From ce534481bee867f40c8e059c1e2b6a02fd742522 Mon Sep 17 00:00:00 2001
From: Chris Fisher <chris.i.fisher@gmail.com>
Date: Tue, 26 Jul 2022 15:57:02 +1200
Subject: [PATCH 1/3] Add authsignal passwordless example

---
 .../.env.local.example                        |   3 +
 .../authsignal-passwordless/.eslintrc.json    |   3 +
 examples/authsignal-passwordless/.gitignore   |  35 ++++++++++
 examples/authsignal-passwordless/README.md    |  45 +++++++++++++
 .../components/dashboard.module.css           |  38 +++++++++++
 .../components/dashboard.tsx                  |  24 +++++++
 .../components/index.ts                       |   3 +
 .../components/layout.tsx                     |  16 +++++
 .../components/login.module.css               |  57 ++++++++++++++++
 .../components/login.tsx                      |  12 ++++
 .../authsignal-passwordless/lib/cookies.ts    |  61 ++++++++++++++++++
 examples/authsignal-passwordless/lib/index.ts |   1 +
 .../authsignal-passwordless/next-env.d.ts     |   5 ++
 .../authsignal-passwordless/next.config.js    |   6 ++
 examples/authsignal-passwordless/package.json |  26 ++++++++
 .../authsignal-passwordless/pages/_app.tsx    |   6 ++
 .../pages/api/finalize-login.ts               |  22 +++++++
 .../pages/api/login.ts                        |  15 +++++
 .../pages/api/logout.ts                       |  10 +++
 .../authsignal-passwordless/pages/globals.css |  24 +++++++
 .../authsignal-passwordless/pages/index.tsx   |  23 +++++++
 .../public/favicon.ico                        | Bin 0 -> 25931 bytes
 .../authsignal-passwordless/public/vercel.svg |   4 ++
 .../authsignal-passwordless/tsconfig.json     |  20 ++++++
 24 files changed, 459 insertions(+)
 create mode 100644 examples/authsignal-passwordless/.env.local.example
 create mode 100755 examples/authsignal-passwordless/.eslintrc.json
 create mode 100755 examples/authsignal-passwordless/.gitignore
 create mode 100755 examples/authsignal-passwordless/README.md
 create mode 100644 examples/authsignal-passwordless/components/dashboard.module.css
 create mode 100644 examples/authsignal-passwordless/components/dashboard.tsx
 create mode 100644 examples/authsignal-passwordless/components/index.ts
 create mode 100644 examples/authsignal-passwordless/components/layout.tsx
 create mode 100644 examples/authsignal-passwordless/components/login.module.css
 create mode 100644 examples/authsignal-passwordless/components/login.tsx
 create mode 100644 examples/authsignal-passwordless/lib/cookies.ts
 create mode 100644 examples/authsignal-passwordless/lib/index.ts
 create mode 100755 examples/authsignal-passwordless/next-env.d.ts
 create mode 100755 examples/authsignal-passwordless/next.config.js
 create mode 100644 examples/authsignal-passwordless/package.json
 create mode 100755 examples/authsignal-passwordless/pages/_app.tsx
 create mode 100644 examples/authsignal-passwordless/pages/api/finalize-login.ts
 create mode 100644 examples/authsignal-passwordless/pages/api/login.ts
 create mode 100644 examples/authsignal-passwordless/pages/api/logout.ts
 create mode 100644 examples/authsignal-passwordless/pages/globals.css
 create mode 100755 examples/authsignal-passwordless/pages/index.tsx
 create mode 100755 examples/authsignal-passwordless/public/favicon.ico
 create mode 100755 examples/authsignal-passwordless/public/vercel.svg
 create mode 100755 examples/authsignal-passwordless/tsconfig.json

diff --git a/examples/authsignal-passwordless/.env.local.example b/examples/authsignal-passwordless/.env.local.example
new file mode 100644
index 0000000000000..61ecc44b3252a
--- /dev/null
+++ b/examples/authsignal-passwordless/.env.local.example
@@ -0,0 +1,3 @@
+AUTHSIGNAL_SECRET=
+SESSION_TOKEN_SECRET=
+REDIRECT_URL=http://localhost:3000/api/finalize-login
diff --git a/examples/authsignal-passwordless/.eslintrc.json b/examples/authsignal-passwordless/.eslintrc.json
new file mode 100755
index 0000000000000..bffb357a71225
--- /dev/null
+++ b/examples/authsignal-passwordless/.eslintrc.json
@@ -0,0 +1,3 @@
+{
+  "extends": "next/core-web-vitals"
+}
diff --git a/examples/authsignal-passwordless/.gitignore b/examples/authsignal-passwordless/.gitignore
new file mode 100755
index 0000000000000..737d87210923e
--- /dev/null
+++ b/examples/authsignal-passwordless/.gitignore
@@ -0,0 +1,35 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+.pnpm-debug.log*
+
+# local env files
+.env*.local
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
diff --git a/examples/authsignal-passwordless/README.md b/examples/authsignal-passwordless/README.md
new file mode 100755
index 0000000000000..2acdf21af43ba
--- /dev/null
+++ b/examples/authsignal-passwordless/README.md
@@ -0,0 +1,45 @@
+# Authsignal Passwordless Login Example
+
+This example shows how to integrate Authsignal with Next.js in order to implement passwordless login using email magic links and server-side redirects.
+
+The login session is managed using cookies. Session data is encrypted using [@hapi/iron](https://hapi.dev/family/iron).
+
+A live version of this example can be found [here](https://authsignal-next-passwordless-example.vercel.app).
+
+## Deploy your own
+
+Deploy the example using [Vercel](https://vercel.com?utm_source=github&utm_medium=readme&utm_campaign=next-example):
+
+[![Deploy with Vercel](https://vercel.com/button)](https://vercel.com/new/git/external?repository-url=https://github.com/vercel/next.js/tree/canary/examples/authsignal-passwordless&project-name=authsignal-passwordless&repository-name=authsignal-passwordless)
+
+## How to use
+
+Execute [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app) with [npm](https://docs.npmjs.com/cli/init), [Yarn](https://yarnpkg.com/lang/en/docs/cli/create/), or [pnpm](https://pnpm.io) to bootstrap the example:
+
+```bash
+npx create-next-app --example authsignal-passwordless authsignal-passwordless-app
+# or
+yarn create next-app --example authsignal-passwordless authsignal-passwordless-app
+# or
+pnpm create next-app --example authsignal-passwordless authsignal-passwordless-app
+```
+
+Deploy it to the cloud with [Vercel](https://vercel.com/new?utm_source=github&utm_medium=readme&utm_campaign=next-example) ([Documentation](https://nextjs.org/docs/deployment)).
+
+## Configuration
+
+Log in to the [Authsignal Portal](https://portal.authsignal.com) and [enable email magic links for your tenant](https://portal.authsignal.com/organisations/tenants/authenticators).
+
+Copy the .env.local.example file to .env.local:
+
+```
+cp .env.local.example .env.local
+```
+
+Set `AUTHSIGNAL_SECRET` as your [Authsignal secret key](https://portal.authsignal.com/organisations/tenants/api).
+
+The `SESSION_TOKEN_SECRET` is used to encrypt the session cookie. Set it to a random string of 32 characters.
+
+## Notes
+
+To learn more about Authsignal take a look at the [API Documentation](https://docs.authsignal.com/).
diff --git a/examples/authsignal-passwordless/components/dashboard.module.css b/examples/authsignal-passwordless/components/dashboard.module.css
new file mode 100644
index 0000000000000..e2cfe5f3c758f
--- /dev/null
+++ b/examples/authsignal-passwordless/components/dashboard.module.css
@@ -0,0 +1,38 @@
+.header {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  background-color: #1d1d1d;
+  width: 100%;
+}
+
+.header button {
+  cursor: pointer;
+  font-size: 13px;
+  font-weight: 500;
+  line-height: 1;
+  border: none;
+  background: none;
+  color: #fff;
+  padding: 15px;
+  transition: background-color 0.15s, color 0.15s;
+}
+
+.user {
+  display: flex;
+  justify-content: center;
+  align-items: center;
+  flex-direction: column;
+  flex-grow: 1;
+}
+
+.label {
+  font-size: 12px;
+  margin-bottom: 5px;
+}
+
+.logo {
+  font-size: 18px;
+  margin: 15px;
+  color: #fff;
+}
diff --git a/examples/authsignal-passwordless/components/dashboard.tsx b/examples/authsignal-passwordless/components/dashboard.tsx
new file mode 100644
index 0000000000000..cb08a5ab4034f
--- /dev/null
+++ b/examples/authsignal-passwordless/components/dashboard.tsx
@@ -0,0 +1,24 @@
+import Link from "next/link";
+import { User } from "../lib";
+import styles from "./dashboard.module.css";
+
+interface Props {
+  user: User;
+}
+
+export const Dashboard = ({ user }: Props) => (
+  <>
+    <header className={styles.header}>
+      <div className={styles.logo}>My Example App</div>
+      <Link href={"/api/logout"}>
+        <button>Log out</button>
+      </Link>
+    </header>
+    <div className={styles.user}>
+      <div>
+        <div className={styles.label}>Logged in as:</div>
+        <div>{user.email}</div>
+      </div>
+    </div>
+  </>
+);
diff --git a/examples/authsignal-passwordless/components/index.ts b/examples/authsignal-passwordless/components/index.ts
new file mode 100644
index 0000000000000..d20cb80d89a74
--- /dev/null
+++ b/examples/authsignal-passwordless/components/index.ts
@@ -0,0 +1,3 @@
+export * from "./dashboard";
+export * from "./layout";
+export * from "./login";
diff --git a/examples/authsignal-passwordless/components/layout.tsx b/examples/authsignal-passwordless/components/layout.tsx
new file mode 100644
index 0000000000000..90a0d8e17dd1f
--- /dev/null
+++ b/examples/authsignal-passwordless/components/layout.tsx
@@ -0,0 +1,16 @@
+import Head from "next/head";
+
+type Props = {
+  children: React.ReactNode;
+};
+
+export const Layout = (props: Props) => (
+  <>
+    <Head>
+      <title>Authsignal Passwordless Example</title>
+      <link rel="icon" href="/favicon.ico" />
+    </Head>
+
+    {props.children}
+  </>
+);
diff --git a/examples/authsignal-passwordless/components/login.module.css b/examples/authsignal-passwordless/components/login.module.css
new file mode 100644
index 0000000000000..827c91a5655ec
--- /dev/null
+++ b/examples/authsignal-passwordless/components/login.module.css
@@ -0,0 +1,57 @@
+.login {
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+  flex-grow: 1;
+}
+
+.login form {
+  display: flex;
+  flex-direction: column;
+  min-width: 300px;
+}
+
+.login label {
+  font-size: 12px;
+  margin-bottom: 5px;
+  color: #ababab;
+}
+
+.login input {
+  outline: none;
+  font-family: inherit;
+  font-size: 13px;
+  font-weight: 400;
+  background-color: #fff;
+  border-radius: 6px;
+  color: #1d1d1d;
+  border: 1px solid #e8e8e8;
+  padding: 0 15px;
+  margin: 0 0 15px 0;
+  height: 40px;
+}
+
+.login button {
+  cursor: pointer;
+  font-size: 13px;
+  font-weight: 500;
+  line-height: 1;
+  border-radius: 6px;
+  border: none;
+  background-color: #1d1d1d;
+  color: #fff;
+  padding: 0 15px;
+  height: 40px;
+  transition: background-color 0.15s, color 0.15s;
+}
+
+.login button:hover:not(:active) {
+  background-color: #282828;
+}
+
+.title {
+  font-size: 24px;
+  margin-bottom: 30px;
+  font-weight: 400;
+}
diff --git a/examples/authsignal-passwordless/components/login.tsx b/examples/authsignal-passwordless/components/login.tsx
new file mode 100644
index 0000000000000..5f1f6a348de20
--- /dev/null
+++ b/examples/authsignal-passwordless/components/login.tsx
@@ -0,0 +1,12 @@
+import styles from "./login.module.css";
+
+export const Login = () => (
+  <main className={styles.login}>
+    <h1 className={styles.title}>My Example App</h1>
+    <form method="POST" action="/api/login">
+      <label htmlFor="email">Email</label>
+      <input id="email" type="email" name="email" required autoFocus />
+      <button type="submit">Log in / Sign up</button>
+    </form>
+  </main>
+);
diff --git a/examples/authsignal-passwordless/lib/cookies.ts b/examples/authsignal-passwordless/lib/cookies.ts
new file mode 100644
index 0000000000000..19acc151feca2
--- /dev/null
+++ b/examples/authsignal-passwordless/lib/cookies.ts
@@ -0,0 +1,61 @@
+import Iron from "@hapi/iron";
+import { parse, serialize } from "cookie";
+
+export async function createCookieForSession(user: User) {
+  // Make login session valid for 8 hours
+  const maxAge = 60 * 60 * 8;
+
+  const expires = new Date();
+  expires.setSeconds(expires.getSeconds() + maxAge);
+
+  const sessionData: SessionData = { user, expiresAt: expires.toString() };
+
+  const sessionToken = await Iron.seal(
+    sessionData,
+    TOKEN_SECRET,
+    Iron.defaults
+  );
+
+  const cookie = serialize(COOKIE_NAME, sessionToken, {
+    maxAge,
+    expires,
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+    sameSite: "lax",
+  });
+
+  return cookie;
+}
+
+export async function getSessionFromCookie(cookie: string | undefined) {
+  const cookies = parse(cookie ?? "");
+
+  const sessionToken = cookies[COOKIE_NAME];
+
+  if (!sessionToken) {
+    return undefined;
+  }
+
+  const sessionData: SessionData = await Iron.unseal(
+    sessionToken,
+    TOKEN_SECRET,
+    Iron.defaults
+  );
+
+  return sessionData;
+}
+
+export interface SessionData {
+  user: User;
+  expiresAt: string;
+}
+
+export interface User {
+  userId: string;
+  email?: string;
+}
+
+export const COOKIE_NAME = "session_token";
+
+const TOKEN_SECRET = process.env.SESSION_TOKEN_SECRET!;
diff --git a/examples/authsignal-passwordless/lib/index.ts b/examples/authsignal-passwordless/lib/index.ts
new file mode 100644
index 0000000000000..7017da79c7a71
--- /dev/null
+++ b/examples/authsignal-passwordless/lib/index.ts
@@ -0,0 +1 @@
+export * from "./cookies";
diff --git a/examples/authsignal-passwordless/next-env.d.ts b/examples/authsignal-passwordless/next-env.d.ts
new file mode 100755
index 0000000000000..4f11a03dc6cc3
--- /dev/null
+++ b/examples/authsignal-passwordless/next-env.d.ts
@@ -0,0 +1,5 @@
+/// <reference types="next" />
+/// <reference types="next/image-types/global" />
+
+// NOTE: This file should not be edited
+// see https://nextjs.org/docs/basic-features/typescript for more information.
diff --git a/examples/authsignal-passwordless/next.config.js b/examples/authsignal-passwordless/next.config.js
new file mode 100755
index 0000000000000..a843cbee09afa
--- /dev/null
+++ b/examples/authsignal-passwordless/next.config.js
@@ -0,0 +1,6 @@
+/** @type {import('next').NextConfig} */
+const nextConfig = {
+  reactStrictMode: true,
+}
+
+module.exports = nextConfig
diff --git a/examples/authsignal-passwordless/package.json b/examples/authsignal-passwordless/package.json
new file mode 100644
index 0000000000000..2a2a50db6f2d5
--- /dev/null
+++ b/examples/authsignal-passwordless/package.json
@@ -0,0 +1,26 @@
+{
+  "private": true,
+  "scripts": {
+    "dev": "next dev",
+    "build": "next build",
+    "start": "next start",
+    "lint": "next lint"
+  },
+  "dependencies": {
+    "@authsignal/node": "^0.0.29",
+    "@hapi/iron": "^7.0.0",
+    "cookie": "^0.5.0",
+    "next": "latest",
+    "react": "18.2.0",
+    "react-dom": "18.2.0"
+  },
+  "devDependencies": {
+    "@types/cookie": "^0.5.1",
+    "@types/node": "18.0.3",
+    "@types/react": "18.0.15",
+    "@types/react-dom": "18.0.6",
+    "eslint": "8.19.0",
+    "eslint-config-next": "latest",
+    "typescript": "4.7.4"
+  }
+}
diff --git a/examples/authsignal-passwordless/pages/_app.tsx b/examples/authsignal-passwordless/pages/_app.tsx
new file mode 100755
index 0000000000000..159d8a3813ed6
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/_app.tsx
@@ -0,0 +1,6 @@
+import type { AppProps } from "next/app";
+import "./globals.css";
+
+export default function MyApp({ Component, pageProps }: AppProps) {
+  return <Component {...pageProps} />;
+}
diff --git a/examples/authsignal-passwordless/pages/api/finalize-login.ts b/examples/authsignal-passwordless/pages/api/finalize-login.ts
new file mode 100644
index 0000000000000..33b1528172284
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/api/finalize-login.ts
@@ -0,0 +1,22 @@
+import { Authsignal } from "@authsignal/node";
+import { NextApiRequest, NextApiResponse } from "next";
+import { createCookieForSession } from "../../lib";
+
+const authsignal = new Authsignal({ secret: process.env.AUTHSIGNAL_SECRET! });
+
+export default async function finalizeLogin(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  const token = req.query.token as string;
+
+  const { success, user } = await authsignal.validateChallenge({ token });
+
+  if (success) {
+    const cookie = await createCookieForSession(user);
+
+    res.setHeader("Set-Cookie", cookie);
+  }
+
+  res.redirect("/");
+}
diff --git a/examples/authsignal-passwordless/pages/api/login.ts b/examples/authsignal-passwordless/pages/api/login.ts
new file mode 100644
index 0000000000000..ca37ef4501a3a
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/api/login.ts
@@ -0,0 +1,15 @@
+import { Authsignal } from "@authsignal/node";
+import { NextApiRequest, NextApiResponse } from "next";
+
+const authsignal = new Authsignal({ secret: process.env.AUTHSIGNAL_SECRET! });
+
+export default async function login(req: NextApiRequest, res: NextApiResponse) {
+  const { email } = req.body;
+
+  const { url } = await authsignal.loginWithEmail({ email, redirectUrl });
+
+  res.redirect(303, url);
+}
+
+const redirectUrl =
+  process.env.REDIRECT_URL ?? "http://localhost:3000/api/finalize-login";
diff --git a/examples/authsignal-passwordless/pages/api/logout.ts b/examples/authsignal-passwordless/pages/api/logout.ts
new file mode 100644
index 0000000000000..5baa1cb214a9a
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/api/logout.ts
@@ -0,0 +1,10 @@
+import { NextApiRequest, NextApiResponse } from "next";
+import { serialize } from "cookie";
+import { COOKIE_NAME } from "../../lib";
+
+export default async function logout(_: NextApiRequest, res: NextApiResponse) {
+  const cookie = serialize(COOKIE_NAME, "", { maxAge: -1, path: "/" });
+
+  res.setHeader("Set-Cookie", cookie);
+  res.redirect("/");
+}
diff --git a/examples/authsignal-passwordless/pages/globals.css b/examples/authsignal-passwordless/pages/globals.css
new file mode 100644
index 0000000000000..c5a00e21a5bf8
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/globals.css
@@ -0,0 +1,24 @@
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+}
+
+html,
+body {
+  height: 100%;
+  min-height: 100%;
+}
+
+body {
+  margin: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
+    "Helvetica Neue", Arial, Noto Sans, sans-serif, "Apple Color Emoji",
+    "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+}
+
+#__next {
+  display: flex;
+  flex-direction: column;
+  min-height: 100%;
+}
diff --git a/examples/authsignal-passwordless/pages/index.tsx b/examples/authsignal-passwordless/pages/index.tsx
new file mode 100755
index 0000000000000..a55279b33b7a4
--- /dev/null
+++ b/examples/authsignal-passwordless/pages/index.tsx
@@ -0,0 +1,23 @@
+import { GetServerSideProps } from "next";
+import { Dashboard, Layout, Login } from "../components";
+import { getSessionFromCookie, User } from "../lib";
+
+interface Props {
+  user: User | null;
+}
+
+export const getServerSideProps: GetServerSideProps<Props> = async ({
+  req,
+}) => {
+  const session = await getSessionFromCookie(req.headers.cookie);
+
+  if (session && new Date(session.expiresAt) > new Date()) {
+    return { props: { user: session.user } };
+  } else {
+    return { props: { user: null } };
+  }
+};
+
+export default function HomePage({ user }: Props) {
+  return <Layout>{user ? <Dashboard user={user} /> : <Login />}</Layout>;
+}
diff --git a/examples/authsignal-passwordless/public/favicon.ico b/examples/authsignal-passwordless/public/favicon.ico
new file mode 100755
index 0000000000000000000000000000000000000000..718d6fea4835ec2d246af9800eddb7ffb276240c
GIT binary patch
literal 25931
zcmeHv30#a{`}aL_*G&7qml|y<+KVaDM2m#dVr!KsA!#An?kSQM(q<_dDNCpjEux83
zLb9Z^XxbDl(w>%i@8hT6>)&Gu{h#Oeyszu?xtw#Zb1mO<?sK2}EE5RAKnxHU7lft+
zNRAPL3?T?25I&drAjl1ssi=G|D?(7bFsgtO(2o>{pgX9699l+Qppw7jXaYf~-84xW
z)w4x8?=youko|}Vr~(D$UX<xm7|19n6Hxvd5m6xx<*9a4%RmR{en}E&p$X-wy5A}T
zU0^dwXVA>IbiXABHh`p1?nn8Po~fxRJv}|0e(BPs|G`(TT%kKVJAdg5*Z|x0leQq0
zkdUBvb#>9F()jo|T~kx@OM8$9wzs~t2l;K=woNssA3l6|sx2r3+kdfVW@e^8e*E}v
zA1y5{bRi+3Z`uD3{F7LgFJDdvm;nJilkzDku>BwXH(8ItVCXk*-lSJnR?-2UN%<G)
zWdETe=&R39RaKR)udn|#TOgZ!e!yM=<=+`Uz{l^5UtkZ2fHDQ;UwMB}v%l$A-`~F-
z{Qr^x^CSUf63Sry{6y#+`<sMA?dPFvg)$lC_RkFRKnCi7&P<a6>hJ){&rlvg`CDTj
z)Bzo!3v7Ou#83zEDEFcKt(f1E0~=rqeEbTnMvWR#{+9pg%7G8y>u1OVRUSoox-ovF
z2Ydma(;=YuBY(eI|04{hXzZD6_f(v~H;C~y5=DhAC{MMS>2fm~1H_t2$56pc$NH8(
z5bH|<)71dV-_oCHIrzrT`2s-5w_+2CM0$95I6X8p^r!gHp+j_gd;9O<1~CEQQGS8)
zS9Qh3#p&JM-G8rHekNmKVewU;pJRcTAog68KYo^dRo}(M<!8cv(gkb9@A>>36U4Us
zfgYWSiHZL3;lpWT=<n~R&zm>zNAW>Dh#mB!_@Lg%$ms8N-;aPqMn+C2HqZgz&9~Eu
z4|Kp<`$q)Uw1R?y(~S>ePdonHxpV1#eSP1B;Ogo+-Pk}6#0GsZZ5!||ev2MGdh}_m
z{DeR7?0-1^zVs&`AV6<!ZvGbtU{7FdY&`9DeD(=q|M30$GCs(E?S0J1$e@G0#Z=wz
zl)*a>Vt;r3`I`OI_wgs*w=eO%_#7Kepl{B<UyBc9U%rn&@xFZ-e{%i>@xiyCANc(l
zzIyd4y|c6PXWq9-|KM8(zIk8LPk(>a)zyFWjhT!$HJ$qX1vo@d25W<<x-(q{Yn-pG
zKTz?fwGmh&&2-F3f57**)?Xk#p#S9h^DhK{VVKE&0KR^-_MMD9nf@pDACnmVll!kp
z3?Tha?LWW70P;AL{}cP~sW|?W|MbA09{7Kt2f!i(y>fvZQ2zUz5WRc(UnFMKHwe1|
zWmlB1qdbiA(C0jmnV<}GfbKtmcu^2*P^O?<jWWPHxu*D53Uq)j1!ZtH3Vi&#Nd^rV
zj`B>MBLZKt|As~ge8&AAO~2K@zbXelK|4T<{|y4`raF{=72kC2Kn(L4YyenWgrPiv
z@^mr$t{#X5VuIMeL!7Ab6_kG$&#&5p*Z{+?5U|TZ`B!7llpVmp@skYz&n^8QfPJzL
z0G6K_OJM9x+Wu2gfN45phANGt{7=C>i34CV{Xqlx(fWpeAoj^N0Biu`w+MVcCUyU*
zDZuzO0>4Z6fbu^T_arWW5n!E45vX8N=bxTVeFoep_G#VmNlQzAI_KTIc{6>c+04vr
zx@W}zE5JNSU>!THJ{J=cqjz+4{L4A{Ob9$ZJ*S1?Ggg3klFp!+Y1@K+pK1DqI|_gq
z5ZDXVpge8-cs!o|;K73#YXZ3AShj50wBvuq3NTOZ`M&qtjj#GOFfgExjg8Gn8>Vq5
z`85n+9|!iLCZF5$HJ$Iu($dm?8~-ofu}tEc+-pyke=3!im#6pk_Wo8IA|fJwD&~~F
zc16osQ)EBo58U7XDuMexaPRjU@h8tXe%S{fA0NH3vGJFhuyyO!Uyl2^&EOpX{9As0
zWj+P>{@}jxH)8|r;2HdupP!vie{sJ28b&bo!8`D^x}TE$%zXNb^X1p@0PJ86`dZyj
z%ce7*{^oo+6%&~I!8hQy-vQ7E)0t0ybH4l%KltWOo~8cO`T=157JqL(oq_rC%ea&4
z2NcTJe-HgFjNg-gZ$6!Y`SMHrlj}Etf7<Kk?_r;;``Uc^3+u}-v3@Q8<@$Nr`<F?K
z-%F>?r!zQTPPSv}{so2e>Fjs1{<qUF=hGRSFDG$<z3x<+@%{Vd%a`e+qodRP&D<om
zAEn>gzk~LGeesX%r(Lh6rbhSo_n)@@G-FTQy93;l#E)hgP@d_SGvyCp0~o(Y;Ee8{
zdVUDbHm5`2taPUOY^MAGOw*<R_VaVlPH<<CgYr!E->>=s7=Gst=D+p+2yON!0%Hk`
zz5mAhyT4lS*T3LS^WSxUy86q&GnoHxzQ6vm8)VS}_zuqG?+3td68_x;etQAdu@sc6
zQJ&5|4(I?~3d-QOAODHpZ=hlSg(lBZ!JZWCtHHSj`0Wh93-Uk)_S%zsJ~aD>{`A0~
z9{AG(e|q3g5B%wYKRxiL2Y$8(4w<boVrLOyLG9R$m+7N>6bzchKuloQW#e&S3n+P-
z8!ds-%f;TJ1>)v)##>gd{PdS2Oc3VaR`fr=`O8QIO(6(N!A?pr5C#6fc~Ge@N%Vvu
zaoAX2&(a6eWy_q&UwOhU)|P3J0Qc%OdhzW=F4D|pt0E4osw;%<%Dn58hAWD^XnZD=
z>9~H(3bmLtxpF?a7su6J7M*x1By7YSUbxGi)Ot0P77`}P<HJ;%@cvfCkvm6xcMjdY
zed_u6xK)F%|1Hy`)`e~K(f*MqTJ?92I+4lga{A5`-U@Cab35G6unNk<*dpB|Rtkp;
z?32o^yBlJsuA-^abQ~7;%<oa^k<DbKc{lOW2!yM#nEALvv)IhY7b|Wfg(UhtiurTM
zY-B6L26$JQo&Kt3nh3JTJ)garEgw^{uEM3__%b$U5{~+aMO*k)6R#grkER2`U6KS-
z=j1=QhCkuy%iiHWrqH8CeGNw*C?epTpl2Bo@ugUPKRFeiVHOpL7PHu-SAgX@qmTGH
z_%ePz1`io8XDfwLmip;Rn;1yo+3>3{)&5Un{KD?`-e?r21!4vTTnN(4Y6Lin?UkSM
z`MXCTC1@4A4~mvz%Rh2&EwY))LeoT=*`tMoqcEXI>TZU9WTP#l?uFv+@Dn~b(>xh2
z;>B?;Tz2SR&KVb>vGiBSB`@U7VIWFSo=LDSb9F{GF^DbmWAfpms8Sx9OX4CnBJca3
zlj9(x!dIjN?OG1X4l*imJNvRCk}F%!?SOfiOq5y^mZW)jFL@<gIi}tCXee1<sGV$i
z4r_`X#mEQbiDh!Efji0GjM9z-0bF}p0(*s(OzMJ|;K&OJBar<ARLp}T>a|r-@d#f7
z2gmU8L3IZq0ynIws=}~m^#@&C%J6QFo~Mo4V`>v7MI-_!EBMMtb%_M&kvAaN)@ZVw
z+`toz&WG#HkWDjnZE!6nk{e-oFdL^$YnbOCN}JC&{$#$O27@|Tn-skXr)2ml2~O!5
zX+gYoxhoc7qoU?C^3~&!U?kRFtnSEecWuH0B0OvLodgUAi}8p1<ZO0#U-k07ifx!>
zrO6RSXHH}D<I*>Mc$&|?D004<Y&c6)m74d`LOLU@ruR+Um4>DiOVMHV8kXCP@7NKB
zgaZq^^O<7PoKEp72kby@W0Z!Y*A<g|TlOeriuPP`vK2IntATvs?Iv|J14j&;NFSFo
zyJ+sca?G+8C%!b{Sq=6cJJqS>y{&vfg#C&gG@YVR9g?FEocMUi1gSN$+V+ayF45{a
zuDZDT<?u;)RfLQwg>N}mS|;BO%gEf}pjBfN2-gIrU#G5~cucA;dokXW89%>AyXJJI
z9X4Ul<x{xc_m~`mWBP0<g-{#wm}Vv~Ef3pKWC&N_<~88zSbEk;;+{DnJ9-u&Zc74s
zJ6TCQyl_^|5cY;wmDdrU@LTL-3v0H#Ui?8ICQV{imof1MHuM$`e*ux>IWA|ZYHgbI
z5?oFk@A=Ik7lrEQPDH!H+b`7_Y~aDb_qa=B2^Y&Ow41cU=4WDd40dp5(QS-WMN-=Y
z9g;6_-JdNU;|6cPwf$ak*aJIcwL@1n$#l~zi{c{EW?T;DaW*E8DYq?Umtz{nJ&w-M
zEMyT<MDk{HKbd#ckg5-pS_?QUVhZv?&Q-ioBS}$nvBd)nE7YO0deN~G(#zCJAbY$E
z!)g3Ytl=_NDUV%pykcE+Q<{EoZ_4FR@&#d<hqs%N>DrC&9K$d|kZe2#ws6)L=7K+{
zQw{XnV6UC$6-rW0emqm8wJoeZK)wJIcV?dST}Z;G0Arq{dVDu0&4kd%N!3F1*;*pW
zR&qUiFzK=@44#QGw7k1`3t_d8&*kBV->O##t|tonFc2YWrL7_eqg+=+k;!F-`^b8>
z#KWCE8%u4k@EprxqiV$VmmtiWxDLgnGu$Vs<8rppV5E<MCr+anDo)-{XRlCJ;D#M(
zT=3WgR02;Nm!54biUb^FtzPh8iGrf412epnki-k+G4mdkzC|lJqaRMbb0~Jjp-{}I
z5Do5afZi>ajBXL4nyyZM$SWVm!wnCj-B!Wjqj5-5dNXukI2$$|Bu3Lrw}z65Lc=1G
z^-#WuQOj$hwNGG?*CM_TO8Bg-1+qc>J7k5c51U8g?ZU5n?HYor;~JIjoWH-G>AoUP
ztrWWLbRNqIjW#RT*WqZgPJXU7C)VaW5}MiijYbABmzoru6EmQ*N8cVK7a3|aOB#O&
zBl8JY2WKfmj;h#Q!pN%9o@VNLv{OUL?rixHwOZuvX7{IJ{(EdPpuVFoQqIOa7gi<U
zTpbX&UCeYeNu>LVkBOKL@^smUA!tZ1CKRK}#SSM)iQHk)*R~?M!qkCruaS!#oIL1c
z<cK@1=jX>?J<BS8bpdt^R+}%A_DEhF^%o}8e!!lc`Y!qU>;U~&FfH#*98^G?i}pA{
z9Jg36t4=%6mhY(quYq*vSxptes9qy|7xSlH?G=S@>u>Ebe;|LVhs~@+06N<4CViBk
zUiY$thvX;>Tby6z9Y1e<Q<iIG*|o$r?OTFp`s)@_nHs4LeWbGvg7^}NK)>dAMQaiH
zm^r3v#$Q#2T=X>bsY#D%s!bhs^M9PMAcHbCc0FMHV{u-dwlL;a1eJ63v5U*?Q_8JO
zT#50!RD619#j_Uf))0ooADz~*9&lN!bBDRUgE>Vud-i5ck%vT=r^yD*^?Mp@Q^v+V
zG#-?gKlr}Eeqifb{|So?HM&g91<J5P5=Ly{?(NNY{6`O~L5r@sJe3rNZn06%SLk);
z9?hvE^Hr{!*G$<_doyzGn#*z*#}?)8dH=eYTgvc)T~}Jw!kCv68<+KL5{5?EXtDAZ
zWeNqp8%KIuBi&icn5s815Vho<+99VW1~m@L8l0=$c`t-L{q))~<!p*~vCdUcBcPz`
zyUi}!-k_`G{>P8|av8hQoCmQXkd?7wIJw<dY^{|7OQJUHKB~nksN_|Xy;DL?xjxU^
zbMa`WdfTBnr<wTd$mY&SgJ4U|X``k`#`gN@M+0x2W{YgC3kbLk<uYFJWglkx_)2#b
ztRiuA!EK9o)f`I2k)l;Of%E`ff91WlZh8yfRi6#N-mC`Ma(yr~U82SyAhc9B+ur!f
zP-3igg*KeYs9mGOAw@OaXYy9DnGjn0<m`JH&Q^h}^!h+uS9Ct*o-oEy(?iT6Yco>b
z_^v8bbg`<ZOL)a;i=IdfK0Zvw4nXsoC?eTOMpY)_ptiORm%J(1CD3dE0Z%Vy<2iHp
zcp>SAn{I*4bH$u(RZ6*x<DqKJ+5;a6Jq~=Y8V&c?Vsyq88!2nD?H?Eww58Mqt$7R8
z5BMjmKx>UhuA~hc=8czK8SHEKTzSxgbwi~9(OqJB&gwb^l4+m`k*Q;_?>Y-APi1{k
zAHQ)P)G)f|AyjSgcCFps)Fh6Bca*Xznq3<?y%xNvu0N78_R?~<RDFQx0ynlRG(E|j
zvEGN3bF<E_9p-I!UwQXFqcSGV#e^98tgFqLp+z9eP}y!jNA{)r*a+%M-_20xg?94<
zzmM{}syi0cd&P)zywMdS&Y_9k5JDtOM!L)b^2WP!+fHYGv>6!pV6Az&m{O8$wGFD?
zY&O*3*J0;_EqM#jh6^gMQKpXV?#1?>$ml1xvh8nSN>-?H=V;nJIwB07YX$e6vLxH(
zqYwQ>qxwR(i4f)DLd)-$P>T-no_c!LsN@)8`e;W@)-Hj0>nJ-}Kla4-ZdPJzI&Mce
zv)V_j;(3ERN3_@I$N<^|4Lf`B;8n+bX@bHbcZTopEmDI*Jfl)-pFDvo6svPRoo@(x
z);_{lY<;);XzT`dBFpRmGrr}z5u1=p<K1~3>C^<jVp}L(pzgMB_Vs-O?{Z?y$8M;)
zi@7zwpzV9#m72%En~(9@E)GWV^(~J*@^*K*TE0mynAnGJ5YSLCEnC42H-`tr4L=oW
zI}N{xQ$HT8Q6CVHf%RY&xw7!Zj(0xmg(K#UQ4u!ej95z7V4phlcTJ2&AR}$)zV-s!
zO7bqY6(=?1t+JCOW_z%HRE>S-{ce6iXQlLGcItwJ^mZx{m$&DA_oEZ)B{_bYPq-HA
zcH8WGoBG(aBU_j)vEy+_71T34@4dmSg!|M8Vf92Zj6WH7Q7t#OHQqWgFE3ARt+%!T
z?oLovLVlnf?2c7pTc)~cc^($_8nyKwsN`RA-23ed3sdj(ys%pjjM+9JrctL;dy8a(
z@en&CQmnV(()bu|Y%G1-4a(6x{aLytn$T-;(&{QIJB9vMox11U-1HpD@d(QkaJdEb
zG{)+6Dos_L+O3NpWo^=gR?evp|CqEG?L&Ut#D*KLaRFOgOEK(Kq1@!EGcTfo+%A&I
z=dLbB+d$u{sh?u)xP{PF8L%;YPPW53+@{>5W=Jt#wQpN;0_HYdw1{ksf_XhO4#2F=
zyPx6Lx2<92L-;L5PD`zn6zwIH`Jk(<gsVPionpJ-imI56$j4P0!br@ny3=!{x2TY^
zCD=)8_PgmN)E!^nczcDGc9Wm7oo5O3@fh=k=kh8J?_3KqEp7JHdv8z_iZ5#KmbiPt
z2Bt8Ro^p$7pS!xL3mtj<iN3f}#r6_&$Es0PnJTE?c;0#$%cGdu`T%~`gW;c^VD-S=
zrAatMf^%Lzr*wQ4kHSOb?WOUuEsJQ3xr{Imf1t{~iNmRwb_SP9!?FFN=b-E){!8P2
ztWCT~262O8`%?3<W4Wg+ovWY<re)?^kZ|Yi>$?Qw({erA$^bC;q33hv!d!>%wRhj#
zal^hk+WGNg;rJtb-EB(?czvOM=H7dl=vblBwAv>}%1@{}mnpUznfq1cE^sgsL0*4I
zJ##!*B?=vI_OEVis5o+_IwMIRrpQyT_Sq~ZU%oY7c5JMIADzpD!Upz9h@iWg_>>~j
zOLS;wp^i$-E?4<_cp?RiS%Rd?i;f*mOz=~(&3lo<=@(nR!_Rqiprh@weZlL!t#NCc
zO!QTcInq|%#>OVgobj{~ixEUec`E25zJ~*DofsQdzIa@5^nOXj2T;8O`l--(QyU<o
zeu8G~Z>^$t?TGY^7#&FQ+2SS3B#qK*k3`ye?8jUYSajE5iBbJls75CCc(m3dk{t?-
zopcER9{Z?TC)mk~gpi^kbbu>b-+a{m#8-y2^p$ka4n60w;Sc2}HMf<8JUvh<G@KZw
z+<GL!lpeahq2+nO{>CL0B&Btk)T`ctE$*qNW8L$`7!r^9T+>=<=2qaq-;ll2{`{Rg
zc5a0ZUI$oG&j-qVOuKa=*v4aY#IsoM+1|c4Z)<}lEDvy;5huB@1RJPquU2U*U-;gu
z=En2m+qjBzR#DEJDO`WU)hdd{Vj%^0V*KoyZ|5lzV87&g_j~NCjwv0uQVqXOb*QrQ
zy|Qn`hxx(58c<SELWpDAg~83oY-J_WoDiI6d7>70$E;L(X0uZZ72M1!6oeg)(cdKO
ze0gDaTz+ohR-#d)NbAH4x{I(21yjwvBQfmpLu$)|m{XolbgF!pmsqJ#D}(ylp6uC>
z{bqtcI#hT#HW=wl7>p!38sKsJ`r8}lt-q%Keqy%u(xk=yiIJiUw6|5IvkS+#?JTBl
z8H5(Q?l#wzazujH!8o>1xtn8#_w+397*<wp?Ryt$UFh41$qd}LyNJ7Oao(Aw2g|wy
zH_nZ+R#~EUME^#j4$@^5&>_cy8!pQGP%K(Ga3pAjsaTbbXJlQF_+m+-UpUUent@xM
zg%jqLUExj~o^vQ3Gl*>wh=_gOr2*|U64_iXb+-111a<qXXnUI&{l`dM&{4Gw)jZn;
zlj{VxW@#OcVE1Y%J*u^Z@H+XSqL6SwA|^jv2RU_+d;O!mk)dw7-m9B4{6*G1zRdR6
zQ}6v&Xt7R2h3Xp}EQk4nF2TULG{Ri=D|JC<a+K7dldN1}CY_f!vK#u}K3`g#TpO&W
z;!;64`0$d9raD!VbYP`kuFUasaMh!;&81y}LHS(SuGRxwEn4LZb4DS1j9iAq$MXd@
z(Ebka7_Gc(ljGaJqtI-OzmA@c@sYB$)Vg!RP4~``vaVyRq$rJXRjIPwtepN;(B%wy
zmU>H}$TjeajM+I20xw(((>fej-@CIz4S1pi$(#}P7`4({6QS2CaQS4NPENDp>sAqD
z$bH4KGzXGffkJ7R>V>)>tC)uax{UsN*dbeNC*v}#8Y#OWYwL4t$ePR?VTyIs!wea+
z5Urmc)X|^`MG~*dS6pGSbU+gPJoq*^a=_>$n4|P^w$sMBBy@f*Z^Jg6?n5?oId6f{
z$LW4M|4m502z0t7g<#Bx%X;9<=)smFolV&(V^(7Cv2-sxbxopQ!)*#ZRhTBpx1)Fc
zNm1T%bONzv6@#|dz(w02AH8OXe>kQ#1FMCzO}2J_mST)+ExmBr9cva-@?;wnmWMOk
z{3_~EX_xadgJGv&H@zK_8{(x84`}+c?oSBX*Ge3VdfTt&F}yCpFP?CpW+BE^cWY0^
zb&uBN!Ja3UzYHK-CTyA5=L<c0d<h!DNBIa<xax8W3(Ru8L0cVXQ18|Y^|*S%)R96z
zBT$(=zQ}2vmt6LzN~Oyf_Y92%P@QOx{7~}5!UIqCdfu?VwC0Nb!2@iiit8-5zUWFG
z*G&+GLIU#J;}hvowNJWnglvb^<2q~lS#?ixVtYT@(O3{TC|4kFJYLB*jni-4YZi0>
zEMW{l3Usky#ly=7px648W31UNV@K)&Ub&zP1c7%)`{);I4b0Q<)B}3;NMG2JH=X$U
zfIW4)4n9ZM`-yRj67I)YSLDK)qfUJ_ij}a#aZN~9EXrh8eZY2&=uY%2N0UFF7<~%M
zsB8=erOWZ>Ct_#^tHZ|*q`H;A)5;ycw*I<Cd*bZlOJ9YmRUK2<qXkpRR3nr6r~%Jz
z*(8tA&DYO)etdgVmoonqD{*<5Fog4ClIs-~_uhjuZOI}#Wy+ce${%#oyHloXelqfz
z8)?D3Y_>cmVxi8_0Xk}aJA^ath+E;xg!x+As(M#0=)3!NJR6H&9+zd#iP(m0PIW8$
z1Y^VX`>jm`W!=WpF*{ioM?C9`yOR>@0q=u7o>BP-eSHqCgMDj!2anwH?s%i2p+Q7D
zzszIf5XJpE)IG4;d_(La-xenmF(tgAxK`Y4sQ}BSJEPs6N_U2vI{8=0C_F?@7<(G;
zo$~G=8p+076G;`}>{MQ>t>7cm=zGtfbdDXm6||jUU|?X?CaE?(<6bKDYKeHlz}DA8
zXT={X=yp_R;HfJ9h%?eWvQ!dRgz&Su*JfNt!Wu>|XfU<MM~gB&J0gc}IH}?|B4WRK
zWPL0FhctFGdMucOFdhrVunIe5)4K^H9IjB#eA)p5w?c#v7kp8jx^~bxxJB{;hPFL9
zkR9Dbpj+T5ZMgHQg|oj*DS;x&jK}1rn&}Shp9sgOI*7puQD-w?3H*cg72;5H(_zW*
zApJBIM-p2~F;qWDj!n|Kd=5|T8OPkQ_G;ujgvKybr5@~eci2{8WAz+%NUSp-&eoG!
zOGLNLJewWl&1*NT467W3god~fYgX?!f0?NCFnjD$qE-fyQ)|Q_DLc*{olmXSVl$g_
z$vj}o?RatMy(o*j8?q1Mgw{OUOgVR6_qvS<Co*&!cR`ROi|*I`ajyG5s@L8agnX2J
zF=DLkMG`z{RP&996y0yAtvJcb<cba?TV#j4VYFPC>&68iRikRrHRW|ZxzRR^`eIGt
zIeiDgVS>IeExKVRWW8-=<xUfo0v~z=RA=cFWKXgcMECd}xHp7iqkBanH}TZ0h0rA=
zqxUZ>A=<k-RjTtwbJkkep{8z*173wY^e%-U0{Ue!n@wbg^2q)Vx5c(_RfvuR4}XXn
z+JE>yA`}`)ZkWBrZD`hpWIxBGkh&f#ijr449~m`j6{4jiJ*C!oVA8ZC?$1RM#K(_b
zL9TW)kN*Y4%^-qPpMP7d4)o?Nk#>aoYHT(*g)qmRUb?**F@pnNiy6Fv9rEiUqD(^O
zzyS?nBrX63BTRYduaG(0VVG2yJRe%o&rVrLjbxTaAFTd8s;<<@Qs>u(<193R8>}2_
zuwp{7;H2a*X7_jryzriZXMg?bTuegABb^87@SsKkr2)0Gyiax8KQWstw^v<oS3Xw7
zu51m`3~hoyxErcHymdFTZd#AO59{EkuFTcpAR33(3xc{zRnn1~1Ei(i*^HdCvM~;;
za&}Uip|u>#ix45EVrcEhr>!NMhprl<CqZuKa#zuI&@zymVzIicetS0bq#u?m(r_@S
zJ79bl%4EyHCQ3fK@en+A1@)e}HWLP|gr_zuoA{}Z<(-*53Zu@k+=^%~5F(z$EFLI;
z-TQTS8$W|GRbZq93Ha1?lu+`O;rn>$InQMzjSFH54x5k9qHc`@9uKQzvL4ihcq{^B
zPrVR=o_ic%Y>6&rMN)hTZsI7I<3&`#(nl+3y3ys9A~<Ao%ZuW})CJ)6^(aRV(gGxR
z89#(FDW;GZEAf;rI$+PU)rEV|rASrwP0_mr^Ldv)IuUf1M>&^=4?PL&nd8)`OfG#n
zwAMN$1&>K++c{^|7<<q5KGu)u(OEfEJJw2aEi(;x-i=Y=j3ram9H2n-Fuqv0dVlXJ
z&WgG5X({!vJFDrEbm+CWDca^zIe2@s1@a;;Y3!U9Q)&P0UXFmCP51_!wvTfAIyR^M
z7^R*O@yz1b-s4VC>4P=2y(B{jJsQ0a#U;HTo4ZmWZYvI{+s;Td{Yzem%0*k#)vjpB
zia;J&>}ICate44SFYY3vEelqStQWFihx%^vQ@Do(sOy7yR2@WNv7Y9I^yL=nZr3mb
zXKV5t@=?-Sk|b{XMhA7ZGB@2hqsx}4xwCW!in#C<kr{U&JG{9FhoZ<aTve_lLz39>
zI@}sc<h3gsW}hp-`WUywKA>Zlr3-NFJ@NFaJlhyfcw{k^vvtGl`N9xSo**rDW4S}i
zM9{fMPWo%4wYDG~BZ18BD+}h|GQKc-g^{++3MY>}W_uq7jGHx{mwE9fZiPCoxN$+7
zrODGGJrOkcPQUB(FD5aoS4g~7#6NR^ma7-!>mHuJfY5kTe6PpNNKC9GGRiu^L31uG
z$7v`*JknQHsYB!Tm_W{a32TM099djW%5e+j0Ve_ct}IM>XLF1Ap+YvcrLV=|CKo6S
zb+<Td{{5RWR}u2f(q<b(D$9JsF0OOzJ*+z0P5kc1t}CXlYgua%x*2lSgp|*WS3H-#
zdYr7?GQOL18zUS<2|;+vi4|4sQBM2Gs&WVS!D`q5Lz;XR@5rEfa{uG-!q?R8Ncz%(
z5K6~LQ@d2wp#)5q4u<ENlFbS)U4o1t9{-d>9Nl3_YdKP6%Cxy@6TxZ>;4&nTneadr
z_ES90ydCev)LV!dN=#(*f}|ZORFdvkYBni^aLbUk>BajeWIOcmHP#8S)*2U~QKI%S
zyrLmtPqb&TphJ;>yAxri#;{uyk`JJqODDw%(Z=2<VfJZemI(PFAD{6Sm|uE%BTbkl
zROsg*MOh20YgGs3H7?@pmQ>`1uc}br^V%>j!gS)D*q*f_-qf8&D;W1dJgQMlaH5er
zN2U<%Smb7==vE}dDI8K7cKz!vs^73o9f>2sgiTzWcwY|BMYHH5%Vn7#kiw&eItCqa
zIkR2~Q}>X=Ar8W|^Ms41Fm8o6IB2_j60eOeBB1Br!boW7JnoeX6Gs)?7rW0^5psc-
zjS16yb>dFn>KPOF;imD}e!enuIniFzv}n$m2#gCCv4jM#ArwlzZ$7@9&XkFxZ4n!V
zj3dyiwW4Ki2QG{@i>yuZXQizw_OkZI^-3otXC{!(lUpJF33gI60ak;Uqitp74|B6I
zgg{b=Iz}WkhCGj1M<xTd?60J5qsr1Cg7F~~U2N!(@lC<>=hu4#Aw173YxIVbISaoc
z-nLZC*6Tgivd5V`K%GxhBsp@SUU60-rfc$=wb>zdJzXS&-5(NRRodFk;Kxk!S(<ov
z$YXcI9;^grAyiJ4dWTv3b}K~Ww09(;mLY4+kj|$A?IMr}`7q?mIS1>O(a0e7oY=E(
zAyS;Ow?6Q&XA+cnkCb{28_1N8H#?J!*$MmIwLq^*T_9-z^&UE@A(z9oGYtFy6EZef
LrJugUA?W`A8`#=m

literal 0
HcmV?d00001

diff --git a/examples/authsignal-passwordless/public/vercel.svg b/examples/authsignal-passwordless/public/vercel.svg
new file mode 100755
index 0000000000000..fbf0e25a651c2
--- /dev/null
+++ b/examples/authsignal-passwordless/public/vercel.svg
@@ -0,0 +1,4 @@
+<svg width="283" height="64" viewBox="0 0 283 64" fill="none" 
+    xmlns="http://www.w3.org/2000/svg">
+    <path d="M141.04 16c-11.04 0-19 7.2-19 18s8.96 18 20 18c6.67 0 12.55-2.64 16.19-7.09l-7.65-4.42c-2.02 2.21-5.09 3.5-8.54 3.5-4.79 0-8.86-2.5-10.37-6.5h28.02c.22-1.12.35-2.28.35-3.5 0-10.79-7.96-17.99-19-17.99zm-9.46 14.5c1.25-3.99 4.67-6.5 9.45-6.5 4.79 0 8.21 2.51 9.45 6.5h-18.9zM248.72 16c-11.04 0-19 7.2-19 18s8.96 18 20 18c6.67 0 12.55-2.64 16.19-7.09l-7.65-4.42c-2.02 2.21-5.09 3.5-8.54 3.5-4.79 0-8.86-2.5-10.37-6.5h28.02c.22-1.12.35-2.28.35-3.5 0-10.79-7.96-17.99-19-17.99zm-9.45 14.5c1.25-3.99 4.67-6.5 9.45-6.5 4.79 0 8.21 2.51 9.45 6.5h-18.9zM200.24 34c0 6 3.92 10 10 10 4.12 0 7.21-1.87 8.8-4.92l7.68 4.43c-3.18 5.3-9.14 8.49-16.48 8.49-11.05 0-19-7.2-19-18s7.96-18 19-18c7.34 0 13.29 3.19 16.48 8.49l-7.68 4.43c-1.59-3.05-4.68-4.92-8.8-4.92-6.07 0-10 4-10 10zm82.48-29v46h-9V5h9zM36.95 0L73.9 64H0L36.95 0zm92.38 5l-27.71 48L73.91 5H84.3l17.32 30 17.32-30h10.39zm58.91 12v9.69c-1-.29-2.06-.49-3.2-.49-5.81 0-10 4-10 10V51h-9V17h9v9.2c0-5.08 5.91-9.2 13.2-9.2z" fill="#000"/>
+</svg>
\ No newline at end of file
diff --git a/examples/authsignal-passwordless/tsconfig.json b/examples/authsignal-passwordless/tsconfig.json
new file mode 100755
index 0000000000000..99710e857874f
--- /dev/null
+++ b/examples/authsignal-passwordless/tsconfig.json
@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "es5",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "forceConsistentCasingInFileNames": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "node",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "preserve",
+    "incremental": true
+  },
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"],
+  "exclude": ["node_modules"]
+}

From d68c9f72e107b0eeec876ab1739117ba0d49c4fb Mon Sep 17 00:00:00 2001
From: Chris Fisher <chris.i.fisher@gmail.com>
Date: Fri, 29 Jul 2022 15:24:00 +1200
Subject: [PATCH 2/3] Updates based on PR feedback

---
 .../authsignal-passwordless/.eslintrc.json    |   3 -
 .../components/dashboard.tsx                  |  24 -------
 .../components/index.ts                       |   3 -
 .../authsignal-passwordless/lib/cookies.ts    |  61 ------------------
 examples/authsignal-passwordless/lib/index.ts |   1 -
 .../authsignal-passwordless/next-env.d.ts     |   5 --
 .../authsignal-passwordless/pages/_app.tsx    |   6 --
 .../pages/api/finalize-login.ts               |  22 -------
 .../pages/api/login.ts                        |  15 -----
 .../pages/api/logout.ts                       |  10 ---
 .../passwordless-login}/.env.local.example    |   0
 .../passwordless-login}/.gitignore            |   1 +
 .../passwordless-login}/README.md             |   0
 .../components/dashboard.module.css           |   0
 .../components/dashboard.tsx                  |  35 ++++++++++
 .../passwordless-login/components/index.ts    |   3 +
 .../passwordless-login}/components/layout.tsx |   8 +--
 .../components/login.module.css               |   0
 .../passwordless-login}/components/login.tsx  |   6 +-
 .../passwordless-login/lib/authsignal.ts      |   5 ++
 .../passwordless-login/lib/cookies.ts         |  57 ++++++++++++++++
 .../passwordless-login/lib/index.ts           |   2 +
 .../passwordless-login}/next.config.js        |   0
 .../passwordless-login}/package.json          |   5 +-
 .../passwordless-login/pages/_app.tsx         |   6 ++
 .../pages/api/finalize-login.ts               |  27 ++++++++
 .../passwordless-login/pages/api/login.ts     |  17 +++++
 .../passwordless-login/pages/api/logout.ts    |  17 +++++
 .../passwordless-login}/pages/globals.css     |   6 +-
 .../passwordless-login}/pages/index.tsx       |  18 +++---
 .../passwordless-login}/public/favicon.ico    | Bin
 .../passwordless-login}/public/vercel.svg     |   0
 .../passwordless-login}/tsconfig.json         |   0
 33 files changed, 190 insertions(+), 173 deletions(-)
 delete mode 100755 examples/authsignal-passwordless/.eslintrc.json
 delete mode 100644 examples/authsignal-passwordless/components/dashboard.tsx
 delete mode 100644 examples/authsignal-passwordless/components/index.ts
 delete mode 100644 examples/authsignal-passwordless/lib/cookies.ts
 delete mode 100644 examples/authsignal-passwordless/lib/index.ts
 delete mode 100755 examples/authsignal-passwordless/next-env.d.ts
 delete mode 100755 examples/authsignal-passwordless/pages/_app.tsx
 delete mode 100644 examples/authsignal-passwordless/pages/api/finalize-login.ts
 delete mode 100644 examples/authsignal-passwordless/pages/api/login.ts
 delete mode 100644 examples/authsignal-passwordless/pages/api/logout.ts
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/.env.local.example (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/.gitignore (96%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/README.md (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/components/dashboard.module.css (100%)
 create mode 100644 examples/authsignal/passwordless-login/components/dashboard.tsx
 create mode 100644 examples/authsignal/passwordless-login/components/index.ts
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/components/layout.tsx (76%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/components/login.module.css (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/components/login.tsx (70%)
 create mode 100644 examples/authsignal/passwordless-login/lib/authsignal.ts
 create mode 100644 examples/authsignal/passwordless-login/lib/cookies.ts
 create mode 100644 examples/authsignal/passwordless-login/lib/index.ts
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/next.config.js (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/package.json (80%)
 create mode 100755 examples/authsignal/passwordless-login/pages/_app.tsx
 create mode 100644 examples/authsignal/passwordless-login/pages/api/finalize-login.ts
 create mode 100644 examples/authsignal/passwordless-login/pages/api/login.ts
 create mode 100644 examples/authsignal/passwordless-login/pages/api/logout.ts
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/pages/globals.css (51%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/pages/index.tsx (57%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/public/favicon.ico (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/public/vercel.svg (100%)
 rename examples/{authsignal-passwordless => authsignal/passwordless-login}/tsconfig.json (100%)

diff --git a/examples/authsignal-passwordless/.eslintrc.json b/examples/authsignal-passwordless/.eslintrc.json
deleted file mode 100755
index bffb357a71225..0000000000000
--- a/examples/authsignal-passwordless/.eslintrc.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "extends": "next/core-web-vitals"
-}
diff --git a/examples/authsignal-passwordless/components/dashboard.tsx b/examples/authsignal-passwordless/components/dashboard.tsx
deleted file mode 100644
index cb08a5ab4034f..0000000000000
--- a/examples/authsignal-passwordless/components/dashboard.tsx
+++ /dev/null
@@ -1,24 +0,0 @@
-import Link from "next/link";
-import { User } from "../lib";
-import styles from "./dashboard.module.css";
-
-interface Props {
-  user: User;
-}
-
-export const Dashboard = ({ user }: Props) => (
-  <>
-    <header className={styles.header}>
-      <div className={styles.logo}>My Example App</div>
-      <Link href={"/api/logout"}>
-        <button>Log out</button>
-      </Link>
-    </header>
-    <div className={styles.user}>
-      <div>
-        <div className={styles.label}>Logged in as:</div>
-        <div>{user.email}</div>
-      </div>
-    </div>
-  </>
-);
diff --git a/examples/authsignal-passwordless/components/index.ts b/examples/authsignal-passwordless/components/index.ts
deleted file mode 100644
index d20cb80d89a74..0000000000000
--- a/examples/authsignal-passwordless/components/index.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-export * from "./dashboard";
-export * from "./layout";
-export * from "./login";
diff --git a/examples/authsignal-passwordless/lib/cookies.ts b/examples/authsignal-passwordless/lib/cookies.ts
deleted file mode 100644
index 19acc151feca2..0000000000000
--- a/examples/authsignal-passwordless/lib/cookies.ts
+++ /dev/null
@@ -1,61 +0,0 @@
-import Iron from "@hapi/iron";
-import { parse, serialize } from "cookie";
-
-export async function createCookieForSession(user: User) {
-  // Make login session valid for 8 hours
-  const maxAge = 60 * 60 * 8;
-
-  const expires = new Date();
-  expires.setSeconds(expires.getSeconds() + maxAge);
-
-  const sessionData: SessionData = { user, expiresAt: expires.toString() };
-
-  const sessionToken = await Iron.seal(
-    sessionData,
-    TOKEN_SECRET,
-    Iron.defaults
-  );
-
-  const cookie = serialize(COOKIE_NAME, sessionToken, {
-    maxAge,
-    expires,
-    httpOnly: true,
-    secure: process.env.NODE_ENV === "production",
-    path: "/",
-    sameSite: "lax",
-  });
-
-  return cookie;
-}
-
-export async function getSessionFromCookie(cookie: string | undefined) {
-  const cookies = parse(cookie ?? "");
-
-  const sessionToken = cookies[COOKIE_NAME];
-
-  if (!sessionToken) {
-    return undefined;
-  }
-
-  const sessionData: SessionData = await Iron.unseal(
-    sessionToken,
-    TOKEN_SECRET,
-    Iron.defaults
-  );
-
-  return sessionData;
-}
-
-export interface SessionData {
-  user: User;
-  expiresAt: string;
-}
-
-export interface User {
-  userId: string;
-  email?: string;
-}
-
-export const COOKIE_NAME = "session_token";
-
-const TOKEN_SECRET = process.env.SESSION_TOKEN_SECRET!;
diff --git a/examples/authsignal-passwordless/lib/index.ts b/examples/authsignal-passwordless/lib/index.ts
deleted file mode 100644
index 7017da79c7a71..0000000000000
--- a/examples/authsignal-passwordless/lib/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from "./cookies";
diff --git a/examples/authsignal-passwordless/next-env.d.ts b/examples/authsignal-passwordless/next-env.d.ts
deleted file mode 100755
index 4f11a03dc6cc3..0000000000000
--- a/examples/authsignal-passwordless/next-env.d.ts
+++ /dev/null
@@ -1,5 +0,0 @@
-/// <reference types="next" />
-/// <reference types="next/image-types/global" />
-
-// NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
diff --git a/examples/authsignal-passwordless/pages/_app.tsx b/examples/authsignal-passwordless/pages/_app.tsx
deleted file mode 100755
index 159d8a3813ed6..0000000000000
--- a/examples/authsignal-passwordless/pages/_app.tsx
+++ /dev/null
@@ -1,6 +0,0 @@
-import type { AppProps } from "next/app";
-import "./globals.css";
-
-export default function MyApp({ Component, pageProps }: AppProps) {
-  return <Component {...pageProps} />;
-}
diff --git a/examples/authsignal-passwordless/pages/api/finalize-login.ts b/examples/authsignal-passwordless/pages/api/finalize-login.ts
deleted file mode 100644
index 33b1528172284..0000000000000
--- a/examples/authsignal-passwordless/pages/api/finalize-login.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-import { Authsignal } from "@authsignal/node";
-import { NextApiRequest, NextApiResponse } from "next";
-import { createCookieForSession } from "../../lib";
-
-const authsignal = new Authsignal({ secret: process.env.AUTHSIGNAL_SECRET! });
-
-export default async function finalizeLogin(
-  req: NextApiRequest,
-  res: NextApiResponse
-) {
-  const token = req.query.token as string;
-
-  const { success, user } = await authsignal.validateChallenge({ token });
-
-  if (success) {
-    const cookie = await createCookieForSession(user);
-
-    res.setHeader("Set-Cookie", cookie);
-  }
-
-  res.redirect("/");
-}
diff --git a/examples/authsignal-passwordless/pages/api/login.ts b/examples/authsignal-passwordless/pages/api/login.ts
deleted file mode 100644
index ca37ef4501a3a..0000000000000
--- a/examples/authsignal-passwordless/pages/api/login.ts
+++ /dev/null
@@ -1,15 +0,0 @@
-import { Authsignal } from "@authsignal/node";
-import { NextApiRequest, NextApiResponse } from "next";
-
-const authsignal = new Authsignal({ secret: process.env.AUTHSIGNAL_SECRET! });
-
-export default async function login(req: NextApiRequest, res: NextApiResponse) {
-  const { email } = req.body;
-
-  const { url } = await authsignal.loginWithEmail({ email, redirectUrl });
-
-  res.redirect(303, url);
-}
-
-const redirectUrl =
-  process.env.REDIRECT_URL ?? "http://localhost:3000/api/finalize-login";
diff --git a/examples/authsignal-passwordless/pages/api/logout.ts b/examples/authsignal-passwordless/pages/api/logout.ts
deleted file mode 100644
index 5baa1cb214a9a..0000000000000
--- a/examples/authsignal-passwordless/pages/api/logout.ts
+++ /dev/null
@@ -1,10 +0,0 @@
-import { NextApiRequest, NextApiResponse } from "next";
-import { serialize } from "cookie";
-import { COOKIE_NAME } from "../../lib";
-
-export default async function logout(_: NextApiRequest, res: NextApiResponse) {
-  const cookie = serialize(COOKIE_NAME, "", { maxAge: -1, path: "/" });
-
-  res.setHeader("Set-Cookie", cookie);
-  res.redirect("/");
-}
diff --git a/examples/authsignal-passwordless/.env.local.example b/examples/authsignal/passwordless-login/.env.local.example
similarity index 100%
rename from examples/authsignal-passwordless/.env.local.example
rename to examples/authsignal/passwordless-login/.env.local.example
diff --git a/examples/authsignal-passwordless/.gitignore b/examples/authsignal/passwordless-login/.gitignore
similarity index 96%
rename from examples/authsignal-passwordless/.gitignore
rename to examples/authsignal/passwordless-login/.gitignore
index 737d87210923e..46f26a804bbe1 100755
--- a/examples/authsignal-passwordless/.gitignore
+++ b/examples/authsignal/passwordless-login/.gitignore
@@ -33,3 +33,4 @@ yarn-error.log*
 
 # typescript
 *.tsbuildinfo
+next-env.d.ts
\ No newline at end of file
diff --git a/examples/authsignal-passwordless/README.md b/examples/authsignal/passwordless-login/README.md
similarity index 100%
rename from examples/authsignal-passwordless/README.md
rename to examples/authsignal/passwordless-login/README.md
diff --git a/examples/authsignal-passwordless/components/dashboard.module.css b/examples/authsignal/passwordless-login/components/dashboard.module.css
similarity index 100%
rename from examples/authsignal-passwordless/components/dashboard.module.css
rename to examples/authsignal/passwordless-login/components/dashboard.module.css
diff --git a/examples/authsignal/passwordless-login/components/dashboard.tsx b/examples/authsignal/passwordless-login/components/dashboard.tsx
new file mode 100644
index 0000000000000..b7a5a7051a4ae
--- /dev/null
+++ b/examples/authsignal/passwordless-login/components/dashboard.tsx
@@ -0,0 +1,35 @@
+import { useRouter } from 'next/router'
+import { User } from '../lib'
+import styles from './dashboard.module.css'
+
+interface Props {
+  user: User
+}
+
+export const Dashboard = ({ user }: Props) => {
+  const router = useRouter()
+
+  const logout = async () => {
+    await fetch('/api/logout', {
+      method: 'POST',
+      credentials: 'same-origin',
+    })
+
+    router.push('/')
+  }
+
+  return (
+    <>
+      <header className={styles.header}>
+        <div className={styles.logo}>My Example App</div>
+        <button onClick={() => logout()}>Log out</button>
+      </header>
+      <div className={styles.user}>
+        <div>
+          <div className={styles.label}>Logged in as:</div>
+          <div>{user.email}</div>
+        </div>
+      </div>
+    </>
+  )
+}
diff --git a/examples/authsignal/passwordless-login/components/index.ts b/examples/authsignal/passwordless-login/components/index.ts
new file mode 100644
index 0000000000000..3fb04656642cb
--- /dev/null
+++ b/examples/authsignal/passwordless-login/components/index.ts
@@ -0,0 +1,3 @@
+export * from './dashboard'
+export * from './layout'
+export * from './login'
diff --git a/examples/authsignal-passwordless/components/layout.tsx b/examples/authsignal/passwordless-login/components/layout.tsx
similarity index 76%
rename from examples/authsignal-passwordless/components/layout.tsx
rename to examples/authsignal/passwordless-login/components/layout.tsx
index 90a0d8e17dd1f..88cdd69702251 100644
--- a/examples/authsignal-passwordless/components/layout.tsx
+++ b/examples/authsignal/passwordless-login/components/layout.tsx
@@ -1,8 +1,8 @@
-import Head from "next/head";
+import Head from 'next/head'
 
 type Props = {
-  children: React.ReactNode;
-};
+  children: React.ReactNode
+}
 
 export const Layout = (props: Props) => (
   <>
@@ -13,4 +13,4 @@ export const Layout = (props: Props) => (
 
     {props.children}
   </>
-);
+)
diff --git a/examples/authsignal-passwordless/components/login.module.css b/examples/authsignal/passwordless-login/components/login.module.css
similarity index 100%
rename from examples/authsignal-passwordless/components/login.module.css
rename to examples/authsignal/passwordless-login/components/login.module.css
diff --git a/examples/authsignal-passwordless/components/login.tsx b/examples/authsignal/passwordless-login/components/login.tsx
similarity index 70%
rename from examples/authsignal-passwordless/components/login.tsx
rename to examples/authsignal/passwordless-login/components/login.tsx
index 5f1f6a348de20..555f7f6d616df 100644
--- a/examples/authsignal-passwordless/components/login.tsx
+++ b/examples/authsignal/passwordless-login/components/login.tsx
@@ -1,12 +1,12 @@
-import styles from "./login.module.css";
+import styles from './login.module.css'
 
 export const Login = () => (
   <main className={styles.login}>
     <h1 className={styles.title}>My Example App</h1>
     <form method="POST" action="/api/login">
       <label htmlFor="email">Email</label>
-      <input id="email" type="email" name="email" required autoFocus />
+      <input id="email" type="email" name="email" required />
       <button type="submit">Log in / Sign up</button>
     </form>
   </main>
-);
+)
diff --git a/examples/authsignal/passwordless-login/lib/authsignal.ts b/examples/authsignal/passwordless-login/lib/authsignal.ts
new file mode 100644
index 0000000000000..618fcd4e2f510
--- /dev/null
+++ b/examples/authsignal/passwordless-login/lib/authsignal.ts
@@ -0,0 +1,5 @@
+import { Authsignal } from '@authsignal/node'
+
+const secret = process.env.AUTHSIGNAL_SECRET!
+
+export const authsignal = new Authsignal({ secret })
diff --git a/examples/authsignal/passwordless-login/lib/cookies.ts b/examples/authsignal/passwordless-login/lib/cookies.ts
new file mode 100644
index 0000000000000..9953b681b22b7
--- /dev/null
+++ b/examples/authsignal/passwordless-login/lib/cookies.ts
@@ -0,0 +1,57 @@
+import Iron from '@hapi/iron'
+import { parse, serialize } from 'cookie'
+
+export async function createCookieForSession(user: User) {
+  // Make login session valid for 8 hours
+  const maxAge = 60 * 60 * 8
+
+  const expires = new Date()
+  expires.setSeconds(expires.getSeconds() + maxAge)
+
+  const sessionData: SessionData = { user, expiresAt: expires.toString() }
+
+  const sessionToken = await Iron.seal(sessionData, TOKEN_SECRET, Iron.defaults)
+
+  const cookie = serialize(COOKIE_NAME, sessionToken, {
+    maxAge,
+    expires,
+    httpOnly: true,
+    secure: process.env.NODE_ENV === 'production',
+    path: '/',
+    sameSite: 'lax',
+  })
+
+  return cookie
+}
+
+export async function getSessionFromCookie(cookie: string | undefined) {
+  const cookies = parse(cookie ?? '')
+
+  const sessionToken = cookies[COOKIE_NAME]
+
+  if (!sessionToken) {
+    return undefined
+  }
+
+  const sessionData: SessionData = await Iron.unseal(
+    sessionToken,
+    TOKEN_SECRET,
+    Iron.defaults
+  )
+
+  return sessionData
+}
+
+export interface SessionData {
+  user: User
+  expiresAt: string
+}
+
+export interface User {
+  userId: string
+  email?: string
+}
+
+export const COOKIE_NAME = 'session_token'
+
+const TOKEN_SECRET = process.env.SESSION_TOKEN_SECRET!
diff --git a/examples/authsignal/passwordless-login/lib/index.ts b/examples/authsignal/passwordless-login/lib/index.ts
new file mode 100644
index 0000000000000..57e8ea63702f6
--- /dev/null
+++ b/examples/authsignal/passwordless-login/lib/index.ts
@@ -0,0 +1,2 @@
+export * from './authsignal'
+export * from './cookies'
diff --git a/examples/authsignal-passwordless/next.config.js b/examples/authsignal/passwordless-login/next.config.js
similarity index 100%
rename from examples/authsignal-passwordless/next.config.js
rename to examples/authsignal/passwordless-login/next.config.js
diff --git a/examples/authsignal-passwordless/package.json b/examples/authsignal/passwordless-login/package.json
similarity index 80%
rename from examples/authsignal-passwordless/package.json
rename to examples/authsignal/passwordless-login/package.json
index 2a2a50db6f2d5..5f3ce57b1d852 100644
--- a/examples/authsignal-passwordless/package.json
+++ b/examples/authsignal/passwordless-login/package.json
@@ -3,8 +3,7 @@
   "scripts": {
     "dev": "next dev",
     "build": "next build",
-    "start": "next start",
-    "lint": "next lint"
+    "start": "next start"
   },
   "dependencies": {
     "@authsignal/node": "^0.0.29",
@@ -19,8 +18,6 @@
     "@types/node": "18.0.3",
     "@types/react": "18.0.15",
     "@types/react-dom": "18.0.6",
-    "eslint": "8.19.0",
-    "eslint-config-next": "latest",
     "typescript": "4.7.4"
   }
 }
diff --git a/examples/authsignal/passwordless-login/pages/_app.tsx b/examples/authsignal/passwordless-login/pages/_app.tsx
new file mode 100755
index 0000000000000..5aea79b52129c
--- /dev/null
+++ b/examples/authsignal/passwordless-login/pages/_app.tsx
@@ -0,0 +1,6 @@
+import type { AppProps } from 'next/app'
+import './globals.css'
+
+export default function MyApp({ Component, pageProps }: AppProps) {
+  return <Component {...pageProps} />
+}
diff --git a/examples/authsignal/passwordless-login/pages/api/finalize-login.ts b/examples/authsignal/passwordless-login/pages/api/finalize-login.ts
new file mode 100644
index 0000000000000..1a3f58437501a
--- /dev/null
+++ b/examples/authsignal/passwordless-login/pages/api/finalize-login.ts
@@ -0,0 +1,27 @@
+import { NextApiRequest, NextApiResponse } from 'next'
+import { authsignal, createCookieForSession } from '../../lib'
+
+// This route handles the redirect back from the Authsignal Prebuilt MFA page
+export default async function finalizeLogin(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  // Only GET requests since we are handling redirects
+  if (req.method !== 'GET') {
+    return res.status(405).send({ message: 'Only GET requests allowed' })
+  }
+
+  const token = req.query.token as string
+
+  // This step uses your secret key to validate the token returned via the redirect
+  // It makes an authenticated call to Authsignal to check if the magic link challenge succeeded
+  const { success, user } = await authsignal.validateChallenge({ token })
+
+  if (success) {
+    const cookie = await createCookieForSession(user)
+
+    res.setHeader('Set-Cookie', cookie)
+  }
+
+  res.redirect('/')
+}
diff --git a/examples/authsignal/passwordless-login/pages/api/login.ts b/examples/authsignal/passwordless-login/pages/api/login.ts
new file mode 100644
index 0000000000000..b72e8615b2a02
--- /dev/null
+++ b/examples/authsignal/passwordless-login/pages/api/login.ts
@@ -0,0 +1,17 @@
+import { NextApiRequest, NextApiResponse } from 'next'
+import { authsignal } from '../../lib'
+
+export default async function login(req: NextApiRequest, res: NextApiResponse) {
+  if (req.method !== 'POST') {
+    return res.status(405).send({ message: 'Only POST requests allowed' })
+  }
+
+  const { email } = req.body
+
+  const { url } = await authsignal.loginWithEmail({ email, redirectUrl })
+
+  res.redirect(303, url)
+}
+
+const redirectUrl =
+  process.env.REDIRECT_URL ?? 'http://localhost:3000/api/finalize-login'
diff --git a/examples/authsignal/passwordless-login/pages/api/logout.ts b/examples/authsignal/passwordless-login/pages/api/logout.ts
new file mode 100644
index 0000000000000..c6b0baecebebc
--- /dev/null
+++ b/examples/authsignal/passwordless-login/pages/api/logout.ts
@@ -0,0 +1,17 @@
+import { NextApiRequest, NextApiResponse } from 'next'
+import { serialize } from 'cookie'
+import { COOKIE_NAME } from '../../lib'
+
+export default async function logout(
+  req: NextApiRequest,
+  res: NextApiResponse
+) {
+  if (req.method !== 'POST') {
+    return res.status(405).send({ message: 'Only POST requests allowed' })
+  }
+
+  const cookie = serialize(COOKIE_NAME, '', { maxAge: -1, path: '/' })
+
+  res.setHeader('Set-Cookie', cookie)
+  res.send({ success: true })
+}
diff --git a/examples/authsignal-passwordless/pages/globals.css b/examples/authsignal/passwordless-login/pages/globals.css
similarity index 51%
rename from examples/authsignal-passwordless/pages/globals.css
rename to examples/authsignal/passwordless-login/pages/globals.css
index c5a00e21a5bf8..b25c5fe6b4036 100644
--- a/examples/authsignal-passwordless/pages/globals.css
+++ b/examples/authsignal/passwordless-login/pages/globals.css
@@ -12,9 +12,9 @@ body {
 
 body {
   margin: 0;
-  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
-    "Helvetica Neue", Arial, Noto Sans, sans-serif, "Apple Color Emoji",
-    "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
+  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto,
+    'Helvetica Neue', Arial, Noto Sans, sans-serif, 'Apple Color Emoji',
+    'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
 }
 
 #__next {
diff --git a/examples/authsignal-passwordless/pages/index.tsx b/examples/authsignal/passwordless-login/pages/index.tsx
similarity index 57%
rename from examples/authsignal-passwordless/pages/index.tsx
rename to examples/authsignal/passwordless-login/pages/index.tsx
index a55279b33b7a4..a131da14099ec 100755
--- a/examples/authsignal-passwordless/pages/index.tsx
+++ b/examples/authsignal/passwordless-login/pages/index.tsx
@@ -1,23 +1,23 @@
-import { GetServerSideProps } from "next";
-import { Dashboard, Layout, Login } from "../components";
-import { getSessionFromCookie, User } from "../lib";
+import { GetServerSideProps } from 'next'
+import { Dashboard, Layout, Login } from '../components'
+import { getSessionFromCookie, User } from '../lib'
 
 interface Props {
-  user: User | null;
+  user: User | null
 }
 
 export const getServerSideProps: GetServerSideProps<Props> = async ({
   req,
 }) => {
-  const session = await getSessionFromCookie(req.headers.cookie);
+  const session = await getSessionFromCookie(req.headers.cookie)
 
   if (session && new Date(session.expiresAt) > new Date()) {
-    return { props: { user: session.user } };
+    return { props: { user: session.user } }
   } else {
-    return { props: { user: null } };
+    return { props: { user: null } }
   }
-};
+}
 
 export default function HomePage({ user }: Props) {
-  return <Layout>{user ? <Dashboard user={user} /> : <Login />}</Layout>;
+  return <Layout>{user ? <Dashboard user={user} /> : <Login />}</Layout>
 }
diff --git a/examples/authsignal-passwordless/public/favicon.ico b/examples/authsignal/passwordless-login/public/favicon.ico
similarity index 100%
rename from examples/authsignal-passwordless/public/favicon.ico
rename to examples/authsignal/passwordless-login/public/favicon.ico
diff --git a/examples/authsignal-passwordless/public/vercel.svg b/examples/authsignal/passwordless-login/public/vercel.svg
similarity index 100%
rename from examples/authsignal-passwordless/public/vercel.svg
rename to examples/authsignal/passwordless-login/public/vercel.svg
diff --git a/examples/authsignal-passwordless/tsconfig.json b/examples/authsignal/passwordless-login/tsconfig.json
similarity index 100%
rename from examples/authsignal-passwordless/tsconfig.json
rename to examples/authsignal/passwordless-login/tsconfig.json

From 73c84341c04b61d83e6a7d5abc982841a7a432a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Orb=C3=A1n?= <info@balazsorban.com>
Date: Sat, 1 Oct 2022 06:36:27 +0200
Subject: [PATCH 3/3] fix lint

---
 examples/authsignal/passwordless-login/lib/cookies.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/authsignal/passwordless-login/lib/cookies.ts b/examples/authsignal/passwordless-login/lib/cookies.ts
index 9953b681b22b7..15d19b9ae0a40 100644
--- a/examples/authsignal/passwordless-login/lib/cookies.ts
+++ b/examples/authsignal/passwordless-login/lib/cookies.ts
@@ -1,6 +1,10 @@
 import Iron from '@hapi/iron'
 import { parse, serialize } from 'cookie'
 
+export const COOKIE_NAME = 'session_token'
+
+const TOKEN_SECRET = process.env.SESSION_TOKEN_SECRET!
+
 export async function createCookieForSession(user: User) {
   // Make login session valid for 8 hours
   const maxAge = 60 * 60 * 8
@@ -51,7 +55,3 @@ export interface User {
   userId: string
   email?: string
 }
-
-export const COOKIE_NAME = 'session_token'
-
-const TOKEN_SECRET = process.env.SESSION_TOKEN_SECRET!