patch responses for the individual identities.", + "items": { + "$ref": "#/components/schemas/identityPatchResponse" + }, + "type": "array" + } + }, + "type": "object" + }, + "consistencyRequestParameters": { + "description": "Control API consistency guarantees", + "properties": { + "consistency": { + "description": "Read Consistency Level (preview)\n\nThe read consistency level determines the consistency guarantee for reads:\n\nstrong (slow): The read is guaranteed to return the most recent data committed at the start of the read.\neventual (very fast): The result will return data that is about 4.8 seconds old.\n\nThe default consistency guarantee can be changed in the Ory Network Console or using the Ory CLI with\n`ory patch project --replace '/previews/default_read_consistency_level=\"strong\"'`.\n\nSetting the default consistency level to `eventual` may cause regressions in the future as we add consistency\ncontrols to more APIs. Currently, the following APIs will be affected by this setting:\n\n`GET /admin/identities`\n\nThis feature is in preview and only available in Ory Network.\n ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level.\nstrong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level.\neventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps.", + "enum": [ + "", + "strong", + "eventual" + ], + "type": "string", + "x-go-enum-desc": " ConsistencyLevelUnset ConsistencyLevelUnset is the unset / default consistency level.\nstrong ConsistencyLevelStrong ConsistencyLevelStrong is the strong consistency level.\neventual ConsistencyLevelEventual ConsistencyLevelEventual is the eventual consistency level using follower read timestamps." + } + }, + "type": "object" + }, + "continueWith": { + "discriminator": { + "mapping": { + "redirect_browser_to": "#/components/schemas/continueWithRedirectBrowserTo", + "set_ory_session_token": "#/components/schemas/continueWithSetOrySessionToken", + "show_recovery_ui": "#/components/schemas/continueWithRecoveryUi", + "show_settings_ui": "#/components/schemas/continueWithSettingsUi", + "show_verification_ui": "#/components/schemas/continueWithVerificationUi" + }, + "propertyName": "action" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/continueWithVerificationUi" + }, + { + "$ref": "#/components/schemas/continueWithSetOrySessionToken" + }, + { + "$ref": "#/components/schemas/continueWithSettingsUi" + }, + { + "$ref": "#/components/schemas/continueWithRecoveryUi" + }, + { + "$ref": "#/components/schemas/continueWithRedirectBrowserTo" + } + ] + }, + "continueWithRecoveryUi": { + "description": "Indicates, that the UI flow could be continued by showing a recovery ui", + "properties": { + "action": { + "description": "Action will always be `show_recovery_ui`\nshow_recovery_ui ContinueWithActionShowRecoveryUIString", + "enum": [ + "show_recovery_ui" + ], + "type": "string", + "x-go-enum-desc": "show_recovery_ui ContinueWithActionShowRecoveryUIString" + }, + "flow": { + "$ref": "#/components/schemas/continueWithRecoveryUiFlow" + } + }, + "required": [ + "action", + "flow" + ], + "type": "object" + }, + "continueWithRecoveryUiFlow": { + "properties": { + "id": { + "description": "The ID of the recovery flow", + "format": "uuid", + "type": "string" + }, + "url": { + "description": "The URL of the recovery flow\n\nIf this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "continueWithRedirectBrowserTo": { + "description": "Indicates, that the UI flow could be continued by showing a recovery ui", + "properties": { + "action": { + "description": "Action will always be `redirect_browser_to`\nredirect_browser_to ContinueWithActionRedirectBrowserToString", + "enum": [ + "redirect_browser_to" + ], + "type": "string", + "x-go-enum-desc": "redirect_browser_to ContinueWithActionRedirectBrowserToString" + }, + "redirect_browser_to": { + "description": "The URL to redirect the browser to", + "type": "string" + } + }, + "required": [ + "action", + "redirect_browser_to" + ], + "type": "object" + }, + "continueWithSetOrySessionToken": { + "description": "Indicates that a session was issued, and the application should use this token for authenticated requests", + "properties": { + "action": { + "description": "Action will always be `set_ory_session_token`\nset_ory_session_token ContinueWithActionSetOrySessionTokenString", + "enum": [ + "set_ory_session_token" + ], + "type": "string", + "x-go-enum-desc": "set_ory_session_token ContinueWithActionSetOrySessionTokenString" + }, + "ory_session_token": { + "description": "Token is the token of the session", + "type": "string" + } + }, + "required": [ + "action", + "ory_session_token" + ], + "type": "object" + }, + "continueWithSettingsUi": { + "description": "Indicates, that the UI flow could be continued by showing a settings ui", + "properties": { + "action": { + "description": "Action will always be `show_settings_ui`\nshow_settings_ui ContinueWithActionShowSettingsUIString", + "enum": [ + "show_settings_ui" + ], + "type": "string", + "x-go-enum-desc": "show_settings_ui ContinueWithActionShowSettingsUIString" + }, + "flow": { + "$ref": "#/components/schemas/continueWithSettingsUiFlow" + } + }, + "required": [ + "action", + "flow" + ], + "type": "object" + }, + "continueWithSettingsUiFlow": { + "properties": { + "id": { + "description": "The ID of the settings flow", + "format": "uuid", + "type": "string" + }, + "url": { + "description": "The URL of the settings flow\n\nIf this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "continueWithVerificationUi": { + "description": "Indicates, that the UI flow could be continued by showing a verification ui", + "properties": { + "action": { + "description": "Action will always be `show_verification_ui`\nshow_verification_ui ContinueWithActionShowVerificationUIString", + "enum": [ + "show_verification_ui" + ], + "type": "string", + "x-go-enum-desc": "show_verification_ui ContinueWithActionShowVerificationUIString" + }, + "flow": { + "$ref": "#/components/schemas/continueWithVerificationUiFlow" + } + }, + "required": [ + "action", + "flow" + ], + "type": "object" + }, + "continueWithVerificationUiFlow": { + "properties": { + "id": { + "description": "The ID of the verification flow", + "format": "uuid", + "type": "string" + }, + "url": { + "description": "The URL of the verification flow\n\nIf this value is set, redirect the user's browser to this URL. This value is typically unset for native clients / API flows.", + "type": "string" + }, + "verifiable_address": { + "description": "The address that should be verified in this flow", + "type": "string" + } + }, + "required": [ + "id", + "verifiable_address" + ], + "type": "object" + }, + "courierMessageStatus": { + "description": "A Message's Status", + "enum": [ + "queued", + "sent", + "processing", + "abandoned" + ], + "type": "string" + }, + "courierMessageType": { + "description": "It can either be `email` or `phone`", + "enum": [ + "email", + "phone" + ], + "title": "A Message's Type", + "type": "string" + }, + "createIdentityBody": { + "description": "Create Identity Body", + "properties": { + "credentials": { + "$ref": "#/components/schemas/identityWithCredentials" + }, + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`." + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." + }, + "recovery_addresses": { + "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.\n\nUse this structure to import recovery addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", + "items": { + "$ref": "#/components/schemas/recoveryIdentityAddress" + }, + "type": "array" + }, + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", + "type": "string" + }, + "state": { + "description": "State is the identity's state.\nactive StateActive\ninactive StateInactive", + "enum": [ + "active", + "inactive" + ], + "type": "string", + "x-go-enum-desc": "active StateActive\ninactive StateInactive" + }, + "traits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`.", + "type": "object" + }, + "verifiable_addresses": { + "description": "VerifiableAddresses contains all the addresses that can be verified by the user.\n\nUse this structure to import verified addresses for an identity. Please keep in mind\nthat the address needs to be represented in the Identity Schema or this field will be overwritten\non the next identity update.", + "items": { + "$ref": "#/components/schemas/verifiableIdentityAddress" + }, + "type": "array" + } + }, + "required": [ + "schema_id", + "traits" + ], + "type": "object" + }, + "createRecoveryCodeForIdentityBody": { + "description": "Create Recovery Code for Identity Request Body", + "properties": { + "expires_in": { + "description": "Code Expires In\n\nThe recovery code will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.", + "pattern": "^([0-9]+(ns|us|ms|s|m|h))*$", + "type": "string" + }, + "flow_type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "identity_id": { + "description": "Identity to Recover\n\nThe identity's ID you wish to recover.", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "identity_id" + ], + "type": "object" + }, + "createRecoveryLinkForIdentityBody": { + "description": "Create Recovery Link for Identity Request Body", + "properties": { + "expires_in": { + "description": "Link Expires In\n\nThe recovery link will expire after that amount of time has passed. Defaults to the configuration value of\n`selfservice.methods.code.config.lifespan`.", + "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", + "type": "string" + }, + "identity_id": { + "description": "Identity to Recover\n\nThe identity's ID you wish to recover.", + "format": "uuid", + "type": "string" + } + }, + "required": [ + "identity_id" + ], + "type": "object" + }, + "deleteMySessionsCount": { + "description": "Deleted Session Count", + "properties": { + "count": { + "description": "The number of sessions that were revoked.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "errorAuthenticatorAssuranceLevelNotSatisfied": { + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + }, + "redirect_browser_to": { + "description": "Points to where to redirect the user to next.", + "type": "string" + } + }, + "title": "Is returned when an active session was found but the requested AAL is not satisfied.", + "type": "object" + }, + "errorBrowserLocationChangeRequired": { + "properties": { + "error": { + "$ref": "#/components/schemas/errorGeneric" + }, + "redirect_browser_to": { + "description": "Points to where to redirect the user to next.", + "type": "string" + } + }, + "title": "Is sent when a flow requires a browser to change its location.", + "type": "object" + }, + "errorFlowReplaced": { + "description": "Is sent when a flow is replaced by a different flow of the same class", + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + }, + "use_flow_id": { + "description": "The flow ID that should be used for the new flow as it contains the correct messages.", + "format": "uuid", + "type": "string" + } + }, + "type": "object" + }, + "errorGeneric": { + "description": "The standard Ory JSON API error format.", + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + } + }, + "required": [ + "error" + ], + "title": "JSON API Error Response", + "type": "object" + }, + "flowError": { + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "error": { + "type": "object" + }, + "id": { + "description": "ID of the error container.", + "format": "uuid", + "type": "string" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "genericError": { + "properties": { + "code": { + "description": "The status code", + "example": 404, + "format": "int64", + "type": "integer" + }, + "debug": { + "description": "Debug information\n\nThis field is often not exposed to protect against leaking\nsensitive information.", + "example": "SQL field \"foo\" is not a bool.", + "type": "string" + }, + "details": { + "additionalProperties": false, + "description": "Further error details", + "type": "object" + }, + "id": { + "description": "The error ID\n\nUseful when trying to identify various errors in application logic.", + "type": "string" + }, + "message": { + "description": "Error message\n\nThe error's message.", + "example": "The resource could not be found", + "type": "string" + }, + "reason": { + "description": "A human-readable reason for the error", + "example": "User with ID 1234 does not exist.", + "type": "string" + }, + "request": { + "description": "The request ID\n\nThe request ID is often exposed internally in order to trace\nerrors across service architectures. This is often a UUID.", + "example": "d7ef54b1-ec15-46e6-bccb-524b82c035e6", + "type": "string" + }, + "status": { + "description": "The status description", + "example": "Not Found", + "type": "string" + } + }, + "required": [ + "message" + ], + "type": "object" + }, + "healthNotReadyStatus": { + "properties": { + "errors": { + "additionalProperties": { + "type": "string" + }, + "description": "Errors contains a list of errors that caused the not ready status.", + "type": "object" + } + }, + "title": "The not ready status of the service.", + "type": "object" + }, + "healthStatus": { + "properties": { + "status": { + "description": "Status always contains \"ok\".", + "type": "string" + } + }, + "title": "The health status of the service.", + "type": "object" + }, + "identity": { + "description": "An [identity](https://www.ory.sh/docs/kratos/concepts/identity-user-model) represents a (human) user in Ory.", + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "credentials": { + "additionalProperties": { + "$ref": "#/components/schemas/identityCredentials" + }, + "description": "Credentials represents all credentials that can be used for authenticating this identity.", + "type": "object" + }, + "id": { + "description": "ID is the identity's unique identifier.\n\nThe Identity ID can not be changed and can not be chosen. This ensures future\ncompatibility and optimization for distributed stores such as CockroachDB.", + "format": "uuid", + "type": "string" + }, + "metadata_admin": { + "$ref": "#/components/schemas/nullJsonRawMessage" + }, + "metadata_public": { + "$ref": "#/components/schemas/nullJsonRawMessage" + }, + "organization_id": { + "$ref": "#/components/schemas/NullUUID" + }, + "recovery_addresses": { + "description": "RecoveryAddresses contains all the addresses that can be used to recover an identity.", + "items": { + "$ref": "#/components/schemas/recoveryIdentityAddress" + }, + "type": "array", + "x-omitempty": true + }, + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.", + "type": "string" + }, + "schema_url": { + "description": "SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.\n\nformat: url", + "type": "string" + }, + "state": { + "description": "State is the identity's state.\n\nThis value has currently no effect.\nactive StateActive\ninactive StateInactive", + "enum": [ + "active", + "inactive" + ], + "type": "string", + "x-go-enum-desc": "active StateActive\ninactive StateInactive" + }, + "state_changed_at": { + "$ref": "#/components/schemas/nullTime" + }, + "traits": { + "$ref": "#/components/schemas/identityTraits" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "verifiable_addresses": { + "description": "VerifiableAddresses contains all the addresses that can be verified by the user.", + "items": { + "$ref": "#/components/schemas/verifiableIdentityAddress" + }, + "type": "array", + "x-omitempty": true + } + }, + "required": [ + "id", + "schema_id", + "schema_url", + "traits" + ], + "title": "Identity represents an Ory Kratos identity", + "type": "object" + }, + "identityCredentials": { + "description": "Credentials represents a specific credential type", + "properties": { + "config": { + "$ref": "#/components/schemas/JSONRawMessage" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "identifiers": { + "description": "Identifiers represents a list of unique identifiers this credential type matches.", + "items": { + "type": "string" + }, + "type": "array" + }, + "type": { + "description": "Type discriminates between different types of credentials.\npassword CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode", + "enum": [ + "password", + "oidc", + "totp", + "lookup_secret", + "webauthn", + "code", + "passkey", + "profile", + "link_recovery", + "code_recovery" + ], + "type": "string", + "x-go-enum-desc": "password CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version refers to the version of the credential. Useful when changing the config schema.", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "identityCredentialsCode": { + "description": "CredentialsCode represents a one time login/registration code", + "properties": { + "addresses": { + "items": { + "$ref": "#/components/schemas/identityCredentialsCodeAddress" + }, + "type": "array" + } + }, + "type": "object" + }, + "identityCredentialsCodeAddress": { + "properties": { + "address": { + "description": "The address for this code", + "type": "string" + }, + "channel": { + "$ref": "#/components/schemas/CodeChannel" + } + }, + "type": "object" + }, + "identityCredentialsOidc": { + "properties": { + "providers": { + "items": { + "$ref": "#/components/schemas/identityCredentialsOidcProvider" + }, + "type": "array" + } + }, + "title": "CredentialsOIDC is contains the configuration for credentials of the type oidc.", + "type": "object" + }, + "identityCredentialsOidcProvider": { + "properties": { + "initial_access_token": { + "type": "string" + }, + "initial_id_token": { + "type": "string" + }, + "initial_refresh_token": { + "type": "string" + }, + "organization": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "subject": { + "type": "string" + } + }, + "title": "CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).", + "type": "object" + }, + "identityCredentialsPassword": { + "properties": { + "hashed_password": { + "description": "HashedPassword is a hash-representation of the password.", + "type": "string" + }, + "use_password_migration_hook": { + "description": "UsePasswordMigrationHook is set to true if the password should be migrated\nusing the password migration hook. If set, and the HashedPassword is empty, a\nwebhook will be called during login to migrate the password.", + "type": "boolean" + } + }, + "title": "CredentialsPassword is contains the configuration for credentials of the type password.", + "type": "object" + }, + "identityPatch": { + "description": "Payload for patching an identity", + "properties": { + "create": { + "$ref": "#/components/schemas/createIdentityBody" + }, + "patch_id": { + "description": "The ID of this patch.\n\nThe patch ID is optional. If specified, the ID will be returned in the\nresponse, so consumers of this API can correlate the response with the\npatch.", + "format": "uuid", + "type": "string" + } + }, + "type": "object" + }, + "identityPatchResponse": { + "description": "Response for a single identity patch", + "properties": { + "action": { + "description": "The action for this specific patch\ncreate ActionCreate Create this identity.\nerror ActionError Error indicates that the patch failed.", + "enum": [ + "create", + "error" + ], + "type": "string", + "x-go-enum-desc": "create ActionCreate Create this identity.\nerror ActionError Error indicates that the patch failed." + }, + "error": { + "$ref": "#/components/schemas/DefaultError" + }, + "identity": { + "description": "The identity ID payload of this patch", + "format": "uuid", + "type": "string" + }, + "patch_id": { + "description": "The ID of this patch response, if an ID was specified in the patch.", + "format": "uuid", + "type": "string" + } + }, + "type": "object" + }, + "identitySchema": { + "description": "Raw JSON Schema", + "type": "object" + }, + "identitySchemaContainer": { + "description": "An Identity JSON Schema Container", + "properties": { + "id": { + "description": "The ID of the Identity JSON Schema", + "type": "string" + }, + "schema": { + "description": "The actual Identity JSON Schema", + "type": "object" + } + }, + "type": "object" + }, + "identitySchemas": { + "description": "List of Identity JSON Schemas", + "items": { + "$ref": "#/components/schemas/identitySchemaContainer" + }, + "type": "array" + }, + "identityTraits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_url`." + }, + "identityVerifiableAddressStatus": { + "description": "VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema", + "type": "string" + }, + "identityWithCredentials": { + "description": "Create Identity and Import Credentials", + "properties": { + "oidc": { + "$ref": "#/components/schemas/identityWithCredentialsOidc" + }, + "password": { + "$ref": "#/components/schemas/identityWithCredentialsPassword" + } + }, + "type": "object" + }, + "identityWithCredentialsOidc": { + "description": "Create Identity and Import Social Sign In Credentials", + "properties": { + "config": { + "$ref": "#/components/schemas/identityWithCredentialsOidcConfig" + } + }, + "type": "object" + }, + "identityWithCredentialsOidcConfig": { + "properties": { + "config": { + "$ref": "#/components/schemas/identityWithCredentialsPasswordConfig" + }, + "providers": { + "description": "A list of OpenID Connect Providers", + "items": { + "$ref": "#/components/schemas/identityWithCredentialsOidcConfigProvider" + }, + "type": "array" + } + }, + "type": "object" + }, + "identityWithCredentialsOidcConfigProvider": { + "description": "Create Identity and Import Social Sign In Credentials Configuration", + "properties": { + "provider": { + "description": "The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.", + "type": "string" + }, + "subject": { + "description": "The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.", + "type": "string" + } + }, + "required": [ + "subject", + "provider" + ], + "type": "object" + }, + "identityWithCredentialsPassword": { + "description": "Create Identity and Import Password Credentials", + "properties": { + "config": { + "$ref": "#/components/schemas/identityWithCredentialsPasswordConfig" + } + }, + "type": "object" + }, + "identityWithCredentialsPasswordConfig": { + "description": "Create Identity and Import Password Credentials Configuration", + "properties": { + "hashed_password": { + "description": "The hashed password in [PHC format](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords)", + "type": "string" + }, + "password": { + "description": "The password in plain text if no hash is available.", + "type": "string" + }, + "use_password_migration_hook": { + "description": "If set to true, the password will be migrated using the password migration hook.", + "type": "boolean" + } + }, + "type": "object" + }, + "jsonPatch": { + "description": "A JSONPatch document as defined by RFC 6902", + "properties": { + "from": { + "description": "This field is used together with operation \"move\" and uses JSON Pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "/name", + "type": "string" + }, + "op": { + "description": "The operation to be performed. One of \"add\", \"remove\", \"replace\", \"move\", \"copy\", or \"test\".", + "example": "replace", + "type": "string" + }, + "path": { + "description": "The path to the target path. Uses JSON pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "/name", + "type": "string" + }, + "value": { + "description": "The value to be used within the operations.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).", + "example": "foobar" + } + }, + "required": [ + "op", + "path" + ], + "type": "object" + }, + "jsonPatchDocument": { + "description": "A JSONPatchDocument request", + "items": { + "$ref": "#/components/schemas/jsonPatch" + }, + "type": "array" + }, + "loginFlow": { + "description": "This object represents a login flow. A login flow is initiated at the \"Initiate Login API / Browser Flow\"\nendpoint by a client.\n\nOnce a login flow is completed successfully, a session cookie or session token will be issued.", + "properties": { + "active": { + "description": "The active login method\n\nIf set contains the login method used. If the flow is new, it is unset.\npassword CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode", + "enum": [ + "password", + "oidc", + "totp", + "lookup_secret", + "webauthn", + "code", + "passkey", + "profile", + "link_recovery", + "code_recovery" + ], + "type": "string", + "x-go-enum-desc": "password CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID represents the flow's unique ID. When performing the login flow, this\nrepresents the id in the login UI's query parameter: http:///?flow=", + "format": "uuid", + "type": "string" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow started.", + "format": "date-time", + "type": "string" + }, + "oauth2_login_challenge": { + "description": "Ory OAuth 2.0 Login Challenge.\n\nThis value is set using the `login_challenge` query parameter of the registration and login endpoints.\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.", + "type": "string" + }, + "oauth2_login_request": { + "$ref": "#/components/schemas/OAuth2LoginRequest" + }, + "organization_id": { + "$ref": "#/components/schemas/NullUUID" + }, + "refresh": { + "description": "Refresh stores whether this login flow should enforce re-authentication.", + "type": "boolean" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "requested_aal": { + "$ref": "#/components/schemas/authenticatorAssuranceLevel" + }, + "return_to": { + "description": "ReturnTo contains the requested return_to URL.", + "type": "string" + }, + "session_token_exchange_code": { + "description": "SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the login flow has been completed.\nThis is only set if the client has requested a session token exchange code, and if the flow is of type \"api\",\nand only on creating the login flow.", + "type": "string" + }, + "state": { + "description": "State represents the state of this request:\n\nchoose_method: ask the user to choose a method to sign in with\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the login challenge was passed." + }, + "transient_payload": { + "description": "TransientPayload is used to pass data from the login to hooks and email templates", + "type": "object" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "type", + "expires_at", + "issued_at", + "request_url", + "ui", + "state" + ], + "title": "Login Flow", + "type": "object" + }, + "loginFlowState": { + "description": "The experimental state represents the state of a login flow. This field is EXPERIMENTAL and subject to change!", + "enum": [ + "choose_method", + "sent_email", + "passed_challenge" + ], + "title": "Login flow state (experimental)", + "type": "string" + }, + "logoutFlow": { + "description": "Logout Flow", + "properties": { + "logout_token": { + "description": "LogoutToken can be used to perform logout using AJAX.", + "type": "string" + }, + "logout_url": { + "description": "LogoutURL can be opened in a browser to sign the user out.\n\nformat: uri", + "type": "string" + } + }, + "required": [ + "logout_url", + "logout_token" + ], + "type": "object" + }, + "message": { + "properties": { + "body": { + "type": "string" + }, + "channel": { + "type": "string" + }, + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "dispatches": { + "description": "Dispatches store information about the attempts of delivering a message\nMay contain an error if any happened, or just the `success` state.", + "items": { + "$ref": "#/components/schemas/messageDispatch" + }, + "type": "array" + }, + "id": { + "format": "uuid", + "type": "string" + }, + "recipient": { + "type": "string" + }, + "send_count": { + "format": "int64", + "type": "integer" + }, + "status": { + "$ref": "#/components/schemas/courierMessageStatus" + }, + "subject": { + "type": "string" + }, + "template_type": { + "description": "\nrecovery_invalid TypeRecoveryInvalid\nrecovery_valid TypeRecoveryValid\nrecovery_code_invalid TypeRecoveryCodeInvalid\nrecovery_code_valid TypeRecoveryCodeValid\nverification_invalid TypeVerificationInvalid\nverification_valid TypeVerificationValid\nverification_code_invalid TypeVerificationCodeInvalid\nverification_code_valid TypeVerificationCodeValid\nstub TypeTestStub\nlogin_code_valid TypeLoginCodeValid\nregistration_code_valid TypeRegistrationCodeValid", + "enum": [ + "recovery_invalid", + "recovery_valid", + "recovery_code_invalid", + "recovery_code_valid", + "verification_invalid", + "verification_valid", + "verification_code_invalid", + "verification_code_valid", + "stub", + "login_code_valid", + "registration_code_valid" + ], + "type": "string", + "x-go-enum-desc": "recovery_invalid TypeRecoveryInvalid\nrecovery_valid TypeRecoveryValid\nrecovery_code_invalid TypeRecoveryCodeInvalid\nrecovery_code_valid TypeRecoveryCodeValid\nverification_invalid TypeVerificationInvalid\nverification_valid TypeVerificationValid\nverification_code_invalid TypeVerificationCodeInvalid\nverification_code_valid TypeVerificationCodeValid\nstub TypeTestStub\nlogin_code_valid TypeLoginCodeValid\nregistration_code_valid TypeRegistrationCodeValid" + }, + "type": { + "$ref": "#/components/schemas/courierMessageType" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "status", + "type", + "recipient", + "body", + "subject", + "template_type", + "send_count", + "created_at", + "updated_at" + ], + "type": "object" + }, + "messageDispatch": { + "description": "MessageDispatch represents an attempt of sending a courier message\nIt contains the status of the attempt (failed or successful) and the error if any occured", + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "error": { + "$ref": "#/components/schemas/JSONRawMessage" + }, + "id": { + "description": "The ID of this message dispatch", + "format": "uuid", + "type": "string" + }, + "message_id": { + "description": "The ID of the message being dispatched", + "format": "uuid", + "type": "string" + }, + "status": { + "description": "The status of this dispatch\nEither \"failed\" or \"success\"\nfailed CourierMessageDispatchStatusFailed\nsuccess CourierMessageDispatchStatusSuccess", + "enum": [ + "failed", + "success" + ], + "type": "string", + "x-go-enum-desc": "failed CourierMessageDispatchStatusFailed\nsuccess CourierMessageDispatchStatusSuccess" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + } + }, + "required": [ + "id", + "message_id", + "status", + "created_at", + "updated_at" + ], + "type": "object" + }, + "needsPrivilegedSessionError": { + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + }, + "redirect_browser_to": { + "description": "Points to where to redirect the user to next.", + "type": "string" + } + }, + "required": [ + "redirect_browser_to" + ], + "title": "Is sent when a privileged session is required to perform the settings update.", + "type": "object" + }, + "nullDuration": { + "nullable": true, + "pattern": "^[0-9]+(ns|us|ms|s|m|h)$", + "type": "string" + }, + "nullInt64": { + "nullable": true, + "type": "integer" + }, + "nullJsonRawMessage": { + "description": "NullJSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger and is NULLable-", + "nullable": true + }, + "nullTime": { + "format": "date-time", + "title": "NullTime implements sql.NullTime functionality.", + "type": "string" + }, + "patchIdentitiesBody": { + "description": "Patch Identities Body", + "properties": { + "identities": { + "description": "Identities holds the list of patches to apply\n\nrequired", + "items": { + "$ref": "#/components/schemas/identityPatch" + }, + "type": "array" + } + }, + "type": "object" + }, + "performNativeLogoutBody": { + "description": "Perform Native Logout Request Body", + "properties": { + "session_token": { + "description": "The Session Token\n\nInvalidate this session token.", + "type": "string" + } + }, + "required": [ + "session_token" + ], + "type": "object" + }, + "recoveryCodeForIdentity": { + "description": "Used when an administrator creates a recovery code for an identity.", + "properties": { + "expires_at": { + "description": "Expires At is the timestamp of when the recovery flow expires\n\nThe timestamp when the recovery code expires.", + "format": "date-time", + "type": "string" + }, + "recovery_code": { + "description": "RecoveryCode is the code that can be used to recover the account", + "type": "string" + }, + "recovery_link": { + "description": "RecoveryLink with flow\n\nThis link opens the recovery UI with an empty `code` field.", + "type": "string" + } + }, + "required": [ + "recovery_link", + "recovery_code" + ], + "title": "Recovery Code for Identity", + "type": "object" + }, + "recoveryFlow": { + "description": "This request is used when an identity wants to recover their account.\n\nWe recommend reading the [Account Recovery Documentation](../self-service/flows/password-reset-account-recovery)", + "properties": { + "active": { + "description": "Active, if set, contains the recovery method that is being used. It is initially\nnot set.", + "type": "string" + }, + "continue_with": { + "description": "Contains possible actions that could follow this flow", + "items": { + "$ref": "#/components/schemas/continueWith" + }, + "type": "array" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to update the setting,\na new request has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID represents the request's unique ID. When performing the recovery flow, this\nrepresents the id in the recovery ui's query parameter: http://?request=", + "format": "uuid", + "type": "string" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the request occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "return_to": { + "description": "ReturnTo contains the requested return_to URL.", + "type": "string" + }, + "state": { + "description": "State represents the state of this request:\n\nchoose_method: ask the user to choose a method (e.g. recover account via email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the recovery challenge was passed." + }, + "transient_payload": { + "description": "TransientPayload is used to pass data from the recovery flow to hooks and email templates", + "type": "object" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "type", + "expires_at", + "issued_at", + "request_url", + "ui", + "state" + ], + "title": "A Recovery Flow", + "type": "object" + }, + "recoveryFlowState": { + "description": "The experimental state represents the state of a recovery flow. This field is EXPERIMENTAL and subject to change!", + "enum": [ + "choose_method", + "sent_email", + "passed_challenge" + ], + "title": "Recovery flow state (experimental)" + }, + "recoveryIdentityAddress": { + "properties": { + "created_at": { + "description": "CreatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "id": { + "format": "uuid", + "type": "string" + }, + "updated_at": { + "description": "UpdatedAt is a helper struct field for gobuffalo.pop.", + "format": "date-time", + "type": "string" + }, + "value": { + "type": "string" + }, + "via": { + "$ref": "#/components/schemas/RecoveryAddressType" + } + }, + "required": [ + "id", + "value", + "via" + ], + "type": "object" + }, + "recoveryLinkForIdentity": { + "description": "Used when an administrator creates a recovery link for an identity.", + "properties": { + "expires_at": { + "description": "Recovery Link Expires At\n\nThe timestamp when the recovery link expires.", + "format": "date-time", + "type": "string" + }, + "recovery_link": { + "description": "Recovery Link\n\nThis link can be used to recover the account.", + "type": "string" + } + }, + "required": [ + "recovery_link" + ], + "title": "Identity Recovery Link", + "type": "object" + }, + "registrationFlow": { + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.\npassword CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode", + "enum": [ + "password", + "oidc", + "totp", + "lookup_secret", + "webauthn", + "code", + "passkey", + "profile", + "link_recovery", + "code_recovery" + ], + "type": "string", + "x-go-enum-desc": "password CredentialsTypePassword\noidc CredentialsTypeOIDC\ntotp CredentialsTypeTOTP\nlookup_secret CredentialsTypeLookup\nwebauthn CredentialsTypeWebAuthn\ncode CredentialsTypeCodeAuth\npasskey CredentialsTypePasskey\nprofile CredentialsTypeProfile\nlink_recovery CredentialsTypeRecoveryLink CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). It is not used within the credentials object itself.\ncode_recovery CredentialsTypeRecoveryCode" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to log in,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID represents the flow's unique ID. When performing the registration flow, this\nrepresents the id in the registration ui's query parameter: http:///?flow=", + "format": "uuid", + "type": "string" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow occurred.", + "format": "date-time", + "type": "string" + }, + "oauth2_login_challenge": { + "description": "Ory OAuth 2.0 Login Challenge.\n\nThis value is set using the `login_challenge` query parameter of the registration and login endpoints.\nIf set will cooperate with Ory OAuth2 and OpenID to act as an OAuth2 server / OpenID Provider.", + "type": "string" + }, + "oauth2_login_request": { + "$ref": "#/components/schemas/OAuth2LoginRequest" + }, + "organization_id": { + "$ref": "#/components/schemas/NullUUID" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "return_to": { + "description": "ReturnTo contains the requested return_to URL.", + "type": "string" + }, + "session_token_exchange_code": { + "description": "SessionTokenExchangeCode holds the secret code that the client can use to retrieve a session token after the flow has been completed.\nThis is only set if the client has requested a session token exchange code, and if the flow is of type \"api\",\nand only on creating the flow.", + "type": "string" + }, + "state": { + "description": "State represents the state of this request:\n\nchoose_method: ask the user to choose a method (e.g. registration with email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the registration challenge was passed." + }, + "transient_payload": { + "description": "TransientPayload is used to pass data from the registration to a webhook", + "type": "object" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "type", + "expires_at", + "issued_at", + "request_url", + "ui", + "state" + ], + "type": "object" + }, + "registrationFlowState": { + "description": "The experimental state represents the state of a registration flow. This field is EXPERIMENTAL and subject to change!", + "enum": [ + "choose_method", + "sent_email", + "passed_challenge" + ], + "title": "Registration flow state (experimental)", + "type": "string" + }, + "selfServiceFlowExpiredError": { + "description": "Is sent when a flow is expired", + "properties": { + "error": { + "$ref": "#/components/schemas/genericError" + }, + "expired_at": { + "description": "When the flow has expired", + "format": "date-time", + "type": "string" + }, + "since": { + "$ref": "#/components/schemas/Duration" + }, + "use_flow_id": { + "description": "The flow ID that should be used for the new flow as it contains the correct messages.", + "format": "uuid", + "type": "string" + } + }, + "type": "object" + }, + "selfServiceFlowType": { + "description": "The flow type can either be `api` or `browser`.", + "title": "Type is the flow type.", + "type": "string" + }, + "session": { + "description": "A Session", + "properties": { + "active": { + "description": "Active state. If false the session is no longer active.", + "type": "boolean" + }, + "authenticated_at": { + "description": "The Session Authentication Timestamp\n\nWhen this session was authenticated at. If multi-factor authentication was used this\nis the time when the last factor was authenticated (e.g. the TOTP code challenge was completed).", + "format": "date-time", + "type": "string" + }, + "authentication_methods": { + "$ref": "#/components/schemas/sessionAuthenticationMethods" + }, + "authenticator_assurance_level": { + "$ref": "#/components/schemas/authenticatorAssuranceLevel" + }, + "devices": { + "description": "Devices has history of all endpoints where the session was used", + "items": { + "$ref": "#/components/schemas/sessionDevice" + }, + "type": "array" + }, + "expires_at": { + "description": "The Session Expiry\n\nWhen this session expires at.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "Session ID", + "format": "uuid", + "type": "string" + }, + "identity": { + "$ref": "#/components/schemas/identity" + }, + "issued_at": { + "description": "The Session Issuance Timestamp\n\nWhen this session was issued at. Usually equal or close to `authenticated_at`.", + "format": "date-time", + "type": "string" + }, + "tokenized": { + "description": "Tokenized is the tokenized (e.g. JWT) version of the session.\n\nIt is only set when the `tokenize` query parameter was set to a valid tokenize template during calls to `/session/whoami`.", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "sessionAuthenticationMethod": { + "description": "A singular authenticator used during authentication / login.", + "properties": { + "aal": { + "$ref": "#/components/schemas/authenticatorAssuranceLevel" + }, + "completed_at": { + "description": "When the authentication challenge was completed.", + "format": "date-time", + "type": "string" + }, + "method": { + "enum": [ + "link_recovery", + "code_recovery", + "password", + "code", + "totp", + "oidc", + "webauthn", + "lookup_secret", + "v0.6_legacy_session" + ], + "title": "The method used", + "type": "string" + }, + "organization": { + "description": "The Organization id used for authentication", + "type": "string" + }, + "provider": { + "description": "OIDC or SAML provider id used for authentication", + "type": "string" + } + }, + "title": "AuthenticationMethod identifies an authentication method", + "type": "object" + }, + "sessionAuthenticationMethods": { + "description": "A list of authenticators which were used to authenticate the session.", + "items": { + "$ref": "#/components/schemas/sessionAuthenticationMethod" + }, + "title": "List of (Used) AuthenticationMethods", + "type": "array" + }, + "sessionDevice": { + "description": "Device corresponding to a Session", + "properties": { + "id": { + "description": "Device record ID", + "format": "uuid", + "type": "string" + }, + "ip_address": { + "description": "IPAddress of the client", + "type": "string" + }, + "location": { + "description": "Geo Location corresponding to the IP Address", + "type": "string" + }, + "user_agent": { + "description": "UserAgent of the client", + "type": "string" + } + }, + "required": [ + "id" + ], + "type": "object" + }, + "settingsFlow": { + "description": "This flow is used when an identity wants to update settings\n(e.g. profile data, passwords, ...) in a selfservice manner.\n\nWe recommend reading the [User Settings Documentation](../self-service/flows/user-settings)", + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", + "type": "string" + }, + "continue_with": { + "description": "Contains a list of actions, that could follow this flow\n\nIt can, for example, contain a reference to the verification flow, created as part of the user's\nregistration.", + "items": { + "$ref": "#/components/schemas/continueWith" + }, + "type": "array" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the flow expires. If the user still wishes to update the setting,\na new flow has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID represents the flow's unique ID. When performing the settings flow, this\nrepresents the id in the settings ui's query parameter: http://?flow=", + "format": "uuid", + "type": "string" + }, + "identity": { + "$ref": "#/components/schemas/identity" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the flow occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "return_to": { + "description": "ReturnTo contains the requested return_to URL.", + "type": "string" + }, + "state": { + "description": "State represents the state of this flow. It knows two states:\n\nshow_form: No user data has been collected, or it is invalid, and thus the form should be shown.\nsuccess: Indicates that the settings flow has been updated successfully with the provided data.\nDone will stay true when repeatedly checking. If set to true, done will revert back to false only\nwhen a flow with invalid (e.g. \"please use a valid phone number\") data was sent." + }, + "transient_payload": { + "description": "TransientPayload is used to pass data from the settings flow to hooks and email templates", + "type": "object" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "type", + "expires_at", + "issued_at", + "request_url", + "ui", + "identity", + "state" + ], + "title": "Flow represents a Settings Flow", + "type": "object" + }, + "settingsFlowState": { + "description": "The experimental state represents the state of a settings flow. This field is EXPERIMENTAL and subject to change!", + "enum": [ + "show_form", + "success" + ], + "title": "Settings flow state (experimental)", + "type": "string" + }, + "successfulCodeExchangeResponse": { + "description": "The Response for Registration Flows via API", + "properties": { + "session": { + "$ref": "#/components/schemas/session" + }, + "session_token": { + "description": "The Session Token\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", + "type": "string" + } + }, + "required": [ + "session" + ], + "type": "object" + }, + "successfulNativeLogin": { + "description": "The Response for Login Flows via API", + "properties": { + "continue_with": { + "description": "Contains a list of actions, that could follow this flow\n\nIt can, for example, this will contain a reference to the verification flow, created as part of the user's\nregistration or the token of the session.", + "items": { + "$ref": "#/components/schemas/continueWith" + }, + "type": "array" + }, + "session": { + "$ref": "#/components/schemas/session" + }, + "session_token": { + "description": "The Session Token\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", + "type": "string" + } + }, + "required": [ + "session" + ], + "type": "object" + }, + "successfulNativeRegistration": { + "description": "The Response for Registration Flows via API", + "properties": { + "continue_with": { + "description": "Contains a list of actions, that could follow this flow\n\nIt can, for example, this will contain a reference to the verification flow, created as part of the user's\nregistration or the token of the session.", + "items": { + "$ref": "#/components/schemas/continueWith" + }, + "type": "array" + }, + "identity": { + "$ref": "#/components/schemas/identity" + }, + "session": { + "$ref": "#/components/schemas/session" + }, + "session_token": { + "description": "The Session Token\n\nThis field is only set when the session hook is configured as a post-registration hook.\n\nA session token is equivalent to a session cookie, but it can be sent in the HTTP Authorization\nHeader:\n\nAuthorization: bearer ${session-token}\n\nThe session token is only issued for API flows, not for Browser flows!", + "type": "string" + } + }, + "required": [ + "identity" + ], + "type": "object" + }, + "tokenPagination": { + "properties": { + "page_size": { + "default": 250, + "description": "Items per page\n\nThis is the number of items per page to return.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "format": "int64", + "maximum": 1000, + "minimum": 1, + "type": "integer" + }, + "page_token": { + "default": "1", + "description": "Next Page Token\n\nThe next page token.\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).", + "minimum": 1, + "type": "string" + } + }, + "type": "object" + }, + "tokenPaginationHeaders": { + "properties": { + "link": { + "description": "The link header contains pagination links.\n\nFor details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\nin: header", + "type": "string" + }, + "x-total-count": { + "description": "The total number of clients.\n\nin: header", + "type": "string" + } + }, + "type": "object" + }, + "uiContainer": { + "description": "Container represents a HTML Form. The container can work with both HTTP Form and JSON requests", + "properties": { + "action": { + "description": "Action should be used as the form action URL `
`.", + "type": "string" + }, + "messages": { + "$ref": "#/components/schemas/uiTexts" + }, + "method": { + "description": "Method is the form method (e.g. POST)", + "type": "string" + }, + "nodes": { + "$ref": "#/components/schemas/uiNodes" + } + }, + "required": [ + "action", + "method", + "nodes" + ], + "type": "object" + }, + "uiNode": { + "description": "Nodes are represented as HTML elements or their native UI equivalents. For example,\na node can be an `` tag, or an `` but also `some plain text`.", + "properties": { + "attributes": { + "$ref": "#/components/schemas/uiNodeAttributes" + }, + "group": { + "description": "Group specifies which group (e.g. password authenticator) this node belongs to.\ndefault DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup\npasskey PasskeyGroup\nidentifier_first IdentifierFirstGroup", + "enum": [ + "default", + "password", + "oidc", + "profile", + "link", + "code", + "totp", + "lookup_secret", + "webauthn", + "passkey", + "identifier_first" + ], + "type": "string", + "x-go-enum-desc": "default DefaultGroup\npassword PasswordGroup\noidc OpenIDConnectGroup\nprofile ProfileGroup\nlink LinkGroup\ncode CodeGroup\ntotp TOTPGroup\nlookup_secret LookupGroup\nwebauthn WebAuthnGroup\npasskey PasskeyGroup\nidentifier_first IdentifierFirstGroup" + }, + "messages": { + "$ref": "#/components/schemas/uiTexts" + }, + "meta": { + "$ref": "#/components/schemas/uiNodeMeta" + }, + "type": { + "description": "The node's type\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + } + }, + "required": [ + "type", + "group", + "attributes", + "messages", + "meta" + ], + "title": "Node represents a flow's nodes", + "type": "object" + }, + "uiNodeAnchorAttributes": { + "properties": { + "href": { + "description": "The link's href (destination) URL.\n\nformat: uri", + "type": "string" + }, + "id": { + "description": "A unique identifier", + "type": "string" + }, + "node_type": { + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"a\".\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + }, + "title": { + "$ref": "#/components/schemas/uiText" + } + }, + "required": [ + "href", + "title", + "id", + "node_type" + ], + "title": "AnchorAttributes represents the attributes of an anchor node.", + "type": "object" + }, + "uiNodeAttributes": { + "discriminator": { + "mapping": { + "a": "#/components/schemas/uiNodeAnchorAttributes", + "img": "#/components/schemas/uiNodeImageAttributes", + "input": "#/components/schemas/uiNodeInputAttributes", + "script": "#/components/schemas/uiNodeScriptAttributes", + "text": "#/components/schemas/uiNodeTextAttributes" + }, + "propertyName": "node_type" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/uiNodeInputAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeTextAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeImageAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeAnchorAttributes" + }, + { + "$ref": "#/components/schemas/uiNodeScriptAttributes" + } + ], + "title": "Attributes represents a list of attributes (e.g. `href=\"foo\"` for links)." + }, + "uiNodeImageAttributes": { + "properties": { + "height": { + "description": "Height of the image", + "format": "int64", + "type": "integer" + }, + "id": { + "description": "A unique identifier", + "type": "string" + }, + "node_type": { + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"img\".\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + }, + "src": { + "description": "The image's source URL.\n\nformat: uri", + "type": "string" + }, + "width": { + "description": "Width of the image", + "format": "int64", + "type": "integer" + } + }, + "required": [ + "src", + "id", + "width", + "height", + "node_type" + ], + "title": "ImageAttributes represents the attributes of an image node.", + "type": "object" + }, + "uiNodeInputAttributes": { + "description": "InputAttributes represents the attributes of an input node", + "properties": { + "autocomplete": { + "description": "The autocomplete attribute for the input.\nemail InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode", + "enum": [ + "email", + "tel", + "url", + "current-password", + "new-password", + "one-time-code" + ], + "type": "string", + "x-go-enum-desc": "email InputAttributeAutocompleteEmail\ntel InputAttributeAutocompleteTel\nurl InputAttributeAutocompleteUrl\ncurrent-password InputAttributeAutocompleteCurrentPassword\nnew-password InputAttributeAutocompleteNewPassword\none-time-code InputAttributeAutocompleteOneTimeCode" + }, + "disabled": { + "description": "Sets the input's disabled field to true or false.", + "type": "boolean" + }, + "label": { + "$ref": "#/components/schemas/uiText" + }, + "maxlength": { + "description": "MaxLength may contain the input's maximum length.", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "The input's element name.", + "type": "string" + }, + "node_type": { + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"input\".\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + }, + "onclick": { + "description": "OnClick may contain javascript which should be executed on click. This is primarily\nused for WebAuthn.\n\nDeprecated: Using OnClick requires the use of eval() which is a security risk. Use OnClickTrigger instead.", + "type": "string" + }, + "onclickTrigger": { + "description": "OnClickTrigger may contain a WebAuthn trigger which should be executed on click.\n\nThe trigger maps to a JavaScript function provided by Ory, which triggers actions such as PassKey registration or login.\noryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration\noryWebAuthnLogin WebAuthnTriggersWebAuthnLogin\noryPasskeyLogin WebAuthnTriggersPasskeyLogin\noryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit\noryPasskeyRegistration WebAuthnTriggersPasskeyRegistration\noryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration", + "enum": [ + "oryWebAuthnRegistration", + "oryWebAuthnLogin", + "oryPasskeyLogin", + "oryPasskeyLoginAutocompleteInit", + "oryPasskeyRegistration", + "oryPasskeySettingsRegistration" + ], + "type": "string", + "x-go-enum-desc": "oryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration\noryWebAuthnLogin WebAuthnTriggersWebAuthnLogin\noryPasskeyLogin WebAuthnTriggersPasskeyLogin\noryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit\noryPasskeyRegistration WebAuthnTriggersPasskeyRegistration\noryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration" + }, + "onload": { + "description": "OnLoad may contain javascript which should be executed on load. This is primarily\nused for WebAuthn.\n\nDeprecated: Using OnLoad requires the use of eval() which is a security risk. Use OnLoadTrigger instead.", + "type": "string" + }, + "onloadTrigger": { + "description": "OnLoadTrigger may contain a WebAuthn trigger which should be executed on load.\n\nThe trigger maps to a JavaScript function provided by Ory, which triggers actions such as PassKey registration or login.\noryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration\noryWebAuthnLogin WebAuthnTriggersWebAuthnLogin\noryPasskeyLogin WebAuthnTriggersPasskeyLogin\noryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit\noryPasskeyRegistration WebAuthnTriggersPasskeyRegistration\noryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration", + "enum": [ + "oryWebAuthnRegistration", + "oryWebAuthnLogin", + "oryPasskeyLogin", + "oryPasskeyLoginAutocompleteInit", + "oryPasskeyRegistration", + "oryPasskeySettingsRegistration" + ], + "type": "string", + "x-go-enum-desc": "oryWebAuthnRegistration WebAuthnTriggersWebAuthnRegistration\noryWebAuthnLogin WebAuthnTriggersWebAuthnLogin\noryPasskeyLogin WebAuthnTriggersPasskeyLogin\noryPasskeyLoginAutocompleteInit WebAuthnTriggersPasskeyLoginAutocompleteInit\noryPasskeyRegistration WebAuthnTriggersPasskeyRegistration\noryPasskeySettingsRegistration WebAuthnTriggersPasskeySettingsRegistration" + }, + "pattern": { + "description": "The input's pattern.", + "type": "string" + }, + "required": { + "description": "Mark this input field as required.", + "type": "boolean" + }, + "type": { + "description": "The input's element type.\ntext InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI", + "enum": [ + "text", + "password", + "number", + "checkbox", + "hidden", + "email", + "tel", + "submit", + "button", + "datetime-local", + "date", + "url" + ], + "type": "string", + "x-go-enum-desc": "text InputAttributeTypeText\npassword InputAttributeTypePassword\nnumber InputAttributeTypeNumber\ncheckbox InputAttributeTypeCheckbox\nhidden InputAttributeTypeHidden\nemail InputAttributeTypeEmail\ntel InputAttributeTypeTel\nsubmit InputAttributeTypeSubmit\nbutton InputAttributeTypeButton\ndatetime-local InputAttributeTypeDateTimeLocal\ndate InputAttributeTypeDate\nurl InputAttributeTypeURI" + }, + "value": { + "description": "The input's value.", + "nullable": true + } + }, + "required": [ + "name", + "type", + "disabled", + "node_type" + ], + "type": "object" + }, + "uiNodeMeta": { + "description": "This might include a label and other information that can optionally\nbe used to render UIs.", + "properties": { + "label": { + "$ref": "#/components/schemas/uiText" + } + }, + "title": "A Node's Meta Information", + "type": "object" + }, + "uiNodeScriptAttributes": { + "properties": { + "async": { + "description": "The script async type", + "type": "boolean" + }, + "crossorigin": { + "description": "The script cross origin policy", + "type": "string" + }, + "id": { + "description": "A unique identifier", + "type": "string" + }, + "integrity": { + "description": "The script's integrity hash", + "type": "string" + }, + "node_type": { + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"script\".\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + }, + "nonce": { + "description": "Nonce for CSP\n\nA nonce you may want to use to improve your Content Security Policy.\nYou do not have to use this value but if you want to improve your CSP\npolicies you may use it. You can also choose to use your own nonce value!", + "type": "string" + }, + "referrerpolicy": { + "description": "The script referrer policy", + "type": "string" + }, + "src": { + "description": "The script source", + "type": "string" + }, + "type": { + "description": "The script MIME type", + "type": "string" + } + }, + "required": [ + "src", + "async", + "referrerpolicy", + "crossorigin", + "integrity", + "type", + "id", + "nonce", + "node_type" + ], + "title": "ScriptAttributes represent script nodes which load javascript.", + "type": "object" + }, + "uiNodeTextAttributes": { + "properties": { + "id": { + "description": "A unique identifier", + "type": "string" + }, + "node_type": { + "description": "NodeType represents this node's types. It is a mirror of `node.type` and\nis primarily used to allow compatibility with OpenAPI 3.0. In this struct it technically always is \"text\".\ntext Text\ninput Input\nimg Image\na Anchor\nscript Script", + "enum": [ + "text", + "input", + "img", + "a", + "script" + ], + "type": "string", + "x-go-enum-desc": "text Text\ninput Input\nimg Image\na Anchor\nscript Script" + }, + "text": { + "$ref": "#/components/schemas/uiText" + } + }, + "required": [ + "text", + "id", + "node_type" + ], + "title": "TextAttributes represents the attributes of a text node.", + "type": "object" + }, + "uiNodes": { + "items": { + "$ref": "#/components/schemas/uiNode" + }, + "type": "array" + }, + "uiText": { + "properties": { + "context": { + "description": "The message's context. Useful when customizing messages.", + "type": "object" + }, + "id": { + "$ref": "#/components/schemas/ID" + }, + "text": { + "description": "The message text. Written in american english.", + "type": "string" + }, + "type": { + "description": "The message type.\ninfo Info\nerror Error\nsuccess Success", + "enum": [ + "info", + "error", + "success" + ], + "type": "string", + "x-go-enum-desc": "info Info\nerror Error\nsuccess Success" + } + }, + "required": [ + "id", + "text", + "type" + ], + "type": "object" + }, + "uiTexts": { + "items": { + "$ref": "#/components/schemas/uiText" + }, + "type": "array" + }, + "unexpectedError": { + "type": "string" + }, + "updateIdentityBody": { + "description": "Update Identity Body", + "properties": { + "credentials": { + "$ref": "#/components/schemas/identityWithCredentials" + }, + "metadata_admin": { + "description": "Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/`." + }, + "metadata_public": { + "description": "Store metadata about the identity which the identity itself can see when calling for example the\nsession endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field." + }, + "schema_id": { + "description": "SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set\nwill update the Identity's SchemaID.", + "type": "string" + }, + "state": { + "description": "State is the identity's state.\nactive StateActive\ninactive StateInactive", + "enum": [ + "active", + "inactive" + ], + "type": "string", + "x-go-enum-desc": "active StateActive\ninactive StateInactive" + }, + "traits": { + "description": "Traits represent an identity's traits. The identity is able to create, modify, and delete traits\nin a self-service manner. The input will always be validated against the JSON Schema defined\nin `schema_id`.", + "type": "object" + } + }, + "required": [ + "schema_id", + "traits", + "state" + ], + "type": "object" + }, + "updateLoginFlowBody": { + "discriminator": { + "mapping": { + "code": "#/components/schemas/updateLoginFlowWithCodeMethod", + "identifier_first": "#/components/schemas/updateLoginFlowWithIdentifierFirstMethod", + "lookup_secret": "#/components/schemas/updateLoginFlowWithLookupSecretMethod", + "oidc": "#/components/schemas/updateLoginFlowWithOidcMethod", + "passkey": "#/components/schemas/updateLoginFlowWithPasskeyMethod", + "password": "#/components/schemas/updateLoginFlowWithPasswordMethod", + "totp": "#/components/schemas/updateLoginFlowWithTotpMethod", + "webauthn": "#/components/schemas/updateLoginFlowWithWebAuthnMethod" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/updateLoginFlowWithPasswordMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithOidcMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithTotpMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithWebAuthnMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithLookupSecretMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithCodeMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithPasskeyMethod" + }, + { + "$ref": "#/components/schemas/updateLoginFlowWithIdentifierFirstMethod" + } + ] + }, + "updateLoginFlowWithCodeMethod": { + "description": "Update Login flow using the code method", + "properties": { + "address": { + "description": "Address is the address to send the code to, in case that there are multiple addresses. This field\nis only used in two-factor flows and is ineffective for passwordless flows.", + "type": "string" + }, + "code": { + "description": "Code is the 6 digits code sent to the user", + "type": "string" + }, + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "identifier": { + "description": "Identifier is the code identifier\nThe identifier requires that the user has already completed the registration or settings with code flow.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"code\" when logging in using the code strategy.", + "type": "string" + }, + "resend": { + "description": "Resend is set when the user wants to resend the code", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method", + "csrf_token" + ], + "type": "object" + }, + "updateLoginFlowWithIdentifierFirstMethod": { + "description": "Update Login Flow with Multi-Step Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "identifier": { + "description": "Identifier is the email or username of the user trying to log in.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"password\" when logging in using the identifier and password strategy.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method", + "identifier" + ], + "type": "object" + }, + "updateLoginFlowWithLookupSecretMethod": { + "description": "Update Login Flow with Lookup Secret Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "lookup_secret": { + "description": "The lookup secret.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"lookup_secret\" when logging in using the lookup_secret strategy.", + "type": "string" + } + }, + "required": [ + "method", + "lookup_secret" + ], + "type": "object" + }, + "updateLoginFlowWithOidcMethod": { + "description": "Update Login Flow with OpenID Connect Method", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "id_token": { + "description": "IDToken is an optional id token provided by an OIDC provider\n\nIf submitted, it is verified using the OIDC provider's public key set and the claims are used to populate\nthe OIDC credentials of the identity.\nIf the OIDC provider does not store additional claims (such as name, etc.) in the IDToken itself, you can use\nthe `traits` field to populate the identity's traits. Note, that Apple only includes the users email in the IDToken.\n\nSupported providers are\nApple\nGoogle", + "type": "string" + }, + "id_token_nonce": { + "description": "IDTokenNonce is the nonce, used when generating the IDToken.\nIf the provider supports nonce validation, the nonce will be validated against this value and required.", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", + "type": "string" + }, + "provider": { + "description": "The provider to register with", + "type": "string" + }, + "traits": { + "description": "The identity traits. This is a placeholder for the registration flow.", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "upstream_parameters": { + "description": "UpstreamParameters are the parameters that are passed to the upstream identity provider.\n\nThese parameters are optional and depend on what the upstream identity provider supports.\nSupported parameters are:\n`login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.\n`hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.\n`prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.", + "type": "object" + } + }, + "required": [ + "provider", + "method" + ], + "type": "object" + }, + "updateLoginFlowWithPasskeyMethod": { + "description": "Update Login Flow with Passkey Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"passkey\" when logging in using the Passkey strategy.", + "type": "string" + }, + "passkey_login": { + "description": "Login a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", + "type": "string" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateLoginFlowWithPasswordMethod": { + "description": "Update Login Flow with Password Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "identifier": { + "description": "Identifier is the email or username of the user trying to log in.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"password\" when logging in using the identifier and password strategy.", + "type": "string" + }, + "password": { + "description": "The user's password.", + "type": "string" + }, + "password_identifier": { + "description": "Identifier is the email or username of the user trying to log in.\nThis field is deprecated!", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method", + "password", + "identifier" + ], + "type": "object" + }, + "updateLoginFlowWithTotpMethod": { + "description": "Update Login Flow with TOTP Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"totp\" when logging in using the TOTP strategy.", + "type": "string" + }, + "totp_code": { + "description": "The TOTP code.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method", + "totp_code" + ], + "type": "object" + }, + "updateLoginFlowWithWebAuthnMethod": { + "description": "Update Login Flow with WebAuthn Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "identifier": { + "description": "Identifier is the email or username of the user trying to log in.", + "type": "string" + }, + "method": { + "description": "Method should be set to \"webAuthn\" when logging in using the WebAuthn strategy.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "webauthn_login": { + "description": "Login a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", + "type": "string" + } + }, + "required": [ + "identifier", + "method" + ], + "type": "object" + }, + "updateRecoveryFlowBody": { + "description": "Update Recovery Flow Request Body", + "discriminator": { + "mapping": { + "code": "#/components/schemas/updateRecoveryFlowWithCodeMethod", + "link": "#/components/schemas/updateRecoveryFlowWithLinkMethod" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/updateRecoveryFlowWithLinkMethod" + }, + { + "$ref": "#/components/schemas/updateRecoveryFlowWithCodeMethod" + } + ] + }, + "updateRecoveryFlowWithCodeMethod": { + "description": "Update Recovery Flow with Code Method", + "properties": { + "code": { + "description": "Code from the recovery email\n\nIf you want to submit a code, use this field, but make sure to _not_ include the email field, as well.", + "type": "string" + }, + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "The email address of the account to recover\n\nIf the email belongs to a valid account, a recovery email will be sent.\n\nIf you want to notify the email address if the account does not exist, see\nthe [notify_unknown_recipients flag](https://www.ory.sh/docs/kratos/self-service/flows/account-recovery-password-reset#attempted-recovery-notifications)\n\nIf a code was already sent, including this field in the payload will invalidate the sent code and re-send a new code.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method is the method that should be used for this recovery flow\n\nAllowed values are `link` and `code`.\nlink RecoveryStrategyLink\ncode RecoveryStrategyCode", + "enum": [ + "link", + "code" + ], + "type": "string", + "x-go-enum-desc": "link RecoveryStrategyLink\ncode RecoveryStrategyCode" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateRecoveryFlowWithLinkMethod": { + "description": "Update Recovery Flow with Link Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "Email to Recover\n\nNeeds to be set when initiating the flow. If the email is a registered\nrecovery email, a recovery link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method is the method that should be used for this recovery flow\n\nAllowed values are `link` and `code`\nlink RecoveryStrategyLink\ncode RecoveryStrategyCode", + "enum": [ + "link", + "code" + ], + "type": "string", + "x-go-enum-desc": "link RecoveryStrategyLink\ncode RecoveryStrategyCode" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "email", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowBody": { + "description": "Update Registration Request Body", + "discriminator": { + "mapping": { + "code": "#/components/schemas/updateRegistrationFlowWithCodeMethod", + "oidc": "#/components/schemas/updateRegistrationFlowWithOidcMethod", + "passkey": "#/components/schemas/updateRegistrationFlowWithPasskeyMethod", + "password": "#/components/schemas/updateRegistrationFlowWithPasswordMethod", + "profile": "#/components/schemas/updateRegistrationFlowWithProfileMethod", + "webauthn": "#/components/schemas/updateRegistrationFlowWithWebAuthnMethod" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/updateRegistrationFlowWithPasswordMethod" + }, + { + "$ref": "#/components/schemas/updateRegistrationFlowWithOidcMethod" + }, + { + "$ref": "#/components/schemas/updateRegistrationFlowWithWebAuthnMethod" + }, + { + "$ref": "#/components/schemas/updateRegistrationFlowWithCodeMethod" + }, + { + "$ref": "#/components/schemas/updateRegistrationFlowWithPasskeyMethod" + }, + { + "$ref": "#/components/schemas/updateRegistrationFlowWithProfileMethod" + } + ] + }, + "updateRegistrationFlowWithCodeMethod": { + "description": "Update Registration Flow with Code Method", + "properties": { + "code": { + "description": "The OTP Code sent to the user", + "type": "string" + }, + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `code` when using the code method.", + "type": "string" + }, + "resend": { + "description": "Resend restarts the flow with a new code", + "type": "string" + }, + "traits": { + "description": "The identity's traits", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "traits", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowWithOidcMethod": { + "description": "Update Registration Flow with OpenID Connect Method", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "id_token": { + "description": "IDToken is an optional id token provided by an OIDC provider\n\nIf submitted, it is verified using the OIDC provider's public key set and the claims are used to populate\nthe OIDC credentials of the identity.\nIf the OIDC provider does not store additional claims (such as name, etc.) in the IDToken itself, you can use\nthe `traits` field to populate the identity's traits. Note, that Apple only includes the users email in the IDToken.\n\nSupported providers are\nApple\nGoogle", + "type": "string" + }, + "id_token_nonce": { + "description": "IDTokenNonce is the nonce, used when generating the IDToken.\nIf the provider supports nonce validation, the nonce will be validated against this value and is required.", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `oidc` when using the oidc method.", + "type": "string" + }, + "provider": { + "description": "The provider to register with", + "type": "string" + }, + "traits": { + "description": "The identity traits", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "upstream_parameters": { + "description": "UpstreamParameters are the parameters that are passed to the upstream identity provider.\n\nThese parameters are optional and depend on what the upstream identity provider supports.\nSupported parameters are:\n`login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.\n`hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.\n`prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.", + "type": "object" + } + }, + "required": [ + "provider", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowWithPasskeyMethod": { + "description": "Update Registration Flow with Passkey Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to \"passkey\" when trying to add, update, or remove a Passkey.", + "type": "string" + }, + "passkey_register": { + "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", + "type": "string" + }, + "traits": { + "description": "The identity's traits", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "traits", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowWithPasswordMethod": { + "description": "Update Registration Flow with Password Method", + "properties": { + "csrf_token": { + "description": "The CSRF Token", + "type": "string" + }, + "method": { + "description": "Method to use\n\nThis field must be set to `password` when using the password method.", + "type": "string" + }, + "password": { + "description": "Password to sign the user up with", + "type": "string" + }, + "traits": { + "description": "The identity's traits", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "password", + "traits", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowWithProfileMethod": { + "description": "Update Registration Flow with Profile Method", + "properties": { + "csrf_token": { + "description": "The Anti-CSRF Token\n\nThis token is only required when performing browser flows.", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to profile when trying to update a profile.", + "type": "string" + }, + "screen": { + "description": "Screen requests navigation to a previous screen.\n\nThis must be set to credential-selection to go back to the credential\nselection screen.\ncredential-selection RegistrationScreenCredentialSelection nolint:gosec // not a credential\nprevious RegistrationScreenPrevious", + "enum": [ + "credential-selection", + "previous" + ], + "type": "string", + "x-go-enum-desc": "credential-selection RegistrationScreenCredentialSelection nolint:gosec // not a credential\nprevious RegistrationScreenPrevious" + }, + "traits": { + "description": "Traits\n\nThe identity's traits.", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "traits", + "method" + ], + "type": "object" + }, + "updateRegistrationFlowWithWebAuthnMethod": { + "description": "Update Registration Flow with WebAuthn Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.", + "type": "string" + }, + "traits": { + "description": "The identity's traits", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "webauthn_register": { + "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", + "type": "string" + }, + "webauthn_register_displayname": { + "description": "Name of the WebAuthn Security Key to be Added\n\nA human-readable name for the security key which will be added.", + "type": "string" + } + }, + "required": [ + "traits", + "method" + ], + "type": "object" + }, + "updateSettingsFlowBody": { + "description": "Update Settings Flow Request Body", + "discriminator": { + "mapping": { + "lookup_secret": "#/components/schemas/updateSettingsFlowWithLookupMethod", + "oidc": "#/components/schemas/updateSettingsFlowWithOidcMethod", + "passkey": "#/components/schemas/updateSettingsFlowWithPasskeyMethod", + "password": "#/components/schemas/updateSettingsFlowWithPasswordMethod", + "profile": "#/components/schemas/updateSettingsFlowWithProfileMethod", + "totp": "#/components/schemas/updateSettingsFlowWithTotpMethod", + "webauthn": "#/components/schemas/updateSettingsFlowWithWebAuthnMethod" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/updateSettingsFlowWithPasswordMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithProfileMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithOidcMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithTotpMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithWebAuthnMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithLookupMethod" + }, + { + "$ref": "#/components/schemas/updateSettingsFlowWithPasskeyMethod" + } + ] + }, + "updateSettingsFlowWithLookupMethod": { + "description": "Update Settings Flow with Lookup Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "lookup_secret_confirm": { + "description": "If set to true will save the regenerated lookup secrets", + "type": "boolean" + }, + "lookup_secret_disable": { + "description": "Disables this method if true.", + "type": "boolean" + }, + "lookup_secret_regenerate": { + "description": "If set to true will regenerate the lookup secrets", + "type": "boolean" + }, + "lookup_secret_reveal": { + "description": "If set to true will reveal the lookup secrets", + "type": "boolean" + }, + "method": { + "description": "Method\n\nShould be set to \"lookup\" when trying to add, update, or remove a lookup pairing.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithOidcMethod": { + "description": "Update Settings Flow with OpenID Connect Method", + "properties": { + "flow": { + "description": "Flow ID is the flow's ID.\n\nin: query", + "type": "string" + }, + "link": { + "description": "Link this provider\n\nEither this or `unlink` must be set.\n\ntype: string\nin: body", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to profile when trying to update a profile.", + "type": "string" + }, + "traits": { + "description": "The identity's traits\n\nin: body", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "unlink": { + "description": "Unlink this provider\n\nEither this or `link` must be set.\n\ntype: string\nin: body", + "type": "string" + }, + "upstream_parameters": { + "description": "UpstreamParameters are the parameters that are passed to the upstream identity provider.\n\nThese parameters are optional and depend on what the upstream identity provider supports.\nSupported parameters are:\n`login_hint` (string): The `login_hint` parameter suppresses the account chooser and either pre-fills the email box on the sign-in form, or selects the proper session.\n`hd` (string): The `hd` parameter limits the login/registration process to a Google Organization, e.g. `mycollege.edu`.\n`prompt` (string): The `prompt` specifies whether the Authorization Server prompts the End-User for reauthentication and consent, e.g. `select_account`.", + "type": "object" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithPasskeyMethod": { + "description": "Update Settings Flow with Passkey Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to \"passkey\" when trying to add, update, or remove a webAuthn pairing.", + "type": "string" + }, + "passkey_remove": { + "description": "Remove a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", + "type": "string" + }, + "passkey_settings_register": { + "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", + "type": "string" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithPasswordMethod": { + "description": "Update Settings Flow with Password Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to password when trying to update a password.", + "type": "string" + }, + "password": { + "description": "Password is the updated password", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "password", + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithProfileMethod": { + "description": "Update Settings Flow with Profile Method", + "properties": { + "csrf_token": { + "description": "The Anti-CSRF Token\n\nThis token is only required when performing browser flows.", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to profile when trying to update a profile.", + "type": "string" + }, + "traits": { + "description": "Traits\n\nThe identity's traits.", + "type": "object" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "traits", + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithTotpMethod": { + "description": "Update Settings Flow with TOTP Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to \"totp\" when trying to add, update, or remove a totp pairing.", + "type": "string" + }, + "totp_code": { + "description": "ValidationTOTP must contain a valid TOTP based on the", + "type": "string" + }, + "totp_unlink": { + "description": "UnlinkTOTP if true will remove the TOTP pairing,\neffectively removing the credential. This can be used\nto set up a new TOTP device.", + "type": "boolean" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateSettingsFlowWithWebAuthnMethod": { + "description": "Update Settings Flow with WebAuthn Method", + "properties": { + "csrf_token": { + "description": "CSRFToken is the anti-CSRF token", + "type": "string" + }, + "method": { + "description": "Method\n\nShould be set to \"webauthn\" when trying to add, update, or remove a webAuthn pairing.", + "type": "string" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + }, + "webauthn_register": { + "description": "Register a WebAuthn Security Key\n\nIt is expected that the JSON returned by the WebAuthn registration process\nis included here.", + "type": "string" + }, + "webauthn_register_displayname": { + "description": "Name of the WebAuthn Security Key to be Added\n\nA human-readable name for the security key which will be added.", + "type": "string" + }, + "webauthn_remove": { + "description": "Remove a WebAuthn Security Key\n\nThis must contain the ID of the WebAuthN connection.", + "type": "string" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateVerificationFlowBody": { + "description": "Update Verification Flow Request Body", + "discriminator": { + "mapping": { + "code": "#/components/schemas/updateVerificationFlowWithCodeMethod", + "link": "#/components/schemas/updateVerificationFlowWithLinkMethod" + }, + "propertyName": "method" + }, + "oneOf": [ + { + "$ref": "#/components/schemas/updateVerificationFlowWithLinkMethod" + }, + { + "$ref": "#/components/schemas/updateVerificationFlowWithCodeMethod" + } + ] + }, + "updateVerificationFlowWithCodeMethod": { + "properties": { + "code": { + "description": "Code from the recovery email\n\nIf you want to submit a code, use this field, but make sure to _not_ include the email field, as well.", + "type": "string" + }, + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "The email address to verify\n\nIf the email belongs to a valid account, a verifiation email will be sent.\n\nIf you want to notify the email address if the account does not exist, see\nthe [notify_unknown_recipients flag](https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation#attempted-verification-notifications)\n\nIf a code was already sent, including this field in the payload will invalidate the sent code and re-send a new code.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method is the method that should be used for this verification flow\n\nAllowed values are `link` and `code`.\nlink VerificationStrategyLink\ncode VerificationStrategyCode", + "enum": [ + "link", + "code" + ], + "type": "string", + "x-go-enum-desc": "link VerificationStrategyLink\ncode VerificationStrategyCode" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "method" + ], + "type": "object" + }, + "updateVerificationFlowWithLinkMethod": { + "description": "Update Verification Flow with Link Method", + "properties": { + "csrf_token": { + "description": "Sending the anti-csrf token is only required for browser login flows.", + "type": "string" + }, + "email": { + "description": "Email to Verify\n\nNeeds to be set when initiating the flow. If the email is a registered\nverification email, a verification link will be sent. If the email is not known,\na email with details on what happened will be sent instead.\n\nformat: email", + "type": "string" + }, + "method": { + "description": "Method is the method that should be used for this verification flow\n\nAllowed values are `link` and `code`\nlink VerificationStrategyLink\ncode VerificationStrategyCode", + "enum": [ + "link", + "code" + ], + "type": "string", + "x-go-enum-desc": "link VerificationStrategyLink\ncode VerificationStrategyCode" + }, + "transient_payload": { + "description": "Transient data to pass along to any webhooks", + "type": "object" + } + }, + "required": [ + "email", + "method" + ], + "type": "object" + }, + "verifiableIdentityAddress": { + "description": "VerifiableAddress is an identity's verifiable address", + "properties": { + "created_at": { + "description": "When this entry was created", + "example": "2014-01-01T23:28:56.782Z", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "The ID", + "format": "uuid", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/identityVerifiableAddressStatus" + }, + "updated_at": { + "description": "When this entry was last updated", + "example": "2014-01-01T23:28:56.782Z", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "The address value\n\nexample foo@user.com", + "type": "string" + }, + "verified": { + "description": "Indicates if the address has already been verified", + "example": true, + "type": "boolean" + }, + "verified_at": { + "$ref": "#/components/schemas/nullTime" + }, + "via": { + "description": "The delivery method", + "enum": [ + "email", + "sms" + ], + "example": "email", + "type": "string" + } + }, + "required": [ + "value", + "verified", + "via", + "status" + ], + "type": "object" + }, + "verificationFlow": { + "description": "Used to verify an out-of-band communication\nchannel such as an email address or a phone number.\n\nFor more information head over to: https://www.ory.sh/docs/kratos/self-service/flows/verify-email-account-activation", + "properties": { + "active": { + "description": "Active, if set, contains the registration method that is being used. It is initially\nnot set.", + "type": "string" + }, + "expires_at": { + "description": "ExpiresAt is the time (UTC) when the request expires. If the user still wishes to verify the address,\na new request has to be initiated.", + "format": "date-time", + "type": "string" + }, + "id": { + "description": "ID represents the request's unique ID. When performing the verification flow, this\nrepresents the id in the verify ui's query parameter: http://?request=\n\ntype: string\nformat: uuid", + "format": "uuid", + "type": "string" + }, + "issued_at": { + "description": "IssuedAt is the time (UTC) when the request occurred.", + "format": "date-time", + "type": "string" + }, + "request_url": { + "description": "RequestURL is the initial URL that was requested from Ory Kratos. It can be used\nto forward information contained in the URL's path or query for example.", + "type": "string" + }, + "return_to": { + "description": "ReturnTo contains the requested return_to URL.", + "type": "string" + }, + "state": { + "description": "State represents the state of this request:\n\nchoose_method: ask the user to choose a method (e.g. verify your email)\nsent_email: the email has been sent to the user\npassed_challenge: the request was successful and the verification challenge was passed." + }, + "transient_payload": { + "description": "TransientPayload is used to pass data from the verification flow to hooks and email templates", + "type": "object" + }, + "type": { + "$ref": "#/components/schemas/selfServiceFlowType" + }, + "ui": { + "$ref": "#/components/schemas/uiContainer" + } + }, + "required": [ + "id", + "type", + "ui", + "state" + ], + "title": "A Verification Flow", + "type": "object" + }, + "verificationFlowState": { + "description": "The experimental state represents the state of a verification flow. This field is EXPERIMENTAL and subject to change!", + "enum": [ + "choose_method", + "sent_email", + "passed_challenge" + ], + "title": "Verification flow state (experimental)" + }, + "version": { + "properties": { + "version": { + "description": "Version is the service's version.", + "type": "string" + } + }, + "type": "object" + }, + "webAuthnJavaScript": { + "type": "string" + } + }, + "securitySchemes": { + "oryAccessToken": { + "in": "header", + "name": "Authorization", + "type": "apiKey" + } + } + }, + "info": { + "contact": { + "email": "office@ory.sh" + }, + "description": "This is the API specification for Ory Identities with features such as registration, login, recovery, account verification, profile settings, password reset, identity management, session management, email and sms delivery, and more.\n", + "license": { + "name": "Apache 2.0" + }, + "title": "Ory Identities API", + "version": "" + }, + "openapi": "3.0.3", + "paths": { + "/.well-known/ory/webauthn.js": { + "get": { + "description": "This endpoint provides JavaScript which is needed in order to perform WebAuthn login and registration.\n\nIf you are building a JavaScript Browser App (e.g. in ReactJS or AngularJS) you will need to load this file:\n\n```html\n