npm - 90dc-core - Versions diffs - 1.19.4 → 1.19.6 - Mend

90dc-core 1.19.4 → 1.19.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (299) hide show

package/dist/lib/utils/AuthenticationUtil.js ADDED Viewed

@@ -0,0 +1,481 @@
+import * as dotenv from "dotenv";
+import jwt from "jsonwebtoken";
+import axios, { isAxiosError } from "axios";
+import { google } from "googleapis";
+import * as bcrypt from "bcryptjs";
+import { OAuth2Client as OAuth2ClientImpl } from "google-auth-library";
+import jwksClient from "jwks-rsa";
+import { AppleTransactionError } from "../Errors/Errors.js";
+import { SecretManagerServiceClient } from "@google-cloud/secret-manager";
+import { Log } from "./Logger.js";
+import { randomUUID } from "node:crypto";
+import { AuthenticationError } from "../Errors/AppError.js";
+import { PersistedUser } from "../dbmodels/user/PersistedUser.js";
+dotenv.config();
+const logger = Log.getInstance().extend("authentication-util");
+var TokenExpiration = /*#__PURE__*/ function(TokenExpiration) {
+    TokenExpiration[TokenExpiration["ACCESS"] = 3600] = "ACCESS";
+    TokenExpiration[TokenExpiration["REFRESH"] = 2592000] = "REFRESH"; // 30 days in seconds
+    return TokenExpiration;
+}(TokenExpiration || {});
+const appleJwksClient = jwksClient({
+    jwksUri: "https://appleid.apple.com/auth/keys"
+});
+async function loadAndroidServiceAccount() {
+    const sm = new SecretManagerServiceClient();
+    const name = "projects/1033066542238/secrets/ANDROID_SUB_KEY/versions/latest";
+    const [v] = await sm.accessSecretVersion({
+        name
+    });
+    const raw = v.payload?.data?.toString("utf8") ?? "";
+    // Secret should be the full JSON key. Parse and normalize newlines.
+    const json = JSON.parse(raw);
+    const client_email = json.client_email;
+    const private_key = String(json.private_key).replace(/\\n/g, "\n");
+    return {
+        client_email,
+        private_key
+    };
+}
+async function loadAppleSubscriptionkey() {
+    const client = new SecretManagerServiceClient();
+    const name = "projects/1033066542238/secrets/APPLE_SUB_KEY/versions/latest";
+    const [v] = await client.accessSecretVersion({
+        name
+    });
+    return v.payload?.data?.toString("utf8") ?? "";
+}
+export class AuthenticationUtil {
+    static ACCESS_SECRET = process.env.ACCESS_TOKEN_SECRET;
+    static REFRESH_SECRET = process.env.REFRESH_TOKEN_SECRET;
+    static async fetchUserWithTokenInfo(token) {
+        const userInToken = await AuthenticationUtil.verifyTokenAndFetchUser(token);
+        if (!userInToken || !userInToken.userUuid) {
+            return null;
+        }
+        return userInToken;
+    }
+    static verifyTokenAndFetchUser(token) {
+        return new Promise((resolve, reject)=>{
+            jwt.verify(token, this.ACCESS_SECRET, (err, decoded)=>{
+                if (err) {
+                    reject(err);
+                    return;
+                }
+                if (decoded === undefined) {
+                    resolve(null);
+                    return;
+                }
+                const user = decoded;
+                if (!user.userUuid) {
+                    resolve(false);
+                    return;
+                }
+                PersistedUser.findByPk(user.userUuid).then((persistedUser)=>{
+                    resolve(persistedUser);
+                }).catch((e)=>{
+                    reject(e);
+                });
+            });
+        });
+    }
+    /**
+   * Sign access token
+   */ static signAccessToken(user) {
+        return jwt.sign(user, this.ACCESS_SECRET, {
+            expiresIn: 3600
+        });
+    }
+    /**
+   * Sign refresh token
+   */ static signRefreshToken(user) {
+        return jwt.sign(user, this.REFRESH_SECRET);
+    }
+    /**
+   * Verify refresh token and return new access token
+   */ static verifyRefreshToken(refreshToken) {
+        return new Promise((resolve, reject)=>{
+            jwt.verify(refreshToken, this.REFRESH_SECRET, async (err, user)=>{
+                if (err) {
+                    reject(err);
+                }
+                if (user === undefined) {
+                    resolve(null);
+                    return;
+                }
+                const userTypes = user;
+                const newAccessToken = this.signAccessToken(userTypes);
+                resolve(newAccessToken);
+            });
+        });
+    }
+    // ==================== Password Management ====================
+    /**
+   * Hash password using bcrypt
+   */ static async hashPassword(password) {
+        return bcrypt.hash(password, 10);
+    }
+    /**
+   * Compare password with hash
+   */ static async comparePassword(plainPassword, hash) {
+        return bcrypt.compare(plainPassword, hash);
+    }
+    static async checkIfUserAlreadyRegistered(email) {
+        if (!email) return false;
+        const user = await PersistedUser.findOne({
+            where: {
+                email
+            }
+        });
+        return user !== null;
+    }
+    static async login(email, password) {
+        const users = await PersistedUser.findAll({
+            where: {
+                email
+            }
+        });
+        if (!users || users.length === 0) {
+            return null;
+        }
+        for (const user of users){
+            const passwordsMatch = await this.comparePassword(password, user.password);
+            if (passwordsMatch) {
+                return user;
+            }
+        }
+        return null;
+    }
+    static async verifyGoogleToken(idToken, audience) {
+        const client = new OAuth2ClientImpl(audience);
+        try {
+            return await client.verifyIdToken({
+                idToken,
+                audience
+            });
+        } catch (error) {
+            logger.error("Google Token Verification Error:", error);
+            return null;
+        }
+    }
+    static getGoogleClientId(platform) {
+        switch(platform){
+            case "android":
+                return process.env.ANDROID_GOOGLE_CLIENT_ID;
+            case "ios":
+                return process.env.IOS_GOOGLE_CLIENT_ID;
+            case "web":
+                return process.env.WEB_GOOGLE_CLIENT_ID;
+            default:
+                return undefined;
+        }
+    }
+    static async generateAppleJWT() {
+        const privateKey = await loadAppleSubscriptionkey();
+        const header = {
+            alg: "ES256",
+            kid: process.env.APPLE_KID,
+            typ: "JWT"
+        };
+        const payload = {
+            iss: process.env.APPLE_ISSUER,
+            iat: Math.floor(Date.now() / 1000),
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            aud: "appstoreconnect-v1",
+            bid: process.env.APPLE_BUNDLE_ID
+        };
+        return jwt.sign(payload, privateKey, {
+            header
+        });
+    }
+    static verifyAppleJwt(userData, key) {
+        try {
+            return jwt.verify(userData, key);
+        } catch (e) {
+            logger.error(e);
+            return null;
+        }
+    }
+    static async getAppleSignInKey(kid) {
+        try {
+            const key = await appleJwksClient.getSigningKey(kid);
+            return key.getPublicKey();
+        } catch (e) {
+            logger.error(e);
+            return undefined;
+        }
+    }
+    static async verifyAppleReceipt(data) {
+        const response = await axios.post("https://buy.itunes.apple.com/verifyReceipt", {
+            "receipt-data": data,
+            password: process.env.APPLE_SHARED_SECRET,
+            "exclude-old-transactions": true
+        });
+        return response.data;
+    }
+    static async getAppleTransactions(originalTransactionId) {
+        const result = [];
+        try {
+            const response = await axios.get(`https://api.storekit.itunes.apple.com/inApps/v1/history/${originalTransactionId}`, {
+                headers: {
+                    Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                    "Content-Type": "application/json"
+                }
+            });
+            for (const token of response.data.signedTransactions){
+                result.push(jwt.decode(token));
+            }
+            return result;
+        } catch (error) {
+            if (isAxiosError(error) && error.response?.status === 400) {
+                throw new AppleTransactionError("Invalid transaction id.");
+            }
+            if (isAxiosError(error) && (error.response?.data.errorCode === 4040010 || error.response?.status === 401)) {
+                try {
+                    const response = await axios.get(`https://api.storekit-sandbox.itunes.apple.com/inApps/v1/history/${originalTransactionId}`, {
+                        headers: {
+                            Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                            "Content-Type": "application/json"
+                        }
+                    });
+                    for (const token of response.data.signedTransactions){
+                        result.push(jwt.decode(token));
+                    }
+                    return result;
+                } catch (e) {
+                    if (isAxiosError(error) && error.response?.status === 400) {
+                        throw new AppleTransactionError("Invalid transaction id.");
+                    }
+                }
+                throw new AppleTransactionError("Transaction was not found in both environments.");
+            }
+            throw error;
+        }
+    }
+    static async getAppleSubscriptionsStatuses(transactionId) {
+        const result = [];
+        try {
+            const response = await axios.get(`https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`, {
+                headers: {
+                    Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                    "Content-Type": "application/json"
+                }
+            });
+            for (const transaction of response.data.data[0].lastTransactions){
+                result.push({
+                    originalTransactionId: transaction.originalTransactionId,
+                    status: transaction.status,
+                    signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),
+                    signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo)
+                });
+            }
+            return result;
+        } catch (error) {
+            if (isAxiosError(error) && error.response?.status === 400) {
+                throw new AppleTransactionError("Invalid transaction id.");
+            }
+            // Try sandbox
+            if (isAxiosError(error) && (error.response?.data.errorCode === 4040010 || error.response?.status === 401)) {
+                try {
+                    const response = await axios.get(`https://api.storekit-sandbox.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`, {
+                        headers: {
+                            Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                            "Content-Type": "application/json"
+                        }
+                    });
+                    for (const transaction of response.data.data[0].lastTransactions){
+                        result.push({
+                            originalTransactionId: transaction.originalTransactionId,
+                            status: transaction.status,
+                            signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),
+                            signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo)
+                        });
+                    }
+                    return result;
+                } catch (e) {
+                    if (isAxiosError(error) && error.response?.status === 400) {
+                        throw new AppleTransactionError("Invalid transaction id.");
+                    }
+                }
+                throw new AppleTransactionError("Transaction was not found in both environments.");
+            }
+            throw error;
+        }
+    }
+    static async isAppleSubscriptionActive(transactionId) {
+        try {
+            const response = await axios.get(`https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`, {
+                headers: {
+                    Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                    "Content-Type": "application/json"
+                }
+            });
+            return response.data.data[0].lastTransactions[0].status === 0 || response.data.data[0].lastTransactions[0].status === 2;
+        } catch (e) {
+            if (axios.isAxiosError(e) && e.response && e.response.data["errorMessage"] === "Invalid transaction id.") {
+                return false;
+            }
+            return false;
+        }
+    }
+    static async getSingleAppleTransactionsInfo(transactionId) {
+        try {
+            const response = await axios.get(`https://api.storekit.itunes.apple.com/inApps/v1/transactions/${transactionId}`, {
+                headers: {
+                    Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                    "Content-Type": "application/json"
+                }
+            });
+            return {
+                signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo)
+            };
+        } catch (error) {
+            if (isAxiosError(error) && error.response?.status === 400) {
+                throw new AppleTransactionError("Invalid transaction id.");
+            }
+            if (isAxiosError(error) && (error.response?.data.errorCode === 4040010 || error.response?.status === 401)) {
+                try {
+                    const response = await axios.get(`https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/${transactionId}`, {
+                        headers: {
+                            Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                            "Content-Type": "application/json"
+                        }
+                    });
+                    return {
+                        signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo)
+                    };
+                } catch (e) {
+                    if (isAxiosError(error) && error.response?.status === 400) {
+                        throw new AppleTransactionError("Invalid transaction id.");
+                    }
+                }
+                throw new AppleTransactionError("Transaction was not found in both environments.");
+            }
+            throw error;
+        }
+    }
+    static async checkIfUserBoughtProgram(transactionId) {
+        try {
+            const productIds = [];
+            const url = process.env.PURCHASE_HISTORY_URL || "https://api.storekit.itunes.apple.com";
+            const response = await axios.get(`${url}/inApps/v2/history/${transactionId}?productType=NON_CONSUMABLE`, {
+                headers: {
+                    Authorization: `Bearer ${await this.generateAppleJWT()}`,
+                    "Content-Type": "application/json"
+                }
+            });
+            for (const transaction of response.data.signedTransactions){
+                productIds.push(jwt.decode(transaction).productId);
+            }
+            return productIds;
+        } catch (e) {
+            logger.error(e.message);
+            return [];
+        }
+    }
+    static getUserFromContext(ctx) {
+        const user = ctx.state.user;
+        if (!user) {
+            ctx.throw(AuthenticationError);
+        }
+        return user;
+    }
+    static async extendAppleSubscription(transactionId, extendByDays) {
+        const response = await axios.put(`https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/extend/${transactionId}`, {
+            extendByDays,
+            extendReasonCode: 1,
+            requestIdentifier: randomUUID()
+        }, {
+            headers: {
+                Authorization: `Bearer ${await this.generateAppleJWT()}`
+            }
+        });
+        return response.data;
+    }
+    static async getAndroidAccessToken() {
+        const { client_email, private_key } = await loadAndroidServiceAccount();
+        const jwtClient = new google.auth.JWT({
+            email: client_email,
+            key: private_key,
+            scopes: [
+                "https://www.googleapis.com/auth/androidpublisher"
+            ]
+        });
+        return await jwtClient.authorize();
+    }
+    static async getAndroidSubscriptionsStatuses(token) {
+        try {
+            const credentials = await this.getAndroidAccessToken();
+            const response = await axios.get(`https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || "nl.browney.nintydayschallenge"}/purchases/subscriptionsv2/tokens/${token}`, {
+                headers: {
+                    Authorization: `Bearer ${credentials.access_token}`
+                }
+            });
+            return response.data;
+        } catch (error) {
+            if (isAxiosError(error) && error.response && error.response.status === 410) {
+                // Subscription expired
+                return {
+                    lineItems: [
+                        {
+                            expiryTime: new Date(Date.now() - 86400000).toISOString()
+                        }
+                    ]
+                };
+            } else {
+                if (isAxiosError(error)) {
+                    logger.error("Android subscription error:", error.message);
+                    return false;
+                }
+            }
+        }
+    }
+    static async isAndroidSubscriptionsActive(token) {
+        try {
+            const credentials = await this.getAndroidAccessToken();
+            const response = await axios.get(`https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || "nl.browney.nintydayschallenge"}/purchases/subscriptionsv2/tokens/${token}`, {
+                headers: {
+                    Authorization: `Bearer ${credentials.access_token}`
+                }
+            });
+            return response.data.subscriptionState === "SUBSCRIPTION_STATE_ACTIVE";
+        } catch (error) {
+            if (isAxiosError(error)) {
+                logger.error("An error occurred:", error.message);
+            }
+            return false;
+        }
+    }
+    static async extendAndroidSubscription(purchaseToken, subscriptionId, extendByDays) {
+        const credentials = await this.getAndroidAccessToken();
+        const packageName = process.env.ANDROID_PACKAGE_NAME || "nl.browney.nintydayschallenge";
+        // First, get the current subscription details to get the current expiry time
+        const currentSubResponse = await axios.get(`https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${packageName}/purchases/subscriptionsv2/tokens/${purchaseToken}`, {
+            headers: {
+                Authorization: `Bearer ${credentials.access_token}`
+            }
+        });
+        const currentExpiryTime = currentSubResponse.data.lineItems?.[0]?.expiryTime;
+        if (!currentExpiryTime) {
+            throw new Error("Unable to get current subscription expiry time");
+        }
+        // Calculate the new expiry time
+        const currentExpiryMs = new Date(currentExpiryTime).getTime();
+        const desiredExpiryMs = currentExpiryMs + extendByDays * 24 * 60 * 60 * 1000;
+        // Use the defer API to extend the subscription
+        const response = await axios.post(`https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${packageName}/purchases/subscriptions/${subscriptionId}/tokens/${purchaseToken}:defer`, {
+            deferralInfo: {
+                expectedExpiryTimeMillis: currentExpiryMs.toString(),
+                desiredExpiryTimeMillis: desiredExpiryMs.toString()
+            }
+        }, {
+            headers: {
+                Authorization: `Bearer ${credentials.access_token}`,
+                "Content-Type": "application/json"
+            }
+        });
+        return response.data;
+    }
+}
+//# sourceMappingURL=AuthenticationUtil.js.map

package/dist/lib/utils/AuthenticationUtil.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/lib/utils/AuthenticationUtil.ts"],"sourcesContent":["import * as dotenv from \"dotenv\";\nimport jwt, {type JwtPayload, type VerifyErrors} from \"jsonwebtoken\";\nimport axios, {type AxiosResponse, isAxiosError} from \"axios\";\nimport {google} from \"googleapis\";\nimport * as bcrypt from \"bcryptjs\";\nimport type {LoginTicket,} from \"google-auth-library\";\nimport {OAuth2Client as OAuth2ClientImpl} from \"google-auth-library\";\nimport jwksClient, {type SigningKey} from \"jwks-rsa\";\nimport type {\n Credentials as CredentialsType,\n SignedTransactions,\n SingleTransactionResponse,\n SubscriptionStatusResponse,\n SubscriptionStatusResponseError,\n SubscriptionStatusResult,\n TransactionsResponse,\n UserTypes,\n VerificationStatus,\n} from '../models/UserInterfaces.js';\nimport {AppleTransactionError} from '../Errors/Errors.js';\nimport {SecretManagerServiceClient} from \"@google-cloud/secret-manager\";\nimport {Log} from \"./Logger.js\";\nimport {randomUUID} from \"node:crypto\";\nimport type {Context} from \"koa\";\nimport {AuthenticationError} from \"../Errors/AppError.js\";\nimport { PersistedUser } from \"lib/dbmodels/user/PersistedUser.js\";\n\ndotenv.config();\n\nconst logger: Log = Log.getInstance().extend(\"authentication-util\");\n\nenum TokenExpiration {\n ACCESS = 60 * 60, // 1 hour in seconds\n REFRESH = 30 * 24 * 60 * 60 // 30 days in seconds\n}\n\nconst appleJwksClient = jwksClient({\n jwksUri: \"https://appleid.apple.com/auth/keys\",\n});\n\nasync function loadAndroidServiceAccount(): Promise<{client_email: string; private_key: string}> {\n const sm = new SecretManagerServiceClient();\n const name = \"projects/1033066542238/secrets/ANDROID_SUB_KEY/versions/latest\";\n const [v] = await sm.accessSecretVersion({ name });\n const raw = v.payload?.data?.toString(\"utf8\") ?? \"\";\n\n // Secret should be the full JSON key. Parse and normalize newlines.\n const json = JSON.parse(raw);\n const client_email = json.client_email as string;\n const private_key = String(json.private_key).replace(/\\\\n/g, \"\\n\");\n return { client_email, private_key };\n}\n\nasync function loadAppleSubscriptionkey(): Promise<string> {\n const client = new SecretManagerServiceClient();\n const name = \"projects/1033066542238/secrets/APPLE_SUB_KEY/versions/latest\";\n const [v] = await client.accessSecretVersion({ name });\n return v.payload?.data?.toString(\"utf8\") ?? \"\";\n}\n\nexport class AuthenticationUtil {\n public static readonly ACCESS_SECRET = process.env.ACCESS_TOKEN_SECRET as string;\n public static readonly REFRESH_SECRET = process.env.REFRESH_TOKEN_SECRET as string;\n\n\n public static async fetchUserWithTokenInfo(token: string): Promise<PersistedUser | null> {\n const userInToken = await AuthenticationUtil.verifyTokenAndFetchUser(token);\n if (!userInToken || !userInToken.userUuid) {\n return null;\n }\n return userInToken;\n }\n\n public static verifyTokenAndFetchUser(token: string): Promise<PersistedUser | null | false> {\n return new Promise<PersistedUser | null | false>((resolve, reject) => {\n jwt.verify(\n token,\n this.ACCESS_SECRET,\n (err: VerifyErrors | null, decoded: JwtPayload | string | undefined) => {\n if (err) {\n reject(err);\n return;\n }\n\n if (decoded === undefined) {\n resolve(null);\n return;\n }\n\n const user: UserTypes = <UserTypes>decoded;\n\n if (!user.userUuid) {\n resolve(false);\n return;\n }\n\n PersistedUser.findByPk(user.userUuid)\n .then((persistedUser: PersistedUser | null) => {\n resolve(persistedUser);\n })\n .catch((e: Error) => {\n reject(e);\n });\n }\n );\n });\n }\n\n /**\n * Sign access token\n */\n public static signAccessToken(user: UserTypes): string {\n return jwt.sign(user, this.ACCESS_SECRET, {\n expiresIn: TokenExpiration.ACCESS,\n });\n }\n\n /**\n * Sign refresh token\n */\n public static signRefreshToken(user: UserTypes): string {\n return jwt.sign(user, this.REFRESH_SECRET);\n }\n\n /**\n * Verify refresh token and return new access token\n */\n public static verifyRefreshToken(refreshToken: string) {\n return new Promise<string | null | false>((resolve, reject) => {\n jwt.verify(\n refreshToken,\n this.REFRESH_SECRET,\n async (\n err: VerifyErrors | null,\n user: JwtPayload | string | undefined\n ) => {\n if (err) {\n reject(err);\n }\n\n if (user === undefined) {\n resolve(null);\n return;\n }\n const userTypes = <UserTypes>user;\n const newAccessToken = this.signAccessToken(userTypes);\n\n resolve(newAccessToken);\n }\n );\n });\n }\n\n // ==================== Password Management ====================\n\n /**\n * Hash password using bcrypt\n */\n public static async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 10);\n }\n\n /**\n * Compare password with hash\n */\n public static async comparePassword(plainPassword: string, hash: string): Promise<boolean> {\n return bcrypt.compare(plainPassword, hash);\n }\n\n public static async checkIfUserAlreadyRegistered(email: string | undefined): Promise<boolean> {\n if (!email) return false;\n const user = await PersistedUser.findOne({ where: { email } });\n return user !== null;\n }\n\n public static async login(email: string, password: string): Promise<PersistedUser | null> {\n const users = await PersistedUser.findAll({ where: { email } });\n\n if (!users || users.length === 0) {\n return null;\n }\n\n for (const user of users) {\n const passwordsMatch = await this.comparePassword(password, user.password);\n if (passwordsMatch) {\n return user;\n }\n }\n\n return null;\n }\n\n public static async verifyGoogleToken(\n idToken: string,\n audience: string\n ): Promise<LoginTicket | null> {\n const client = new OAuth2ClientImpl(audience);\n try {\n return await client.verifyIdToken({ idToken, audience });\n } catch (error) {\n logger.error(\"Google Token Verification Error:\", error);\n return null;\n }\n }\n\n public static getGoogleClientId(platform: string): string | undefined {\n switch (platform) {\n case \"android\":\n return process.env.ANDROID_GOOGLE_CLIENT_ID;\n case \"ios\":\n return process.env.IOS_GOOGLE_CLIENT_ID;\n case \"web\":\n return process.env.WEB_GOOGLE_CLIENT_ID;\n default:\n return undefined;\n }\n }\n\n\n public static async generateAppleJWT(): Promise<string> {\n const privateKey: string = await loadAppleSubscriptionkey()\n\n const header = {\n alg: \"ES256\",\n kid: process.env.APPLE_KID as string,\n typ: \"JWT\",\n };\n\n const payload = {\n iss: process.env.APPLE_ISSUER as string,\n iat: Math.floor(Date.now() / 1000),\n exp: Math.floor(Date.now() / 1000) + 3600,\n aud: \"appstoreconnect-v1\",\n bid: process.env.APPLE_BUNDLE_ID as string,\n };\n\n return jwt.sign(payload, privateKey, { header });\n }\n\n\n public static verifyAppleJwt(userData: string, key: string) {\n try {\n return jwt.verify(userData, key);\n } catch (e) {\n logger.error(e);\n return null;\n }\n }\n\n\n public static async getAppleSignInKey(kid: string): Promise<string | undefined> {\n try {\n const key: SigningKey = await appleJwksClient.getSigningKey(kid);\n return key.getPublicKey();\n } catch (e) {\n logger.error(e);\n return undefined;\n }\n }\n\n\n public static async verifyAppleReceipt(data: string): Promise<VerificationStatus> {\n const response: AxiosResponse = await axios.post(\n \"https://buy.itunes.apple.com/verifyReceipt\",\n {\n \"receipt-data\": data,\n password: process.env.APPLE_SHARED_SECRET as string,\n \"exclude-old-transactions\": true,\n }\n );\n\n return response.data as VerificationStatus;\n }\n\n public static async getAppleTransactions(\n originalTransactionId: string\n ): Promise<SignedTransactions[]> {\n const result: SignedTransactions[] = [];\n\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<TransactionsResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/history/${originalTransactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const token of response.data.signedTransactions) {\n result.push(jwt.decode(token) as SignedTransactions);\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n public static async getAppleSubscriptionsStatuses(\n transactionId: string\n ): Promise<SubscriptionStatusResult[]> {\n const result: SubscriptionStatusResult[] = [];\n\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (error: unknown) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n // Try sandbox\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.data[0].lastTransactions) {\n result.push({\n originalTransactionId: transaction.originalTransactionId,\n status: transaction.status,\n signedTransactionInfo: jwt.decode(transaction.signedTransactionInfo),\n signedRenewalInfo: jwt.decode(transaction.signedRenewalInfo),\n });\n }\n\n return result;\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n public static async isAppleSubscriptionActive(transactionId: string): Promise<boolean> {\n try {\n const response: AxiosResponse<SubscriptionStatusResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return (\n response.data.data[0].lastTransactions[0].status === 0 ||\n response.data.data[0].lastTransactions[0].status === 2\n );\n } catch (e) {\n if (\n axios.isAxiosError(e) &&\n e.response &&\n (e.response.data as SubscriptionStatusResponseError)[\"errorMessage\"] ===\n \"Invalid transaction id.\"\n ) {\n return false;\n }\n return false;\n }\n }\n\n public static async getSingleAppleTransactionsInfo(transactionId: string) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (error) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n\n if (\n isAxiosError(error) &&\n (error.response?.data.errorCode === 4040010 || error.response?.status === 401)\n ) {\n try {\n const response: AxiosResponse<SingleTransactionResponse> = await axios.get(\n `https://api.storekit-sandbox.itunes.apple.com/inApps/v1/transactions/${transactionId}`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return { signedTransactionInfo: jwt.decode(response.data.signedTransactionInfo) };\n } catch (e) {\n if (isAxiosError(error) && error.response?.status === 400) {\n throw new AppleTransactionError(\"Invalid transaction id.\");\n }\n }\n throw new AppleTransactionError(\"Transaction was not found in both environments.\");\n }\n throw error;\n }\n }\n\n\n public static async checkIfUserBoughtProgram(transactionId: string): Promise<string[]> {\n try {\n const productIds: string[] = [];\n const url = process.env.PURCHASE_HISTORY_URL || \"https://api.storekit.itunes.apple.com\";\n const response: AxiosResponse = await axios.get(\n `${url}/inApps/v2/history/${transactionId}?productType=NON_CONSUMABLE`,\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n for (const transaction of response.data.signedTransactions) {\n productIds.push((jwt.decode(transaction) as { productId: string }).productId);\n }\n\n return productIds;\n } catch (e) {\n logger.error((e as Error).message);\n return [];\n }\n }\n\n public static getUserFromContext(ctx: Context): PersistedUser {\n const user = ctx.state.user as PersistedUser;\n if (!user) {\n ctx.throw(AuthenticationError);\n }\n return user;\n }\n\n public static async extendAppleSubscription(\n transactionId: string,\n extendByDays: number\n ): Promise<any> {\n const response: AxiosResponse = await axios.put(\n `https://api.storekit.itunes.apple.com/inApps/v1/subscriptions/extend/${transactionId}`,\n {\n extendByDays,\n extendReasonCode: 1,\n requestIdentifier: randomUUID(),\n },\n {\n headers: {\n Authorization: `Bearer ${await this.generateAppleJWT()}`,\n },\n }\n );\n\n return response.data;\n }\n\n public static async getAndroidAccessToken(): Promise<CredentialsType> {\n const { client_email, private_key } = await loadAndroidServiceAccount();\n\n const jwtClient = new google.auth.JWT({\n email: client_email,\n key: private_key, // unesc\n scopes: [\"https://www.googleapis.com/auth/androidpublisher\"],\n });\n\n return await jwtClient.authorize();\n }\n\n public static async getAndroidSubscriptionsStatuses(token: string) {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return response.data;\n } catch (error) {\n if (isAxiosError(error) && error.response && error.response.status === 410) {\n // Subscription expired\n return {\n lineItems: [\n {\n expiryTime: new Date(Date.now() - 86400000).toISOString(), // Yesterday\n },\n ],\n };\n } else {\n if (isAxiosError(error)) {\n logger.error(\"Android subscription error:\", error.message);\n return false;\n }\n }\n }\n }\n\n public static async isAndroidSubscriptionsActive(token: string): Promise<boolean> {\n try {\n const credentials = await this.getAndroidAccessToken();\n\n const response: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\"}/purchases/subscriptionsv2/tokens/${token}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n return (\n (response.data as { subscriptionState: string }).subscriptionState ===\n \"SUBSCRIPTION_STATE_ACTIVE\"\n );\n } catch (error) {\n if (isAxiosError(error)) {\n logger.error(\"An error occurred:\", error.message);\n }\n return false;\n }\n }\n\n public static async extendAndroidSubscription(\n purchaseToken: string,\n subscriptionId: string,\n extendByDays: number\n ): Promise<any> {\n const credentials = await this.getAndroidAccessToken();\n const packageName = process.env.ANDROID_PACKAGE_NAME || \"nl.browney.nintydayschallenge\";\n\n // First, get the current subscription details to get the current expiry time\n const currentSubResponse: AxiosResponse = await axios.get(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${packageName}/purchases/subscriptionsv2/tokens/${purchaseToken}`,\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n },\n }\n );\n\n const currentExpiryTime = currentSubResponse.data.lineItems?.[0]?.expiryTime;\n if (!currentExpiryTime) {\n throw new Error(\"Unable to get current subscription expiry time\");\n }\n\n // Calculate the new expiry time\n const currentExpiryMs = new Date(currentExpiryTime).getTime();\n const desiredExpiryMs = currentExpiryMs + (extendByDays * 24 * 60 * 60 * 1000);\n\n // Use the defer API to extend the subscription\n const response: AxiosResponse = await axios.post(\n `https://androidpublisher.googleapis.com/androidpublisher/v3/applications/${packageName}/purchases/subscriptions/${subscriptionId}/tokens/${purchaseToken}:defer`,\n {\n deferralInfo: {\n expectedExpiryTimeMillis: currentExpiryMs.toString(),\n desiredExpiryTimeMillis: desiredExpiryMs.toString(),\n },\n },\n {\n headers: {\n Authorization: `Bearer ${credentials.access_token as string}`,\n \"Content-Type\": \"application/json\",\n },\n }\n );\n\n return response.data;\n }\n}\n"],"names":["dotenv","jwt","axios","isAxiosError","google","bcrypt","OAuth2Client","OAuth2ClientImpl","jwksClient","AppleTransactionError","SecretManagerServiceClient","Log","randomUUID","AuthenticationError","PersistedUser","config","logger","getInstance","extend","TokenExpiration","appleJwksClient","jwksUri","loadAndroidServiceAccount","sm","name","v","accessSecretVersion","raw","payload","data","toString","json","JSON","parse","client_email","private_key","String","replace","loadAppleSubscriptionkey","client","AuthenticationUtil","ACCESS_SECRET","process","env","ACCESS_TOKEN_SECRET","REFRESH_SECRET","REFRESH_TOKEN_SECRET","fetchUserWithTokenInfo","token","userInToken","verifyTokenAndFetchUser","userUuid","Promise","resolve","reject","verify","err","decoded","undefined","user","findByPk","then","persistedUser","catch","e","signAccessToken","sign","expiresIn","signRefreshToken","verifyRefreshToken","refreshToken","userTypes","newAccessToken","hashPassword","password","hash","comparePassword","plainPassword","compare","checkIfUserAlreadyRegistered","email","findOne","where","login","users","findAll","length","passwordsMatch","verifyGoogleToken","idToken","audience","verifyIdToken","error","getGoogleClientId","platform","ANDROID_GOOGLE_CLIENT_ID","IOS_GOOGLE_CLIENT_ID","WEB_GOOGLE_CLIENT_ID","generateAppleJWT","privateKey","header","alg","kid","APPLE_KID","typ","iss","APPLE_ISSUER","iat","Math","floor","Date","now","exp","aud","bid","APPLE_BUNDLE_ID","verifyAppleJwt","userData","key","getAppleSignInKey","getSigningKey","getPublicKey","verifyAppleReceipt","response","post","APPLE_SHARED_SECRET","getAppleTransactions","originalTransactionId","result","get","headers","Authorization","signedTransactions","push","decode","status","errorCode","getAppleSubscriptionsStatuses","transactionId","transaction","lastTransactions","signedTransactionInfo","signedRenewalInfo","isAppleSubscriptionActive","getSingleAppleTransactionsInfo","checkIfUserBoughtProgram","productIds","url","PURCHASE_HISTORY_URL","productId","message","getUserFromContext","ctx","state","throw","extendAppleSubscription","extendByDays","put","extendReasonCode","requestIdentifier","getAndroidAccessToken","jwtClient","auth","JWT","scopes","authorize","getAndroidSubscriptionsStatuses","credentials","ANDROID_PACKAGE_NAME","access_token","lineItems","expiryTime","toISOString","isAndroidSubscriptionsActive","subscriptionState","extendAndroidSubscription","purchaseToken","subscriptionId","packageName","currentSubResponse","currentExpiryTime","Error","currentExpiryMs","getTime","desiredExpiryMs","deferralInfo","expectedExpiryTimeMillis","desiredExpiryTimeMillis"],"mappings":"AAAA,YAAYA,YAAY,SAAS;AACjC,OAAOC,SAA+C,eAAe;AACrE,OAAOC,SAA4BC,YAAY,QAAO,QAAQ;AAC9D,SAAQC,MAAM,QAAO,aAAa;AAClC,YAAYC,YAAY,WAAW;AAEnC,SAAQC,gBAAgBC,gBAAgB,QAAO,sBAAsB;AACrE,OAAOC,gBAAmC,WAAW;AAYrD,SAAQC,qBAAqB,QAAO,sBAAsB;AAC1D,SAAQC,0BAA0B,QAAO,+BAA+B;AACxE,SAAQC,GAAG,QAAO,cAAc;AAChC,SAAQC,UAAU,QAAO,cAAc;AAEvC,SAAQC,mBAAmB,QAAO,wBAAwB;AAC1D,SAASC,aAAa,QAAQ,oCAAqC;AAEnEd,OAAOe,MAAM;AAEb,MAAMC,SAAcL,IAAIM,WAAW,GAAGC,MAAM,CAAC;AAE7C,IAAA,AAAKC,yCAAAA;;uEAEyB,qBAAqB;WAF9CA;EAAAA;AAKL,MAAMC,kBAAkBZ,WAAW;IACjCa,SAAS;AACX;AAEA,eAAeC;IACb,MAAMC,KAAK,IAAIb;IACf,MAAMc,OAAO;IACb,MAAM,CAACC,EAAE,GAAG,MAAMF,GAAGG,mBAAmB,CAAC;QAAEF;IAAK;IAChD,MAAMG,MAAMF,EAAEG,OAAO,EAAEC,MAAMC,SAAS,WAAW;IAEjD,oEAAoE;IACpE,MAAMC,OAAOC,KAAKC,KAAK,CAACN;IACxB,MAAMO,eAAeH,KAAKG,YAAY;IACtC,MAAMC,cAAcC,OAAOL,KAAKI,WAAW,EAAEE,OAAO,CAAC,QAAQ;IAC7D,OAAO;QAAEH;QAAcC;IAAY;AACrC;AAEA,eAAeG;IACb,MAAMC,SAAS,IAAI7B;IACnB,MAAMc,OAAO;IACb,MAAM,CAACC,EAAE,GAAG,MAAMc,OAAOb,mBAAmB,CAAC;QAAEF;IAAK;IACpD,OAAOC,EAAEG,OAAO,EAAEC,MAAMC,SAAS,WAAW;AAC9C;AAEA,OAAO,MAAMU;IACX,OAAuBC,gBAAgBC,QAAQC,GAAG,CAACC,mBAAmB,CAAW;IACjF,OAAuBC,iBAAiBH,QAAQC,GAAG,CAACG,oBAAoB,CAAW;IAGnF,aAAoBC,uBAAuBC,KAAa,EAAiC;QACvF,MAAMC,cAAc,MAAMT,mBAAmBU,uBAAuB,CAACF;QACrE,IAAI,CAACC,eAAe,CAACA,YAAYE,QAAQ,EAAE;YACzC,OAAO;QACT;QACA,OAAOF;IACT;IAEA,OAAcC,wBAAwBF,KAAa,EAAyC;QAC1F,OAAO,IAAII,QAAsC,CAACC,SAASC;YACzDrD,IAAIsD,MAAM,CACNP,OACA,IAAI,CAACP,aAAa,EAClB,CAACe,KAA0BC;gBACzB,IAAID,KAAK;oBACPF,OAAOE;oBACP;gBACF;gBAEA,IAAIC,YAAYC,WAAW;oBACzBL,QAAQ;oBACR;gBACF;gBAEA,MAAMM,OAA6BF;gBAEnC,IAAI,CAACE,KAAKR,QAAQ,EAAE;oBAClBE,QAAQ;oBACR;gBACF;gBAEAvC,cAAc8C,QAAQ,CAACD,KAAKR,QAAQ,EAC/BU,IAAI,CAAC,CAACC;oBACLT,QAAQS;gBACV,GACCC,KAAK,CAAC,CAACC;oBACNV,OAAOU;gBACT;YACN;QAEN;IACF;IAEA;;GAEC,GACD,OAAcC,gBAAgBN,IAAe,EAAU;QACrD,OAAO1D,IAAIiE,IAAI,CAACP,MAAM,IAAI,CAAClB,aAAa,EAAE;YACxC0B,SAAS;QACX;IACF;IAEA;;GAEC,GACD,OAAcC,iBAAiBT,IAAe,EAAU;QACtD,OAAO1D,IAAIiE,IAAI,CAACP,MAAM,IAAI,CAACd,cAAc;IAC3C;IAEA;;GAEC,GACD,OAAcwB,mBAAmBC,YAAoB,EAAE;QACrD,OAAO,IAAIlB,QAA+B,CAACC,SAASC;YAClDrD,IAAIsD,MAAM,CACNe,cACA,IAAI,CAACzB,cAAc,EACnB,OACIW,KACAG;gBAEF,IAAIH,KAAK;oBACPF,OAAOE;gBACT;gBAEA,IAAIG,SAASD,WAAW;oBACtBL,QAAQ;oBACR;gBACF;gBACA,MAAMkB,YAAuBZ;gBAC7B,MAAMa,iBAAiB,IAAI,CAACP,eAAe,CAACM;gBAE5ClB,QAAQmB;YACV;QAEN;IACF;IAEA,gEAAgE;IAEhE;;GAEC,GACD,aAAoBC,aAAaC,QAAgB,EAAmB;QAClE,OAAOrE,OAAOsE,IAAI,CAACD,UAAU;IAC/B;IAEA;;GAEC,GACD,aAAoBE,gBAAgBC,aAAqB,EAAEF,IAAY,EAAoB;QACzF,OAAOtE,OAAOyE,OAAO,CAACD,eAAeF;IACvC;IAEA,aAAoBI,6BAA6BC,KAAyB,EAAoB;QAC5F,IAAI,CAACA,OAAO,OAAO;QACnB,MAAMrB,OAAO,MAAM7C,cAAcmE,OAAO,CAAC;YAAEC,OAAO;gBAAEF;YAAM;QAAE;QAC5D,OAAOrB,SAAS;IAClB;IAEA,aAAoBwB,MAAMH,KAAa,EAAEN,QAAgB,EAAiC;QACxF,MAAMU,QAAQ,MAAMtE,cAAcuE,OAAO,CAAC;YAAEH,OAAO;gBAAEF;YAAM;QAAE;QAE7D,IAAI,CAACI,SAASA,MAAME,MAAM,KAAK,GAAG;YAChC,OAAO;QACT;QAEA,KAAK,MAAM3B,QAAQyB,MAAO;YACxB,MAAMG,iBAAiB,MAAM,IAAI,CAACX,eAAe,CAACF,UAAUf,KAAKe,QAAQ;YACzE,IAAIa,gBAAgB;gBAClB,OAAO5B;YACT;QACF;QAEA,OAAO;IACT;IAEA,aAAoB6B,kBAChBC,OAAe,EACfC,QAAgB,EACW;QAC7B,MAAMnD,SAAS,IAAIhC,iBAAiBmF;QACpC,IAAI;YACF,OAAO,MAAMnD,OAAOoD,aAAa,CAAC;gBAAEF;gBAASC;YAAS;QACxD,EAAE,OAAOE,OAAO;YACd5E,OAAO4E,KAAK,CAAC,oCAAoCA;YACjD,OAAO;QACT;IACF;IAEA,OAAcC,kBAAkBC,QAAgB,EAAsB;QACpE,OAAQA;YACN,KAAK;gBACH,OAAOpD,QAAQC,GAAG,CAACoD,wBAAwB;YAC7C,KAAK;gBACH,OAAOrD,QAAQC,GAAG,CAACqD,oBAAoB;YACzC,KAAK;gBACH,OAAOtD,QAAQC,GAAG,CAACsD,oBAAoB;YACzC;gBACE,OAAOvC;QACX;IACF;IAGA,aAAqBwC,mBAAoC;QACvD,MAAMC,aAAqB,MAAM7D;QAEjC,MAAM8D,SAAS;YACbC,KAAK;YACLC,KAAK5D,QAAQC,GAAG,CAAC4D,SAAS;YAC1BC,KAAK;QACP;QAEA,MAAM5E,UAAU;YACd6E,KAAK/D,QAAQC,GAAG,CAAC+D,YAAY;YAC7BC,KAAKC,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK;YAC7BC,KAAKJ,KAAKC,KAAK,CAACC,KAAKC,GAAG,KAAK,QAAQ;YACrCE,KAAK;YACLC,KAAKxE,QAAQC,GAAG,CAACwE,eAAe;QAClC;QAEA,OAAOlH,IAAIiE,IAAI,CAACtC,SAASuE,YAAY;YAAEC;QAAO;IAChD;IAGA,OAAcgB,eAAeC,QAAgB,EAAEC,GAAW,EAAE;QAC1D,IAAI;YACF,OAAOrH,IAAIsD,MAAM,CAAC8D,UAAUC;QAC9B,EAAE,OAAOtD,GAAG;YACVhD,OAAO4E,KAAK,CAAC5B;YACb,OAAO;QACT;IACF;IAGA,aAAoBuD,kBAAkBjB,GAAW,EAA+B;QAC9E,IAAI;YACF,MAAMgB,MAAkB,MAAMlG,gBAAgBoG,aAAa,CAAClB;YAC5D,OAAOgB,IAAIG,YAAY;QACzB,EAAE,OAAOzD,GAAG;YACVhD,OAAO4E,KAAK,CAAC5B;YACb,OAAON;QACT;IACF;IAGA,aAAoBgE,mBAAmB7F,IAAY,EAA+B;QAChF,MAAM8F,WAA0B,MAAMzH,MAAM0H,IAAI,CAC5C,8CACA;YACE,gBAAgB/F;YAChB6C,UAAUhC,QAAQC,GAAG,CAACkF,mBAAmB;YACzC,4BAA4B;QAC9B;QAGJ,OAAOF,SAAS9F,IAAI;IACtB;IAEA,aAAoBiG,qBAChBC,qBAA6B,EACA;QAC/B,MAAMC,SAA+B,EAAE;QAEvC,IAAI;YACF,MAAML,WAAgD,MAAMzH,MAAM+H,GAAG,CACjE,CAAC,wDAAwD,EAAEF,uBAAuB,EAClF;gBACEG,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;oBACxD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMlD,SAAS2E,SAAS9F,IAAI,CAACuG,kBAAkB,CAAE;gBACpDJ,OAAOK,IAAI,CAACpI,IAAIqI,MAAM,CAACtF;YACzB;YAEA,OAAOgF;QACT,EAAE,OAAOpC,OAAO;YACd,IAAIzF,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAI9H,sBAAsB;YAClC;YAEA,IACIN,aAAayF,UACZA,CAAAA,MAAM+B,QAAQ,EAAE9F,KAAK2G,cAAc,WAAW5C,MAAM+B,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAgD,MAAMzH,MAAM+H,GAAG,CACjE,CAAC,gEAAgE,EAAEF,uBAAuB,EAC1F;wBACEG,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;4BACxD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAMlD,SAAS2E,SAAS9F,IAAI,CAACuG,kBAAkB,CAAE;wBACpDJ,OAAOK,IAAI,CAACpI,IAAIqI,MAAM,CAACtF;oBACzB;oBAEA,OAAOgF;gBACT,EAAE,OAAOhE,GAAG;oBACV,IAAI7D,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAI9H,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAMmF;QACR;IACF;IAEA,aAAoB6C,8BAChBC,aAAqB,EACc;QACrC,MAAMV,SAAqC,EAAE;QAE7C,IAAI;YACF,MAAML,WAAsD,MAAMzH,MAAM+H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;oBACxD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMyC,eAAehB,SAAS9F,IAAI,CAACA,IAAI,CAAC,EAAE,CAAC+G,gBAAgB,CAAE;gBAChEZ,OAAOK,IAAI,CAAC;oBACVN,uBAAuBY,YAAYZ,qBAAqB;oBACxDQ,QAAQI,YAAYJ,MAAM;oBAC1BM,uBAAuB5I,IAAIqI,MAAM,CAACK,YAAYE,qBAAqB;oBACnEC,mBAAmB7I,IAAIqI,MAAM,CAACK,YAAYG,iBAAiB;gBAC7D;YACF;YAEA,OAAOd;QACT,EAAE,OAAOpC,OAAgB;YACvB,IAAIzF,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAI9H,sBAAsB;YAClC;YAEA,cAAc;YACd,IACIN,aAAayF,UACZA,CAAAA,MAAM+B,QAAQ,EAAE9F,KAAK2G,cAAc,WAAW5C,MAAM+B,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAsD,MAAMzH,MAAM+H,GAAG,CACvE,CAAC,sEAAsE,EAAES,eAAe,EACxF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;4BACxD,gBAAgB;wBAClB;oBACF;oBAGJ,KAAK,MAAMyC,eAAehB,SAAS9F,IAAI,CAACA,IAAI,CAAC,EAAE,CAAC+G,gBAAgB,CAAE;wBAChEZ,OAAOK,IAAI,CAAC;4BACVN,uBAAuBY,YAAYZ,qBAAqB;4BACxDQ,QAAQI,YAAYJ,MAAM;4BAC1BM,uBAAuB5I,IAAIqI,MAAM,CAACK,YAAYE,qBAAqB;4BACnEC,mBAAmB7I,IAAIqI,MAAM,CAACK,YAAYG,iBAAiB;wBAC7D;oBACF;oBAEA,OAAOd;gBACT,EAAE,OAAOhE,GAAG;oBACV,IAAI7D,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAI9H,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAMmF;QACR;IACF;IAEA,aAAoBmD,0BAA0BL,aAAqB,EAAoB;QACrF,IAAI;YACF,MAAMf,WAAsD,MAAMzH,MAAM+H,GAAG,CACvE,CAAC,8DAA8D,EAAES,eAAe,EAChF;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;oBACxD,gBAAgB;gBAClB;YACF;YAGJ,OACIyB,SAAS9F,IAAI,CAACA,IAAI,CAAC,EAAE,CAAC+G,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK,KACrDZ,SAAS9F,IAAI,CAACA,IAAI,CAAC,EAAE,CAAC+G,gBAAgB,CAAC,EAAE,CAACL,MAAM,KAAK;QAE3D,EAAE,OAAOvE,GAAG;YACV,IACI9D,MAAMC,YAAY,CAAC6D,MACnBA,EAAE2D,QAAQ,IACV,AAAC3D,EAAE2D,QAAQ,CAAC9F,IAAI,AAAoC,CAAC,eAAe,KACpE,2BACF;gBACA,OAAO;YACT;YACA,OAAO;QACT;IACF;IAEA,aAAoBmH,+BAA+BN,aAAqB,EAAE;QACxE,IAAI;YACF,MAAMf,WAAqD,MAAMzH,MAAM+H,GAAG,CACtE,CAAC,6DAA6D,EAAES,eAAe,EAC/E;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;oBACxD,gBAAgB;gBAClB;YACF;YAGJ,OAAO;gBAAE2C,uBAAuB5I,IAAIqI,MAAM,CAACX,SAAS9F,IAAI,CAACgH,qBAAqB;YAAE;QAClF,EAAE,OAAOjD,OAAO;YACd,IAAIzF,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;gBACzD,MAAM,IAAI9H,sBAAsB;YAClC;YAEA,IACIN,aAAayF,UACZA,CAAAA,MAAM+B,QAAQ,EAAE9F,KAAK2G,cAAc,WAAW5C,MAAM+B,QAAQ,EAAEY,WAAW,GAAE,GAC9E;gBACA,IAAI;oBACF,MAAMZ,WAAqD,MAAMzH,MAAM+H,GAAG,CACtE,CAAC,qEAAqE,EAAES,eAAe,EACvF;wBACER,SAAS;4BACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;4BACxD,gBAAgB;wBAClB;oBACF;oBAGJ,OAAO;wBAAE2C,uBAAuB5I,IAAIqI,MAAM,CAACX,SAAS9F,IAAI,CAACgH,qBAAqB;oBAAE;gBAClF,EAAE,OAAO7E,GAAG;oBACV,IAAI7D,aAAayF,UAAUA,MAAM+B,QAAQ,EAAEY,WAAW,KAAK;wBACzD,MAAM,IAAI9H,sBAAsB;oBAClC;gBACF;gBACA,MAAM,IAAIA,sBAAsB;YAClC;YACA,MAAMmF;QACR;IACF;IAGA,aAAoBqD,yBAAyBP,aAAqB,EAAqB;QACrF,IAAI;YACF,MAAMQ,aAAuB,EAAE;YAC/B,MAAMC,MAAMzG,QAAQC,GAAG,CAACyG,oBAAoB,IAAI;YAChD,MAAMzB,WAA0B,MAAMzH,MAAM+H,GAAG,CAC3C,GAAGkB,IAAI,mBAAmB,EAAET,cAAc,2BAA2B,CAAC,EACtE;gBACER,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;oBACxD,gBAAgB;gBAClB;YACF;YAGJ,KAAK,MAAMyC,eAAehB,SAAS9F,IAAI,CAACuG,kBAAkB,CAAE;gBAC1Dc,WAAWb,IAAI,CAAC,AAACpI,IAAIqI,MAAM,CAACK,aAAuCU,SAAS;YAC9E;YAEA,OAAOH;QACT,EAAE,OAAOlF,GAAG;YACVhD,OAAO4E,KAAK,CAAC,AAAC5B,EAAYsF,OAAO;YACjC,OAAO,EAAE;QACX;IACF;IAEA,OAAcC,mBAAmBC,GAAY,EAAiB;QAC5D,MAAM7F,OAAO6F,IAAIC,KAAK,CAAC9F,IAAI;QAC3B,IAAI,CAACA,MAAM;YACT6F,IAAIE,KAAK,CAAC7I;QACZ;QACA,OAAO8C;IACT;IAEA,aAAoBgG,wBAChBjB,aAAqB,EACrBkB,YAAoB,EACR;QACd,MAAMjC,WAA0B,MAAMzH,MAAM2J,GAAG,CAC3C,CAAC,qEAAqE,EAAEnB,eAAe,EACvF;YACEkB;YACAE,kBAAkB;YAClBC,mBAAmBnJ;QACrB,GACA;YACEsH,SAAS;gBACPC,eAAe,CAAC,OAAO,EAAE,MAAM,IAAI,CAACjC,gBAAgB,IAAI;YAC1D;QACF;QAGJ,OAAOyB,SAAS9F,IAAI;IACtB;IAEA,aAAoBmI,wBAAkD;QACpE,MAAM,EAAE9H,YAAY,EAAEC,WAAW,EAAE,GAAG,MAAMb;QAE5C,MAAM2I,YAAY,IAAI7J,OAAO8J,IAAI,CAACC,GAAG,CAAC;YACpCnF,OAAO9C;YACPoF,KAAKnF;YACLiI,QAAQ;gBAAC;aAAmD;QAC9D;QAEA,OAAO,MAAMH,UAAUI,SAAS;IAClC;IAEA,aAAoBC,gCAAgCtH,KAAa,EAAE;QACjE,IAAI;YACF,MAAMuH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMrC,WAA0B,MAAMzH,MAAM+H,GAAG,CAC3C,CAAC,yEAAyE,EAAEvF,QAAQC,GAAG,CAAC6H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAExH,OAAO,EAC3L;gBACEkF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEoC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OAAO9C,SAAS9F,IAAI;QACtB,EAAE,OAAO+D,OAAO;YACd,IAAIzF,aAAayF,UAAUA,MAAM+B,QAAQ,IAAI/B,MAAM+B,QAAQ,CAACY,MAAM,KAAK,KAAK;gBAC1E,uBAAuB;gBACvB,OAAO;oBACLmC,WAAW;wBACT;4BACEC,YAAY,IAAI7D,KAAKA,KAAKC,GAAG,KAAK,UAAU6D,WAAW;wBACzD;qBACD;gBACH;YACF,OAAO;gBACL,IAAIzK,aAAayF,QAAQ;oBACvB5E,OAAO4E,KAAK,CAAC,+BAA+BA,MAAM0D,OAAO;oBACzD,OAAO;gBACT;YACF;QACF;IACF;IAEA,aAAoBuB,6BAA6B7H,KAAa,EAAoB;QAChF,IAAI;YACF,MAAMuH,cAAc,MAAM,IAAI,CAACP,qBAAqB;YAEpD,MAAMrC,WAA0B,MAAMzH,MAAM+H,GAAG,CAC3C,CAAC,yEAAyE,EAAEvF,QAAQC,GAAG,CAAC6H,oBAAoB,IAAI,gCAAgC,kCAAkC,EAAExH,OAAO,EAC3L;gBACEkF,SAAS;oBACPC,eAAe,CAAC,OAAO,EAAEoC,YAAYE,YAAY,EAAY;gBAC/D;YACF;YAGJ,OACI,AAAC9C,SAAS9F,IAAI,CAAmCiJ,iBAAiB,KAClE;QAEN,EAAE,OAAOlF,OAAO;YACd,IAAIzF,aAAayF,QAAQ;gBACvB5E,OAAO4E,KAAK,CAAC,sBAAsBA,MAAM0D,OAAO;YAClD;YACA,OAAO;QACT;IACF;IAEA,aAAoByB,0BAChBC,aAAqB,EACrBC,cAAsB,EACtBrB,YAAoB,EACR;QACd,MAAMW,cAAc,MAAM,IAAI,CAACP,qBAAqB;QACpD,MAAMkB,cAAcxI,QAAQC,GAAG,CAAC6H,oBAAoB,IAAI;QAExD,6EAA6E;QAC7E,MAAMW,qBAAoC,MAAMjL,MAAM+H,GAAG,CACrD,CAAC,yEAAyE,EAAEiD,YAAY,kCAAkC,EAAEF,eAAe,EAC3I;YACE9C,SAAS;gBACPC,eAAe,CAAC,OAAO,EAAEoC,YAAYE,YAAY,EAAY;YAC/D;QACF;QAGJ,MAAMW,oBAAoBD,mBAAmBtJ,IAAI,CAAC6I,SAAS,EAAE,CAAC,EAAE,EAAEC;QAClE,IAAI,CAACS,mBAAmB;YACtB,MAAM,IAAIC,MAAM;QAClB;QAEA,gCAAgC;QAChC,MAAMC,kBAAkB,IAAIxE,KAAKsE,mBAAmBG,OAAO;QAC3D,MAAMC,kBAAkBF,kBAAmB1B,eAAe,KAAK,KAAK,KAAK;QAEzE,+CAA+C;QAC/C,MAAMjC,WAA0B,MAAMzH,MAAM0H,IAAI,CAC5C,CAAC,yEAAyE,EAAEsD,YAAY,yBAAyB,EAAED,eAAe,QAAQ,EAAED,cAAc,MAAM,CAAC,EACjK;YACES,cAAc;gBACZC,0BAA0BJ,gBAAgBxJ,QAAQ;gBAClD6J,yBAAyBH,gBAAgB1J,QAAQ;YACnD;QACF,GACA;YACEoG,SAAS;gBACPC,eAAe,CAAC,OAAO,EAAEoC,YAAYE,YAAY,EAAY;gBAC7D,gBAAgB;YAClB;QACF;QAGJ,OAAO9C,SAAS9F,IAAI;IACtB;AACF"}