wcz-layout/dist/utils.js

import { m as serverEnv, o as requirePermission, t as Platform, u as getAccessToken } from "./utils-CqQKSaSs.js";
import i18next, { t } from "i18next";
import { scopes } from "virtual:wcz-layout";
import { createEnv } from "@t3-oss/env-core";
import { createServerOnlyFn } from "@tanstack/react-start";
import { uuidv7 } from "uuidv7";
import { ConfidentialClientApplication } from "@azure/msal-node";
//#region src/lib/auth/msalServer.ts
let ccaInstance = null;
function getCCA() {
	ccaInstance ??= new ConfidentialClientApplication({ auth: {
		clientId: serverEnv.ENTRA_CLIENT_ID,
		clientSecret: serverEnv.ENTRA_CLIENT_SECRET,
		authority: `https://login.microsoftonline.com/${serverEnv.ENTRA_TENANT_ID}`
	} });
	return ccaInstance;
}
/**
* On-Behalf-Of flow: Exchange user token for a token to call downstream API
* Use when: Server needs to call microservice on behalf of the logged-in user
*/
const getTokenOnBehalfOf = createServerOnlyFn(async (userToken, scopeKey) => {
	const cca = getCCA();
	const scopes$1 = [...scopes[scopeKey]];
	const result = await cca.acquireTokenOnBehalfOf({
		oboAssertion: userToken,
		scopes: scopes$1
	});
	if (!result) throw new Error("Failed to acquire OBO token");
	return result.accessToken;
});
/**
* Client Credentials flow: Get app-only token (no user context)
* Use when: Background jobs, scheduled tasks, service-to-service calls
*/
const getAppToken = createServerOnlyFn(async (scopeKey) => {
	const cca = getCCA();
	const defaultScopes = scopes[scopeKey].map((scope) => {
		const lastSlash = scope.lastIndexOf("/");
		return `${scope.substring(0, lastSlash)}/.default`;
	});
	const uniqueScopes = [...new Set(defaultScopes)];
	const result = await cca.acquireTokenByClientCredential({ scopes: uniqueScopes });
	if (!result) throw new Error("Failed to acquire app token");
	return result.accessToken;
});
//#endregion
export { Platform, createEnv, getAccessToken, getAppToken, getTokenOnBehalfOf, i18next, requirePermission, t, uuidv7 };

//# sourceMappingURL=utils.js.map